==== READ THIS POST BEFORE ROOTING ====https://www.reddit.com/r/surfaceduo/comments/wn5joi/a_warning_to_wouldbe_developers_and_hobbyist/
(ORIGINAL GUIDE BELOW)Since the last guy hasn't been updating his op, I figured I'd start a fresh thread with what we know and what to do for newcomers.
I will not be posting patched boot images in this thread, I'm a firm believer of "give you steps to follow from the top so you know what's going on and can do this yourself in the future". The more hands we have in the kitchen, the more we learn, and the better we are off as a community.
Walkthroughs for both fresh rooting and updating while rooted are both below:
==== FRESH ROOT ====
0. make sure USB debugging is on in settings > developer options
0. make sure the phone's bootloader is actually unlocked, if the below doesn't work, back up all the data on your phone because we're about to wipe it
Code:
.\fastboot.exe flashing unlock
.\fastboot.exe flashing unlock_critical
I did both, but it might only require one of the two, if you only did one and it doesn't work you may not be fully unlocked and might have to do the other. Both of these commands from the bootloader will factory reset your phone. if you've already done this, go to step 1.
1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image
2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip
3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools
4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing and used in the below examples)
5. open powershell, and cd to that folder.
6. from the folder, run it like this
Code:
PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
(this will extract a bunch of stuff, boot.img is all we care about today)
6a. if you don't have python, get it from ninite https://ninite.com/pythonx3/ and go back to step 5/6 and try again, you will likely also need to do a "pip install protobuf" to get the required python libraries for payload-dumper
7. download the latest version of magisk manager (the new magisk app may work, but I've not tested it, this is the exact version I am using on the exact phone you are using. If you feel like trying the app please report in the thread below!) https://github.com/topjohnwu/Magisk/releases/download/manager-v8.0.7/MagiskManager-v8.0.7.apk
8. install magisk manager on your phone
9. make a text file, I called mine magisk_channel.txt and put this in it
Code:
https://raw.githubusercontent.com/Lethany/magisk_files/0755a7d5f596dc2a351270120b31b665fb561294/stable.json
this is the "custom" channel we are using to force an older version of magisk that doesn't choke on our device like newer versions do.
10. use usb data transfer mode to copy the boot.img file we extracted from step 6 and the text file we created in step 8 to your phone's internal storage, I have a folder on the root of the internal storage directory called Z_Phone, but anywhere is fine as long as you know where it is and remember it later.
11. in magisk manager, click the gear in the top right and then select "update channel" > "custom channel"
12. use your duo's dank duo mode to open a file browser on the other screen, open the text file we made in step 9
13. copy and paste the custom channel text into the custom channel field under update channel in magisk so it has the text from step 9 in it. (the text file just saves us typing it out by hand)
14. go back to the magisk main screen, and click install next to "magisk"
14b. click next
14c. click "select and patch a zip file"
14d. browse to the location we uploaded boot.img to in step 9 and select boot.img
14e. click let's go
(this will create the patched boot.img, it'll be named magisk_patched_[some garbage].img)
15. open the internal storage on your PC again, and go to your phone's "downloads" folder, it'll have that patched boot.img (if you've tried this a bunch of times and don't remember which one we just made, feel free to delete all the old ones and do 14-14e again) copy this patched_boot.img to your computer, I just put it in that same folder as step 4
16. in powershell, cd back to that same working folder we've been using and run
Code:
.\adb.exe reboot bootloader
The phone will reboot to the bootloader and we can now try booting the patched image
16. in powershell, run
Code:
.\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
17. if your phone boots, that's a great sign and we're out of the woods, nothing else will probably go wrong from here, if it doesn't boot factory reset your phone and start at step 0.
18. open an adb shell prompt and make our boot partitions writable with the below 4 lines, run one by one. Right now we're "rooted" but we've booted off an image over usb, what we really want is to boot off the images on your phone so we need to.
Code:
.\adb.exe shell
su
chmod 777 /dev/block/by-name/boot_a
chmod 777 /dev/block/by-name/boot_b
19. write the patched boot image to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
(my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
)
20. reboot your phone via the power button menu and if all went well, you're now rooted!
==== UPDATE WHILE ROOTED ====
1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image
2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip
3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools
4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing)
5. open powershell, and cd to that folder.
6. from the folder, run it like this
Code:
PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
(this will extract a bunch of stuff, boot.img is all we care about today)
7. boot off of your old magisk patched boot image
Code:
.\adb.exe reboot bootloader
.\fastboot.exe boot ..\[LAST VERSION'S FOLDER]\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
8. write the old, unpatched boot partition to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_b
(my unpatched boot image is in a folder called "Z_Phone" and my unpatched image in this example is called "boot.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/boot.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/boot of=/dev/block/by-name/boot_b
)
9. reboot
10. run the OTA update on your now freshly stock phone
11. use magisk to patch the new boot image same as in the first root instructions (14a-14e)
12. copy this patched image off of the phone and into our working directory. leave a copy of this on the phone (I put it in my Z_Phone folder)
13. reboot to bootloader (in powershell, in that same working folder we've been using run)
Code:
.\adb.exe reboot bootloader
14. Boot your phone using the patched boot image (in powershell, run)
Code:
.\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
15. write the patched boot image to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
(my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
)
16. reboot and you're updated and rooted!
special thanks to Perseu5 and his original thread!
Unlocking Bootloader/ Magisk Attempt
MAGISK FULL GUIDE (APK for install and other mods coming soon!) The bootloader unlock is pretty similar to any other phone. Go to settings>about> click on build number until developer options are enabled. Go back and select system>Developer...
forum.xda-developers.com
Nice work!
NTchrist said:
special thanks to Perseu5 and his original thread!
Unlocking Bootloader/ Magisk Attempt
MAGISK FULL GUIDE (APK for install and other mods coming soon!) The bootloader unlock is pretty similar to any other phone. Go to settings>about> click on build number until developer options are enabled. Go back and select system>Developer...
forum.xda-developers.com
Click to expand...
Click to collapse
my magisk still shows that theres an update pending for the framework. when i try to patch the stock boot or the custom, it doesnt boot past the windows logo. im guessing the update is for Magisk 21+?
LocBox said:
my magisk still shows that theres an update pending for the framework. when i try to patch the stock boot or the custom, it doesnt boot past the windows logo. im guessing the update is for Magisk 21+?
Click to expand...
Click to collapse
Magisk updates are based on the git channel it's fed. Best guess is you don't have the same git repo as in the guide. If you feed it a repo link to a static version it should never be aware of any updates ever. As far as the app is concerned you're on the latest version.
On vacation until Wed, then I'll push through the new patch and update the guide
update process works successfully and is unchanged from previous versions
update process for 2021.525.62 works successfully and is unchanged from previous versions
This is incredibly helpful! I didn't even know you could unpack the payload.bin lol. I'll be doing some work in the kitchen thanks to this!
For anyone who needs it, here is a patched boot.img for ATT Locked 2021_525_63
nevergrownup said:
For anyone who needs it, here is a patched boot.img for ATT Locked 2021_525_63
Click to expand...
Click to collapse
Can you send the link or tell me how you were able to get the boot.img? When I try to download the factory image from MS, it is still giving me 2021.419.71.
EDIT: The new "Surface Duo - 256GB - Android 10 - ATT - 2021.525.63" recovery image is available on the "Surface Recovery Image Download" page. Thanks nevergrownup for giving me the heads up on Reddit
Is anyone on 2021.525.63 having issues? I've followed the exact guide above, as well as using the newest Magisk version & attempting to boot the patched boot.img just leads my Duo to hang on the Microsoft logo. Just want to see if anyone else has an issue or it's just me.
Thanks.
Veritas06 said:
Is anyone on 2021.525.63 having issues? I've followed the exact guide above, as well as using the newest Magisk version & attempting to boot the patched boot.img just leads my Duo to hang on the Microsoft logo. Just want to see if anyone else has an issue or it's just me.
Thanks.
Click to expand...
Click to collapse
when flashing stock July, my lockscreen keypad is frozen. cant unlock t to use.
LocBox said:
when flashing stock July, my lockscreen keypad is frozen. cant unlock t to use.
Click to expand...
Click to collapse
That's on a fresh install or after flashing the Magisk-modified boot.img?
I'm about to restore with the recovery image & start this again, in case there's some different between OTA & recovery.
EDIT: Doing a factory reset, ADB sideload of the recovery image, creating the new Magisk boot.img, & booting still doesn't work. I'm going to try the guide's version one more time to use the older version of Magisk Manager & the custom channel, but based on previous experience, I'm not hopeful. I only bought this as a device to have fun with because it can be rooted, so I'm regretting this purchase right now =\
Veritas06 said:
That's on a fresh install or after flashing the Magisk-modified boot.img?
I'm about to restore with the recovery image & start this again, in case there's some different between OTA & recovery.
