Related
So right now my phone is running android 4.04.
So I checked out the entire android 4.04 ics branch from the aosp project:
repo init -u h t t p s : / /android.googlesource.kom/platform/manifest -b android-4.0.4_r2.1
And then I go ahead and download the kernel source, change a few options in tuna_defconfig, make the kernel, and copy the zImage to the file:
devices/samsung/tuna/kernel
Now what? I know that in theory, I could build the entire AOSP project -- but I lack the proprietary binaries. How can I just get my updated kernel onto the device smoothly?
PS: I've done fastboot boot zImage -- but this gets me stuck at the Google home screen -- maybe because the modules are not packaged properly.
Well if you have clockwork recovery you can just clear cache then install the zip and then reboot, unless I am not understanding the problem here
Sent from my Galaxy Nexus
Yes, if I had a working zip file, that would be fine.
The way I understand it, I would need to:
1) Download all the source (for AOSP rom)
2) Download the kernel
3) Modify the kernel and build it. This outputs a zImage.
4) Copy the zImage to the stock AOSP kernel file (device/samsung/tuna/kernel)
5) Add proprietary binaries -- this does not exist for my device (toroplus sprint)
6) Make the entire project/ROM.
I don't know why steps 5 and 6 are necessary if I am just adding a couple lines to my kernel.
latecoder said:
Yes, if I had a working zip file, that would be fine.
The way I understand it, I would need to:
1) Download all the source (for AOSP rom)
2) Download the kernel
3) Modify the kernel and build it. This outputs a zImage.
4) Copy the zImage to the stock AOSP kernel file (device/samsung/tuna/kernel)
5) Add proprietary binaries -- this does not exist for my device (toroplus sprint)
6) Make the entire project/ROM.
I don't know why steps 5 and 6 are necessary if I am just adding a couple lines to my kernel.
Click to expand...
Click to collapse
The way I understand it, you would need to:
1) Download a stock ramdisk/unpack it
2) Download the kernel source
3) Modify the kernel and build it. This outputs a zImage.
4) Overwrite the zImage existing on the previously extracted ramdisk
5) Repack ramdisk/flash it through fastboot.
Another thing, it's easier to have modules builtin, than not.
Pick any custom kernel zip for your phone , replace the zimage using winrar and flash using cwm
sent from my limited edition red Gnex
FINALLY!
We Present To You
SamPWND!
Root for the USA Variants of the S8 & S8 Plus Devices!
(This thread will focus only on the S8+)
This thread had been closed/locked until further notice. The thread and links should remain active and the thread has served it's purpose. You will need to search the thread if you have any questions pertaining to root or any errors/issues that you are facing. The other reason I have decided to close the thread is because it has gone off topic one too many times, people like to argue and debate and MODS have had to come in here 1 too many times to clean it up so as to make life easier, I will just shut it down. Please do not bombard me with PM's for root assistance because if it has been answered in this thread already (and it most likely has) I will just direct you to search in the thread if I am able to respond at all.
ALSO, please do not utilize our firmware/root files/method without gaining permission first or I will ask for the thread to be removed/locked. Just because the thread gets closed does not mean we didn't spend a lot of time to get to this point.
Thank you and enjoy SamPWND root!
DISCLAIMER:
We are not responsible for any damage done to your device as no one is "forcing" you to root your phone! If you are not sure of how to follow instructions or use ADB then I would suggest waiting for someone to help you or that you read up on how these things work before diving head first. The ENG system is not very stable when it comes to root as well as it has a ton of tools and binaries not available on stock devices so we are not responsible if you break something while on any firmwares but especially while on the ENG firmware.
DISCLAIMER 2:
Please do not take our work and post it elsewhere. We spent a lot of time on this for people to take it and use it as if it is their own. With that being said, if you have a better process for something or find any issues/errors, please PM myself or one of the listed contributors of this root method, do NOT post it directly in the thread because it causes confusion. We know with 100% certainty the files and method presented WORK. If it is not working for someone there are a number of possible reasons why. If users start modifying our files/scripts and posting them and you decide you are going to use someone else's files/scripts, do not post in our threads asking for us to help you because we will have no idea what was modified or changed and will just tell you to use the original files.
Returning to Stock:
- It is possible to return to 100% stock and it is very EASY to do.
- This is the reason why I provide both Normal, and Comsey ODIN's.
- All you need is a full stock 4 files firmware of your choice.
- Extract those files. Open ODIN and select the 4 files in their respective slots.
* IF YOU GET ERRORS such as model mismatch, start with 1 partition at a time to find out which one is throwing the error. (In my experience, it is the BL file that causes the error.) Once you find the culprit, throw that partition into the other ODIN. (For example, the BL file is giving an error in Comsey ODIN, throw the BL file in NORMAL ODIN and flash it by itself.)
* Typically you might have to throw individual partitions into either of the ODIN's but in the end you will be back on full stock firmware.
What doesn't work while rooted?
- On ANY ROOTED device, anything that utilizes "SafetyNet" will NOT work.
- Magisk and/or SuHide will NOT work. Our bootloader is still locked and these two modify the boot.img which would cause our devices to not boot up and having to start the root process over again, you have been warned!
- Systemless root also does NOT work. Again, this patched the boot.img which we cannot do because of our locked bootloader.
- Battery currently only charges to 80%. There are a few that feel it legit doesn't charge fully but others are claiming they get the same amount of life as they did with a 100% battery so the 80% might just be a visual issue or "fake" when it is really at 100%. Either way, we are still looking into this.
Main Contributors:
@elliwigy
@Harry44
@akiraO1
@BotsOne
@GSMCHEN
@jrkruse (for uploading system.img.ext4 and his root zip for the part 2 instructions)
@V0idst4r (for help in creating a "1 click" method for part 1!)
Initial Description on the process:
We are essentially flashing a modified 4 file firmware package in ODIN and then utilizing a few binaries in conjunction with SU binary and a permissive kernel. We will then be running some ADB commands and in order to have a fully working, amazing root with all things working we will be utilizing a stock system.img & a root script in conjunction with Flashfire. If you want to know all the technical details, you can take apart the files if you would like. It is released, so it is no longer a secret!
PART 1 Instructions: NEW
Flashing SamPWND 4 Files Firmware:
1) Download the PART 1 FILES Listed Below (this includes SamPWND_Root.zip and Initial ODIN 4 Files FIRMWARE and ODIN's if you do not already have them.)
2) Extract the 4 Files ODIN Firmware Package (also extract the ODIN's if you do not have them already.)
