Related
Okay, here's what happened,
2 days ago, i installed ARHD ROM, works perfectly fine,
next day, i saw a kernel by franco. installed it, then after rebooting.... baamm! my unit is not working anymore, stuck in boot screen,
i tried different ways, followed different forums, like Tutorial Disaster. still to no avail,
the sad thing is, i forgot to back it up before doing the upgrades, i know its my fault..
i tried to erase everything via recovery, still not working,
Just today, went to HTC service center, i'm from the Philippines, but i bought my unit from online selling. as per HTC service center its from indonesia, they tried to re-flash something but they said its not working, so they said that they will need to change the mother board, and it will cost me 14,000 pesos or $350.. i don't want to spend that much, feels like i bought a new one..
can someone please enlighten me?
?!
You can erase everything in recovery, but you have to flash something afterwards, maybe like ARHD.
There's nothing wrong with your device, don't panic. Just do a wipe, then flash the ROM as the directions are given.
if you can still get into recovery
relock it
flash stock recovery
flash stock RUU
done
Download ARHD and CWM Recovery
Rename ARHD to update.zip and CWM to recovery.img
Place update.zip and recovery.img into a folder with fastboot and adb
Extract boot.img from update.zip and place in your fastboot folder
Put your phone into fastboot mode with unlocked bootloader
Flash boot with command 'fastboot flash boot boot.img'
Boot recovery using 'fastboot boot recovery.img' command
Use command 'adb push update.zip /sdcard/update.zip' to send ARHD to phone
Then install rom from update.zip in recovery
It's nothing serious with your phone. It is easily can be recovered. Just don't run here and there so the XDA community can assist you.
There are two ways to recover your phone.
1) flash RUU
2) push xxx_rom.zip to your device.
Already tell you about flashing RUU in the disaster thread.
well, i would like to give thanks to all of you, who answered my questions, helped a lot. trying to read more here before doing another run in fixing my device.
where can i get stock RUU? my device is from indonesia. and one more thing, how to flash RUU?
djpoe said:
Download ARHD and CWM Recovery
Rename ARHD to update.zip and CWM to recovery.img
Place update.zip and recovery.img into a folder with fastboot and adb
Extract boot.img from update.zip and place in your fastboot folder
Put your phone into fastboot mode with unlocked bootloader
Flash boot with command 'fastboot flash boot boot.img'
Boot recovery using 'fastboot boot recovery.img' command
Use command 'adb push update.zip /sdcard/update.zip' to send ARHD to phone
Then install rom from update.zip in recovery
Click to expand...
Click to collapse
very detailed instruction here
where can i get adb BTW?
wintermute000 said:
if you can still get into recovery
relock it
flash stock recovery
flash stock RUU
done
Click to expand...
Click to collapse
This and finish with: fastboot erase cache
Sent from my HTC One X using XDA
wolfraim said:
This and finish with: fastboot erase cache
Sent from my HTC One X using XDA
Click to expand...
Click to collapse
thanks man.. where can i get the stock RUU and stock recovery? and also why do we have to re lock the device?
EDIT: i almost forgot, because this problem started after installing a new kernel by franco, so i guess i need to install a stock kernel? where can i get it?
mikey0105 said:
thanks man.. where can i get the stock RUU and stock recovery? and also why do we have to re lock the device?
EDIT: i almost forgot, because this problem started after installing a new kernel by franco, so i guess i need to install a stock kernel? where can i get it?
Click to expand...
Click to collapse
I had the same problem with franco's kernel, what I did was, go to recovery and re-flash my xx_rom.zip, then it boots ok. You should try the same, provided you still have the ARHD.zip in your sdcard.
Your device from Indonesia ? I believe this is the RUU for you (same for me too):http://hoxroms.serveftp.com/RUU_END...Radio_1.1204.103.14_release_257076_signed.exe
ckpv5 said:
I had the same problem with franco's kernel, what I did was, go to recovery and re-flash my xx_rom.zip, then it boots ok. You should try the same, provided you still have the ARHD.zip in your sdcard.
Your device from Indonesia ? I believe this is the RUU for you (same for me too):http://hoxroms.serveftp.com/RUU_END...Radio_1.1204.103.14_release_257076_signed.exe
Click to expand...
Click to collapse
thanks ill try it later.. i don't have it on my sdcard, as i've said i erased everything already..
but i guess i'll try the step on top provided by "djpoe" to put the ARHD inside my SD card. hope everything will work..
1 Download ARHD and CWM Recovery
2 Rename ARHD to update.zip and CWM to recovery.img
3 Place update.zip and recovery.img into a folder with fastboot and adb
4 Extract boot.img from update.zip and place in your fastboot folder
5 Put your phone into fastboot mode with unlocked bootloader
6 Flash boot with command 'fastboot flash boot boot.img'
7 Boot recovery using 'fastboot boot recovery.img' command
8 Use command 'adb push update.zip /sdcard/update.zip' to send ARHD to phone
9 Then install rom from update.zip in recovery
For item 7 & 8, maybe you like a safe-proof guide that I posted here
Just replace "D:\HTC\One X\HTC Dev.com unlock\android-sdk\platform-tools>" to your own fastboot/adb folder path
and "recovery-clockwork-touch-5.8.3.1-endeavoru.img" to "recovery.img" if you renamed it.
and "xxx.zip" to "update.zip"
thanks, i'm downloading the files now...
quick question, if i erased all data/cache, the kernel that i installed? will it be deleted as well? because i need to have a stock kernel and i can't see one?
erase all data/system/cache will not delete the installed kernel.
As you said you will follow djpoe's guide, see no. 4 & no. 6 regarding kernel flashing.
Remember the ROM.zip that you have earlier (see Disaster thread), inside the ROM.zip there is a boot_signed.img, that is the stock kernel. But you don't really need the stock kernel, what you need is the AHRD's kernel (see. no.4).
ohhh i see! now that good to know thanks... waiting for the files to be downloaded.. will give you feedback later... fingers cross...
additional question, just wondering, why is it important to re-lock the device before flashing ruu?
i tried to copy the update.zip by doing this
adb push update.zip/sdcard/update.zip
then there are lots of command on the CMD.. see below
C:\fastboot>adb push update.zip/sdcard/update.zip
Android Debug Bridge version 1.0.29
-d - directs command to the only connected USB devic
e
returns an error if more than one USB device is
present.
-e - directs command to the only running emulator.
returns an error if more than one emulator is r
unning.
-s <serial number> - directs command to the USB device or emulator w
ith
the given serial number. Overrides ANDROID_SERI
AL
environment variable.
-p <product name or path> - simple product name like 'sooner', or
a relative/absolute path to a product
out directory like 'out/target/product/sooner'.
If -p is not specified, the ANDROID_PRODUCT_OUT
environment variable is used, which must
be an absolute path.
devices - list all connected devices
connect <host>[:<port>] - connect to a device via TCP/IP
Port 5555 is used by default if no port number
is specified.
disconnect [<host>[:<port>]] - disconnect from a TCP/IP device.
Port 5555 is used by default if no port number
is specified.
Using this command with no additional arguments
will disconnect from all connected TCP/IP devic
es.
device commands:
adb push <local> <remote> - copy file/dir to device
adb pull <remote> [<local>] - copy file/dir from device
adb sync [ <directory> ] - copy host->device only if changed
(-l means list but don't copy)
(see 'adb help all')
adb shell - run remote shell interactively
adb shell <command> - run remote shell command
adb emu <command> - run emulator console command
adb logcat [ <filter-spec> ] - View device log
adb forward <local> <remote> - forward socket connections
forward specs are one of:
tcp:<port>
localabstract:<unix domain socket name>
localreserved:<unix domain socket name>
localfilesystem:<unix domain socket name>
dev:<character device name>
jdwp:<process pid> (remote only)
adb jdwp - list PIDs of processes hosting a JDWP transport
adb install [-l] [-r] [-s] <file> - push this package file to the device and i
nstall it
('-l' means forward-lock the app)
('-r' means reinstall the app, keeping its data
)
('-s' means install on SD card instead of inter
nal storage)
adb uninstall [-k] <package> - remove this app package from the device
('-k' means keep the data and cache directories
)
adb bugreport - return all information from the device
that should be included in a bug report.
adb backup [-f <file>] [-apk|-noapk] [-shared|-noshared] [-all] [-system|-nosy
stem] [<packages...>]
- write an archive of the device's data to <file>
.