EDIT: Doing a factory reset, ADB sideload of the recovery image, creating the new Magisk boot.img, & booting still doesn't work. I'm going to try the guide's version one more time to use the older version of Magisk Manager & the custom channel, but based on previous experience, I'm not hopeful. I only bought this as a device to have fun with because it can be rooted, so I'm regretting this purchase right now =\
Click to expand...
Click to collapse
I do have the factory unlocked, not the ATT version. In my experience when your lockscreen touch input is not recognized, that happens when either the boot image doesn't match the factory image, or someone has used the factory unlocked boot on an ATT phone or vice-versa.
I'd try a dirty flash of the complete applicable factory images (not just boot/recovery) and then factory reset, then start again from the top. It's possible one of your updates didn't complete or something's become inconsistent between A/B
NTchrist said:
I do have the factory unlocked, not the ATT version. In my experience when your lockscreen touch input is not recognized, that happens when either the boot image doesn't match the factory image, or someone has used the factory unlocked boot on an ATT phone or vice-versa.
I'd try a dirty flash of the complete applicable factory images (not just boot/recovery) and then factory reset, then start again from the top. It's possible one of your updates didn't complete or something's become inconsistent between A/B
Click to expand...
Click to collapse
Thanks. I never even got far enough to see failed touch input, but may try rooting again this weekend. I wasn't able to ever get past the MS logo on boot, after attempting to fastboot boot the Magisk-modified boot.img.
I am in the same boat as Veritas is. My Duo is from ATT and hangs on the Microsoft logo as well. I am very new to rooting and what goes into it so a lot of this stuff I am seeing for the first time. How do I know if I have the correct boot? I went through the whole process of extracting the boot image from the recovery file for my phone off of the Microsoft website. Does that get me the right boot to use?
ThrowARoot said:
I am in the same boat as Veritas is. My Duo is from ATT and hangs on the Microsoft logo as well. I am very new to rooting and what goes into it so a lot of this stuff I am seeing for the first time. How do I know if I have the correct boot? I went through the whole process of extracting the boot image from the recovery file for my phone off of the Microsoft website. Does that get me the right boot to use?
Click to expand...
Click to collapse
It should, yes. Unfortunately I do not have an ATT phone to test against. You'd have to have someone else in the thread confirm it works on the ATT build. About the only thing you can do is boot to stock, and check that settings>about>build number matches the images you downloaded from microsoft (2021.525.62) at time of writing
Actually in checking my settings I noticed there was a new update available, so ignore the build number above just make sure the image you download matches the image on your device
NTchrist said:
Since the last guy hasn't been updating his op, I figured I'd start a fresh thread with what we know and what to do for newcomers.
I will not be posting patched boot images in this thread, I'm a firm believer of "give you steps to follow from the top so you know what's going on and can do this yourself in the future". The more hands we have in the kitchen, the more we learn, and the better we are off as a community.
Walkthroughs for both fresh rooting and updating while rooted are both below:
==== FRESH ROOT ====
0. make sure USB debugging is on in settings > developer options
0. make sure the phone's bootloader is actually unlocked, if the below doesn't work, back up all the data on your phone because we're about to wipe it
Code:
.\fastboot.exe flashing unlock
.\fastboot.exe flashing unlock_critical
I did both, but it might only require one of the two, if you only did one and it doesn't work you may not be fully unlocked and might have to do the other. Both of these commands from the bootloader will factory reset your phone. if you've already done this, go to step 1.
1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image
2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip
3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools
4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing and used in the below examples)
5. open powershell, and cd to that folder.
6. from the folder, run it like this
Code:
PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
(this will extract a bunch of stuff, boot.img is all we care about today)
6a. if you don't have python, get it from ninite https://ninite.com/pythonx3/ and go back to step 5/6 and try again
7. download the latest version of magisk manager (the new magisk app may work, but I've not tested it, this is the exact version I am using on the exact phone you are using. If you feel like trying the app please report in the thread below!) https://github.com/topjohnwu/Magisk/releases/download/manager-v8.0.7/MagiskManager-v8.0.7.apk
8. install magisk manager on your phone
9. make a text file, I called mine magisk_channel.txt and put this in it
Code:
https://raw.githubusercontent.com/Lethany/magisk_files/0755a7d5f596dc2a351270120b31b665fb561294/stable.json
this is the "custom" channel we are using to force an older version of magisk that doesn't choke on our device like newer versions do.
10. use usb data transfer mode to copy the boot.img file we extracted from step 6 and the text file we created in step 8 to your phone's internal storage, I have a folder on the root of the internal storage directory called Z_Phone, but anywhere is fine as long as you know where it is and remember it later.
11. in magisk manager, click the gear in the top right and then select "update channel" > "custom channel"
12. use your duo's dank duo mode to open a file browser on the other screen, open the text file we made in step 9
13. copy and paste the custom channel text into the custom channel field under update channel in magisk so it has the text from step 9 in it. (the text file just saves us typing it out by hand)
14. go back to the magisk main screen, and click install next to "magisk"
14b. click next
14c. click "select and patch a zip file"
14d. browse to the location we uploaded boot.img to in step 9 and select boot.img
14e. click let's go
(this will create the patched boot.img, it'll be named magisk_patched_[some garbage].img)
15. open the internal storage on your PC again, and go to your phone's "downloads" folder, it'll have that patched boot.img (if you've tried this a bunch of times and don't remember which one we just made, feel free to delete all the old ones and do 14-14e again) copy this patched_boot.img to your computer, I just put it in that same folder as step 4
16. in powershell, cd back to that same working folder we've been using and run
Code:
.\adb.exe reboot bootloader
The phone will reboot to the bootloader and we can now try booting the patched image
16. in powershell, run
Code:
.\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
17. if your phone boots, that's a great sign and we're out of the woods, nothing else will probably go wrong from here, if it doesn't boot factory reset your phone and start at step 0.
18. open an adb shell prompt and make our boot partitions writable with the below 4 lines, run one by one. Right now we're "rooted" but we've booted off an image over usb, what we really want is to boot off the images on your phone so we need to.
Code:
.\adb.exe shell
su
chmod 777 /dev/block/by-name/boot_a
chmod 777 /dev/block/by-name/boot_b
19. write the patched boot image to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
(my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
)
20. reboot your phone via the power button menu and if all went well, you're now rooted!
==== UPDATE WHILE ROOTED ====
1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image
2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip
3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools
4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing)
5. open powershell, and cd to that folder.
6. from the folder, run it like this
Code:
PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
(this will extract a bunch of stuff, boot.img is all we care about today)
7. boot off of your old magisk patched boot image
Code:
.\adb.exe reboot bootloader
.\fastboot.exe boot ..\[LAST VERSION'S FOLDER]\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
8. write the old, unpatched boot partition to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_b
(my unpatched boot image is in a folder called "Z_Phone" and my unpatched image in this example is called "boot.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/boot.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/boot of=/dev/block/by-name/boot_b
)
9. reboot
10. run the OTA update on your now freshly stock phone
11. use magisk to patch the new boot image same as in the first root instructions (14a-14e)
12. copy this patched image off of the phone and into our working directory. leave a copy of this on the phone (I put it in my Z_Phone folder)
13. reboot to bootloader (in powershell, in that same working folder we've been using run)
Code:
.\adb.exe reboot bootloader
14. Boot your phone using the patched boot image (in powershell, run)
Code:
.\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img
15. write the patched boot image to your boot partitions with the below lines, again run one by one
Code:
adb shell
su
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
(my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
Code:
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
)
16. reboot and you're updated and rooted!
Click to expand...
Click to collapse
Ok I am not sure what I am doing wrong and before anyone says anything is not my first or 10th phone I have rooted, first the so called image that you download from Microsoft is nothing but folders of useless text docs. and the patched magisk image in this thread says it works. I went through the whole set up it says the boot image was successfully done yet upon rebooting my device is not rooted. Can anyone help with this.
Related
FINALLY!
We Present To You
SamPWND!
Root for the USA Variants of the S8 & S8 Plus Devices!
(This thread will focus only on the S8+)
This thread had been closed/locked until further notice. The thread and links should remain active and the thread has served it's purpose. You will need to search the thread if you have any questions pertaining to root or any errors/issues that you are facing. The other reason I have decided to close the thread is because it has gone off topic one too many times, people like to argue and debate and MODS have had to come in here 1 too many times to clean it up so as to make life easier, I will just shut it down. Please do not bombard me with PM's for root assistance because if it has been answered in this thread already (and it most likely has) I will just direct you to search in the thread if I am able to respond at all.
ALSO, please do not utilize our firmware/root files/method without gaining permission first or I will ask for the thread to be removed/locked. Just because the thread gets closed does not mean we didn't spend a lot of time to get to this point.
Thank you and enjoy SamPWND root!
DISCLAIMER:
We are not responsible for any damage done to your device as no one is "forcing" you to root your phone! If you are not sure of how to follow instructions or use ADB then I would suggest waiting for someone to help you or that you read up on how these things work before diving head first. The ENG system is not very stable when it comes to root as well as it has a ton of tools and binaries not available on stock devices so we are not responsible if you break something while on any firmwares but especially while on the ENG firmware.
