Trying a new method of rooting without bootloader unlocking. - Huawei P20 Pro Guides, News, & Discussion

So basically, I require one file from the community : ramdisk_recovery.img. I would like it to be 100% not tempered, original, extracted from the latest .185 rom for C432 region for model CLT-L29. I have discovered a new method of rooting by using the sdcard method, however I have no way of getting the update.app from anywhere else. What I will do is replace the ramdisk_recovery.img within update.app with the patched version (patching the file using magisk manager) and flash it. This MIGHT brick your phone, however I am not certain. I hope I can get this file ASAP, as I might just found a perfect way to get out of Huawei's restrictions.

If you can write up a tutorial on getting that file from a phone (unlocked bootloader but unrooted), I can try to get it for you. (Having said that my device was a China region device which I rebranded to 432 when I received it, in case that makes a difference)

jfbaudio said:
If you can write up a tutorial on getting that file from a phone (unlocked bootloader but unrooted), I can try to get it for you. (Having said that my device was a China region device which I rebranded to 432 when I received it, in case that makes a difference)
Click to expand...
Click to collapse
Afaik you can try adb dump ramdisk_recovery.img or by extracting the img from an update.app file. If you had root, you could try to redownload the update using HWProxy method, cancel the update and go to root/data/update and copy it's contents to a PC. i will keep looking for a method so feel free to try any method

jfbaudio said:
If you can write up a tutorial on getting that file from a phone (unlocked bootloader but unrooted), I can try to get it for you. (Having said that my device was a China region device which I rebranded to 432 when I received it, in case that makes a difference)
Click to expand...
Click to collapse
Hello. Any luck so far?

AnotyClaws said:
Hello. Any luck so far?
Click to expand...
Click to collapse
I don't have root (work phone and remote management prevent that). What's the exact adb command? I get "unknown command" using adb dump ramdisk_recovery.img. The phone does show up for adb devices.

jfbaudio said:
I don't have root (work phone and remote management prevent that). What's the exact adb command? I get "unknown command" using adb dump ramdisk_recovery.img. The phone does show up for adb devices.
Click to expand...
Click to collapse
Hmmm. I will keep you updated. I found a method but the problem is, you need to downgrade to android 9, which I suppose you can't since it's your work phone.

AnotyClaws said:
Hmmm. I will keep you updated. I found a method but the problem is, you need to downgrade to android 9, which I suppose you can't since it's your work phone.
Click to expand...
Click to collapse
ah yes that's right... I can't downgrade. If you're still working on this when I replace this phone for work this fall, I'll revisit this

[Recovery][BKL][EMUI 8.x][Unofficial]TWRP 3.2.1-0 working recovery from View 10
Backup your stock recovery per this post. If you are too lazy, I can upload my backup from .104 build (C432) to Mega. Download twrp_bkl_0.7.img from this post and place it in same directory with your ADB. After successful backup as precaution...
forum.xda-developers.com
This is the easy way to it.

Related

will I lose root on the latest OTA update?

As the title says - the latest OTA update, if I update will I lose root?
Thanks!
From what I understand, for a clean update OTA the firmware needs to be stock unrooted. The bootloader locked or unlocked.
Other people have succeeded in updating OTA with a modified system and able to patch, but it varies and it seems a lot of tweaking was involved after. I am no expert though.
eastdata said:
From what I understand, for a clean update OTA the firmware needs to be stock unrooted. The bootloader locked or unlocked.
Click to expand...
Click to collapse
Till yesterday i thought the same.
Seems like it works also when it is rooted.
[GUIDE] How To Update Rooted Moto G ( US Global GSM)
secretkloud said:
Then I tried again. It went smoothly. And I still have root
Click to expand...
Click to collapse
mokkami said:
Till yesterday i thought the same.
Seems like it works also when it is rooted.
[GUIDE] How To Update Rooted Moto G ( US Global GSM)
Click to expand...
Click to collapse
So if I understand that thread correctly, if a system file is modified, the update will fail? So adding files (su apk and binaries) doesn't create a situation where the update fails? ...This is my dilemma in trying to understand what modified actually means. It's been a while since attempting mods on a device and it was easier on my last one.
Off topic, will unlocking the bootloader allow access to the stock recovery? I can reboot into it, but any command from the menu just gives me a No command screen or reboots the device. I can't remember it being this convoluted on my old phone. Yes, I know that the up key selects and the down is to navigate...
i just flash stock recovery and then updated.
after update i still have root, so i just flash back TWRP
Backup with CWM, factory reset, update, restore data.
@kurt99 and @theoneofgod
What firmware are you running and what model (any mods)?
I imagine that OTA updates are different for each version firmware...
eastdata said:
So if I understand that thread correctly, if a system file is modified, the update will fail? So adding files (su apk and binaries) doesn't create a situation where the update fails? ...This is my dilemma in trying to understand what modified actually means. It's been a while since attempting mods on a device and it was easier on my last one.
Off topic, will unlocking the bootloader allow access to the stock recovery? I can reboot into it, but any command from the menu just gives me a No command screen or reboots the device. I can't remember it being this convoluted on my old phone. Yes, I know that the up key selects and the down is to navigate...
Click to expand...
Click to collapse
While it seems that OTAs are quite sensible to system changes whatever that means, it turned out that root doesn´t break the possibility to update.
You can access stock recovery with or without unlocked bootloader. This "no command screen" is a known thing and can easily be overcome by holding power and volume up buttons for 3 secs while on that screen.
drfr said:
You can access stock recovery with or without unlocked bootloader. This "no command screen" is a known thing and can easily be overcome by holding power and volume up buttons for 3 secs while on that screen.
Click to expand...
Click to collapse
Thanks so much (I've been living in Android 2.1 world). :angel:
Standard UK retail, rooted ran the OTA update with no issues, and remains rooted.
eastdata said:
@kurt99 and @theoneofgod
What firmware are you running and what model (any mods)?
I imagine that OTA updates are different for each version firmware...
Click to expand...
Click to collapse
Also Standard UK retail and remains rooted, also use XPOSED .