If no -f option is supplied then the data is wr
itten
to "backup.ab" in the current directory.
(-apk|-noapk enable/disable backup of the .apks
themselves
in the archive; the default is noapk.)
(-shared|-noshared enable/disable backup of the
device's
shared storage / SD card contents; the defau
lt is noshared.)
(-all means to back up all installed applicatio
ns)
(-system|-nosystem toggles whether -all automat
ically includes
system applications; the default is to inclu
de system apps)
(<packages...> is the list of applications to b
e backed up. If
the -all or -shared flags are passed, then t
he package
list is optional. Applications explicitly g
iven on the
command line will be included even if -nosys
tem would
ordinarily cause them to be omitted.)
adb restore <file> - restore device contents from the <file> backup
archive
adb help - show this help message
adb version - show version num
scripting:
adb wait-for-device - block until device is online
adb start-server - ensure that there is a server running
adb kill-server - kill the server if it is running
adb get-state - prints: offline | bootloader | device
adb get-serialno - prints: <serial-number>
adb status-window - continuously print device status for a specifie
d device
adb remount - remounts the /system partition on the device re
ad-write
adb reboot [bootloader|recovery] - reboots the device, optionally into the boo
tloader or recovery program
adb reboot-bootloader - reboots the device into the bootloader
adb root - restarts the adbd daemon with root permissions
adb usb - restarts the adbd daemon listening on USB
adb tcpip <port> - restarts the adbd daemon listening on TCP on th
e specified port
networking:
adb ppp <tty> [parameters] - Run PPP over USB.
Note: you should not automatically start a PPP connection.
<tty> refers to the tty for PPP stream. Eg. dev:/dev/omap_csmi_tty1
[parameters] - Eg. defaultroute debug dump local notty usepeerdns
adb sync notes: adb sync [ <directory> ]
<localdir> can be interpreted in several ways:
- If <directory> is not specified, both /system and /data partitions will be u
pdated.
- If it is "system" or "data", only the corresponding partition
is updated.
environmental variables:
ADB_TRACE - Print debug information. A comma separated list
of the following values
1 or all, adb, sockets, packets, rwx, usb, sync
, sysdeps, transport, jdwp
ANDROID_SERIAL - The serial number to connect to. -s takes prior
ity over this if given.
ANDROID_LOG_TAGS - When used with the logcat option, only these de
bug tags are printed.
-------------------------------
then tried to install it via CWM, apply /sdcard/update.zip
it says
finding update
opening update
E: Can't open sdcard/update.zip
(No such file or directory)
Installation aborted
It should be C:\fastboot>adb push update.zip /sdcard not C:\fastboot>adb push update.zip/sdcard/update.zip
where is your adb files ? In the fastboot folder too ? If yes, try this:
1. C:\fastboot>fastboot boot recovery-clockwork-touch-5.8.3.1-endeavoru.img
2. C:\fastboot>adb devices
enter
C:\fastboot>adb shell
enter then type after ~ # mount sdcard
3. don't close anything, open another cmd prompt
C:\fastboot>adb push update.zip /sdcard
then enter
once completed, choose install from sdcard - choose zip from sdcard, the update.zip should be there
here whats happening. see attachment
mikey0105 said:
here whats happening. see attachment
Click to expand...
Click to collapse
There is no AdbWinUsb.dll in your folder ?
GUYS!!! AT LAST!!!! I'm so happy!!! its all okay now! oh man! this is crazy! hahaha! thank you so much to all!. the feeling is really great! WOOOOOWWWWW!!!!
So I'm on the M5s Plus and Android Pay doesn't work.
Does Pay work on the Mi5s?
When attempting to add a card, error says:
Android Pay can't be used
Google is unable to verify that your device or the software running on it is Android compatible
MIUI Global 8.0.1.0
Check your version again, there is no 8.0.1.0. Official release is 8.0.10.0, "global custom rom" is 8.0.10.0.0. If you have the second one, there it probably doesn't work because your bootloader is unlocked.
If you indeed have the rare original Chinese/English ROM, then go into settings -> connections -> NFC and there somewhere (I sadly don't yet have the phone) you have to switch from MI Pay to the other possible setting. Then it should work.
hey thanks for the input. Am definitely on 8.0.1.0 here.
i tried your suggestion and switched the nfc pay method but that didn't help so it must be detecting something in the rom. this is rather curious
Oohh you're a Plus user, didn't read that when I replied the first time. Yeah there the software releases are different. Your SIM card is payment enabled? I needed a new sim card when I tried this the last time here, but not with Android Pay, as we don't have that yet here.
Anyway found this: http://en.miui.com/forum.php?mod=viewthread&tid=402053&extra=&highlight=android+pay&page=2
Sounds like there is a bug in the new Global Release of MIUI official
Here the official manual on how to enable it: http://en.miui.com/thread-405166-1-1.html
I have Mi5s plus on same Global Rom. I had to lock boot loader for android pay to work.
Sent from my iPad using Tapatalk
How to relock the bootloader? I try to use "fastboot oem lock" to relock the bootloader. After reboot the phone, the bootloader is still unlock. What's wrong? I am using Xiaomi Mi 5s.
You can relock in miflash, but I don't know if that works without flashing it.
I compared the two .bat files (flash_all.bat and flash_all_lock.bat) and the difference is this:
fastboot %* flash userdata %~dp0images\userdata.img || @ECHO "Flash userdata error" && exit /B 1
fastboot %* erase devinfo || @ECHO "Erase devinfo error" && exit /B 1
I don't exactly know what those commands do, so I wouldn't execute them!
The .sh file has those differences:
fastboot $* erase devinfo
if [ $? -ne 0 ] ; then echo "Erase devinfo error"; exit 1; fi
So for me it looks like the erase devinfo file is the re-lock command, not sure why that should do it tough.
In MiFlash you could try this command flash_all_except_storage.bat. That would flash your phone again, but should not delete your apps and data, but I'm not entirely sure
I also tried to use flash_all_lock.bat to flash the global ROM. After flashing the ROM successfully, the unlock status shown by "fastboot oem device-info" is true also. I think the boot loader is also unlocked, and I can't pass the CTS profile test so that I can't use Android Pay.
patoberli said:
You can relock in miflash, but I don't know if that works without flashing it.
I compared the two .bat files (flash_all.bat and flash_all_lock.bat) and the difference is this:
fastboot %* flash userdata %~dp0images\userdata.img || @ECHO "Flash userdata error" && exit /B 1
fastboot %* erase devinfo || @ECHO "Erase devinfo error" && exit /B 1
I don't exactly know what those commands do, so I wouldn't execute them!
The .sh file has those differences:
fastboot $* erase devinfo
if [ $? -ne 0 ] ; then echo "Erase devinfo error"; exit 1; fi
So for me it looks like the erase devinfo file is the re-lock command, not sure why that should do it tough.
In MiFlash you could try this command flash_all_except_storage.bat. That would flash your phone again, but should not delete your apps and data, but I'm not entirely sure
Click to expand...
Click to collapse
That's weird. I unlocked my phone (to be able to flash global rom) and then flashed it with the lock option and it passes the CTS test.
Chinese stable rom(MIUI 8.0.22) not working with android pay and octopus card
Money. $$$$$$$$$$$$$$$$$$$$$$
I need HELP in de-soft-bricking my Moto Play G7 and installing the /e/ project (or perhaps other Linux-based build), and I am willing to PAY for tech support to walk me through it (ideally via Skype or Zoom platform). Here are a few more specifics:
I bought a used Moto G7 Play that was updated by a developer from Android 9 to Android 10. I followed tutorials to unlock the phone and install TWRP via ADB but ran into problems, as far as I can tell, due to the Motorola A-B slot issue (it says "No bootable A/B slot, failed to boot Linux, falling back to fastboot" when I try to reboot). I can no longer recover the phone to Android or reset it to "factory" settings via the bare-bones Android and Motorola phone menus, but I remain able to issue commands via ADB / USB and also navigate to the G7's bootloader menus by using the buttons on the side of the phone. As for my PC platforms, I am running Win 10 (with ADB) but I also have Ubuntu running (so I could format SD cards to ext4 if that would help), and I have Android studio installed (not as if I know what to do with it), if that would be of any help. As far as I can tell, ADB and the Motorola USB drivers are working fine, and I USUALLY get positive indication when I type "adb devices", and I can always get the phone to acknowledge that the USB is connected/disconnected.
