Steps to flash Miui without PC(fastboot flash)
Requirements:
• An OTG cable
• An extra phone
• Working Human brain
Method 1(root):
(1) Download termux(playstore), flash this (https://ghostmirror.hitesh920.workers.dev/0://ADB_&_Fastboot_for_Android_NDK-1.0.41(104107).zip) in magisk, reboot
(2) Download miui fastboot image, extract, in downloads folder, inside the folder, there is a folder called images, move that folder in Downloads folder
(3) Open termux and type
pkg install wget
rm -rf fastboot_flash_no_pc.sh && wget https://mirror.akshaykakatkar.dev/fastboot_flash_no_pc.sh
(If it gives internal server error, simply type again)
su
(4) Connect phone to otg, and type,
chmod +x * && ./fastboot_flash_no_pc.sh
(6) fastboot flash should start and complete after 10-15min
Method 2(non root):
(1) Download This (https://play.google.com/store/apps/details?id=eu.sisik.hackendebug) app
(2)Download miui fastboot rom, extract, inside that folder, there is Images folder, place the images folder in Downloads folder
(3) Open the app, go in fastboot section, and type these commands one by one, and select files from images folder
fastboot erase boot
fastboot flash preloader
fastboot flash logo
fastboot flash tee1
fastboot flash tee2
fastboot flash scp1
fastboot flash scp2
fastboot flash sspm_1
fastboot flash sspm_2
fastboot flash lk
fastboot flash lk2
fastboot flash super
fastboot flash cache
fastboot flash recovery
fastboot flash boot
fastboot flash dtbo
fastboot flash vbmeta
fastboot flash spmfw
fastboot flash md1img
fastboot flash vbmeta_system
fastboot flash vbmeta_vendor
fastboot flash cust
fastboot flash exaid
fastboot flash userdata
fastboot reboot
credits: @Akash23q2 for helping and testing
That's really interesting.
Thank you
Related
I have this Z2 Force, but it has this problem, since it does not pass this screen, I connect it to my computer and it does not detect it, it has a solution or someone that can help me solve this problem.
martin13x said:
I have this Z2 Force, but it has this problem, since it does not pass this screen, I connect it to my computer and it does not detect it, it has a solution or someone that can help me solve this problem.
Click to expand...
Click to collapse
The same thing happens to me, I can not restore it in any way, I have a "Moto Z2 Force - XT1789-01" new since I got updated android stopped working and I see that.
Well so I'm seeing your firmware is retail, it's easier than my problem, I'll help you, do the following:
1 - Download the motorola drivers and install it: motorola-global-es-latam.custhelp.com/app/answers/prod_detail/a_id/81815
2 - Try to enter the "Recovery Mode" from the "Fastboot", then press the "Volume -" key next to the "Power" key for 2 seconds and then execute the "Wipe" option you can choose to delete your information together to the system or separately, I recommend doing everything full if you really do not need the information stored within your device, to restore the official and original rom as it was previously.
Note: In the event that you can not enter "Recovery Mode", do the following:
1 - Download the Android SDK - Platform Tools r27.0.1: keybase.pub/farwayer/arch/mobile/android-sdk-platform-tools-r27.0.1-1-x86_64.pkg.tar.xz
2 - Download the Firmware for your Retail Version: firmware.center/firmware/Motorola/Moto%20Z2%20Force/Stock/NASH_RETAIL_8.0.0_OPX27.109-34_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
3 - Unzip the Rom in a folder on the desktop that is called "Firmware" and inside that same folder unzip the file "Fastboot.exe, AdbWinApi.dll and AdbWinUsbApi.dll" from the tool "Platform Tools r27.0.1" all the files remain together.
4 - Then copy the path to your directory where you created the "Firmware" folder, for example: C: \ Users \ "TuUser" \ Desktop \ Firmware and paste it into the console.
commands (CMD) always without executing in administrator mode, with the word "cd" above, it should look like this: cd C: \ Users \ "YourUser" \ Desktop \ Firmware
Note: It must be with the cell phone on and connected by USB cable to the computer in the "Fastboot Mode".
5 - You execute the following chain of commands:
fastboot getvar max-sparse-size
fastboot oem fb_mode_set
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash modem NON-HLOS.bin
fastboot flash fsg fsg.mbn
fastboot erase modemst1
fastboot erase modemst2
fastboot bluetooth flash BTFM.bin
fastboot flash dsp adspo.bin
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system_b system_b.img_sparsechunk.0
fastboot flash system_b system_b.img_sparsechunk.1
fastboot flash oem oem.img
fastboot erase carrier
fastboot erase ddr
fastboot oem fb_mode_clear
fastboot reboot
Note: If it fails you from the command "fastboot flash boot boot.img" and gives an error like the following:
Executing ". \ Windows \ fastboot.exe -s ZY224GBN8V flash boot boot.img"
target reported max download size of 536870912 bytes
sending 'boot_a' (23353 KB) ...
OKAY [0.501s]
writing 'boot_a' ...
(bootloader) Preflash validation failed
FAILED (remote failure)
finished Total time: 0.677s
All devices are flashed
It is because you will have to Unlock the "Bootloader" and that is done as follows:
Note: When you unlock the "Bootloader" you lose the guarantee, so from that moment it is your responsibility to continue or stop here.
