Related
I found my Shield Tablet again today. I tried to install a costom ROM once, but I think I failed with rooting my tablet. The reason for this is, that i had no clue what i was doing.
I would like to have a fully functional tablet again, but i still have no clue what to do.
I try to describe the current status.
- I have a Shield Tablet 16GB Wlan with Android 5.1.1
- With Root Checker: No root.
- In the Bott menu it shows that the device is unlocked.
- There is a SuperSU app, but i get a notification , that the SU binary needs to be updated. If I do that it fails every time and tells me to reboot. After that nothing changed. Same Problem.
- There is a OTA Update, when i try to restart my tablat this comes up:
Root Access Possibly Lost Fix?
THIS CANNOT BE UNDONE
1. YES fix root (/system/xbin/su)
2. NO do not fix
After testing both, no changes
I tried to find a solution on my own for the last 3h, but I just failed over and over again.
Root access is optional for me now, i don't need it, but it would be nice to have it.
Could someone tell me what I should do? (Or post a link to instructions wich fits to my problems)
Thanks in advance
What version of software are you on? I recommend downloading the last Marshmallow recovery image available (for the original Shield, it's package 4.4), unzip the contents to give you the various images, and then flash using Fastboot. Just boot the tablet while holding down the power+vol down key, then release when the screen lights up. Plug into your PC, and run the Minimal ADB+Fastboot (google it, I think version 1.4 is latest).
Download site from Nvidia: https://developer.nvidia.com/gameworksdownload
Follow the instructions in the recovery package. Basically like this, assuming your images are in your fastboot directory:
SHIELD TABLET RECOVERY IMAGE FLASHING INSTRUCTIONS
To follow the instructions in this guide, you will need adb and fastboot.
These tools are provided as part of the Android SDK:
http://developer.android.com/sdk/index.html
Before flashing this recovery image to your SHIELD TABLET, connect your SHIELD TABLET
via USB to the PC where you downloaded this recovery image.
Next, put your SHIELD TABLET into fastboot mode using one of the following methods:
SW method:
- Boot to android home screen
- Connect the device to linux/windows system
- Open terminal (on linux); command prompt (on windows).
- Type "adb reboot bootloader" in terminal/command prompt
HW method:
- Turn off the device
- Press "Volume Down" -> "Power", hold "Volume Down" and leave Power buttons till device boots
To flash this recovery image to your SHIELD TABLET, run the following commands from
the directory where you extracted the recovery image package. If this is the
first time you have done this procedure, you must unlock the bootloader (see
below):
fastboot flash recovery recovery.img
fastboot flash boot boot.img
fastboot flash system system.img
fastboot flash userdata userdata.img
fastboot flash staging blob
Unlocking the Bootloader
Your SHIELD TABLET may have shipped with a locked bootloader. To update the device,
you must unlock the bootloader using the following:
- fastboot oem unlock
- Press the "Volume Down" button to select "Unlock bootloader" option on device
- Press the "Power" button to confirm the unlock. Your device's bootloader is now unlocked.
*Unlocking bootloader will remove all your data!*
I'm using Windows 7, and that's the steps i did. (it should be simmilar for other systems too)
Getting code:
Code will look simmilar to this: DB1ED223C5537BA756FB0671E425D650
Method 1 (no root):
Go to
https://passwordsgenerator.net/md5-hash-generator/ copy paste serial number and click generate. Then you should see code in "MD5 Hash of your string". You can also go to simmilar md5 hash generator sites, but this site automatically converts small letters to big letters.
Method 2 (root):
Okay, this is new method that is much easier and you don't need to send IMEI and wait for @the_laser to give you code. Go to terminal emulator, type su and execute it. Then type this and execute it:
redweaver said:
Actually the command is
echo -n NE1GAM4770133666 |md5sum |tr [:lower:] [:upper:]
If you don't use the -n flag, the newline character is also passed and you get a different result
Click to expand...
Click to collapse
Unlocking bootloader:
Download platform-tools which activates adb and fastboot commands (first you need Nokia 3 driver installed if you didn't)
Nokia 3 driver: http://www.devfiles.co/download/3iK0k7Sv/Nokia_3_USB_Drivers.zip
platform-tools Windows: http://www.devfiles.co/download/KtLsN6fX/platform-tools-latest-windows.zip
platform-tools Mac: http://www.devfiles.co/download/OkrfluP0/platform-tools-latest-darwin.zip
platform-tools Linux: http://www.devfiles.co/download/vk5DudZX/platform-tools-latest-linux.zip
Enable usb debugging in Developer options before running adb. To get Developer options, go to settings, about phone and press build number 7 times. Also enable OEM unlock.
Now Connect phone to computer via usb and enable usb file transfer, run cmd as administrator, then type this command which runs adb:
chdir C:/Users/John/Desktop/platform-tools (this is just a example, you need to type your own location of platform-tools)
then type this command to check is your device connected to adb, it will show serial number of your device, if it hangs at waiting device, then you need to reinstall drivers (if you're doing this first time, then it will ask to allow usb debugging on your computer, just tick always allow from this computer and click OK)
adb devices
then type this command to reboot to recovery (you can boot to recovery by holding power on + volume up (only with usb connected) if this command doesn't works)
adb reboot recovery
when booted to recovery, choose reboot to bootloader option with volume sliders (this will boot to fastboot)
when booted to fastboot, it will show text 'FASTBOOT MODE' in down-left corner
now type this command to check is your device connected properly to fastboot.
fastboot devices
if it show characters like 0123456789ABCDEF or simmilar then it is connected properly, if it hangs on waiting device, then you need to reinstall drivers like mentioned above.