DISCLAIMER 2:
Please do not take our work and post it elsewhere. We spent a lot of time on this for people to take it and use it as if it is their own. With that being said, if you have a better process for something or find any issues/errors, please PM myself or one of the listed contributors of this root method, do NOT post it directly in the thread because it causes confusion. We know with 100% certainty the files and method presented WORK. If it is not working for someone there are a number of possible reasons why. If users start modifying our files/scripts and posting them and you decide you are going to use someone else's files/scripts, do not post in our threads asking for us to help you because we will have no idea what was modified or changed and will just tell you to use the original files.
Returning to Stock:
- It is possible to return to 100% stock and it is very EASY to do.
- This is the reason why I provide both Normal, and Comsey ODIN's.
- All you need is a full stock 4 files firmware of your choice.
- Extract those files. Open ODIN and select the 4 files in their respective slots.
* IF YOU GET ERRORS such as model mismatch, start with 1 partition at a time to find out which one is throwing the error. (In my experience, it is the BL file that causes the error.) Once you find the culprit, throw that partition into the other ODIN. (For example, the BL file is giving an error in Comsey ODIN, throw the BL file in NORMAL ODIN and flash it by itself.)
* Typically you might have to throw individual partitions into either of the ODIN's but in the end you will be back on full stock firmware.
What doesn't work while rooted?
- On ANY ROOTED device, anything that utilizes "SafetyNet" will NOT work.
- Magisk and/or SuHide will NOT work. Our bootloader is still locked and these two modify the boot.img which would cause our devices to not boot up and having to start the root process over again, you have been warned!
- Systemless root also does NOT work. Again, this patched the boot.img which we cannot do because of our locked bootloader.
- Battery currently only charges to 80%. There are a few that feel it legit doesn't charge fully but others are claiming they get the same amount of life as they did with a 100% battery so the 80% might just be a visual issue or "fake" when it is really at 100%. Either way, we are still looking into this.
Main Contributors:
@elliwigy
@Harry44
@akiraO1
@BotsOne
@GSMCHEN
@jrkruse (for uploading system.img.ext4 and his root zip for the part 2 instructions)
@V0idst4r (for help in creating a "1 click" method for part 1!)
Initial Description on the process:
We are essentially flashing a modified 4 file firmware package in ODIN and then utilizing a few binaries in conjunction with SU binary and a permissive kernel. We will then be running some ADB commands and in order to have a fully working, amazing root with all things working we will be utilizing a stock system.img & a root script in conjunction with Flashfire. If you want to know all the technical details, you can take apart the files if you would like. It is released, so it is no longer a secret!
PART 1 Instructions: NEW
Flashing SamPWND 4 Files Firmware:
1) Download the PART 1 FILES Listed Below (this includes SamPWND_Root.zip and Initial ODIN 4 Files FIRMWARE and ODIN's if you do not already have them.)
2) Extract the 4 Files ODIN Firmware Package (also extract the ODIN's if you do not have them already.)
3) Open Comsey ODIN and select each partition and then select the files from the 4 File Firmware Package you extracted (BL goes in BL slot, AP in AP, CP in CP & CSC in CSC.) The options you select in ODIN shouldn't matter but I typically select F. Reset Time, Auto Reboot, Re-Partition, Nand Erase All & Update Bootloader.
4) Press Start and Wait for it to Finish. Once it finishes, if it boots into stock recovery simply select "Reboot System"
Take a breather, the ODIN portion is done (unless you have to start over for some reason...)
Now the NEW Root Process:
1) Once the phone is booted up, make sure you have ADB Enabled and connected to your PC. It should have prompted you to accept USB debugging as soon as it booted up.
2) Unzip the SamPWND_Root.zip
3) Double click "step1"
4) Wait for it to finish and once it reboots and comes back on you will be rooted with SuperSU!
5) Continue to PART 2 for "EVEN BETTER ROOT"
* It is a Windows bat file so not sure if it works on MAC. If you can't run bat files, use the OLD instructions.
* The bat will take about 30 seconds to run it's course. This is due to giving enough time for the remount script to mount the system as RW.
PART 1 Instructions: OLD
1) Download the PART 1 FILES Listed Below (this includes Systemroot + ADB zip, Initial ODIN 4 Files FIRMWARE and ODIN's if you do not already have them)
2) Extract the 4 Files ODIN Firmware Package, Also extract the ODIN's if you don't have them already.
3) Open Comsey ODIN and select each partition and then select the files from the 4 File Firmware Package you extracted (BL goes in BL slot, AP in AP, CP in CP & CSC in CSC.) The options you select in ODIN shouldn't matter but I typically select F. Reset Time, Auto Reboot, Re-Partition, Nand Erase All & Update Bootloader.
4) Press Start and Wait for it to Finish. Once it finishes, if it boots into stock recovery simply select "Reboot System"
Take a breather, the ODIN portion is done (unless you have to start over for some reason...)
Now the ADB Process to actually Root:
1) Extract the Systemroot + ADB zip listed below in an easy to find directory.
2) Make sure phone is connected to PC and ensure USB Debugging is enabled.
3) In the folder you extracted, you should see a "cmd-here" file. Double click it and it should open up an ADB cmd window.
4) Now we will start with the ADB commands:
- Type
Code:
adb push systemroot /data/local/tmp
What it will look like:
C:\Users\Thomas\Desktop\Minimal ADB and Fastboot>adb push systemroot /data/local/tmp
/data/local/tmp/systemroot/: 8 files pushed. 0 files skipped. 10.0 MB/s (7072263 bytes in 0.673s)
- Type
Code:
adb shell chmod -R 7777 /data/local/tmp
What it will look like:
C:\Users\Thomas\Desktop\Minimal ADB and Fastboot>adb shell chmod -R 7777 /data/local/tmp
C:\Users\Thomas\Desktop\Minimal ADB and Fastboot>
- Type
Code:
adb shell setsid su
What it will look like:
C:\Users\Thomas\Desktop\Minimal ADB and Fastboot>adb shell setsid su
(It will be blank with the blinking cursor, move to next step)
- Type
Code:
id
(you should at this point see that your are in a root shell!)
What it will look like:
id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:shell:s0
- Type
Code:
echo /data/local/tmp/systemroot/remount2.sh > /sys/kernel/uevent_helper
What it will look like:
echo /data/local/tmp/systemroot/remount2.sh > /sys/kernel/uevent_helper
(Again, it will be blank with a blinking cursor after you type the command in, move to next step)
- WAIT ABOUT 30 SECONDS BEFORE MOVING TO THE NEXT COMMAND
- Type "
Code:
mount
" (you should now see rw next to rootfs and system partitions)
What it will look like:
mount
(After we type in mount, we are looking for the below two items to say rw like they do in the next two lines)
rootfs on / type rootfs (rw,seclabel,size=1586716k,nr_inodes=396679)
/dev/block/sda19 on /system type ext4 (rw,seclabel,relatime)
- Type
Code:
sh /data/local/tmp/systemroot/root.sh
What it will look like:
sh /data/local/tmp/systemroot/root.sh
rm: /system/bin/install-recovery.sh: No such file or directory
cp: /system/bin/.ext/.su: No such file or directory
chmod: /system/bin/.ext/.su: No such file or directory
chcon: /system/bin/.ext/.su: No such file or directory
touch: '/data/.supersu': Permission denied
/data/local/tmp/systemroot/root.sh[55]: can't create /data/.supersu: Permission denied
chmod: /data/.supersu: No such file or directory
C:\Users\Thomas\Desktop\Minimal ADB and Fastboot\NEWSAMPWNDFILES>
5) If you followed all of the above commands to the T, your device will reboot and you will have SuperSU installed.
6) Install Flashfire from the Play Store.
7) Up to this point, you are on an ENG system.img with root that doesn't function the way we would like it to. This means you will feel a vibrate every time you try to gain SU access as well as it will take quite a while for an SU prompt. You can stay on this root if you would like to experiment with the ENG system, but outside of that I would HIGHLY recommend you proceed to the STEP 2 PROCESS.
PART 2 Instructions:
1) Download the PART 2 FILES listed below (this includes the system.img.ext4 and the add CSC Systemroot zip both provided courtesy of @jrkruse , view post #195 for specifics on what these are but essentially they are stock QD2 system.img and the zip has multi CSC, root, and a bunch of other goodies!)
2) Extract the System.img.ext4 zip and place that actual "system.img.ext4" onto the Internal SD Card (might work from external but some users have reported issues with chainfires root.zip and FF with external sd cards, this is not a fault of the SamPWND files/process.)
3) Place the entire Add CSC Systemroot zip onto Internal or Externdal SD Card (THIS FILE DOES NOT NEED TO BE UNZIPPED, THROW THE WHOLE ZIP FILE ONTO SD CARD OR INTERNAL)
4) Open Flashfire and grant it root when it prompts you. IF FLASHFIRE IS NOT LOADING FILES AND YOU JUST SEE A CIRCLE OR LIKE ITS CONSTANTLY LOADING, PUT THE PHONE IN AIRPLANE MODE AND THEN GO BACK INTO FLASHFIRE AND THE FILES SHOULD NOW APPEAR.