1 - Enter the Motorola page to request the deactivation code: accounts.motorola.com/ssoauth/login?TARGET=https://motorola-global-portal.custhelp.com/cc/cas/sso/redirect/standalone % 2Fbootloader% 2Funlock-your-device-b
2 - In the command console (CMD) without entering the administrator mode, copy the same path where you have the files in the folder "Firmware" and the adhere as explained in the previous point so you can execute the following command:
fastboot oem get_unlock_data
3 - Copy the rows of numbers and paste in the motor tool "Data Scrub Tool" so that you combine all the lines in one and you can copy the final code correctly in the box "Can my device be unlocked?" Once done, press the button you confirm the pop-up window and then click on the "I Agree" box and below it appears a button to request the code via email with which you entered the Motorola website.
4 - In CMD, enter the following command:
fastboot oem unlock "Your unlock code that was sent to the mail box"
5 - Download the tool "TWRP - Nash v3.2.1.0 R3": mirrors.lolinet.com/firmware/twrp/nash/
6 - Unzip the iso in the "Firmware" directory and rename it as "Recovery", then install it with the command:
fastboot flash recovery recovery.img
fastboot reboot
7 - Enter the "Fastboot Mode" again and select the option "Recovery Mode" once in search for the option "Wipe" to erase everything that has the device in case you can not find it, type the following commands in CMD:
fastboot erase boot
fastboot erase cache
fastboot erase recovery
fastboot erase system
fastboot erase userdata
fastboot erase carrier
fastboot erase ddr
8 - Then you restart the device and enter "Mode Fastboot" again and execute the following chain of commands:
fastboot getvar max-sparse-size
fastboot oem fb_mode_set
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash modem NON-HLOS.bin
fastboot flash fsg fsg.mbn
fastboot erase modemst1
fastboot erase modemst2
fastboot bluetooth flash BTFM.bin
fastboot flash dsp adspo.bin
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system_b system_b.img_sparsechunk.0
fastboot flash system_b system_b.img_sparsechunk.1
fastboot flash oem oem.img
fastboot erase carrier
fastboot erase ddr
fastboot oem fb_mode_clear
fastboot reboot
9 - With this I should install and operate correctly.
Note: You can download the tool "SuperSU v2.82" and install using the "Recovery Mode" to be able to have Super User permissions on your device or access "Root" and thereby eliminate the gaps that are predetermined in the firmware as many others privileges.
I hope you have helped, many luck, greetings.
Thank you very much friend I will try to do that tutorial that you say if I can recover my cell phone.
VFArts said:
Well so I'm seeing your firmware is retail, it's easier than my problem, I'll help you, do the following:
1 - Download the motorola drivers and install it: motorola-global-es-latam.custhelp.com/app/answers/prod_detail/a_id/81815
2 - Try to enter the "Recovery Mode" from the "Fastboot", then press the "Volume -" key next to the "Power" key for 2 seconds and then execute the "Wipe" option you can choose to delete your information together to the system or separately, I recommend doing everything full if you really do not need the information stored within your device, to restore the official and original rom as it was previously.
Note: In the event that you can not enter "Recovery Mode", do the following:
1 - Download the Android SDK - Platform Tools r27.0.1: keybase.pub/farwayer/arch/mobile/android-sdk-platform-tools-r27.0.1-1-x86_64.pkg.tar.xz
2 - Download the Firmware for your Retail Version: firmware.center/firmware/Motorola/Moto%20Z2%20Force/Stock/NASH_RETAIL_8.0.0_OPX27.109-34_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
3 - Unzip the Rom in a folder on the desktop that is called "Firmware" and inside that same folder unzip the file "Fastboot.exe, AdbWinApi.dll and AdbWinUsbApi.dll" from the tool "Platform Tools r27.0.1" all the files remain together.
4 - Then copy the path to your directory where you created the "Firmware" folder, for example: C: \ Users \ "TuUser" \ Desktop \ Firmware and paste it into the console.
commands (CMD) always without executing in administrator mode, with the word "cd" above, it should look like this: cd C: \ Users \ "YourUser" \ Desktop \ Firmware
Note: It must be with the cell phone on and connected by USB cable to the computer in the "Fastboot Mode".
5 - You execute the following chain of commands:
fastboot getvar max-sparse-size
fastboot oem fb_mode_set
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash modem NON-HLOS.bin
fastboot flash fsg fsg.mbn
fastboot erase modemst1
fastboot erase modemst2
fastboot bluetooth flash BTFM.bin
fastboot flash dsp adspo.bin
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system_b system_b.img_sparsechunk.0
fastboot flash system_b system_b.img_sparsechunk.1
fastboot flash oem oem.img
fastboot erase carrier
fastboot erase ddr
fastboot oem fb_mode_clear
fastboot reboot
Note: If it fails you from the command "fastboot flash boot boot.img" and gives an error like the following:
Executing ". \ Windows \ fastboot.exe -s ZY224GBN8V flash boot boot.img"
target reported max download size of 536870912 bytes
sending 'boot_a' (23353 KB) ...