3) Open Comsey ODIN and select each partition and then select the files from the 4 File Firmware Package you extracted (BL goes in BL slot, AP in AP, CP in CP & CSC in CSC.) The options you select in ODIN shouldn't matter but I typically select F. Reset Time, Auto Reboot, Re-Partition, Nand Erase All & Update Bootloader.
4) Press Start and Wait for it to Finish. Once it finishes, if it boots into stock recovery simply select "Reboot System"
Take a breather, the ODIN portion is done (unless you have to start over for some reason...)
Now the NEW Root Process:
1) Once the phone is booted up, make sure you have ADB Enabled and connected to your PC. It should have prompted you to accept USB debugging as soon as it booted up.
2) Unzip the SamPWND_Root.zip
3) Double click "step1"
4) Wait for it to finish and once it reboots and comes back on you will be rooted with SuperSU!
5) Continue to PART 2 for "EVEN BETTER ROOT"
* It is a Windows bat file so not sure if it works on MAC. If you can't run bat files, use the OLD instructions.
* The bat will take about 30 seconds to run it's course. This is due to giving enough time for the remount script to mount the system as RW.
PART 1 Instructions: OLD
1) Download the PART 1 FILES Listed Below (this includes Systemroot + ADB zip, Initial ODIN 4 Files FIRMWARE and ODIN's if you do not already have them)
2) Extract the 4 Files ODIN Firmware Package, Also extract the ODIN's if you don't have them already.
3) Open Comsey ODIN and select each partition and then select the files from the 4 File Firmware Package you extracted (BL goes in BL slot, AP in AP, CP in CP & CSC in CSC.) The options you select in ODIN shouldn't matter but I typically select F. Reset Time, Auto Reboot, Re-Partition, Nand Erase All & Update Bootloader.
4) Press Start and Wait for it to Finish. Once it finishes, if it boots into stock recovery simply select "Reboot System"
Take a breather, the ODIN portion is done (unless you have to start over for some reason...)
Now the ADB Process to actually Root:
1) Extract the Systemroot + ADB zip listed below in an easy to find directory.
2) Make sure phone is connected to PC and ensure USB Debugging is enabled.
3) In the folder you extracted, you should see a "cmd-here" file. Double click it and it should open up an ADB cmd window.
4) Now we will start with the ADB commands:
- Type
Code:
adb push systemroot /data/local/tmp
What it will look like:
C:\Users\Thomas\Desktop\Minimal ADB and Fastboot>adb push systemroot /data/local/tmp
/data/local/tmp/systemroot/: 8 files pushed. 0 files skipped. 10.0 MB/s (7072263 bytes in 0.673s)
- Type
Code:
adb shell chmod -R 7777 /data/local/tmp
What it will look like:
C:\Users\Thomas\Desktop\Minimal ADB and Fastboot>adb shell chmod -R 7777 /data/local/tmp
C:\Users\Thomas\Desktop\Minimal ADB and Fastboot>
- Type
Code:
adb shell setsid su
What it will look like:
C:\Users\Thomas\Desktop\Minimal ADB and Fastboot>adb shell setsid su
(It will be blank with the blinking cursor, move to next step)
- Type
Code:
id
(you should at this point see that your are in a root shell!)
What it will look like:
id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:shell:s0
- Type
Code:
echo /data/local/tmp/systemroot/remount2.sh > /sys/kernel/uevent_helper
What it will look like:
echo /data/local/tmp/systemroot/remount2.sh > /sys/kernel/uevent_helper
(Again, it will be blank with a blinking cursor after you type the command in, move to next step)
- WAIT ABOUT 30 SECONDS BEFORE MOVING TO THE NEXT COMMAND
- Type "
Code:
mount
" (you should now see rw next to rootfs and system partitions)
What it will look like:
mount
(After we type in mount, we are looking for the below two items to say rw like they do in the next two lines)
rootfs on / type rootfs (rw,seclabel,size=1586716k,nr_inodes=396679)
/dev/block/sda19 on /system type ext4 (rw,seclabel,relatime)
- Type
Code:
sh /data/local/tmp/systemroot/root.sh
What it will look like:
sh /data/local/tmp/systemroot/root.sh
rm: /system/bin/install-recovery.sh: No such file or directory
cp: /system/bin/.ext/.su: No such file or directory
chmod: /system/bin/.ext/.su: No such file or directory
chcon: /system/bin/.ext/.su: No such file or directory
touch: '/data/.supersu': Permission denied
/data/local/tmp/systemroot/root.sh[55]: can't create /data/.supersu: Permission denied
chmod: /data/.supersu: No such file or directory
C:\Users\Thomas\Desktop\Minimal ADB and Fastboot\NEWSAMPWNDFILES>
5) If you followed all of the above commands to the T, your device will reboot and you will have SuperSU installed.
6) Install Flashfire from the Play Store.
7) Up to this point, you are on an ENG system.img with root that doesn't function the way we would like it to. This means you will feel a vibrate every time you try to gain SU access as well as it will take quite a while for an SU prompt. You can stay on this root if you would like to experiment with the ENG system, but outside of that I would HIGHLY recommend you proceed to the STEP 2 PROCESS.
PART 2 Instructions:
1) Download the PART 2 FILES listed below (this includes the system.img.ext4 and the add CSC Systemroot zip both provided courtesy of @jrkruse , view post #195 for specifics on what these are but essentially they are stock QD2 system.img and the zip has multi CSC, root, and a bunch of other goodies!)
2) Extract the System.img.ext4 zip and place that actual "system.img.ext4" onto the Internal SD Card (might work from external but some users have reported issues with chainfires root.zip and FF with external sd cards, this is not a fault of the SamPWND files/process.)
3) Place the entire Add CSC Systemroot zip onto Internal or Externdal SD Card (THIS FILE DOES NOT NEED TO BE UNZIPPED, THROW THE WHOLE ZIP FILE ONTO SD CARD OR INTERNAL)
4) Open Flashfire and grant it root when it prompts you. IF FLASHFIRE IS NOT LOADING FILES AND YOU JUST SEE A CIRCLE OR LIKE ITS CONSTANTLY LOADING, PUT THE PHONE IN AIRPLANE MODE AND THEN GO BACK INTO FLASHFIRE AND THE FILES SHOULD NOW APPEAR.