5) Press the + sign and select "Flash Firmware Package" & navigate to where you placed the system.img.ext4 and select it
6) Press the + sign and select "Flash ZIP or OTA" & navigate to where you placed the Add CSC Systemroot zip and select it, select Mount System as r/w
7) Press the + sign and select "Wipe" and select System data, 3rd party apps, Dalvik cache, Cache partiton, Cache Partiton format
8) Now, long press on "Wipe" and make sure it is on the top by dragging it. The order should be Wipe, Flash Firmware Package & finally Flash ZIP or OTA
9) Make sure the "Everoot" is disabled!
10) Flash away!
If you followed all of PART 1, then followed all of PART 2, then you will be updated to QD2, rooted with busybox (and have some other goodies) and the phone will be running great! Root will be stable and snappy as ever. Adaway, Root Checker, V4A etc. etc. are now all possible.
XDA:DevDB Information
S8 Plus SamPWND ROOT, ROM for the Samsung Galaxy S8+
Contributors
elliwigy
ROM OS Version: 7.x Nougat
ROM Kernel: Linux 4.x
ROM Firmware Required: Android 7.0, Any Current Firmware
Based On: Stock Touchwiz
Version Information
Status: Beta
Current Stable Version: 1
Stable Release Date: 2017-08-19
Current Beta Version: 1
Beta Release Date: 2017-08-19
Created 2017-08-19
Last Updated 2017-08-19
DOWNLOADS SECTION:
PART 1 FILES:
SamPWND_Root.zip
https://mega.nz/#!8YcgTSwI!hIfbdJZ466sr1AyfiHLdtr1p-To0QdthTPDmVwtv0dc
Initial ODIN 4 Files FIRMWARE
https://mega.nz/#!5cUjnCwK!Zgw5_CaINbES08gwDzl7yMN0N4nzm56Fa12ow-gppKA
Mirror: https://www.androidfilehost.com/?fid=961840155545589828
AFH MD5: 73720c409782b751355b9443a003a6e8
Normal + Comsey ODIN
https://mega.nz/#!cFN2DD4C!I7AT4TgNSzBp7Py0UhC7pHZ0M4WDQhEC5qj2xD_qluM
Systemroot + ADB zip - OLD
https://mega.nz/#!1MVDhZxQ!Wd4Umvju1sS1DAe-jBcTue9NKSJ4co0I2gwiyC3c2pE
PART 2 FILES: (Potentially will be providing a rom.zip soon that will have latest updated U1 with multi CSC pre-rooted with other goodies)
system.img.ext4
https://www.androidfilehost.com/?fid=817550096634794132
Add CSC Systemroot
https://www.androidfilehost.com/?fid=745425885120757028
For more info on these files please see @jrkruse post located here:
https://forum.xda-developers.com/showpost.php?p=73489978&postcount=925
THANK HIM WHILE YOU'RE AT IT!
@elliwigy @Harry44 @akiraO1 @BotsOne
These months these four people are very hard, and I very relaxed!! lol
Cool Job!
GSM CHEN said:
@[email protected]@[email protected]
These months these four people are very hard, and I very relaxed!! lol
Click to expand...
Click to collapse
haha but we know it wouldnt be possible without you man
Dam it, if I wasnt drunk, and tired, I eould vet myself out of bed and do this now, lol. Thanks for all your hard work.
One thing i would suggest would be to either put the commands that need to be typed in as bold face type or im not sure if its possible on here, as im on my phone atm, but there are Code/code tags avaiable that will make them easier to copy and paste.
Again, thanks for this......I did not think it was going to be possible. This will be my morning present when i wake up, feels like Xmas.......
theboz1419 said:
Dam it, if I wasnt drunk, and tired, I eould vet myself out of bed and do this now, lol. Thanks for all your hard work.
One thing i would suggest would be to either put the commands that need to be typed in as bold face type or im not sure if its possible on here, as im on my phone atm, but there are Code/code tags avaiable that will make them easier to copy and paste.
Again, thanks for this......I did not think it was going to be possible. This will be my morning present when i wake up, feels like Xmas.......
Click to expand...
Click to collapse
to be honest its late haha, threw it together lol ill try to tidy it up when i get time lol
Awesome can't wait to try this out soon!
elliwigy said:
to be honest its late haha, threw it together lol ill try to tidy it up when i get time lol
Click to expand...
Click to collapse
You are forgiven, lol. I figured it would be out in the morning, just not this early in the morning.
You guys should have gotten some sleep you may need it after this weekend.
What a nice thing to wake up to when I'm getting ready to head to work at 530 in the morning lol. Can't wait to give this a shot once I get off work 12 hours later. Thanks for everything devs.
S8 thread will be posted tomorrow, too late to do it tonight
You guys are the ****. Thanks for all of your hard work.
Just want to know if Knox will be triggered or not? Please also add this to the first post [emoji397]
Where's the best place to get the stock firmware we might need just in case? As far as best download speed etc.
Wow,. I honestly didn't think it was possible. Amazing accomplishment ellwigy.
Sent from my SM-G955W using XDA-Developers Legacy app
powerstroke said:
Where's the best place to get the stock firmware we might need just in case? As far as best download speed etc.
Click to expand...
Click to collapse
I got mine here... Took awhile to download... Someone gave me the link in the 955U1 thread
http://updato.com/firmware-archive-select-model?record=F6B451FD73EE11E7963AFA163EE8F90B
Also do we need to back up our EFS/Imei stuff? I know its recommended when flashing roms in recovery but our bootloader is locked.... Is there a way to back up without root?
Edit* I asked about the backup before in a previous thread but didn't get an answer.... Sorry to ask again
Techvir said:
Just want to know if Knox will be triggered or not? Please also add this to the first post [emoji397]
Click to expand...
Click to collapse
Knox is not triggered
Kjc99 said:
I got mine here... Took awhile to download... Someone gave me the link in the 955U1 thread
http://updato.com/firmware-archive-select-model?record=F6B451FD73EE11E7963AFA163EE8F90B
Click to expand...
Click to collapse
And this will work with Sprint S8+ Correct? Lastly, since the latest update which included Sprint LTE Plus calling. We will still manage to have that feature after root right? Because boy do I enjoy being able to browse the internet and being on a call at the same time again lol
powerstroke said:
And this will work with Sprint S8+ Correct? Lastly, since the latest update which included Sprint LTE Plus calling. We will still manage to have that feature after root right? Because boy do I enjoy being able to browse the internet and being on a call at the same time again lol
Click to expand...
Click to collapse
If you have the system.img for the latest update then correct, if not and you want those features with root you will have to download the AP and CSC from thw firmware you want
powerstroke said:
And this will work with Sprint S8+ Correct? Lastly, since the latest update which included Sprint LTE Plus calling. We will still manage to have that feature after root right? Because boy do I enjoy being able to browse the internet and being on a call at the same time again lol
Click to expand...
Click to collapse
I have the U1 model so I'm not sure...
Edit* Deleted
Please also read the additional notes in post #2, as they are critical to getting Magisk working.
I decided to do some tinkering around with Magisk, and it actually DOES work on the kindles (at least the 8.9"). The problem is, Magisk's patcher just isolates the ramdisk part of the boot.img and doesn't add the boot signature or other magic back to the image when it's time to reflash the patched boot image. By dd'ing the signature (and other files) back to the image, I can get Magisk to successfully boot.
As part of the working POC (because it's exciting to actually see this!), I've uploaded the patched "Magiskified" boot image (which originally comes from the 20180319 LineageOS 14.1 ROM that was built about a week ago). For reference, this is patched by Magisk v16.0, and the setup is basically the same as the official boot.img makefile directions from CM12.1. (It was the most arbitrary source I found, and I doubt the magic used to create the boot images has changed, so I'm just using that script as a reference.) Try to stick to that ROM if you can - no telling what different ROM versions/variants might do if you're not careful.
I plan on releasing a flashable .zip soon (probably in a month? I have college to work through) to automate the patching process, and possibly even extract the official installer zips to work through Magisk's patching scripts manually so the required boot magic can be patched back into the image before it's ever flashed. (I'll try to take requests to manually patch other ROM boot.imgs if asked to in the meantime though.)
As a friendly reminder, please do NOT flash the official Magisk installer zips or any patched boot images that the app produces as is - they need to be "repatched" with the boot magic, or you'll have to fastboot flash your ROM's boot.img manually because the kindle will hang at the bootloader screen.
Important notes
The official Magisk v16.0 zip must be flashed on first install/reinstall in order to properly construct the environment. Flash the boot image attached in the OP immediately after without rebooting in between, or the image Magisk flashed will prevent the kindle from booting normally without advanced intervention.
