Root LG K41S + SafetynetAPI pass - General Topics

​Disclaimer​​
These kind of modifications are not for the faint of heart!!! Flash/modify at your own risk!!! I will not be responsible for bricked phones, Dead batteries, world war 3, yada yada yada..... you Know the Rest. ​
Click to expand...
Click to collapse
​Introduction​​
After finding this amazing device (LKM-EMW) for a very cheap price (90 euros new), I made the fatal mistake of updating through OTA to the Latest Android 10 version 00f.
So where is the Problem?? The latest .DZ from the KDZ firmware wasn't extractable through any tool or script I could find anywhere online, Only the Android 9 ROM was working, but Downgrading through LGUP or LG Flash tool was very risky!!!! (due to ARB protection).
Since this phone's Fastboot mode was replaced with LG's own DOWNLOAD mode, using Fastboot commands to flash the Magisk's patched boot image was impossible. QFIL was also not a possibility, Considering it ships with a MTK chipset, and using SP flash tool will require This phone's particular Scatter file and a signed DA from LG to work, leaving me with no other choices for obtaining Root access.
That is, until I found the following tool: mtkclient by bkerler.
Prerequisites​
backup of your DATA. (during and after unlocking the Bootloader, your data partition must be wiped!!!!)​
Preferably a Windows PC (you will need LGUP in case something goes wrong anyways).​
MTK ALL-in-one 1.0.8 drivers and LG's drivers installed.​
mtkclient installed and running (don't ask me how-to, the Github page is pretty self explanatory).​
This Magisk Alpha Build patched for MTK downloaded for installation.
Since this device uses an A/B partitioning system, you need to know which slot is the active one. Using this App, under the System tab, you can find out which one is active. Mine was _b slot.​
and above all.... Patience.​
Unlocking the Bootloader​
(please note, using python [command] didn't work for me for some reason. However, using py [command] worked for me. Use what works!)​
Turn on OEM Unlocking and USB Debugging in Developers Options.
Turn off your phone and remove sim/sdcard.
launch cmd inside the mtkclient folder or cd into it.
backup your Preloader by using: py mtk dumppreloader --filename=preloader.bin.
connect your phone turned off while holding the Volume Down + the Assistant buttons to boot into BROM mode. The Preloader backup will run automatically.
After it's complete, disconnect your device's cable. You will need to do this after every step.
Run the command: py mtk e metadata,userdata and connect while holding the button combo. Wait for it to complete.
Disconnect again, then run: py mtk xflash seccfg unlock and reconnect.
If successful, your device's Bootloader is now unlocked!!!
Rooting​
Knowing which active slot you're booting into will change the next steps slightly. If it's _a, then all following commands will have an _a instead of _b .
Before rebooting after unlocking, use the command: py mtk r boot_b,vbmeta_b boot_b.bin,vbmeta_b.bin to backup your boot and vbmeta partitions respectively. (you will find them in the mtkclient folder afterwards!!)
reboot your phone. a warning screen will show up, don't panic!!!. It will ask you to Factory reset the phone upon successfully booting. Do it and reboot.
Setup your phone normally, then install the aforementioned Magisk APK.
Transfer the backed up boot.bin to your phone and patch it manually inside Magisk.
Transfer the Patched boot image back to your mtkclient folder and rename to i.e boot_magisk.bin.
Turn off your device and launch the command: py mtk w boot_b,vbmeta_b boot_magisk.bin,vbmeta.img.empty. Connect the phone.
when done, reboot your phone and launch Magisk. It will ask you to reinstall itself to complete the setup. Ignore the warning.
Go to Settings and switch to the Beta Update Channel, Reinstall Magisk 23.0 beta and Magisk manager again.
If successful, Your phone is now rooted.
​Passing SafetynetAPI​
Turn on Magisk Hide and repack Magisk Manager from Settings.
Install latest Riru core from Manager.
Install this Universal Safetynet fix by kdrag0n.
reboot and enjoy!!
Credits for all of this goes to:
bkerler for his awesome Tool, none of this is possible w/o it.
Topjohnwu for Magisk.
@kdrag0n for his Safetynet fix.

Slim K said:
​Disclaimer​
​Introduction​​
After finding this amazing device (LKM-EMW) for a very cheap price (90 euros new), I made the fatal mistake of updating through OTA to the Latest Android 10 version 00f.
So where is the Problem?? The latest .DZ from the KDZ firmware wasn't extractable through any tool or script I could find anywhere online, Only the Android 9 ROM was working, but Downgrading through LGUP or LG Flash tool was very risky!!!! (due to ARB protection).
Since this phone's Fastboot mode was replaced with LG's own DOWNLOAD mode, using Fastboot commands to flash the Magisk's patched boot image was impossible. QFIL was also not a possibility, Considering it ships with a MTK chipset, and using SP flash tool will require This phone's particular Scatter file and a signed DA from LG to work, leaving me with no other choices for obtaining Root access.
That is, until I found the following tool: mtkclient by bkerler.
Prerequisites​
backup of your DATA. (during and after unlocking the Bootloader, your data partition must be wiped!!!!)​
Preferably a Windows PC (you will need LGUP in case something goes wrong anyways).​
MTK ALL-in-one 1.0.8 drivers and LG's drivers installed.​
mtkclient installed and running (don't ask me how-to, the Github page is pretty self explanatory).​
This Magisk Alpha Build patched for MTK downloaded for installation.
Since this device uses an A/B partitioning system, you need to know which slot is the active one. Using this App, under the System tab, you can find out which one is active. Mine was _b slot.​
and above all.... Patience.​
Unlocking the Bootloader​
(please note, using python [command] didn't work for me for some reason. However, using py [command] worked for me. Use what works!)​
Turn on OEM Unlocking and USB Debugging in Developers Options.
Turn off your phone and remove sim/sdcard.
launch cmd inside the mtkclient folder or cd into it.
backup your Preloader by using: py mtk dumppreloader --filename=preloader.bin.
connect your phone turned off while holding the Volume Down + the Assistant buttons to boot into BROM mode. The Preloader backup will run automatically.
After it's complete, disconnect your device's cable. You will need to do this after every step.
Run the command: py mtk e metadata,userdata and connect while holding the button combo. Wait for it to complete.
Disconnect again, then run: py mtk xflash seccfg unlock and reconnect.
If successful, your device's Bootloader is now unlocked!!!
Rooting​
Knowing which active slot you're booting into will change the next steps slightly. If it's _a, then all following commands will have an _a instead of _b .
Before rebooting after unlocking, use the command: py mtk r boot_b,vbmeta_b boot_b.bin,vbmeta_b.bin to backup your boot and vbmeta partitions respectively. (you will find them in the mtkclient folder afterwards!!)
reboot your phone. a warning screen will show up, don't panic!!!. It will ask you to Factory reset the phone upon successfully booting. Do it and reboot.
Setup your phone normally, then install the aforementioned Magisk APK.
Transfer the backed up boot.bin to your phone and patch it manually inside Magisk.
Transfer the Patched boot image back to your mtkclient folder and rename to i.e boot_magisk.bin.
Turn off your device and launch the command: py mtk w boot_b,vbmeta_b boot_magisk.bin,vbmeta.img.empty. Connect the phone.
when done, reboot your phone and launch Magisk. It will ask you to reinstall itself to complete the setup. Ignore the warning.
Go to Settings and switch to the Beta Update Channel, Reinstall Magisk 23.0 beta and Magisk manager again.
Se for bem sucedido, seu telefone está agora enraizado.
​Passing SafetynetAPI​
Turn on Magisk Hide and repack Magisk Manager from Settings.
Instale o núcleo riru mais recente do Manager.
Instale esta correção Universal Safetynet por kdrag0n.
reiniciar e desfrutar!!
Créditos para tudo isso vai para:
bkerler for his awesome Tool, none of this is possible w/o it.
Topjohnwu para Magisk.
@kdrag0n for his Safetynet fix.
Click to expand...
Click to collapse
Slim K said:
​Disclaimer​
​Introduction​​
After finding this amazing device (LKM-EMW) for a very cheap price (90 euros new), I made the fatal mistake of updating through OTA to the Latest Android 10 version 00f.
So where is the Problem?? The latest .DZ from the KDZ firmware wasn't extractable through any tool or script I could find anywhere online, Only the Android 9 ROM was working, but Downgrading through LGUP or LG Flash tool was very risky!!!! (due to ARB protection).
Since this phone's Fastboot mode was replaced with LG's own DOWNLOAD mode, using Fastboot commands to flash the Magisk's patched boot image was impossible. QFIL was also not a possibility, Considering it ships with a MTK chipset, and using SP flash tool will require This phone's particular Scatter file and a signed DA from LG to work, leaving me with no other choices for obtaining Root access.
That is, until I found the following tool: mtkclient by bkerler.
Prerequisites​
backup of your DATA. (during and after unlocking the Bootloader, your data partition must be wiped!!!!)​
Preferably a Windows PC (you will need LGUP in case something goes wrong anyways).​
MTK ALL-in-one 1.0.8 drivers and LG's drivers installed.​
mtkclient installed and running (don't ask me how-to, the Github page is pretty self explanatory).​
This Magisk Alpha Build patched for MTK downloaded for installation.
Since this device uses an A/B partitioning system, you need to know which slot is the active one. Using this App, under the System tab, you can find out which one is active. Mine was _b slot.​
and above all.... Patience.​
Unlocking the Bootloader​
(please note, using python [command] didn't work for me for some reason. However, using py [command] worked for me. Use what works!)​
Turn on OEM Unlocking and USB Debugging in Developers Options.
Turn off your phone and remove sim/sdcard.
launch cmd inside the mtkclient folder or cd into it.
backup your Preloader by using: py mtk dumppreloader --filename=preloader.bin.
connect your phone turned off while holding the Volume Down + the Assistant buttons to boot into BROM mode. The Preloader backup will run automatically.
After it's complete, disconnect your device's cable. You will need to do this after every step.
Run the command: py mtk e metadata,userdata and connect while holding the button combo. Wait for it to complete.
Disconnect again, then run: py mtk xflash seccfg unlock and reconnect.
If successful, your device's Bootloader is now unlocked!!!
Rooting​
Knowing which active slot you're booting into will change the next steps slightly. If it's _a, then all following commands will have an _a instead of _b .
Before rebooting after unlocking, use the command: py mtk r boot_b,vbmeta_b boot_b.bin,vbmeta_b.bin to backup your boot and vbmeta partitions respectively. (you will find them in the mtkclient folder afterwards!!)
reboot your phone. a warning screen will show up, don't panic!!!. It will ask you to Factory reset the phone upon successfully booting. Do it and reboot.
Setup your phone normally, then install the aforementioned Magisk APK.
Transfer the backed up boot.bin to your phone and patch it manually inside Magisk.
Transfer the Patched boot image back to your mtkclient folder and rename to i.e boot_magisk.bin.
Turn off your device and launch the command: py mtk w boot_b,vbmeta_b boot_magisk.bin,vbmeta.img.empty. Connect the phone.
when done, reboot your phone and launch Magisk. It will ask you to reinstall itself to complete the setup. Ignore the warning.
Go to Settings and switch to the Beta Update Channel, Reinstall Magisk 23.0 beta and Magisk manager again.
If successful, Your phone is now rooted.
​Passing SafetynetAPI​
Turn on Magisk Hide and repack Magisk Manager from Settings.
Install latest Riru core from Manager.
Install this Universal Safetynet fix by kdrag0n.
reboot and enjoy!!
Credits for all of this goes to:
bkerler for his awesome Tool, none of this is possible w/o it.
Topjohnwu for Magisk.
@kdrag0n for his Safetynet fix.
Click to expand...
Click to collapse
hello everyone, View attachment 5430177at the beginning the commands to unlock the bootloader, py (comand) = is to write py unlock bootloader?