I don't know if this will help, but as I try to do the ADB sideload for copy-partitions.zip, this is where things don't work, as my Moto G7 play screen says:
Finding update package…
Opening update package…
Verifying update package…
E:footer is wrong
Update package verification too 0.2 s (result 1).
E: Signature verification failed
E: error:21
Installation aborted.
From there, it seems I can't go on to flash the TWRP image. Any ideas how I can work past these problems? Let me know how I can contact you via the forum and we can work $omething out. I'm guessing that this is a fast fix for someone who knows what they are doing. I'm sick of google and don't want to accept defeat! Thanks, -Andrew
Try the motorola rescue assistant
When it not workling download for your device the firmware
Instead of flashing TWRP, have you tried just booting TWRP w/o flashing?
fastboot boot twrp.img
I ran into some problems with my Moto G7 Play; I didn't softbrick it, but several things fought back, so I'll pass along what may get you back on track. First of all, I cannot use Linux to connect via fastboot, so I had to use a Mac, you can use your Windows box. Secondly, TWRP does not officially have a version for the G7 Play. I used an unofficial one from an XDA forum member HERE. It only offers a black screen unless you flash dtmo.img. I didn't want to flash dtmo.img, so I just used the black screen and used adb commands to install Lineage (and /e/) via TWRP command line.
The steps are pulled from another XDA posting showing how to use TWRP command line:
1. Connect the phone in fastboot mode to the PC, run fastboot devices to make sure it is connected.
2. Type: fastboot set_active b
Then: fastboot boot <your_recovery.img>, e.g. fastboot boot twrp.img
<phone will reboot, the screen will be black>
<wait to Windows new device sound>
3. Type: adb shell
twrp wipe cache << will not work on Moto G7 Play, but won't hurt anything.
twrp wipe dalvik
twrp wipe system
twrp wipe data <- NOW YOUR DATA WILL BE REMOVED, SO MAKE A BACKUP BEFORE!
twrp sideload
adb sideload <location_of_your_ROM.zip>, e.g. adb sideload C:\lineage-xyz.zip
IF THE TWRP commands do not work and hang saying something about "starting TWRP", I discovered by looking at the log in /tmp that /sdcard is encrypted. You will need to unencrypt /sdcard and I'm not sure how to do that without recovery; I'm sure there is way, though.
If I were you, I would see if you can flash LineageOS (or lineageOS + microG) with this method to get your phone back working, then you can move on to /e/. Note that if this works, you will have a recovery program available (the standard Lineage recovery), which has some basic tools. You CAN ONLY load Lineage-signed roms with this recovery. So if you want to switch from lineage to /e/ or to lineage+microG, you will need to use the twrp method above to switch to the other rom. Then you can use the lineage or /e/ recovery to install lineage or /e/ updates from the same publisher.
Also, if you install stock lineage, don't use a bleeding edge version. Pick one from mid-October so if you decide to switch to /e/ or Lineage+microG you will not be downgrading because they don't make nightly builds. It probably won't hurt since downgrading a week probably has few changes, but just in case.
Hope this helps.
maw1 said:
Try the motorola rescue assistant
When it not workling download for your device the firmware
Click to expand...
Click to collapse
I tried the Motorola Device Manager tool. Not sure if I made a good backup to begin with, and now I try to open the tool it doesn't seem to do anything.
xtermmin said:
Instead of flashing TWRP, have you tried just booting TWRP w/o flashing?
fastboot boot twrp.img
Click to expand...
Click to collapse
Tried that... It says it FAILED.
C:\adb>fastboot boot twrp.img
downloading 'boot.img'...
OKAY [ 0.427s]
booting...
FAILED (remote failure)
finished. total time: 1.054s
Exinu said:
I ran into some problems with my Moto G7 Play; I didn't softbrick it, but several things fought back, so I'll pass along what may get you back on track. First of all, I cannot use Linux to connect via fastboot, so I had to use a Mac, you can use your Windows box. Secondly, TWRP does not officially have a version for the G7 Play. I used an unofficial one from an XDA forum member HERE. It only offers a black screen unless you flash dtmo.img. I didn't want to flash dtmo.img, so I just used the black screen and used adb commands to install Lineage (and /e/) via TWRP command line.
The steps are pulled from another XDA posting showing how to use TWRP command line:
1. Connect the phone in fastboot mode to the PC, run fastboot devices to make sure it is connected.
2. Type: fastboot set_active b
Then: fastboot boot <your_recovery.img>, e.g. fastboot boot twrp.img
<phone will reboot, the screen will be black>
<wait to Windows new device sound>
3. Type: adb shell
twrp wipe cache << will not work on Moto G7 Play, but won't hurt anything.
twrp wipe dalvik
twrp wipe system
twrp wipe data <- NOW YOUR DATA WILL BE REMOVED, SO MAKE A BACKUP BEFORE!
twrp sideload
adb sideload <location_of_your_ROM.zip>, e.g. adb sideload C:\lineage-xyz.zip
IF THE TWRP commands do not work and hang saying something about "starting TWRP", I discovered by looking at the log in /tmp that /sdcard is encrypted. You will need to unencrypt /sdcard and I'm not sure how to do that without recovery; I'm sure there is way, though.
If I were you, I would see if you can flash LineageOS (or lineageOS + microG) with this method to get your phone back working, then you can move on to /e/. Note that if this works, you will have a recovery program available (the standard Lineage recovery), which has some basic tools. You CAN ONLY load Lineage-signed roms with this recovery. So if you want to switch from lineage to /e/ or to lineage+microG, you will need to use the twrp method above to switch to the other rom. Then you can use the lineage or /e/ recovery to install lineage or /e/ updates from the same publisher.
Also, if you install stock lineage, don't use a bleeding edge version. Pick one from mid-October so if you decide to switch to /e/ or Lineage+microG you will not be downgrading because they don't make nightly builds. It probably won't hurt since downgrading a week probably has few changes, but just in case.
Hope this helps.
Click to expand...
Click to collapse
Thanks for the effort, Exinu, but it seems to not fully recognize the command or is looking for another flag or operand. The "set_active b" command that you proposed just results in making a list like for a "help" or unspecified command. As you can see below, I tried other variations of the command after I tried searching out more details. I also tried "fastboot set_active=b" and it does the same thing with the listing. I'm assuming that it's not accepting this command. I did try the twrp-dirtyport image as well, but as you can see below, that created an error as well:
C:\adb>fastboot --set_active b
fastboot: unknown option -- set_active
C:\adb>fastboot --set-active=b
fastboot: unknown option -- set-active=b
C:\adb>fastboot set_active b
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot, system, vendor and if found,
recovery
flash <partition> [ <filename> ] write a file to a flash partition
flashing lock locks the device. Prevents flashing partitions
flashing unlock unlocks the device. Allows user to flash any partition except the ones that are related to bootloader
flashing lock_critical Prevents flashing bootloader related partitions
flashing unlock_critical Enables flashing bootloader related partitions
flashing get_unlock_ability Queries bootloader to see if the device is unlocked
erase <partition> erase a flash partition
format[:[<fs type>][:[<size>]] <partition> format a flash partition.
Can override the fs type and/or
size the bootloader reports.
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
continue continue with autoboot
reboot [bootloader] reboot device, optionally into bootloader
reboot-bootloader reboot device into bootloader
help show this help message
options:
-w erase userdata and cache (and format
if supported by partition type)
-u do not first erase partition before
formatting
-s <specific device> specify device serial number
or path to device port
-l with "devices", lists device paths
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address.
default: 0x10000000
-n <page size> specify the nand page size.
default: 2048
-S <size>[K|M|G] automatically sparse files greater
than size. 0 to disable
C:\adb>
I did try the next step with the dirtyboot but that seem to have failed as well.
