I'm trying to flash stock Android 11 One UI 3.1 back into my A51, I'm trying to use Heimdall on Linux (downloaded from AUR using the heimdall-git). Issue is theres 2 vbmeta files (NOT VBMETA SAMSUNG), 1 on AP and another on BL, both named vbmeta.img, when I tried flashing from Odin, I noticed that it flashed vbmeta.img 2 times (which means both vbmetas on AP and BL are most likely used), on Heimdall Frontend, I can only pick a single vbmeta partition and vbmeta_samsung, there is no 2 vbmeta options, how do I flash both vbmetas?
Related
Hello guys my phone is stuck in a bootloop because I tried to install twrp from fastboot.
I unlocked bootloader and started Fastboot.
Then I connected my phone to my mac via USB.
Then I ran this commands:
./fastboot flash recovery recovery.img
./fastboot flash vbmeta vbmeta.img
(The mistake I think I made was that I flashed recovery before vbmeta).
Then I restarted my phone and I could not get into android or fastboot.
Please I need help.
This is the tutorial which I used.
Thanks in advance.
Apart from the wrong order of flash commands, it should be noted that
Code:
fastbbot flash vbmeta vbmeta.img
absolute is meaningless: stupidly overwriting an existing vbmeta.img MUST brick any Android device.
The correct Fastboot command should have been
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
what makes the necessary change in supplied vbmeta.img before it gets flashed.
My recommendation: Try to re-flash phone's Stock ROM.
jwoegerbauer said:
Apart from the wrong order of flash commands, it should be noted that
Code:
fastbbot flash vbmeta vbmeta.img
absolute is meaningless: stupidly overwriting an existing vbmeta.img MUST brick any Android device.
The correct Fastboot command should have been
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
what makes the necessary change in supplied vbmeta.img before it gets flashed.
My recommendation: Try to re-flash phone's Stock ROM.
Click to expand...
Click to collapse
I will try to Flash the stock ROM using SP Flash Tool.
I won't try to install twrp anymore if this stock ROM flashing works.
I'll kill my dreams of rooting my phone and installing android 12.
(I hope it works because am not getting a new phone until next 3 years)
jwoegerbauer said:
Apart from the wrong order of flash commands, it should be noted that
Code:
fastbbot flash vbmeta vbmeta.img
absolute is meaningless: stupidly overwriting an existing vbmeta.img MUST brick any Android device.
The correct Fastboot command should have been
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
what makes the necessary change in supplied vbmeta.img before it gets flashed.
My recommendation: Try to re-flash phone's Stock ROM.
Click to expand...
Click to collapse
Please do you know how to get the build number of my bricked phone?
mikkyboy said:
I will try to Flash the stock ROM using SP Flash Tool.
I won't try to install twrp anymore if this stock ROM flashing works.
I'll kill my dreams of rooting my phone and installing android 12.
(I hope it works because am not getting a new phone until next 3 years)
Click to expand...
Click to collapse
It's not hard to install TWRP to this device
Hello there, i have a question about flashing the patched boot image on my phone
On my phone i can only flash the system partition which i am right now using the /e/ GSI image
using bkerler's mktclient to flash the batched boot.img everything goes well, as far as i know
but the phone just does not boot to system, it goes directly to BROM again
flashing the stock boot.img the phone boots normally
the original boot.img is 24 mb, the patched boot.img is 7 mb
bkerler instructed me to add zeroes to the end of the file so make it the same size as the stock boot image
i did it using a hex editor, but i did not flash it, as i'm still not sure if i did it correctly
i also tried to patch the lk.bin, but got no changes after flashing it
my theory is, i have 2 boot partitions, boot and boot2, and 2 lk binnaries, lk.bin and lk2.bin
flashing both boot partitions got me nothing, flashing one lk.bin didn't work, because it boots into the second lk.bin
so there might be some verification happening to not allow me to do it
i don't have enough knowledge about it, so i ask for help to understand and be abble to flash the patched boot.img
I have realized that there isn't a guide to root the G91 PRO (not the max, for whatever reason that got rooted before the pro...) anyway, I figured out how to do it, and I'm probably not the first one. Since I haven't been able to find the stock rom on the internet, I strongly advise you backup your stock rom with mtkclient.
