Related
Intel Android Devices Root / Temp Recovery Session
social-design-concepts said:
Disclaimer:
Before you proceed to the rooting instructions below, please read this disclaimer:
XDA-DEVELOPERS.COM and I are not responsible for what you are doing to your device. You understand and agree that you are doing this at your own risk.
as for warranty the rule of thumb is if you root you should always consider your warranty voided : i will make no claim otherwise on the subject.
i am just a simple hobbyist from Cinti. OH USA i have no intention to buy devices or users getting mad that they were under some impression this wouldn't void the warranty.
if you root you should always consider your warranty voided
Click to expand...
Click to collapse
Tethered Temporary CWM / TWRP Recovery Session :
Note : This is a Temporary CWM / TWRP Recovery Session for some Intel Devices with locked bootloaders.
This recovery is not installed to the devices and has to be launched from a computer ( tethered ) each time you need to access the CWM / TWRP Recovery. . .
WARNING : This Temporary CWM / TWRP Recovery Session is for some Intel Devices with locked boot loaders.
It is not intended for installing custom roms as if the devices has a locked bootloader the device will fail to boot the unsigned images
Intel Fastboot Tethered Temporary Recovery Session Launcher download :
Current Version : IntelAndroid-FBRL-07-24-2015.7z
Generic Instructions for use better instructions coming later just wanted to get the thread up :
notes :
make sure you have downloaded and installed the adb / fastboot drivers for your device . . .
make sure you have enabled developer options / adb debugging under settings on your device . . .
make sure you have download the latest : UPDATE-SuperSU-vX.Xx.zip and place it on your internal or external_sd
1 : download and extract IntelAndroid-FBRL-07-24-2015.7z some where on your computer.
2 : double click the launcher.bat file to start , type " ACCEPT " case sensitive without quotes to continue
check that the tool is reporting as either :
DEVICE STATUS: ADB-ONLINE
DEVICE STATUS: FASTBOOT-ONLINE
If " DEVICE STATUS: UNKNOWN " please check your cable connection and driver installation under Windows Device Manager
If " DEVICE STATUS: UNAUTHORIZED " please check if your devices is displaying an authorization prompt be sure to check Always allow from this computer and then press ok
3 : select the trigger to launch the Temporary CWM Recovery Session support fastboot oem triggers are :
T1 oem startftm ( very few devices support this command , but its the original used so )
devices supported : coming soon
T2 oem backup_factory ( limited devices support this command )
devices supported : coming soon
T3 oem stop_partitioning ( should work on alot of kitkat builds )
devices supported : coming soon
T4 oem stop_partitioning ( probably works on all devices that are supported (Jellybean , KitKat , Lollipop) )
devices supported : coming soon
4 : after selecting the trigger your device should reboot in to fastboot and begin to copy files to your device
note : if your device hangs at the waiting-for-device screen and you see droidboot CMD Waiting on your devices double check that the fastboot driver installed correctly.
note : if you see unknown oem command the trigger isn't supported by your device.
5 : The temporary cwm recovery session should be started at this point select install zip from the recovery menu using vol up / vol down to navigate and power to select
6 : select install zip from sdcard / external_sd depending on where you placed the file and select the UPDATE-SuperSU-vX.Xx.zip you downloaded earlier
7 : confirm the installation
8 : after install completes reboot your device
note :
some devices have limited space under /system and the supersu app wont install
if you don't see the supersu app on your device attempt to install it from the playstore
more than likely the su binary installed correctly but there want enough room on the device for the app.
This recovery uses the CWM Recovery @vampirefo built for the Dell Venue 8 3830 NoModem original thread : Dell Venue 8, CWM, unsecure boot/recovery
You know it's annoying to find this on so many other forums. with other people taking credit for it. sad face : (
APPRECIATE MY WORK, I DON'T DRINK, SO CLICK HERE DONATE NOW AND BUY ME COFFEE
XDA:DevDB Information
Intel Android FBRL, Tool/Utility for the Android General
Contributors
social-design-concepts
Version Information
Status: Stable
Created 2015-07-28
Last Updated 2015-07-28
Supported Devices List / Trigger
Supported Devices List / Trigger
Acer :
B1-730 T2
B1-730HD T2
A1-830
A1-840FHD T3
A1-840 (HD) T3
Asus :
ME170C T2 & T3
ME176C T2 & T3
Dell :
Venue 7 3730 / Venue 8 3830 All Triggers Should Work
Venue 7 3740 / Venue 8 3840 T3
Venue 7 3741 / T3
Venue 8 7840 T3
Iview :
i700 T2 & T3
Kurio :
Xtreme 7 Only had a chance to test trigger T3
Odys :
intellitab 7
Nabi:
Dreamtab model IN08A trigger T3 reported working
Prestigio :
MultiPad Thunder 7.0i
Tesla :
L7 Tablet T3
Tesco :
Op3n Dott 8 T2 & T3
Toshibia :
Excite 7 T3
Links to devices specific threads / forums
Links to devices specific threads / forums
If you have created a devices specific thread / forum for your devices please PM the link so that i can post a link to it here to make it easier to help new users . . . . Please put Intel Device Specific Thread in the supject . Thank You .
The Concept / Source Code
The Concept / Source Code
Collected Device Dumps / Captured OTA Updates
Collected Device Dumps / Captured OTA Updates
Generic / Tips for Unbricking
Generic / Tips for Unbricking
Ahh!
Just my luck lol. Had a feeling I would end up bricked for some reason, maybe I jinxed myself.
Anyways... everything was going ok, I selected trigger 3 to try first, reboots to droidboot (with "waiting for fastboot command") then I select recovery and get android dude laying down with a red exclamation point coming out his belly and it just said "no command" now I am soft bricked, only getting the USB symbal with the white line under it. Please help!
GeeKerGurL said:
Just my luck lol. Had a feeling I wouls end up beicked for some reason, maybe I jinxed myself.
Try to manually boot to droidboot
Anyways... everything was going ok, I selected trigger 3 to try first, reboots to droidboot (with "waiting for fastboot command") then I select recovery and get android dude laying down with a red exclamation point coming out his belly and it just said "no command" now I am soft bricked, only getting the USB symbal with the white line under it. Please help!
Click to expand...
Click to collapse
We can remote around 1130pm est and I'll get you running v8 correct?
Sent from my XT907 using XDA Free mobile app
social-design-concepts said:
We can remote around 1130pm est and I'll get you running v8 correct?
Sent from my XT907 using XDA Free mobile app
Click to expand...
Click to collapse
Yeah 3830. Thanks a bunch. Now what do I have to do to remote? I am on a win7 PC with 1gig that is so slow I wanna scream. Also I am in another timezone so how long would that be from now?
GeeKerGurL said:
Yeah 3830. Thanks a bunch. Now what do I have to do to remote? I am on a win7 PC with 1gig that is so slow I wanna scream. Also I am in another timezone so how long would that be from now?
Click to expand...
Click to collapse
1 hour 30 minutes
Sent from my XT907 using XDA Free mobile app
social-design-concepts said:
1 hour 30 minutes
Sent from my XT907 using XDA Free mobile app
Click to expand...
Click to collapse
Okie dokie. Ill be here.
social-design-concepts said:
We can remote around 1130pm est and I'll get you running v8 correct?
Sent from my XT907 using XDA Free mobile app
Click to expand...
Click to collapse
Woot!!!YA! no need, I got it back all by myself just had to boot with vol down and go back through the process and everything copied fine and worked this time! :good: thanks a ton for offering to help me though buddy!
BTW trigger 3 works for the 3830 V8 no modem
WOOOHOOOOHOOOOWOOOO! root check cleared, I am SOO happy to finally have root on this thing. Besides my minor hiccup for whatever reason this method was pie too! YAHOO. I went from about to cry to jumping around happy like a crazy person haha.
recovery fstab
What needs to be change for jb 4.2.2?
I am able to open and edit the file.
b.g.
whgarner said:
What needs to be change for jb 4.2.2?
I am able to open and edit the file.
b.g.
Click to expand...
Click to collapse
recovery.fstab may or may not need to be edited for some devices especially if the device doesn't use by label partitioning. What device do you have?
Sent from my XT907 using XDA Free mobile app
asus aa3-600
I have an asus aa3-600-ur10
android 4.2.2
Intel Celeron J1850 Quad-core 2 GHz
21.5" Full HD (1920 x 1080) 16:9
Intel HD Graphics with Shared Memory
2 GB, DDR3 SDRAM
500 GB HDD
The problem I'm having is no usb debugging, only debugging via lan. I can get adb to work but not working with fastboot in the bootloader(droidboot). I have a post about it in this section, search for "aa3-600"
b.g.
Hi, SDC
I know this has been ask before, I searched and couldn't find the answer though, I would like to get the source code for the launchers , I use the Linux version of this method, cause I don't have windows, and would like to convert the recovery.launcher triggers and so forth into a shell script rather that use binary file.
If you have a shell script already can you post it if not, can you post or give me a link to your binary files source code?
tomtom1265 said:
Hi, SDC
I know this has been ask before, I searched and couldn't find the answer though, I would like to get the source code for the launchers , I use the Linux version of this method, cause I don't have windows, and would like to convert the recovery.launcher triggers and so forth into a shell script rather that use binary file.
If you have a shell script already can you post it if not, can you post or give me a link to your binary files source code?
Click to expand...
Click to collapse
I'm going to post the source after I finish getting the thread put together I just wanted to get it up yesterday.
As for doing it through shell scripts the reason its binary is because if /system is mounted or any prebuilt binary has a dependency on a shared library it makes it extremely difficult some times impossible to stop services and unmount /system and such.
But I hope to have everything finish by the end of the day.
Sent from my XT907 using XDA Free mobile app
whgarner said:
I have an asus aa3-600-ur10
android 4.2.2
Intel Celeron J1850 Quad-core 2 GHz
21.5" Full HD (1920 x 1080) 16:9
Intel HD Graphics with Shared Memory
2 GB, DDR3 SDRAM
500 GB HDD
The problem I'm having is no usb debugging, only debugging via lan. I can get adb to work but not working with fastboot in the bootloader(droidboot). I have a post about it in this section, search for "aa3-600"
b.g.
Click to expand...
Click to collapse
You use Linux or windows? If Linux, you may need to use my fastboot binary, anyway if using Linux while in fastboot mode use terminal type lsusb.
Do you see your device listed?
Sent from my T1 using XDA Free mobile app
Root!
Thank you for this!
I successfully rooted my V8 3830 KK4.4 V1.33 no modem with T3 - in about 4 mins. tops.
FYI:
I connected and launched the launcher from the IntellAndroid-FBRL folder. Typed ACCEPT and got the green screen. Chose T3. The tablet rebooted into fastboot and files where loaded, But then fastboot turned red and said "device unauthorized" when CWM popped onto my tablet. (maybe it's suppose to do that, DK) and yes, US debugging was on, I flashed the SU zip, rebooted, all is well. SU updated and working fine. I was able to remove all the crapwear. :laugh:
thank you SDC!