OKAY [0.501s]
writing 'boot_a' ...
(bootloader) Preflash validation failed
FAILED (remote failure)
finished Total time: 0.677s
All devices are flashed
It is because you will have to Unlock the "Bootloader" and that is done as follows:
Note: When you unlock the "Bootloader" you lose the guarantee, so from that moment it is your responsibility to continue or stop here.
1 - Enter the Motorola page to request the deactivation code: accounts.motorola.com/ssoauth/login?TARGET=https://motorola-global-portal.custhelp.com/cc/cas/sso/redirect/standalone % 2Fbootloader% 2Funlock-your-device-b
2 - In the command console (CMD) without entering the administrator mode, copy the same path where you have the files in the folder "Firmware" and the adhere as explained in the previous point so you can execute the following command:
fastboot oem get_unlock_data
3 - Copy the rows of numbers and paste in the motor tool "Data Scrub Tool" so that you combine all the lines in one and you can copy the final code correctly in the box "Can my device be unlocked?" Once done, press the button you confirm the pop-up window and then click on the "I Agree" box and below it appears a button to request the code via email with which you entered the Motorola website.
4 - In CMD, enter the following command:
fastboot oem unlock "Your unlock code that was sent to the mail box"
5 - Download the tool "TWRP - Nash v3.2.1.0 R3": mirrors.lolinet.com/firmware/twrp/nash/
6 - Unzip the iso in the "Firmware" directory and rename it as "Recovery", then install it with the command:
fastboot flash recovery recovery.img
fastboot reboot
7 - Enter the "Fastboot Mode" again and select the option "Recovery Mode" once in search for the option "Wipe" to erase everything that has the device in case you can not find it, type the following commands in CMD:
fastboot erase boot
fastboot erase cache
fastboot erase recovery
fastboot erase system
fastboot erase userdata
fastboot erase carrier
fastboot erase ddr
8 - Then you restart the device and enter "Mode Fastboot" again and execute the following chain of commands:
fastboot getvar max-sparse-size
fastboot oem fb_mode_set
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash modem NON-HLOS.bin
fastboot flash fsg fsg.mbn
fastboot erase modemst1
fastboot erase modemst2
fastboot bluetooth flash BTFM.bin
fastboot flash dsp adspo.bin
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system_b system_b.img_sparsechunk.0
fastboot flash system_b system_b.img_sparsechunk.1
fastboot flash oem oem.img
fastboot erase carrier
fastboot erase ddr
fastboot oem fb_mode_clear
fastboot reboot
9 - With this I should install and operate correctly.
Note: You can download the tool "SuperSU v2.82" and install using the "Recovery Mode" to be able to have Super User permissions on your device or access "Root" and thereby eliminate the gaps that are predetermined in the firmware as many others privileges.
I hope you have helped, many luck, greetings.
Click to expand...
Click to collapse
VFArts said:
Note: You can download the tool "SuperSU v2.82" and install using the "Recovery Mode" to be able to have Super User permissions on your device or access "Root" and thereby eliminate the gaps that are predetermined in the firmware as many others privileges.
I hope you have helped, many luck, greetings.
Click to expand...
Click to collapse
SuperSU is no longer being developed. Magisk is the suggested and more reliable root for our phone.
Sent from my Moto Z (2) using XDA Labs
VFArts said:
Well so I'm seeing your firmware is retail, it's easier than my problem, I'll help you, do the following:
I also have the problem of 1789-03. I can not unlock because I need to enable it OEM unlocking' in Android Settings > Developer
"(bootloader) Check 'OEM unlocking' in Android Settings > Developer
(bootloader) Options"
But I can not boot into the system !!!!
Please HELPP!!!!
Click to expand...
Click to collapse
My phone Redmi note 8 error The system has been destroyed
errors program miflashtool can not foud file flash_all.bat
krampusxxx said:
My phone Redmi note 8 error The system has been destroyed
errors program miflashtool can not foud file flash_all.bat
Click to expand...
Click to collapse
Did you extract your fastboot rom twice? you need to extract the fastboot rom[can be found here] twice to flash via mi flash.If that doesn't work follow this:
Assuming your bootloader is unlocked then boot device in fastboot mode and connect to PC. Make sure you have minimal ADB and fastboot installed in PC. Move vbmeta.img file from the fastboot file you have(it's inside the images folder) to the adb and fastboot folder. Then flash using this command:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
if that does not work then type:
Code:
fastboot flash vbmeta vbmeta.img
after flashing vbmeta flash recovery.
However if your bootloader is not unlocked you need to visit service center.
This is for a Motorola XT1955-5 Retail US. I wanted chrome and play store to where the user cant get to them, but other apps can still interact with them. This is a quick and dirty guide in case anyone is in same boat
Install drivers for Motorola g7 power.
Install adb and fastboot tools minimal. Do the portable version
Get the stock firmware from lolinet this person is great!
Flash your phone with the latest firmware. Commands are below. Notice we don't erase user data cuz we don't need to. If it doesn't, work, you can rerun and erase data.