C:\adb>fastboot boot twrp-dirtyport-g7play.img
downloading 'boot.img'...
OKAY [ 0.570s]
booting...
FAILED (status read failed (Too many links))
finished. total time: 1.566s
On my phone on the "Bootloader logs" screen, it said (before I began)
Start Up Failed:Your device didn't stat up successfully.
Use the Software Repair Assistant on computer to repair your device.
Connect your device to your computer to get
the Software Repair Assistant.
AP Fastboot Flash Mode (Secure)
No bootable A/B slot
Failed to boot Linux, falling back to fastboot
Fastboot Reason: Fall-through from normal boot mode
USB Connected
I then typed fastboot devices from my windows C:\ADB prompt and it showed me it was connected.
After running the stuff mentioned above, it said:
cmd: download:01348000
cmd: boot
Incomplete boot image for booting.
I disconnected and reconnect the USB and then I tried the fastloading of the dirtyport image again. The screen went blank and said the same stuff again with no bootable A/B slot, which leaves me to believe this is where my problem starts.
Any other ideas?
Any ideas
I think you may have several issues that need to be fixed one step at a time. First, I think you have an old fastboot if it doesn't recognize the set_active command. Go to this link: https://developer.android.com/studio/ and scroll down to the section labeled "Command Line tools only" and download the command line tools. Make sure you are in that directory in Windows so you are running the newer version and not the old version installed. If you run "fastboot --help" you should see set_active as an option.
Next, where did you get the TWRP? Go to the link I provided, which has a (black screen) TWRP that I have used and it works. Start from there and see how things proceed.
Exinu said:
I think you may have several issues that need to be fixed one step at a time. First, I think you have an old fastboot if it doesn't recognize the set_active command. Go to this link: https://developer.android.com/studio/ and scroll down to the section labeled "Command Line tools only" and download the command line tools. Make sure you are in that directory in Windows so you are running the newer version and not the old version installed. If you run "fastboot --help" you should see set_active as an option.
Next, where did you get the TWRP? Go to the link I provided, which has a (black screen) TWRP that I have used and it works. Start from there and see how things proceed.
Click to expand...
Click to collapse
I got the TWRP from the link that you provided. As for running "fastboot --help", I did not see the "set_active" flag listed as an option (results pasted below). I also tried to download the command line tools as suggested, but not positive as to which directory they are to reside in, or which of the files I should launch. I unzipped the commandlinetools directory (in my adb directory) and tried running the sdkmanager.bat batch file which was nested in one of the subdirectories (it briefly opened and flashed a window but seemed to do nothing more). Not sure if this matters, but I also have android studio installed, although I am not sure how or where the "set_active" command comes from. I tried downloading windows latest PowerShell, and have also tried CMD as adminstrator. From my searching, I see people using "--set-active" with android commands as well, but I really don't know if this is a MS/DOS based command that is used for controlling drives and partitions on the Windows system, or if it's an adhock SDK - Linux add-on command of sorts. I can't seem to find much info on the command.
This is how it reads:
PS C:\adb> fastboot --help
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot, system, vendor and if found,
recovery
flash <partition> [ <filename> ] write a file to a flash partition
flashing lock locks the device. Prevents flashing
partitions
flashing unlock unlocks the device. Allows user to
flash any partition except the ones that are related to bootloader
flashing lock_critical Prevents flashing bootloader related
partitions
flashing unlock_critical Enables flashing bootloader related
partitions
flashing get_unlock_ability Queries bootloader to see if the device is unlocked
erase <partition> erase a flash partition
format[:[<fs type>][:[<size>]] <partition> format a flash partition.
Can override the fs type and/or
size the bootloader reports.
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
continue continue with autoboot
reboot [bootloader] reboot device, optionally into bootloader
reboot-bootloader reboot device into bootloader
help show this help message
options:
-w erase userdata and cache (and format
if supported by partition type)
-u do not first erase partition before
formatting
-s <specific device> specify device serial number
or path to device port
-l with "devices", lists device paths
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address.
default: 0x10000000
-n <page size> specify the nand page size.
default: 2048
-S <size>[K|M|G] automatically sparse files greater
than size. 0 to disable
PS C:\adb>
PS C:\adb> set_active
set_active : The term 'set_active' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ set_active
+ ~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (set_active:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Any other ideas?
The command-line tools download should not require any installation; at least, the Mac version did not. Unzip the file to your desktop. Then open a command prompt which should open in c:\Users\your_user . Enter "cd Desktop" to change to the Desktop folder, then cd <foldername> to change into the folder you unzipped the files into. Windows will sometimes unzip a folder into a second folder, so you may need to cd <foldername> once more. In any case, enter "dir" to make sure you see files like fastboot.exe, adb.exe, etc.
In Windows, when you type a command it will first look to your current directory and run the exe file that exists there, if it exists. If it does not, then it starts looking for the command in your %PATH% environment variable. That's why you need to "cd" to the tools directory: when you run "fastboot", you want it to run fastboot.exe in that directory, and not the old fastboot.exe that is installed somewhere on your system.
It sounds like you haven't worked with the command line much; I suggest you go through some tutorials on basic command line usage for both Windows and Linux; it will make tinkering with computers and phones much easier. And set_active is not a DOS/Windows command, it is parameter you are passing to fastboot.exe to tell it what action you want it to do; it just also calls these actions "commands". So when you typed c:>set_active, you told Windows to find a file called set_active.exe and run it. That file does does not exist, so it did not work.
Quick note: the Unix command line will not run a command from the current directory for multiuser security reasons; you need to specify the current directory (dot) and a slash on the command like this: ./fastboot
This will also work with DOS/Windows, but usually the backslash is used instead of the forward slash, for very old historical reasons.
Exinu said:
The command-line tools download should not require any installation; at least, the Mac version did not. Unzip the file to your desktop. Then open a command prompt which should open in c:\Users\your_user . Enter "cd Desktop" to change to the Desktop folder, then cd <foldername> to change into the folder you unzipped the files into. Windows will sometimes unzip a folder into a second folder, so you may need to cd <foldername> once more. In any case, enter "dir" to make sure you see files like fastboot.exe, adb.exe, etc.
In Windows, when you type a command it will first look to your current directory and run the exe file that exists there, if it exists. If it does not, then it starts looking for the command in your %PATH% environment variable. That's why you need to "cd" to the tools directory: when you run "fastboot", you want it to run fastboot.exe in that directory, and not the old fastboot.exe that is installed somewhere on your system.
It sounds like you haven't worked with the command line much; I suggest you go through some tutorials on basic command line usage for both Windows and Linux; it will make tinkering with computers and phones much easier. And set_active is not a DOS/Windows command, it is parameter you are passing to fastboot.exe to tell it what action you want it to do; it just also calls these actions "commands". So when you typed c:>set_active, you told Windows to find a file called set_active.exe and run it. That file does does not exist, so it did not work.
Quick note: the Unix command line will not run a command from the current directory for multiuser security reasons; you need to specify the current directory (dot) and a slash on the command like this: ./fastboot
This will also work with DOS/Windows, but usually the backslash is used instead of the forward slash, for very old historical reasons.
Click to expand...
Click to collapse
Exinu, thanks for your continued assistance. As it turns out the fastboot/adb version I was using didn't include the "set_active" command (I don't think it was a path problem as I was always typing commands from the in directory where the ADB software was downloaded). As I had tried to follow a number of different tutorials of the course of several weeks, some for the G7 play, and perhaps some for the G7 and others generic, I think the place on the web that I went for the original ADB package (or the ADB version) was the problem. I also found another copy of ADB on my drive (downloaded weeks ago) that was titled "Minimal ADB and Fastboot", and as it turns out, that version DID support the set_active operand (from the fastboot --help command). So, I was able to return to your initial directions to set the active partion to b as initially instructed (see below, but the phone also shows that the set_active:b command seemed to process without error). However, I was not able to do the next step of flashing the TWRP. I tried the TWRP version you suggested and linked to (the dirtyport version) and then also the "channel" version, which I understand to be designed for the G7 play, unlike the "river" version. In either case (dirtyport or channel) I get a new/different "usage: unknown command" error, as seen in text pasted below:
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot set_active b
Setting current slot to 'b'...