Help, need help rooting ZTE Grand x view 2

Hello all,
I got a ZTE Grand X view 2 (K81) tablet from virgin Mobile in Toronto, Canada and I have the sim locked to my imei number. I would like to root this tablet so I can remove unnecessary applications. It is slow as it has <1gb and the internal memory is 8gb. So far the one click root apps I have tried (kingroot, iroot) don't work. What are other options I have for this device?
It is running Android 7.1.1 with the June 1, 2017 security patches
Thanks Karl
binholz said:
Hello all,
I got a ZTE Grand X view 2 (K81) tablet from virgin Mobile in Toronto, Canada and I have the sim locked to my imei number. I would like to root this tablet so I can remove unnecessary applications. It is slow as it has <1gb and the internal memory is 8gb. So far the one click root apps I have tried (kingroot, iroot) don't work. What are other options I have for this device?
It is running Android 7.1.1 with the June 1, 2017 security patches
Thanks Karl
Click to expand...
Click to collapse
One-click root apps won't work. You either go the Magisk patched boot way or Custom recovery + Magisk / SuperSU zip.
What's your phone's chipset?
Hovatek said:
One-click root apps won't work. You either go the Magisk patched boot way or Custom recovery + Magisk / SuperSU zip.
What's your phone's chipset?
Click to expand...
Click to collapse
Honestly I don't really know what the chipset is. From CPU-X, here are some more details:
Cpu: cortex-a7 snapdragon 210, 1.1ghz x 4
Board: Helen
Hardware: qcom
Model: K81
Brand/manufacturer: zte
Bootloader: unknown
binholz said:
Honestly I don't really know what the chipset is. From CPU-X, here are some more details:
Cpu: cortex-a7 snapdragon 210, 1.1ghz x 4
Board: Helen
Hardware: qcom
Model: K81
Brand/manufacturer: zte
Bootloader: unknown
Click to expand...
Click to collapse
Its Qualcomm. To root, you'll need either stock boot.img or recovery.img. Do you have the firmware for your model?
Hovatek said:
Its Qualcomm. To root, you'll need either stock boot.img or recovery.img. Do you have the firmware for your model?
Click to expand...
Click to collapse
I don't have that yet, I will need to search for that. My SD card is currently set as an internal, not portable, is that a problem? Is there a way to copy the current boot.img or recovery.img from a running system? I have installed magisk manager, I just need to get a hold of the boot or recovery files
binholz said:
I don't have that yet, I will need to search for that. My SD card is currently set as an internal, not portable, is that a problem? Is there a way to copy the current boot.img or recovery.img from a running system? I have installed magisk manager, I just need to get a hold of the boot or recovery files
Click to expand...
Click to collapse
Have you had any luck finding firmware for this device.... i need to frp bypass mine as i bought it online and am left in a predicament now... The keyboard doesn't allow to access any settings so getting through the FRP part is an issue... no way to downgrade the firmware either because it is running 7.1 . I also can't find custom recoveries anywhere i look online.... if you have some insight or a solution please let me know.
thanks
wallyradburn said:
Have you had any luck finding firmware for this device.... i need to frp bypass mine as i bought it online and am left in a predicament now... The keyboard doesn't allow to access any settings so getting through the FRP part is an issue... no way to downgrade the firmware either because it is running 7.1 . I also can't find custom recoveries anywhere i look online.... if you have some insight or a solution please let me know.
thanks
Click to expand...
Click to collapse
Not yet, I switched my SD card back to portable and tried to look around the system using adb shell without any luck. The system is locked down tight and I don't have permission to view most directories. I also contacted ZTE for the recovery img, they thought I was talking about backing up photos
I have same tablet from virgin mobile Canada. I have solid explorer, and it allows me to have root file access out of the box. I deleted bloat apks, was gtg. Not sure if it's normal behavior. I was shocked to see root file system out of the box. P.S any developers that a full system dump would help, I can probably do. After more poking around, I don't have full root access, but I do have read/write to system folder with build.prop etc
jonjadot said:
I have same tablet from virgin mobile Canada. I have solid explorer, and it allows me to have root file access out of the box. I deleted bloat apks, was gtg. Not sure if it's normal behavior. I was shocked to see root file system out of the box. P.S any developers that a full system dump would help, I can probably do. After more poking around, I don't have full root access, but I do have read/write to system folder with build.prop etc
Click to expand...
Click to collapse
I just downloaded and installed solid explorer and the classic versions. Not luck viewing the / file system. If you can get the boot file and post a link to it that would be helpful for the magisk rooting method.
-I was able to use a google account manager app and downloaded/installed qucik_shortcut_2.4.0 this allows you access the launcher and partially use this device... I was able to set the username of the device but to no avail i am unable to use that combo to strip out the previous user's information. there's a method online to show you how to use the talkback settings to get to this point and i used my knowledge of frp bypassing samsung devices to get a little further. the developer options setting is still locked because it doesn't recognize me as the primary user. Its very frustrating. I'm able to sign into chrome with my credentials and access gmail through the browser but as far as getting my account onto this device its been days of trying and my girlfriend is just disgusted with my persistence. I don't know if or when an oreo update will be made available that this will help solve the problem, but i can't believe zte doesn't have the stock firmware anywhere online.