Quick question - Do any of the intel devices have unlocked bootloader?? Thought I read somewhere somebody was able to install a factory 4.3 or 4.2 on a Dell venue and the bootloader unlocked?
ZTE Blade Vantage (Z839)
Verizon Wireless (Prepaid)
Specs & Information Guide
The ZTE Blade Vantage (Z839), released by Verizon on October 5, 2017, is a budget smartphone packing a ton of mid to high end features, and is Verizon's very first LTE only smartphone. The Z839 has the following basic specifications:
Android Version: 7.1.1 Nougat
CPU Platform: Qualcomm Snapdragon 210 (MSM8909)
1.1 GHz Quad Core ARM Cortex A7 (32 Bit)
GPU: Qualcomm Adreno 304
Display: 5.0" TFT (FWVGA) LCD, 196ppi (480x854)
Battery Li-Ion 2500 mAh Removable
23.4h Talk; 312h Standby
Storage: 16GB (Supports up to 256GB external micro SD; OTG USB support)
RAM: 2GB
Weight: 5.29oz (150 g)
Connectivity: Qualcomm X5 LTE Modem
LTE Bands 2, 4, 5, 13 (LTE Cat 4)
Band 2 / 1900MHz (PCS)
Band 4 / 1700MHz (AWS)
Band 5 / 850MHz (Cellular)
Band 13 / 750MHz (Upper 700)
Bluetooth: 4.0
SIM: Nano
Headphone: 3.5mm Jack
Telephony: HD Voice; VoLTE; WiFi Calling
Camera 8MP Rear; 2MP Front
As to the filesystem of this device, the Z839 operates on an SD/eMMC partition type. The 16GB eMMC is comprised of a 3.5GB /system partition, a 2GB /cache partition, and an 8.7GB /userdata partition, all formatted by way of the ext4 file system. In addition, the eMMC is formatted with 27 additional partitions for various system and radio firmware functions (/modem, /boot, /recovery, etc.).
Initial inspection of the Z839 indicates that, following Verizon's typical policy, the bootloader is locked. I have not yet explored possible exploits or manufacturer support forums for unlocking the Z839 bootloader. Regarding root access, the Z839 features an Android 7.1 1 Nougat build which does not appear vulnerable to the typical one-click root methods, such as KingRoot or KingoRoot. Thus, in theory, and by a plethora of personal experience, it will be almost imperative, in order to gain root access of the stock OS, to unlock the Z839 bootloader. Subsequently, flashing a custom recovery should be possible. Then, a SuperSU or Magisk systemless root package may be installed from custom recovery to achieve superuser access of the stock Nougat ROM.
Because the Z839 is a newly released smartphone (October 5th, 2017), development on the device seems to be in the very early stages. For the price, my personal experience with this phone has been absolutely great. I intend this thread to be a gathering place for interested developers, contributors, and enthusiasts to explore, hypothesize, theorize, and eventually develop custom recoveries, ROMs, kernels, etc., for the ZTE Blade Vantage (Z839).
Oh hell yea !!!
MotoJunkie01 said:
ZTE Blade Vantage (Z839)
Verizon Wireless (Prepaid)
Specs & Information Guide
The ZTE Blade Vantage (Z839), released by Verizon on October 5, 2017, is a budget smartphone packing a ton of mid to high end features, and is Verizon's very first LTE only smartphone. The Z839 has the following basic specifications:
Android Version: 7.1.1 Nougat
CPU Platform: Qualcomm Snapdragon 210 (MSM8909)
1.1 GHz Quad Core ARM Cortex A7 (32 Bit)
GPU: Qualcomm Adreno 304
Display: 5.0" TFT (FWVGA) LCD, 196ppi (480x854)
Battery Li-Ion 2500 mAh Removable
23.4h Talk; 312h Standby
Storage: 16GB (Supports up to 256GB external micro SD)
RAM: 2GB
Weight: 5.29oz (150 g)
Connectivity: Qualcomm X5 LTE Modem
LTE Bands 2, 4, 5, 13 (LTE Cat 4)
Band 2 / 1900MHz (PCS)
Band 4 / 1700MHz (AWS)
Band 5 / 850MHz (Cellular)
Band 13 / 750MHz (Upper 700)
Bluetooth: 4.0
SIM: Nano
Headphone: 3.5mm Jack
Telephony: HD Voice; VoLTE; WiFi Calling
Camera 8MP Rear; 2MP Front
As for the partition index/filesystem, the Z839 operates on an SD/eMMC partition type. The 16GB eMMC is comprised of a 3.5GB /system partition, a 2GB /cache partition, and an 8.7GB /userdata partition, all formatted by way of the ext4 file system. In addition, the eMMC is formatted with 27 additional partitions for various system and radio firmware functions (/modem, /boot, /recovery, etc.).
Initial inspection of the Z839 indicates that, following Verizon's typical policy, the bootloader is locked. I have not yet explored possible exploits or manufacturer support forums for unlocking the Z839 bootloader. Regarding root access, the Z839 features an Android 7.1 1 Nougat build which does not appear vulnerable to the typical one-click root methods, such as KingRoot or KingoRoot. Thus, in theory, and by a plethora of personal experience, it will be almost imperative, in order to gain root access of the stock OS, to unlock the Z839 bootloader. Subsequently, flashing a custom recovery should be possible. Then, a SuperSU or Magisk systemless root package may be installed from custom recovery to achieve superuser access of the stock Nougat ROM.
Because the Z839 is a newly released smartphone (October 5th, 2017), development on the device seems to be in the very early stages. For the price, my personal experience with this phone has been absolutely great. I intend this thread to be a gathering place for interested developers, contributors, and enthusiasts to explore, hypothesize, theorize, and eventually develop custom recoveries, ROMs, kernels, etc., for the ZTE Blade Vantage (Z839).
Click to expand...
Click to collapse
OK I don't Have the Device Yet...
BUT I am here and Team_Astr4y4L's Got your back!
Brother If you need anything from us over here you just name it and we're on it !!
Attention XDA Take notice; you have in your presence the Koolest Tower-climbing Rom developer I know !! If it can be done @MotoJunkie01 with the help of his Friends will make it reality !!!
@MotoJunkie01 Brother we will be watching this closely...
you know how we feel Over here about Big-Red ... LOL
Astr4y4L
Team_Astr4y4L
As always, your continued support and assistance are beyond value. By the way, you may know the answer to this. I have a new BLU Studio M4 with a Spreadtrum sp7731 processor. I'm having trouble finding proper USB drivers for my Windows 10 PC. Are you familiar with this chipset?
MotoJunkie01 said:
As always, your continued support and assistance are beyond value. By the way, you may know the answer to this. I have a new BLU Studio M4 with a Spreadtrum sp7731 processor. I'm having trouble finding proper USB drivers for my Windows 10 PC. Are you familiar with this chipset?
Click to expand...
Click to collapse
you can try to follow this Here
https://forum.hovatek.com/thread-827.html
it deals with
[Tutorial] How to manually install Spreadtrum USB drivers on a Windows PC
wow copy past was kinda size-crazy there ...LOL
but it's dated Oct 2013
but again,
it references in first paragraph
Disable driver signature verification enforcement if using a Windows 7, 8, 8.1 or 10 PC (see https://forum.hovatek.com/thread-752.html )
SO maybe this will work for you Bro.
IDK not familiar with the platform personally but I do Know
WINDOWS-BLOW's ..
noticed that it's also used in several of the newer Samsung devices also...
Astr4y4L said:
you can try to follow this Here
https://forum.hovatek.com/thread-827.html
it deals with
[Tutorial] How to manually install Spreadtrum USB drivers on a Windows PC
wow copy past was kinda size-crazy there ...LOL
but it's dated Oct 2013
but again,
it references in first paragraph
Disable driver signature verification enforcement if using a Windows 7, 8, 8.1 or 10 PC (see https://forum.hovatek.com/thread-752.html )
SO maybe this will work for you Bro.
IDK not familiar with the platform personally but I do Know
WINDOWS-BLOW's ..
noticed that it's also used in several of the newer Samsung devices also...
Click to expand...
Click to collapse
Thank you. Yes that did work. Disabling kernel signing was necessary on my Windows 10 (64 bit) setup first.
Well I tried.
Okies so I did actually try to unlock the bootloader. I plugged it in then used the
Code:
adb devices
command, it showed up so then after trying
Code:
adb reboot bootloader
it just booted regularly. So I decided to use
Code:
adb reboot recovery
, it went into recovery mode. But when I tried
Code:
fastboot devices
nothing happened. I then tried to put it in to bootloader mode using the key combo and still
Code:
fastboot devices
did not do anything so this leads me to believe that for some reason the fastboot command doesn't recognise that there is anything attached. Not sure where to go from there, so I am calling it a night for now. I will likely try again sometime tomorrow or the next day as I have them off. Good luck to anyone who tries after this post.
Ubervillin said:
Okies so I did actually try to unlock the bootloader. I plugged it in then used the command, it showed up so then after trying it just booted regularly. So I decided to use , it went into recovery mode. But when I tried nothing happened. I then tried to put it in to bootloader mode using the key combo and still did not do anything so this leads me to believe that for some reason the fastboot command doesn't recognise that there is anything attached. Not sure where to go from there, so I am calling it a night for now. I will likely try again sometime tomorrow or the next day as I have them off. Good luck to anyone who tries after this post.
Click to expand...
Click to collapse
Yeah, just like LG, ZTE oftentimes disables fastboot mode on their devices, making it all the more difficult -- if not nearly impossible -- to unlock the bootloader or achieve systemless root. If I can find stock firmware for the Z839, I will try to reverse engineer the boot chain, and try to find a workaround to get into fastboot.
Hello I have the ZTE Blade Vantage (z839) and when I click activate account on Message+ it says please wait starting service for like a second and goes off. It never activates. Please help
Hey @MotoJunkie01,
Any more news on this device?
Team Astr4y4L's looking at it again.
I'm doing Gofer Work.
@MotoJunkie01
How far is the development going on for this device and also does any know how to root this device?
from what I can tell Root will require some sort of exploit to unlock the bootloader.
it's msm8909 so there may be a firehose file for another zte msm8909 device and that may let us play with QFIL and QXDM.
I am digging everywhere trying to just find a stock firmware file for it. and coming up empty
George_Jetson said:
from what I can tell Root will require some sort of exploit to unlock the bootloader.
it's msm8909 so there may be a firehose file for another zte msm8909 device and that may let us play with QFIL and QXDM.
I am digging everywhere trying to just find a stock firmware file for it. and coming up empty
Click to expand...