5) Press the + sign and select "Flash Firmware Package" & navigate to where you placed the system.img.ext4 and select it
6) Press the + sign and select "Flash ZIP or OTA" & navigate to where you placed the Add CSC Systemroot zip and select it, select Mount System as r/w
7) Press the + sign and select "Wipe" and select System data, 3rd party apps, Dalvik cache, Cache partiton, Cache Partiton format
8) Now, long press on "Wipe" and make sure it is on the top by dragging it. The order should be Wipe, Flash Firmware Package & finally Flash ZIP or OTA
9) Make sure the "Everoot" is disabled!
10) Flash away!
If you followed all of PART 1, then followed all of PART 2, then you will be updated to QD2, rooted with busybox (and have some other goodies) and the phone will be running great! Root will be stable and snappy as ever. Adaway, Root Checker, V4A etc. etc. are now all possible.
XDA:DevDB Information
S8 Plus SamPWND ROOT, ROM for the Samsung Galaxy S8+
Contributors
elliwigy
ROM OS Version: 7.x Nougat
ROM Kernel: Linux 4.x
ROM Firmware Required: Android 7.0, Any Current Firmware
Based On: Stock Touchwiz
Version Information
Status: Beta
Current Stable Version: 1
Stable Release Date: 2017-08-19
Current Beta Version: 1
Beta Release Date: 2017-08-19
Created 2017-08-19
Last Updated 2017-08-19
DOWNLOADS SECTION:
PART 1 FILES:
SamPWND_Root.zip
https://mega.nz/#!8YcgTSwI!hIfbdJZ466sr1AyfiHLdtr1p-To0QdthTPDmVwtv0dc
Initial ODIN 4 Files FIRMWARE
https://mega.nz/#!5cUjnCwK!Zgw5_CaINbES08gwDzl7yMN0N4nzm56Fa12ow-gppKA
Mirror: https://www.androidfilehost.com/?fid=961840155545589828
AFH MD5: 73720c409782b751355b9443a003a6e8
Normal + Comsey ODIN
https://mega.nz/#!cFN2DD4C!I7AT4TgNSzBp7Py0UhC7pHZ0M4WDQhEC5qj2xD_qluM
Systemroot + ADB zip - OLD
https://mega.nz/#!1MVDhZxQ!Wd4Umvju1sS1DAe-jBcTue9NKSJ4co0I2gwiyC3c2pE
PART 2 FILES: (Potentially will be providing a rom.zip soon that will have latest updated U1 with multi CSC pre-rooted with other goodies)
system.img.ext4
https://www.androidfilehost.com/?fid=817550096634794132
Add CSC Systemroot
https://www.androidfilehost.com/?fid=745425885120757028
For more info on these files please see @jrkruse post located here:
https://forum.xda-developers.com/showpost.php?p=73489978&postcount=925
THANK HIM WHILE YOU'RE AT IT!
@elliwigy @Harry44 @akiraO1 @BotsOne
These months these four people are very hard, and I very relaxed!! lol
Cool Job!
GSM CHEN said:
@[email protected]@[email protected]
These months these four people are very hard, and I very relaxed!! lol
Click to expand...
Click to collapse
haha but we know it wouldnt be possible without you man
Dam it, if I wasnt drunk, and tired, I eould vet myself out of bed and do this now, lol. Thanks for all your hard work.
One thing i would suggest would be to either put the commands that need to be typed in as bold face type or im not sure if its possible on here, as im on my phone atm, but there are Code/code tags avaiable that will make them easier to copy and paste.
Again, thanks for this......I did not think it was going to be possible. This will be my morning present when i wake up, feels like Xmas.......
theboz1419 said:
Dam it, if I wasnt drunk, and tired, I eould vet myself out of bed and do this now, lol. Thanks for all your hard work.
One thing i would suggest would be to either put the commands that need to be typed in as bold face type or im not sure if its possible on here, as im on my phone atm, but there are Code/code tags avaiable that will make them easier to copy and paste.
Again, thanks for this......I did not think it was going to be possible. This will be my morning present when i wake up, feels like Xmas.......
Click to expand...
Click to collapse
to be honest its late haha, threw it together lol ill try to tidy it up when i get time lol
Awesome can't wait to try this out soon!
elliwigy said:
to be honest its late haha, threw it together lol ill try to tidy it up when i get time lol
Click to expand...
Click to collapse
You are forgiven, lol. I figured it would be out in the morning, just not this early in the morning.
You guys should have gotten some sleep you may need it after this weekend.
What a nice thing to wake up to when I'm getting ready to head to work at 530 in the morning lol. Can't wait to give this a shot once I get off work 12 hours later. Thanks for everything devs.
S8 thread will be posted tomorrow, too late to do it tonight
You guys are the ****. Thanks for all of your hard work.
Just want to know if Knox will be triggered or not? Please also add this to the first post [emoji397]
Where's the best place to get the stock firmware we might need just in case? As far as best download speed etc.
Wow,. I honestly didn't think it was possible. Amazing accomplishment ellwigy.
Sent from my SM-G955W using XDA-Developers Legacy app
powerstroke said:
Where's the best place to get the stock firmware we might need just in case? As far as best download speed etc.
Click to expand...
Click to collapse
I got mine here... Took awhile to download... Someone gave me the link in the 955U1 thread
http://updato.com/firmware-archive-select-model?record=F6B451FD73EE11E7963AFA163EE8F90B
Also do we need to back up our EFS/Imei stuff? I know its recommended when flashing roms in recovery but our bootloader is locked.... Is there a way to back up without root?
Edit* I asked about the backup before in a previous thread but didn't get an answer.... Sorry to ask again
Techvir said:
Just want to know if Knox will be triggered or not? Please also add this to the first post [emoji397]
Click to expand...
Click to collapse
Knox is not triggered
Kjc99 said:
I got mine here... Took awhile to download... Someone gave me the link in the 955U1 thread
http://updato.com/firmware-archive-select-model?record=F6B451FD73EE11E7963AFA163EE8F90B
Click to expand...
Click to collapse
And this will work with Sprint S8+ Correct? Lastly, since the latest update which included Sprint LTE Plus calling. We will still manage to have that feature after root right? Because boy do I enjoy being able to browse the internet and being on a call at the same time again lol
powerstroke said:
And this will work with Sprint S8+ Correct? Lastly, since the latest update which included Sprint LTE Plus calling. We will still manage to have that feature after root right? Because boy do I enjoy being able to browse the internet and being on a call at the same time again lol
Click to expand...