[email protected] said:
hello everyone, View attachment 5430177at the beginning the commands to unlock the bootloader, py (comand) = is to write py unlock bootloader?
Click to expand...
Click to collapse
I don't understand your question. Can you use a better translator/formulate the question clearly? Also, if such a command existed, why would I write 3 paragraphs and a Guide?
My advice, go to the Github page of the tool and read/learn how the tool works first, then come back here if you're stuck.

Thx for this guide! my backup phone k41s is finally rooted

You are a very smart person. We finally have root for LGk41s (WORKS in K51s too).
Thanks!

Does this work on a provider locked LG K40?

Tem como flashear GSIs?

I was able to root my LG K51 from T-Mobile by following this guide.
I appreciate it!

It's don't work to LG K40S (Android 9 and 10), if you brick your phone u can reset them with:
*Backup command (Depend of which active slot, u use command with a or b):
py mtk w boot_a,vbmeta_a boot_a.bin,vbmeta.img.empty
py mtk w boot_b,vbmeta_b boot_b.bin,vbmeta.img.empty
*LGUP flash utility:
LGUP-FLASH-Utility (Based on LGUP-1.16-Cmd and LGUP-1.17-LGUP_Common.dll)
Hi, I think that this is my first post, today I received a LG G820TM to flash it, I found a LGUP version at LG G7 forum, cmd based (LGUP_Cmd.exe), so I managed to prepare something to work with, using a batch file, this gave me some problem with...
forum.xda-developers.com

try to install a twrp custom recovery, please!

guys,, someone already tried to install a gsi, by, mtkclient?
I tried, installing the avoc, on the partition system_ but the loop, extranho, if ma gsi has all the apps to start, q missing something I'm not seeing?

Mod edit - translated by https://www.deepl.com/translator:
Guys, it is possible to install a gsi in lgk41s, but when you install it asks for a password!
******************************
{Mod edit: Link removed}

alexandre-2717 said:
Mod edit - translated by https://www.deepl.com/translator:
Guys, it is possible to install a gsi in lgk41s, but when you install it asks for a password! If anyone wants to help or know more, has a group on telegram!
******************************
Pessoal, é possivel instalar uma gsi no lgk41s, mas quando instala ela pede uma senha! Se alguem quiser ajudar ou saber mais, tem um grupo no telegram!
{Mod edit: Link removed}
Click to expand...
Click to collapse
@alexandre-2717
1. As courtesy, I've translated your above post. With reference to rule no. 4 of the XDA Forum Rules, please post in English or add at least an English translation to your Portuguese posts. Thanks for your cooperation!
Spoiler: Rule No. 4
4. Use the English language.
We understand that with all the different nationalities, not everyone speaks English well, but please try. If you're really unable to post in English, use an online translator. You're free to include your original message in your own language, below the English translation. (This rule covers your posts, profile entries and signature). You could try :- https://translate.google.com/ or https://www.babelfish.com/ or use one of your choice.
2. I've removed the reference to Telegram from your above post. As an exemption from the last bullet of rule no. 5 of the XDA Forum Rules, we grant only developers the privilege to share references to their social media in their own development threads. These conditions obviously don't apply to your thread or you.
Regards
Oswald Boelcke
Senior Moderator

hello everyone, could someone tell me, if it's possible to delete certain files, with some mtkclient command, like locksettings.db which is in data/system/ please , and would I also like to shoot zip files? flesheei a gsi, and i'm stuck in the enter you password to start android screen, if i format py mtk and data, it's loop,

@Oswald Boelcke
thank you and sorry rss
{Mod edit: Quotation fixed}

Slim K said:
como uma ferramenta funciona primeiro e v
Click to expand...
Click to collapse
Rickpad said:
Thx for this guide! my backup phone k41s is finally rooted
Click to expand...
Click to collapse
Does anyone know if it's possible to do this on android 9, on 10 I can, but on 9 no, I wanted to because on android 9 there's recovery even if it's stock, is this a serto development site? does anyone know what prevents?

Great method, not that hard (Although not easy either)
Be aware that you first press the assistant + volume down button and then connect the USB to your PC, not the other way around. I didn't realize this earlier and almost pulled my hair out trying to understand why the program was freezing and sending errors
Also, the bootloader unlock command is outdated now, it was changed to py mtk da seccfg unlock
Worked on single-sim version (LM-K410HM)

Does it work on LG k52?

BRAIAN058 said:
Does it work on LG k52?
Click to expand...
Click to collapse
It's mediatek CPU, probably works, wouldn't hurt to try

[email protected] said:
hello everyone, could someone tell me, if it's possible to delete certain files, with some mtkclient command, like locksettings.db which is in data/system/ please , and would I also like to shoot zip files? flesheei a gsi, and i'm stuck in the enter you password to start android screen, if i format py mtk and data, it's loop,View attachment 5492953
Click to expand...
Click to collapse
does anyone know how to remove Vbmeta verification via MTKCLIENt?