SafetyNet does NOT pass the basic integrity OR advanced checks. At least, v16 doesn't. Maybe an earlier Magisk build does - feel free to try it once I get the automated patcher zip up and running.
For now, because you're flashing on LineageOS, you may want to flash the LOS 14.1 arm-based su removal zip from Lineage's downloads site. Verify you're downloading arm and not arm64.
How does one go about patching the boot image thats modified by magisk so it's able to be flashed?
kn0wbodh1 said:
How does one go about patching the boot image thats modified by magisk so it's able to be flashed?
Click to expand...
Click to collapse
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
monster1612 said:
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
Click to expand...
Click to collapse
Thank you very much for the detailed instructions. I'll be keeping an eye out for the automated patcher you mentioned. Would love to try out magisk on my 2015 fire.
kn0wbodh1 said:
Thank you very much for the detailed instructions. I'll be keeping an eye out for the automated patcher you mentioned. Would love to try out magisk on my 2015 fire.
Click to expand...
Click to collapse
The instructions only work against the 2012 fire (HD 8.9", 2nd generation). They will more than likely brick any other device. I don't recommend trying the instructions unless you're 100% sure your device is that specific model.
Hi, a month ago i flashed oifficial magisk 16 zip on a 8.9 kindle fire hd, and as you said, dont boot anymore, just satys on the kindle fire logo, please can you tell me how can i restore my device?, i havent used it in almost 3 years and i dont have a clue on what to do, i just wanted to install viper4android and now is dead.
erick_gc said:
Hi, a month ago i flashed oifficial magisk 16 zip on a 8.9 kindle fire hd, and as you said, dont boot anymore, just satys on the kindle fire logo, please can you tell me how can i restore my device?, i havent used it in almost 3 years and i dont have a clue on what to do, i just wanted to install viper4android and now is dead.
Click to expand...
Click to collapse
https://forum.xda-developers.com/showthread.php?t=2128848&p=75525760
I know it's not for the 8.9" but I was able to get my 7" working by repeating the procedure in step 5. Magisk messes up the kernel on the Kindle so all you have to do is reflash the kernel. You'll need a fastboot cable to get in fastboot mode though.
Take a look at the few posts before the one I linked to.
just wondering if you've had any luck with the flashable zip for magisk? Not confident enough to try it manually. Thanks in advance.
monster1612 said:
Please also read the additional notes in post #2, as they are critical to getting Magisk working.
I decided to do some tinkering around with Magisk, and it actually DOES work on the kindles (at least the 8.9"). The problem is, Magisk's patcher just isolates the ramdisk part of the boot.img and doesn't add the boot signature or other magic back to the image when it's time to reflash the patched boot image. By dd'ing the signature (and other files) back to the image, I can get Magisk to successfully boot.
As part of the working POC (because it's exciting to actually see this!), I've uploaded the patched "Magiskified" boot image (which originally comes from the 20180319 LineageOS 14.1 ROM that was built about a week ago). For reference, this is patched by Magisk v16.0, and the setup is basically the same as the official boot.img makefile directions from CM12.1. (It was the most arbitrary source I found, and I doubt the magic used to create the boot images has changed, so I'm just using that script as a reference.) Try to stick to that ROM if you can - no telling what different ROM versions/variants might do if you're not careful.
I plan on releasing a flashable .zip soon (probably in a month? I have college to work through) to automate the patching process, and possibly even extract the official installer zips to work through Magisk's patching scripts manually so the required boot magic can be patched back into the image before it's ever flashed. (I'll try to take requests to manually patch other ROM boot.imgs if asked to in the meantime though.)
As a friendly reminder, please do NOT flash the official Magisk installer zips or any patched boot images that the app produces as is - they need to be "repatched" with the boot magic, or you'll have to fastboot flash your ROM's boot.img manually because the kindle will hang at the bootloader screen.
Click to expand...
Click to collapse
barcia99 said:
just wondering if you've had any luck with the flashable zip for magisk? Not confident enough to try it manually. Thanks in advance.
Click to expand...
Click to collapse
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
monster1612 said:
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
Click to expand...
Click to collapse
thank's much. i'll continue to do some research also. i've had this kindle since it came out and remains stable with root and twrp. runs smooth and just plain like it. only negative is no sd card slot. again thanks for your hard work.
Hoping for the automated package
Here's hoping you get time to finish the automated flash package. I am not confident enough to attempt this even with your detailed instructions.
monster1612 said:
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
Click to expand...
Click to collapse
Successfully patched the boot image and installed magisk 18 and installed some modules and they work
Trey n said:
Successfully patched the boot image and installed magisk 18 and installed some modules and they work
Click to expand...
Click to collapse
Great! Will you post the boot image? What modules have you tried? Is Wifi, Bluetooth, and LTE working?
kgiesselman said:
Great! Will you post the boot image? What modules have you tried? Is Wifi, Bluetooth, and LTE working?
Click to expand...
Click to collapse
took me a while but also finally got it all working. Thanks for this guide. It may help us in the 7, 8 and 10 tablets. I also note my Jem is currently on CM13
monster1612 said:
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
Click to expand...
Click to collapse
This works on the Kindle Fire HD 7 as well, just use the files from the Tate repository.
Devo7v said:
https://forum.xda-developers.com/showthread.php?t=2128848&p=75525760
I know it's not for the 8.9" but I was able to get my 7" working by repeating the procedure in step 5. Magisk messes up the kernel on the Kindle so all you have to do is reflash the kernel. You'll need a fastboot cable to get in fastboot mode though.
Take a look at the few posts before the one I linked to.
Click to expand...
Click to collapse
I also have the same issue, but I'm confused as to your referencing for Step 5, because the guide says specifically not to flash the freedom-boot image if you already have a custom ROM present. Can you reiterate on what to do, please, or can I ignore this warning?
BrianSamsungTab said:
I also have the same issue, but I'm confused as to your referencing for Step 5, because the guide says specifically not to flash the freedom-boot image if you already have a custom ROM present. Can you reiterate on what to do, please, or can I ignore this warning?
Click to expand...
Click to collapse
I reflashed the freedom-boot and got everything working properly. It's been a few months so I don't remember if i had to continue anything when it finally booted, but I do know that I didn't lose any data. I still don't know if you need to flash freedom-boot, but it works if you do.
a little late to the party but-
i recently made the mistake of installing magisk and it put the kindle in a bootloop. is there a way to push the stock boot.img with this method or is that too quick and dirty
any advice is appreciated. im tempted to just do a full wipe via the stock recovery but if theres a more surgical method id go for it. i also have a linux debian machine available.
As it seems impossible to hotboot TWRP recovery for Magisk installation and installing TWRP only for this sole purpose is a little overkill, many people are using rooting procedure with flashing patched boot.img directly. However this does not automatically create a backup of stock boot image, which is used later for OTA updates.
It is fairly easy to create the backup manually (and hopefully Magisk developers will add this feature into Magisk Manager..).
Option 1 (ADB shell on the PC or terminal emulator on the phone):
Code:
copy boot.img into the root of internal sdcard
adb shell
su
cd /data/adb/magisk
./magiskboot sha1 /mnt/sdcard/boot.img
(copy generated SHA1 checksum)
./magiskboot compress /mnt/sdcard/boot.img /mnt/sdcard/stock_boot_[I]putSHA1here[/I].img.gz
cp /mnt/sdcard/stock_boot_[I]putSHA1here[/I].img.gz /data/stock_boot_[I]putSHA1here[/I].img.gz
Example:
Code:
tissot_sprout:/data/adb/magisk # ./magiskboot sha1 /mnt/sdcard/boot.img
cb925c4fe36ace17b2ff94b34ddcde1e564acaaf
tissot_sprout:/data/adb/magisk # ./magiskboot compress /mnt/sdcard/boot.img /mnt/sdcard/stock_boot_cb925c4fe36ace17b2ff94b34ddcde1e564acaaf.img.gz
tissot_sprout:/data/adb/magisk # cp /mnt/sdcard/stock_boot_cb925c4fe36ace17b2ff94b34ddcde1e564acaaf.img.gz /data/stock_boot_cb925c4fe36ace17b2ff94b34ddcde1e564acaaf.img.gz
Option 2 (Windows PC with Total Commander):
Code:
1. get stock boot.img
2. calculate SHA1 of it (file, create CRC, SHA1)
3. copy calculated SHA1 to clipboard
4. rename boot.img to [B]stock_boot_[I]putSHA1here[/I].img[/B]
5. zip to file, GZ
6. copy resulting file [B]stock_boot_[I]putSHA1here[/I].img.gz [/B]to /data on the phone
Option 2 will generate file with slightly different size than option 1, but it works just as fine for Magisk restore function.
Option 3 (rooted phone):
Code:
1. boot phone with Magisk patched boot.img
2. get stock boot.img
3. flash stock boot.img from Franco Kernel manager app, do NOT reboot
4. Magisk Manager - install, direct install
I tested this on Mi A1, but there is probably no reason why it shouldn't work on other phones too.