Click to collapse
If you have the system.img for the latest update then correct, if not and you want those features with root you will have to download the AP and CSC from thw firmware you want
powerstroke said:
And this will work with Sprint S8+ Correct? Lastly, since the latest update which included Sprint LTE Plus calling. We will still manage to have that feature after root right? Because boy do I enjoy being able to browse the internet and being on a call at the same time again lol
Click to expand...
Click to collapse
I have the U1 model so I'm not sure...
Edit* Deleted
Hello everyone. I have a problem.
I'm building AOSP 8.0.0_r11 for Pixel XL and when I flash the result zip I'm getting a bootloop.
How am I building?
1) Select java 1.8
2) cd AOSP_8.0
3) source build/ensetup.sh
4) lunch aosp_marlin-userdebug
5) make -j9 updatepackage
6) wait a couple of hours
7) PROFIT
I know the ROM needs vendor blobs, I have them downloaded, extracted and extracted from .sh files.
How does the bootloop look?
Power On->Message about unlocked bootloader->0.5 second of white screen with Android on it-> reboot->repeat.
How do I flash the ROM?
I tried:
1) fastboot update -w aosp_marlin-img-eng.user.zip
and
2) extracted everything from zip and fastboot flash --slot _a PARTITION IMG_FILE
What am I doing wrong? Did anyone have success in building AOSP for this phone?
Did you "make clobber" after installing the drivers? If not, run it then try your make command again.
Alternatively, try "make otapackage" instead of "updatepackage" and then flash it in fastboot.
Also, why are you using the -j9 parameter?
noidea24 said:
Did you "make clobber" after installing the drivers? If not, run it then try your make command again.
Alternatively, try "make otapackage" instead of "updatepackage" and then flash it in fastboot.
Also, why are you using the -j9 parameter?
Click to expand...
Click to collapse
I did "make clobber". It just removes the build directory like "make clean". And this step is redundant if you never built the system before (with or without binaries).
Why make -j9? Because it shows better performance than just make. I know the build system should get the cores number and set the number of build threads, but for some reasons it doesn't do it very well.
P.S. I tried to "make" without -j9 and it is MUCH slower than with -j9.
Are you using the most updated fastboot and adb and sure your computer's variables aren't using an older one also? That was my issue when flashing Oreo.
buru898 said:
Are you using the most updated fastboot and adb and sure your computer's variables aren't using an older one also? That was my issue when flashing Oreo.
Click to expand...
Click to collapse
I'm using those that come with Android Studio 2.3.3 updated to latest versions of all components. That's not the problem with slots support - everything flashes without errors.
Slavon-93 said:
Hello everyone. I have a problem.
I'm building AOSP 8.0.0_r11 for Pixel XL and when I flash the result zip I'm getting a bootloop.
How am I building?
1) Select java 1.8
2) cd AOSP_8.0
3) source build/ensetup.sh
4) lunch aosp_marlin-userdebug
5) make -j9 updatepackage
6) wait a couple of hours
7) PROFIT
I know the ROM needs vendor blobs, I have them downloaded, extracted and extracted from .sh files.
How does the bootloop look?
Power On->Message about unlocked bootloader->0.5 second of white screen with Android on it-> reboot->repeat.
How do I flash the ROM?
I tried:
1) fastboot update -w aosp_marlin-img-eng.user.zip
and
2) extracted everything from zip and fastboot flash --slot _a PARTITION IMG_FILE
What am I doing wrong? Did anyone have success in building AOSP for this phone?
Click to expand...
Click to collapse
More than those blobs are necessary. Look at a invisibleks marlin lineageos device tree to get an idea of what files need to extracted and put in vendor.
Make clobber also cleans out configuration files, in case some of them had been created before the drivers/binaries have been extracted. Speaking of binaries again, did you install the Qualcomm ones?
My build environment is a i7 3770, with 8gb ram, and two blues in raid 0. To get my build compiled correctly, I had to disable ninja and I used -j8.
******
Tomorrow, I'll run a update and build Oreo on my machine from a clean directory and I'll get back with times before end after ccache is filled.
npjohnson said:
More than those blobs are necessary. Look at a invisibleks marlin lineageos device tree to get an idea of what files need to extracted and put in vendor.
Click to expand...
Click to collapse
Well, I don't know about Pixel, but when I had some experience in building AOSP for Nexus 5, Nexus 6, Nexus 9, binaries from Google and Qualcomm were a required minimum to get system booted. And if I wanted to get rid of some errors in logcat, I had to add some additional libraries, but the system booted and worked.
noidea24 said:
Speaking of binaries again, did you install the Qualcomm ones?
Click to expand...
Click to collapse
Yes, of course. I went to google binaries section, selected marlin 8.0.0 and downloaded two .sh files - one from Google, and the other from Qualcomm. Then I extracted them and got a vendor forder which has google_devices/marlin and qcom/marlin folders inside.
I'm curious to know how your process to flash the rom zip works? I've been sitting on a rom build for days because I can't get Twrp to work properly. Also, if your worried about your blobs/vendors the repos are starting to show up on GitHub.
cjkacz said:
I'm curious to know how your process to flash the rom zip works? I've been sitting on a rom build for days because I can't get Twrp to work properly. Also, if your worried about your blobs/vendors the repos are starting to show up on GitHub.
Click to expand...
Click to collapse
I'm sorry if I misundestood the question. I don't undestand why you should need TWRP because you just get the sources, get the blobs, compile them and get a zip file which can be flashed with fastboot command. So, no TWRP in this process is needed. I still don't know how all these ROM creators make zips for flashing with TWRP...
So I was able to get AOSP booting using the basic steps and blobs provided from the script. Even was able to activate the always on display
Zavon said:
So I was able to get AOSP booting using the basic steps and blobs provided from the script. Even was able to activate the always on display
Click to expand...
Click to collapse
Can you, please, describe in details these things:
1) What Linux did you use for building?
2) What revision of AOSP 8.0.0 did you download?
3) What version of blobs did you use?
4) Did you just download the 2 blobs .sh files to the root of the sources and execute them?
5) What AOSP configuration did you choose for building? (I mean aosp_marlin-userdebug or aosp_marlin_svelte-userdebug or aosp-sailfish-userdebug)
6) What command did you use for building?
7) Did you use ccache?
8) Did you flash Google Factory image of Oreo before flashing AOSP?
9) What command did you use to flash?
Slavon-93 said:
Can you, please, describe in details these things:
1) What Linux did you use for building?
2) What revision of AOSP 8.0.0 did you download?
3) What version of blobs did you use?
4) Did you just download the 2 blobs .sh files to the root of the sources and execute them?
