Database Info

[ROOT][CWM][ROM]Pantech Discover P9090 (Magnus) Root & Modification Guide

Pantech Discover P9090 (Magnus) Root & Modification Guide
This thread is intended as an updated version of the original Ultimate Pantech Discover/Magnus/P9090 Rooting & Modding Thread thread. I created this thread to bring the latest knowledge and tutorials to the top. If you are interested in the evolution of Discover rooting and modding pour yourself a cup of coffee, tea, or ??? and review the posts in that thread and when you are ready to modify your Discover come back here.
Available Mods
Root access
ClockworkMod Recovery
TWRP Recovery
Restore unlocked bootloader for Jellybean devices
CWM flashable ROM/partition updates
Warning/Disclaimer
The tutorials posted in this thread at the time of this writing have been tested and should do what they claim to do without causing harm to your phone, however, if for any reason things go awry when doing any kind of update or modification to your phone the authors of these tutorials or thread posts are not responsible. There is always a chance that modifying your phone can cause damage or a loss of features. Proceed at your own risk. I suggest you read the procedure you intend to implement thoroughly and if necessary ask questions before you proceed. Also, installing mods may make it so you cannot receive or install updates from Pantech/AT&T.
Modification Procedure Order
Determine if your device is running Ice Cream Sandwich (ICS) or Jellybean (JB)
Open the Settings app and tap on "About phone"
If the "Android version" is 4.0.4 you are running ICS, if it is 4.1.2 you are running JB
Set up and ensure you have ADB access to the phone
For now you will have to find an ADB installation tutorial elsewhere
Root your device
Follow the tutorial here.
Jellybean (JB) users should revert back to the unlocked (ICS) bootloader to increase the chance of brick recovery
Follow the tutorial here.
Install ClockworkMod Recovery or TWRP
Follow the tutorial here (CWM) or here (TWRP).
(Optional) Install custom ROM(s)
Follow the tutorial here.
Useful links
Pantech Discover Specs
Ultimate Pantech Discover/Magnus/P9090 Rooting & Modding Thread - Not all content is still relevant but a great read
PantechDevTeam Github - The original Pantech devs (a ton of awesome work here)
PantechDiscover Github - Put together by @Unjustified Dev with contributions from @mifl and myself
Pantech Discover Jellybean Kernel Source
Pantech Discover ICS Kernel Source
Thanks to everyone who helped test and provide feedback for these advancements. A big thanks to @Unjustified Dev & @mifl for their continued development help and porting TWRP (Unjustified Dev) and to @ShotSkydiver for creating the original Pantech Discover mod thread.

Root
Rooting the Pantech Discover P9090
WARNING: Please review the Warning/Disclaimer in the original post before following this procedure!
Click "CLICK TO SHOW CONTENT" to proceed.
Users running ICS
Download recovery-magnus.img, su, and SuperSU_1.65.apk and move them to a directory of your choosing hereafter known as <install-directory>
Boot the phone in fastboot (bootloader) mode by holding down both volume buttons and the power button, once the menu appears use the volume buttons to select "fastboot", then hit the power button
Attach your phone to your computer
Open a cmd window (Windows) or terminal/shell (unix flavors) and type the following command (hit enter after each):
Code:
cd <install-directory>
Now boot to the magnus recovery by typing:
Code:
fastboot boot recovery-magnus.img
The phone should be booted to CWM, now type:
Code:
adb push su /sdcard/
adb push SuperSU_1.65.apk /sdcard/
adb shell
You should now be in an adb terminal on the phone, type the following:
Code:
mount /dev/block/mmcblk0p14 /system
cd /sdcard
cp SuperSU_1.65.apk /system/app/
cp su /system/xbin/
chmod 4755 /system/xbin/su
exit
If all goes well you should be back in your computer's terminal, reboot the phone with
Code:
adb reboot
Enjoy!
Users running Jellybean
Download and install the Framaroot app (version 1.6.1 or later) from here.
Install and open the app
Select "Gandalf"
Reboot the phone for good measure
Enjoy!

Bootloader
Reverting to the Unlocked (ICS) Bootloader from the JB Bootloader
WARNING: Please review the Warning/Disclaimer in the original post before following this procedure!
Click "CLICK TO SHOW CONTENT" to proceed.
Context: The Jelly Bean update for the Pantech Discover flashes a locked bootloader over the unlocked Ice Cream Sandwich bootloader. The result is that you can no longer use fastboot to flash images or boot to external bootloaders. If you are on ICS this tutorial does not apply.
You can test to see if you have the locked bootloader by booting into fastboot (power off device, power on devices holding both volume keys, select fastboot), connect the device to your PC, and run the following command from a command terminal.
Code:
fastboot boot recovery-magnus.img
NOTE: If you don't already have the magnus recovery image download it from here.
If your output looks like the message below you have the locked bootloader and this guide applies to you.
Code:
downloading 'boot.img'...
OKAY [ 0.538s]
booting...
FAILED (remote: Not Support !!)
finished. total time: 0.543s
Procedure: If you have the locked bootloader, you would prefer not be locked, and you are willing to take the risk you can follow the procedure below.
Prerequisites
Phone must be rooted
ADB access
Download the ICS bootloader image (aboot.img) from here.
Connect your phone to your PC and from a command window in the download directory type:
Code:
adb push aboot.img /sdcard/
adb shell
If you are connected to your device at this point type:
Code:
su
cd /sdcard
md5sum aboot.img
The output should be:
Code:
7f55c5ab321cf20e595b841371f45cda aboot.img
The MD5 checksum should be the hex number above (beginning in 7f and ending in cda). If it does match download it again and make sure the checksum matches before proceeding. If no matter what you do you can't get a match then don't proceed.
If you are here then you have the ICS bootloader and it's ready to be flashed, before we do this you should check the checksum for the bootloader partition with the command:
Code:
md5sum /dev/block/mmcblk0p5
output:
Code:
8b6fa6881c7f155858243e94490d0a29 /dev/block/mmcblk0p5
If you are on JB the checksum should match mine.
Now you are ready to flash the ICS image. If you are feeling confident and risk adverse run the command below:
Code:
dd if=aboot.img of=/dev/block/mmcblk0p5
You should get the output:
Code:
5120+0 records in
5120+0 records out
2621440 bytes transferred in 0.458 secs (5723668 bytes/sec)
Don't be concerned if the transfer time is not precise.
Now confirm that our checksum is updated to the new image:
Code:
md5sum /dev/block/mmcblk0p5
Code:
7f55c5ab321cf20e595b841371f45cda /dev/block/mmcblk0p5
If not follow the bail out procedure outlined after this procedure, otherwise get back to your PC command window with:
Code:
exit
exit
Reboot into the ICS bootloader with:
Code:
adb reboot bootloader
Once you are in fastboot verify it worked with:
Code:
fastboot boot recovery-magnus.img
You should be rewarded with the following output:
Code:
downloading 'boot.img'...
OKAY [ 0.544s]
booting...
OKAY [ 0.020s]
finished. total time: 0.565s
You are done!!!!!
Invalid checksum: If the checksum you show does not match the checksum above you can reflash the JB bootloader and if all goes well you will be back where you started.
Download the JB bootloader (jb-aboot.img) from here.
Follow the procedure above to push the bootloader to the device and validate that the checksum matches the original JB checksum you copied on step above.
Flash the JB bootloader as per the guide above replacing aboot.img with jb-aboot.img.
If you have problems I strongly suggest you refrain from rebooting your phone and ask for help.