Download the magisk manager app and install on phone
Unpack the stock firmware, and copy the boot.img to the phone
In magisk manager, install magisk (not manager). Select download and install, and select the boot.img
Once it creates the magisk_patched.img, copy that to your computer
Boot the phone to bootloader, and from your computer, run fastboot flash boot magisk_patched.img
Boot the phone normally, and go to magisk manager and see magisk is installed.
Now download the twrp temporary recovery image to your machine.
Boot to the bootloader
Now run: fastboot boot twrp-3.3.1-2-ocean.img
Go to mount. Check the box for system
Now to Advanced -> terminal, and run the commands to remove the system apps from the phone
rm -rf /system/system/app/Chrome
rm -rf /system/system/priv-app/Phonesky
Now boot the phone normally. You will see the play store and chrome are gone!
The trick now is to get a version of the app that we can load, but the user cant touch.
Download chrome and play store from apkmirror.com
Install them on the phone
Now download link2sd and install on phone
Use link2sd with root (it should prompt you for magisk root access), and "freeze" the chrome and play store apps
(Pro tip, make sure the latest version of android web view is installed to pair with latest version of chrome. You don't need to freeze web view)
Now get rid of link2sd.
Now you have a phone where people cant use chrome or play store, but other apps that require it will work.
This is mainly useful if you want a person to use the phone but not install apps on it. The only way around this for them would be to reflash the stock boot.img to the boot partition, or manually copy the app from a usb drive. But if you give someone the phone and say "don't install apps on it" and they don't have other devices, this is the way to do it.
Fastboot commands:
fastboot getvar max-sparse-size
fastboot oem fb_mode_set
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash modem NON-HLOS.bin
fastboot flash fsg fsg.mbn
fastboot erase modemst1
fastboot erase modemst2
fastboot flash dsp adspso.bin
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash dtbo dtbo.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system system.img_sparsechunk.6
fastboot flash system system.img_sparsechunk.7
fastboot flash system system.img_sparsechunk.8
fastboot flash system system.img_sparsechunk.9
fastboot flash system_b system_b.img_sparsechunk.0
fastboot flash system_b system_b.img_sparsechunk.1
fastboot flash system_b system_b.img_sparsechunk.2
fastboot flash vendor vendor.img_sparsechunk.0
fastboot flash vendor vendor.img_sparsechunk.1
fastboot flash oem oem.img
fastboot flash oem_b oem_other.img
##fastboot erase userdata
fastboot erase DDR
fastboot oem fb_mode_clear
SOLVED: https://youtu.be/yubl_JTEyJw
Code:
flash-all.bat
@echo off
title Mauronofrio Fastboot Rom Flasher :P
:choice
set /P c=Do you want to wipe all the data ( Reccomended )[Y/N]?
if /I "%c%" EQU "Y" goto :wipe
if /I "%c%" EQU "N" goto :continue
goto :choice
:wipe
fastboot -w
goto :continue
:continue
fastboot flash boot boot.img
fastboot flash dtbo dtbo.img
fastboot flash modem modem.img
fastboot flash reserve reserve.img
fastboot flash recovery recovery.img
fastboot --disable-verity flash vbmeta vbmeta.img
fastboot --disable-verity flash vbmeta_system vbmeta_system.img
fastboot reboot fastboot
fastboot flash abl abl.img
fastboot flash aop aop.img
fastboot flash bluetooth bluetooth.img
fastboot flash cmnlib cmnlib.img
fastboot flash cmnlib64 cmnlib64.img
fastboot flash devcfg devcfg.img
fastboot flash dsp dsp.img
fastboot flash hyp hyp.img
fastboot flash imagefv imagefv.img
fastboot flash keymaster keymaster.img
fastboot flash LOGO LOGO.img
fastboot flash multiimgoem multiimgoem.img
fastboot flash odm odm.img
fastboot flash oem_stanvbk oem_stanvbk.img
fastboot flash opproduct opproduct.img
fastboot flash qupfw qupfw.img
fastboot flash storsec storsec.img
fastboot flash tz tz.img
fastboot flash uefisecapp uefisecapp.img
fastboot flash xbl xbl.img
fastboot flash xbl_config xbl_config.img
fastboot flash system system.img
fastboot flash vendor vendor.img
fastboot flash product product.img
fastboot reboot
pause
Hello! I am having a lot of issues after trying to push a beta update: I couldnt find the zip in the root directory, or more accurately I couldnt place the zip into the root directory, I tried multiple file managers with most recent MAGISK, sooooo
I unpacked the JAR and payload.BIN file using payload_dumper and tried to install the System, Boot, Vendor, and Recovery partition: I couldnt find Radio within the payload.
OnePlus7TOxygen_13.W.08_OTA_008_all_2009072104_5a77f7db9358487c.zip
Sure enough, when it rebooted, i didnt have radio comms: so I tried doing a system wipe from the recovery partition: but now I am in a permanent bootloop after reboot.