Click to collapse
Yeah, due to its locked down bootloader and lack of factory images, development has failed to get off the ground for this device. Shame too, it has great specs for a budget smartphone. I'm pretty sure there are some available firehose files for the Qualcomm chipset. I had the same thoughts. If the stock boot image could be patched for systemless root, there is a chance we could push the patched boot image with QFIL. But where to get stock images is the key.
Hi, ZTE BLADE VANTAGE only comes w/ LTE Mobile Network Settings. I'd like to know if it's going to be posible in the future to change this option to Global Setting (and how?) so it could be use internationally. Thanks..
MotoJunkie01 said:
ZTE Blade Vantage (Z839)
Verizon Wireless (Prepaid)
Specs & Information Guide
The ZTE Blade Vantage (Z839), released by Verizon on October 5, 2017, is a budget smartphone packing a ton of mid to high end features, and is Verizon's very first LTE only smartphone. The Z839 has the following basic specifications:
Android Version: 7.1.1 Nougat
CPU Platform: Qualcomm Snapdragon 210 (MSM8909)
1.1 GHz Quad Core ARM Cortex A7 (32 Bit)
GPU: Qualcomm Adreno 304
Display: 5.0" TFT (FWVGA) LCD, 196ppi (480x854)
Battery Li-Ion 2500 mAh Removable
23.4h Talk; 312h Standby
Storage: 16GB (Supports up to 256GB external micro SD; OTG USB support)
RAM: 2GB
Weight: 5.29oz (150 g)
Connectivity: Qualcomm X5 LTE Modem
LTE Bands 2, 4, 5, 13 (LTE Cat 4)
Band 2 / 1900MHz (PCS)
Band 4 / 1700MHz (AWS)
Band 5 / 850MHz (Cellular)
Band 13 / 750MHz (Upper 700)
Bluetooth: 4.0
SIM: Nano
Headphone: 3.5mm Jack
Telephony: HD Voice; VoLTE; WiFi Calling
Camera 8MP Rear; 2MP Front
As to the filesystem of this device, the Z839 operates on an SD/eMMC partition type. The 16GB eMMC is comprised of a 3.5GB /system partition, a 2GB /cache partition, and an 8.7GB /userdata partition, all formatted by way of the ext4 file system. In addition, the eMMC is formatted with 27 additional partitions for various system and radio firmware functions (/modem, /boot, /recovery, etc.).
Initial inspection of the Z839 indicates that, following Verizon's typical policy, the bootloader is locked. I have not yet explored possible exploits or manufacturer support forums for unlocking the Z839 bootloader. Regarding root access, the Z839 features an Android 7.1 1 Nougat build which does not appear vulnerable to the typical one-click root methods, such as KingRoot or KingoRoot. Thus, in theory, and by a plethora of personal experience, it will be almost imperative, in order to gain root access of the stock OS, to unlock the Z839 bootloader. Subsequently, flashing a custom recovery should be possible. Then, a SuperSU or Magisk systemless root package may be installed from custom recovery to achieve superuser access of the stock Nougat ROM.
Because the Z839 is a newly released smartphone (October 5th, 2017), development on the device seems to be in the very early stages. For the price, my personal experience with this phone has been absolutely great. I intend this thread to be a gathering place for interested developers, contributors, and enthusiasts to explore, hypothesize, theorize, and eventually develop custom recoveries, ROMs, kernels, etc., for the ZTE Blade Vantage (Z839).
Click to expand...
Click to collapse
Here is the B20 firmware package (Z839V1.0.0B20) it also includes the firehose for this device allowing you to use QPST/MiFlash to restore your device or to flash custom boot.img's among other things.
https://www.androidfilehost.com/?fid=1395089523397895595
Separate download with just the firehose, rawprogram0.xml, patch0.xml
https://www.androidfilehost.com/?fid=1395089523397895596
I have also uploaded a few other tidbits that aren't super useful but maybe will help someone down the line:
Verizon Repair APN tool (Could be useful if you break something)
https://www.androidfilehost.com/?fid=1395089523397895588
ZPST for the ZTE MultiDL Tool (Not useful unless you have the ZTE MultiDL Tool)
FRP/Kill Switch Reset tool (Requires License file so not useful)
https://www.androidfilehost.com/?fid=1395089523397895587
Any updates on this device?
It's been a while since this device has come out, and now we have more available files for it. Is anyone interested in looking into maybe rooting this device?
Would be super awesome if someone could root it!! If I was any better at this I would give it a shot but I am not there yet lol!
When I power on my zte z839 am stuck on bootloop,and even when I plug my charger my phone powers on and sticks on bootloop. I need a solution pals. Moseti(Kenya).
Hey everyone. It seems that there is now a bootloader unlock for this device. Anyone want to look into this?
https://forum.xda-developers.com/android/software/bootloader-unlocking-qualcomm-zte-t4100897
still no easy way to root this device? or any successful way?
Hey everybody! Thanks for your help in advance. I also have the ZTE Z839 and I want to use it with a carrier other than verison when I try to unlock the phone, it asks for a verification code. I got the code from cx service however it said incorrect code. The cx rep. had only 1 code and it didnt work! then he simply said either I can get verison service or the phone is incapable of using on other networks......... Duh why would there be a option in settings to use with different carrier and ask for a code if it is incapable? I tried tech support also to no avil. Ive spent hours on hold with cx and have troubleshot in every way I know how. Can anybody confirm if this is even possible or not and what is the code or should I just give up?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Software root method for MediaTek MT67xx, MT816x, and MT817x!
So it's no big secret that not too long ago, I found a way to achieve temporary root on MediaTek chipsets. No preinstalled root solution or device unlock was needed. The tool I created, MTK-SU, was originally aimed at helping Amazon Fire HD owners to easily root and unlock their tablets. (Without it, most models need a hardware mod to achieve root & unlock. This tool made rooting accessible to many times the number of owners. It also made possible to root the Fire TV gen 2.) But funny story: this method actually works on virtually all of MediaTek's 64-bit chips. Many devices of various vendors have already been confirmed.
So in case it's not clear, what mtk-su does is give you a root shell to do with as you please. It's like running 'su', but without the need to have su installed. That may be a holy grail for locked devices. On some devices, it may be possible to install a root manager for permanent root using mtk-su as a springboard.
The original thread is here: Rapid Temporary Root for HD 8 & HD 10. It's a great resource for info. But please avoid posting there about non-Amazon devices. This new thread is a catchall topic for other devices and vendors.
DISCLAIMERAnything you do that is described in this thread is at your own risk. No one else is responsible for any data loss, corruption or damage of your device, including that which results from bugs in this software. There is a nonzero chance of any of these events happening as a result of using the tools or methods here.
REQUIREMENTSMastery of the Thanks button under XDA posts
A phone or tablet based on Mediatek MT67xx, MT816x, MT817x or MT6580 chipsets
Either:
A PC with ADB installed to interact with your device, or
A terminal emulator app
Familiarity with ADB (if using PC) and basic Linux shell commands
You agree to post the model name of any unconfirmed device which ran mtk-su successfully
INSTRUCTIONS FOR ADB
Make sure you meet all the requirements listed above, especially the first and last ones.
Download the current mtk-su zip file to your PC and unzip it. Inside will be 2 directories: 'arm' & 'arm64' with an 'mtk-su' binary in each. Pick one for your device. Differences between the flavors:
arm64: 64-bit kernel and userspace
arm: 32-bit userspace on a 64-bit or 32-bit kernel (will also work in 64-bit userspace)
Connect your device to ADB and push mtk-su to your /data/local/tmp folder
adb push path/to/mtk-su /data/local/tmp/
Open an adb shell
adb shell
Change to your tmp directory
cd /data/local/tmp
Add executable permissions to the binary
chmod 755 mtk-su
At this point keep your device screen on and don't let it go to sleep. Run the command
./mtk-su
It should only take a second or two. If the program gets stuck for more than a few seconds and your device is awake, press Ctrl+C to close it.
The -v option turns on verbose printing, which is necessary for me to debug any problems.
The output of ./mtk-su -v is similar to this:
Spoiler
Code:
$ ./mtk-su -v
param1: 0x3000, param2: 0x18040, type: 2
Building symbol table
kallsyms_addresses pa 0x40bdd500
kallsyms_num_syms 70337, addr_count 70337
kallsyms_names pa 0x40c66d00, size 862960
kallsyms_markers pa 0x40d39800
kallsyms_token_table pa 0x40d3a100
kallsyms_token_index pa 0x40d3a500
Patching credentials
Parsing current_is_single_threaded
ffffffc000354868+50: ADRP x0, 0xffffffc000fa2000
ffffffc000354868+54: ADD xd, x0, 2592
init_task VA: 0xffffffc000fa2a20
Potential list_head tasks at offset 0x340
comm swapper/0 at offset 0x5c0
Found own task_struct at node 1
cred VA: 0xffffffc0358ac0c0
Parsing avc_denied
ffffffc0002f13bc+24: ADRP x0, 0xffffffc001113000
ffffffc0002f13bc+28: LDR [x0, 404]
selinux_enforcing VA: 0xffffffc001113194
Setting selinux_enforcing
Switched selinux to permissive
starting /system/bin/sh
UID: 0 cap: 3fffffffff selinux: permissive
#
Some other options:
mtk-su -c <command>: Runs <command> as root. Default command is /system/bin/sh.mtk-su -s: Prints the kernel symbol tablemtk-su -Z <context>: Runs shell in a new selinux context. Example: ./mtk-su -Z u:r:logd:s0If you see any errors other than about unsupported or incompatible platform or don't get a root shell, report it here. When reporting a problem with a device, please post a link to the firmware and/or the kernel sources.
Please post the model of any device that works with mtk-su that's not already confirmed.
Important: in rare cases, it may be necessary to run the tool multiple times before you hit UID 0 and get selinux permissive. If you don't achieve root on a particular run, the "UID: N cap: xxxxx...." line will reflect that. If it doesn't say "UID: 0 cap: 3fffffffff selinux: permissive", type exit to close the subshell and try mtk-su again.
WARNING If you have a device with Android 6 or higher, it likely has dm-verity enabled. On such a device one does not simply remount the system partition as read/write. The remount command will probably fail. But if you succeed in forcing it somehow it will trigger dm-verity, which will result in a very bad day. Your device will become inoperable until you restore the stock system partition.