CWM
Installing ClockworkMod 6.0.2.8 on your Pantech Discover
WARNING: Please review the Warning/Disclaimer in the original post before following this procedure!
Click "CLICK TO SHOW CONTENT" to proceed.
Prerequisites
You must have adb and fastboot installed and working on your computer. There are literally hundreds of tutorials on this so I won't go into it here.
Your phone must be rooted
Optional but recommended
If you are on Jellybean and you haven't already done so I recommend reverting to the unlocked (ICS) booloader. An unlocked bootloader will increase the ability to restore a "brick" substantially.
Ready, set, go!
Option 1 (Do this if you have the unlocked ICS bootloader this is much faster)
Download update_magnus_clockworkmod-6.0.2.8.zip and recovery-magnus.img and move them to a directory of your choosing hereafter known as <install-directory>
Turn off the phone, copy update_magnus_clockworkmod-6.0.2.8.zip to a micro sdcard and install it in the phone
Boot the phone in fastboot (bootloader) mode by holding down both volume buttons and power, once the menu appears use the volume keys to select fastboot, then hit power
Attach your phone to your computer
Open a cmd window (Windows) or terminal/shell (unix flavors) and type the following command (hit enter after each):
Code:
cd <install-directory>
Now boot to the magnus recovery by typing:
Code:
fastboot boot recovery-magnus.img
The phone should be booted to CWM, now select the menu options:
install zip from sdcard > choose zip from external sdcard​
Select update_magnus_clockworkmod-6.0.2.8.zip then hit power and confirm by choosing
Yes - Install update_magnus_clockworkmod-6.0.2.8.zip​
Once the install is finished choose
Go Back > reboot system now​
Enjoy!
Option 2 (Do this if you have the locked Jellybean bootloader and do not wish to revert it):
Attach your phone to your computer and make sure it is booted to Android
Download recovery-magnus.img and move it to a directory of your choosing hereafter known as <install-directory>
Open a cmd window (Windows) or terminal/shell (unix flavors) and type the following command (hit enter after each):
Code:
cd <install-directory>
adb push recovery-magnus.img /sdcard/
adb shell
In the adb terminal type:
Code:
cd /sdcard
ls
Verify that the recovery-magnus.img file is there and if so type:
Code:
su
mount -o rw,remount /system
dd if=recovery-magnus.img of=/dev/block/mmcblk0p20
You should see output indicating that the image was flashed (I'll try to update this with the exact text). If you get an error don't continue and when you reboot to Android the original recovery should be restored. Otherwise type:
Code:
mv /system/recovery_from_boot.p /system/recovery_from_boot.p.bak
exit
exit
You should be back in your computers terminal, type:
Code:
adb reboot recovery
You should be in CWM 6.0.2.8 after a minute or so. The first time you reboot CWM will ask if you want to prevent recovery from being overwritten, go ahead and say yes.
You can use the backup feature to backup your ROM.
What works
Backup/restore from sdcard and external sdcard (including advanced restore)
Delete backup (sdcard and external sdcard)
Choose default backup method
Install zip from sdcard (external)
Wipe cache
Wipe dalvik-cache
Wipe data/factory reset
Mounts - mounting and unmounting partitions
Key test
Show log
Fix permissions (I ran this and it completed and the phone boots but I haven't done exhaustive testing so I don't recommend it, shouldn't need this feature at this point)
What hasn't been tested yet
Install zip from sideload
Format partitions (not recommended)
Partition external sdcard
Report error
Bugs
Backups do not reflect the correct date (common issue that can be resolved eventually)

ROM
Flashing a Custom ROM
WARNING: If you downloaded the ROM that was originally linked to in this guide (magnus-jb-4.1.2-cwm-unlocked_bootloader-rooted-all_partitions.zip) please do not flash it!! While this has worked on most phones the original IMEI on a couple of phones was wiped out.
WARNING 2 (Untested fix uploaded on 11/29, see below) : A couple of users have reported that this update failed on their phones but they were able to restore from a nandroid backup. If you still want to try this ROM please backup your current ROM in CWM first! If you try this please let me know if this works or does not work on your phone and which Android version you were on prior to flashing it. Thanks!
UPDATE 11/29/2013 Newly uploaded file will most likely fix the issues mentioned in warning 2 above, however, I still strongly encourage that you do a backup in CWM before flashing. Please respond with the results indicating which version of Android you flashed this over.
Click "CLICK TO SHOW CONTENT" to proceed.
This guide covers the procedure to flash a specific, JB ROM as discussed below, however, the basic procedure can be used to flash different ROMs as they become available.
Features
Jellybean 4.1.2 stock (other than noted below)
Rooted with /system/xbin/su
SuperSU installed as a system app
Magnus CWM recovery
ICS unlocked bootloader (aboot)
This update is intended to install the unlocked bootloader for all users; provide a restore point going forward; and serve as a basis for future ROMs and enhancements.
This update does not flash the cache or data partitions so your installed apps and data will remain.
WARNING: Please review the Warning/Disclaimer in the original post before following this procedure!
NOTE FOR ICS USERS: The AT&T/Pantech OTA JB Update (from ICS) provides patches to several partitions that are not patched as part of this update. If you are able to run the OTA update I recommend it, if not and you don’t mind having a “hybrid” ROM go for it at your own risk.
Since this flashes the bootloader I strongly recommend checking the MD5 Checksum as per the guide below before executing the update. Make sure the device has enough power, and don't unplug, wiggle, or otherwise mess with the device until the update is complete.
Prerequisites
Magnus CWM installed per the guide above (see OP)
Jellbean or ICS (see notes above before flashing over ICS)
ADB installed and functional
Make sure the battery level of the device is adequate
Flash from the internal sdcard
Download the update from here.
Boot into CWM recovery by holding down the volume up button and power button
Do a CWM nandroid backup
Select "mounts and storage > mount /sdcard > +++++Go Back+++++"
Select "wipe cache partition"
Select "advanced > wipe dalvik cache > +++++Go Back+++++"
OPTIONAL: Select "wipe data/factory reset". WARNING: This will remove your personal apps and data!
Once the download from step 1 is complete, plug the phone into your computer, open a command window, navigate to the download directory, and push the update to the sdcard with:
Code:
adb push magnus-jb-4.1.2-cwm-unlocked_bootloader-rooted2.zip /sdcard/
Check the md5 checksum to ensure you don't have a corrupt download (IMPORTANT!)
Code:
adb shell
cd /sdcard
md5sum magnus-jb-4.1.2-cwm-unlocked_bootloader-rooted2.zip
Should result in:
Code:
3dca0555f81cef97e304c17515c807fa magnus-jb-4.1.2-cwm-unlocked_bootloader-rooted2.zip
If not, download the update and try again. Do not proceed if your checksum doesn't match!
Exit adb shell:
Code:
exit
On the phone, select "install zip from sdcard > choose zip from sdcard", select the update file, and confirm
Wait patiently and do not unplug the device or disrupt the process!
When the update is finished select "+++++Go Back+++++" followed by "reboot system now", if you are prompted to "Fix root" select "Yes" to prevent it from warning again
Wait patiently while it boots, configures the apps, compiles & caches, and connects to your carrier. This can take a few minutes.
Enjoy!

Nice guide. Can't wait till this phone comes if I'm not mistaken cogency sent it again
Sent from my SCH-I535 using Tapatalk

Unjustified Dev said:
Nice guide. Can't wait till this phone comes if I'm not mistaken cogency sent it again
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
Thanks! I have been pretty swamped at work so I haven't been able to pull your kernel updates but I am anxious to get back to it. I am glad you have a phone on the way.

Great detailed guide, that provides easy to follow instructions.....nice work, again.

CM11.0
gj23 said:
Great detailed guide, that provides easy to follow instructions.....nice work, again.
Click to expand...
Click to collapse
I predict that on 2 months we will get CM11.0 (kitkat) for the p9090

eeter said:
I predict that on 2 months we will get CM11.0 (kitkat) for the p9090
Click to expand...
Click to collapse
I predict less than one month when my Discover comes in
Sent from my SCH-I535 using Tapatalk

I saw in the Original Thread that Updating to Jellybean on an ICS device doesn't work and he made it work by restoring a nandroid backup and then flashing the rom via CWM.
Any other way to directly upgrade to Jelly bean by flashing the zip via CWM directly without using nandroid backup?
Thanks.

vijayr2002 said:
I saw in the Original Thread that Updating to Jellybean on an ICS device doesn't work and he made it work by restoring a nandroid backup and then flashing the rom via CWM.
Any other way to directly upgrade to Jelly bean by flashing the zip via CWM directly without using nandroid backup?
Thanks.
Click to expand...
Click to collapse
If you are talking about the post below I think you misunderstood. Flashing Jellybean using the guide on the first page of this thread worked for him. He was outlining the history of what he has done on the device and nothing worked other than the magnus-jb-4.1.2-cwm-unlocked_bootloader-rooted.zip update.
If you are on ICS and you have CWM installed the guide in post #5 will get you on Jellybean with all of the goodies.
osopol4r said:
Confirmed working....
> ICS Unable to Update
> Updated to JB with nandroid provided here
> JB nandroid missing browser apk
> Restored from to and from previous ICS
> Installed zip from sd card magnus-jb-4.1.2-cwm-unlocked_bootloader-rooted.zip
> Phone booted correctly, so far so good
I'll report back any issued (if any)
Thanks!!!
Click to expand...
Click to collapse