I have tried reflashing the most recent stable update using the same method
OnePlus7TOxygen_14.O.18_OTA_018_all_2007240040_77d64cd32274479a
but still no luck. I am trying the MsmDownloadTool V4.0
and cant seem to see my device in the connected devices screen: I see "COM3 N/A Waiting for device"
So at this point, I dont know what to do and would greatly appreciate any help I can get
Thank you
derrickl1990 said:
Hello! I am having a lot of issues after trying to push a beta update: I couldnt find the zip in the root directory, or more accurately I couldnt place the zip into the root directory, I tried multiple file managers with most recent MAGISK, sooooo
I unpacked the JAR and payload.BIN file using payload_dumper and tried to install the System, Boot, Vendor, and Recovery partition: I couldnt find Radio within the payload.
OnePlus7TOxygen_13.W.08_OTA_008_all_2009072104_5a77f7db9358487c.zip
Sure enough, when it rebooted, i didnt have radio comms: so I tried doing a system wipe from the recovery partition: but now I am in a permanent bootloop after reboot.
I have tried reflashing the most recent stable update using the same method
OnePlus7TOxygen_14.O.18_OTA_018_all_2007240040_77d64cd32274479a
but still no luck. I am trying the MsmDownloadTool V4.0
and cant seem to see my device in the connected devices screen: I see "COM3 N/A Waiting for device"
So at this point, I dont know what to do and would greatly appreciate any help I can get
Thank you
Click to expand...
Click to collapse
When you tried to find the ota in root directory did u rename jar file to .zip
SOLVED
https://youtu.be/yubl_JTEyJw
snoopy1e11 said:
When you tried to find the ota in root directory did u rename jar file to .zip
Click to expand...
Click to collapse
Yes, I extracted the jar to a zip, but It failed to copy to the root directory every time
THIS WILL WIPE YOUR DATA!
YOU MIGHT BRICK YOUR PHONE!
MAKE. A. BACKUP!!!
THIS IS A GENERAL GUIDE BASED ON THE x70 PRO PLUS AND NEEDS A LOT OF MODIFICATIONS FOR YOUR DEVICE.
Requirements:
- Unlocked Bootloader: Guide I, Guide II
- Root to extract boot.img and recovery.img (and make a backup)
- Android Image Kitchen (AIK)
- QFIL / Split image of your target firmware
- OTA Firmware with a higher version than your Split Image
I. Root your phone You should backup all partitions either through magisk (if you have the current running firmware as ota.zip) or LineageOS GSI with me.phh.superuser.apk
The backup commands for the Vivo x70 Pro+ and a general guide can be found in the linked post.
If you have another device use adb to find your blocks and their proper partition names and modify the "script" from my post.
Code:
adb shell
ls -al /dev/block/by-name/
Do NOT backup userdata and sda.
II. Modify recoveryIn order to enable adb in recovery we have to unpack the recovery.img and change some prop.default values. (You got this recovery.img either by backing up your partitions or having the correct ota.zip)
THIS post has a great guideline, you can skip everything TWRP related.
In Short:
1. Use AIK to unpack recovery.img
2. Delete the /split_img/*ramdisk*.zip ONLY
3. Open /ramdisk/default.prop or /ramdisk/prop.default or similar with a text editor
4. Modify according to step 22 in the linked post (care vivo uses adb.secure=1 two times, edit both properties)
5. Save, repack and flash the new recovery.img
III. Folder Structure1. Create a new folder "transform" on your system and extract your SPLIT firmware files into a subfolder called "split". -> /transform/split/
First off identify your super_x.img files and their corresponding dynamic partitions. In general "system" should be the largest, "vendor" the second largest and odm / oem should be smaller.
You can open them with 7zip and identify their contents. Take note.
For the X70 Pro+: super_2.img = system | super_3.img = vendor | super_4.img = odm
2. Open these files in your ota.zip: /dynamic_partitions_op_list and /oem/dynamic_partitions_op_list.
Take note of the partition sizes for system, vendor, odm and vgc (ex. # Grow partition system from 0 to 5373415424).
3. Rename your OTA file to ota.zip and put it into /transform/ota/
IV. Modified Images1. Download the attached misc-data.img and place it in /transform/modded/ (Thanks to @Pervokur).
If you flash this it tells recovery to look for "ota.zip" in /data/ on the next boot and install it if its available.
You can edit the path via hex editor but its fine for this guide. Dont flash it yet.
2. Patch the recovery.img from /transform/split/ according to step II and place it in /transform/modded/recovery-adb.img
V. Modify the flash script1. Download my reference script and place it as info.txt into /transform/. Modify this script according to the files from your SPLIT firmware and your partition backups. Vivo phones with different hardware versions might be way more complicated. Analyze everything and take your time - you dont want to brick your device.
PAY ATTENTION: In the best case and at the very least you will have to modify vbmeta_oem, vbmeta_vgc, system, vendor, odm, oem and vgc to match your files.
DO NOT flash your fsg partition. This one basically contains your modem. If you do flash it or if you dont have signal after an ota update scroll down.