DOWNLOADCurrent Version
Release 23
Spoiler: Changelog
Release 23 - August 24, 2020
Add support for some early Linux 3.10 tablet firmware
Add support for kernels with some debug features enabled
Release 22 - May 8, 2020
Expand kernel support
Enable seccomp handling for Android 8
Release 21 - March 14, 2020
Add support for more devices
Fix seccomp on 3.18 arm kernels
Release 20 - Dec 28, 2019
Add support for MT6580
Add support for some MT8183 versions
Fix handling of some 32-bit 4.x kernels with stack protection
Move to NDK build
Release 19 - October 20, 2019
Add -Z option for setting custom selinux context
Fix seccomp on armv7
Fix seccomp handling on late-revision 3.18 kernels
Improve error printing for critical failures
Strip supplementary groups in root shell
Do not spawn root shell on critical failures
Release 18 - July 29, 2019
Add support for kernel address space layout randomization (KASLR)
Change status output format
Release 17 - July 13, 2019
Fix missing capabilities under adb shell in Android 9.x
Disable seccomp in app mode of Android 9.x
Add support for MT6771 on Android 8.x
Reliability improvements
Release 16 - June 9, 2019
Add support for 32 & 64-bit kernels compiled with CONFIG_KALLSYMS_BASE_RELATIVE
Add support for MT676x on Android 7.x
Speedups
Release 15 - May 29, 2019
Run shell/command in global mount namespace -- mounting from apps is now visible to the whole system
Release 14 - May 22, 2019
Remove restriction for adb shell initial run on Android 8.0+
Add support for 32-bit kernels compiled under Android 8.0+
Add initial support for MT6771 on Android 9+
Minor bug fixes
Release 13 - May 16, 2019
Improve stack protection detection -- add support for some armv7-kernel 3.x phones
Release 12 - April 26, 2019
Unify the arm and armv7-kernel binaries into one
Support Linux 4.9.x
Improve speed and possibly reliability
Fix arm64 support for phones on kernel 3.10.65
Fix stack protection workaround for armv7 kernels
Update readme file
Release 11 - April 10, 2019
Fix up and enable rooting for 32-bit kernels -- first such device confirmed (thanks @anthonykb)
Improve criteria for detecting strong stack protection
Release 10 - April 7, 2019
Fix support for the latest Oreo devices
Add compatibility for kernels with stack protection (Nokia phones)
Improve reliability
Initial support for 32-bit (armv7) kernels -- needs testing
Release 9 - April 1, 2019
Confirmed support for at least some Oreo devices
Fix bugs with R8
Release 8 - March 30, 2019 (REMOVED)
Lay the groundwork for Oreo devices
Improve performance
Improve reliability
Release 7 - March 17, 2019
Add/fix support for many Linux ver. ≤ 3.18.22 devices
Fix arm binary on Fire HD 10
Release 6 - March 13, 2019
Add support for some devices with kernel 4.4.x (MT8167 confirmed by @cybersaga)
Minor bug fixes
Release 5 - March 7, 2019
Support kernels with CONFIG_KALLSYMS_ALL disabled
Improve reliability
Release 4 - March 4, 2019
Improve compatibility with phones
Support Fire TV 2 new FW
Minor bug fixes
Improve reliability
Release 3 - March 1, 2019
Add support for HD 10 7th gen
Add support for 3.10 kernel layout
Add possible support for MT67xx phones
Improve reliability
Release 2 - Feb. 27, 2019
Add support for HD 8 8th gen and 32-bit only user stacks
FAQI got the error, "This firmware cannot be supported". What's up with that?
This means that your device's firmware is not prone to the mechanism used by mtk-su. It may be a new device or it may have started from a firmware update. It will not be feasible to add root support for the current or future firmware versions. Check the last supported firmware version in post 4. If the last working FW is not listed and your device used to work with mtk-su, please report the last working version and/or your current version. In those cases, it may be possible to get mtk-su support by downgrading the firmware.
I got the error, "Firmware support not implemented". What gives?
That means that mtk-su does not recognize the type of firmware on your device. While It's technically possible to add basic detection, most of the time this error happens on devices that have already blocked mtk-su access. So implementing it would only kick the can down the road and probably lead to a, "This firmware cannot be supported" message (see above). If your device has Android 10+ or a security patch level at 03-2020 or higher, or if your firmware is newer than the last compatible version in post 4, there is no need to report this error.
Will this work on my phone?
Yes, it will work on your phone, unless it doesn't. But to be serious, there is no point in asking this question. If you have the device in hand, it is much quicker to just try out the above procedure than to wait for a response. You are usually the best person to answer that question. If your device is listed among the confirmed models or, to a lesser extent, your chipset is supported, that's a good indication that mtk-su will succeed, but that is not guaranteed. You should report your success or failure in this thread, along with the requested materials if it fails.
Why don't you reply to my post?
I read every post in this thread, and respond to practically every post that warrants a response. Sometimes I will only click a Thanks as an acknowledgement. The reasons I may not answer your question are:
It has already been answered in the FAQ or multiple times in the thread.
Your post is unrelated to this project. It may be specific to your device, which would make it off topic for this thread.
Your question is extremely vague and you appear to be intentionally leaving out basic information (e.g. fishing).
After getting a root shell I'm still getting 'permission denied' errors. WTH?
It may be that selinux is still being enforced. Having root with selinux enabled somehow ends up being more restrictive than a normal shell user. First, check that mtk-su succeeded in setting selinux to permissive by running getenforce. If it says Enforcing, then exit your shell and run mtk-su again.
Will this work on an MT65xx or MT8127?
There is no support for most 32-bit chips. But there may be a couple where it's possible.
Does this thing unlock the bootloader?
No, it does nothing to unlock the bootloader.
I ran mtk-su successfully, but my apps still don't have root permissions.
Mtk-su does not give apps root permissions. It is not a permanent root solution in and of itself. It opens a command shell that has root and administrative capabilities within the context of that shell. It's up to you what you want to do with it. But also, there is a way to load Magisk using this tool without the need to unlock your bootloader. Just follow this guide.
How does this tool work?
It overwrites the process credentials & capabilities in the kernel in order to gain privileges. It also turns off selinux enforcement by overwriting the kernel's selinux_enforcing variable. As for how it accesses that memory, the tool involves making use of the vulnerability known as CVE-2020-0069.
Can I include mtk-su in my app or meta-tool?
Generally speaking, you may not distribute any mtk-su zip or binaries with your software. That includes doing any automatic download of those files into your app. You can still use it with your tools. But you should ask your users to visit this thread and download the current release zip themselves. No apps have been permitted to bundle or auto-download mtk-su.
CREDITS
Thank you to everyone who has tested and provided feedback to help me add support for the large variety of MTK-based devices out there. There are simply too many people to list.
MediaTek, Inc., who leave holes and backdoors in their OS to make software like this possible :good:
Thank you to everyone who has donated. You're the best!
INSTRUCTIONS FOR TERMINAL APPYou can optionally run mtk-su on a terminal emulator such as Terminal Emulator for Android (recommended) or Termux. The basic idea is to copy the executable to the terminal app's internal directory and run it from there. These are the instructions for Termux, but a similar procedure applies to all terminal shell apps.
Make sure you meet all the requirements from the first post, especially the first and last ones.
Download the current mtk_su zip to your device and unzip it. Take note of where you extracted it. Pick the variant that fits your device. (See above.)
Open Termux and copy the mtk-su binary to its home directory, which in this case is the shell's initial working directory.
General idea: cp path/to/mtk-su ./
For example,
cp /sdcard/mtk-su_r14/arm64/mtk-su ./
For this to work, you have to enable the Storage permission for your term app. Do not try to circumvent the cp command with clever copying methods involving file managers or external tools. Mtk-su will not get the right permissions that way.
Make file executable
chmod 700 mtk-su
Run the program
./mtk-su
If mtk-su fails, post the output of ./mtk-su -v here along with a link to firmware and/or kernel sources, if possible.
Note that for most terminal shell apps, the internal app directory is stored in the variable $HOME. So in general you would do
cd
cp path/to/mtk-su ./
chmod 700 mtk-su
./mtk-su
PROJECTS USING THIS TEMP ROOT
Partition Backup Helper for Termux by @mrmazak
Creates a script that automatically backs up your device's partitions, which may come in handy for repairs or experimenting.
Full bootless root with Magisk (for 20.x to 21.4) by @diplomatic
Loads Magisk without modifying the firmware.
Full bootless root with Magisk for 22.x+ by @HemanthJabalpuri
Loads the latest Magisk version without modifying the firmware.
Status
NOTE: Any firmware update released after March, 2020 is bound to block this temp root. Think twice before updating your device if you would like to keep using mtk-su.