New subforum in "DevsNest Developments" dedicated to Pantech P9090:
http://www.devsnest.com/forumdisplay.php?fid=142
We hope you include some content in it.
Greetings.

sandnap said:
If you are talking about the post below I think you misunderstood. Flashing Jellybean using the guide on the first page of this thread worked for him. He was outlining the history of what he has done on the device and nothing worked other than the magnus-jb-4.1.2-cwm-unlocked_bootloader-rooted.zip update.
If you are on ICS and you have CWM installed the guide in post #5 will get you on Jellybean with all of the goodies.
Click to expand...
Click to collapse
Great! I somehow misunderstood it. I will update after i install. Thank you for your time spent in contributing for Pantech Discover. Kudos!

vijayr2002 said:
Great! I somehow misunderstood it. I will update after i install. Thank you for your time spent in contributing for Pantech Discover. Kudos!
Click to expand...
Click to collapse
If u install the JB 4.1.2 from here that's rooted and CWM you won't need to update as u will be on Jellybean.

was having wifi issues and bluetooth issues and was ics/jb mix . everything flashed fine and updated fine. will post back after further testing but all seems to be working and volume seems a bit better now.

greg97526 said:
was having wifi issues and bluetooth issues and was ics/jb mix . everything flashed fine and updated fine. will post back after further testing but all seems to be working and volume seems a bit better now.
Click to expand...
Click to collapse
Glad to hear it! I have been waiting to hear from you. I am interested to know if this improves your wifi/bluetooth issues.

sandnap said:
Glad to hear it! I have been waiting to hear from you. I am interested to know if this improves your wifi/bluetooth issues.
Click to expand...
Click to collapse
Blue tooth works flawlessly. Still a bit lagging on wifi. Maybe I need to remove the files we added that didn't match up with what you had or did this update erase all of that?

greg97526 said:
Blue tooth works flawlessly. Still a bit lagging on wifi. Maybe I need to remove the files we added that didn't match up with what you had or did this update erase all of that?
Click to expand...
Click to collapse
This update completely wipes /system then copies over all of the stock Jellybean files so there are no remnants of our hand-crafted /system left. The update also flashes all of the Jellybean partitions that were patched as part of the OTA update so your device should now be consistent with those of everyone who has executed this update with the exception of your /data and /sdcard. You could try backing up your applications and doing a factory reset in CWM.

How about that!
Hi there!
I don't know if you remember me from the old post but...
I just realized my IMEI changed, I used to have my pantech discover unlocked (network unlock) and I believe after flashing the Jelly Bean update file some how relocked itself plus the IMEI also changed. I purchased the unlock code and I just compared the IMEI and it is not the same, plus the phone is now network locked.
I'll try my original nandroid backup and see what happens.

[ROM][STOCK][JB 4.2.2] ASUS MeMO Pad 8 (ME180A-WW-3.1.0.42)

Another ArchiKitchen project. But first...
Code:
#include
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about features included in this ROM
* before flashing it! YOU are choosing to make these modifications, and
* YOU acknowledge you are doing so at your own risk.
*/
Given that, this ROM, is PURE STOCK, with root (if you choose that option). This is here to save your butt because you de-bloated some apps, or otherwise bricked your tab and forgot to make a nandroid first. This will bring you back to the latest version (3.1.0.42).
Please NOTE: This ROM is only designed for the WW SKU only! If you have a different SKU, and are that desperate, find another way first!
Because this is untouched stock, everything should work. Please recognize I have not tested this myself, as I have not found the need to use it (and the alternatives - that is, the ways to get out of it if it fails - are limited). So, if anyone finds their way to have to use this, please continue to note any success or failure, and any considerations in the comments - be it this thread, or the Q&A thread.
DOWNLOAD:
I am offering two versions these days (the old two had an updater-binary incompatible for the CWM provided) - a slightly modified version (built by the "bb" command in ArchiKitchen, accepting all the prompts - so permissions and symlinks are redone), and the other with the same but with root and SuperSU tacked on in the updater-script. If you are wondering which version to use, the former has been tested (at least once), but the latter is more straightforward.
K00L_Back_To_Stock_Updater-Binary.zip (MD5: 47ed2e94221c1d70bee17f39fd62bdff)
K00L_Back_To_Stock_With-SuperSU.zip (MD5: e78b6a4022a4f707e4d54f9440761be4)
INSTRUCTIONS:
Download ROM above
Download SuperSU update zip (optional, if you want root and using the first zip)
Connect your tab to the PC with appropriate adb, fastboot, and drivers available
If your device is bricked, enter fastboot and unlock bootloader with these instructions (or skip this part for post #3 instructions instead)
Download CWM to your PC (since the aforementioned link is down, post #62 has a source, and now I do as well)
Having completed that, reboot into fastboot and issue the following commands (or use the method in post #3):
Code:
fastboot flash recovery recovery_cwm.img
fastboot flash misc misc_reboot-recovery.img
fastboot reboot
Your tab will reboot into CWM
Push file(s) to your SD card ("adb push K00L_Back_To_Stock.zip /sdcard/" )
Nandroid/Back up broken device (optional, but highly recommended)
Wipe cache and data/factory reset (especially if you used XPosed - you can try dirty flashing, but from what I hear the data partition gets bunged after flashing anyway - thinks it is encrypted - so you are better off with the previous step and then salvaging from there)
Install ROM
Wipe Dalvik cache
Reboot
Enjoy!
RESOURCES:
CWM-based recovery
MeMO Pad 8 General Discussion
CREDITS:
Androtab.info
Chainfire for SuperSU
JustArchi for ArchiKitchen
Did I miss anything? I appreciate the feedback, and any thanks as well!

Alternate Flash / Other Info...
DD-BASED FLASH:
Thanks go to @t-mobile_mda for this method.
Since I have encountered others unable to flash the ROM zip in their CWM, I am providing a precursor that is more forgiving, but harder to accomplish, and as it is more forgiving, it is up to the end user to ... know what you are doing. So to recap...this ROM is for:
ASUS MeMO Pad 8 (ME180A)
Code named K00L
WW region only
With that out the way, you will need (besides the above device):
boot and system images
rebooted into CWM (see methods in posts above and/or below this post), and backup made
When ready, run the following commands:
Code:
adb devices
adb push boot.img /external_sd/
adb push system.img /external_sd/
adb shell
su
mount -o rw,remount /system
dd if=/external_sd/boot.img of=/dev/block/platform/emmc/by-name/boot
dd if=/external_sd/system.img of=/dev/block/platform/emmc/by-name/system
If CWM does not understand the logical mounts:
Code:
adb devices
adb push boot.img /external_sd/
adb push system.img /external_sd/
adb shell
su
mount -o rw,remount /system
dd if=/external_sd/boot.img of=/dev/block/mmcblk0p3
dd if=/external_sd/system.img of=/dev/block/mmcblk0p6
With all that successful, then factory reset and reboot.
RECOVERY FSTAB:
For anyone who wishes to make their own ROM...small piece of the puzzle
Code:
# Android fstab file.
#<src> <mnt_point> <type> <mnt_flags and options> <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
/dev/block/platform/emmc/by-name/system /system ext4 noatime,nodiratime,noauto_da_alloc,discard wait
/dev/block/platform/emmc/by-name/userdata /data ext4 noatime,nodiratime,nosuid,nodev,noauto_da_alloc,discard wait,encryptable=/dev/block/platform/emmc/by-name/hidden
/dev/block/platform/emmc/by-name/cache /cache ext4 noatime,nodiratime,nosuid,nodev,noauto_da_alloc,discard wait
/dev/block/platform/emmc/by-name/parameter /parameter emmc defaults defaults
/dev/block/platform/emmc/by-name/misc /misc emmc defaults defaults
/dev/block/platform/emmc/by-name/kernel /kernel emmc defaults defaults
/dev/block/platform/emmc/by-name/boot /boot emmc defaults defaults
/dev/block/platform/emmc/by-name/recovery /recovery emmc defaults defaults
/dev/block/platform/emmc/by-name/backup /backup emmc defaults defaults
/dev/block/platform/emmc/by-name/adf /adf emmc defaults defaults
/dev/block/platform/emmc/by-name/apd /apd emmc defaults defaults
/dev/block/platform/emmc/by-name/hidden /hidden emmc defaults defaults
/dev/null /sdcard datamedia defaults defaults
/dev/block/mmcblk1p1 /external_sd auto defaults defaults
#/devices/platform/rk29_sdmmc.0/mmc_host/mmc /external_sd auto defaults voldmanaged=sdcard1:auto
#/devices/platform/usb20_otg/usb auto auto defaults voldmanaged=usbdisk:auto

Alternate way to install CWM
Thanks go to @mm2dd...
You may find that any attempt to unlock the bootloader to install CWM will ultimately fail. This provides another way.
First you need a Debian, Ubuntu, or derivative - essentially a GNU/Linux OS that handles .deb packages. This can be achieved with a VMWare or VirtualBox virtual machine, if you don't have (or want) a dual-boot setup.
Follow the steps to download, install, and run the RkFlashKit package:
http://www.hotmcu.com/wiki/Flashing...Using_The_Rockchip_Tool#Installing_RkFlashKit
Make sure the tab is plugged into the PC (and having the appropriate Windows drivers if using a VM) and the tab is in Rockchip bootloader mode before running RkFlashKit.
With the CWM Recovery files saved to the Linux Box (be it computer or virtual machine), make sure "Devices" is no longer blank (if it is, a step above got skipped), and set "NAND Partitions" to "Recovery".
You may want to "Backup Partition" before continuing.
Under "Image file to flash", choose the recovery_cwm.img file.
When ready, press "Flash Image"
Repeat for misc_reboot-recovery.img to the misc partition, and when done, select "Reboot Device", while holding the magic keys to get into recovery.