2. Go to "::RECREATE DYNAMIC PARTITIONS" and modify the partition sizes according to the values of III.2.
Code:
::OPEN A SHELL IN THIS FOLDER
::REBOOT YOUR PHONE INTO FASTBOOT (REBOOT AND HOLD POWER + VOL UP)
fastboot reboot bootloader
fastboot flash abl split/abl.elf
fastboot flash aop split/aop.mbn
fastboot flash boot split/boot.img
fastboot flash bluetooth split/BTFM.bin
fastboot flash cpucp split/cpucp.elf
fastboot flash devcfg split/devcfg.mbn
fastboot flash apdp split/dp_AP_signed_minidump.mbn
fastboot flash dsp split/dspso.bin
fastboot flash dtbo split/dtbo.img
fastboot flash factory split/factory.img
fastboot flash featenabler split/featenabler.mbn
fastboot flash storage split/firmware.bin
fastboot flash hyp split/hypvm.mbn
fastboot flash keymaster split/km41.mbn
fastboot flash logfs split/logfs_ufs_8mb.bin
fastboot flash mdcompress split/mdcompress.mbn
fastboot flash metadata split/metadata.img
::fastboot flash modemst1 split/modemst.mbn
::fastboot flash modemst2 split/modemst.mbn
fastboot flash multiimgoem split/multi_image.mbn
::fastboot flash fsg split/PD2145F_EX_fs_image.tar.gz.mbn.img
fastboot flash persist split/persist.img
fastboot flash qupfw split/qupv3fw.elf
fastboot flash recovery modded/recovery-adb.img
fastboot flash rtice split/rtice.mbn
fastboot flash secdata split/sec.elf
fastboot flash shrm split/shrm.elf
fastboot flash spunvm split/spunvm.bin
fastboot flash storsec split/storsec.mbn
fastboot flash tz split/tz.mbn
fastboot flash uefisecapp split/uefi_sec.mbn
fastboot flash vbmeta split/vbmeta.img
fastboot flash vbmeta_oem split/vbmeta_oem_PD2145F_EX_IN_NULL_NULL.img
fastboot flash vbmeta_system split/vbmeta_system.img
fastboot flash vbmeta_vgc split/vbmeta_vgc_NULL_PD2145F_EXMA.img
fastboot flash vendor_boot split/vendor_boot.img
fastboot flash vm-bootsys split/vm-bootsys.img
fastboot flash vgc split/vgc.img
fastboot flash xbl_config split/xbl_config.elf
fastboot flash xbl split/xbl.elf
fastboot flash xbl_configbak split/xbl_config.elf
fastboot flash xblbak split/xbl.elf
fastboot flash modem split/NON-HLOS.bin
::RECREATE DYNAMIC PARTITIONS
fastboot reboot fastboot
fastboot delete-logical-partition system
fastboot delete-logical-partition vendor
fastboot delete-logical-partition odm
fastboot delete-logical-partition vgc
fastboot create-logical-partition system 5373415424
fastboot create-logical-partition vendor 3128008704
fastboot create-logical-partition odm 1392640
fastboot create-logical-partition vgc 348160
::FLASH DYNAMIC PARTITIONS
::VGC WILL OUTPUT AN ERROR - DONT MIND
fastboot reboot fastboot
fastboot erase system
fastboot erase vendor
fastboot erase odm
fastboot erase oem
fastboot erase vgc
fastboot flash system split/super_2.img
fastboot flash vendor split/super_3.img
fastboot flash odm split/super_4.img
fastboot flash oem split/oem_PD2145F_EX_IN_NULL_NULL.img
fastboot flash vgc split/vgc_NULL_PD2145F_EXMA.img
fastboot reboot recovery
::IF IT DOESNT REBOOT JUST USE THE BUTTON ON YOUR PHONE
::NOW GO TO WIPE AND WIPE DATA & CACHE 2X
::CHECK SYSTEM -> RECOVERY SHOULD FAIL, EVERYTHING ELSE PASS
adb push ota/ota.zip /data
adb reboot bootloader
fastboot flash misc modded/misc-data.img
fastboot reboot
::LET THE PHONE START ONCE (ABOUT 1-5MIN)
::YOU ARE NOW ON FUNTOUCH
--------------------------------------------------------------------------
::YOU CAN BACKUP OTA PACKAGES FROM HERE WHEN THEY ARE DOWNLOADED (ROOT ONLY)
/data/vivo-updater/com.bbk.updater/OTAPackage/
::UPDATE TO THE LATEST VERSION VIA OTA ONLY AFTER YOU BACKUP THE OTA
::YOU MUST FLASH YOUR ORIGINAL BOOT.IMG BEFORE UPDATING
VI. Run the commands according to your modified flash script.VII. Problems1. Brick?
Flash all partitions from your backup
2. No signal?
Code:
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg your-original-backup-fsg.img
3. DM-Verity Warning?
Code:
adb shell service call package 134 s16 com.vivo.daemonService i32 0 i32 0
Might be different for you but try it.
4. Fingerprint not working?
Try this post.
Huge thanks to @Pervokur for finding the bootloader exploit, guiding me through this and providing help all the way!
In general there should be an easier method without having to flash a lot of things. This is hypothetical information:
Vivo Recovery looks for device identifiers in the following locations:
Code:
/vgc/env.prop ro.*
/vendor/vgc/vendor_env.prop ro.*
/vgc/vgc.prop ro.*
/vendor/vgc/vgc.prop ro.*
/oem/oem.prop ro.*
/recovery/prop.default
/default.prop
/prop.default
If we mod the recovery of our target firmware by removing all import functions from prop.default and apply the adb fixes from post 1 we should in theory be able to fake our device identifiers for the ota.zip.