Confirmed Devices
Acer Iconia One 10 B3-A30/B3-A40/B3-A50 series
Acer Iconia One 8 B1-860 series
Acer Iconia Talk S
Alba tablet series
Alcatel 1 5033 series
Alcatel 1C
Alcatel 3L (2018) 5034 series
Alcatel 3T 8
Alcatel A5 LED 5085 series
Alcatel A30 5049 series
Alcatel Idol 5
Alcatel/TCL A1 A501DL
Alcatel/TCL LX A502DL
Alcatel Tetra 5041C
Alcatel U5 / Orange Rise 52
Alldocube iPlay10 Pro
Alldocube iPlay8
Amazon Fire 7 2019 -- up to Fire OS 6.3.1.2 build 0002517050244 only
Amazon Fire HD 8 2016 -- up to Fire OS 5.3.6.4 build 626533320
Amazon Fire HD 8 2017 -- up to Fire OS 5.6.4.0 build 636558520 only
Amazon Fire HD 8 2018 -- up to Fire OS 6.3.0.1 only
Amazon Fire HD 10 2017 -- up to Fire OS 5.6.4.0 build 636558520 only
Amazon Fire HD 10 2019 -- up to Fire OS 7.3.1.0 only
Amazon Fire TV 2 -- up to Fire OS 5.2.6.9 only
ANRY S20
ASUS ZenFone 3 Max ZC520TL
ASUS ZenFone Max Plus X018D
ASUS ZenPad 3s 10 Z500M
ASUS ZenPad Z3xxM(F) MT8163-based series
Barnes & Noble NOOK Tablet 7" BNTV450 & BNTV460
Barnes & Noble NOOK Tablet 10.1" BNTV650
Blackview A8 Max
Blackview BV9600 Pro (Helio P60)
BLU Life Max
BLU Life One X
BLU R1 series
BLU R2 LTE
BLU S1
BLU Tank Xtreme Pro
BLU Vivo 8L
BLU Vivo XI
BLU Vivo XL4
Bluboo S8
BQ Aquaris M4.5
BQ Aquaris M8
CAT S41
Coolpad Cool Play 8 Lite
Coolpad Legacy S(R)
Cubot Power
Doogee X70
Dragon Touch K10
Echo Feeling
Evercoss Genpro X Pro S50
Gionee F103 Pro
Gionee M7
Gionee S9
HiSense Infinity H12 Lite
HTC Desire 12
HomTom HT20
Huawei GR3 series
Huawei Y5II
Huawei Y6II MT6735 series
ION Gravity
Lava Iris 88S
Lenovo A5
Lenovo C2 series
Lenovo Tab E7
Lenovo Tab E8
Lenovo Tab2 A10-70F
Lenovo Tab3 10
Lenovo Vibe K5 Note
LG K8+ (2018) X210ULMA (MTK)
LG K10--K430 series
LG K10 (2017)
LG K50
LG Q7 (MTK)
LG Stylo 4 (MTK) -- up to Q710AL11k
LG Tribute Dynasty
LG X power 2/M320 series (MTK)
LG Xpression Plus 2/Harmony 3/K40 LMX420 series
Lumigon T3
Meizu M5c
Meizu M6
Meizu Pro 7 Plus
Motorola Moto C series
Motorola Moto E3 series (MTK)
Motorola Moto E4 series (MTK)
Nokia 1
Nokia 1 Plus
Nokia 3
Nokia 3.1
Nokia 3.1 Plus
Nokia 5.1
Nokia 5.1 Plus/X5
Odys PACE 10 (MT8163)
Onn 7" Android tablet
Onn 8" & 10" tablet series (MT8163) -- up to 10/2019 FW only
Oppo A59 series
Oppo A5s -- up to A.30 only
Oppo A7x -- up to Android 8.x
Oppo F5 series/A73 -- up to A.39
Oppo F7 series -- Android 8.x only
Oppo F9 series -- Android 8.x only
Oppo R9xm series
Oukitel K6
Oukitel K9
Oukitel K12
Oukitel U18
Philips E518
Protruly D7
RCA Voyager III - RCT6973W43MDN
Realme 1
Realme 3
Snopow M10 series
Sony Xperia C4
Sony Xperia C5 series
Sony Xperia L1
Sony Xperia L3
Sony Xperia M5 series
Sony Xperia XA series
Sony Xperia XA1 series
Southern Telecom Smartab ST1009X (MT8167)
Teclast M30
TECNO Spark 3 series
Umidigi F1 series
Umidigi Power
Verizon Ellipsis 10 HD QTAXIA1
Vernee Mix 2
Wiko Ride
Wiko Sunny
Wiko View3
Xiaomi Redmi 6/6A series
ZTE Blade 10 Prime
ZTE Blade A530
ZTE Blade A7 Prime
ZTE Blade D6/V6
ZTE Blade V8 Lite
ZTE Quest 5 Z3351S
ZTE Voyage 4S/Blade A611/Blade A610
Support Problematic*
Most/all Vivo phones
Most/all Huawei/Honor models with Android 8+
Most Oppo phones in app mode
Oppo F11 -- up to CPH1911EX_11_A.22 only
Most/all Samsung MTK-based phones
Supported Chipsets
Including, but not limited to: MT6735, MT6737, MT6738, MT6739, MT6750, MT6752, MT6753, MT6755, MT6757, MT6758, MT6761, MT6762, MT6763, MT6765, MT6771, MT6779, MT6795, MT6797, MT6799, MT8163, MT8167, MT8173, MT8176, MT8183, MT6580, MT6595
* These devices typically use kernel modifications to deter root access via exploits. But this temp root method can still attain root on most of these models in theory. However, I will not be adding support for such non-standard kernels in the main release versions. A tailored version of mtk-su can be made to handle a protected kernel in a specific firmware. This is not something I'm usually motivated to do. But it's possible to make such a version if you can somehow encourage me.
Re-re-reserved
Great work mate!! I would liked to of kept secret till I got myself a new Sony L3 and backup the ta thought.
:laugh:
:highfive:
LOL... thanks!
Don't worry man, no one reads this forum
Great work. Having used both a hardware root method and this method on a pair of devices I have, mtk-su was waaaaaaay easier to work with. Big thanks!
looks great ...i want to try it on a Vodafone carrier branded mtk67__ device in Spain / Europe to see what happens ...
ultimately i would want to use su to pull a copy of stock recovery to sd card / that and boot partition.img
what about after pulling stock recovery & porting twrp i flash twrp with flashfire or similar and after booting directly to recovery flash dm-verity disable .zip ...
reason being that bootloader is locked and this device is on marshmallow ...
*so my question is ...
will mounting rw on marshmallow trip dm-verity immediately and bootloop instantly or only on reboot ...if it's on reboot it would serve my purpose ..
* next question is if im running as su in shell how will I "give" escalated privileges to third party apk like flashfire for example or is it possible to disable dm-verity from root shell using commands ?
or installing mixplorer with root privileges for examle ..
KevMetal said:
looks great ...i want to try it on a Vodafone carrier branded mtk67__ device in Spain / Europe to see what happens ...
ultimately i would want to use su to pull a copy of stock recovery to sd card / that and boot partition.img
what about after pulling stock recovery & porting twrp i flash twrp with flashfire or similar and after booting directly to recovery flash dm-verity disable .zip ...
reason being that bootloader is locked and this device is on marshmallow ...
*so my question is ...
will mounting rw on marshmallow trip dm-verity immediately and bootloop instantly or only on reboot ...if it's on reboot it would serve my purpose ..
* next question is if im running as su in shell how will I "give" escalated privileges to third party apk like flashfire for example or is it possible to disable dm-verity from root shell using commands ?
or installing mixplorer with root privileges for examle ..
Click to expand...
Click to collapse
@diplomatic made a good outline of the the steps to "jump" into full root. At least until rebooted.
I will add the link to the post, but keep the discussion that follows , here in this thread
*Copied from post https://forum.xda-developers.com/showpost.php?p=79348378&postcount=569
diplomatic said:
For advanced users or devs: here's a general overview for a method to get root with Magisk without having to modify your boot image.
Get a Magisk zip file and extract the magiskinit binary. Push magiskinit to your device.
Extract the magisk binary from magiskinit with ./magiskinit -x magisk
Make a symbolic link to (or a copy of) magiskinit and call it magiskpolicy.
Make a symbolic link to (or a copy of) magisk and call it su.
Make a small ext4 image of about 2 to 4MB (using something like make_ext4fs -J -l 2MB). In it, place Magisk's magisk and su binaries. The su binary could be either a link to magisk or a copy of it. (Idea borrowed from @k4y0z's unlock method.)
Get a root shell with mtk-su
Patch the running sepolicy with a magisk context using ./magiskpolicy --live --magisk 'allow magisk * * *' .
Start a temporary Magisk daemon with ./magisk --daemon
Start a temporary Magisk root shell with ./su. This may involve prompts from Magisk Manager.
Check to make sure the new root shell has the context u:r:magisk:s0. Don't proceed if it's not that context.
From the magisk context shell, mount the ext4 image to /system/xbin with
losetup /dev/block/loop0 magisk.img
mount /dev/block/loop0 /system/xbinYou may be able to combine those 2 commands into one, but I wasn't able to on my device.
Kill the temporary magisk daemon with killall magiskd. The point of this is to launch a new daemon from within the magisk se-context. Otherwise there will be problems with selinux.
Start a new daemon with magisk --daemon. Notice that there's no ./ at the start. This is to test the loopback img.
Exit the temporary ./su shell. You may get an error message, but that's fine. At this point you should be back to the mtk-su shell.
Exit the mtk-su shell.
Check if su works. You should get a prompt from Magisk Manager.
At this point, if you get a normal root shell, you can do setenforce 1.
Now all apps that want su access will have it with proper prompting.
Have some app execute steps 6 through 17 at every startup.
Steps 1-5 are done once. Step 6 onward are done at every boot session. A script would probably help. I'm sure this is missing some details, but I just wanted to convey the general idea.
EDIT: If you get this system up and running, you of course want to avoid updating Magisk binaries through MM. That's pretty important because doing so will probably stop your device from booting.
Click to expand...
Click to collapse
KevMetal said:
looks great ...i want to try it on a Vodafone carrier branded mtk67__ device in Spain / Europe to see what happens ...
ultimately i would want to use su to pull a copy of stock recovery to sd card / that and boot partition.img
what about after pulling stock recovery & porting twrp i flash twrp with flashfire or similar and after booting directly to recovery flash dm-verity disable .zip ...
reason being that bootloader is locked and this device is on marshmallow ...
*so my question is ...
will mounting rw on marshmallow trip dm-verity immediately and bootloop instantly or only on reboot ...if it's on reboot it would serve my purpose ..
* next question is if im running as su in shell how will I "give" escalated privileges to third party apk like flashfire for example or is it possible to disable dm-verity from root shell using commands ?
or installing mixplorer with root privileges for examle ..
Click to expand...
Click to collapse
Cool... let us know the results of running mtk-su on that phone, as well as the full model name so I can list it.
So you're on the right track about installing permanent root. I was pretty vague about it in the OP because it's a complex topic and it's pretty risky territory. Before trying to mod your boot image with systemless root and/or verity disabled, you have to check how restrictive your BL is. It's very possible that it can accept self-signed or unsigned images without needing to unlock. You can check this in a minesweeper fashion by flashing your stock recovery with the OEM signature removed and see if it boots. If not, Android will restore the stock recovery automatically, no harm done.
If you want to flash partitions from a root shell, you can use the dd command. FlashFire is a glorified dd flasher. For example, to flash a recovery image you would do
dd if=recovery.img of=/dev/block/platform/mtk-msdc.0/11230000.MSDC0/by-name/recovery
The exact path of the dev node varies by device. You should do more research about it if you're interested. To dump partitions, essentially do the reverse of if= and of=.
If you want, you can post your stock recovery image and I can modify it so you can test how restrictive your BL is. There's no need to jump ahead to TWRP yet.
diplomatic said:
If you want, you can post your stock recovery image and I can modify it so you can test how restrictive your BL is. There's no need to jump ahead to TWRP yet.
Click to expand...
Click to collapse
Most MTK's allow the boot probably due to difficulties during OTA patches indeed a lot of the OEM OTA's I have seen actually flash the recovery.img to the boot partition first then reboot do the update flash the recovery to recovery partition then reboot to recovery do the final check then reflash the boot.img back to the boot partition.
I think this is so if the OTA fails at any point they are always in recovery mode. If any of that makes sense :laugh:
Some mtk fstab's I have seen even have a flag that states verify "recoveryonly" so you can flash a TWRP recovery.img to the boot and it will boot up but it will not if flashed to the recovery of course OEM's may have other ideas and implementations so caution and a way back are definitely needed.
It's definitely a game of Russian roulette with a one in six chance of you finding the loaded chamber.
Been too secure can backfire on OEM's and cost them as with the Amazon Fire Phone I brick 3 or 4 of those suckers trying to unlock it and even they could do nothing with them so they would just give me a new one and I am convinced they actually locked themselves out on that devices and that's why it never got a version update or bootloader unlock which is a shame because it was a good phone. :silly:
bigrammy said:
Most MTK's allow the boot probably due to difficulties during OTA patches
Click to expand...
Click to collapse
OK, but I don't see how any of this would prevent cryptographic signature checking and enforcement at any OTA installation stage. Do you have any reason to believe that most devices that are not unlockable have support for unsigned images?
diplomatic said:
OK, but I don't see how any of this would prevent cryptographic signature checking and enforcement at any OTA installation stage. Do you have any reason to believe that most devices that are not unlockable have support for unsigned images?
Click to expand...