5) What AOSP configuration did you choose for building? (I mean aosp_marlin-userdebug or aosp_marlin_svelte-userdebug or aosp-sailfish-userdebug)
6) What command did you use for building?
7) Did you use ccache?
8) Did you flash Google Factory image of Oreo before flashing AOSP?
9) What command did you use to flash?
Click to expand...
Click to collapse
I'm using a base ubuntu vm I built with 2 cores and 8gb ram. I used r11 if memory serves correct. I used the scripts from google and extracted from the factory image. The configuration I used is 21 (marlin-userdebug). I just used make -j8. Could careless about an update zip. And the factory image was on before I flashed using fastboot.
Side note, I also have ElementalX and SuperSU installed. suhide was giving me issues and I just have to figure out the Gapps (I'm a cop so time is hard to come by). I also enabled always on display but just remembered to enable the burnin protection
Please also read the additional notes in post #2, as they are critical to getting Magisk working.
I decided to do some tinkering around with Magisk, and it actually DOES work on the kindles (at least the 8.9"). The problem is, Magisk's patcher just isolates the ramdisk part of the boot.img and doesn't add the boot signature or other magic back to the image when it's time to reflash the patched boot image. By dd'ing the signature (and other files) back to the image, I can get Magisk to successfully boot.
As part of the working POC (because it's exciting to actually see this!), I've uploaded the patched "Magiskified" boot image (which originally comes from the 20180319 LineageOS 14.1 ROM that was built about a week ago). For reference, this is patched by Magisk v16.0, and the setup is basically the same as the official boot.img makefile directions from CM12.1. (It was the most arbitrary source I found, and I doubt the magic used to create the boot images has changed, so I'm just using that script as a reference.) Try to stick to that ROM if you can - no telling what different ROM versions/variants might do if you're not careful.
I plan on releasing a flashable .zip soon (probably in a month? I have college to work through) to automate the patching process, and possibly even extract the official installer zips to work through Magisk's patching scripts manually so the required boot magic can be patched back into the image before it's ever flashed. (I'll try to take requests to manually patch other ROM boot.imgs if asked to in the meantime though.)
As a friendly reminder, please do NOT flash the official Magisk installer zips or any patched boot images that the app produces as is - they need to be "repatched" with the boot magic, or you'll have to fastboot flash your ROM's boot.img manually because the kindle will hang at the bootloader screen.
Important notes
The official Magisk v16.0 zip must be flashed on first install/reinstall in order to properly construct the environment. Flash the boot image attached in the OP immediately after without rebooting in between, or the image Magisk flashed will prevent the kindle from booting normally without advanced intervention.
SafetyNet does NOT pass the basic integrity OR advanced checks. At least, v16 doesn't. Maybe an earlier Magisk build does - feel free to try it once I get the automated patcher zip up and running.
For now, because you're flashing on LineageOS, you may want to flash the LOS 14.1 arm-based su removal zip from Lineage's downloads site. Verify you're downloading arm and not arm64.
How does one go about patching the boot image thats modified by magisk so it's able to be flashed?
kn0wbodh1 said:
How does one go about patching the boot image thats modified by magisk so it's able to be flashed?
Click to expand...
Click to collapse
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
monster1612 said:
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
Click to expand...
Click to collapse
Thank you very much for the detailed instructions. I'll be keeping an eye out for the automated patcher you mentioned. Would love to try out magisk on my 2015 fire.
kn0wbodh1 said:
Thank you very much for the detailed instructions. I'll be keeping an eye out for the automated patcher you mentioned. Would love to try out magisk on my 2015 fire.
Click to expand...
Click to collapse
The instructions only work against the 2012 fire (HD 8.9", 2nd generation). They will more than likely brick any other device. I don't recommend trying the instructions unless you're 100% sure your device is that specific model.
Hi, a month ago i flashed oifficial magisk 16 zip on a 8.9 kindle fire hd, and as you said, dont boot anymore, just satys on the kindle fire logo, please can you tell me how can i restore my device?, i havent used it in almost 3 years and i dont have a clue on what to do, i just wanted to install viper4android and now is dead.
erick_gc said:
Hi, a month ago i flashed oifficial magisk 16 zip on a 8.9 kindle fire hd, and as you said, dont boot anymore, just satys on the kindle fire logo, please can you tell me how can i restore my device?, i havent used it in almost 3 years and i dont have a clue on what to do, i just wanted to install viper4android and now is dead.
Click to expand...
Click to collapse
https://forum.xda-developers.com/showthread.php?t=2128848&p=75525760
I know it's not for the 8.9" but I was able to get my 7" working by repeating the procedure in step 5. Magisk messes up the kernel on the Kindle so all you have to do is reflash the kernel. You'll need a fastboot cable to get in fastboot mode though.
Take a look at the few posts before the one I linked to.
just wondering if you've had any luck with the flashable zip for magisk? Not confident enough to try it manually. Thanks in advance.
monster1612 said:
Please also read the additional notes in post #2, as they are critical to getting Magisk working.
I decided to do some tinkering around with Magisk, and it actually DOES work on the kindles (at least the 8.9"). The problem is, Magisk's patcher just isolates the ramdisk part of the boot.img and doesn't add the boot signature or other magic back to the image when it's time to reflash the patched boot image. By dd'ing the signature (and other files) back to the image, I can get Magisk to successfully boot.
As part of the working POC (because it's exciting to actually see this!), I've uploaded the patched "Magiskified" boot image (which originally comes from the 20180319 LineageOS 14.1 ROM that was built about a week ago). For reference, this is patched by Magisk v16.0, and the setup is basically the same as the official boot.img makefile directions from CM12.1. (It was the most arbitrary source I found, and I doubt the magic used to create the boot images has changed, so I'm just using that script as a reference.) Try to stick to that ROM if you can - no telling what different ROM versions/variants might do if you're not careful.
I plan on releasing a flashable .zip soon (probably in a month? I have college to work through) to automate the patching process, and possibly even extract the official installer zips to work through Magisk's patching scripts manually so the required boot magic can be patched back into the image before it's ever flashed. (I'll try to take requests to manually patch other ROM boot.imgs if asked to in the meantime though.)
As a friendly reminder, please do NOT flash the official Magisk installer zips or any patched boot images that the app produces as is - they need to be "repatched" with the boot magic, or you'll have to fastboot flash your ROM's boot.img manually because the kindle will hang at the bootloader screen.
Click to expand...
Click to collapse
barcia99 said:
just wondering if you've had any luck with the flashable zip for magisk? Not confident enough to try it manually. Thanks in advance.