Android Nougat (7.0 & 7.1.1):
Now type these commands to unlock bootloader
fastboot.exe -i 0x2e04 oem key (type your key after oem key)
fastboot.exe -i 0x2e04 oem unlock
then press volume up, when asked
Android Oreo (8.0 & 8.1):
First download NE1-0-215H.lk.bin:
https://my.pcloud.com/publink/show?code=XZaLMs7ZclQ2wvKwSb0ofUraMmrsiHh6uk1X
Now type these commands to unlock bootloader
fastboot oem dm-verity <your_unlock_key>
fastboot flash lk NE1-0-215H.lk.bin
fastboot reboot-bootloader
Proceed your unlock procedure.
If you have problem on flashing the lk partition, you can use MTK Smart Phone Flash Tool to flash lk partition manually.
After lk partition flashed, you may encounter "Red State" when booting the phone. Ignore that and boot your phone to Fastboot mode directly with OST LA.
That is it, i tried to explain for you to understand everything i did to unlock bootloader.
Credits:
@the_laser for codes, some additional steps and corrections. Also thanks for new method. @redweaver for new method.
@Hikari_kalyx for Android Oreo method. @bigrammy for NE1-0-215H.lk.bin link.
way to enter recovery without adb -
power off phone
press and hold volume up + power on buttons, insert cable immediately
countdown will start on phone, hold both keys until countdown ends, then IMMEDIATELY release power on key, still holding volume up
you will enter recovery shortly
after installing TWRP it is very important - DO NOT allow /system modification until supersu package installation ! ( or you will require reflashing phone with OST )
another note - can't enter recovery by combination volume-up + power button, if phone not connected to computer
one man reported, that even he successfully flashed TWRP image with "fastboot flash recovery <twrp image>", he still got original recovery.
workaround is to use "fastboot boot <twrp image>" - as we need to have USB cable connected to enter TWRP recovery anyway, not big problem.
the_laser said:
way to enter recovery without adb -
power off phone
press and hold volume up + power on buttons, insert cable immediately
countdown will start on phone, hold both keys until countdown ends, then IMMEDIATELY release power on key, still holding volume up
you will enter recovery shortly
after installing TWRP it is very important - DO NOT allow /system modification until supersu package installation ! ( or you will require reflashing phone with OST )
another note - can't enter recovery by combination volume-up + power button, if phone not connected to computer
one man reported, that even he successfully flashed TWRP image with "fastboot flash recovery <twrp image>", he still got original recovery.
workaround is to use "fastboot boot <twrp image>" - as we need to have USB cable connected to enter TWRP recovery anyway, not big problem.
Click to expand...
Click to collapse
Someone told me that if you flashed twrp, that it automatically removes data encryption. Is that true?
EDIT: i find out that is not true, it asks for some password to decrypt data, but the problem is that idk what is the password
DON'T install xposed! It bootlops.
EDIT: My fault, it actually work but you need to wait more than usual to boot.
That is great guys.
Do we have a working recovery yet?
nafnist said:
That is great guys.
Do we have a working recovery yet?
Click to expand...
Click to collapse
I use this twrp https://1drv.ms/u/s!AsmTb5aqoY12mDZqDZbPOp47QVMV
I have stock recovery, but I use fastboot command 'fastboot boot recoveryname.img' when I need TWRP, and that's awesome because I don't lose stock recovery which is useful to flash OTAs and Nokia zips. I flashed SuperSu 2.79 just fine, but expect some crashes like software update, device monitor crash, but actually everything works, software update works just fine.
SkaboXD said:
Someone told me that if you flashed twrp, that it automatically removes data encryption. Is that true?
EDIT: i find out that is not true, it asks for some password to decrypt data, but the problem is that idk what is the password
Click to expand...
Click to collapse
TWRP can't handle Android 7.x default disk encryption, just press "cancel" and we need to use sdcard as storage for backups and packages because of this
Can I return the bootstrapper lock?
Where are you getting the codes from @the_laser?
abetterlie said:
Where are you getting the codes from @the_laser?
Click to expand...
Click to collapse
Yes
shokohiw said:
Yes
Click to expand...
Click to collapse
you mean to get bootloader locked again?
yes you can just instead of oem unlock type oem lock
I mean where are you getting the OEM unlock keys from?
SkaboXD said:
you mean to get bootloader locked again?
yes you can just instead of oem unlock type oem lock
Click to expand...
Click to collapse
abetterlie said:
I mean where are you getting the OEM unlock keys from?
Click to expand...
Click to collapse
idk, ask @the_laser
the bootloader I unlocked how to install root and twrp
shokohiw said:
the bootloader I unlocked how to install root and twrp
Click to expand...
Click to collapse
link for twrp
https://1drv.ms/u/s!AsmTb5aqoY12mDZqDZbPOp47QVMV
when downloaded, copy twrp to folder platform-tools and rename it to recovery.img
reboot to fastboot, then type this command:
fastboot flash recovery recovery.img
then reboot, fastboot reboot
if it didn't worked, use this command just to boot to twrp (you need to do this everytime when you are connected to PC)
fastboot boot recovery.img
To install root, first disable system modification on twrp then flash this zip for root.