Click to collapse
Depends on oem I guess eg: Lenovo TAB2 never unlock the bootloader, Infocus Never unlocked the bootloader, All China brands various I never unlocked the bootloaders yet all rooted with custom recovery's installed although most of these were Android 6.0 so AVB used by Magisk SuperSU etc works for them.
Nokia3 I did unlock the bootloader but I beginning to think maybe I didn't need to and maybe I can test that theory soon when I get one back I loaned out.
Big brands like Sony Defo need to be unlocked but lessor brands I am not so sure about.
OK, good to know, @bigrammy
diplomatic said:
OK, good to know, @bigrammy
Click to expand...
Click to collapse
I might try flash the boot of my Sony XA1 (bootloader locked) with a TWRP recovery over the weekend and see what happens. It just means me having to boot windows to recover it if it fails and I have not done that in 18 months or more :laugh:
EDIT: Unsigned TWRP Failed to boot so now I will try with a AVB signed image and see what happens.
EDIT 2: AVB signed TWRP Failed verification check too. :laugh:
PS: Never unlocked the Lumigon T3 (my daily driver) either and that was marketed a secure device it took me about 30 min's to to make a scatter file then pull the boot with SPFlashTool ported over TWRP from my Infocus pre patched the boot with Magisk flashed them back done. Again it seems AVB sig was enough for this device too but again Android 6.0. :laugh:
OK.... it would be interesting what happens with the Sony...
It's pretty much the same deal with the Asus Zenpad series. The Z3xxM series, based on MT8163, can be flashed without unlocking the BL. On the old Android 6 FW, you needed to have an AVB signature for it go through. On Android 7, you don't even need that. However, for the high-end MT8176-based Zenpad Z500M, they locked it down so that you'd need to unlock before installing a custom boot/recovery--OEM sig support only.
bigrammy said:
EDIT: Unsigned TWRP Failed to boot so now I will try with a AVB signed image and see what happens.
EDIT 2: AVB signed TWRP Failed verification check too. :laugh:
Click to expand...
Click to collapse
LOL... I guess I'll have to stick to unlocking my Sonys before installing root.
I have a question
I have been looking ways to root redmi 6a. Xiaomi have been imposing 15d grace period one any request to unlock boot loader. Very annoyed
My question is if I manage to root it and install TWRP. can I still modify the boot loader without unlocking it?
Tia
Sent from my Redmi 6A using Tapatalk
Hi, @ahhl
If you can install and boot TWRP without unlocking the bootloader, you can almost definitely install permanent root to a boot image. The question is whether the locked BL on that phone will boot an image that is unsigned or wipe out instead. This is what bigrammy and I were just talking about above. I'd love to know if mtk-su works on that phone, btw....
i will try. but i am just novice?. i read thru the conversation between you and bigrammy, only to 30% goes thru my head?
if i manage run mtk-su, then flash twrp, if the flashing did not work, it will just reboot back using stock boot.? i do not have to worry something i need to do just like bigrammy did for 30min, just to get the phone running? as the reboot just wipe twrp? is this true?
Hot Pepper™ Mobile
Chilaca 4G-LTE Smartphone
T-Mobile® Certified
Model No. HPP-L60A
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
General Info &
Discussion Thread
OVERVIEW:
The Chilaca is a T-Mobile certified 4G-LTE smartphone, manufactured by Hot Pepper Mobile for eligible recipients of the federal Lifeline program and the Affordable Connectivity Program (ACP) -- government sponsored initiatives which assist low-income individuals and households with mobile phone service and mobile devices.
For an entry-level device, the Chilaca is a surprisingly capable smartphone. The MediaTek Helio A22 chipset platform utilizes CorePilot technology, which provides power-aware scheduling, CPU thermal management and persistent UX monitoring. These attributes work in harmony to assign the appropriate workload to CPU cores at a calculated and specific frequency and voltage, balancing the needed performance load demand with the optimal power efficiency. This landmark feature shines bright on the Chilaca, giving the user palpably smooth performance, the ability to maintain heavy workloads, all while maintaining impressive battery life in between charges. Moreover, the Chilaca's certification with T-Mobile provides remarkable network connectivity, excellent upload/download speeds, and extended range LTE coverage by way of Band 12 & 71 support.
HARDWARE SPECS:
Chipset: MediaTek Helio A22 (MT6761V/CAB)
CPU: Quad-core ARM Cortex-A53
CPU Max Clock: 2.0 GHz
Architecture: armv7l (32-bit)
CPU Process: 16 nm
GPU: IMG PowerVR Rogue GE8300
GPU Max Clock: 660 MHz
Display: 6.51" 1600 x 720 HD
Screen Density: 280 dpi (hdpi)
Internal Storage: 32GB eMMC (23.9 GB useable)
LTE Modem: Cat 7 DL; Cat 13 UL
LTE Bands: 2, 4, 5, 12, 25, 26, 41,66, 71
Bluetooth: v5.0, LE
WLAN Support: 802.11a/b/g/n/ac (2.4 & 5 GHz)
Battery: Li-Ion 3200 mAh
RAM: 2.0 GB (+ 1.386 GB zRAM)
Cameras: 5 MP Main; 2 MP Front
Ports: Type-C USB | 3.5mm Headphone Jack
FIRMWARE INFO:
OS/Version: Android 12 (Go Edition)
Firmware Build: HPP-L60A-3.0.18
Build ID: 12/SP1A.210812.016
Kernel Version: Linux v4.19.191
Radio: MOLY.LR12A.R3.MP.V208.3.P5
Security Patch Level: September 5, 2022
API Level: 31
Partition Scheme: Dynamic (Non A/B)
Project Treble: Supported
DEVELOPMENT STATUS:
Hot Pepper Mobile CEO Shawn Sun has selected me as a tester for the Chilaca 4G-LTE smartphone. Accordingly, the Chilaca has not yet been released within the mainstream US smartphone market. . This thread will serve as a general info & discussion forum for the Chilaca as more handsets become available via their release and distribution in the Lifeline program throughout the US.
I have obtained the factory firmware for the Chilaca, but have not yet experimented with bootloader unlocking or rooting the phone. I will keep this thread updated with any news in this regard. Should any members need the stock firmware, just leave a comment with the request.
UPDATE: February 17, 2023:
A recent OTA firmware rollout updates the current build to vHPP-L60A-3.0.19 with the December 05, 2022 security patch level.
I have also discovered that, per contractual terms between T-Mobile and the manufacturer, the bootloader on the Chilaca is not supported for unlocking. However, it appears that the Chilaca can be exploited using the MTK Client utility. Once I confirm bootloader unlocking I plan on writing a full tutorial with the step-by-step instructions and the required files for the task. It does appear that the Chilaca has been distributed throughout several US states via the federal Lifeline and ACP initiatives, making the device prominent on the mainstream market. I would ask that any Chilaca device owners leave a comment below.
UPDATE: March 23, 2023:
Another recent OTA security update has bumped the firmware build to HPP-L60A_3.0.20 with the February 1, 2023 security patch level.
In order to exploit the bootloader using MTK Client, you must be running the HPP-L60A_3.0.18 firmware build, or an earlier build. More recent builds have blocked user-initiated access to BROM mode which is essential to proper device recognition while using MTK Client. Fortunately, device owners may downgrade via the firmware package provided below in conjunction with the SP Flash Tool.
UPDATE: April 15, 2023:
An OTA update dated April 12, 2023, has bumped the firmware build to HPP-L60A_3.0.21, with a security patch level of March 5, 2023. This update included some bug fixes on premature kernel panic triggering and some baseband radio issues involving extended range LTE Band 71.
USEFUL LINKS:
• Factory Firmware HPP-L60A_3.0.18
• Chilaca Factory Firmware Restoration Guide
• SP Flash Tool v5.1924 (32 & 64-bit)
• Chilaca FCC Test Report
• Chilaca HPP-L60A User Manual (PDF)
• MTK Client Setup & Usage Guide **
Credit goes to @Sidharth09 for his guide on setting up and using MTK Flash Tool. Please consider hitting the thanks button on his thread.
Where can I find the decryption key?
MrAx714 said:
Where can I find the decryption key?
Click to expand...
Click to collapse
The download link is fixed.
Hi, guys.
New sign up but get info from y'all pros for long time.
My question about this phone:
Does anyone know if there is a source for a replacement screen for these anywhere yet? Have searched far and wide and no joy... they are very delicate at best.
Thanks and if this is posted in the wrong place just trash the post.
TIA
Peace
b4byl0n said:
Hi, guys.
New sign up but get info from y'all pros for long time.
My question about this phone:
Does anyone know if there is a source for a replacement screen for these anywhere yet? Have searched far and wide and no joy... they are very delicate at best.
Thanks and if this is posted in the wrong place just trash the post.
TIA
Peace
Click to expand...
Click to collapse
Splendid question. I'll see what I can find out on replacement parts.
My preliminary search for the availability of screen replacements and other parts for the Chilaca has been unfruitful. However, I will reach out to the CEO of Hot Pepper Mobile with this inquiry. I'll post back as soon as I know anything.
have you tried mtkclient with this?
luridphantom said:
have you tried mtkclient with this?
Click to expand...
Click to collapse
Indeed. Works on the older HPP-L60A-3. 0.18 firmware build. On newer builds BROM mode has been disabled. But on a positive note you can downgrade to 3.0.18 from a newer build using the firmware from my restoration guide.
wonder how i can be a tester to get my hands on one...
first feedback is to leave a BROM backdoor so we can always mtkclient unlock that baby
luridphantom said:
wonder how i can be a tester to get my hands on one...
first feedback is to leave a BROM backdoor so we can always mtkclient unlock that baby
Click to expand...
Click to collapse
The Chilaca has already completed all testing phases and has received Google Play Certification and T-Mobile certification. It is now being distributed via Lifeline and ACP channels throughout the US.
On unlocking the bootloader, all you need to do is flash my 3.0.18 firmware package and use MTK Client to exploit the bootloader. Once unlocked, you can install OTA updates as long as you are not yet rooted. Once updated to the latest 3.0.20 build, use MTK Client once again to dump your /boot partition in .img format. Use Magisk 26.1 to patch that boot.img, then use fastboot mode to flash the patched image to achieve root.
I have requested the latest full firmware build (3.0.20) for this phone. I should have it this week.
Hi ,. I recently brought a HPPL 69A , Pretty good device honestly but I want to do more with it ,So I looking into Rooting it , Is this could be possible ?
Could I root it without a PC
daremoNo said:
Could I root it without a PC
Click to expand...
Click to collapse
The HPP-L60A cannot be rooted without a PC. In fact, rooting it with a PC is a tedious and daunting task to put it mildly The bootloader must first be exploited using MTK Client. Afterwards, Magisk can be used to achieve systemless root. Also, in order to exploit the bootloader, you must be running the HPP-L60A-3.0.18 firmware build. The newer builds have blocked access to BROM mode. You can downgrade using SP Flash Tool to flash the firmware provided above.