Related

[guide] Blu Vivo XL4 | | Vivo Xi || Vivo Xi+

The BLU VIVO XL4 has arived.
Sorry this guide is not for very new users, it relies on certain amount of prior knowledge.
**NOTE**
Unlocking Bootloader WILL set warranty flag to "NO"
Make the read-back backup, BEFORE unlocking, so there is a possibility to restore warranty to "yes"
Getting SPFlash Tool to work on BLU VIVO XL4
I used sp flash tool version 5.18.28
Needs custom DA file and Auth file. Both have been found from a near clone device.
Open flash tool select the DA file and Auth file from the link below.
add the scatter file from archive. There is a preloader file in the archive also. This is needed for spflash tool to open the Auth file.
Stock Rom and Auth file
Then follow the guide found on youtube.
Not planning to go into too much detail about the actual pulling of the firmware, as there is already
a fantastic guide with step-by-step photos and also a video.
Just the basics
Pull stock rom with spflash tool once just from the "boot region" to get the preloader file.
Process that file with the Wwr_MTK tool to get partition table information.
And one more time pull as one large binary file from the "user region" then split it into
individual images using the tool called "Wwr_MTK" it can be found on other site(Hovatek). I cannot put a
link as it is against forum rules (no advertising other forums)
But there is a youtube video that describes the process. And gives link for download of the tool.
**NOTE-1**
The Wwr_MTK tool did not have the correct chip (mt6762 In fact the "family class" for the chip is mt6765) as an option. Because of this you will need to add it to the tool before using it. Open the downloaded zip.( I used "WwR_MTK_2.40_Eng" ). Open "Template.ini" with text editing software, in the section labeled "CPU" add "MT6765 2" , keep same format as the rest of the file. Save the changes and close Template.ini.
Now when you run the tool, you will be able to create the scatter file as you split the rom into files.
**NOTE-2**
The tool connects to internet and downloads fresh the files and scripts when you start it. There is a 30 second ad screen displayed. If you block internet to the tool, then the add screen turns into 2 minute wait screen. I am not suggesting that you hack the tool to by-pass it, just letting you know what to expect.
IT IS HIGHLY RECOMMENDED TO MAKE YOUR OWN FULL BACKUP BEFORE PERFORMING THESE STEPS
AFTER YOU HAVE MADE FULL BACKUPS
Now to start modifying
DOWNLOAD
UNLOCK BOOTLOADER
unlocking bootloader is no more complicated then then enabling OEM unlock toggle in dev options menu.
Then performing Command in terminal. Just like so many android devices.
Unlock Bootloader
1. Enable Developer options on phone:
open settings--> "about device"--> click build number 5-7 times--> go back one screen in settings
-->select more "more settings" --> scroll to bottom "Develpoer options" --> enable "usb debugging"
2. Open cmd or power shell terminal
3. reboot phone to bootloader with the following commands
Code:
adb reboot bootloader
4.Once the phone has finished loading into fastboot mode type this command
Code:
fastboot oem unlock
I also did --MIGHT be an optional step
Code:
fastboot flashing unlock
Do not think both were needed.
After each command when phone was rebooted,
it took extra time to open. But did not show the normal recovery screen while
it did the factory reset. But a reset did happen both times,
as I had the setup wizard each time.
Even after unlocking bootloader, doing a "fastboot boot *xyz.img" (boot or recovery test images)
Phone would only cycle to off then do a full reboot. Doing "fastboot flash boot boot.img" does flash the boot.
And "fastboot flash recovery recovery.img" does flash the recovery.
TWRP
1. Download TWRP From Link above
2. Enable Developer options on phone:
open settings--> "about device"--> click build number 5-7 times--> go back one screen in settings
-->select "more settings" --> scroll to bottom "Develpoer options" --> enable "usb debugging"
3. Open cmd or power shell terminal
4. reboot phone to bootloader with the following commands
Code:
adb reboot bootloader
5. Now give the command to flash twrp, assuming you downloaded the file to default download folder
Code:
fastboot flash recovery %userprofile%\downloads\TWRP-3_2_3-1020-OMFG-mod_b6-device-name-vivo-wipe-misc.img
5. Reboot to twrp. Needed to boot directly to twrp, or stock recovery will be re-flashed by phone.
Code:
fastboot oem reboot-recovery
Once inside twrp It is asking for password to unlock (decrypt)***automatic decrypt not work on this device as of YET***
this is supposed to be same password used to unlock phone.
Because this twrp does not work with encryption, every time you reboot you will have to select language, if changed from default.
To get recovery to be functional, you need to make phone patched for both "DM-Verity" and "Force-encryption"
I do this with
"Universal Disabler"
https://forum.xda-developers.com/android/software/universal-dm-verity-forceencrypt-t3817389
There is similar utiliy built into this Recovery image.
to use the built in option , Select ADVANCED, Then RM Forceencrypt
This will flash the lazypatcher with options set to remove encryption both in boot.img and /vender/*fstab : remove dm-verity.
--OR-- manually do the following steps
Steps
1. Download Zip from Link above.
2. Open TWRP
3. Open Wipe menu
4. Select format /data
5. Key in "YES" and swipe
6. Return to Home Page of TWRP
7. Choose reboot menu then recovery
8. Recovery should now have access to Internal memory (temp for now)
9. Use abd push to put the zip file downloaded above to internal memory
Code:
adb push %userprofile%\downloads\Disable_Dm-Verity_ForceEncrypt_12.16.2018.zip /sdcard/
10. Select install menu , and install the Disable_Dm-Verity_ForceEncrypt_12.16.2018.zip
Do not rename the file. It installs and makes the patch base on the file name.
If you want to have root also, then flash Magisk at this point.
Now the dm-verity and force encryption are off. You can flash gsi custom rom, if you desire. At the moment, I have only been able to boot the phone with working cell data and calls on the PHH-Phusion --vanilla builds. Do not know why the gapps versions do not allow rill to function.
As of the writing of this I have put up V4 of the TWRP port. This version uses the correct mount points for this phone, not the ones from the source of the port. Also corrected the device name in default.prop, to match device name. Build fingerprint has been left as is. Fixed the micro sdcard name and OTG names. Added mipe to the "misc" /"para" partition to escape a factory reset recovery loop that [uu]could[/u] happen under certain situations.
And my prefered ported recovery from LRTeam TWRP-3_2_3-1020-OMFG-mod_b6-device-name-vivo-wipe-misc.img.
DOWNLOADS
Files
1. Sp Flash tool (v 5.18.28 or newer) https://androidmtk.com/smart-phone-flash-tool
2. stock XL4 ROM, DA file, TWRP all in shared folder https://androidfilehost.com/?w=files&flid=287088
3. stock Xi+ ROM, TWRP in shared folder https://androidfilehost.com/?w=files&flid=287703
4. Unviversal DM-Patch disable tool thread
5. Youtube Guide Video to use backup image splitter tool "WWR_MTK" https://www.youtube.com/watch?v=GMAytZ56hac
Kernel sources have been published 12-12-2018, by BLU
I have them synced to GitHub while I make test builds.
https://github.com/mrmazakblu/BLU-VIVO-XL4-kernel
Default defconfig should be arch/arm64/config/k62mv1_64_bsp_defconfig. Based off of build description in "getprop"
Built kernel has not been able to be booted yet.
TWRP is first ported and provided thanks to @Voinea12
.
placeholder not really welcomed here on XDA
just pm a moderator or report this thread when you`re ready to upload something, until then, thread closed
After seeing that the Blu vivo xl4 requires an "auth file" in order to flash with spflash tool, I asked BLU to supply the file.
They responded with a big fat NO.
.......
.......
THE NEXT DAY THE FILE WAS POSTED ON A DIFFERENT THREAD.
SO THERE HELP WAS NO LONGER NEEDED.
Just made successfull readback on preloader. and currently reading full rom.
will post link when done.
here is auth file and DA file I used.
pulled firmware is here.
there are more images in complete firmware, but the ones included should be enough , as long as you NEVER do format all from spflash tool.
STOCK ROM
So far all attempts to load twrp have failed.
Also just tried to flash boot.img with the built kernel. When rebooted, phone just stayed on black screen. No back-light , nothing.
Just a repeating connect disconnect sound from pc. Long pressing power and trying to get into the bootloader menu failed.
Was able to Que up sp flash tool and keep holding the volume down button , on the next time it cycled on off preloader was caught and i was able to flash back the correct boot.img.
Working version is available now
Thread was opened.
mrmazak said:
So far all attempts to load twrp have failed.
Also just tried to flash boot.img with the built kernel. When rebooted, phone just stayed on black screen. No back-light , nothing.
Just a repeating connect disconnect sound from pc. Long pressing power and trying to get into the bootloader menu failed.
Was able to Que up sp flash tool and keep holding the volume down button , on the next time it cycled on off preloader was caught and i was able to flash back the correct boot.img.
Click to expand...
Click to collapse
My streak with SP Flash is still a losing one, the auth file works for my phone as well (Blu Vivo XI+), I just used the preloader.img that was in the update.zip and ran it through the WwR MTK Tool and got the preloader.bin to go with the auth file as you indicated you had done, that was one hurdle that your post helped me solve, but for some reason when I start reading the full rom I get about 6-10 MB into it and then it disconnects from my phone and stops. Not sure if its driver related or what, which drivers did you use for the readback?
psychofad said:
My streak with SP Flash is still a losing one, the auth file works for my phone as well (Blu Vivo XI+), I just used the preloader.img that was in the update.zip and ran it through the WwR MTK Tool and got the preloader.bin to go with the auth file as you indicated you had done, that was one hurdle that your post helped me solve, but for some reason when I start reading the full rom I get about 6-10 MB into it and then it disconnects from my phone and stops. Not sure if its driver related or what, which drivers did you use for the readback?
Click to expand...
Click to collapse
To be honest I have not installed driver specific for this. I have vcomm drivers installed, same from couple years ago.
Is the readback stopping because you set wrong hex address length in the readback tab?
mrmazak said:
To be honest I have not installed driver specific for this. I have vcomm drivers installed, same from couple years ago.
Is the readback stopping because you set wrong hex address length in the readback tab?
Click to expand...
Click to collapse
No, I got the readback of the EMMC_USER just fine and ran it through the WwR MTK tool and it gave me the hex address to use for the full rom readback, t then told me
Code:
The file size is smaller than the start position of the LK (uboot). To determine the type of processor and memory, it is necessary to read the full firmware in the SP Flash Tool, specify the parameters for reading: Start address: 0x0, Lenght: 0x1D1EC00000.
So I entered those two addresses as EMMC_USER readback. If my phone is off and I just connect it to the usb without holding any keys it gives me another error.....and I'm an idiot. just figured it out as I was looking at logs, apparently I must have changed the usb speed in sp flash which changes it's pid causing it to try and read from another port. It's downloading now
Thanks to @hanuma there is now a material themed twrp port.
The V2 version loads. But has no adb or mtp access
https://forum.xda-developers.com/showpost.php?p=78498431&postcount=95
https://mega.nz/#F!225EzQwT!t8hvGvmFoNYNvXev-Li1fQ
******EDIT*****
Most of the following problems did not repeat in same way when I tried to repeat the install process.
Main issue was with simcard. But exact process to get installed and working is still not known.
-- install after already having rooted, encryption removed stock, seems to work.
-- fresh full stock rom, full encryption, then gsi seems to not work sim card.
PHH-treble gsi images do boot this device. I do not have a bug list as yet.
working:WITH encryption removed:
1. wifi
2. camera
3. fingerprint- unlock
4. music
5. video
NOT working :WITH encyyption removed:
1. cell signal
2. cell data
3. phone
4. sms
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
working:WITH encryption enabled
1. phone
2. sms
NOT working:WITH encryption enabled
1.. everything else
EDIT
Much of the force closing problems were from a corrupted external sdcard. When I removed the card , the force close messages did not come.
Getting 4G data connection was not stable. after a full reset and rom re-install I was not able to get data connection, and only able to have connection to make calls when set to 3G connection only.
some bugs in vendor I assume will need some help solving this.
EDIT 2
Finally got around to trying again. his time I started with vanilla version of phh-treble gsi.
4G data and sms, calls in out all work. Camera , video both work.
WiFi tethering did not work.
Setup that worked :
force encryption removed with universal dm-verity patcher, ( bothboot.img and vendor partitions both edited).
magisk patched boot
Would this work on Blu Vivo XI since same chipset?
sinkoo1979 said:
Would this work on Blu Vivo XI since same chipset?
Click to expand...
Click to collapse
It should. I have been working with few users with Xi+ it works for them. And another user of Xi provided a twrp port, but no details on if this read-back worked. It must have, I suppose it must have.
Please do try to do the readback for your self, and share the files. will help with twrp if I can
Guide has been revised.
The original guide suggests to format /data and patch device to remove force encryption. This works fine for stock rom, and modifying stock rom. But I have found that removing encryption will not allow the phone to work as a phone when flashed with GSI. The down side is, at the moment, there is no twrp that is working to read the encrypted /data.
mrmazak said:
Guide has been revised.
The original guide suggests to format /data and patch device to remove force encryption. This works fine for stock rom, and modifying stock rom. But I have found that removing encryption will not allow the phone to work as a phone when flashed with GSI. The down side is, at the moment, there is no twrp that is working to read the encrypted /data.
Click to expand...
Click to collapse
Can any of this be done without a computer
Decaphyz said:
Can any of this be done without a computer
Click to expand...
Click to collapse
No, you need fastboot(PC preogram) to unlock bootloader and either sp flash tool or fastboot to flash recovery.
mrmazak said:
No, need you fastboot(PC preogram) to unlock bootloader and either sp flash tool or fastboot to flash recovery.
Click to expand...
Click to collapse
Oof
mrmazak said:
Thanks to @hanuma there is now a material themed twrp port.
The V2 version loads. But has no adb or mtp access
https://forum.xda-developers.com/showpost.php?p=78498431&postcount=95
https://mega.nz/#F!225EzQwT!t8hvGvmFoNYNvXev-Li1fQ
Click to expand...
Click to collapse
I just did this, and it worked the first time. I got into the phone and set it up. But it was super laggy after a while. So I decided to reset the phone like how you would normally do to fix a problem, and now... it’s making me boot into the recovery each and every time I try and boot into the system... i installed the gsi rom "PixelExperience for AOnly" at max lees site
IndifferentBear said:
I just did this, and it worked the first time. I got into the phone and set it up. But it was super laggy after a while. So I decided to reset the phone like how you would normally do to fix a problem, and now... it’s making me boot into the recovery each and every time I try and boot into the system... i installed the gsi rom "PixelExperience for AOnly" at max lees site
Click to expand...
Click to collapse
dont panic. this is minor bug. Easiest way to solve is to flash stock recovery. and do factory reset from there.
You can install image from twrp or fastboot, even spflashtool.
It is from the flag that is set into para(misc) partition.
You can clear it manually with terminal also, or even use one of the othe rtwrp images I shared. One with "misc" in the file name.
If you use one of those recoveries and do reset will also clear that reboot condition
mrmazak said:
dont panic. this is minor bug. Easiest way to solve is to flash stock recovery. and do factory reset from there.
You can install image from twrp or fastboot, even spflashtool.
It is from the flag that is set into para(misc) partition.
You can clear it manually with terminal also, or even use one of the othe rtwrp images I shared. One with "misc" in the file name.
If you use one of those recoveries and do reset will also clear that reboot condition
Click to expand...
Click to collapse
thanks dude! can you give me the command to run in terminal to do it? ill try that first, then ill try flashing stock recovery!
---------- Post added at 02:47 AM ---------- Previous post was at 02:44 AM ----------
mrmazak said:
dont panic. this is minor bug. Easiest way to solve is to flash stock recovery. and do factory reset from there.
You can install image from twrp or fastboot, even spflashtool.
It is from the flag that is set into para(misc) partition.
You can clear it manually with terminal also, or even use one of the othe rtwrp images I shared. One with "misc" in the file name.
If you use one of those recoveries and do reset will also clear that reboot condition
Click to expand...
Click to collapse
but i was required to wipe the sys, data, cache, and dalvik/art to have a clean install.
---------- Post added at 03:33 AM ---------- Previous post was at 02:47 AM ----------
mrmazak said:
dont panic. this is minor bug. Easiest way to solve is to flash stock recovery. and do factory reset from there.
You can install image from twrp or fastboot, even spflashtool.
It is from the flag that is set into para(misc) partition.
You can clear it manually with terminal also, or even use one of the othe rtwrp images I shared. One with "misc" in the file name.
If you use one of those recoveries and do reset will also clear that reboot condition
Click to expand...
Click to collapse
YO! Oaky so basic laly when i flashed that misc recovery IT BOOTED!!!!! thank you soo much dude, your the best!