This is not the latest version of SuperSU, but newest releases have some problems and crashes. (at least for me). This is last version that works for me.
That is it.
Thank you!
Is it possible after unlocking, installing twrp and root, to return the device to factory settings for ota updates? If so, how?
shokohiw said:
Is it possible after unlocking, installing twrp and root, to return the device to factory settings for ota updates? If so, how?
Click to expand...
Click to collapse
on twrp, there is a option wipe, click on it, then you will see option swipe to factory reset. then wait and reboot.
And you can now enable system modification if you want (it is recommended to enable it because some zips fails to flash because this option is disabled)
After installing TWRP and rebooting, does not want to boot Android, weighs in on the initial splash screen what to do
Your device has failed verification and may not work properly
shokohiw said:
After installing TWRP and rebooting, does not want to boot Android, weighs in on the initial splash screen what to do
Your device has failed verification and may not work properly
Click to expand...
Click to collapse
Weird, when it says your device has failed verification?
For me reboot works fine
Root your "Barns & Noble Nook 7" BNTV450 using Magisk's Patch Boot Image File option.
BE CAREFUL!
There are always risks involved when you start messing around with a device.
If something goes wrong, you may end up with a non-working "bricked" device.
This is especially true when you start flashing partitions. (In this case boot.)
Disclaimer
I am not responsible for your non-working "bricked" devices.
I have a few of my own.
Requirements
Barns & Noble Nook 7" BNTV450
A computer with working adb and fastboot
USB cable
WiFi connection
Magisk Manager (Link below)
Stock boot image (Link below)
Tested on:
BNTV450-v1.0.2-20161230 Security patch October 5, 2016
BNTV450-v2.0.4-20170927 Security patch August 5, 2017
BNTV450-v2.0.5-20170110 Security patch November 5, 2017 ota update
macOS 10.13.x
Windows 7 Pro
Steps
Unlock bootloader
Boot Magisk patched boot image
Pull stock boot and recovery images from device
Use Magisk to patch pulled stock image
Test and flash new patched boot image
Notes:
Google updates were needed to get everything working correctly.
PlayServices and WebView
Mac users. As with some other devices, I had to unplug and plugin the USB cable between some of the fastboot commands.
fastboot flash boot patched_boot.img and fastboot boot bntv4-recovery.img
Magisk:
There have been a lot of changes in Magisk since I originally used it to root.
Way too many to mention so, just the basics that apply to this device.
Newer versions of Magisk use the Download directory instead of creating and using the MagiskManager directory.
Some apps search for this directory and used it to determine if the device is rooted.
If you previously used Magisk to root and have a MagiskManager directory, you will want to delete it.
To update Magisk Manager.
Use the update option, it will download and install the newest version.
To update Magisk.
The safest way is to patch the boot image again. Test and flash.
The Direct Install option works but, may lead to a non-desirable outcome.
To uninstall Magisk.
Test boot your original boot image to make sure it works.
Check with Magisk Manager, it should say Magisk not installed.
If so, then flash your stock boot image back using fastboot.
If your stock boot image will not boot, then you are stuck with Magisk patched boot images.
Hardware Keys:
Power and Volume Up = Recovery Mode
Power and Volume Down = Factory Mode
It will show on the bottom Left (Sideways on the top left) Detecting boot mode. With bootloader unlocked it flashes this message very fast so you might not see it.
I still can not produce the same results continuously across mine. The newer ones, that came with v2.0.5 seem to work but, the older ones still it's a 50 % chance if I can get it to work. The bricked ones, do not seem to register the key combo on boot.
Files Needed
Magisk
xda Magisk forum. Link
Magisk and MagiskManager Official github downloads. Link
Boot Images
Magisk patched boot image downloads. Link
Stock recovery and boot image downloads. Link
Credits and Thank You:
@topjohnwu - The creator and brilliant mind behind Magisk.
Everyone who has helped me learn through the years.
Last edited 23.Sep.2018
"QUICK" Guide - BNTV450 Nook 7
Unlock Bootloader
THIS WILL VOID YOUR WARRANTY.
Unlocking the bootloader WILL wipe and Factory Reset your device. Make sure to copy, backup and logout of everything before you begin.
Note: adb and fastboot need to be installed and working.
On device
Go to Settings - About and tap on the build number seven times to enable Developer options.
Go to Settings - Developer options and Enable OEM unlocking and USB debugging
Connect to computer and Allow USB debugging?
On computer
Code:
adb reboot bootloader
Wait for device to boot into fastboot mode then.
Code:
fastboot flashing unlock
On device
Follow the prompts on the device.
Unlock bootloader?
If you unlock the bootloader,you will be able to install custom operating system software on this phone.
A custom OS is not subject to the same testing as the original OS, and can cause your phone and installed applications to stop working properly.
To prevent unauthorized access to your personal data,unlocking the bootloader will also delete all personal data from your phone(a "factory data reset").
Press the Volume UP/Down buttons to select Yes or No.
Yes (Volume UP):Unlocking(may void warranty).
No (Volume Down): Do not unlock bootloader.
After it returns to fastboot mode, use the power button to turn off, unplug it from computer and then turn on.
It will reboot a few times, including an Erasing... screen.
Once device reboots, run through the initial setup.
Note: Sometimes mine would get stuck on the nook .... animation screen. Give it a few minutes (I wait at least 5 minuets) then power off and power back on.
Note: You will now have the annoying boot delay and "Orange State" message.