any of you fellow nerds out there that can help please do... I use an S3 for my daily use because well, they're so amazing to customize but the battery is crap because its so old. One thing i have found is with this zte you can at least play the "catch the cat" easter egg game, which is a complete waste of time but fun at the same time.
I'm not sure if this will help but i might as well. I'm also stuck with a zteK81 i'd REALLY love to root. I never had to go really deep into android stuff so tbh ... i've read alot ... but beside knowing i can't root it yet after a couple diff. method... im a bit confuse in all that. Up here i read ppls about looking for the Firmwire and someone else searching for the root. I have pull some pretty deep layer files in mine that may .. may not help you guys. I can't read that correctly. Here's 3 images and i have a little 7z with the actual files and 3-4 more if someone request it. Thanks.
hxxps://i.imgur.com/NVNpLpfh.png ---- Treeview
hxxps://imgur.com/8GLP2xJ ----- surfacelay.XML
hxxps://imgur.com/kcnDAY9 ----- surfacelay. XML
hxxps://imgur.com/oqIaDeR ----- lib. of a dna_file??
EDIT: Firmwire file --> hxxp://download.ztedevices.com/device/global/support/opensource/mobilephones/open_source_notice.html#id45
i found a download for this device's kernel source
hxxp://download.ztedevices.com/device/global/support/opensource/2/20170823_01/P890R81_USCCV1.0.0B08_kernel.tar.gz
im working on getting a stock system image of this tablet from ZTE. im not sure exactly whats needed to get an official twrp and rom going for this tablet but ill help in any way i can
Stock Rom
Online Gravy said:
im working on getting a stock system image of this tablet from ZTE. im not sure exactly whats needed to get an official twrp and rom going for this tablet but ill help in any way i can
Click to expand...
Click to collapse
I have a copy of the stock ROM. Who knows how to use it to develop a custom recovery for the K81?
Continued Interest
Is there any interest in rooting the ZTE K81?
Currently, I have a copy of the stock ROM and am trying to modify update.zip using Magisk to mod the boot.img file. I heed help with the signing of the modified update.zip package.
Any Suggestions?
There's no way of flashing an unsigned rom?
Sent from my Nexus 6P using Tapatalk
binholz said:
There's no way of flashing an unsigned rom?
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
Sadly, no.
Difficulties
To date I have found no way to even perform the OEM Unlock on this device and none of the available rooting schemas are of any use.
If I cannot determine how the sing the modified update.zip file, I am out of ideas.
I have a copy of the ZTE stock rom for the K81 and, if there is a more experienced person willing to take a shot at this, I will happily make the rom available to them.
ritzar12 said:
To date I have found no way to even perform the OEM Unlock on this device and none of the available rooting schemas are of any use.
If I cannot determine how the sing the modified update.zip file, I am out of ideas.
I have a copy of the ZTE stock rom for the K81 and, if there is a more experienced person willing to take a shot at this, I will happily make the rom available to them.
Click to expand...
Click to collapse
Hello, so it is common that ZTE's don't have any form of fastboot. So your only way is to flash via QPST with a firehose. But today is your lucky day. I was able to extract the k81's firehose from the Rogers ZTE firmware flashing tool. I have also downloaded the full QPST firmware fire and included the firehose with it. As well as a separate download in case someone already has it. I will also be ordering the device shortly. If you have newer firmware, or one designed for a variant other the rogers would be great if you can share it.
Rogers B05 Firmware
https://www.androidfilehost.com/?fid=1395089523397891291
Separate Firehose download
https://www.androidfilehost.com/?fid=1395089523397891292
Rogers ZTE FIrmware flashing tool (Not really useful just linking because its how I got the firehose)
https://www.androidfilehost.com/?fid=1395089523397891290
ZTE Kernel source mirror (We are codenamed Helen)
https://www.androidfilehost.com/?fid=1395089523397891289
Frustration intensifies...
deadman96385 said:
Hello, so it is common that ZTE's don't have any form of fastboot. So your only way is to flash via QPST with a firehose. But today is your lucky day. I was able to extract the k81's firehose from the Rogers ZTE firmware flashing tool. I have also downloaded the full QPST firmware fire and included the firehose with it. As well as a separate download in case someone already has it. I will also be ordering the device shortly. If you have newer firmware, or one designed for a variant other the rogers would be great if you can share it.
Rogers B05 Firmware
https://www.androidfilehost.com/?fid=1395089523397891291
Separate Firehose download
https://www.androidfilehost.com/?fid=1395089523397891292
Rogers ZTE FIrmware flashing tool (Not really useful just linking because its how I got the firehose)
https://www.androidfilehost.com/?fid=1395089523397891290
ZTE Kernel source mirror (We are codenamed Helen)
https://www.androidfilehost.com/?fid=1395089523397891289
Click to expand...
Click to collapse
Where do you get or how do you create the rawprogram0.xml file. Presumably the directory structure information is available somewhere in the kernel or the ROM but, methods to extract the information into an XML evade me.