Lenovo S5 Pro - L58041 (Global) [2020.03.21]

Welcome to this little thread in which I'll provide every useful information about this device based on my and other users's experiences. If you know something, that I didn't mention, please reply to this thread in order to help out each other even more effectively. Thanks and pleasant reading!​
The Lenovo S5 Pro is a very decent mid-ranger with good specs and even better pricing. We all know, that chinese manufacturers tend to install bloatware on their products time to time. In our case, Lenovo didn't release a single update since 2018 Novemer to this device. It means, that it came out with Android 8.1 Oreo (2018 November Security Patch) and left untouched. This is even worse, than Meizu which is famous for it's neglecting policy of software updates for global users. Now, that we know all this, it's not a surprise, that we are here on our favourite developer forum.
*** General information | Links | Downloads | Credits ***​
The official global firmware is now saved and available (thanks to our forum member nikosddesign) here: download & link to the post
Everything you will possibly need (PC software, drivers, stock camera app, VoLTE modem etc...) is available in this Yandex Disk, you just have to navigate to each one. (Most of the content is in russian, since Yandex is the russian Google, but it's not hard to find the files you'll need).
The previous links and the following tutorials are only available, because suninterbru (from 4pda forums) and radiationofthenation provided these informations and the tutorials, also so much thanks to everybody on the 4pda forums, who provided useful information and files, большое спасибо!
Even though the bootloader unlock, TWRP install and rooting should not cause data loss, be careful and create a backup. You can back up only your files and data or your whole ROM, it's up to you.
Please note, that after you've unlocked your bootloader, everytime your reboot or turn on your phone a warning will pop up during the boot process for about 1 second. On Android 9.0 Pie vendor the message pops up for about 5 seconds. The warning is about the side effects of modifying the system software and it also says, that it is not recommended to store any personal data on your device anymore. Please ignore this message, since it's only popping up, because manufacturers usually don't like, if you modify your device.
Pro tip: If you keep pressing your power button for a little longer you can skip the alert and boot faster.
*** Bootloader unlock ***
Please note, that your warranty will become invalid/void after you unlock your bootloader or root your device.​
0. In your device's developer settings enable bootloader/OEM unlock and USB debugging.
1. Visit the official ZUI bootloader unlock website.
2. Enter your IMEI1 number in the first field. (You can find your IMEI numbers in Settings\About or in the dialer enter: *#06#).
3. Enter your serial number in the second field. (You can find your serial number in the fastboot menu). The one in the settings is not good in this case! (To access the fastboot menu, turn off your phone, then press the power button and after you see your screen light up, immediately press the volume down (-) button or while it's turned on and USB Debugging is enabled, simply type in the terminal/cmd ,,adb reboot bootloader").
4. In the next field enter your email adress. (Please note, that Tutanota won't work, Gmail is recommended or other not secure email providers).
5. Enter the verification numbers in the last field.
6. Tick the checkbox.
8. Click on the blue button.
7. Now check your inbox and/or spam folder, because Lenovo just sent you your custom sn.img, only for your phone.
8. Save the sn.img to your PC and install ADB drivers system-wide. (Thank you Snoop05 for your work)!
9. Open a terminal/cmd on Windows. You should be in the same directory, where your sn.img file is, with the terminal. To change directories type ,,cd your directory goes here" and hit ENTER.
10. Run the following commands:
- adb reboot bootloader
- fastboot flash unlock sn.img
- fastboot oem unlock-go
11. Congratulations! Your bootloader is now unlocked!
*** TWRP Recovery ***​1. Download the .img file from here.
2. The steps are similar to the bootloader unlocking:
- adb reboot bootloader
- fastboot flash ,,downloaded" .img
- After the flashing is done DON'T reboot to the system, instead navigate to the ,,Reboot Recovery or Recovery Reboot" option and select it. (Volume keys and power key - you know the drill) This will ensure, that the TWRP Recovery doesn't get ereased on reboot(s)!
3. After you've successfully rebooted into TWRP, you should root your device with Magisk, to prevent the recovery erasure!
*** ROOT ***​1. The good old SuperSU is no longer in the picture, but don't worry a new player is in the game. Download Magisk from here. (Thank your for your work topjohnwu)!
2. After you've downloaded the flashable .zip copy it to the main directory/root of your device.
3. Reboot to TWRP.
4. Click install, select the flashable .zip file.
5. The installation process should start.
6. Reboot, after finished.
7. Check if Magisk Manager is installed or not, if yes tap and update it.
8. If you did not succeed, please check the Magisk topic for solutions or reply to this thread.
*** Factory reset | Stock ROM | Unbrick | LOST IMEI/PERSIST/EFS | QCN BACKUP/RESTORE ***
!!! NEVER EVER TICK ,,ERASE ALL BEFORE DOWNLOAD" IN QFIL, OTHERWISE YOU WILL LOSE YOUR IMEI AND THE ABILITY TO CONNECT TO MOBILE NETWORKS !!!​
If you accidentally clicked on that option you will have to restore someone elses QCN backup. (It will not work, if you backup your own QCN and rewrite your IMEI and restore it, so do not waste your time with that)! Luckily, a member of the 4PDA forums published their qcn backup. (большое спасибо geepnozeex)! QCN backup for Lenovo S5 Pro. (I modified the link, because the original one is no longer valid)
1. Download the linked QCN file.
2. Make sure, that you are on one of the Stock ROMs, however the recommended ROM is this one.
3. You will have to be rooted to put your device in diagnostics mode. To do that, follow this tutorial.
4. You will have to edit the QCN file with HxD, in order to write your own IMEI into.
5. Open the file with HxD and search for 08 8A 76 06 06 14 57 95 32. This is the IMEI 2. You will have to insert your IMEI 2 from the box here, but first you will have to convert it into Hexadecimal numbers.
6. Convert your IMEIs into Hexadecimal numbers here.
7. You will have to rewrite and insert your values insted of the previous one.
8. Search for 08 8A 76 06 06 04 67 98 72. This is IMEI 1. Convert your IMEI 1 into Hexadecimal numbers, too and replace.
9. Save the file (Ctrl + s)
10. Open QFIL and click on Tools, then QCN Backup/Restore.
11. Choose the QCN file, you wrote your IMEI into.
12. Click on Restore QCN.
13. There is a chance, that the process/progress bar won't finish till the end. No problem, just reboot to EDL mode through TWRP/Advanced and restore the recommended stock ROM.
14. You should have everything working fine, now.
To factory reset or unbrick your device, follow this tutorial on 4PDA. [Don't panic you don't have to know russian, just follow the instructions on the pictures! To see the pictures, click on the bold text.] ,,(спойлер (+) (Инструкция по прошивке)" ~ or ~ Download any of the previously linked STOCK ROMs to your device's main folder and flash them through TWRP. Most of them are in flashable .zip formats and should work well. A simple factory reset in TWRP is recommended before installing any of the ROMs, be careful this action will erease your data from your phone!
(Please note, that most of the time you'll have to use the QPST/QFIL method, because the flashable .zip files always expect a specific vendor version, usually a lower one, so you can upgrade with flashable .zips, but possibly can't downgrade, so you have to use QFIL)!
*** GSI custom ROMs ***
Our device is arm64-aonly, so please only use according GSIs. Note, that I will link only those GSIs, which are booted successfully on my device!​
~ phhusson's official GSI list: here
~ phhusson's AOSP GSI (Android Open Source Project): here
~ developerluke's ExpressLuke GSIs: here
~ eremitein's CAOS GSI Project: here
~ eremiten's LOSQ GSI Project: here
~ igors1974's Amber GSIs: here
~ tunasahinn's and yek4perf's Tunahan's GSI builds: here
~ mrsshunt3r's albus-gsi: here
Note, that you should keep up with the developments and update your system, if needed! These are just a few GSIs, that I've tested personally on my phone, but you can always keep up with the latest news and try new GSIs out, thanks to phhusson's official GSI list!
*** How to flash an Android 10 GSI ***​
1. Download the latest custom phh-magisk from here. (Thank you developerluke and phhusson)!
2. Download the latest Disable_Dm-Verity_ForceEncrypt from here. (Thank you Zackptg5 and others)!
3. Download your desired GSI.
4. You can flash from an USB-OTG flash drive or from the storage of your phone. (I personally have a dedicated USB for this purpose).
4.1 If you are coming from stock ROM you will most likely need to Format Data in this step, because the Disabler won't be able to decrypt the data and, that will cause a stuck at the boot logo!
4.2 Reboot Recovery
5. In TWRP perform a normal factory reset
6. Flash Disable_Dm-Verity_ForceEncrypt. (Cache wipe is optional).
7. Flash your GSI image.
8. Format Data (Skip this step if you already did this in 4.1)!
9. Reboot Recovery (Skip this step, too if you already did this in 4.2)!
10. Flash Magisk-phh
(11. Wipe cache/dalvik).
12. Reboot System
13. Enjoy!
*** Possible GSI bugs ***
Please note, that bugs can differ/vary on different GSIs, the numbers are not fully accurate!
​
1. The default camera app will work, however it doesn't support HDR, panorama or portrait modes. It also can't record in 4K resolution. Freezing is also possible. ~ 50%
2. First time, when you open the camera it'll stuck on loading, but after you go back and open it again it will work flawlessly. ~ 50%
3. No audio/microphone during phone calls. ~ 15%
*** Guaranteed GSI bugs*** ​1. The infrared face unlocking will not work, only fingerprint authentication is working. ~ 100%
2. You won't be able to charge your device while it's turned off, after you plug it in, it will automatically boot up. ~ 100%