Option 4 (any phone)
After patching a stock image you can find a backup image in (assuming non-hidden Manager) /data/user_de/0/com.topjohnwu.magisk/install
Source
Important note - it seems that Magisk 20.2 changed the backup structure. Backups of stock boot.img are located in /data/magisk_backup_SHA1/boot.img.gz now. Each backup has its own folder.
v20.1 and below -> /data/stock_boot_SHA1.img.gz
v20.2 -> /data/magisk_backup_SHA1/boot.img.gz
Just a heads up that if you want to change the backup image to a different one you have to run magisk --path to get the path, edit the magiskpath/.magisk/config file to the new SHA1, force stop Magisk, and then restart Magisk
Note: the sbin folder does not always exist on Android 11 and up (see here).
Instead, look a folder under /dev with a random short name. In my case it was /dev/XFmlBk/.magisk
Armand Bernard said:
Note: the sbin folder does not always exist on Android 11 and up (see here).
Instead, look a folder under /dev with a random short name. In my case it was /dev/XFmlBk/.magisk
Click to expand...
Click to collapse
Holy hell, do you have any idea how long I've been searching for this very specific explanation on why I can't locate my sbin folder? Thank you!
1. To extract the image collection from your downloaded rom :
Download Payload Dumper from here (It's a zip file but it's not flashable) to your computer
Extract the zip file to a folder, make it a folder you can use regularly because this is the default tool you would use from now on
Download the rom version you want to root
Unzip the rom to a folder, you will find a file within it called payload.bin
Copy and paste that file into the "payload_input" folder within the Payload Dumper folder you created
Execute the payload_dumper.exe file within Payload Dumper folder, you will not have to specify any options as it always extracts from any payload.bin file in payload_input and outputs the image files to payload_output.
Leave the extraction to be completed, the program will automatically close itself once it's completed
Your extracted .img files will be shown within the payload_output folder
2. If you need to root the boot image you extracted :
Copy the boot.img file from the payload_output folder to a folder on your phone storage (Best to name it appropriately if you will be doing this regularly)
Download and Install the latest Magisk apk from the release site (Accept any prompt to allow install from external source)
Launch the app and then choose Install under the top "Magisk" section
Choose Select and Patch a File then browse to where you copied the boot.img on your storage
Magisk will then apply root to the boot image you specified, Your rooted image file will be output to your phone's Download folder : /sdcard/Download
You don't need to keep the default filename of the rooted image file so you can rename it appropriately for the rom version after you copy it to your computer, just ensure to keep the .img file extension
If you rename the rooted boot image, try not to use spaces in the filename, rather use _ or - as spaces make it more difficult to use in a command window although when you start typing the filename you can use TAB to autocomplete it, always ensure the filename shows .img as the extension and at the end of any commandline
3. If you need to use your rooted boot image to apply root to your phone :
Install the drivers from the mounted drive you should get when connecting the phone to your computer
On Windows you should then have a folder in C:\Program Files (x86)\OnePlus USB Drivers\Android with the platform tools (ADB.exe and Fastboot.exe) you will need, you can obviously copy the content from that folder somewhere else if you wish.
Connect your phone to your computer
Copy your rooted boot image to the folder that has adb.exe and fastboot.exe
Open a command window on your computer by right clicking in that folder and choosing Open command window here
In the command window, Type or copy/paste the command ADB devices and press enter
If you see a prompt on your phone to allow the computer connection then accept it, better still, tell it to allow from now on also.
You should see a string of characters shown in the command window, if you don't see that, then try another cable or re-install your drivers and reboot the computer.
Reboot your phone into Fastboot either by using ADB on your computer ( ADB Reboot Fastboot ) or by enabling Advanced reboot in your developer options in settings and then hold down the power button and use the 3 dot menu on the top right and choosing "Bootloader"
In the command window type Fastboot Boot <filename.img> i.e. Fastboot Boot rooted_boot.img and press enter
You should see a couple of lines in the command window telling you it's copying over to the phone, don't worry it's not being flashed or replacing your existing installed boot image
The phone should then restart and boot using the image from your computer, it will be a slightly slower boot than usual, your existing unlock method should still work
Launch the Magisk app, it should already have root access because the boot image you've used is already rooted
Go to Install under the top Magisk section
Choose Direct Install (Recommended)
Magisk will then apply root access to the boot image on the actual phone
You will be prompted to reboot the phone on the bottom right, do this to complete the process
You don't need the phone connected to your computer anymore as the installed boot image on the phone should now have root access
You can check for root either using any app which requires root or by using an app like Root Checker
Remember to empty the contents of payload_input and payload_output once you have finished, leaving them ready for any future rom versions
4. To retain root access after ROM/OTA update :
Install the update either from Oxygen Updater or from Settings > System > System updates
DO NOT REBOOT when prompted
Go to the Magisk app
Go to Install under the top Magisk section
Choose Install to Inactive Slot (After OTA)
Magisk will apply root to the newly installed boot image for the next version
Reboot when prompted by the Magisk app
The phone should reboot into the updated version with root already applied
Very nice write up! Hopefully many will read this and follow instructions. Too many threads being created with issues because they never bother to read.
Quick question as this is my first OnePlus device.
Will I lose root after a system update and will have to it all over again?
Levi4cyber said:
Quick question as this is my first OnePlus device.
Will I lose root after a system update and will have to it all over again?
Click to expand...
Click to collapse
Just added a new section to my original post for this.
Does flashing magisk change anything in encryption?
Does it wipe anything?
How do I get my ROM to extract the boot img?
Levi4cyber said:
Does flashing magisk change anything in encryption?
Does it wipe anything?
Click to expand...
Click to collapse
No and No
Levi4cyber said:
How do I get my ROM to extract the boot img?
Click to expand...
Click to collapse
Read the first post.
djsubterrain said:
Read the first post.
Click to expand...
Click to collapse
I'm asking where to get my ROM file, in order I should be able to extract the boot img?
A link? Somewhere on my phone?
Levi4cyber said:
I'm asking where to get my ROM file, in order I should be able to extract the boot img?
A link? Somewhere on my phone?
Click to expand...
Click to collapse
It's pinned at the top of the entire forum :
[OnePlus 9 Pro][ROM][OTA][Oxygen OS] Repo of Oxygen OS Builds
As OnePlus doesn't always provide download links for all of their OxygenOS ROMs & OTA update zips, we've created an index to put the links in one post so that they're easy to find. Note: This is not a support thread for issues you may have with...
forum.xda-developers.com
They're also posted on OnePlus's site (eventually) :
Software Upgrade - OnePlus.com
Get the latest OxygenOS updates for your device.OxygenOS is always evolving. Learn about the latest features and improvements, and get even more out of your device.
www.oneplus.com
Make sure the version matches the one you're using
I updated to latest version 11.2.4.4.LE15AA
Since there's nowhere to download the OTA package and extract the boot img, can I use the boot img of a lower version - 11.2.2.2 ?
Levi4cyber said:
I updated to latest version 11.2.4.4.LE15AA
Since there's nowhere to download the OTA package and extract the boot img, can I use the boot img of a lower version - 11.2.2.2 ?
Click to expand...
Click to collapse
No, definitely not.
Try Oxygen Updater in advanced mode, it should let you download the full rom.
If you were already rooted though, you should've been able to retain it by following the last section in my original post.
If not, then follow the first 2 sections
djsubterrain said:
No, definitely not.
Try Oxygen Updater in advanced mode, it should let you download the full rom
Click to expand...
Click to collapse
Since I'm completely new to OP, is Oxygen updater an app (if yes, is it this; https://play.google.com/store/apps/details?id=com.arjanvlek.oxygenupdater)? Or is it built into the phone?
Levi4cyber said:
Since I'm completely new to OP, is Oxygen updater an app (if yes, is it this; https://play.google.com/store/apps/details?id=com.arjanvlek.oxygenupdater)? Or is it built into the phone?
Click to expand...
Click to collapse
I've linked it, it's not a default app
djsubterrain said:
No, definitely not.
Try Oxygen Updater in advanced mode, it should let you download the full rom.
If you were already rooted though, you should've been able to retain it by following the last section in my original post.
If not, then follow the first 2 sections
Click to expand...
Click to collapse
In the oxygen updater app, if I select "full update" in update method it only gives me version 11.2.2.2., if I select "incremental update", it lets me download 11.2.4.4, and when I unzipped it I have a file payload.bin (it's only 105MB).
Should I use that? Or do I need a full OTA package to extract the boot IMG?
Levi4cyber said:
In the oxygen updater app, if I select "full update" in update method it only gives me version 11.2.2.2., if I select "incremental update", it lets me download 11.2.4.4, and when I unzipped it I have a file payload.bin (it's only 105MB).
Should I use that? Or do I need a full OTA package to extract the boot IMG?
Click to expand...
Click to collapse
Are you choosing the correct OnePlus 9 Pro? It'll show you different variants under the model lookup.
To be honest, If I get the update pushed via OnePlus I always copy/paste it somewhere else cos I think it gets deleted once the upgrade is done.