@OfficerJimLahey
This thread saved my ME180A Thank you so much and also androtab too...so sad there is no custom roms for this model and im noob to make my own Rom...anyways thanks again.

Hi there,
This thread could save my tablet from a loooong time mistake..
but.. when i arrive to the part of installng cwm, small issue, in fastboot..
Everything is good, drivers and adb installed, the tab appears when i give the command adb devices, but when in fastboot (well.. think it is.. the screen stays black..) , once i give the next command it stays at ''waiting for device'' .. and i cant see the device anymore when typing adb devices..
.. what can be the issue?

puss2puss said:
Hi there,
This thread could save my tablet from a loooong time mistake..
but.. when i arrive to the part of installng cwm, small issue, in fastboot..
Everything is good, drivers and adb installed, the tab appears when i give the command adb devices, but when in fastboot (well.. think it is.. the screen stays black..) , once i give the next command it stays at ''waiting for device'' .. and i cant see the device anymore when typing adb devices..
.. what can be the issue?
Click to expand...
Click to collapse
When in fastboot mode, use fastboot command instead.

OfficerJimLahey said:
When in fastboot mode, use fastboot command instead.
Click to expand...
Click to collapse
Thanks for the reply
Well actually, i do use fastboot commande once in fastboot mode.. but it was not detected but i noticed that when in fastboot, it use a different driver so when booting in fastboot, i replaced manually the driver kool for one that contain the words bootloader and it now detect it, but when writing the command ''fastboot devices'' it gives 123456789 ... but now i can give the commands from fastboot to reboot etc..
BUT.. ..when i type :
fastboot flash recovery recovery_cwm.img
fastboot flash misc misc_reboot-recovery.img
fastboot reboot
.. it says something like failed, device is locked..

puss2puss said:
Thanks for the reply
Well actually, i do use fastboot commande once in fastboot mode.. but it was not detected but i noticed that when in fastboot, it use a different driver so when booting in fastboot, i replaced manually the driver kool for one that contain the words bootloader and it now detect it, but when writing the command ''fastboot devices'' it gives 123456789 ... but now i can give the commands from fastboot to reboot etc..
BUT.. ..when i type :
fastboot flash recovery recovery_cwm.img
fastboot flash misc misc_reboot-recovery.img
fastboot reboot
.. it says something like failed, device is locked..
Click to expand...
Click to collapse
Yup, the bootloader will be locked. Post one is one way to go about it (bullet point four), post two is the other way.

OfficerJimLahey said:
Yup, the bootloader will be locked. Post one is one way to go about it (bullet point four), post two is the other way.
Click to expand...
Click to collapse
I know, if i.m asking for help, its because it fails on my side
after commands, it gives:
Writing 'recovery' ...
FAILED (remote: device is locked)
And if i try the commands ''fastboot oem unlock61646
fastboot oem unlockD696E'' , it gives:
FAILED (remote: oem admunlock not requested)
..what am i missing..

puss2puss said:
And if i try the commands ''fastboot oem unlock61646
fastboot oem unlockD696E'' , it gives:
FAILED (remote: oem admunlock not requested)
..what am i missing..
Click to expand...
Click to collapse
Yeah, that fails for whatever reason for some. If I gambled any amount I would say different device batches. The workaround would be post two. The advantage with that one is that you don't need to unlock the bootloader for CWM this way, at the downside of it's a bit more work (especially if you don't have access to a GNU/Linux PC or even a PC with a GNU/Linux live CD).
I never did this method (never had to) so unfortunately, my capability for help with this part is very limited.

.. in post 2 you explain how to make a rom.. not sure it will help me.. ah well.. thanks anyway and keep up the good work.

puss2puss said:
.. in post 2 you explain how to make a rom.. not sure it will help me.. ah well.. thanks anyway and keep up the good work.
Click to expand...
Click to collapse
Sorry, meant post three, titled "Alternate way to install CWM".

Well ubuntu did the trick i loaded latest ubuntu yesterday and boom everything went as expected i am now installing the stock rom! The story of this tablet is finally getting an happy ending lol..
When i bought the tablet long ago, i rooted it and deleted some apps and then i was never able to update it, but was using it everyday, utill the day it magicly fell on the ground.. glass broke.. tears crawld my cheeks.. then bought win8.1 tablet.
.. but a couple of weeks ago i ordered a glass and digitizer from aliexpress for 16$, repaired it, and now updating it from a fresh stock rom
Thanks for your great work here, keep it up mate!

Small question: do you (or anyone else) knows if kitkat is available somewhere for it? I read that its suppose to run kitkat but i cant find any direct info..
And when i click to update it doesnt find anything..
Not a big deal, but would be great

puss2puss said:
Small question: do you (or anyone else) knows if kitkat is available somewhere for it? I read that its suppose to run kitkat but i cant find any direct info..
And when i click to update it doesnt find anything..
Not a big deal, but would be great
Click to expand...
Click to collapse
I have heard something in passing recently somewhere along those lines. I don't think anything amounts to that or maybe someone was mistaken between the MeMO Pad models (ME181C has Kitkat).
Given this is a device released in 2013, ASUS would have long given up on it.

Yah thats what i think to..
And the more i read, the more i realize its the other models, its now clear.
Last year i was working on a rom but ţe progress stopped when the tab took a 'brake' .. ..so, now i wanna get back to it.
Where to start if i wanted to include an updated android into the rom?

puss2puss said:
Yah thats what i think to..
And the more i read, the more i realize its the other models, its now clear.
Last year i was working on a rom but ţe progress stopped when the tab took a 'brake' .. ..so, now i wanna get back to it.
Where to start if i wanted to include an updated android into the rom?
Click to expand...
Click to collapse
I know a little about that. You will need a device tree. Problem is, I don't think one is available.
Sent from my ASUS_Z00AD

Hi there!
I'm trying to install a new ROM on my MemoPad 8 (K01H), but I keep getting errors
When I type
Code:
fastboot flash recovery recovery_cwm.img
I get an error which says I have to unlock first. Even if this tutorial says I don't need to unlock it for CWM, I tried, but I get another error saying: "remote: unknown oem command".
I have 5.0.1 on my tab, I checked in the developer menu, and I don't have enable OEM unlock option at all o.o
I tried every possibilities I found and nothing worked. My tab is rooted. What I did wrong?

Yaime said:
Hi there!
I'm trying to install a new ROM on my MemoPad 8 (K01H), but I keep getting errors
When I type
Code:
fastboot flash recovery recovery_cwm.img
I get an error which says I have to unlock first. Even if this tutorial says I don't need to unlock it for CWM, I tried, but I get another error saying: "remote: unknown oem command".
I have 5.0.1 on my tab, I checked in the developer menu, and I don't have enable OEM unlock option at all o.o
I tried every possibilities I found and nothing worked. My tab is rooted. What I did wrong?
Click to expand...
Click to collapse
Wrong model. Please see first post on what this is for. Please don't continue to try to flash this ROM, or that CWM to your device. You will end up in a worse hole.