3. Auto brightness. ~ 100% (There is a fix for auto brightness below)!
*** Camera fix (GSI) ***
(If you get ,,serious camera error" or your camera freezes on HDR)​
1. Download a custom camera app, where you can manually adjust the ISO level.
2. With OpenCamera, for example you have to adjust ISO to 800 and never above, because your camera will freeze!
3. So, always keep ISO 800 or under. With these settings even HDR shots are working!
*** Auto brightness (GSI) ***​1. Download framework-res__auto_generated_rro.apk from this thread.
2. Follow the instructions, which are described in this post. (You will need to have root to use ,,su" commands).
3. Thank you MishaalRahman and kAs1m for the apk and the instructions!
Twrp disappears when restarting
Help, twrp disappears when restarting. After installing it by: "fastboot flash recovery trwp.img". right there I start it with the "Vol + Power" keys and it starts correctly but when you turn it off and back in, "stock recovery" appears again. I also installed it again using the same twrp, but it disappears again.
kcire_eae said:
Help, twrp disappears when restarting. After installing it by: "fastboot flash recovery trwp.img". right there I start it with the "Vol + Power" keys and it starts correctly but when you turn it off and back in, "stock recovery" appears again. I also installed it again using the same twrp, but it disappears again.
Click to expand...
Click to collapse
Hello, please don't reboot after sending the recovery image to the phone. Execute the:" fastboot reboot recovery " command. Now it is going to work.
Halwer said:
Hello, please don't reboot after sending the recovery image to the phone. Execute the:" fastboot reboot recovery " command. Now it is going to work.
Click to expand...
Click to collapse
It didn't work, given: "fastboot: usage: unknown reboot target recovery" Sorry for the long time to answer, I only have mobile data, and from this same mobile I answer, and I use google translator, I'm from Mexico.
Halwer said:
Hello, please don't reboot after sending the recovery image to the phone. Execute the:" fastboot reboot recovery " command. Now it is going to work.
Click to expand...
Click to collapse
Foto
kcire_eae said:
Foto
Click to expand...
Click to collapse
Well, it looks good. Maybe only " reboot recovery " is enough.
Halwer said:
Well, it looks good. Maybe only " reboot recovery " is enough.
Click to expand...
Click to collapse
It didn't work, friend, but I appreciate the help.
kcire_eae said:
It didn't work, friend, but I appreciate the help.
Click to expand...
Click to collapse
I'm sorry. Do an internet search and check related TWRP forums for solutions for this specific issue. For me everything is working fine. Are you sure you unlocked your bootloader first?
Halwer said:
I'm sorry. Do an internet search and check related TWRP forums for solutions for this specific issue. For me everything is working fine. Are you sure you unlocked your bootloader first?
Click to expand...
Click to collapse
Help, I did the following and I no longer start my mobile:
-fasboot flash recovery twrp.img.
-fasboot flash boot twrp.img.
-fasboot reboot.
now just start twrp even if restart restart twrp again, in the twrp browser my sdcard files are shown, maybe you can still help me please.
kcire_eae said:
Help, I did the following and I no longer start my mobile:
-fasboot flash recovery twrp.img.
-fasboot flash boot twrp.img.
-fasboot reboot.
now just start twrp even if restart restart twrp again, in the twrp browser my sdcard files are shown, maybe you can still help me please.
Click to expand...
Click to collapse
You should not have flash the recovery image to the boot partition. These partitions are not the same, be careful! Now you can save your data from TWRP via MTP connection to your computer. After that restore your phone with QPST to the latest pie ROM or to the oreo ROM from yandex. The oreo ROM is flashable from recovery, it is easier.
Halwer said:
You should not have flash the recovery image to the boot partition. These partitions are not the same, be careful! Now you can save your data from TWRP via MTP connection to your computer. After that restore your phone with QPST to the latest pie ROM or to the oreo ROM from yandex. The oreo ROM is flashable from recovery, it is easier.
Click to expand...
Click to collapse
Is it possible to just flash the boot partition (boot) again, if I get the boot.img from another rom?
I don't want to lose the stock rom:crying:
kcire_eae said:
Is it possible to just flash the boot partition (boot) again, if I get the boot.img from another rom?
I don't want to lose the stock rom:crying:
Click to expand...
Click to collapse
Maybe you can try to download a ROM file, extract it and flash the boot image, but I'm not sure if it is going to work.
Halwer said:
Maybe you can try to download a ROM file, extract it and flash the boot image, but I'm not sure if it is going to work.
Click to expand...
Click to collapse
I'm going to try, and even,
on this page there are android 9, will it be true?
"https: // mirrors.lolinet.com/ firmware / lenovo /l58041/"
but first I will do it with the "O" stock, which you mention here.
I hope it will work again.
kcire_eae said:
I'm going to try, and even,
on this page there are android 9, will it be true?
"https: // mirrors.lolinet.com/ firmware / lenovo /l58041/"
but first I will do it with the "O" stock, which you mention here.
I hope it will work again.
Click to expand...
Click to collapse
You should do the oreo version, if your were on the global oreo ROM. After that you can try the pie version, if nothing works don't worry you can do a backup of your data from twrp to your computer and flash a custom ROM or the chinese Pie version, which is recommended. With root access you can easily debloat the chinese ROM and with AdAway you can disable all communications pointing to chinese servers or websites. I also found these. Maybe you can give them a try.
After a few hours I was finally able to install the "Chinese stock rom", although I struggled, since the files of the "rom" of the l58041 do not quite coincide with the "stupdroid" tutorial and some files have two different versions, something like that:
here I chose the "ddr" .
prog_emmc_firehose_xxxx_ddr.mbn (.elf). prog_emmc_firehose_xxxx.lite.mbn (.elf).
here I chose the "retain_userdata".
rawprogram0.xml. rawprogram0_retain_userdata.xml.
and in qfil "Flat Build", however I don't know if it was the right thing because at the beginning I was asked for a password ("but that's another topic").
To add a language (without root), use local more apk.
"https: // c. mi. com / thread-2098669-1-0.html"
To root the "radiationofthenation" thread worked me.
"https:. //forum .xda-developers . com/general/help/lenovo-s5-pro-root-global-firmware-help-t3895643/page2"
kcire_eae said:
After a few hours I was finally able to install the "Chinese stock rom", although I struggled, since the files of the "rom" of the l58041 do not quite coincide with the "stupdroid" tutorial and some files have two different versions, something like that:
here I chose the "ddr" prog_emmc_firehose_xxxx_ddr.mbn (.elf). prog_emmc_firehose_xxxx.lite.mbn (.elf).
here I chose the "retain_userdata" rawprogram0.xml. rawprogram0_retain_userdata.xml.
and in qfil "Flat Build", however I don't know if it was the right thing because at the beginning I was asked for a password ("but that's another topic").
To add a language (without root), use local more apk.
"https: // c. mi. com / thread-2098669-1-0.html"
To root the "radiationofthenation" thread worked me.
"https:. //forum .xda-developers . com/general/help/lenovo-s5-pro-root-global-firmware-help-t3895643/page2"
Click to expand...
Click to collapse
I'm glad it is working for you now. Yes, you are right the tutorials flap at some points, but there are other tutorials which you can follow and make it work. For the first time I was struggling with the restoration, too. You will see, that the chinese ROM is quite good, you just have to uninstall the bloatware and disable spying DNS requests.
Halwer said:
I'm glad it is working for you now. Yes, you are right the tutorials flap at some points, but there are other tutorials which you can follow and make it work. For the first time I was struggling with the restoration, too. You will see, that the chinese ROM is quite good, you just have to uninstall the bloatware and disable spying DNS requests.
Click to expand...
Click to collapse
Ohh, explain more about spying. And also if you know something about the message that Android told me when I start. I remember that I flashed twrp.img using "fastboot", and when I asked for a password to decrypt, it only allowed me to clear cache and dalvit cache (I did wipe), and when I started again I showed a message saying that I was encrypting and a percentage, just here, I interrupted the process by turning off the cell phone, and flashed again with qfil (download). So when I start I just remember that I said something about the cell phone being restored and then I could restore the copy with my Google account. So what I think is that when the message of "TO START ANDROID ENTER YOUR PASSWORD" is displayed, it may work to interrupt or perhaps to put the incorrect password many times to automatically reset or also choose "rawprogram0.xml" in qfil (but I did not dare because it deletes it the information related to the imeil and the signal or at least that says some comments ). Now there is only one who can interpret what happened and to have clearer the restoration process, the rom seems to me very much the problem of the language is solved with "more local", I am from Mexico (At & t).
good morning i have good new
i have been backing up the global rom
just wants to go a long time it is super compressed 3.5giga and it is regular size 10.6 g
nikosddesign said:
good morning i have good new
i have been backing up the global rom
just wants to go a long time it is super compressed 3.5giga and it is regular size 10.6 g
Click to expand...
Click to collapse
Thank you, I'm sure some people will find it very useful!
Hello
it's about 4gigabyte have to be patient.
i have very bad internet connection...