So I just got one from the Lifeline program and I like it so far. I need to downgrade to the firmware ref. in the post above so I am attempting that right now. I am running win 11 and am having slight trouble turning off the driver verification for a 64bit os. I was trying to do it from the command line but ran into issues. edit: I turned off the driver enforcement (or at least I thought I was) in the local group policy editor, but I am still not able to install the mtk inf file. I get the error of " the digital inf doesn't contain any driver information. "
Any help would be great please.
ffreylu00x7 said:
So I just got one from the Lifeline program and I like it so far. I need to downgrade to the firmware ref. in the post above so I am attempting that right now. I am running win 11 and am having slight trouble turning off the driver verification for a 64bit os. I was trying to do it from the command line but ran into issues. edit: I turned off the driver enforcement (or at least I thought I was) in the local group policy editor, but I am still not able to install the mtk inf file. I get the error of " the digital inf doesn't contain any driver information. "
Any help would be great please.
Click to expand...
Click to collapse
Use this guide. Works on Win 10 & 11. https://windowsreport.com/driver-signature-enforcement-windows-10/
So I am thinking its file and not me messing up the driver enforcement. Has anyone vetted the link and what's provided in the link as to it being the proper thing to download or can you suggest a place to find a better firmware? I am trying to downgrade then hopefully achieve root access after that. I'll keep an updated post as I figure more out
ffreylu00x7 said:
So I am thinking its file and not me messing up the driver enforcement. Has anyone vetted the link and what's provided in the link as to it being the proper thing to download or can you suggest a place to find a better firmware? I am trying to downgrade then hopefully achieve root access after that. I'll keep an updated post as I figure more out
Click to expand...
Click to collapse
The firmware provided is directly from the servers of the manufacturer. It is official digitally signed firmware. It was provided to me by Hot Pepper Mobile months before the phone was released to the public. I beta tested this phone for the manufacturer. I've also installed this firmware with SP Flash Tool, via the debug and standard installations. There are no issues with the firmware archive.
If you want to efficiency disable driver signature enforcement, follow the guide I linked. Otherwise , you will likely have issues with installing the unsigned vCom drivers which will, in turn, complicate proper device recognition.
If you are having issues with device recognition with SP Flash Tool, here is a great step-by-step guide on configuring the MediaTek vCOM drivers on your PC or laptop. https://forum.xda-developers.com/t/...32-64-bit-driver-install-tutorial-m2.3267033/
So I don't know I it's my os on my computer or why I'm not getting the same options as y'all have instructed but I can't seem to figure out how to install these drivers. I disabled the driver verification enforcement and then went to device manager and this is where things were different. I'm not seeing the COM & PORTS...I installed the drivers from what was provided and followed the instructions. So after there is a new category called "SAMSUNG Android Phone" and I obviously don't have a Samsung so I'm not sure why that happened.
Afq
ffreylu00x7 said:
So I don't know I it's my os on my computer or why I'm not getting the same options as y'all have instructed but I can't seem to figure out how to install these drivers. I disabled the driver verification enforcement and then went to device manager and this is where things were different. I'm not seeing the COM & PORTS...I installed the drivers from what was provided and followed the instructions. So after there is a new category called "SAMSUNG Android Phone" and I obviously don't have a Samsung so I'm not sure why that happened.
Click to expand...
Click to collapse
Did you install the vCOM preloader drivers from the link I posted?
I have this phone. Someone from assurance wireless came knocking on my door and I didn't like truconnect anymore.
Anyway I searched and found your post. Bingo! Currently rooted.
Mine came with .18 on it and I had almost updated. I got mtk client working (used python mtk_gui) and backed up all partitions except the user data. Enabled dev mode. OEM unlocking. Went to the flash tab and did unlock bootloader. Installed magisk 26.1 on phone, adb pushed boot.bin to boot.img, patched file, adb pulled it, back into preloader, wrote the boot partition, don't know if it was necessary since I did a factory reset from the recovery menu, but I used mtk reset. I noticed that every time you use the cli mtk file you have to re enter preloader. Anyway, I did that, set it up, working great.
Now I want to remove the assurance wireless (T-Mobile lifeline mvno) subsidy lock, can mtkclient do that by erasing partitions like I've seen for some other phones? It's not a big deal right now and eventually it'll pass the auto unlock.
This is my first MediaTek root that worked. I have a Lenovo tab m8 tablet I tried it with before and didn't work but I didn't put much time into it. Was a few years back. Also I have a cloud stratus c7 which is also a mt6761 but the app I tried didn't work. But that was an on phone app. I'll have to try mtkclient with it.
Couple of questions. I used mtkgui and generated keys. No idea why or what I might use it for but I like to click things does it serve a purpose with this phone?
When I first ran the magisk patch install, after installing magisk 26.1 on the chilaca unrooted, there was a checkbox option for something about vbmeta in the boot image? I had checked it the first time but didn't use that image. But it doesn't show up anymore, so.. should I have used that?
Lastly, is there a way around the bootup having to press power to boot the phone or it'll shut off? Untrusted device message.
I've done plenty of rooting and jailbreaking and hardware hacking tinkering and such, but I owned a couple Samsung Galaxy s5s, then s7 edge, s8, then went to pixels. Got a pixel 3xl and 6 pro and Google makes everything super easy. I know that on the pixel you get a warning message that goes away after a few seconds (or you can press power to pause/unpause the warning) when bootloader is unlocked. I haven't tried it yet myself but I'm also aware of the ability to sign a rooted boot image (pixels are a/b devices if that matters) and relock the phone with it. Would that work on the chilaca you think? I can give it a shot.
I'm about to do the update to .20 right now. I restored the image through magisk manager so it'll patch the it's fine, just gotta reboot. Bootloader will remain unlocked you said? I'll find out
I'm gonna look into finding a kernel source for the mt6761 and see if I can't get a functional source tree up. Then it'd be nice to patch in sdk 32 (a13) pixel experience source tree will be useful for patch pulling guidance. Also I'm curious if twrp can be built, I started to read up on it and saw something about MediaTek and Qualcomm handling things very different, so we'll see.
Anyway thanks for the thread!!
Assurance Wireless
KonnectONE Moxee m2160
4G-LTE Smartphone
Model No. MH-T6000
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Rooting Guide
OVERVIEW:
This guide outlines simplified instructions for rooting the Assurance Wireless Moxee MH-T6000 4G-LTE smartphone. To cater this guide to new and inexperienced members, I have provided a stock boot image pre-patched with the Magisk v26.1 systemless root solution.
PREREQUISITES:
First and foremost, you need an unlocked bootloader. If your bootloader is not yet unlocked, complete that task and then return here. XDA hosts a plethora of how-to guides on standard bootloader unlocking. You will also need a Windows PC or laptop running the Minimal ADB & Fastboot Tools (link provided below). It should be noted that this guide can be carried out on a Mac or Linux computer as well; however, for purposes of this guide, I am focusing solely on a Windows setup. It is highly recommended that your device be running firmware build number MH-T6000V1.0.OB010, with the March 5, 2023 security patch level. As OTA updates are rolled out for this device, I will try to keep this guide updated with a patched boot image that corresponds with the latest firmware build.
Finally, you will need the factory supplied, or a quality equivalent USB-A to USB-C charging/syncing cable.
DISCLAIMER:
By proceeding further, you are assuming sole responsibility for the integrity and operability of your smartphone. Rooting your device is a task that carries with it the inherent risk of bricking or otherwise rendering your phone inoperable. While this guide has been thoroughly tested on my own device, you have been warned. Proceed at your own risk.
INSTRUCTIONS:
Download the ADB & Fastboot tools from the link below and install the program on your PC or laptop;
Open your Windows File Explorer, navigate to your C: drive, Program Files x86, and locate the Minimal ADB & Fastboot folder. Copy this folder and paste it to your desktop. (This step is not required, but is recommended for easier access of the ADB & Fastboot path);
Download the patched boot image from the below link and save the image in your ADB & Fastboot folder. Note: the filename for the patched boot image is patched_boot.img. The flashing commands assume that you leave the filename unchanged;
Boot your phone into fastboot mode by first powering your device off, and then holding the power and volume down keys simultaneously until fastboot mode appears on your device display;
Connect your smartphone to your Windows computer using the factory supplied or a quality equivalent USB-A to USB-C charging/syncing cable;
Open your ADB & Fastboot folder and double click cmd-here.exe to open a command window. Execute this command to verify a proper fastboot connection:
Code:
fastboot devices
If properly connected, the command window will return an alphanumeric string consistent with your device serial number;
Once a proper connection has been verified, execute this command:
Code:
fastboot flash boot patched_boot.img
Now execute:
Code:
fastboot reboot
Upon reboot, open your app drawer and tap on the Magisk app or its placeholder stub. Ensure you are connected to the internet, grant any permissions, and follow any prompts given by Magisk to update to the full version in order to complete the root environment setup. Magisk may reboot your device during this process.
That's it. You're now rooted via the Magisk v26.1 systemless root solution.
IMPORTANT NOTE:
In the unfortunate event that you get stuck in a boot loop or brick your device using this guide, my guide on unbricking this smartphone will get you back up and running fairly quickly. This guide can be used to restore both soft bricked and hard bricked devices. You can then return here and give rooting another go.
Moxee MH-T6000 Unbricking GuideDOWNLOADS:
• Minimal ADB & Fastboot v1.4.3
• Magisk Patched Boot Image
THANKS & MENTIONS:
A huge thanks and shout-out to @omb714.1980 for donating the Moxee smartphone that made this rooting guide possible. You are a scholar and a gentleman, good sir. Thanks also to KonnectONE support specialist Faith Flores for releasing to me the factory firmware for this device.
Viva La Android said:
Assurance Wireless
Moxee MH-T6000 4G-LTE
View attachment 5893661
Rooting Guide
OVERVIEW:
This guide outlines simplified instructions for rooting the Assurance Wireless Moxee MH-T6000 4G-LTE smartphone. To cater this guide to new and inexperienced members, I have provided a stock boot image pre-patched with the Magisk v26.1 systemless root solution.
PREREQUISITES:
First and foremost, you need an unlocked bootloader. If your bootloader is not yet unlocked, complete that task and then return here. You will also need a Windows PC or laptop running the Minimal ADB & Fastboot Tools (link provided below). It should be noted that this guide can be carried out on a Mac or Linux computer as well; however, for purposes of this guide, I am focusing solely on a Windows setup. It is highly recommended that your device be running firmware build number MH-T6000V1.0.OB010, with the March 5, 2023 security patch level. Finally, you will need the factory supplied, or a quality equivalent USB-A to USB-C charging/syncing cable.
DISCLAIMER:
By proceeding further, you are assuming sole responsibility for the integrity and operability of your smartphone. Rooting your device is a task that carries the inherent risk of bricking or otherwise rendering your phone inoperable. While this guide has been thoroughly tested on my own device, you have been warned. Proceed at your own risk.