Click to expand...
Click to collapse
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
monster1612 said:
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
Click to expand...
Click to collapse
thank's much. i'll continue to do some research also. i've had this kindle since it came out and remains stable with root and twrp. runs smooth and just plain like it. only negative is no sd card slot. again thanks for your hard work.
Hoping for the automated package
Here's hoping you get time to finish the automated flash package. I am not confident enough to attempt this even with your detailed instructions.
monster1612 said:
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
Click to expand...
Click to collapse
Successfully patched the boot image and installed magisk 18 and installed some modules and they work
Trey n said:
Successfully patched the boot image and installed magisk 18 and installed some modules and they work
Click to expand...
Click to collapse
Great! Will you post the boot image? What modules have you tried? Is Wifi, Bluetooth, and LTE working?
kgiesselman said:
Great! Will you post the boot image? What modules have you tried? Is Wifi, Bluetooth, and LTE working?
Click to expand...
Click to collapse
took me a while but also finally got it all working. Thanks for this guide. It may help us in the 7, 8 and 10 tablets. I also note my Jem is currently on CM13
monster1612 said:
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
Click to expand...
Click to collapse
This works on the Kindle Fire HD 7 as well, just use the files from the Tate repository.
Devo7v said:
https://forum.xda-developers.com/showthread.php?t=2128848&p=75525760
I know it's not for the 8.9" but I was able to get my 7" working by repeating the procedure in step 5. Magisk messes up the kernel on the Kindle so all you have to do is reflash the kernel. You'll need a fastboot cable to get in fastboot mode though.
Take a look at the few posts before the one I linked to.
Click to expand...
Click to collapse
I also have the same issue, but I'm confused as to your referencing for Step 5, because the guide says specifically not to flash the freedom-boot image if you already have a custom ROM present. Can you reiterate on what to do, please, or can I ignore this warning?
BrianSamsungTab said:
I also have the same issue, but I'm confused as to your referencing for Step 5, because the guide says specifically not to flash the freedom-boot image if you already have a custom ROM present. Can you reiterate on what to do, please, or can I ignore this warning?
Click to expand...
Click to collapse
I reflashed the freedom-boot and got everything working properly. It's been a few months so I don't remember if i had to continue anything when it finally booted, but I do know that I didn't lose any data. I still don't know if you need to flash freedom-boot, but it works if you do.
a little late to the party but-
i recently made the mistake of installing magisk and it put the kindle in a bootloop. is there a way to push the stock boot.img with this method or is that too quick and dirty
any advice is appreciated. im tempted to just do a full wipe via the stock recovery but if theres a more surgical method id go for it. i also have a linux debian machine available.
==== READ THIS POST BEFORE ROOTING ====https://www.reddit.com/r/surfaceduo/comments/wn5joi/a_warning_to_wouldbe_developers_and_hobbyist/
(ORIGINAL GUIDE BELOW)Since the last guy hasn't been updating his op, I figured I'd start a fresh thread with what we know and what to do for newcomers.
I will not be posting patched boot images in this thread, I'm a firm believer of "give you steps to follow from the top so you know what's going on and can do this yourself in the future". The more hands we have in the kitchen, the more we learn, and the better we are off as a community.
Walkthroughs for both fresh rooting and updating while rooted are both below:
==== FRESH ROOT ====
0. make sure USB debugging is on in settings > developer options
0. make sure the phone's bootloader is actually unlocked, if the below doesn't work, back up all the data on your phone because we're about to wipe it
Code:
.\fastboot.exe flashing unlock
.\fastboot.exe flashing unlock_critical
I did both, but it might only require one of the two, if you only did one and it doesn't work you may not be fully unlocked and might have to do the other. Both of these commands from the bootloader will factory reset your phone. if you've already done this, go to step 1.
1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image
2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip
3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools
4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing and used in the below examples)
5. open powershell, and cd to that folder.
6. from the folder, run it like this
Code:
PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
(this will extract a bunch of stuff, boot.img is all we care about today)
6a. if you don't have python, get it from ninite https://ninite.com/pythonx3/ and go back to step 5/6 and try again, you will likely also need to do a "pip install protobuf" to get the required python libraries for payload-dumper
7. download the latest version of magisk manager (the new magisk app may work, but I've not tested it, this is the exact version I am using on the exact phone you are using. If you feel like trying the app please report in the thread below!) https://github.com/topjohnwu/Magisk/releases/download/manager-v8.0.7/MagiskManager-v8.0.7.apk
8. install magisk manager on your phone
9. make a text file, I called mine magisk_channel.txt and put this in it
Code:
https://raw.githubusercontent.com/Lethany/magisk_files/0755a7d5f596dc2a351270120b31b665fb561294/stable.json
this is the "custom" channel we are using to force an older version of magisk that doesn't choke on our device like newer versions do.
10. use usb data transfer mode to copy the boot.img file we extracted from step 6 and the text file we created in step 8 to your phone's internal storage, I have a folder on the root of the internal storage directory called Z_Phone, but anywhere is fine as long as you know where it is and remember it later.
11. in magisk manager, click the gear in the top right and then select "update channel" > "custom channel"
12. use your duo's dank duo mode to open a file browser on the other screen, open the text file we made in step 9
13. copy and paste the custom channel text into the custom channel field under update channel in magisk so it has the text from step 9 in it. (the text file just saves us typing it out by hand)
14. go back to the magisk main screen, and click install next to "magisk"
14b. click next
14c. click "select and patch a zip file"
14d. browse to the location we uploaded boot.img to in step 9 and select boot.img
14e. click let's go
(this will create the patched boot.img, it'll be named magisk_patched_[some garbage].img)
15. open the internal storage on your PC again, and go to your phone's "downloads" folder, it'll have that patched boot.img (if you've tried this a bunch of times and don't remember which one we just made, feel free to delete all the old ones and do 14-14e again) copy this patched_boot.img to your computer, I just put it in that same folder as step 4
16. in powershell, cd back to that same working folder we've been using and run
Code:
.\adb.exe reboot bootloader
The phone will reboot to the bootloader and we can now try booting the patched image
16. in powershell, run
Code:
.\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
17. if your phone boots, that's a great sign and we're out of the woods, nothing else will probably go wrong from here, if it doesn't boot factory reset your phone and start at step 0.
18. open an adb shell prompt and make our boot partitions writable with the below 4 lines, run one by one. Right now we're "rooted" but we've booted off an image over usb, what we really want is to boot off the images on your phone so we need to.