OKAY [ 0.176s]
finished. total time: 0.178s
C:\Program Files (x86)\Minimal ADB and Fastboot>dir
Volume in drive C has no label.
Volume Serial Number is EC2B-BC54
Directory of C:\Program Files (x86)\Minimal ADB and Fastboot
2020-11-27 01:42 PM <DIR> .
2020-11-27 01:42 PM <DIR> ..
2018-01-11 06:53 PM 1,784,320 adb.exe
2018-01-11 06:53 PM 97,792 AdbWinApi.dll
2018-01-11 06:53 PM 62,976 AdbWinUsbApi.dll
2015-08-09 01:50 PM 29,882 cmd-here.exe
2018-01-11 06:53 PM 853,504 fastboot.exe
2020-08-17 02:31 AM 1,456,678 logo.bin
2020-08-15 11:25 PM 27,848,704 twrp
2020-09-03 02:52 AM 27,133,952 twrp-dirtyport-g7play.img
2020-08-16 01:12 AM 17,307,289 twrp-installer-3.4.0-0-river.zip
2020-11-17 04:21 AM 23,298,048 twrp-moto-g7-play-channel-android-10.img
2020-08-15 11:25 PM 27,848,704 twrp.img
2020-11-27 01:27 PM 5,004 unins000.dat
2020-11-27 01:26 PM 717,985 unins000.exe
13 File(s) 128,444,838 bytes
2 Dir(s) 28,010,246,144 bytes free
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot twrp-dirtyport-g7play.img
fastboot: usage: unknown command twrp-dirtyport-g7play.img
Granted, I'm not a command line expert, but I have been playing with computers since the TRS-80 and the C64 and Apple IIe, and 8086 DOS stuff, and used to do QBasic programming as a kid, so in most cases, I can usually navigate myself through some hairy computer instructions to do whatever I need to do, unless the instructions themselves are hairy. I find that the Android Dev forums are predicated upon some knowledge of those platforms and are a rude awakening for those unfamiliar with the development history and architecture. Obviously, I'm going to extremes to try to de-google an Android phone (frankly I would be happier if there was more stuff on the market that already was preinstalled), as this google censorship and proposed contract tracing stuff is just getting out of hand and going too far... so this is my way of fighting back. I'd rather know nothing about ADB, but here I am.
Is there any chance you know how or why I am getting the "fastboot: usage: unknown command twrp..." error above, or how I can resolve it?
You are getting close. Your fastboot entry is a little off. It should be >fastboot boot <filename.img>. If the twrp img file is not in the current directory, you will need to provide the full path.
Exinu said:
You are getting close. Your fastboot entry is a little off. It should be >fastboot boot <filename.img>. If the twrp img file is not in the current directory, you will need to provide the full path.
Click to expand...
Click to collapse
OK, so that was a head-slapping "duh" moment on my end (using fastboot filename.img instead of fastboot boot filename.img). However, now that I've entered the right command I'm still having problems. As you indicate in your post above, the "fastboot boot" command did initiate the sequence, and the screen did go black, however, one of the screens that it went to only said "bad key" at the upper left hand corner.
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot boot twrp-dirtyport-g7play.img
downloading 'boot.img'...
OKAY [ 0.575s]
booting...
FAILED (status read failed (Too many links))
finished. total time: 1.580s
As for my phone screen, it goes black and cycles saying "bad key" a few times, and after a few attempts it reverts to the Bootload logs screen, giving the same message it did that I started with.
Start Up Failed
Your device didn't start up successfully.
Use the Software Repair Assistant on computer
to repair your device.
Connect you device to your computer to get
the Software Repair Assistant. AP Fastboot Flash Mode (Secure)
No bootable A/B slot
Failed to boot Linux, falling back to fastboot
Fastboot Reason: Fall-through from normal boot mode
USB Connected
Exinu said:
You are getting close. Your fastboot entry is a little off. It should be >fastboot boot <filename.img>. If the twrp img file is not in the current directory, you will need to provide the full path.
Click to expand...
Click to collapse
OK, I after the "dirtyport" image didn't work, I went out on a limb and tried to flash a different img file, (first doing the set_active b command), typing:
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot boot twrp-moto-g7-play-channel-android-10.img
downloading 'boot.img'...
OKAY [ 0.496s]
booting...
OKAY [ 0.178s]
finished. total time: 0.679sIt briefly flashed the Moto screen and then went black. After this, with the black screen, it seemed like it was able to the "adb shell" command, although it seemed to not be able to take the TWRP commands:
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell
* daemon not running; starting now at tcp:5037
* daemon started successfully
channel:/ # twrp wipe cache
Unable to find partition for path '/cache'
Done processing script file
channel:/ # twrp wipe dalvik
Failed to mount '/data' (Invalid argument)
Done processing script file
channel:/ # twrp wipe system
E:Error with wipe command value: 'system'
Done processing script file
channel:/ # twrp wipe data
Failed to mount '/data' (Invalid argument)
Done processing script file
channel:/ # twrp sideload
C:\Program Files (x86)\Minimal ADB and Fastboot>adb sideload lineage-17.1-20201129-nightly-channel-signed.zip
Total xfer: 1.00x
After this point it went back to the "bad key" and return to the Bootloger logs screen.
I'm assuming at this point if there is a failure in the TWRP command sequence (as suggested above) I shouldn't expect the latter commands to work. I also attempted to use the moto g7's built-in recovery menu that is available from pushing and holding the power and upper volume button. When I tried to "apply update from ADB" using the phone to initiate the effort, and then typed, C:\Program Files (x86)\Minimal ADB and Fastboot>adb sideload lineage-17.1-20201129-nightly-channel-signed.zip, the phone screen read as follows:
Supported APR: 3
Stopping adbd...
Now send the package you want to apply to the device with the "adb sideload ,filename"...
Finding update package...
Opening update package...
Verifying update package...
E: failed to verify whole-file signature Update package verification took 45.2 s (result 1).
E: Signature verification failed
E: error: 21
Installation aborted.
Exinu said:
You are getting close. Your fastboot entry is a little off. It should be >fastboot boot <filename.img>. If the twrp img file is not in the current directory, you will need to provide the full path.
Click to expand...
Click to collapse
Even though I was getting errors after the "WIPE" command, it seems like the adb shell is bringing about a linux-esque terminal of the channel image and I can see the files/directories. Using the LS command it seems that the folders you are mentioned are empty, with the exception that there is no "dalvik" directory:
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell
channel:/ # twrp
TWRP openrecoveryscript command line tool, TWRP version 3.3.1-0
Allows command line usage of TWRP via openrecoveryscript commands.
Some common commands include:
install /path/to/update.zip
backup <SDCRBAEM> [backupname]
restore <SDCRBAEM> [backupname]
wipe <partition name>
sideload
set <variable> [value]
decrypt <password>
remountrw
fixperms
mount <path>
unmount <path>
print <value>
mkdir <directory>
reboot [recovery|poweroff|bootloader|download|edl]
See more documentation at https://twrp.me/faq/openrecoveryscript.html
channel:/ # ls
acct config etc init.rc init.recovery.usb.rc persist plat_service_contexts res sideload tmp vendor_file_contexts vndservice_contexts
bin d external_sd init.recovery.hlthchrg.rc license plat_file_contexts postinstall root storage twres vendor_hwservice_contexts
bugreports data file_contexts.bin init.recovery.mksh.rc mnt plat_hwservice_contexts proc sbin sys ueventd.rc vendor_property_contexts
cache default.prop firmware init.recovery.qcom.rc odm plat_property_contexts product sdcard system usb_otg vendor_seapp_contexts
charger dev init init.recovery.service.rc oem plat_seapp_contexts prop.default sepolicy system_root vendor vendor_service_contexts
Here are the directory contents:
channel:/ # cd data
channel:/data # ls
channel:/data # cd /
channel:/ # cd cache
channel:/cache # ls
channel:/cache # cd /
channel:/ # cd system
channel:/system # ls
channel:/system # cd /
channel:/ # cd dalvik
/sbin/sh: cd: /dalvik: No such file or directory
When you went into recovery mode, was it Motorola's stock recovery or LineageOS's recovery (with the Lineage logo (the three circles))?