OfficerJimLahey said:
Another ArchiKitchen project. But first...
Code:
#include
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about features included in this ROM
* before flashing it! YOU are choosing to make these modifications, and
* YOU acknowledge you are doing so at your own risk.
*/
Given that, this ROM, is PURE STOCK, with root (if you choose that option). This is here to save your butt because you de-bloated some apps, or otherwise bricked your tab and forgot to make a nandroid first. This will bring you back to the latest version (3.1.0.42).
Please NOTE: This ROM is only designed for the WW SKU only! If you have a different SKU, and are that desperate, find another way first!
Because this is untouched stock, everything should work. Please recognize I have not tested this myself, as I have not found the need to use it (and the alternatives - that is, the ways to get out of it if it fails - are limited). So, if anyone finds their way to have to use this, please continue to note any success or failure, and any considerations in the comments - be it this thread, or the Q&A thread.
DOWNLOAD:
I am offering two versions these days (the old two had an updater-binary incompatible for the CWM provided) - a slightly modified version (built by the "bb" command in ArchiKitchen, accepting all the prompts - so permissions and symlinks are redone), and the other with the same but with root and SuperSU tacked on in the updater-script. If you are wondering which version to use, the former has been tested (at least once), but the latter is more straightforward.
K00L_Back_To_Stock_Updater-Binary.zip (MD5: 47ed2e94221c1d70bee17f39fd62bdff)
K00L_Back_To_Stock_With-SuperSU.zip (MD5: e78b6a4022a4f707e4d54f9440761be4)
INSTRUCTIONS:
Download ROM above
Download SuperSU update zip (optional, if you want root and using the first zip)
Connect your tab to the PC with appropriate adb, fastboot, and drivers available
If your device is bricked, enter fastboot and unlock bootloader with these instructions (or skip this part for post #3 instructions instead)
Download CWM to your PC
Having completed that, reboot into fastboot and issue the following commands (or use the method in post #3):
Code:
fastboot flash recovery recovery_cwm.img
fastboot flash misc misc_reboot-recovery.img
fastboot reboot
Your tab will reboot into CWM
Push file(s) to your SD card ("adb push K00L_Back_To_Stock.zip /sdcard/" )
Nandroid/Back up broken device (optional, but highly recommended)
Wipe cache and data/factory reset (especially if you used XPosed - you can try dirty flashing, but from what I hear the data partition gets bunged after flashing anyway - thinks it is encrypted - so you are better off with the previous step and then salvaging from there)
Install ROM
Wipe Dalvik cache
Reboot
Enjoy!
RESOURCES:
CWM-based recovery
MeMO Pad 8 General Discussion
CREDITS:
Androtab.info
Chainfire for SuperSU
JustArchi for ArchiKitchen
Did I miss anything? I appreciate the feedback, and any thanks as well!
Click to expand...
Click to collapse
hi..
i am getting error while installing ROMs.. can u pls check it.?

[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 10 2017 (suez)

Read this whole guide before starting.
This is for the 7th gen Fire HD10 (suez).
Current version: amonet-suez-v1.1.2.zip
NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
NOTE: This process will modify the partition-table (GPT) of your device.
NOTE: Your device will be reset to factory defaults (including internal storage) during this process.
What you need:
A Linux installation or live-system
A micro-USB cable
Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix
1. Extract the attached zip-file "amonet-suez-v1.1.2.zip" and open a terminal in that directory.
NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder
2. Enable ADB in Developer Settings
3. Start the script:
Code:
sudo ./step-1.sh
Your device will now reboot into recovery and perform a factory reset.
NOTE: If you are on firmware 5.6.4.0 or newer, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
If you chose the brick option, you don't need to run step-2.sh below:
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
Code:
sudo ./bootrom-step-minimal.sh
Then plug the device back in.
It will then boot into "hacked fastboot" mode.
Then run
Code:
sudo ./fastboot-step.sh
NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
NOTE: Make sure you re-enable ADB after Factory Reset.
4. Start the script:
Code:
sudo ./step-2.sh
The exploit will now be flashed and your device will reboot into TWRP.
You can now install Magisk from there.
Going back to stock
Extract the attached zip-file "amonet-suez-v1.1-return-to-stock.zip" into the same folder where you extracted "amonet-suez-v1.1.2.zip" and open a terminal in that directory.
You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.
Just use hacked fastboot to
Code:
fastboot flash recovery bin/recovery.img
If you want to go back completely (including restoring your GPT):
Code:
sudo ./return-to-stock.sh
Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 5.6.3.0 or newer, otherwise you may brick your device)
Important information
In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.
Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)
Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).
It is still advised to disable OTA.
Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Special thanks also to @retyre for porting the bootrom-exploit and for testing.
Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
Thanks also to @bibikalka and everyone who donated
Thanks to @TheRealIntence and @b1u3m3th for confirming it also works on the 64GB model.

Unbricking
If Recovery OR FireOS are still accessible there are other means of recovery, don't continue.
If your device shows one of the following symptoms:
It doesn't show any life (screen stays dark)
You see the white amazon logo, but cannot access Recovery or FireOS.
If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).
Make sure the device is powered off, by holding the power-button for 20+ seconds
Start bootrom-step.sh
Plug in USB
In all other cases you will have to open the device and partially take it apart.
Follow this guide by @retyre until (including) step 8..
At Step 6. you will replace
Code:
sudo ./bootrom.sh
with
Code:
sudo ./bootrom-step.sh
Should the script stall at some point, restart it and replug the USB-cable (Shorting it again should not be necessary unless the script failed at the very beginning).
If the script succeeded, put the device back together.
When you turn it on, it should start in hacked fastboot mode.
You can now use
Code:
sudo ./fastboot-step.sh
This will flash TWRP and reset your device to factory defaults, then reboot into TWRP.
Checking USB connection
In lsusb the boot-rom shows up as:
Code:
Bus 002 Device 013: ID [b]0e8d:0003[/b] MediaTek Inc. MT6227 phone
If it shows up as:
Code:
Bus 002 Device 014: ID [b]0e8d:2000[/b] MediaTek Inc. MT65xx Preloader
instead, you are in preloader-mode, try again.
dmesg lists the correct device as:
Code:
[ 6383.962057] usb 2-2: New USB device found, idVendor=[b]0e8d[/b], idProduct=[b]0003[/b], bcdDevice= 1.00

Changelog
Version 1.1.2 (26.03.2019)
Fix regenerating GPT from temp GPT
Version 1.1.1 (26.03.2019)
Fix unbricking procedure
Version 1.1 (25.03.2019)
Update TWRP-sources to twrp-9.0 branch
TWRP uses kernel compiled from source
Add scripts to use handshake2.py to enter fastboot/recovery
Features.
Uses 5.6.3 LK for full compatibility with newer kernels.
Hacked fastboot mode lets you use all fastboot commands (flash etc).
Boots custom/unsigned kernel-images (no patching needed)
TWRP protects from downgrading PL/TZ/LK
For the devs: sets printk.disable_uart=0 (enables debug-output over UART).
NOTE: Hacked fastboot can be reached via TWRP.
NOTE: Hacked fastboot doesn't remap partition names, so you can easily go back to stock

Source code:
https://github.com/chaosmaster/amonet/tree/mt8173-suez
https://github.com/chaosmaster/android_device_amazon_suez
https://github.com/chaosmaster/android_kernel_amazon_suez
https://github.com/chaosmaster/android_bootable_recovery

First unreserved !!!

bibikalka said:
First unreserved !!!
Click to expand...
Click to collapse
You are quick

Now we need custom kernels and/or roms, any advice where to start?

Murcielagoz99 said:
Now we need custom kernels and/or roms, any advice where to start?
Click to expand...
Click to collapse
Download Lineage OS Sources, create device tree, create kernel tree, create vendor tree and compile ROM.
---------- Post added at 09:04 PM ---------- Previous post was at 08:58 PM ----------
@k4y0z in the ReadMe of the amonet source code says that the exploit is for the fire hd8 2018.
Is it correct or is it an error?
On the other hand, very good work!

sudo ./step-1.sh
"command not found"
Got the script to run using chmod. But it doesn't reboot,
"PL version 5
LK version 2
TZ Version 263
press enter to continue...
(doesnt reboot)
Dumping GPT
....
Modifying GPT (still hasnt reboot)
What am i am missing?

BRAVO!! Fantastic work, my friend! I'm looking forward to the customization and ROMs that will soon follow.