Blackview BV9800 PRO Rugged Beast MAGISK ROOT REQUIRED

Hi everyone,
I have rooted my last few smartphones and was always happy with it. Now I got new Blackview BV9800 PRO and I want to root it with Magisk. but as the phone is new, there is lack of information on the internet, Anyway, I have found some information, but it is not complete and I believe You, smart guys, can help me to root my smartphone
This is the information I got:
How to root it with Magisk :
Download your rom from : viewtopic.php?f=285&t=532354 (you can alternatively extract it with SP Flash Tool and WWR)
Download and install Magisk Manager on your phone : https://github.com/topjohnwu/Magisk/rel ... v7.5.0.apk
Patch the boot image with Magisk Manager
Unlock the bootloader. (Wipe the phone! )
Flash the patched boot image with SP Flash Tool or Fastboot. (ONLY the boot image)
Reinstall Magisk Manager
This is what I did and what happened:
I installed latest Magisk apk from official sources. I opened the app, clicked on "Install Magisk", then via this app I downloaded the zip file, then tried to installed it via Magisk but got an error "Unsupported/Unknown image format".
Any ideas what have I done wrong? Did I have to flash boot image from the ROM, and not the one Magisk downloaded? P.S., the smartphone is new, nothing more then I written above is done to it (no oem unlocking, no usb debugging, etc).
RESERVED
I let Magisk manager patch the original boot.img. After flashing it with fastboot or SP Flash the phone stuck with message that verified boot didn't accept the signature.
Hm... Is there anyone who rooted BV9800 Pro successfuly and could guide us? ?
update fail.
I greet you, I accidentally deleted it when I updated, Nvram. on my phone. BV9800pro. It is possible to provide me with firmware recovered from a similar phone. I also posted on the forum at Blackview but without answer
Isn't there a full firmware download on Blackview website available? I thought I've seen it there
update fail
LGZACRO said:
Isn't there a full firmware download on Blackview website available? I thought I've seen it there
Click to expand...
Click to collapse
Hello
Yesterday during an update, by accident, my equipment, BV9800pro, performed a complete formatting, "Full Format + Dowload", it seems that Nvram has also been rewritten. it is possible to provide us with a solution or file with this data, specific to our equipment. i need a original nvram.bin, and nvram.data, in firmware from Blackview site this its not exist..
if someone wants to help me, I send them a private message with their email address
My phone is not rooted unfortunatelly, if I can help in anyway (if there is a way) I would pull out the files for You.
Do You know how to guaranteed root BV9800 Pro without running into problems?
LGZACRO said:
My phone is not rooted unfortunatelly, if I can help in anyway (if there is a way) I would pull out the files for You.
Do You know how to guaranteed root BV9800 Pro without running into problems?
Click to expand...
Click to collapse
who guarantees this?
rooting worked for me with that solution given to the PM. I wanted to install AOSP, but I found that the thermal image did not work anymore, there were some problems when previewing the video files from Facebook, and I gave up. from the mistake as I mentioned I format + dowload and delete all important partitions. nvram .bin si nvdata. Nothing works properly, TEE and Google Key are inactive, the thermal image fails, some applications are closed immediately. This is the experience with rooting and installing AOSP on the BV9800Pro
Oh man... Sounds bad... have You emailed blackview after sale support (via email, not forum)? No response from them?
And let's say I only root my BV9800Pro, will I be able to send You the files You need?
LGZACRO said:
Oh man... Sounds bad... have You emailed blackview after sale support (via email, not forum)? No response from them?
And let's say I only root my BV9800Pro, will I be able to send You the files You need?
Click to expand...
Click to collapse
make total firmware dump and send the bakup , or nvram.bin nvdata.bin file,
I must root to be able ro do this, right? Does TWRP works well on BV9800Pro?
LGZACRO said:
I must root to be able ro do this, right? Does TWRP works well on BV9800Pro?
Click to expand...
Click to collapse
i dont now. i dont install twrp.
Ok, pm me your skype or signal or wickr or fb. We will try to do this in few hours
LGZACRO said:
Oh man... Sounds bad... have You emailed blackview after sale support (via email, not forum)? No response from them?
And let's say I only root my BV9800Pro, will I be able to send You the files You need?
Click to expand...
Click to collapse
I posted in their forum a detailed error report but the moderator deleted my post.
Don't bargain for help by them.
---------- Post added at 02:35 PM ---------- Previous post was at 02:33 PM ----------
LGZACRO said:
I must root to be able ro do this, right? Does TWRP works well on BV9800Pro?
Click to expand...
Click to collapse
As I mention there's no TWRP available for this phone yet.
I just rooted BV9800 pro yesterday.
You don't need to SP flash tool or others, just need adb and fastboot.
Quick steps:
1. set OEM unlock to allow
2. connect phone to windows
3. use adb to check if connecting. command: adb devices
4. using adb to reboot to bootloader, command: adb reboot bootloader
5. And then the phone will enter fastboot mode ( you could see small string at left bottom corner)
6. use fastboot command to unlock bootloader. command: fastboot flashing unlock
7. If fastboot program is waiting, please check windows device manager, there should be an unknown device, let windows search driver automatically. it needs android interface driver.
8.Using volume up or down to agree unlock.
9. If agree, all data will be disappeared.
10. Install Magisk manger
11. Download stock ROM from blackview forum. it is zip file. Unzip it and copy boot-verified.img to phone.
12. patch boot.img by Magisk manger.
13. Copy patch image file to windows
14. use adb to reboot phone to fastboot mode
15. reflash boot image file. command: fastboot flash boot patched file name (normally, I would put patch image file in the same folder of fastboot)
16. reboot (fastboot reboot) and reinstall Magisk manager
There are many Magisk root steps instruction in internet. You could refer to other steps, they should be clear than mine. I prepared lots of drivers and application. Finally, I only used adb and fastboot to root this phone.
I rooted it exactly like You and it worked perfectly! Thanks for auch detailed rooting guide!
By the way guys, I think we Should open the request for TWRP for BV9800Pro. How do You think?
After you unlocked bootloader, it changed to orange state, and it always shows "Your device has been unlocked and can't be trusted..Your device will boot in 5 seconds", it could be resolved by modified LK image.
Refer to
1. https://forum.hovatek.com/thread-31664.html
2. http://bbs.blackview.hk/viewtopic.php?f=286&t=532899 -- included modified LK image
Of course, you could reflash by fastboot, no need to use SP flash tool.
hi if u have back up on your phone could u provide for me link. I had some problems with my loudspeaker and i thought its from the root, or software and i did full format and download. and now it show some watermark and probably is because i l deleted NVRAM.
i download already official version but didn't help ... thank u upfront.
james35888 said:
I just rooted BV9800 pro yesterday.
You don't need to SP flash tool or others, just need adb and fastboot.
Quick steps:
1. set OEM unlock to allow
2. connect phone to windows
3. use adb to check if connecting. command: adb devices
4. using adb to reboot to bootloader, command: adb reboot bootloader
5. And then the phone will enter fastboot mode ( you could see small string at left bottom corner)
6. use fastboot command to unlock bootloader. command: fastboot flashing unlock
7. If fastboot program is waiting, please check windows device manager, there should be an unknown device, let windows search driver automatically. it needs android interface driver.
8.Using volume up or down to agree unlock.
9. If agree, all data will be disappeared.
10. Install Magisk manger
11. Download stock ROM from blackview forum. it is zip file. Unzip it and copy boot-verified.img to phone.
12. patch boot.img by Magisk manger.
13. Copy patch image file to windows
14. use adb to reboot phone to fastboot mode
15. reflash boot image file. command: fastboot flash boot patched file name (normally, I would put patch image file in the same folder of fastboot)
16. reboot (fastboot reboot) and reinstall Magisk manager
There are many Magisk root steps instruction in internet. You could refer to other steps, they should be clear than mine. I prepared lots of drivers and application. Finally, I only used adb and fastboot to root this phone.
Click to expand...
Click to collapse
zlatkomas said:
hi if u have back up on your phone could u provide for me link. I had some problems with my loudspeaker and i thought its from the root, or software and i did full format and download. and now it show some watermark and probably is because i l deleted NVRAM.
i download already official version but didn't help ... thank u upfront.
Click to expand...
Click to collapse
Hi, I'm not rooted (yet) and my BV9800 PRO is having some issues with the loudspeaker, any media like YouTube or Spotify, play audio for a second or two and then just go mute, volume can be high but no audio at all, phone calls last longer but also go mute and have to go back to regular "ear-speaker" to keep listen to the other side. Are this the same problems you refer to? I can't remember if this happened after the OTA update tho. Thank you.