In any case, at least you have a working recovery. Error 21 simply means that the signature is on the firmware file is not what it was expecting. If you have a Motorola recovery, then it expects a Motorola-signed firmware. If it is the Lineage recovery, then it will only flash Lineage-signed firmware.
Your TWRP sideload command sure looks like it worked when it loaded the firmware, but if it had worked, you would have LineageOS recovery and it would say current slot: a. I don't remember if the stock Motorola recovery displays the current slot. When you tell fastboot to set_active b, it sets the current slot to b and then when you install the firmware it installs the firmware to slot a.
Exinu said:
When you went into recovery mode, was it Motorola's stock recovery or LineageOS's recovery (with the Lineage logo (the three circles))?
In any case, at least you have a working recovery. Error 21 simply means that the signature is on the firmware file is not what it was expecting. If you have a Motorola recovery, then it expects a Motorola-signed firmware. If it is the Lineage recovery, then it will only flash Lineage-signed firmware.
Your TWRP sideload command sure looks like it worked when it loaded the firmware, but if it had worked, you would have LineageOS recovery and it would say current slot: a. I don't remember if the stock Motorola recovery displays the current slot. When you tell fastboot to set_active b, it sets the current slot to b and then when you install the firmware it installs the firmware to slot a.
Click to expand...
Click to collapse
Exinu,
It looks like the fastboot set_active b command worked, in that my phone acknowledged it did, and the command prompt seemed to indicate the same. As for the phone screen, the Moto splash screen that flashed quickly (probably less than 1 second) did not have any hint of Lineage logo. I tried repeating the process and saw the logo a total of 3x. It was the C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot boot twrp-moto-g7-play-channel-android-10.img command that got me there (the "dirtyport" image you suggested didn't work) and it was before the attempt to flash the lineage image.
However, as for the ADB SHELL commands that you recommended, it didn't seem like they were doing what one might expect. Subsequent to the attempted TWRP commands in the shell, I tried to sideload the lineage system but it would not take, saying "bad key" on the upper LH side of the screen.
Is it possible that prior image flashing attempts have left some incompatible clutter on my phone (perhaps visible by means of exploring other folders or folder names via the ADB SHELL)? I've been working with Raspberry PI's and PC based OMV / Nextcloud servers in recent months and perceive that new installs seem inclined to revert to old files on occasion if not thoroughly formatted.
One thing I forgot to mention: since you are installing Lineage, you can use the Lineage recovery to install it. TWRP is only necessary for /e/ or other roms that do not have their own recovery. Try "fastboot boot" but specify the lineage recovery file.
Also, now that I review things again, I may have used this TWRP instead of the "dirty port" version. I don't know if it will make a difference, but it might be worth a try. Sorry, I guess I have too many irons in the fire right now and got it mixed up. Scroll down to abou t the third or forth comment and there is a google drive link. You just need the recovery.img. Do not flash the dtmo.img, just fastboot/boot the recovery image: https://forum.xda-developers.com/t/...y-custom-recovery-kernel-source-code.3933680/
Hi,
GOAL: I'm trying to flash Kali Nethunter on my Nexus 5X (bullhead)
MIDD: This boils down to try to disable dm-verity and force-encryption from my Nexus 5X (bullhead).
STEP: I have a rooted, TWRP'ed phone on (alledgedly) stock ROM, disabling both FAILs
Let's 1st state my safety nets
1. I went the safe route : Fastboot > Temporary TWRP through fastboot > Full backup
2. So I have carefully backed up every partition, literally boot.emmc.win, data.ext4.win, efs1.emmc.win, efs2.emmc.win, recovery.emmc.win, system.ext4.win000, system.ext4.win001, system_image.emmc.win, vendor.ext4.win, vendor_image.emmc.win
3. I can at any time restore my phone - it was a huge step, using fastboot + twrp + the backup above
4. Then I installed magisk, produced a dm-verity-enabled and encryption-enabled boot partition copy
5. Then flashed this boot, then had root, then added twrp app, and gained permanent TWRP
6. Now I'm fine with a safe backup at that point
That said (100% clear : I can try anything out of deleting fastboot - if that's even a thing )
Guys .. I have a real corner case :
1. I want to flash NetHunter .. brings error "Can't write to /system"
2. OK I (think I) know that one : mount -o remount,rw /system && touch /system/test # .. oh crap
3. It looks like dm-verity-plus-encrypt switches prevent me from tinkering with /system
And that's where it becomes furry
4. I adb push my boot.emmc.win as /sdcard/boot.emmc.win.img
5. I use magisk to "disable dm-verity" and "disable force-encrypt" [screenshot Screenshot_20210416-131341.png] .. and patch that boot image. The result is some magisk_patched_kSiHo.img [screenshot Screenshot_20210416-131422.png]
6. I rename this to /sdcard/TWRP/boot.emmc.NOVERITY.NOENCRYPTION.img and go to TWRP
7. In TWRP I use *this* image to flash boot, and *format* (not wipe) data and *format* cache
8. Cross fingers, pray, reboot .. FAIL : Google white logo doesn't move - no fancy colorful anim
9. I flash back my stuf, go to step 4 state again, and decide I may have made a typo
10. I triple check the original boot.emmc.win.img, put it again on sdcard, go through magisk again with the same options
11. I get a alledgedly bullet-proof BOOT image again [screenshot Screenshot_20210416-131841.png], copy it to /sdcard
12. I decide to do it hardcore-style [screenshot EXTRACT 2021-04-16 à 13.22.21.png] and issue a fastboot flash boot boot.emmc_nodmverity_noencryption.win && fastboot format userdata && fastboot format cache
Now I can't possibly have typed things wrong and I'm hoping to
* Have wiped all my data (format userdata)
* Have gotten RID OF dm-verity and encryption
* Be able to boot the partition without android needing to decrypt it
And the result is ... tadaa .. FAIL
RESULT: A white "Google" logo forever (1 night so > 6h) without Android booting. Time to restore.
So .. I don't have dm-verity and force-encryption disabled. The boot partition is (still, to date) dm-veritied and data encrypted and .. the Kali Nethunter zip fails to Install using TWRP because it fails to mountpoint /system || mount -o remount,rw,seclabel /system .. and in fact it mounts but then fails to write to any /system/some_file (and TWRP terminal show the impossibility to even touch /system/hello_world # readonly filesystem)
Any checklist/hint/manual/request_for_getprop_or_info is welcome !
For some reason /system had become non-writable and non-mountable (rw).
I don't have any data on the phone so I went down the strong route :
* Using https://dl.google.com/dl/android/aosp/bullhead-n4f26u-factory-e6420fc1.zip to extract the cache.img
* Using https://dl.google.com/dl/android/aosp/bullhead-opm7.181205.001-factory-5f189d84.zip for every other partition
I did the following, which works :
Code:
fastboot format userdata \
&& fastboot format cache \
&& fastboot flash bootloader bootloader-bullhead-bhz32c.img \
&& fastboot reboot-bootloader \
&& sleep 6 \
&& fastboot flash radio radio-bullhead-m8994f-2.6.42.5.03.img \
&& fastboot reboot-bootloader \
&& sleep 6 \
&& fastboot erase cache \
&& fastboot flash cache cache.img \
&& fastboot flash boot boot.img \
&& fastboot flash recovery recovery.img \
&& fastboot flash vendor vendor.img \
&& fastboot flash system system.img \
&& fastboot boot ~/Downloads/twrp-3.5.2_9-0-bullhead.img \
&& sleep 30 \
&& adb push ~/Downloads/Magisk-v22-0.zip /sdcard/Magisk-v22-0.zip
At that point I had a *stock* ROM with TWRP booted temporarily, Magisk on the sdcard and no encrypted data partition.
I flashed Magisk and rebooted the phone.
After configuring Android (first boot overwhelmingly long wizard) I found out I had root and a writable /system . I don't know why it had become read-only. Something between dm-verity, encryption, using the TWRP app instead of the img and (probably) a shadow /system that gets re-signed and archived in /data with verity_keys each time.
Problem #1 solved. Onto the next - Kali NetHunter now installs in TWRP .. but does not boot.