Orange State
Your device has been unlocked and can't be trusted
Your device will boot in 5 seconds
"QUICK" Guide - BNTV450 Nook 7
Root using Magisk.
MagiskManager 6.0.0 Download
Magisk 17.2 patched v2.0.5 Download
Using Magisk Manager and the provided Magisk patched boot image.
Note: When booting an image from "fastboot", you should not see the initial "orange boot" screen.
Make sure to grant permission if and when prompted on device.
Some of the adb and fastboot commands may require input on the device.
On device
Go to Settings - About and tap on the build number seven times to enable Developer options.
Go to Settings - Developer options and Enable USB debugging
Connect to computer and Allow USB debugging?
On computer
Code:
adb reboot bootloader
Wait for device to boot into fastboot mode then.
Code:
fastboot boot m172_v205_boot.img
Wait for device to boot then.
Reminder. Make sure to grant permission if and when prompted on device.
Code:
adb install -r MagiskManager-v6.0.0.apk
adb shell su -c "dd if=/dev/block/mmcblk0p7 of=/sdcard/bntv4-boot.img"
adb shell su -c "dd if=/dev/block/mmcblk0p8 of=/sdcard/bntv4-recovery.img"
adb pull /sdcard/bntv4-boot.img
adb pull /sdcard/bntv4-recovery.img
Test the images you just made.
Code:
adb reboot bootloader
Wait for device to boot into fastboot mode then.
Code:
fastboot boot bntv4-recovery.img
Wait for device to boot into recovery mode then.
On device
In Stock Recovery use the volume down key to highlight Reboot to bootloader and press the power button.
Wait for device to boot into fastboot mode then.
On computer
Code:
fastboot boot bntv4-boot.img
Wait for device to boot then.
On device:
If you haven't setup WiFi, do so now.
Open MagiskManager
Tap on Install
Select Install
Select Patch Boot Image File
Tap on Internal storage
- Note: If Internal storage is not displayed. Tap on the 3-dot menu (upper right corner) and select Show SD card.
Scroll down and tap on bntv4-boot.img
When Magisk is done patching the image file, select CLOSE
You can close MagiskManager as well.
Copy and test your Magisk patched boot image.
On computer
Code:
adb pull /sdcard/download/patched_boot.img
adb reboot bootloader
Wait for device to boot into fastboot mode then.
Code:
fastboot boot patched_boot.img
On device
Open MagiskManager
Note: You should see that Magisk is installed and active.
To do a quick check.
On Computer
Code:
adb shell
[email protected]:/ $su
[email protected]:/ #exit
[email protected]:/ $exit
If it worked, and you are ready to say goodbye to stock Non-root.
Code:
adb reboot bootloader
fastboot flash boot patched_boot.img
fastboot boot bntv4-recovery.img
Once it's booted into Recovery, unplug the device.
On device
In Stock Recovery use the volume down key to highlight Wipe cache partition and press the power button.
-- Wiping /cache...
Formatting /cache...
Cache wipe complete.
Then with Reboot system now highlighted press the power button.
You are now rooted and running Magisk.
Last edited 23.Sep.2018
Links to my shell logs.
Unlock bootloader. Pastbin
Root. Pastbin
volume button does not react
Hi
unlocking does not work
As mentioned in the other discussion, the volume up button does not seem to react and so the unlocking does not work. Also one user suggested using the reset button after pressing the volume up button for the unlock; that also does not work for me
Do u have any other suggestions to unlock ?;
arrmusic said:
Hi
unlocking does not work
As mentioned in the other discussion, the volume up button does not seem to react and so the unlocking does not work. Also one user suggested using the reset button after pressing the volume up button for the unlock; that also does not work for me
Do u have any other suggestions to unlock ?;
Click to expand...
Click to collapse
I never ran into this problem. So short answer - No.
Can you point me to that other discussion?
What do you get if you run fastboot oem lks
fastboot oem unlock is supported on this device. You could give that command a try and see if there is a difference.
Not sure what you have tried.
I would start with "Factory Reset" in stock recovery. Skip through the initial setup and try again.
Note: Developer option menu has a toggle at the top, make sure it is turned On.
Sent from my BNTV450 using XDA Labs
Volume up button not recognised while fastboot unlock
Hi
Here is the discussion thread that I was referring to where people are stuck with unresponsive volume up button for fastboot unlock
https://forum.xda-developers.com/nook-7/help/nook-rootable-t3510289
I didn't do the factory reset. So maybe I will do that and see if it works.
unlock not working
Hi
Just to further update you on your reply; i did a factory reset and tried to unlock the bootloader but i get to the same problem; the volume button does not respond; so stuck with the message 'press the volume up button to unlock the bootloader'
I did the fastboot oem lks and that commands executes well and it gives me a OK output.
Cheers & New year greetings!
Any update on the unlock issue
Hi
Is there any update on the unlock issue i reported some time back? My last update on this was executing the command => 'I did the fastboot oem lks and that commands executes well and it gives me OK output.'
not sure if my last update was interpreted in the right way; it does nothing when i type fastboot oem lks except saying it is OK (which i suppose is the expected output of fastboot oem lks). So i do not know how to get around the volume keys not being recognised to go further in unlocking
I still can not use the volume keys for the unlock as it does not seem to react. just stuck a bit on this
@arrmusic I guessed it it looked more like this.
Code:
fastboot oem lks
...
(bootloader) lks = 1
OKAY [ 0.000s]
finished. total time: 0.000s
lks = 0 would be unlocked.