In order to boot the target firmware recovery we also need to flash boot, vendor_boot, vbmeta and dtbo from the target firmware.
Then we adb push ota.zip to data, flash misc-data and reboot to flash the ota update.
This is just a theory at the moment, if you feel adventurous you can try it and report back.
Sir, I try your way to flash x80pro, cannot boot in system...
CHECK SYSTEM in recovery show system check fail....
I'm sure the super_5 is system because it is the largest.
Use 7z check it, have system folder inside.
May work for VIVO IQOO 9 Pro also ?
i have the x70pro+ unlocked bootloader, backup the partition and modify recovery, the next step is about the ota.zip and flashing. Can you give me more details about those steps? Killuminati91. Many tks sir
NHQ Thang said:
i have the x70pro+ unlocked bootloader, backup the partition and modify recovery, the next step is about the ota.zip and flashing. Can you give me more details about those steps? Killuminati91. Many tks sir
Click to expand...
Click to collapse
This is as far as I got to on my x70pp, not sure how to make a split rom but assume it needs to be from the funtouch rom (but not the newest release)?
Killuminati91 said:
THIS WILL WIPE YOUR DATA!
YOU MIGHT BRICK YOUR PHONE!
MAKE. A. BACKUP!!!
THIS IS A GENERAL GUIDE BASED ON THE x70 PRO PLUS AND NEEDS A LOT OF MODIFICATIONS FOR YOUR DEVICE.
Requirements:
- Unlocked Bootloader: Guide I, Guide II
- Root to extract boot.img and recovery.img (and make a backup)
- Android Image Kitchen (AIK)
- QFIL / Split image of your target firmware
- OTA Firmware with a higher version than your Split Image
I. Root your phone You should backup all partitions either through magisk (if you have the current running firmware as ota.zip) or LineageOS GSI with me.phh.superuser.apk
The backup commands for the Vivo x70 Pro+ and a general guide can be found in the linked post.
If you have another device use adb to find your blocks and their proper partition names and modify the "script" from my post.
Code:
adb shell
ls -al /dev/block/by-name/
Do NOT backup userdata and sda.
II. Modify recoveryIn order to enable adb in recovery we have to unpack the recovery.img and change some prop.default values. (You got this recovery.img either by backing up your partitions or having the correct ota.zip)
THIS post has a great guideline, you can skip everything TWRP related.
In Short:
1. Use AIK to unpack recovery.img
2. Delete the /split_img/*ramdisk*.zip ONLY
3. Open /ramdisk/default.prop or /ramdisk/prop.default or similar with a text editor
4. Modify according to step 22 in the linked post (care vivo uses adb.secure=1 two times, edit both properties)
5. Save, repack and flash the new recovery.img
III. Folder Structure1. Create a new folder "transform" on your system and extract your SPLIT firmware files into a subfolder called "split". -> /transform/split/
First off identify your super_x.img files and their corresponding dynamic partitions. In general "system" should be the largest, "vendor" the second largest and odm / oem should be smaller.
You can open them with 7zip and identify their contents. Take note.
For the X70 Pro+: super_2.img = system | super_3.img = vendor | super_4.img = odm
2. Open these files in your ota.zip: /dynamic_partitions_op_list and /oem/dynamic_partitions_op_list.
Take note of the partition sizes for system, vendor, odm and vgc (ex. # Grow partition system from 0 to 5373415424).
3. Rename your OTA file to ota.zip and put it into /transform/ota/
IV. Modified Images1. Download the attached misc-data.img and place it in /transform/modded/ (Thanks to @Pervokur).
If you flash this it tells recovery to look for "ota.zip" in /data/ on the next boot and install it if its available.
You can edit the path via hex editor but its fine for this guide. Dont flash it yet.
2. Patch the recovery.img from /transform/split/ according to step II and place it in /transform/modded/recovery-adb.img
V. Modify the flash script1. Download my reference script and place it as info.txt into /transform/. Modify this script according to the files from your SPLIT firmware and your partition backups. Vivo phones with different hardware versions might be way more complicated. Analyze everything and take your time - you dont want to brick your device.
PAY ATTENTION: In the best case and at the very least you will have to modify vbmeta_oem, vbmeta_vgc, system, vendor, odm, oem and vgc to match your files.
DO NOT flash your fsg partition. This one basically contains your modem. If you do flash it or if you dont have signal after an ota update scroll down.