Rortiz2 said:
Download Lineage OS Sources, create device tree, create kernel tree, create vendor tree and compile ROM.
Click to expand...
Click to collapse
Or start with the (minimal) TWRP device tree I linked to.
Rortiz2 said:
@k4y0z in the ReadMe of the amonet source code says that the exploit is for the fire hd8 2018.
Is it correct or is it an error?
On the other hand, very good work!
Click to expand...
Click to collapse
I just forgot to update the Readme fixed it.
Michajin said:
sudo ./step-1.sh
"command not found"
Got the script to run using chmod. But it doesn't reboot,
"PL version 5
LK version 2
TZ Version 263
press enter to continue...
(doesnt reboot)
Dumping GPT
....
Modifying GPT (still hasnt reboot)
What am i am missing?
Click to expand...
Click to collapse
What OS are you using?
Is there no other output?
Try running
Code:
modules/gpt.py
Does that give any errors?

k4y0z said:
Or start with the (minimal) TWRP device tree I linked to.
I just forgot to update the Readme fixed it.
What OS are you using?
Is there no other output?
Try running
Code:
modules/gpt.py
Does that give any errors?
Click to expand...
Click to collapse
i had permission errors on my ubuntu 16.04. IT rebooted into recovery but nothing happened.
Testing root access...
uid=0(root) gid=0(root) context=u:r:init:s0
PL version: 5 (5)
LK version: 2 (2)
TZ version: 263 (263)
Your device will be reset to factory defaults...
Press Enter to Continue...
Dumping GPT
tmp-mksh: dd if=/dev/block/mmcblk0 bs=512 count=34 of=/data/local/tmp/gpt.bin: not found
tmp-mksh: chmod 644 /data/local/tmp/gpt.bin: not found
199 KB/s (17408 bytes in 0.085s)
Flashing temp GPT
246 KB/s (17408 bytes in 0.068s)
tmp-mksh: dd if=/data/local/tmp/gpt.bin.step1.gpt of=/dev/block/mmcblk0 bs=512 count=34: not found
Preparing for Factory Reset
tmp-mksh: mkdir -p /cache/recovery: not found
/system/bin/sh: can't create /cache/recovery/command": Permission denied
/system/bin/sh: can't create /cache/recovery/command": Permission denied
Rebooting into Recovery
Recovery, nothing happens.
I have root.....

Michajin said:
i had permission errors on my ubuntu 16.04. IT rebooted into recovery but nothing happened.
Testing root access...
uid=0(root) gid=0(root) context=u:r:init:s0
PL version: 5 (5)
LK version: 2 (2)
TZ version: 263 (263)
Your device will be reset to factory defaults...
Press Enter to Continue...
Dumping GPT
tmp-mksh: dd if=/dev/block/mmcblk0 bs=512 count=34 of=/data/local/tmp/gpt.bin: not found
tmp-mksh: chmod 644 /data/local/tmp/gpt.bin: not found
199 KB/s (17408 bytes in 0.085s)
Flashing temp GPT
246 KB/s (17408 bytes in 0.068s)
tmp-mksh: dd if=/data/local/tmp/gpt.bin.step1.gpt of=/dev/block/mmcblk0 bs=512 count=34: not found
Preparing for Factory Reset
tmp-mksh: mkdir -p /cache/recovery: not found
/system/bin/sh: can't create /cache/recovery/command": Permission denied
/system/bin/sh: can't create /cache/recovery/command": Permission denied
Rebooting into Recovery
Recovery, nothing happens.
I have root.....
Click to expand...
Click to collapse
What are you using for root?
it seems like your "su" doesn't like the commands my script sends, what su are you using?
You could try disabling root/ungrant root access and use mtk-su.

k4y0z said:
What are you using for root?
it seems like your "su" doesn't like the commands my script sends, what su are you using?
You could try disabling root/ungrant root access and use mtk-su.
Click to expand...
Click to collapse
SuperSU Pro v 2.82

Michajin said:
SuperSU Pro v 2.82
Click to expand...
Click to collapse
Interesting, it seems it interprets all the arguments as one command.
I'll see if I can find a workaround to work with SuperSU, but it will take me a moment.
What should work however is if you disable root-access in SuperSU-app.
And place mtk-su into bin-folder.
Then just let it do it's thing using mtk-su.

k4y0z said:
Interesting, it seems it interprets all the arguments as one command.
I'll see if I can find a workaround to work with SuperSU, but it will take me a moment.
What should work however is if you disable root-access in SuperSU-app.
And place mtk-su into bin-folder.
Then just let it do it's thing using mtk-su.
Click to expand...
Click to collapse
It is showing
new UID/GID: 0/0 (over and over)
then UID/GID: 2000/2000 ( occasionally)
Then did not find own task_struct (237)
This normal? It has been about 10 minutes

Michajin said:
It is showing
new UID/GID: 0/0 (over and over)
then UID/GID: 2000/2000 ( occasionally)
Then did not find own task_struct (237)
This normal? It has been about 10 minutes
Click to expand...
Click to collapse
Then abort it and try again.
Make sure the screen is unlocked.
Is there no other output?
Did you use arm or arm64 mtk-su?
Also I just tested with SuperSU 2.82 su-binary, and it worked as expected.
I'm not sure why you are getting this issue.

k4y0z said:
Then abort it and try again.
Make sure the screen is unlocked.
Is there no other output?
Did you use arm or arm64 mtk-su?
Also I just tested with SuperSU 2.82 su-binary, and it worked as expected.
I'm not sure why you are getting this issue.
Click to expand...
Click to collapse
I factory reset, no luck, I tried it on my Raspberry pi3 and it worked. Something with my ubuntu i guess? What version of magisk? i flashed 18.1 and it seems to be looping (or taking a really really long time). Rebooting into recovery is easy though (right volume and power).

Michajin said:
I factory reset, no luck, I tried it on my Raspberry pi3 and it worked. Something with my ubuntu i guess? What version of magisk? i flashed 18.1 and it seems to be looping (or taking a really really long time). Rebooting into recovery is easy though (right volume and power).
Click to expand...
Click to collapse
Great you got it to work. Not sure why it didn't in Ubuntu.
Did you end up using mtk-su or SuperSu?
Magisk 18.1 is working fine for me, what FireOS-Version are you on?

k4y0z said:
Read this whole guide before starting.
This is for the 7th gen Fire HD10 (suez).
I have only tested it on the 32GB-model, but it should also work on the 64GB-model ....
Click to expand...
Click to collapse
Outstanding 'win' presented with clarity and humility. Not to mention timely given the short time you've had the target hardware. A fantastic ROI for those who underwrote the device and for uncounted others who will benefit from your work (along with those of several others noted in your full post) for years to come.
:good:

Repeated update failure AND HOW TO FIX IT OnePlus 8t

I was in the process of rooting when the update was trying to run. Now I keep getting an install failure and can't seem to get any way to fix it.
Where is this update stored so I can delete it or can I get some advice on how to clear it so I can get it to try again?
I can't find the update for download anywhere :/

Not thing about file/cache. Incremental OTA need unroot frist.

Looking for the full installer package file for
11.0.8.12.KB05AA.​

rezapatel said:
Looking for the full installer package file for
11.0.8.12.KB05AA.​
Click to expand...
Click to collapse
Same let me know if you find it lol

OK good news I got myself sorted!
1. What I did was use "Oxygen OS updater" (can be found on playstore) with advanced mode enabled and downloaded the latest OS (11.0.8.11.)
2. Use local upgrade under settings to install 11.0.8.11 and restart. This will remove root but not user data or settings.
3. Check for and install update 11.0.8.12 under settings and it should install fine no issues.
4. Re root using your chosen method.
5. Done!

Interesting. How did you get the boot file for x.12? Isn't that required for rooting..

rezapatel said:
Interesting. How did you get the boot file for x.12? Isn't that required for rooting..
Click to expand...
Click to collapse
Boot modified recovery with ADB function, dump boot_a or boot_b, Magisk patch.

ULTRAJC said:
Boot modified recovery with ADB function, dump boot_a or boot_b, Magisk patch.
Click to expand...
Click to collapse
What they said

ULTRAJC said:
Boot modified recovery with ADB function, dump boot_a or boot_b, Magisk patch.
Click to expand...
Click to collapse
Any guide for this?