If you extract the payload.bin and it shows a boot.img then that should suffice. I think it should be around 105MB (I'm on my work PC at the moment so can't check)
Thanks. I'm on the T-Mobile version of the OnePlus 9 Pro, technically my phone is currently on "11.2.2.2.LE5ACB" and the one on OnePlus's support site is "11.2.2.2.LE15AA". I'm not sure the difference but I assume T-Mobile bloatware. Hopefully they didn't do anything else to make the phone work "slightly better" on their network.
I'm not sure if the boot.img I extracted from 11.2.2.2.LE15AA will work with my currently-installed "11.2.2.2.LE5ACB"; any ideas?
Might be better to create a boot.img from my existing version and patch that. Do you know the dd command for me to just create the boot.img from my existing partition? In the past with other phones I've done something like "dd if=/dev/block/mmcblk0 of=/storage/sdcard1/boot.img bs=4096 count=4096 skip=7552" or "dd if=/dev/block/bootdevice/by-name/boot of=boot.img" but I don't know which partition on the OnePlus 9 Pro to image. Any ideas?
--- Update 1 ---
Code:
OnePlus9ProTMO:/ $ ls -l /dev/block/bootdevice/by-name/*boot*
lrwxrwxrwx 1 root root 16 1970-01-20 02:38 /dev/block/bootdevice/by-name/boot_a -> /dev/block/sde16
lrwxrwxrwx 1 root root 16 1970-01-20 02:38 /dev/block/bootdevice/by-name/boot_b -> /dev/block/sde43
lrwxrwxrwx 1 root root 16 1970-01-20 02:38 /dev/block/bootdevice/by-name/vendor_boot_a -> /dev/block/sde28
lrwxrwxrwx 1 root root 16 1970-01-20 02:38 /dev/block/bootdevice/by-name/vendor_boot_b -> /dev/block/sde55
lrwxrwxrwx 1 root root 16 1970-01-20 02:38 /dev/block/bootdevice/by-name/vm-bootsys_a -> /dev/block/sde24
lrwxrwxrwx 1 root root 16 1970-01-20 02:38 /dev/block/bootdevice/by-name/vm-bootsys_b -> /dev/block/sde51
Then looking at my active mounts I saw this:
Code:
OnePlus9ProTMO:/ $ mount | egrep "sde16|sde43|sde28|sde55|sde24|sde51"
/dev/block/sde51 on /vendor/vm-system type ext4 (ro,seclabel,nosuid,nodev,relatime)
Which indicates that I'm on the "b" side. So I would want to create a boot.img from `/dev/block/bootdevice/by-name/vendor_boot_b` potentially. So this command "should" work, right?
Code:
dd if=/dev/block/bootdevice/by-name/vendor_boot_b of=/sdcard/Download/stock_boot.img
I might try that instead of the boot.img I extracted from 11.2.2.2.LE5ACB since it doesn't technically line up with the T-Mobile supplied ROM version.
--- Update 2 ---
Yeah, that didn't work.Turns out dd needs to be elevated to do its thing. Got a "Permission denied" when i tried to create the image. So yeah, ironically I need root to run said command and that's why I was trying to run the command, to get the boot.img to root. lol. oh well.
Thank you very detailed.
When I click on the payload_pumper.exe file, the cmd window flashes and nothing else happens.
glitchsys said:
Turns out dd needs to be elevated to do its thing.
Click to expand...
Click to collapse
Try watching this, man, I think this is exactly what you are missing:
Code:
https://www.youtube.com/watch?v=DyUainEJwLM
NOTE: I am not responsible for any bricked devices. DO THIS AT YOUR OWN RISK!
Click to expand...
Click to collapse
I recently changed my splash screen logo from samsung to a custom one i made in pixlr. Its looks coool. A video is attached below.
REQUIREMENTS:
- ROOTED A32 4G
- usb c cable (to connect to pc)
- windows PC (for zipping and etc.)
- ADB installed on your pc. (For running shell commands) [OR YOU COULD USE SOME TERMINAL EMULATOR]
If your doing this on your phone just follow along, i included seperate commands.
STEPS:
1. Download attached up_param.bin (i extracted this from android 11 firmware. it shld work with fine with 12 they are same. Since downloading whole firmware takes alot of time)
2. Install 7zip if you already didn't from here.
3. Make a working directory anywhere
4. Use 7 zip to extract up_param.bin to a folder.
After extracting this is what you should see
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
These are all the images!
5. modify files as you like. (MAKE SURE THE DIMENSIONS ARE THE SAME. AND DO NOT REMOVE ANY IMAGE IT COULD BRICK)
NOTE: DO NOT TOUCH DOWNLOAD MODE IMAGES. if you f**k them up you will never be able to get into download mode again
You can replace boot_warning.jpg, logo.jpg (main file responsible logo), letter.jpg (the logo that shows for a split second), svb_orange.jpg (boot loader unlock warning)
6. select all images -> right click -> add to archive.
7. set it to tar.
8. set compression method to GNU.
This is what it should look like
9. Click on OK.
10. Now connect your A32 to the PC. (enable USB debugging)
11. Copy over the tar file that was generated by 7zip to anywhere. i am gonna assume we placed it in the internal storage (/sdcard/)
12. Run the following commands.
NOTE: I am editing the original thread since i checked in up param file of my new a13 fw and found new file. Its for if the battery temperature is too high. if you modify the up param from a11 fw and flash that it may not exist and the phone will boot loop if it wants to display the menu...
iM UPLOADING A13 stock up_param HERE FROM A325FXXU2CVK3.
Uploaded as up_param-a13.bin
adb shell (Phone users skip this.)
su
(Grant su permission if the popup comes up).
Then run
ls -l /dev/block/platform/****/by-name
After you get a long output. Search for up_param.
(We all have the same phone but just in case some people with diff samsung mtk phones come here).
now we just have to run 2 more commands and we are done!
Taking backups incase something goes wrong.
(People with different phones replace your up_param partition name here.)
dd if=/dev/block/mmcblk0p35 of=/sdcard/backup-param.bin
Now flashing our new modified up_param with new images
dd if=/sdcard/filename.tar of=/dev/block/mmcblk0p35
WE ARE DONE! now reboot and enjoy the new logo!
CREDITS:
- Orignal post: here.
Also video attached below
Captain_cookie_200 said:
I recently changed my splash screen logo from samsung to a custom one i made in pixlr. Its looks coool. A video is attached below.
REQUIREMENTS:
- ROOTED A32 4G
- usb c cable (to connect to pc)
- windows PC (for zipping and etc.)
- ADB installed on your pc. (For running shell commands) [OR YOU COULD USE SOME TERMINAL EMULATOR]
If your doing this on your phone just follow along, i included seperate commands.
STEPS:
1. Download attached up_param.bin (i extracted this from android 11 firmware. it shld work with fine with 12 they are same. Since downloading whole firmware takes alot of time)
2. Install 7zip if you already didn't from here.
3. Make a working directory anywhere
4. Use 7 zip to extract up_param.bin to a folder.
After extracting this is what you should see
View attachment 5775661
These are all the images!
5. modify files as you like. (MAKE SURE THE DIMENSIONS ARE THE SAME. AND DO NOT REMOVE ANY IMAGE IT COULD BRICK)
NOTE: DO NOT TOUCH DOWNLOAD MODE IMAGES. if you f**k them up you will never be able to get into download mode again
You can replace boot_warning.jpg, logo.jpg (main file responsible logo), letter.jpg (the logo that shows for a split second), svb_orange.jpg (boot loader unlock warning)
6. select all images -> right click -> add to archive.
View attachment 5775663
7. set it to tar.
8. set compression method to GNU.
This is what it should look like
View attachment 5775665
9. Click on OK.
10. Now connect your A32 to the PC. (enable USB debugging)
11. Copy over the tar file that was generated by 7zip to anywhere. i am gonna assume we placed it in the internal storage (/sdcard/)
12. Run the following commands.
adb shell (Phone users skip this.)
su
(Grant su permission if the popup comes up).
Then run
ls -l /dev/block/platform/****/by-name
After you get a long output. Search for up_param.
View attachment 5775673
(We all have the same phone but just in case some people with diff samsung mtk phones come here).
now we just have to run 2 more commands and we are done!
Taking backups incase something goes wrong.
(People with different phones replace your up_param partition name here.)
dd if=/dev/block/mmcblk0p35 of=/sdcard/backup-param.bin
Now flashing our new modified up_param with new images
dd if=/sdcard/filename.tar of=/dev/mmcblk0p35
WE ARE DONE! now reboot and enjoy the new logo!
Click to expand...
Click to collapse
Very good thanks
kilam9900 said:
Very good thanks
Click to expand...
Click to collapse
hehe your welcome. hope it works epikly for you. (if you do it)
Captain_cookie_200 said:
hehe your welcome. hope it works epikly for you. (if you do it)
Click to expand...
Click to collapse
I will do it but I am scare to f**k size so I will do it on PC
kilam9900 said:
I will do it but I am scare to f**k size so I will do it on PC
Click to expand...