I found a reproducible way to install Kali NetHunter on a Nexus 5X (in March 2021, in case you bump on this thread in the 'future')
Do this at your own risk. While it works, it erases everything on your phone. Please learn how to backup and use fastboot and TWRP first
Scope :
Model Nexus 5X, codename bullhead
A spare phone, you will erase everything on it by following the instructions
Installation of Android 8.1.0 OREO, namely https://dl.google.com/dl/android/aosp/bullhead-opm7.181205.001-factory-5f189d84.zip
With the addition of cache.img from a 7.1 archive, namely https://dl.google.com/dl/android/aosp/bullhead-n4f26u-factory-e6420fc1.zip
Installation of SuperSU 2.82, namely SR5-SuperSU-v2.82-SR5-20171001224502.zip from https://download.chainfire.eu/1220/SuperSU/SR5-SuperSU-v2.82-SR5-20171001224502.zip/
Installation of Kali NetHunter 2021.1, namely https://images.kali.org/nethunter/nethunter-2021.1-bullhead-oreo-kalifs-full.zip
All this using fastboot and TWRP 3.5.2, namely https://dl.twrp.me/bullhead/twrp-3.5.2_9-0-bullhead.img.html
You, a fluent Linux (preferably) user with some knowledge of fastboot and adb - including the proper google USD drivers installed if on windows. You've been warned
Enough warnings. After long and painful weeks of tests I finally succeeded in installing NetHunter on Nexus 5X, the crucial point being SuperSU works whereas M.a.g.i.s.k does not (redacted to prevent search to get here)
Step 1Download the prerequisites, create an install directory on your pc
Unzip there bullhead-n4f26u-factory-e6420fc1.zip/cache.img
Unzip there bullhead-opm7.181205.001/image-bullhead-opm7.181205.001.zip/*.img
Using the key combo POWER + Volume Down, boot in fastboot mode.
Connect your phone to the PC/Mac/Linux
Step 2Here goes the (non-bricking but) destroying commands
Code:
D=YOUR_INSTALL_DIR
cd $D
fastboot format userdata \
&& fastboot format cache \
&& fastboot flash bootloader $D/bootloader-bullhead-bhz32c.img \
&& fastboot reboot-bootloader \
&& sleep 6 \
&& fastboot flash radio $D/radio-bullhead-m8994f-2.6.42.5.03.img \
&& fastboot reboot-bootloader \
&& sleep 6 \
&& fastboot erase cache \
&& fastboot flash cache $D/cache-bullhead-n4f26u.img \
&& fastboot flash boot $D/boot.img \
&& fastboot flash recovery $D/recovery.img \
&& fastboot flash vendor $D/vendor.img \
&& fastboot flash system $D/system.img \
&& fastboot boot $D/twrp-3.5.2_9-0-bullhead.img \
&& sleep 30 \
&& adb push $D/SR5-SuperSU-v2.82-SR5-20171001224502.zip /sdcard/SR5-SuperSU-v2.82-SR5-20171001224502.zip
Your phone should now be inside the TWRP gui (if necessary slide to answer "yes I want to modify the system partition")
Step 3
From within TWRP, choose "Install"
Select SR5-SuperSU-v2.82-SR5-20171001224502.zip
Wait for the end of the install
Also run Wipe Davik/Cache
Select reboot > system
Your phone should boot within less than 2 mins in normal Stock Android 8.1.0. Configure it slightly (especially the wifi) and on to the next step
Step 4
Boot again in TWRP mode
Code:
fastboot boot $D/twrp-3.5.2_9-0-bullhead.img
Now transfer the Kali NetHunter image from the PC
Code:
adb push nethunter-2021.1-bullhead-oreo-kalifs-full.zip /sdcard/nethunter-2021.1-bullhead-oreo-kalifs-full.zip
At the end (~20mins) run Wipe Davik/Cache
Select and run reboot > system
Wait for the ~1min for 1st boot
Enjoy !
A long time ago, I posted in a forum thread about my difficulty in trying to revive my M2003J15SG and after having my ethereal Windows install bricked. I switched to Fedora and tried my hand there, where surprisingly, things worked very well. I'm not calling this a guide because I'm basically piecing this together from my bash_history and recollection. I have used the word guide too many times to keep that sentence but yeah, it may be shaky in some places.
Disclaimer
Code:
/*
* Your warranty is... still valid?
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns.
*
* I have removed the part about laughing at you because I'm not a meanie :3
*
* But yeah, this text is as-is. We provide this work to you without
* warranty of any kind, express or implied and in no event shall the authors
* be liable for any claim, damages or other liability in any way, shape or form,
* arising from, out of, in connection with the work
*
*/
A few things to note
This is an attempt to document my experience with BROM recovery of a phone that I bricked because I flashed an incorrect littlekernel image. If you're able to use other methods (using fastboot, recovery mode, hell, even preloader mode, you should probably go with that, this is a last resort).
This guide does involve opening your device, you will need a heat gun, a few picks and a screwdriver. No, this is not optional.
If you've read the excellent guide by VD171 on bypassing authentication and flashing, you may notice the important text that states
> Once you get "Protection disabled" at the end, without disconnecting phone and usb, run SP Flash Tool
That's because if you do disconnect and attempt to reconnect your device, it won't be recognized anymore. On Windows, this manifests as the infamous "USB device not recognized" error. This isn't you installing incorrect drivers, that's the device behaving erratically.
To have a second go at it, you have to press Vol Up + Power for about 60 seconds before you can retry.
To enter BROM mode, you need to press Vol Down and no other key, and then plug in your device.
This guide while being Fedora-specific, could be translated to other Linux distros assuming you have the necessary packages installed and have the appropriate permissions and udev rules set
This model of device doesn't need the kamakiri-specific kernel patch
On RHEL-like distros like Rocky Linux and... RHEL, you may need to disable SELinux. I have mine disabled at install so I'm not sure how this guide will behave with SELinux enforcement enabled.
Click to expand...
Click to collapse
Ingredients
Stock MIUI ROM V11.0.5.0.QJOMIXM (the fastboot variant), which you can get from XiaomiFirmwareUpdater
SP Flash Tool v5.2020 for Linux, which you can get from SPFlashTools
VD171's readback_ui_bak.xml, which you can get from their XDA Forums thread
VD171's scatterfiles for V11.0.5.0.QJOMIXM, which you can get from their XDA forums thread
You'll specifically need MT6768_Android_scatter--V11.0.5.0.QJOMIXM--boundary_false.txt and MT6768_Android_scatter--V11.0.5.0.QJOMIXM--download_true--boundary_false.txt
mtkclient, an MTK device exploit kit, which you can find on their GitHub (you'll need their master branch, not their releases, so there'll be instructions on how to fetch it)
A box of chocolate chip cookies
Click to expand...
Click to collapse
a) Preparing the computer
Step 0: Extract all ingredients and put them into one directory for ease of access
You can do this via the command line or through your file manager, it's just for convinence. This guide will assume that everything is done in one neat folder.
Click to expand...
Click to collapse
Step 1: Install all the dependencies you'll need
Bash:
sudo dnf install android-tools git libusb-devel python3 python3-pip systemd-udev
Step 2: Prevent Linux from interfering with MediaTek serial connections
Bash:
sudo touch /etc/udev/rules.d/20-mm-blacklist-mtk.rules
echo "ATTRS{idVendor}==\"0e8d\", ENV{ID_MM_DEVICE_IGNORE}=\"1\"" | sudo tee /etc/udev/rules.d/20-mm-blacklist-mtk.rules
echo "ATTRS{idVendor}==\"6000\", ENV{ID_MM_DEVICE_IGNORE}=\"1\"" | sudo tee -a /etc/udev/rules.d/20-mm-blacklist-mtk.rules
Step 3: Clone mtkclient and install its dependencies
Bash:
git clone https://github.com/bkerler/mtkclient
cd mtkclient
pip3 install -r requirements.txt
python3 setup.py build
sudo python3 setup.py install
Step 4: Install mtkclient's bundled udev rules
Bash:
sudo usermod -a -G dialout $USER
sudo cp Setup/Linux/*.rules /etc/udev/rules.d
Step 5: Reload udev rules
Bash:
sudo udevadm control --reload-rules
sudo udevadm trigger
Step 6: Return to previous directory
Bash:
cd ..
b) Preparing the device
This is where you basically follow this iFixit guide for the purposes of just disconnecting the battery cable. So, just stop at Step 12, then put the back cover on just flush enough that you can now click the volume and power buttons and insert a cable into the USB-port but not too much so that you have to go through the effort of reopening it again (because, well, you'll have to).