Code:
.\adb.exe shell
su
chmod 777 /dev/block/by-name/boot_a
chmod 777 /dev/block/by-name/boot_b
19. write the patched boot image to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
(my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
)
20. reboot your phone via the power button menu and if all went well, you're now rooted!
==== UPDATE WHILE ROOTED ====
1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image
2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip
3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools
4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing)
5. open powershell, and cd to that folder.
6. from the folder, run it like this
Code:
PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
(this will extract a bunch of stuff, boot.img is all we care about today)
7. boot off of your old magisk patched boot image
Code:
.\adb.exe reboot bootloader
.\fastboot.exe boot ..\[LAST VERSION'S FOLDER]\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
8. write the old, unpatched boot partition to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_b
(my unpatched boot image is in a folder called "Z_Phone" and my unpatched image in this example is called "boot.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/boot.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/boot of=/dev/block/by-name/boot_b
)
9. reboot
10. run the OTA update on your now freshly stock phone
11. use magisk to patch the new boot image same as in the first root instructions (14a-14e)
12. copy this patched image off of the phone and into our working directory. leave a copy of this on the phone (I put it in my Z_Phone folder)
13. reboot to bootloader (in powershell, in that same working folder we've been using run)
Code:
.\adb.exe reboot bootloader
14. Boot your phone using the patched boot image (in powershell, run)
Code:
.\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
15. write the patched boot image to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
(my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
)
16. reboot and you're updated and rooted!
special thanks to Perseu5 and his original thread!
Unlocking Bootloader/ Magisk Attempt
MAGISK FULL GUIDE (APK for install and other mods coming soon!) The bootloader unlock is pretty similar to any other phone. Go to settings>about> click on build number until developer options are enabled. Go back and select system>Developer...
forum.xda-developers.com
Nice work!
NTchrist said:
special thanks to Perseu5 and his original thread!
Unlocking Bootloader/ Magisk Attempt
MAGISK FULL GUIDE (APK for install and other mods coming soon!) The bootloader unlock is pretty similar to any other phone. Go to settings>about> click on build number until developer options are enabled. Go back and select system>Developer...
forum.xda-developers.com
Click to expand...
Click to collapse
my magisk still shows that theres an update pending for the framework. when i try to patch the stock boot or the custom, it doesnt boot past the windows logo. im guessing the update is for Magisk 21+?
LocBox said:
my magisk still shows that theres an update pending for the framework. when i try to patch the stock boot or the custom, it doesnt boot past the windows logo. im guessing the update is for Magisk 21+?
Click to expand...
Click to collapse
Magisk updates are based on the git channel it's fed. Best guess is you don't have the same git repo as in the guide. If you feed it a repo link to a static version it should never be aware of any updates ever. As far as the app is concerned you're on the latest version.
On vacation until Wed, then I'll push through the new patch and update the guide
update process works successfully and is unchanged from previous versions
update process for 2021.525.62 works successfully and is unchanged from previous versions
This is incredibly helpful! I didn't even know you could unpack the payload.bin lol. I'll be doing some work in the kitchen thanks to this!
For anyone who needs it, here is a patched boot.img for ATT Locked 2021_525_63
nevergrownup said:
For anyone who needs it, here is a patched boot.img for ATT Locked 2021_525_63
Click to expand...
Click to collapse
Can you send the link or tell me how you were able to get the boot.img? When I try to download the factory image from MS, it is still giving me 2021.419.71.
EDIT: The new "Surface Duo - 256GB - Android 10 - ATT - 2021.525.63" recovery image is available on the "Surface Recovery Image Download" page. Thanks nevergrownup for giving me the heads up on Reddit
Is anyone on 2021.525.63 having issues? I've followed the exact guide above, as well as using the newest Magisk version & attempting to boot the patched boot.img just leads my Duo to hang on the Microsoft logo. Just want to see if anyone else has an issue or it's just me.
Thanks.
Veritas06 said:
Is anyone on 2021.525.63 having issues? I've followed the exact guide above, as well as using the newest Magisk version & attempting to boot the patched boot.img just leads my Duo to hang on the Microsoft logo. Just want to see if anyone else has an issue or it's just me.
Thanks.
Click to expand...
Click to collapse
when flashing stock July, my lockscreen keypad is frozen. cant unlock t to use.
LocBox said:
when flashing stock July, my lockscreen keypad is frozen. cant unlock t to use.
Click to expand...
Click to collapse
That's on a fresh install or after flashing the Magisk-modified boot.img?
I'm about to restore with the recovery image & start this again, in case there's some different between OTA & recovery.
EDIT: Doing a factory reset, ADB sideload of the recovery image, creating the new Magisk boot.img, & booting still doesn't work. I'm going to try the guide's version one more time to use the older version of Magisk Manager & the custom channel, but based on previous experience, I'm not hopeful. I only bought this as a device to have fun with because it can be rooted, so I'm regretting this purchase right now =\
Veritas06 said:
That's on a fresh install or after flashing the Magisk-modified boot.img?
I'm about to restore with the recovery image & start this again, in case there's some different between OTA & recovery.
EDIT: Doing a factory reset, ADB sideload of the recovery image, creating the new Magisk boot.img, & booting still doesn't work. I'm going to try the guide's version one more time to use the older version of Magisk Manager & the custom channel, but based on previous experience, I'm not hopeful. I only bought this as a device to have fun with because it can be rooted, so I'm regretting this purchase right now =\
Click to expand...
Click to collapse
I do have the factory unlocked, not the ATT version. In my experience when your lockscreen touch input is not recognized, that happens when either the boot image doesn't match the factory image, or someone has used the factory unlocked boot on an ATT phone or vice-versa.
I'd try a dirty flash of the complete applicable factory images (not just boot/recovery) and then factory reset, then start again from the top. It's possible one of your updates didn't complete or something's become inconsistent between A/B
NTchrist said:
I do have the factory unlocked, not the ATT version. In my experience when your lockscreen touch input is not recognized, that happens when either the boot image doesn't match the factory image, or someone has used the factory unlocked boot on an ATT phone or vice-versa.
I'd try a dirty flash of the complete applicable factory images (not just boot/recovery) and then factory reset, then start again from the top. It's possible one of your updates didn't complete or something's become inconsistent between A/B
Click to expand...
Click to collapse
Thanks. I never even got far enough to see failed touch input, but may try rooting again this weekend. I wasn't able to ever get past the MS logo on boot, after attempting to fastboot boot the Magisk-modified boot.img.