I am looking for a way to un-brick these. I think that may be the best way to correct the button problem also.
What os version are you running? (BNTV450-vx.x.x-20xxxxx)
What do you get when you run fastboot flashing get_unlock_ability ?
Tested a few things tonight.
I was NOT able to re-lock the bootloader on either of my rooted devices.(BNTV450-v2.0.4)
Found some more inconsistencies with power and volume key boot combinations. (Among other things.)
"FAILED (remote: not support on security)" apparently is not just for unlocked devices.
Sent from my BNTV450 using XDA Labs
not able to unlock yet
Hi
Many thanks for your reply.
I seem to have the software version v1.0.2;
I tried to find by googling v2.0.4 but i am not able to find that security update anywhere to download; do you have the v2.0.4 file? can i have it somehow?
I ran the commands u had mentioned in your previous reply.
fastboot flashing get_unlock_ability
...
(bootloader) unlock_ability = 16777216
OKAY [ 0.012s]
finished. total time: 0.012s
fastboot oem lks
...
(bootloader) lks = 1
OKAY [ 0.004s]
finished. total time: 0.008s
What is the origin of the boot.img?
What is the origin of the boot.img? I'd rather not just flash something without knowing where its come from.
74178951237895321 said:
What is the origin of the boot.img? I'd rather not just flash something without knowing where its come from.
Click to expand...
Click to collapse
v2.0.3 boot came from a supposed "N" rom for this device and was the first boot image I was able to make bootable. It was still API 23 "M" by the way.
I would have to find and unpack the original file to see what I edited to make it bootable.
All others are "dd" copies from my own device(s).
I am working on updating the OP and the "Quick Guide"
Boot Images
Download Magisk 15.3 patched v2.0.5 (Preferred and current boot image.)
Sent from my ford using XDA Labs
Scatter file for Mediatek MT8163, opening the tablet
Can you post the scatter file for the Mediatek MT8163?
I've been trying to make my own image dumps for the Nook 7, but have run into an issue where the device won't stay in a readable mode for SP Flash Tools long enough while the battery is still connected. So, the solution for most phones is to disconnect the battery and have it powered over USB only so that it won't go past the preloader and into the charging mode.
But I can't get the darned thing open! My phone has a similar style housing and I had to use a suction cup on the glass while prying at the edges to gain access. But for the Nook 7 its just not working.
Edit: This started while trying to soft load TWRP to make the image dumps. When I do
Code:
fastboot boot twrp.img
It tells me that the kernel address lies outside of memory. Its possible to supply an address to load it at with the fastboot command which you are supposed to learn from the scatter file. I found what I thought was a valid MT8163 scatter file but using the address found within did not fix the issue.
I forgot you mentioned that you didn't pull the original image from your device yourself. I've been trying to root this without relying on images from others. Your latest guide to pulling and modifying your own boot.img is a decent enough middle ground for me to use. Thanks.
@74178951237895321
Sent from my Nexus 7 (2013) using XDA Labs
I was able to get a successful root by following the steps in this thread in combination with those mentioned in this one. ipdev, just to satisfy my curiosity, where did you find this "N rom" image?
ipdev said:
So we hit a snag using Magisk 15.4+ to patch a stock boot image on this device.
Click to expand...
Click to collapse
So, I was dumb and went through with updating Magisk without checking this thread first, and now my tablet's stuck in a bootloop that I can't seem to get out of. @ipdev, do you have any ideas on how this happened/how to get out of it? The tablet can't get past the "Orange state your device has been unlocked etc. etc." screen, and I can't get it to boot into recovery either (using Power+Volume Down, is the combination something else on this tablet?). fastboot won't discover it either, probably because it reboots within seconds and never gets to a point where it could be recognized. I'm thinking of letting it bleed out until its battery dies (unfortunately, the battery is soldered and glued in, so I can't just disconnect it), and checking on it in the morning to see if it will be cooperative enough to let me flash the modified Magisk image.
@saagarjha
I have a few in the same condition. As you noticed, the battery is soldered in so the best you can do is disconnect the screen. (Connector to the right of battery.)
One of these days, I was going to try sp flashtools to see if I could recover one of mine. (I'm not sure if it works with these.)
Sent from my Nexus 5 using XDA Labs
I let the tablet run out of battery and then plugged it back in again and it immediately got stuck in the same bootloop, so it looks like it's actually bricked rather than just pretending. I think SP Flash Tools is the way to go at this point; we'd have to find a functioning preloader driver and scatter file to do that, however. It might be possible to simulate disconnecting the battery by shorting the battery's leads, but I'm not sure if this would work (or is even safe to do).
I was having trouble with unlocking the boot loader on my v1 launch version of this Nook. Recently I dropped it and got a new one via the replacement plan - this one was marked 'v2', came with a 2.x firmware that I wasn't able to even get on my launch Nook 7.
Anyway, this one unlocked without any problems. Thought this might be helpful to anybody having trouble unlocking the bootloader. Consider the revision of the Nook you have. Maybe the solution here is flashing the v2 firmwares to the v1? Hard to say.
unable to unlock
So I did "adb reboot bootloader" and the tablet rebooted and says "=> FASTBOOT mode..." on the screen.
I then did "fastboot flashing unlock" on the computer. Nothing happened on the device and my computer says "< waiting for device >". Could anyone please let me know what I did wrong? Thank you very much.