This is an A/B device, so we need to flash to both slots.
First, dump your stock rom with this tool: https://github.com/bkerler/mtkclient
This is mtkclient. It reverse engineers BROM or Preloader mode so that we can pull down the flash. Once you put your phone in BROM mode, use this command to back up the whole flash. (To put your phone in BROM mode, power off your phone and hold down volume up, down, and power and the same time while plugging in a USB-C cable)
python3 mtk rf flash.bin
Now that we've made a backup, we can start screwing around with the phone. If you ever need to restore your backup then all you need to do is:
python3 mtk w flash.bin
Inside of that flash bin you can find all the partitions inside of it. I use 7zip to look inside of the archive. Look for boot_a.img. After you find it, use magisk manager to root the stock boot.img.
If you don't want to look inside of the archive and would prefer to just dump the boot images, then just run these commands instead.
python3 mtk r boot_a boot_a.img
python3 mtk r boot_b boot_b.img
Now we can also use this mtkclient software to unlock the bootloader. We don't have to use mtkclient, we could use bootloader mode after enabling oem unlocking in developer options, but we can do this too.
We first have to erase metadata, userdata, and md_udc.
python3 mtk e metadata, userdata, md_udc
Now we can unlock the bootloader.
python3 mtk da seccfg unlock
After unlocking the bootloader, you can now flash partitions. Flash your patched boot.img in bootloader mode.
fastboot flash boot_a (patched boot.img)
fastboot flash boot_b (patched boot.img)
Inside of the mtkclient folder, you will find a file called vbmeta.img.empty. This is a patched vbmeta (its blank haha) so that we can disable verified boot. we need to flash it to both slots.
fastboot flash vbmeta_a (vbmeta.img.empty)
fastboot flash vbmeta_b (vbmeta.img.empty)
That's all!
Edit: I decided to attach my rooted and non rooted boot img for those who want to do it quickly. You can flash magiskboot_a.img to both slots, as they are the same. I caution you though, only flash my provided boot.img if your build number and custom build number matches the one in the screenshot I provided. Build number can be checked in Settings>About Device>Build Number and Custom Build Info. Make sure to also flash the empty vbmeta so you don't have any dm verity errors!
is build id same as build number?and can i flash that boot_a.img in bugjaeger app?
ziyad45 said:
View attachment 5620469is build id same as build number?and can i flash that boot_a.img in bugjaeger app?
Click to expand...
Click to collapse
This is not the same phone. You can't flash the boot.img. However, the specs are identical. You could probably follow the method I used to root this phone.
dtingley11222 said:
I have realized that there isn't a guide to root the G91 PRO (not the max, for whatever reason that got rooted before the pro...) anyway, I figured out how to do it, and I'm probably not the first one. Since I haven't been able to find the stock rom on the internet, I strongly advise you backup your stock rom with mtkclient.
This is an A/B device, so we need to flash to both slots.
First, dump your stock rom with this tool: https://github.com/bkerler/mtkclient
This is mtkclient. It reverse engineers BROM or Preloader mode so that we can pull down the flash. Once you put your phone in BROM mode, use this command to back up the whole flash. (To put your phone in BROM mode, power off your phone and hold down volume up, down, and power and the same time while plugging in a USB-C cable)
python3 mtk rf flash.bin
Now that we've made a backup, we can start screwing around with the phone. If you ever need to restore your backup then all you need to do is:
python3 mtk w flash.bin
Inside of that flash bin you can find all the partitions inside of it. I use 7zip to look inside of the archive. Look for boot_a.img. After you find it, use magisk manager to root the stock boot.img.
If you don't want to look inside of the archive and would prefer to just dump the boot images, then just run these commands instead.
python3 mtk r boot_a boot_a.img
python3 mtk r boot_b boot_b.img
Now we can also use this mtkclient software to unlock the bootloader. We don't have to use mtkclient, we could use bootloader mode after enabling oem unlocking in developer options, but we can do this too.