Attempting to skip this will yield you STATUS_EXT_RAM_EXCEPTION.
Click to expand...
Click to collapse
c) Backing everything up
Alongside ROM and userdata, your EMMC contains your IEMI, your bootloader lock state, MAC addresses, calibration data, the whole nine yards. It's always a good idea to back things up before we get started.
Step 1: Copy readback_ui_bak.xml to the SP Flash Tool directory
Bash:
cp ./readback_ui_bak.xml ./SP_Flash_Tool_v5.2020_Linux/readback_ui_bak.xml
Step 2: Connecting your device and applying the exploit
Start off by running the exploit.
Bash:
cd mtkclient
chown +x mtk
./mtk payload
Once it says Preloader - Status: Waiting for PreLoader VCOM, please connect mobile, hold down Vol Down and connect your phone to the computer. If everything goes according to plan, you'll get an output similar to this.
Code:
Port - Device detected :)
Preloader - CPU: MT6768/MT6769(Helio P65/G85 k68v1)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x707
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: [redacted]
Preloader - SOC_ID: [redacted]
PLTools - Loading payload from mt6768_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: [redacted]/mtkclient/mtkclient/payloads/mt6768_payload.bin
Click to expand...
Click to collapse
Step 3: Open SP Flash Tool
Bash:
cd ../SP_Flash_Tool_v5.2020_Linux
chmod +x flash_tool
sudo ./flash_tool
Yes, I'm aware, it's technically not advisable to grant superuser privileges to, a flashing tool but... I can't get it to work otherwise, if you know how to make it work on Fedora, drop a comment.
Click to expand...
Click to collapse
Step 4: Load the Download Agent (DA)
Click "Choose" and go to (common directory)/mtkclient/mtkclient/Loader/xiaomi_9_DA_6765_6785_6768_6873_6885_6853.bin
Click to expand...
Click to collapse
Step 5: Configure SP Flash Tool
Go to Options > Option
In General, uncheck "Storage Lifecycle Check"
In Connection, select "UART"
COM Port: /dev/ttyACM0 (it may not be the exact number, it'll just look something similar to this)
Baud rate: 921600
In Download
Uncheck "USB Checksum"
Uncheck "Storage Checksum"
Click to expand...
Click to collapse
Step 6: Backup device contents
Start by going to the "Readback" tab, it should already be populated with values that correspond to images from pgpt to otp. If you are presented with an empty table, you've need to go back and check if you've copied readback_ui_bak.xml to the correct directory.
If it shows up, then click "Read Back" and if all goes according to plan, you should see the green checkmark show up eventually.
Click to expand...
Click to collapse
d) Flashing stock firmwareStep 1: Copy scatterfiles to ROM directory
Bash:
cp ./MT6768_Android_scatter--V11.0.5.0.QJOMIXM--boundary_false.txt ./merlin_global_images_V11.0.5.0.QJOMIXM_20200609.0000.00_10.0_global/images/MT6768_Android_scatter--V11.0.5.0.QJOMIXM--boundary_false.txt
cp ./MT6768_Android_scatter--V11.0.5.0.QJOMIXM--download_true--boundary_false.txt ./merlin_global_images_V11.0.5.0.QJOMIXM_20200609.0000.00_10.0_global/images/MT6768_Android_scatter--V11.0.5.0.QJOMIXM--download_true--boundary_false.txt
Step 2: Flash the firmware
Return to the "Download" tab and select the MT6768_Android_scatter--V11.0.5.0.QJOMIXM--boundary_false.txt scatterfile we just copied in the ROM's images directory
Select "Firmware Upgrade" from the drop-down menu and then hit "Download". If all goes according to plan, you should see a green checkmark.
Click to expand...
Click to collapse
Step 3: Restore bootloader status (optional)
In case you had an unlocked bootloader before imploding your phone and don't want to bother with Xiaomi's rigmarole, then by restoring seccfg, you should get it back.
Step 3.1: Copy over seccfg from our backup
You're probably going to be using a new terminal window because SP Flash is still running, navigate to your common directory first. The backup we did earlier stored all the images within the SP Flash Tool directory. We need to use sudo because flash_tool was running with root privileges and so, was writing with root privileges as well.
Bash:
sudo cp ./SP_Flash_Tool_v5.2020_Linux/seccfg ./merlin_global_images_V11.0.5.0.QJOMIXM_20200609.0000.00_10.0_global/images/seccfg
Step 3.2: Change the scatterfile, select the image and flash it
Change the scatterfile to MT6768_Android_scatter--V11.0.5.0.QJOMIXM--download_true--boundary_false.txt and un-select everything except seccfg
Select "Download Only" from the drop-down menu and then hit "Download". Fingers crossed, green checkmark, you should get your unlock back.
Click to expand...
Click to collapse
Step 4: Reconnect your battery and first boot
If you've reached this point and everything has worked as expected, reconnect your battery, long press the Power button and you should be greeted with a boot animation and hopefully a functioning phone.
Click to expand...
Click to collapse
e) Packing it up
Basically, just... follow the iFixit guide from Step b) in reverse and seal up your phone. I don't use this phone regularly so I never bothered sealing it, relying only on the plastic clips. You probably should but that's outside the scope of this journal.
Click to expand...
Click to collapse
f) Upgrading to Android 11 (optional)
As of this writing, LineageOS supports this device under the codename merlinx (the x is because of a conflict with the Moto G3 Turbo, which shares the same codename) and according to their install documentation, they expect a base of Android 11 and this guide flashes Android 10.
I personally used the V12.5.4.0.RJOMIXM firmware (available from XiaomiFirmwareUpdater, again, use the fastboot version) but I did an ever-so-slight change. The entire song-and-dance of needing the bypass exploit is because of "upgrades" made to the payload. I modified flash_all.sh to omit flashing the payload and the modification looks something like this (the other comment-outs were already there in the file)
Bash:
(...)
#fastboot $* flash preloader `dirname $0`/images/preloader_merlin.bin
#if [ $? -ne 0 ] ; then echo "Flash preloader error"; exit 1; fi
#fastboot $* flash efuse `dirname $0`/images/efuse.img
#if [ $? -ne 0 ] ; then echo "Flash efuse error"; exit 1; fi
fastboot $* flash logo `dirname $0`/images/logo.bin
if [ $? -ne 0 ] ; then echo "Flash logo error"; exit 1; fi
fastboot $* flash tee1 `dirname $0`/images/tee.img
"Flash preloader error"; exit 1; fi
(...)
I also commented out the reboot command at the end so I could flash LineageOS's recovery and flash the OS that I wanted.
Bash:
(...)
#fastboot $* reboot
#if [ $? -ne 0 ] ; then echo "Reboot error"; exit 1; fi
(...)
Of course, you need to boot into fastboot mode (by taking a turned off device and pressing Power + Vol Down) before you execute the script
Code:
cd merlin_global_images_V12.5.4.0.RJOMIXM_20220325.0000.00_11.0_global
chmod +x flash_all.sh
./flash_all.sh
Click to expand...
Click to collapse
Sources
https://github.com/bkerler/mtkclient
https://github.com/bkerler/mtkclient/issues/94
https://www.hovatek.com/blog/my-experience-unbricking-a-dead-boot-lg-stylo-6/
https://forum.xda-developers.com/t/...omi-redmi-10x-4g-xiaomi-redmi-note-9.4221065/
https://forum.xda-developers.com/t/...for-merlin-redmi-10x-4g-redmi-note-9.4238149/
https://forum.xda-developers.com/t/...omi-redmi-10x-4g-xiaomi-redmi-note-9.4223107/
https://forum.xda-developers.com/t/...omi-redmi-10x-4g-xiaomi-redmi-note-9.4223093/
Wow !
Really amazing guide !
Nice, nice
Thank you very much for contribution