Click to collapse
oh lmao. if you do end up breaking your up_param it would still boot fine. but downlaod mode would break until a proper up param file is flashed again.
Captain_cookie_200 said:
oh lmao. if you do end up breaking your up_param it would still boot fine. but downlaod mode would break until a proper up param file is flashed again.
Click to expand...
Click to collapse
I'm reassured
I recommend using dd oflag=direct,sync if=/sdcard/filename.tar of=/dev/block/mmcblk[...] otherwise you may get all sorts of problems, even a bricked phone, especially if you reboot straightaway after flashing. Inside Android all data transfers are cached, it's not the Download tool where everything is synchronous (or at least flushed before reboot).
uluruman said:
I recommend using dd oflag=direct,sync if=/sdcard/filename.tar of=/dev/block/mmcblk[...] otherwise you may get all sorts of problems, even a bricked phone, especially if you reboot straightaway after flashing. Inside Android all data transfers are cached, it's not the Download tool where everything is synchronous (or at least flushed before reboot).
Click to expand...
Click to collapse
i didnt have to deal with anything like that. i did multiple flashes atleast 15 flashes using dd to the up param partition and i did not brick my phone at all. worse you could get is a black screen while booting. and your download mode would not work. but its easy to get it back just flash the up param file again the one that was backed up. although thanks for the info. i did this using recovery. could also be done while booted into android itself
Captain_cookie_200 said:
i didnt have to deal with anything like that. i did multiple flashes atleast 15 flashes using dd to the up param partition and i did not brick my phone at all. worse you could get is a black screen while booting. and your download mode would not work. but its easy to get it back just flash the up param file again the one that was backed up. although thanks for the info. i did this using recovery. could also be done while booted into android itself
Click to expand...
Click to collapse
I ran into this problem when rebooted the phone using the "reboot" shell command right after the "dd". When rebooting from the UI all caches are flushed, of course, but the "reboot" command is a bit crude method I suppose (although in Linux it's always absolutely graceful). Anyway, the logo screen looked absolutely fine, and the system booted okay, but when I tried to enter Download I got the black screen and the boot loop, and no way to either enter Download, Recovery or boot the system. In fact the only thing that still worked was forced reboot (Power + Vol Down). I was able to get out of this situation by connecting the charger and holding Power + Vol Down to force the phone into the off state, then I connected it to the PC and tried entering the Download mode once again, and this time it worked although the graphics was all messed up.
uluruman said:
I ran into this problem when rebooted the phone using the "reboot" shell command right after the "dd". When rebooting from the UI all caches are flushed, of course, but the "reboot" command is a bit crude method I suppose (although in Linux it's always absolutely graceful). Anyway, the logo screen looked absolutely fine, and the system booted okay, but when I tried to enter Download I got the black screen and the boot loop, and no way to either enter Download, Recovery or boot the system. In fact the only thing that still worked was forced reboot (Power + Vol Down). I was able to get out of this situation by connecting the charger and holding Power + Vol Down to force the phone into the off state, then I connected it to the PC and tried entering the Download mode once again, and this time it worked although the graphics was all messed up.
Click to expand...
Click to collapse
did you touch the download mode images in any way? i dont know why this happened for you. i guess i did press the reboot button instead of using the command. since i do it on first fw reflash and i flash a gsi immdiiately afterwards... download shouldnt have died like that tho. i messed with my down load images completely. i competely replaced them with diff new images that are diff sizes too. i dont know why this is happening for you. my download works fine. although it reverts to the old download image somehow once on downloading mode. for confirmations it does show my edited images.
Captain_cookie_200 said:
did you touch the download mode images in any way? i dont know why this happened for you. i guess i did press the reboot button instead of using the command. since i do it on first fw reflash and i flash a gsi immdiiately afterwards... download shouldnt have died like that tho. i messed with my down load images completely. i competely replaced them with diff new images that are diff sizes too. i dont know why this is happening for you. my download works fine. although it reverts to the old download image somehow once on downloading mode. for confirmations it does show my edited images.
Click to expand...
Click to collapse
I suppose your Download still worked fine because the up_param tar archive was complete and not corrupt, and even image files were normal and not chopped in the middle of the data stream. In my case it was the latter, when cache is not flushed the data stream is just cut, and such a simple program as Download obviously cannot handle broken files. The Download tool itself is kept in the separate "debugger" flash memory, I guess it has the default graphics too which can be displayed if no graphics is found in up_param.
uluruman said:
I suppose your Download still worked fine because the up_param tar archive was complete and not corrupt, and even image files were normal and not chopped in the middle of the data stream. In my case it was the latter, when cache is not flushed the data stream is just cut, and such a simple program as Download obviously cannot handle broken files.
Click to expand...
Click to collapse
oh i see. thanks for telling about this. it would help people alot from preventing to brick their phone from bricking
Captain_cookie_200 said:
oh i see. thanks for telling about this. it would help people alot from preventing to brick their phone from bricking
Click to expand...
Click to collapse
Correction: 'dd oflag=direct,sync' does not work in Android shell, the working alternative is 'dd conv=fsync'
Captain_cookie_200 said:
I recently changed my splash screen logo from samsung to a custom one i made in pixlr. Its looks coool. A video is attached below.
REQUIREMENTS:
- ROOTED A32 4G
- usb c cable (to connect to pc)
- windows PC (for zipping and etc.)
- ADB installed on your pc. (For running shell commands) [OR YOU COULD USE SOME TERMINAL EMULATOR]
If your doing this on your phone just follow along, i included seperate commands.
STEPS:
1. Download attached up_param.bin (i extracted this from android 11 firmware. it shld work with fine with 12 they are same. Since downloading whole firmware takes alot of time)
2. Install 7zip if you already didn't from here.
3. Make a working directory anywhere
4. Use 7 zip to extract up_param.bin to a folder.
After extracting this is what you should see
View attachment 5775661
These are all the images!
5. modify files as you like. (MAKE SURE THE DIMENSIONS ARE THE SAME. AND DO NOT REMOVE ANY IMAGE IT COULD BRICK)
NOTE: DO NOT TOUCH DOWNLOAD MODE IMAGES. if you f**k them up you will never be able to get into download mode again
You can replace boot_warning.jpg, logo.jpg (main file responsible logo), letter.jpg (the logo that shows for a split second), svb_orange.jpg (boot loader unlock warning)
6. select all images -> right click -> add to archive.
View attachment 5775663
7. set it to tar.
8. set compression method to GNU.
This is what it should look like
View attachment 5775665
9. Click on OK.
10. Now connect your A32 to the PC. (enable USB debugging)
11. Copy over the tar file that was generated by 7zip to anywhere. i am gonna assume we placed it in the internal storage (/sdcard/)
12. Run the following commands.
NOTE: I am editing the original thread since i checked in up param file of my new a13 fw and found new file. Its for if the battery temperature is too high. if you modify the up param from a11 fw and flash that it may not exist and the phone will boot loop if it wants to display the menu...
iM UPLOADING A13 stock up_param HERE FROM A325FXXU2CVK3.
Uploaded as up_param-a13.bin
adb shell (Phone users skip this.)
su
(Grant su permission if the popup comes up).
Then run
ls -l /dev/block/platform/****/by-name
After you get a long output. Search for up_param.
View attachment 5775673
(We all have the same phone but just in case some people with diff samsung mtk phones come here).
now we just have to run 2 more commands and we are done!
Taking backups incase something goes wrong.
(People with different phones replace your up_param partition name here.)
dd if=/dev/block/mmcblk0p35 of=/sdcard/backup-param.bin
Now flashing our new modified up_param with new images
dd if=/sdcard/filename.tar of=/dev/block/mmcblk0p35
WE ARE DONE! now reboot and enjoy the new logo!
Click to expand...
Click to collapse
NOTE: I am editing the original thread since i checked in up param file of my new a13 fw and found new file. Its for if the battery temperature is too high. if you modify the up param from a11 fw and flash that it may not exist and the phone will boot loop if it wants to display the menu...
iM UPLOADING A13 stock up_param HERE FROM A325FXXU2CVK3.
Uploaded in orignal thread as up_param-a13.bin
I made it and works perfectly, thanks for the tutorial!!
ApiYoshi said:
I made it and works perfectly, thanks for the tutorial!!
Click to expand...
Click to collapse
glad to hear thatt. and your welcome
how to apply this on snapdragon devices
they don't have up_parem.bin file ??
elswerky said:
how to apply this on snapdragon devices
they don't have up_parem.bin file ??
Click to expand...
Click to collapse
they do? check inside bl file of your firmware. Or using the partition list command should show it
Captain_cookie_200 said:
they do? check inside bl file of your firmware. Or using the partition list command should show it
Click to expand...
Click to collapse
Bl file itself doesn't have up_parem.bin file
Unlike exynis devices which have it
And am.nit familiar with partition as you said if you can helping me
Talking about tab S6 w8th android 12 , OneUi 4.1