For Devs: A new possible way to root the T-Mobile variant???!!!!!

https://threatpost.com/another-linux...access/137800/
Would be awesome if that works
I played around a little and this happened...
https://photos.app.goo.gl/TiEXrdKmWydRM8RZ9
S8ntsHaz3 said:
I played around a little and this happened...
https://photos.app.goo.gl/TiEXrdKmWydRM8RZ9
Click to expand...
Click to collapse
Unlock critical is allowed and already known thing but this is for flashing bootloader and stuff. It doesn't help us at all for now.
There are already many rooted tmobile g7 sold in China.
I found a possible root it looks like it will work with any lg g710 Oreo. Is this not the case?
https://www.androidinfotech.com/2018/06/root-lg-g7-thinq-lmg710-oreo.html
curster said:
I found a possible root it looks like it will work with any lg g710 Oreo. Is this not the case?
https://www.androidinfotech.com/2018/06/root-lg-g7-thinq-lmg710-oreo.html
Click to expand...
Click to collapse
anyone tried it yet?
kasuma_asuma said:
anyone tried it yet?
Click to expand...
Click to collapse
So it's a fake post for one (actually not exactly fake I would say more clickbait then anything) two I believe the T-Mobile version is the G710TM, three we have a gimped fastboot as in it doesn't work at all. And four I think our only option is something to do with LAF
---------- Post added at 11:22 AM ---------- Previous post was at 11:21 AM ----------
curster said:
I found a possible root it looks like it will work with any lg g710 Oreo. Is this not the case?
https://www.androidinfotech.com/2018/06/root-lg-g7-thinq-lmg710-oreo.html
Click to expand...
Click to collapse
No it's not the case see my previous answer
We should be able to get around this gimped fastboot by incorperating that boot.img from the EM varient into an "update" once the phone is cross flashed. To 710EM it will have "adb update" command (it will also think the update is for itself since the firmware matches what were flashing we can put this into a flashable.zip (im like 75% sure this is how its done). Then use the command "adb update boot /path to patch boot/" alternatively could we incorperate our patched boot.img into a kdz and flash it with a patched LGup? Once the phone is rooted with magisk we could use the twrp app to flash twrp and fastboot commands wont be extremely relevant
The problem is, how to remove or get around the correct oem unlock allowed verification system. Unpacking a .img and editing is not a problem, i am just not exactly sure what to edit.
alecthenice said:
We should be able to get around this gimped fastboot by incorperating that boot.img from the EM varient into an "update" once the phone is cross flashed. To 710EM it will have "adb update" command (it will also think the update is for itself since the firmware matches what were flashing we can put this into a flashable.zip (im like 75% sure this is how its done). Then use the command "adb update boot /path to patch boot/" alternatively could we incorperate our patched boot.img into a kdz and flash it with a patched LGup? Once the phone is rooted with magisk we could use the twrp app to flash twrp and fastboot commands wont be extremely relevant
The problem is, how to remove or get around the correct oem unlock allowed verification system. Unpacking a .img and editing is not a problem, i am just not exactly sure what to edit.
Click to expand...
Click to collapse
I'm will definitely get root on every other device but there's two things that stop us.
1) it's impossible to extract anything from a kdz and a .up file (LGs way of updating)
2) dm-verify (but it's possible to get around)
LameMonster82 said:
I'm will definitely get root on every other device but there's two things that stop us.
1) it's impossible to extract anything from a kdz and a .up file (LGs way of updating)