DroidFreak32 said:
Since we don't have TWRP yet for our 8T, having ADB enabled on the stock recovery can be really helpful if you are unlocked and rooted.
For example, removing problematic magisk modules.
I tried to install the EdExposed module and ended with a boot loop. To get back I had to flash the stock boot.img again and reconfigure all my modules again.
Having ADB enabled in OOS recovery will let us delete the problematic module at /data/adb/modules without having to delete the working modules.
Credit goes to @s3axel for the Post in Oneplus 8 forums
Quoting the procedure to create the modified recovery.img :
Installation Procedure:
Pre-patched files for the lazy (upto 11.0.4.5):
To find your model and build:
Code:
adb shell getprop ro.product.model
KB2001
adb shell getprop ro.build.version.ota
OnePlus8TOxygen_15.I.16_GLO_0160_2010150110
KB2000 / KB05?? - Chinese Variant
11.0.1.2 Hydrogen_15.H.16_OTA_0160_all_2010150101_4101
STOCK recovery.img
adb patched recovery
KB2001 / KB05DA - Indian Variant
11.0.1.2 - OnePlus8TOxygen_15.I.16_GLO_0160_2010150110
STOCK recovery.img
adb patched recovery
11.0.2.3 - OnePlus8TOxygen_15.I.17_OTA_0170_all_2010240047
STOCK recovery.img
adb patched recovery
11.0.3.4 - OnePlus8TOxygen_15.I.18_OTA_0180_all_2011010208
STOCK recovery.img
adb patched recovery
11.0.4.5 - OnePlus8TOxygen_15.I.19_OTA_0190_all_2011101438_3032f.zip
STOCK recovery.img
adb patched recovery
KB2003 / KB05BA - EU Variant
11.0.1.2 - OnePlus8TOxygen_15.E.17_GLO_0170_2010150108
STOCK recovery.img
adb patched recovery
11.0.2.3 - OnePlus8TOxygen_15.E.18_OTA_0180_all_2010240038
STOCK recovery.img
adb patched recovery
11.0.3.4 - OnePlus8TOxygen_15.E.19_OTA_0190_all_2011010157
STOCK recovery.img
adb patched recovery
11.0.4.5 - OnePlus8TOxygen_15.E.20_OTA_0200_all_2011101442_ed5dc.zip
STOCK recovery.img
adb patched recovery
KB2005 / KB05AA - International Variant thanks to @card13
https://drive.google.com/drive/folders/1-i4P8sWPfyqwgYvBsKWAAftQW7m66Z70?usp=sharing
KB2007 / KB05CB - T-Mobile Variant
¯\_(ツ)_/¯
Code:
❯ adb devices
List of devices attached
75317573 recovery
❯ adb shell
# df
Filesystem 1K-blocks Used Available Use% Mounted on
rootfs 3648448 40396 3608052 2% /
tmpfs 3837328 1160 3836168 1% /dev
tmpfs 3837328 0 3837328 0% /mnt
tmpfs 3837328 0 3837328 0% /apex
tmpfs 3837328 4 3837324 1% /linkerconfig
tmpfs 3837328 24 3837304 1% /tmp
/dev/block/sda11 491464 140484 350980 29% /mnt/vendor/op2
/dev/block/sda20 11760 164 11596 2% /metadata
/dev/block/dm-3 1516540 1511956 4584 100% /vendor
/dev/block/sda2 27632 10452 17180 38% /mnt/vendor/persist
/dev/block/dm-7 110397292 6627020 103770272 7% /data
Click to expand...
Click to collapse
Mpolo87 said:
CAVEAT
I've only tested this on my device (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFO​The basic rundown is:
Use the semi-broken TWRP package to give yourself temporary su access through adb.
Extract the boot.img your phone is currently using to your pc.
Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.
There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).​
Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone. ​
Updating with OTAs should be the same process as the other guides here.​
Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.​
Prerequisites:
ADB and Fastboot installed.​
An unlocked bootloader and USB debugging enabled.​
________________________________________________________
STEPS:​
1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.
2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:
for Windows, type cd C:\Users\Yourname\Desktop​for Mac, type cd desktop or cd /Users/yourname/Desktop​
Spoiler: How to set up adb and fastboot properly
To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.
3. Next, use the terminal to check which A/B partition is active on your phone:
Code:
fastboot getvar all
a. You'll find it on this line: (bootloader) current-slot:a/b​b. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device. ​​
4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb reboot
5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.
6. Install the latest Magisk Canary apk on your phone. Open it and:
a. Select the Install option.​b. Use Select and Patch a File on boot_a.img​
7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.
8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot magisk_patched_a.img
Spoiler: Why we're booting and not flashing.
You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.
9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
a. Select the Install option.​b. Use Direct Install (Recommended) to root your internal boot.img​
10. Reboot and verify it worked.
Click to expand...
Click to collapse

Are you guys aware of the zip file @osm0sis created that lets you add ADB to the stock recovery? You'll need to be rooted to use it.
[TWRP][3.4.0-14][instantnoodle]Unofficial TWRP for OnePlus 8/8 Pro Unified(Stable)
Team Win Recovery Project 3.x, or twrp3 for short, is a custom recovery built with ease of use and customization in mind. Its a fully touch driven user interface no more volume rocker or power buttons to mash. The GUI is also fully XML driven and...
forum.xda-developers.com
It works really well - I've used it on 11.0.8.11 and .12

Thank you sir. I took the plunge and have been rewarded. Appreciate it!

shadowtuy said:
OK good news I got myself sorted!
1. What I did was use "Oxygen OS updater" (can be found on playstore) with advanced mode enabled and downloaded the latest OS (11.0.8.11.)
2. Use local upgrade under settings to install 11.0.8.11 and restart. This will remove root but not user data or settings.
3. Check for and install update 11.0.8.12 under settings and it should install fine no issues.
4. Re root using your chosen method.
5. Done!
Click to expand...
Click to collapse
This looks like a great app but it won't work if you need to downgrade. The current release (11.0.8.12.KB05AA) is so bad (look at OnePlus forums) that OnePlus has even taken it down and is no longer available for download. The current one is the previous one (11.0.8.11.KB05AA). Because I have already installed the "12" release, the OxygenOS System Update will not let me downgrade to the "11" release. It gives a "to avoid booting up failure, downgrading is not allowed" message.
Can I sideload/flash this "11" zip file via ADB and accomplish my goal of downgrading? Or could I change the active slot to the inactive one, reboot and get back to "11" that way?

zzjea said:
This looks like a great app but it won't work if you need to downgrade. The current release (11.0.8.12.KB05AA) is so bad (look at OnePlus forums) that OnePlus has even taken it down and is no longer available for download. The current one is the previous one (11.0.8.11.KB05AA). Because I have already installed the "12" release, the OxygenOS System Update will not let me downgrade to the "11" release. It gives a "to avoid booting up failure, downgrading is not allowed" message.
Can I sideload/flash this "11" zip file via ADB and accomplish my goal of downgrading? Or could I change the active slot to the inactive one, reboot and get back to "11" that way?
Click to expand...
Click to collapse
Well I tried switching slots but the inactive slot was corrupted from earlier. So I do not have an "11" in the other slot.

zzjea said:
Well I tried switching slots but the inactive slot was corrupted from earlier. So I do not have an "11" in the other slot.
Click to expand...
Click to collapse
Since OP 8T OxygenOS does not have a recovery, ADB sideload will not work.

Now that 11.0.8.13 is out and I'm on 11.0.8.12 right now, and so far I haven't come across a full zip for 13 yet. Not sure, if this will work .. but I'm thinking, I will uninstall magisk via the app. Restart to ensure, I'm unrooted and then do an OTA to 13. After the OS has been upgraded, follow the steps to root the boot dump file. Anyone tried this method and if would work? The 2 things I'm worried about are - 1) if I uninstall Magisk via the app, does it fully unroot and allows OTA, 2) will the broken twrp shared above work on the latest OOS x.13?
Thanks!

rezapatel said:
Now that 11.0.8.13 is out and I'm on 11.0.8.12 right now, and so far I haven't come across a full zip for 13 yet. Not sure, if this will work .. but I'm thinking, I will uninstall magisk via the app. Restart to ensure, I'm unrooted and then do an OTA to 13. After the OS has been upgraded, follow the steps to root the boot dump file. Anyone tried this method and if would work? The 2 things I'm worried about are - 1) if I uninstall Magisk via the app, does it fully unroot and allows OTA, 2) will the broken twrp shared above work on the latest OOS x.13?
Thanks!
Click to expand...
Click to collapse
For anyone who's interested. This worked!

Hey little bit of an add in! Keep a backup of your non Rooted boot.img!! It is actually easier to flash the non rooted and update just to reroot again.