Introduction
This is an UNOFFICIAL TWRP port for UMIDIGI F1 that works properly with encrypted /data partition in official ROM. I am aware that the UMIDIGI F1 already has TWRP built for it, but none of them seem to have decryption working properly. In fact, every single TWRP, even official ones, for any MT6771 device, seem to have non-functional decryption support. Through some digging I managed to fix decryption at least for UMIDIGI F1, so here is my version of TWRP for the device.
Known Bugs
- Screen may flash on the password-input UI. Anything else is fine though.
This TWRP has been tested with official ROM and my LineageOS 17 port (https://forum.xda-developers.com/android/development/unofficial-lineageos-17-0-umidigi-f1-t3997827) and it works fine.
This is UNTESTED on the F1 Play. ONLY TESTED on regular F1.
Why Bother
Because security matters. Using a cheap device should not mean giving up security, and more importantly, privacy.
Instructions
1. Unlock bootloader
2. Enable ADB debugging in system
3. Execute "adb reboot bootloader" while having your phone connected to PC
4. Execute "fastboot flash recovery <your_downloaded_recovery>.img"
5. Reboot phone while holding Volume Up + Power buttons
Note: The official ROM may overwrite the recovery, so you may need to re-flash the recovery if this behavior isn't prevented either by TWRP or manually.
Downlaods & Sources
20191103: https://github.com/PeterCxy/android_device_umidigi_F1/releases/tag/20191103-twrp
- Fixed issues with Magisk and OpenGAPPS
20191102: https://github.com/PeterCxy/android_device_umidigi_F1/releases/tag/20191102-twrp
Device Tree: https://github.com/PeterCxy/android_device_umidigi_F1/tree/twrp-9.0
Modified TWRP (Required for decryption to work): https://github.com/PeterCxy/android_bootable_recovery
Updated to 20191103
I appreciate your sharing this. I have added "system_image emmc" to the fstab file, so I can flash and backup the system.img
This works good on my F1,
But I tried to make this decrypt work for my other phone with 6771(Bold N1), but couldn't find all same files added to recovery/root from stock firmware.
mrmazak said:
I appreciate your sharing this. I have added "system_image emmc" to the fstab file, so I can flash and backup the system.img
This works good on my F1,
But I tried to make this decrypt work for my other phone with 6771(Bold N1), but couldn't find all same files added to recovery/root from stock firmware.
Click to expand...
Click to collapse
Those files are extracted from vendor.img, but it can be different on different devices, e.g. keymaster version might be different. Also you will need to patch them using `patchelf` to make them use `/sbin/linker64` instead of `/system/bin/linker64`
hello
im willing to port your amazing twrp to our phone UMIDIGI F1 Play and i need permission to do it ???
thanks
Shadow Of Leaf said:
hello
im willing to port your amazing twrp to our phone UMIDIGI F1 Play and i need permission to do it ???
thanks
Click to expand...
Click to collapse
on other releases, no change was needed to boot on both. I would try as is first.
as long as you have working sp flash tool in case of issue.
mrmazak said:
on other releases, no change was needed to boot on both. I would try as is first.
as long as you have working sp flash tool in case of issue.
Click to expand...
Click to collapse
Cause i test it without changes , it reboot to system
I think because they have different kernels
I am unable to install twrp.
When I run the "fasthboot flash recovery" command, cmd aparace "waiting for de ice" and nothing happens on my phone ...
Am I doing something wrong?
no fastboot response
for some reason (most likely pilot error, lol) the phone doesn't show when I do "fastboot devices" - even though the F1's screen shows "fastboot mode" in very tiny letters on the bottom-left.
probably something stupid I'm doing wrong, will keep trying...
tarvoke said:
for some reason (most likely pilot error, lol) the phone doesn't show when I do "fastboot devices" - even though the F1's screen shows "fastboot mode" in very tiny letters on the bottom-left.
probably something stupid I'm doing wrong, will keep trying...
Click to expand...
Click to collapse
You can operate from adb/fastboot folder and device can stay on fastboot mode but if drivers were not properly installed then no connection with pc.
Try installing:
- https://androidmtk.com/download-15-seconds-adb-installer
- https://androidmtk.com/download-mtk-usb-all-drivers
- https://www.androidweblog.com/download-mediatek-usb-vcom-drivers/
Start the process from device on using adb commands to always allow access to the pc. I mean:
Code:
adb devices
and then if device is detected you will see a screen warning to "always allow...." then tap on yes; this suppress future conflicts, then
Code:
adb reboot bootloader
while on fastboot follow with
Code:
fastboot devices
SubwayChamp said:
You can operate from adb/fastboot folder and device can stay on fastboot mode but if drivers were not properly installed then no connection with pc.
Click to expand...
Click to collapse
thanks!
adb was already working (is how I made the thing reboot to bootloader, and yes I did tell it to permanently accept the computer I'm using.
this is on linux, so the drivers shouldn't be a problem... although SMH I never put USB IDs into the udev rules. which is interesting, because regular adb already worked fine without it - I have had phones in the past that some did, some did not, require the computer to know about vendor/hardware ID.
(and I know that the adb USB IDs are usually different than the ID for fastboot, as well.)
like I said, pilot error lol. but thank you again for the reply!
I have done the following:
Enabled Developer Options
Enabled USB Debugging
Enabled OEM Unlocking
Unlocked the bootloader with:
Code:
adb reboot bootloader
fastboot flashing unlock
Rebooted and Enabled USB Debugging again.