2) dm-verify (but it's possible to get around)
Click to expand...
Click to collapse
So for dm-verify I know how to manually get around that and the patch thats floating around via flashable.zip. What do we need to extract from the .up or .kdz? Im pretty sure there is a full kdz dump for the 710EM in a thread I read through just last night? I really believe the only obstacle we have is making the bootloader unlock through a command line independent of the official unlock code. This should be able to be acheived by editing that in a way to where it doesnt check much like dm-verity. Then you can flash your (patched by deletion) boot.img run fastboot oem unlock ( btw did you know that "fastboot oem flashing unlock critical works) **could run that then flash an unlock.bin, then fastboot oem unlock unlock.bin** I am working with a 710pm varient. And am speaking from experience rooting the v30 ls version currently using G7 as daily driver
This leaves me thinking that we have lots of wiggle room here (also leaves me thinking how weird LG is for having a lot of variation within G7)
LameMonster82 said:
I'm will definitely get root on every other device but there's two things that stop us.
1) it's impossible to extract anything from a kdz and a .up file (LGs way of updating)
2) dm-verify (but it's possible to get around)
Click to expand...
Click to collapse
I use LG Firmware Extract to get the DLL's out, the problem is theres no firmware yet for the LG G7 Sprint version:
View attachment 4667707
GROOVYJOSHCLARK said:
I use LG Firmware Extract to get the DLL's out, the problem is theres no firmware yet for the LG G7 Sprint version:
Click to expand...
Click to collapse
Amazingly this week I was able to extract everything from any kdz file. The problem is that repacking requires certificate and we don't have it.
LameMonster82 said:
Amazingly this week I was able to extract everything from any kdz file. The problem is that repacking requires certificate and we don't have it.
Click to expand...
Click to collapse
Yes but we will figure it out eventually. I'm on Sprint myself and actively trying to figure out the LG cross flashing issue.
GROOVYJOSHCLARK said:
Yes but we will figure it out eventually. I'm on Sprint myself and actively trying to figure out the LG cross flashing issue.
Click to expand...
Click to collapse
So, do you want to cross flash or just the Sprint firmware
LameMonster82 said:
So, do you want to cross flash or just the Sprint firmware
Click to expand...
Click to collapse
There is no cross flashing on the G7 (or V35 or V40) unless you want a brick. LG got smart after the V30 WTF exploit and now uses a different RSA cert for every model.
Don't take my word for it, please feel free to try -- make sure you have insurance
-- Brian
runningnak3d said:
There is no cross flashing on the G7 (or V35 or V40) unless you want a brick. LG got smart after the V30 WTF exploit and now uses a different RSA cert for every model.
Don't take my word for it, please feel free to try -- make sure you have insurance
-- Brian
Click to expand...
Click to collapse
Yes but we will figure it out eventually so we can flash the EM firmware and unlock the bootloader then root and install TWRP then AOSP. I am waiting on my octoplus box to arrive then I'll be testing cross flashing for others to sort out what's needed.
GROOVYJOSHCLARK said:
Yes but we will figure it out eventually so we can flash the EM firmware and unlock the bootloader then root and install TWRP then AOSP. I am waiting on my octoplus box to arrive then I'll be testing cross flashing for others to sort out what's needed.
Click to expand...
Click to collapse
Awesome! But octoplus will not allow you to cross flashing, right?
any news on this ? would love to change my T-mobile software. and get the fingerprint to work for that matter

Need default.prop file for SM-A205.