We first have to erase metadata, userdata, and md_udc.
python3 mtk e metadata, userdata, md_udc
Now we can unlock the bootloader.
python3 mtk da seccfg unlock
After unlocking the bootloader, you can now flash partitions. Flash your patched boot.img in bootloader mode.
fastboot flash boot_a (patched boot.img)
fastboot flash boot_b (patched boot.img)
Inside of the mtkclient folder, you will find a file called vbmeta.img.empty. This is a patched vbmeta (its blank haha) so that we can disable verified boot. we need to flash it to both slots.
fastboot flash vbmeta_a (vbmeta.img.empty)
fastboot flash vbmeta_b (vbmeta.img.empty)
That's all!
Edit: I decided to attach my rooted and non rooted boot img for those who want to do it quickly. I caution you though, only flash my provided boot.img if your build number and custom build number matches the one in the screenshot I provided. Build number can be checked in Settings>About Device>Build Number and Custom Build Info. Make sure to also flash the empty vbmeta so you don't have any dm verity errors!
Click to expand...
Click to collapse
My g91 pro doesn't seem to work with mtk client it but I have the same build as you.
To root my phone I need to have boot image a and b? I noticed just image a is attached and I can't find a rom download for the g91 pro anywhere.
Did you use img a for both?
Any help would be great.
Thanks
Longdelayecho said:
My g91 pro doesn't seem to work with mtk client it but I have the same build as you.
To root my phone I need to have boot image a and b? I noticed just image a is attached and I can't find a rom download for the g91 pro anywhere.
Did you use img a for both?
Any help would be great.
Thanks
Click to expand...
Click to collapse
You might not be entering brom correctly. The rom is not available on the internet. You only need boot_a because the boot imgs are the same for both slots. You can flash it to both a and b with no issue.
Hey do you think this would work on the G61S?
Hello, i have the RMX2075 version (not sure what's different with RMX2076 by the way..?) updated it to last version, which is "RMX2075_11_C.25". I wanted to root, for that i needed the boot.img file, i found on andrealmefirmware.com the fimrware "RMX2075GDPR_11_C.25" - GDPR means EU too, so i thought it's the right one. I extracted vbmeta and boot files with OFP extractor and patched the boot with magisk, then went in fasboot mode and entered the commands to root which can be found here.
Problem : phone won't boot, i get the warning "boot/recovery has been destroyed, phone cannot boot". I have had the ozip of an older firmware in the phone storage, but it refused to flash, because older! Not sure it was a mistake but i did format data. Anyway, RealmeFlashTool won't flash that "RMX2075GDPR_11_C.25" firmware, it says "cannot find directory". I'm stuck.. Anybody has the boot.img of that specific "RMX2075_11_C.25"? Or any instructions on how to recover.. Hope to get replies, thanks!
Ok, good news : when i flash the original boot.img of that "RMX2075GDPR_11_C.25" firmware, i don't get the error and i can boot. I still don't understand why it won't boot after i enter those :
fastboot --disable-verity --disable-verification
fastboot flash vbmeta vbmeta.img
fastboot flash boot boot.img
Which i patched with magisk (tried various versions). It doesn't make much sense to me..? Also would like to know which firmware file i need to downgrade to RUI 1.0 (and where to find it).
i’ve been wanting to install a custom rom on my A12 Nacho (A127F) but when i flash vbmeta.tar it fails in odin, and when i try to flash twrp the phone bricks itself because there is no vbmeta.
any help?
someone_. said:
i’ve been wanting to install a custom rom on my A12 Nacho (A127F) but when i flash vbmeta.tar it fails in odin, and when i try to flash twrp the phone bricks itself because there is no vbmeta.
any help?
Click to expand...
Click to collapse
to what slot do you flash VBMETA?
In ODIN flash twrp in AP slot, and nulled VBMETA in userdata slot.
That's all
i flash vbmeta on userdata, so basically what i have to flash is twrp on ap and vbmeta on userdata?
someone_. said:
i flash vbmeta on userdata, so basically what i have to flash is twrp on ap and vbmeta on userdata?
Click to expand...
Click to collapse
correct
it still failed
someone_. said:
it still failed
Click to expand...
Click to collapse
TWRP and VBMETA needs to be flashed together.
TWRP in AP slot, VBMETA in userdata slot.