Unlock bootloader Chuwi HiPad Pro?

Hi,
Does anyone have any idea or suggestion, on how to unlock the bootloader for the Chuwi HiPad Pro?
Or anyone that has unlock for another similar device, could please share how you were able to do it? maybe can help.
Thank you for your attention.
Which hipad pro? Mtk or Qualcomm?
I have MTK .
Contact Chuwi at [email protected] requesting the key to unlock your bootloader.
They will reply with your 16 bit encryption key and then proceed to unlock bootloader as usual via abd fastboot commands.
There are several different commands to try.
I was successful with
fastboot flashing critical unlock
Then entered the encryption key
Fastboot will then ask the tablet in fastboot mode if you would like to unlock the bootloader. Vol - to selected Y/N and Vol + to enter selection.
Try this at least worked on my CHUWI SurPad, Android 10 CPU: MT6771 (MediaTek) and should work on most MediaTek (mt2601, mt6261, mt6572,... check https://github.com/bkerler/mtkclient/tree/main/mtkclient/payloads )
This will work only on MediaTek and you can achieve this:
- Unlock bootloader (it allows you to modify boot partition) without factory wipe (this would happen using fastboot method)
- Modify boot partition via Magick app
1) Unlock bootloader + backup flash partitions
Get familiar with mtkclient (https://github.com/bkerler/mtkclient)
It is tool that can read/write content of flash. Compile it on your linux or windows. FYI Im describing steps in GUI mode but if you have only working ./mtk binary you can do the same but need to read documentation.
Shutdown your tablet, disconenct USB cable from PC to tablet.
Run ./mtk_gui tool and follow its instruction in console you need to get into BROM mode (it is not fastboot mode nor recovery mode, it is special mode that works only MediaTek chips and usually cannot be used. Anyway this program mtkclient using some exploit to get there due to some bugs). It also means most likely that even bricked devices could be "restored" if someone tried modify recovery partition and bricked by replacing it with original one due to dm_verity protection [you can ask me I dumped my device])
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
at this stage you should be in this MTK GUI connected and navigate to read tab and save all yourflash partitions. or at least boot.bin, vbmeta.bin, recovery.bin - you can restore them later if any failure.
Also navigate last tab and click unlock bootloader (this wont erase your data at all)
reboot your device (either with ./mtk reset) or holding 10 sec power button and boot back to android 10. In boot screen you will see some warning that device has bootloader unlocked and 5 sec delay before boot.
2) Modify extracted boot.bin with latest Magisk
Download apk here https://themagisk.com/magisk-app/ and install to your andriod (you can use adb push from laptop via connecetd usb cable [need enabled developer mode), or simply copy to sd card and install from there) also copy boot.bin you dumped from previous step 1)
Run Magisk click to install in Magisk section (and select your boot.img file on sdcard or anywhere where you stored it inside your tabled device) and click "Let's go" - this will do some magic inside boot image which enables Magisk to be your root provider for the apps (something like sudo or su). So patched image is stored my location was /storage/emulated/0/Download/magisk_patched-25205.img
Copy this file back to your laptop somewhere
Shutdown your tablet again and unplug usb cable
3) Disable dm_verity + rewrite boot partition using mtk
Boot your laptop to BROM mode again as described in step 1)
to install patched boot.img (now magisk_patched-25205.img) you can use that mtk_gui and same for overwriting vbmeta partition
for disabling dm_verity you need use vbmeta_empty.bin (it is inside mtkclient directory)
No you can reboot your device and should boot.
Run magisk again and you should see now that choices "Superuser" and "modules" are available.
DONE..
you can also patch recovery.bin with your favority TWRP or another (i havent done this)
you can get root access by installing any sshd client and accesing to it, or simply in adb shell type su and magisk will ask you to grant it
MTK UNIVERSAL V5 can unlock.
HELLO I HAVE THE SAME PROBLEM BUT IS QUALCOMM .ITS EXIST SAME PROG FOR QUALCOMM ?
artaos said:
HELLO I HAVE THE SAME PROBLEM BUT IS QUALCOMM .ITS EXIST SAME PROG FOR QUALCOMM ?
Click to expand...
Click to collapse
[Tool] Ultimate Read write flash mtk, Spd, Qualcomm unlock, Lock network, sim, Frp
******************Miracle Box ******************* This Is only for Personal use, I am Not a Developer of This Box, this is Developed By a miracle Team Hit Thanks:good: For This Crack- Features- Features for MTk[all Devices]- Read info...
forum.xda-developers.com