I am currently working on a root method for the SM-A205U and desperately need the stock default.prop file. If anyone wants to provide one it would greatly be appreciated.
A205U boost mobile
ATGkompressor said:
I am currently working on a root method for the SM-A205U and desperately need the stock default.prop file. If anyone wants to provide one it would greatly be appreciated.
Click to expand...
Click to collapse
What build do you need ?
Ok did you find the file you were looking for ?
ATGkompressor said:
I am currently working on a root method for the SM-A205U and desperately need the stock default.prop file. If anyone wants to provide one it would greatly be appreciated.
Click to expand...
Click to collapse
This sounds interesting
physwizz said:
This sounds interesting
Click to expand...
Click to collapse
So, using Linux, Superr's kitchen to unpack (free as well) and Frija for latest firmware.... in under an hour you can have what you need. Am i missing something?
mindlery said:
So, using Linux, Superr's kitchen to unpack (free as well) and Frija for latest firmware.... in under an hour you can have what you need. Am i missing something?
Click to expand...
Click to collapse
@ATGkompressor
A205U Boost mobile
physwizz said:
@ATGkompressor
Click to expand...
Click to collapse
I also have the file he is looking for but I don't think that's going to help . Until someone cracks the Bootloader I think this phone will remain unrootable till that is achieved .
Do you need the prop file still??
A205U Boost mobile
Ok guess you have the file you were looking for already . Are you making any progress on a root solution for the A205U or is it a lost cause ?
mindlery said:
So, using Linux, Superr's kitchen to unpack (free as well) and Frija for latest firmware.... in under an hour you can have what you need. Am i missing something?
Click to expand...
Click to collapse
Being that im restricted on time and what not... You (or anyone) with those tools could possibly unpack the system image and set ro.oem_unlock_supported=1 in default.prop, repack and flash through Odin. It would have to be flashed as a .tar because i have yet to figure out the level of lz4 compression they are using on the stock firmware. If we could meet those criteria we could theoretically get the bootloader unlocked.
One more thing, if not careful vbmeta will check against the trustzone for the keys they signed the firmware with. I have the offset address that the key resides at within the AP file. Each carrier has their own 8 digit key, so long as they match vbmeta in both AP & BL. But watch out for the fota.zip because its encrypted and any changes within are prohibited without the password to decrypt.
If someone is willing to work with me... I think we can unlock this bootloader!
Ok i'll grab it for you. I don't have the same device so i'll leave the edits to you. Gimme a few...
Probably went a bit overboard here. I got 5 of them plus recovery, boot and vbmeta. If you need more let me know.
https://drive.google.com/file/d/1MvMDowrrgK2tbBobTigHB5H4odJPOzaa/view?usp=sharing
As i stated in the metro thread uou will need to find combination firmware and run some tests with it to see if it has oem unlock or high lvl debugging to be able to bypass the bootloader lock and apply root
I also states if slmeone can find me bootloader 5 android 10 combination firmware i would see what i could do to get bootloader unlock and root
allenjthomsen said:
As i stated in the metro thread uou will need to find combination firmware and run some tests with it to see if it has oem unlock or high lvl debugging to be able to bypass the bootloader lock and apply root
I also states if slmeone can find me bootloader 5 android 10 combination firmware i would see what i could do to get bootloader unlock and root
Click to expand...
Click to collapse
I found A205u bootloader 5 android 10 https://drive.google.com/drive/folders/1dSmtNSIKSZDHvMgjrUSfCHdXN16aMKiQ?usp=sharingare.
Here's what this is gonna take to get to a point to unlock:
Going into all the firmware files AP, CP, etc. And using a hex editor to modify the signature key from a carrier that has oem unlock support set to true. As long as the key in each image flashed matches the previous one, a flash error won't occur. The trick is that FOTA has this same security measure but it's encrypted and I'm not certain that by changing that key, ecryption gets broken...? Idk
Even just replacing the system image from a oem supported carrier with a key change should work. But the full job would get done by modifying all the binaries.
I do have the offset address of the signature keys but it's an older firmware package. I will begin working on it if i have support from at least one other person to independently confirm.
Also: QPST is a viable option but don't hold me to that one.
ATGkompressor said:
Here's what this is gonna take to get to a point to unlock:
Going into all the firmware files AP, CP, etc. And using a hex editor to modify the signature key from a carrier that has oem unlock support set to true. As long as the key in each image flashed matches the previous one, a flash error won't occur. The trick is that FOTA has this same security measure but it's encrypted and I'm not certain that by changing that key, ecryption gets broken...? Idk
Even just replacing the system image from a oem supported carrier with a key change should work. But the full job would get done by modifying all the binaries.
I do have the offset address of the signature keys but it's an older firmware package. I will begin working on it if i have support from at least one other person to independently confirm.
Also: QPST is a viable option but don't hold me to that one.
Click to expand...
Click to collapse
Sounds like fun
ATGkompressor said:
I will begin working on it if i have support from at least one other person to independently confirm.
? I would appreciate the opportunity to help anyway I can. I have the 205u metro and windows 7 desktop. I'm not a pro but I'm not a noob either. Let's make this phone useable.
Click to expand...
Click to collapse
ddougg said:
ATGkompressor said:
I will begin working on it if i have support from at least one other person to independently confirm.
? I would appreciate the opportunity to help anyway I can. I have the 205u metro and windows 7 desktop. I'm not a pro but I'm not a noob either. Let's make this phone useable.
Click to expand...
Click to collapse
Cool, if u have a link to the latest firmware we can start there.
Click to expand...
Click to collapse
peter couniaz said:
What build do you need ?
Ok did you find the file you were looking for ?
Click to expand...
Click to collapse
Try this
https://forum.xda-developers.com/galaxy-a20/how-to/a205-bootloader-unlock-twrp-root-t4189197
a205 bootloader offset Boost variant only!- FCE2C4
there yall go....this address will lead you to what i theorize can be done to root this device.this makes it possible to use another firmware package possibly by changing what is at that address.