INSTRUCTIONS:
Download the ADB & Fastboot tools from the link below and install the program on your PC or laptop;
Open your Windows File Explorer, navigate to your C: drive, Program Files x86, and locate the Minimal ADB & Fastboot folder. Copy this folder and paste it to your desktop. (This step is not required, but is recommended for easier access of the ADB & Fastboot path);
Download the patched boot image from the below link and save the image in your ADB & Fastboot folder;
Boot your phone into fastboot mode by first powering your device off, and then holding the power and volume down keys simultaneously until fastboot mode appears on your device display;
Connect your smartphone to your Windows computer using the factory supplied or a quality equivalent USB-A to USB-C charging/syncing cable;
Open your ADB & Fastboot folder and double click cmd-here.exe to open a command window. Execute this command to verify a proper fastboot connection:
Code:
fastboot devices
If properly connected, the command window will return an alphanumeric string consistent with your device serial number;
Once a proper connection has been verified, execute this command:
Code:
fastboot flash boot patched_boot.img
Now execute:
Code:
fastboot reboot
Upon reboot, open your app drawer and tap on the Magisk app or its placeholder stub. Ensure you are connected to the internet, grant any permissions, and follow any prompts given by Magisk to update to the full version in order to complete the root environment setup. Magisk may reboot your device during this process.
That's it. You're now rooted via the Magisk v26.1 systemless root solution.
DOWNLOADS:
• Minimal ADB & Fastboot v1.4.3
• Magisk Patched Boot Image
THANKS & MENTIONS:
A huge thanks and shout-out to @omb714.1980 for donating the Moxee smartphone that made this rooting guide possible. You are a scholar and a gentleman, good sir. Thanks also to the KonnectONE support team for releasing to me the factory firmware for this device.
Click to expand...
Click to collapse
Lol. Now you post this. After unsuccessfully scouring the internet for the stock firmware. I finally did the same as you and simply reached out to konnectone and asked for it. I just came here to see if there was anyone here that is by far more knowledgeable than myself (not hard) interested to have the firmware and would post a guide like this one. Well done!
Would you happen to have a twrp recovery compiled for this device by chance? Or if not but planning on it would you let me know please. I would appreciate it!
scottfan81 said:
Lol. Now you post this. After unsuccessfully scouring the internet for the stock firmware. I finally did the same as you and simply reached out to konnectone and asked for it. I just came here to see if there was anyone here that is by far more knowledgeable than myself (not hard) interested to have the firmware and would post a guide like this one. Well done!
Would you happen to have a twrp recovery compiled for this device by chance? Or if not but planning on it would you let me know please. I would appreciate it!
Click to expand...
Click to collapse
I just got KonnectONE to agree to release firmware a couple of days before you mentioned having firmware. It's been a long wait indeed.
I don't have source code to compile TWRP; only the firmware. I will be attempting to port a TWRP build for this phone very soon. My legal battle with KonnectONE was in regards to source code under the General Public License 2.0. Because they were ultimately unable to provide kernel source, their legal team and support department finally acquiesced to provide firmware to device owners upon written request. I compromised for the firmware release, but was not able to get kernel source code for building TWRP. I am pretty confident that a ported TWRP can be ironed out as a stable build. I already have the base build selected.
Thank you so much! I have 3 of these devices and been waiting lol. I see the stock kernel has hot-plug . What's some good tuning profiles? I tried to debloat permanently with LP but it didn't work. I think it's read-only so I flashed the magisk overlay for rw and going to play. We definitely need TWRP! I see a port may be in the works. Awesome. Thanks again
Viva La Android said:
I just got KonnectONE to agree to release firmware a couple of days before you mentioned having firmware. It's been a long wait indeed.
I don't have source code to compile TWRP; only the firmware. I will be attempting to port a TWRP build for this phone very soon. My legal battle with KonnectONE was in regards to source code under the General Public License 2.0. Because they were ultimately unable to provide kernel source, their legal team and support department finally acquiesced to provide firmware to device owners upon written request. I compromised for the firmware release, but was not able to get kernel source code for building TWRP. I am pretty confident that a ported TWRP can be ironed out as a stable build. I already have the base build selected.
Click to expand...
Click to collapse
They never replied when I emailed them about it several months ago . This is so awesome. I got rid of most of the lag with kernel manager. Kudos
Argonon said:
They never replied when I emailed them about it several months ago . This is so awesome. I got rid of most of the lag with kernel manager. Kudos
Click to expand...
Click to collapse
Several months ago they weren't releasing firmware to the public. I got it released by battling with them over open source code and I ultimately compromised for factory firmware. It was only recently made public.
Yeah I've noticed a nice performance boost too with some debloating and sone kernel tweaks. I'm using EX Kernel Manager. Keep in mind this device uses dynamic partitioning (super.img). As such, even with root, it isn't always possible to mount /system r/w. I extracted the super.img on a PC and then mounted /system, /vendor and /product, debloated, and then repacked and reflashed super img.
Awesome. I don't have a good pc now unfortunately. I do have viper4android repackaged version with driver and effects pre-installed. I used smart pack kernel manager to tweak kernel. The device is very useable now! I have a Blu View 3 android 11 mtk device id love to root but can't even unlock bootloader. Maybe I should look into emailing them
Argonon said:
Awesome. I don't have a good pc now unfortunately. I do have viper4android repackaged version with driver and effects pre-installed. I used smart pack kernel manager to tweak kernel. The device is very useable now! I have a Blu View 3 android 11 mtk device id love to root but can't even unlock bootloader. Maybe I should look into emailing them
Click to expand...
Click to collapse
BLU won't unlock your bootloader. It is locked per contractual agreement with the branded carrier of the phone. However, if it's MediaTek, you may be able to use MTK Client to exploit the bootloader into an unlocked state.
Viva La Android said:
Several months ago they weren't releasing firmware to the public. I got it released by battling with them over open source code and I ultimately compromised for factory firmware. It was only recently made public.
Yeah I've noticed a nice performance boost too with some debloating and sone kernel tweaks. I'm using EX Kernel Manager. Keep in mind this device uses dynamic partitioning (super.img). As such, even with root, it isn't always possible to mount /system r/w. I extracted the super.img on a PC and then mounted /system, /vendor and /product, debloated, and then repacked and reflashed super img.
Click to expand...
Click to collapse
Would you plz share your super.img ? I'm on latest firmware and have attached screenshot of build etc.... I understand if you can't or don't want to. Can I pull mine since I'm rooted? Problem is I have a old Chromebook that I installed endeavor os on its arch based Linux but I don't have much hard drive space to do work
Viva La Android said:
Several months ago they weren't releasing firmware to the public. I got it released by battling with them over open source code and I ultimately compromised for factory firmware. It was only recently made public.
Yeah I've noticed a nice performance boost too with some debloating and sone kernel tweaks. I'm using EX Kernel Manager. Keep in mind this device uses dynamic partitioning (super.img). As such, even with root, it isn't always possible to mount /system r/w. I extracted the super.img on a PC and then mounted /system, /vendor and /product, debloated, and then repacked and reflashed super img.
Click to expand...
Click to collapse
Would you plz share your super.img ? I'm on latest firmware and have attached screenshot of build etc.... I understand if you can't or don't want to. Can I pull mine since I'm rooted? Problem is I have a old Chromebook that I installed endeavor os on its arch based Linux but I don't have much hard drive space to do work
Viva La Android said:
I just got KonnectONE to agree to release firmware a couple of days before you mentioned having firmware. It's been a long wait indeed.
I don't have source code to compile TWRP; only the firmware. I will be attempting to port a TWRP build for this phone very soon. My legal battle with KonnectONE was in regards to source code under the General Public License 2.0. Because they were ultimately unable to provide kernel source, their legal team and support department finally acquiesced to provide firmware to device owners upon written request. I compromised for the firmware release, but was not able to get kernel source code for building TWRP. I am pretty confident that a ported TWRP can be ironed out as a stable build. I already have the base build selected.
Click to expand...
Click to collapse
I have 3 of these devices. I surly can test TWRP port if needed
Argonon said:
Would you plz share your super.img ? I'm on latest firmware and have attached screenshot of build etc.... I understand if you can't or don't want to. Can I pull mine since I'm rooted? Problem is I have a old Chromebook that I installed endeavor os on its arch based Linux but I don't have much hard drive space to do work
I have 3 of these devices. I surly can test TWRP port if needed
Click to expand...
Click to collapse
Sure. I don't mind sharing my super.img. I'll need to upload it and then I'll message you a link. It's pretty much exactly 2.5 GB in file size, so I'll first compress it to a zip before uploading.
The edited one. Just clarifying so appreciated
Argonon said:
The edited one. Just clarifying so appreciated
Click to expand...
Click to collapse
I don't yet have all my mods made to the /super partition in that regard. Having encountered some force close issues with certain apps, I debloated from scratch and and have now begun my kernel tweaks and edits to the.varuous .prop files. So when finished, I'll share both my boot.img and super.img.
Just the stock super.img would be fine then. I think I can figure how to decompile, debloat and recompile then flash.
Argonon said:
Just the stock super.img would be fine then. I think I can figure how to decompile, debloat and recompile then flash.
Click to expand...
Click to collapse
MH-T6000 super.img unmodified
I was experimenting and flashed the super.img with dsu side loader apk as a gsi lol. The app description said can replace various partitions and I was just trying to get system rw on the dsu loader. I know that makes no sense. What windows 11 compatible software do you recommend to unpack, repack etc? I see a few magisk modules but not quite sure how to use. Like ro2rw magisk module
Viva La Android said:
MH-T6000 super.img unmodified
Click to expand...
Click to collapse
Thank you!
Argonon said:
Thank you!
Click to expand...
Click to collapse
When I have completed debloating, kernel tweaks and .prop files edits of the OS, I'll share my modified super.img and boot.img. I have a TWRP v3.6.0 port build that is currently booting properly on this phone. But, I have bugs to work out on logical partition mounting, as well as the backup & restore functionality.
Argonon said:
I was experimenting and flashed the super.img with dsu side loader apk as a gsi lol. The app description said can replace various partitions and I was just trying to get system rw on the dsu loader. I know that makes no sense. What windows 11 compatible software do you recommend to unpack, repack etc? I see a few magisk modules but not quite sure how to use. Like ro2rw magisk module
Click to expand...
Click to collapse
Check out CRB Android Kitchen here on XDA. Great for unpacking / repacking partition images, including super.img.
Viva La Android said:
When I have completed debloating, kernel tweaks and .prop files edits of the OS, I'll share my modified super.img and boot.img. I have a TWRP v3.6.0 port build that is currently booting properly on this phone. But, I have bugs to work out on logical partition mounting, as well as the backup & restore
Click to expand...
Click to collapse
Have you had anymore luck with this