2. Go to "::RECREATE DYNAMIC PARTITIONS" and modify the partition sizes according to the values of III.2.
Code:
::OPEN A SHELL IN THIS FOLDER
::REBOOT YOUR PHONE INTO FASTBOOT (REBOOT AND HOLD POWER + VOL UP)
fastboot reboot bootloader
fastboot flash abl split/abl.elf
fastboot flash aop split/aop.mbn
fastboot flash boot split/boot.img
fastboot flash bluetooth split/BTFM.bin
fastboot flash cpucp split/cpucp.elf
fastboot flash devcfg split/devcfg.mbn
fastboot flash apdp split/dp_AP_signed_minidump.mbn
fastboot flash dsp split/dspso.bin
fastboot flash dtbo split/dtbo.img
fastboot flash factory split/factory.img
fastboot flash featenabler split/featenabler.mbn
fastboot flash storage split/firmware.bin
fastboot flash hyp split/hypvm.mbn
fastboot flash keymaster split/km41.mbn
fastboot flash logfs split/logfs_ufs_8mb.bin
fastboot flash mdcompress split/mdcompress.mbn
fastboot flash metadata split/metadata.img
::fastboot flash modemst1 split/modemst.mbn
::fastboot flash modemst2 split/modemst.mbn
fastboot flash multiimgoem split/multi_image.mbn
::fastboot flash fsg split/PD2145F_EX_fs_image.tar.gz.mbn.img
fastboot flash persist split/persist.img
fastboot flash qupfw split/qupv3fw.elf
fastboot flash recovery modded/recovery-adb.img
fastboot flash rtice split/rtice.mbn
fastboot flash secdata split/sec.elf
fastboot flash shrm split/shrm.elf
fastboot flash spunvm split/spunvm.bin
fastboot flash storsec split/storsec.mbn
fastboot flash tz split/tz.mbn
fastboot flash uefisecapp split/uefi_sec.mbn
fastboot flash vbmeta split/vbmeta.img
fastboot flash vbmeta_oem split/vbmeta_oem_PD2145F_EX_IN_NULL_NULL.img
fastboot flash vbmeta_system split/vbmeta_system.img
fastboot flash vbmeta_vgc split/vbmeta_vgc_NULL_PD2145F_EXMA.img
fastboot flash vendor_boot split/vendor_boot.img
fastboot flash vm-bootsys split/vm-bootsys.img
fastboot flash vgc split/vgc.img
fastboot flash xbl_config split/xbl_config.elf
fastboot flash xbl split/xbl.elf
fastboot flash xbl_configbak split/xbl_config.elf
fastboot flash xblbak split/xbl.elf
fastboot flash modem split/NON-HLOS.bin
::RECREATE DYNAMIC PARTITIONS
fastboot reboot fastboot
fastboot delete-logical-partition system
fastboot delete-logical-partition vendor
fastboot delete-logical-partition odm
fastboot delete-logical-partition vgc
fastboot create-logical-partition system 5373415424
fastboot create-logical-partition vendor 3128008704
fastboot create-logical-partition odm 1392640
fastboot create-logical-partition vgc 348160
::FLASH DYNAMIC PARTITIONS
::VGC WILL OUTPUT AN ERROR - DONT MIND
fastboot reboot fastboot
fastboot erase system
fastboot erase vendor
fastboot erase odm
fastboot erase oem
fastboot erase vgc
fastboot flash system split/super_2.img
fastboot flash vendor split/super_3.img
fastboot flash odm split/super_4.img
fastboot flash oem split/oem_PD2145F_EX_IN_NULL_NULL.img
fastboot flash vgc split/vgc_NULL_PD2145F_EXMA.img
fastboot reboot recovery
::IF IT DOESNT REBOOT JUST USE THE BUTTON ON YOUR PHONE
::NOW GO TO WIPE AND WIPE DATA & CACHE 2X
::CHECK SYSTEM -> RECOVERY SHOULD FAIL, EVERYTHING ELSE PASS
adb push ota/ota.zip /data
adb reboot bootloader
fastboot flash misc modded/misc-data.img
fastboot reboot
::LET THE PHONE START ONCE (ABOUT 1-5MIN)
::YOU ARE NOW ON FUNTOUCH
--------------------------------------------------------------------------
::YOU CAN BACKUP OTA PACKAGES FROM HERE WHEN THEY ARE DOWNLOADED (ROOT ONLY)
/data/vivo-updater/com.bbk.updater/OTAPackage/
::UPDATE TO THE LATEST VERSION VIA OTA ONLY AFTER YOU BACKUP THE OTA
::YOU MUST FLASH YOUR ORIGINAL BOOT.IMG BEFORE UPDATING
VI. Run the commands according to your modified flash script.VII. Problems1. Brick?
Flash all partitions from your backup
2. No signal?
Code:
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg your-original-backup-fsg.img
3. DM-Verity Warning?
Code:
adb shell service call package 134 s16 com.vivo.daemonService i32 0 i32 0
Might be different for you but try it.
4. Fingerprint not working?
Try this post.
Huge thanks to @Pervokur for finding the bootloader exploit, guiding me through this and providing help all the way!
Click to expand...
Click to collapse
Hi. I'm very much a noob in dealing with flashing and those stuff. Is there an easier way to do this? Some way that will be idiot-proof?
I currently have a x70pro+ with originOs Ocean and an unlocked bootloader (I think?), do I still need to root to do this process?
Thank you for sharing
edcsxz said:
Sir, I try your way to flash x80pro, cannot boot in system...
CHECK SYSTEM in recovery show system check fail....
I'm sure the super_5 is system because it is the largest.
Use 7z check it, have system folder inside.
Click to expand...
Click to collapse
Which files do you use for QFIL or split image and OTA firmware?