HELP ROOT MOTO ONE 5g ACE (XT2113-2) Android 10 from T-Mobile

Hello: I'm using the guide clintongsan made to root a usa moto one 5g ace android 10 purchased in april 2022 from a T-mobile store here in the south on the east side of the mississippi river.
My build number is QZKS30.Q4-40-95-9 The last build number on this link
( https://mirrors.lolinet.com/firmware/moto/kiev/official/TMO/ ) is QZKS30.Q4-40-95-6 with a
date of 02/11/2022. Will that work for me since I have 95-9 and that one is 95-6 There is a grayed out statement that there are 68 more subfolders but I don't know how to access it to see if my build is there. Also on the Motorola website for unlocking the bootloader, Get your device ID, there are examples for compacting the lines of code into a long string. The examples are for Windows and Mac. I'm using a Linux laptop and no example exists. The Moto site gives a link to download SDK tools. Is there a site where I can download the minimum tools required? Probably more questions to follow for sure. Thank you
vansteering said:
Hello: I'm using the guide clintongsan made to root a usa moto one 5g ace android 10 purchased in april 2022 from a T-mobile store here in the south on the east side of the mississippi river.
My build number is QZKS30.Q4-40-95-9 The last build number on this link
( https://mirrors.lolinet.com/firmware/moto/kiev/official/TMO/ ) is QZKS30.Q4-40-95-6 with a
date of 02/11/2022. Will that work for me since I have 95-9 and that one is 95-6 There is a grayed out statement that there are 68 more subfolders but I don't know how to access it to see if my build is there. Also on the Motorola website for unlocking the bootloader, Get your device ID, there are examples for compacting the lines of code into a long string. The examples are for Windows and Mac. I'm using a Linux laptop and no example exists. The Moto site gives a link to download SDK tools. Is there a site where I can download the minimum tools required? Probably more questions to follow for sure. Thank you
Click to expand...
Click to collapse
Honestly I've been trying to figure out the best way to go about this as well. My fiance is interested in having her phone rooted. I'm just trying to figure a well to where i can just access the boot image off the phone somehow so i can patch it using magisk. well obviously backing up the original image first, but i've heard twrp doesn't work and i tried using QFIL to see if i can access it but i don't think it has EDL. If you figured out a way to do it without flashing a older update to the phone. Please let me know. I'll do the same after I look into it a bit more. I feel like i'm just over complicating somehow lol I have a tendency of doing that.
vansteering said:
Hello: I'm using the guide clintongsan made to root a usa moto one 5g ace android 10 purchased in april 2022 from a T-mobile store here in the south on the east side of the mississippi river.
My build number is QZKS30.Q4-40-95-9 The last build number on this link
( https://mirrors.lolinet.com/firmware/moto/kiev/official/TMO/ ) is QZKS30.Q4-40-95-6 with a
date of 02/11/2022. Will that work for me since I have 95-9 and that one is 95-6 There is a grayed out statement that there are 68 more subfolders but I don't know how to access it to see if my build is there. Also on the Motorola website for unlocking the bootloader, Get your device ID, there are examples for compacting the lines of code into a long string. The examples are for Windows and Mac. I'm using a Linux laptop and no example exists. The Moto site gives a link to download SDK tools. Is there a site where I can download the minimum tools required? Probably more questions to follow for sure. Thank you
Click to expand...
Click to collapse
Just tried this and had no issues at all, Hope this helps
[RECOVERY][UNOFFICIAL] TWRP 3.5.2_10 for Moto G 5G (kiev)