I am in the same boat as Veritas is. My Duo is from ATT and hangs on the Microsoft logo as well. I am very new to rooting and what goes into it so a lot of this stuff I am seeing for the first time. How do I know if I have the correct boot? I went through the whole process of extracting the boot image from the recovery file for my phone off of the Microsoft website. Does that get me the right boot to use?
ThrowARoot said:
I am in the same boat as Veritas is. My Duo is from ATT and hangs on the Microsoft logo as well. I am very new to rooting and what goes into it so a lot of this stuff I am seeing for the first time. How do I know if I have the correct boot? I went through the whole process of extracting the boot image from the recovery file for my phone off of the Microsoft website. Does that get me the right boot to use?
Click to expand...
Click to collapse
It should, yes. Unfortunately I do not have an ATT phone to test against. You'd have to have someone else in the thread confirm it works on the ATT build. About the only thing you can do is boot to stock, and check that settings>about>build number matches the images you downloaded from microsoft (2021.525.62) at time of writing
Actually in checking my settings I noticed there was a new update available, so ignore the build number above just make sure the image you download matches the image on your device
NTchrist said:
Since the last guy hasn't been updating his op, I figured I'd start a fresh thread with what we know and what to do for newcomers.
I will not be posting patched boot images in this thread, I'm a firm believer of "give you steps to follow from the top so you know what's going on and can do this yourself in the future". The more hands we have in the kitchen, the more we learn, and the better we are off as a community.
Walkthroughs for both fresh rooting and updating while rooted are both below:
==== FRESH ROOT ====
0. make sure USB debugging is on in settings > developer options
0. make sure the phone's bootloader is actually unlocked, if the below doesn't work, back up all the data on your phone because we're about to wipe it
Code:
.\fastboot.exe flashing unlock
.\fastboot.exe flashing unlock_critical
I did both, but it might only require one of the two, if you only did one and it doesn't work you may not be fully unlocked and might have to do the other. Both of these commands from the bootloader will factory reset your phone. if you've already done this, go to step 1.
1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image
2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip
3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools
4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing and used in the below examples)
5. open powershell, and cd to that folder.
6. from the folder, run it like this
Code:
PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
(this will extract a bunch of stuff, boot.img is all we care about today)
6a. if you don't have python, get it from ninite https://ninite.com/pythonx3/ and go back to step 5/6 and try again
7. download the latest version of magisk manager (the new magisk app may work, but I've not tested it, this is the exact version I am using on the exact phone you are using. If you feel like trying the app please report in the thread below!) https://github.com/topjohnwu/Magisk/releases/download/manager-v8.0.7/MagiskManager-v8.0.7.apk
8. install magisk manager on your phone
9. make a text file, I called mine magisk_channel.txt and put this in it
Code:
https://raw.githubusercontent.com/Lethany/magisk_files/0755a7d5f596dc2a351270120b31b665fb561294/stable.json
this is the "custom" channel we are using to force an older version of magisk that doesn't choke on our device like newer versions do.
10. use usb data transfer mode to copy the boot.img file we extracted from step 6 and the text file we created in step 8 to your phone's internal storage, I have a folder on the root of the internal storage directory called Z_Phone, but anywhere is fine as long as you know where it is and remember it later.
11. in magisk manager, click the gear in the top right and then select "update channel" > "custom channel"
12. use your duo's dank duo mode to open a file browser on the other screen, open the text file we made in step 9
13. copy and paste the custom channel text into the custom channel field under update channel in magisk so it has the text from step 9 in it. (the text file just saves us typing it out by hand)
14. go back to the magisk main screen, and click install next to "magisk"
14b. click next
14c. click "select and patch a zip file"
14d. browse to the location we uploaded boot.img to in step 9 and select boot.img
14e. click let's go
(this will create the patched boot.img, it'll be named magisk_patched_[some garbage].img)
15. open the internal storage on your PC again, and go to your phone's "downloads" folder, it'll have that patched boot.img (if you've tried this a bunch of times and don't remember which one we just made, feel free to delete all the old ones and do 14-14e again) copy this patched_boot.img to your computer, I just put it in that same folder as step 4
16. in powershell, cd back to that same working folder we've been using and run
Code:
.\adb.exe reboot bootloader
The phone will reboot to the bootloader and we can now try booting the patched image
16. in powershell, run
Code:
.\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
17. if your phone boots, that's a great sign and we're out of the woods, nothing else will probably go wrong from here, if it doesn't boot factory reset your phone and start at step 0.
18. open an adb shell prompt and make our boot partitions writable with the below 4 lines, run one by one. Right now we're "rooted" but we've booted off an image over usb, what we really want is to boot off the images on your phone so we need to.
Code:
.\adb.exe shell
su
chmod 777 /dev/block/by-name/boot_a
chmod 777 /dev/block/by-name/boot_b
19. write the patched boot image to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
(my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
)
20. reboot your phone via the power button menu and if all went well, you're now rooted!
==== UPDATE WHILE ROOTED ====
1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image
2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip
3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools
4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing)
5. open powershell, and cd to that folder.
6. from the folder, run it like this
Code:
PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
(this will extract a bunch of stuff, boot.img is all we care about today)
7. boot off of your old magisk patched boot image
Code:
.\adb.exe reboot bootloader
.\fastboot.exe boot ..\[LAST VERSION'S FOLDER]\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
8. write the old, unpatched boot partition to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_b
(my unpatched boot image is in a folder called "Z_Phone" and my unpatched image in this example is called "boot.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/boot.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/boot of=/dev/block/by-name/boot_b
)
9. reboot
10. run the OTA update on your now freshly stock phone
11. use magisk to patch the new boot image same as in the first root instructions (14a-14e)
12. copy this patched image off of the phone and into our working directory. leave a copy of this on the phone (I put it in my Z_Phone folder)
13. reboot to bootloader (in powershell, in that same working folder we've been using run)
Code:
.\adb.exe reboot bootloader
14. Boot your phone using the patched boot image (in powershell, run)
Code:
.\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
15. write the patched boot image to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
(my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
)
16. reboot and you're updated and rooted!
Click to expand...
Click to collapse
Ok I am not sure what I am doing wrong and before anyone says anything is not my first or 10th phone I have rooted, first the so called image that you download from Microsoft is nothing but folders of useless text docs. and the patched magisk image in this thread says it works. I went through the whole set up it says the boot image was successfully done yet upon rebooting my device is not rooted. Can anyone help with this.