How To Guide [Unofficial] Unlocking the bootloader, rooting, and installing TWRP on Nokia 2.2 with Android 11

to moderators: this is my first thread ever, and thought a complete guide like this really has to be done. if it's not right or not in the right place, do what is right
Click to expand...
Click to collapse
Since there are only 3 useful guides about modifying this specific phone, and some really don't answer a few barriers placed in our way by HMD Global and its ridiculous OEM unlocking restrictions (-_-), and also Google probably dropped making OTA updates for it (which was very important to me, because Android 9 and 10 had bugs), I decided to mix them all up (I will give credits, obv) and add some more info I found and create a thread which will work on Android 11, which worked on my phone, not tested on another Nokia 2.2.
Hope it helps y'all!!
Part 0: Preparations
WARNING: Your storage will be wiped completely!! so make sure to back everything you need up before doing anything. Unless you have bricked/soft locked your phone, then in that case you can use MTK Client app to backup userdata.bin (more info on Part 1-2, marked with a )
Requirements:
A good computer
Obviously a network connection on your computer for downloading files, and on your phone if you wanna update thru OTA
USB cable, capable of transferring data, and without any annoying repeated disconnections or "has to be put in the right angle and position". Just use a fresh one
VCOM and adb drivers, which can be a little annoying getting them to work. Best option is to install 15 seconds minimal ADB and make sure you say Yes when it asks if you want to install device drivers.
Android SDK Platform tools, which can be downloaded from here (NOTE: You have to use Platform tools. minimal adb will NOT work with fastboot on this device. So go to C:\adb and delete everything in there, then extract platform tools in that folder instead)
and the most important of them all: MTK Client by Bkerler which can be downloaded from here. Follow the installation instructions in the link, install Git and Python and also usbdk installer featured in the Github instructions for MTK Client
All done? Great! moving to the next part
Part 1: Unlocking the bootloader
The most annoying part. Thanks to hikari_calyx for their awesome guide on how to unlock the bootloader for this phone. We will follow it step by step until we reach step 6, where we are about to flash all those backed up img's back using mtk-su. Here's the problem, you can use mtk-su only on Android 9. it doesn't work on Android 11 sadly. so we just make sure we have unlocked sec1.img and seccfg.img in a safe place, then install a fresh stock Android 9 rom om our phone with any method we are most comfortable with, like SP Flash tool like in the guide, or booting into recovery and sideloading thru adb or from sdcard. just search the net and I'm sure you will find a loooot of sites explaining how you can flash a stock android on your phone. Just make sure you won't mess IMEI and Serial Number up!!!
**There is a "unlock bootloader" option in the flash tools tab of MTK Client. haven't tried it out myself but you can give it a try**
Extra: Booting into stock recovery
There is another detailed guide on how to enter recovery mode, by foobar1123321 which you can see in here. You might need it to apply updates to your phone
After flashing and updating your OS to latest version of Android 11, it's time for Unlocking the bootloader again. but sadly, Unlocked OEM doesn't let OTA updates to be received, and trying to flash sec1.img and seccfg.img on Android 11 is not possible without root, and root is not possible without OEM unlocking :\
So here comes the neat part, MTK Client
Part 1-2: Unlocking the bootloader again
Go to the folder where you installed MTK Client (hopefully you know how git works and got it cloned and working, if no, then read Installation instructions carefully in their Github page), and open a CMD window there by typing in cmd in the address bar. then write python mtk_gui and hit enter. Do not use mtk_gui.bat since it will close the cmd and not work. Do NOT close this cmd tab. After a while, the app will start and asks you to connect your phone.
Shut down the phone, and after 5 seconds, press and hold both volume up and down keys (without the power button) and connect the phone to your computer via cable while still holding the volume buttons. If you have installed the drivers successfully, then you'll see some texts generate in the cmd window, and will (probably) wait for the Preloader VCOM.
you can let go of the volume keys.... but not for so long. Disconnect the USB cable, hold volume keys, and connect the phone again and you'll see that MTK Client successfully gets access to your phon. YAAAY!!
now you can let go of the volume keys
Go to "Read partitions" tab, and select Boot_a, Boot_b, sec1, and seccfg (make sure you wouldn't mistake them with unlocked sec1 and seccfg)
And then click on Read partitions button in the right side, and choose a location to save these partitions
You can also check userdata, if you have bricked/soft locked your phone and wanna backup your Internal storage data. You can flash it again with this app after you have fixed your phone. and if the problem wasn't caused by your data, you can use them again like you never wiped your phone
After everything is backed up, go to "Write partitions" tab, and find sec1 and seccfg, click on "set", browse and select the respective unlocked partitions we got in Part 1 (you may need to change their extension from .img to .bin for them to show up)
Click on "Write partitions", and done! You have unlocked your OEM on Android 11!! and if everything is done correctly, you'll see
Orange state Your device is unlocked and cannot be trusted Your device will boot in 5 seconds...
Click to expand...
Click to collapse
or something like this when powering it on, congrats!!
Part 2: Installing TWRP
from the official TRWP page for Nokia 2.2, download the latest TWRP image file and move it to c:\adb on your computer and rename it to twrp.img
you will also need to download a stock vbmeta image, which can be found here or simply by reading it from your phone via MTK Client (there will be two A/B partitions, any of them works) and rename the downloaded/grabbed file into vbmeta.img and move it to c:\adb
power off your phone, then boot into fastboot by holding Volume down + Power for a few seconds, until it says FASTBOOT MODE => then connect the phone to a PC, and write:
fastboot –disable-verity –disable-verification flash vbmeta vbmeta.img
Click to expand...
Click to collapse
and then
fastboot flash boot twrp.img
Click to expand...
Click to collapse
Now we have the latest TWRP on our Nokia 2.2 , but seems like accessing TWRP is only possible by either rebooting to recovery when the phone is powered on, via Magisk, Termux, or any other app with power options (after rooting the phone), or writing this when the phone is in fastboot mode:
fastboot reboot recovery
Click to expand...
Click to collapse
You can use TWRP and all of its awesome features now, except for MTP, backup, reading userdata partition, etc. to fix that, you gotta wipe internal storage, so make a backup of your files before processing.
**IMPORTANT: Do not flash TWRP after rooting the phone or it will unroot it**
Part 3: Rooting via Magisk
I'm gonna use Magisk because... it's better than other SU apps. Get it from here and install it on your phone. Now that you have your OEM unlocked and boot partitions too, you just have to copy the partitions we got via MTK Client on your device, launch Magisk app, select Install Magisk, then choose a file, which is gonna be Boot_a.
Wait until patching is finished, and after it's done, go into downloads folder and rename it to Boot_a or you will get confused later
After that you can choose Boot_b to be patched, and after it's done, rename it to Boot_b too
Copy them both to C:\adb from your phone to your pc, and power off your phone
after you get sure device is not connected to the computer via cable, and is powered off, hold down the volume down key with power button, until your phone boots into fastboot mode
Now open a cmd in C:\adb, and write
fastboot flash boot_a boot_a.img
fastboot flash boot_b boot_b.img
Click to expand...
Click to collapse
when done, disconnect your device, and restart. You can check the Magisk app, and realize you now have superuser permissions!!!
**UPDATE** Part 3-2: Hiding Magisk
Hiding Magisk and bypassing SafetyNet is another challenging problem on this phone. Cause when you try to Hide the Magisk app, you'll come to a simple "Failed!" error which is most probably caused by SELinux status. To fix this we gotta install some modules
First of all, install Busybox from Google Play or any other source. It's not necessary, but it's good to have. simply just install it, no need to restart
Then we need to install a module called SELinux permissive (wow, how unique ;w; ) by evdenis, which can be found here. download the zip in your phone, open the Magisk app, and in the modules tab browse for our newly downloaded zip and wait until the operation is done. Reboot your phone, and you are now able to hide Magisk app without any problem.
So do so, open Magisk -> settings -> hide the Magisk app. Choose a name (settings by default) and wait until app launches itself, asking you to add a shortcut to your home screen (optional). This way, your Magisk app now has a random package name and signature and can't be detected by other apps. Now moving to the next part
Bypassing the SafetyNet:
First, in Magisk settings, enable Systemless hosts. it will add its module to the modules tab. check if it's enabled
Then toggle Zygisk in Magisk settings, and restart your phone again (2 restarts? alright no problem)
Once your phone booted up, on the main screen of Magisk, check if it says Yes in front of Zygisk. if yes, than congrats! we are not down yet tho
Go to Magisk settings and toggle Enforce DenyList, don't reboot for now (yes, there is a 3rd one coming ), but go to Configure DenyList and choose the following apps
Google Play Service
Google Play Store
Google Service Framework
Google Play Protect Service (which is probably not present, but wrote it just in case it is on your phone)
Click to expand...
Click to collapse
and also you can choose your banking apps, or any app that prevents you from using them like Netflix or some games. Now you gotta restart (third time is the charm )
Now we gotta install another module which is Universal SafetyNet fix by kdrag0n which can be found here. Download it to your phone, choose it in Magisk module browser, wait for it to finish, and restart (I'm losing my control!!! Hmph!)
Now that we did all this, we have to clear data of apps in our DenyList so they would never remember if we ever had root or no
Go to settings (the actual settings, not our now hidden Magisk app) -> Apps -> all apps -> tap the 3 dots on top -> show system apps, then find all the apps you added to your DenyList and clear their data (not cache, data itself)
Now that this is down, restart your phone ((╯°□°)╯︵ ┻━┻) it's the last time, so you can stop raging now (┬─┬ノ( º _ ºノ))
Now we can install an app like YASNAC and run SafetyNet attestation, if the results showed two pass checks, Congratulations, you bypassed SafetyNet!!!
Totally worth the restarts. (Thanks to Droidwin for their article)
And that's it!! Hope you enjoy your now rooted Nokia 2.2 phone with Android 11
Great guide, and yes mtkclients unlock will work but it may put Ur device into verity eio mode
¿Can I use the Part 3-2 to hide Magisk in Android 9 instead of 11?, I find stock Android 11 very laggy and unstable on my phone (using the camera on any app can take from 1 to 3 or 4 tries to get it working, for example), and Android 9 has served me waaaaay better. However, my banking app refuses to work with root.

Categories

Resources