DISCLAIMER: I'm not responsible if you brick or damage your phone in any way by using this recovery. It is always advisable to fully backup your phone before playing around with recoveries, custom roms and similar stuff. What has been tested and...
forum.xda-developers.com
InvisibleAOD said:
Just tried this and had no issues at all, Hope this helps
Click to expand...
Click to collapse
On Build number 95-9? Or a previous version? I'm asking because I couldn't even get the bootloader unlocked on a 95-9 phone (unlock "failed" after getting the code from Moto). I'm still trying to get an answer as to whether if the newest OTA is a problem.
vansteering said:
. . . I'm using a Linux laptop and no example exists. The Moto site gives a link to download SDK tools. Is there a site where I can download the minimum tools required? Probably more questions to follow for sure. Thank you
Click to expand...
Click to collapse
Is this what you're asking for?
How to install ADB on Windows, macOS, and Linux
A step-by-step guide to get you started with the Android Debug Bridge tool.
www.xda-developers.com
As for 40-95-9 firmware, a sure way to get that firmware is Moto/Lenovo's "Rescue and Smart Assistant", aka "LMSA" (search, should be easy to find). Use the Rescue option and stop (EDIT/ADD: let the download finish), go to the folder where it was downloaded (make sure to get the download link shown in the utility) and find the firmware in the ".../ROMfiles" subfolder I think it is. That's the full firmware including boot.img. I used that subfolder to reflash the entire 95-9 firmware. EDIT/ADD: But this assumes Rescue and Smart Assistant on Windows, NOT Linux. I don't know if there is a Linux version for that, sorry. {--Or do you have a Windows emulator in your Linux that might solve this particular issue?--)
I DO NOT KNOW -- yet -- if 95-9 is rootable or even unlockable. Unlock failed for me on a 95-9 phone . . . although I did get an Unlock Code from Moto (on a Windows PC).
So this is a question back at you: HAVE YOU MANAGED TO UNLOCK THE BOOTLOADER on your 95-9 phone?
Moondroid said:
On Build number 95-9? Or a previous version? I'm asking because I couldn't even get the bootloader unlocked on a 95-9 phone (unlock "failed" after getting the code from Moto). I'm still trying to get an answer as to whether if the newest OTA is a problem.
Click to expand...
Click to collapse
Yeah it was on 95-9, just make sure to read through the thread cause I kind of messed up in the process but once you flash twrp and boot into it, flash the kiev file and magisk. I had to keep reading. I flashed to both partition a and b.
InvisibleAOD said:
Yeah it was on 95-9, just make sure to read through the thread cause I kind of messed up in the process . . .
Click to expand...
Click to collapse
I should've been more specific with my question, sorry. . . . Did you actually unlock your bootloader on 95-9, or was it unlocked prior to that OTA and then you ran the root process on 95-9?
@vansteering , I don't mean to hijack your thread.
Moondroid said:
I should've been more specific with my question, sorry. . . . Did you actually unlock your bootloader on 95-9, or was it unlocked prior to that OTA and then you ran the root process on 95-9?
@vansteering , I don't mean to hijack your thread.
Click to expand...
Click to collapse
Unlocked on 95-9
been away for awhile. Thanx Moondroid, and Invisible AOD, & everyone for all the info. I'll try a few things this weekend.
InvisibleAOD said:
Unlocked on 95-9
Click to expand...
Click to collapse
Moondroid said:
I should've been more specific with my question, sorry. . . . Did you actually unlock your bootloader on 95-9, or was it unlocked prior to that OTA and then you ran the root process on 95-9?
@vansteering , I don't mean to hijack your thread.
Click to expand...
Click to collapse
no hijacking here, just much needed info. More is better.

Categories

Resources