Then after downloading your recovery
Code:
adb reboot bootloader
fastboot boot ~/Downloads/recovery.img
But nothing happened.
I rebooted and thought I would try flashing
Code:
adb reboot bootloader
fastboot flash recovery ~/Downloads/recovery.img
It just paused on the boot screen saying "Your device has been unlocked and can't be trusted".
If I reboot then try to go direct to recovery:
Code:
adb reboot recovery
I end up with the broken android screen and "No command"
What am I missing?
opticyclic said:
I have done the following:
Enabled Developer Options
Enabled USB Debugging
Enabled OEM Unlocking
Unlocked the bootloader with:
Code:
adb reboot bootloader
fastboot flashing unlock
Rebooted and Enabled USB Debugging again.
Then after downloading your recovery
Code:
adb reboot bootloader
fastboot boot ~/Downloads/recovery.img
But nothing happened.
I rebooted and thought I would try flashing
Code:
adb reboot bootloader
fastboot flash recovery ~/Downloads/recovery.img
It just paused on the boot screen saying "Your device has been unlocked and can't be trusted".
If I reboot then try to go direct to recovery:
Code:
adb reboot recovery
I end up with the broken android screen and "No command"
What am I missing?
Click to expand...
Click to collapse
While in fastboot the first you should do is see if device is detected by pc with
Code:
fastboot devices
It looks like something is wrong with your path, I ever avoid path copying or moving the file/image to the adb/fastboot directory but anyway if you don´t want to do it you can copy the path from the bar where your recovery file is allocated, for example, if the file is in Downloads directory like it seems actually is, no matter what unit/drive you are in you can set an absolute value to avoid errors, look at this example: C:\Users\your_user\Downloads
If your device is detected then you can flash the recovery as you were trying to do it with
Code:
fastboot flash recovery recovery.img
and then you can reboot directly to it without need to reboot to system previously and this will prevent TWRP from being overwritten, with
Code:
fastboot boot recovery.img
hmm, so when I checked the udev rules, it already had one for MTK/mediatek - and the USB vendor is '08ed' in fastboot as well as in regular adb, so it wasn't a problem with udev/plugdev.
which I guess may mean the lunix generic android drivers for fastboot might be... "lacking" - I'll have to scrounge up a win7 laptop and try the recommended windows drivers.
SubwayChamp said:
...
It looks like something is wrong with your path, I ever avoid path copying or moving the file/image to the adb/fastboot directory but anyway if you don´t want to do it you can copy the path from the bar where your recovery file is allocated, for example, if the file is in Downloads directory like it seems actually is, no matter what unit/drive you are in you can set an absolute value to avoid errors, look at this example: C:\Users\your_user\Downloads
...
Click to expand...
Click to collapse
I don't think it was anything to do with the path as it output the file transfer size.
I think it was a combination of the following:
I wasn't pressing the right combinations of buttons after flashing.
i.e. holding VOL UP and pressing POWER on the screen saying "Your device has been unlocked and can't be trusted".
Rebooting might (?) have been reverting the recovery.
I was originally trying this on the firmware that was shipped 2019012414 but after flashing 2019090418 with SPFlashTool I had more success.
I also able to reboot to recovery directly after flashing with fastboot with the following:
Code:
fastboot oem reboot-recovery
Whichever was the key I can now reboot to recovery from adb too.
:good:
Your twrp eliminates fingerprint authentication.
I discovered something interesting, your twrp only works on my device, no other twrp works, but when I install it, I lose my fingerprint, it doesn't work at all.
Simply put, I must choose between the fingerprint or the root.
LyrielAlk said:
No other twrp works, but when I install it, I lose my fingerprint, it doesn't work at all.
Simply put, I must choose between the fingerprint or the root.
Click to expand...
Click to collapse
Try to clean flash last vendor build with spflash tool. First boot need stock recovery.
You don't need custom recovery to achieve root.
Maybe give a try to SNwriter (I never needed it though and can't help here).
Both of those twrp are not sticking. I have flashed with spoken flash tool v5 1944 win and I fastboot cmd with the same results.
Thanks
Gracias for this master ?
good
Shadow Of Leaf said:
hello
im willing to port your amazing twrp to our phone UMIDIGI F1 Play and i need permission to do it ???
thanks
Click to expand...
Click to collapse
good idea
I've got a three day old Inn tablet that I tried to root according to the directions in this thread: https://forum.xda-developers.com/t/...0015685-series-root-and-cfw-linux-os.4195577/
The command fastboot --disable-verity --disable-verification vbmeta vbmeta.img returns an error saying "unknown command --disable-verity"
I have tried reflashing the stock boot.img, vbmeta.img, vbmeta_vendor.img, and vbmeta_system.img I downloaded from that same thread and I have tried the boot.img I patched with magisk.
The message I get on startup is either the orange state if the bootloader is unlocked or "bad state. Your device has failed verification and may not work properly. Please install boot image with correct signature or disable verified boot".
SP Flash Tools will not work on my laptop. The laptop is up to date and is working right, it runs Windows 10.
I have tried installing twrp to the recovery partition but it makes no difference. I was not able to back up anything from the tablet at all.
I have the back cover off. The only way to stop the bootloop is to unhook the battery.
EDIT: This tablet is brand new and came with Android 11 preinstalled. I had no personal stuff on it to lose, but I do have a similar, smaller Onn tablet that I *do* use some and would like to root once we figure this out.
How do I disable verified boot on the 100003562? Does someone have a vbmeta file they are willing to share that has the verified boot disabled already? If that's not possible, how do I restore the stock, non rooted ROM so it'll at least work?
Yes re-flashing tablets's Stock ROM to get rid off of all modifications you applied so far is best.
Flashing a Stock ROM typically is done by ADB Sideload method.
Will it work without being able to boot into recovery mode? That bootloops also, but I can get it into fastboot mode with no problem. The image I downloaded from here appears to be a recovery zip of some type. It's where I pulled the boot.img from that I patched with Magisk.
I don't have anything that was in the stock ROM in that particular tablet, just the stock ROM downloaded from this site. from that same model of tablet. I have considered picking up an identical one and trying to copy the ROM from it, but I'm not going to risk rooting a second one if I can't get this first one done.
There's a different file linked to later in that guide, I'll try it because I may have the vbmeta files from a totally different tablet. The file I just grabbed is at https://drive.google.com/drive/mobile/folders/1KG6IIULGfxVXM9msuaWMUvO8Vs9ih-w0?usp=sharing , later in the guide I used to root the device.
I'm not sure how to do the ADB sideload. I'm thinking it's "ADB sideload <filename>, not sure though.
I'm not near the tablet ATM.
If phone stucks into a bootloop then ADB Sideload won't work because a stable USB-connection isn't given.
There's a flash all command in fastboot. Will that help?
OK. I had a soft brick due to Android Verified Boot. I have it running the stock unrooted ROM, will try later to root Onn later.
WARNING WARNING WARNING
Some of these tablets are shipping with Android 11
"fastboot --disable-verification --disable-verity flash vbmeta vbmeta.img" does NOT work on these devices. This is a command to disable Android Verified Boot.
YOU WILL SOFT BRICK THE DEVICE if you flash a magisk patched ROM through fastboot without first disabling the Android Verified Boot. It is possible to recover so Read Onn.... (pun intended).
There are certainly other ways to root this tablet and I am all ears to hear them.
END WARNING
I have, in the past, revived devices that appeared to be hard bricked. Most devices these days have an emergency boot block. The Onn 100003562 is no different. During a bootloop, it allows access to the filesystem at certain times. Enter SP flash tools and a known good image of the ROM, including the initial scatter file.
The newest version of SP flash tools is more busted than my tablet was. Get an older one from 2020. Get ADB and fastboot.
Now grab a PC and make a folder in the root directory called ADB. Extract ADB and fastboot into it. The rom image you downloaded should have a scatter file in it, make sure that gets into the ADB directory with everything else.
This is with Windows 10 in mind, but may work on UbuntuMATE 18.04 from my Toughbook, I think the directory there is "home". Get the tablet into fastboot mode (vol up + power), connect it to the PC with a USB cable, then type in
"fastboot flashing unlock"
and press Vol Up on the tablet to confirm. Next
"fastboot reboot" and if it's going to bootloop, it'll do that now.
If you want better control over the tablet, flex it slightly and insert a spudger into the crack that'll form on the side between the device's plastic frame and back bathtub panel. Gently remove the bathtub and locate the jack where the battery connects. Voila, you can stop the bootloop by removing the power!
Get the tablet to start bootlooping. A good way is to either hit the power key or get it into fastboot mode (hold volume up, press power, and hold til the bootloader shows up) then "fastboot reboot".
Unzip the ROM files you downloaded into the ADB folder. Set up SP flash tools and open it (mine requires double clicking the flash.exe file). Click the Format tab and click both "Auto Format Flash" and "format flash except bootloader"
WARNING: do NOT format the bootloader!!!
Wait for the tablet screen to go dark and then hit "start". This will erase everything except what I call the emergency boot block. You should hear the PC ding every few seconds while the tablet is powered up and physically connected to it. The tablet screen will not light up at all for now. Fastboot mode will be inaccessible.
Now on SP Flash Tools, click "Download" and click "choose" on the line with the scatter loading file. Navigate to c:\ADB or Home:\ADB and click the file. If you put the scatter file in another directory, navigate there instead and click it. The scatter-loading file line will populate. Just below it is a checkbox next to "name", uncheck it and ensure ALL the checkboxes are empty in the spreadsheet below that. Check the box next to "boot".
Your PC should still be singing, this means the tablet is bootlooping and searching for a command right after it reconnects electronically to the PC every few seconds. Wait for the USB connected sound then hit "download". The boot.img file will be written to your tablet but it will still continue to bootloop. Fastboot will still be inaccessible.
Go back to SP Flash Tools and check the box next to "name" at the top of the spreadsheet. All the boxes will be checked that you have files for in the ADB directory (or wherever you extracted them with the scatter file). Wait for the USB connected sound, then hit download. Grab a beer or go use the restroom, this will take a few minutes.
When it's done SP Flash Tools will display a message stating such.
Charge the tablet if necessary then press the power key. Bam, no Orange or Red state warning. The white One logo will appear for a few seconds, disappear, and be replaced with the shiny Onn animation. This first boot will take several minutes, so finish up the beer while you wait.
If all is well you should be looking at the inroductory screen. Walk through setup, enable developer options, enable bootloader unlocking, and try whatever it was you were doing again.
I see this forum and our devices as an opportunity to learn. I hope I have been helpful with this, and if I there's something wrong or that can be done better, by all means, post it.
Have a fantastic day!