Incremental OTA Payload Extractor - Linux Only currently - Op8T 11.0.9.9.KB05AA Posted

FIRST OFF - THIS IS HIGHLY TECHINICAL AND NOT FOR NON-TECH INCLINED PEOPLE. YOU CAN REALLY MESS UP YOUR PHONE IF YOU DO IT WRONG. SO PAY ATTENTION OR FIND SOMEONE SMARTER THAN YOU WITH THIS ANDROID / LINUX STUFF. YOU DO THIS ON YOUR OWN - NO WARRANTIES EXPRESSED OR IMPLIED. IT'S FOR PEOPLE THAT DON'T WANT TO WAIT FOR THEIR VENDOR TO POST A FULL ROM AND UPDATE RIGHT WHEN AN OTA COMES.
So I wanted to update my rooted Op8T OOS version, and you CAN'T (haha) do it if you're rooted. That's kind of a misconception. I knew there had to be a way... so I found a dead repo out there that used to work on Incremental OTAs. And I read the issues - did not actually work. Why? Because you need to extract the prior firmware (full ROM) first with a Payload extraction tool (most are in Python, and most are Linux-only). Well, they got stuck because the original ROM has one signature (encryption), and the OTA update has another signature, so the program would break when they didn't match. So what did I do??? Well I have to give credit to the dev I forked this from, because he mentioned - of course the signatures don't match, they are different releases! So I did something kind of... well... let's put it this way, you aren't verifying any signatures anymore. So if you screw up and put the wrong ROM base (prior full ROM) and Payload extract the payload.bin, then apply the Incremental OTA, well, you're in for trouble. BE POSITIVE YOU ARE USING THE VERSION OF THE ROM THE OTA IS INTENTED TO INCREMENTALLY UPDATE!!!!
In this case, it was quite clear. I was trying to update an A11 Op8T from OnePlus. It was on 11.0.8.3 ROM and an OTA was posted that was for 11.0.9.9. SO I used a Windows tool to extract the first set of files (the full ROM is huge BTW). The incremental update came as a 150mb file zipped up, but it modified the BIG files. Once it finished, I found that system and system_ext are not flashable (grew in size, can't resize super on active slot, not updated), the rest are. And you MUST flash from fastbootd - this is kind of a mysterious new place with modern AB devices. It can be a pain to actually get there. The standard steps if you're on stock recovery are to enable developer options, USB debugging, install the Latest ADB and Fastboot https://github.com/fawazahmed0/Latest-adb-fastboot-installer-for-windows/releases/tag/v1.7 (this script will update it for you). Ignore the God references it's a batch file you can just modify it, and I don't judge. It will pull the latest versions (Minimal ADB and Fastboot are super outdated). Next steps...
Now, getting an incremental update off a rooted phone is not easy. 1) you have to flash a stock boot.img and recovery.img. 2) you have to basically uninstall Magisk, or at least the images 3) then you MAY be able to download with Oxygen Updater or the system app. It won't install though because root is fully exposed. Once it's downloaded, it appears in some very strange location with a random character string.zip I believe. So now you have to reinstall Magisk (to get adb shell SU access). So after I confirmed it downloaded (but wouldn't flash), I had to hook my phone up to the USB cable, go to the PC and Latest ADB and Fastboot folder, adb shell, su, then cd /; find . -name *.zip > /dev/null 2>&1; to cut out some of the garbage output and scroll until I found a logical zip stored somewhere (a folder than sounded like a OnePlus update folder). Then I did a: cp [random characters.zip] /sdcard/Download/OTA_Update.zip, which I could then transfer from my phone to PC with a USB cable. Developer options / default mode USB File Transfer FYI.
Okay that was one of the hard parts. Now next to more hard parts. You need a Linux environment (I used WSL2 Debian Buster). The easiest setup (after spending hours attempting to get the correct packages loaded) was to install the personal version of Anaconda Python x64 for AMD64 processors for Linux. Then I could use conda install [package name] for missing dependencies as the program would throw errors. Yes you have to read the errors or you won't be able to figure out what is actually not installed. Anyhow, the modded forked repo of python files is here: git clone the repo: git clone https://github.com/mrslezak/update_payload_extractor.git - now if git isn't setup on your Linux box, well, you're in for some trouble.
So once it's installed, you need to actually use python3 commands for each step - so anywhere you see "python" put "python3" instead as most machines have both 2.7 and 3.X installed. I used Python 3.8 something, so ignore the 3.6 it's not required. So here I took a payload.bin extracted with a Windows.exe file (available somewhere on XDA, there are severel, one is Go based) and copied them once extracted from the original ROM to the WSL instance on my Win10 PC. Now there come issues here. They need to go into an "old" directory you must create (in update_payload_extractor directory), and copying from Windows will make them root access only, so a: sudo chown user:user old/ is required to get it writable. I believe the program will make the rest of the files on its own. They will end up in "output." You just need to extract the payload.bin and payload.properties files from the incremental update you extracted and place them in the update_payload_extractor directory.
Now there is some strange stuff going on, this was always beta, and never working. So I took the note of the issues and blocked a Google certificate validation routine (just commented it out) so it doesn't verify anything. I say it again BE EXTREMELY CAREFUL THAT YOUR PRIOR FULL ROM AND OTA UPDATE ARE MEANT TO BE USED TOGETHER. Anyhow, run what it says if your system is setup:
Incremental OTA​
Copy original images (from full OTA or dumped from devices) to old folder (with part name without file extension, ex: boot, system) - I put an .sh script here if your files are .img called remove_img_extension_old.sh - note that GitHub sometimes loses the execute permission so you may have to type: sudo chmod +x remove_img_extension_old.sh. It is meant to be run from the root of the project. ./remove_img_extension_old.sh
LD_LIBRARY_PATH=./lib64/ ./extract.py --output_dir output/ --old_dir old/ payload.bin
The above line will start the extract and combine process the OTA usually does on your phone, and output the files to the output directory. Once those are generated, then you can run another helper script I wrote to add back .img to each file called add_img_extension_output.sh again meant to be run from the root folder. Now you need to copy these output files (no guarantee all are updated, it will have all of them - on Op8T system and system_ext couldn't be flashed because they grew in size, and I don't know how to expand the super partition space to enable them to flash, so they aren't in the linked file - it still updates). The files on Op8T ending in lp5 are RAM files for the newest devices that are running LPDDR5 memory, the flash.bat script will need to be modified if you have one of these (2 flashes). The way I made the file will work in 98% of devices.
Okay I run the rest from Windows, so now it gets a little tricky. You need to get into Fastbootd, which means flash boot.img (you just extracted it), flash recovery image (same), using fastboot flash boot boot.img, fastboot flash recovery recovery.img. Now getting to fastbootd can be quite perplexing. You may just have your phone on, type adb reboot bootloader, then type fastboot reboot fastboot, and be in fastbootd (it will look like stock recovery but say fastbootd on top). The other way is to boot to recovery (developer options extended boot menu makes this much easier), then select Fastboot. Sometimes you get Fastboot and sometimes Fastbootd. It seems quite random. DON'T START THE FLASH_ALL.BAT UNTIL YOU KNOW YOU ARE IN FASTBOOTD!!!!
The fastboot command to tell you if you are in fastbootd (it will report yes if so: fastboot getvar is-userspace
Otherwise, those files will NOT be allowed to flash to your device, and you will end up with some random combination of prior and updated files. That could end badly. Once you DO get to Fastbootd, run the flash_all.bat, and DON'T SWITCH SLOTS. Yes, this is an OTA, but you already patched the files. Upon successful flashing, you can reboot to fastboot and flash a patched kernel with Magisk already enabled such as my forked Radioactive here: https://github.com/mrslezak/Radioactive_kernel_oneplus8/releases/tag/v2.2.5-MOD - the .img file is a Magisk patched custom kernel, you can also flash the twrp alpha (that seems to work in my experience, it's just slow, on OOS works fine despite warnings it doesn't). https://forum.xda-developers.com/t/recovery-11-alpha-teamwin-recovery-project-8t-kebab.4302449/ fastboot commands for the kernel: fastboot flash boot image_name.img; recovery fastboot flash recovery twrp_name.img.
I successfully updated while rooted from the prior ROM version. I'm sure it will work on many phones. Best of luck to you!!! I did find out how to install "the full ROM" unreleased on a rooted phone, there is some undocument fastboot stuff I had to figure out (temp system-cow and system_ext-cow files that use up all the space in the super partition) so I added them to my batch file. Now install for whatever device you have, and watch out for those weird temp files that aren't documented anywhere that I could find. Took literally hours to get it working, but it does now!!!

BTW if anyone knows how to resize the super partition, that would complete this project. I.e. you could flash the patched system and system_ext on an Op8T.
Your phone may have no issue or no super partition, then you don't care, it's not needed. I can't recall when dynamic (resizable) partitions came out but I think in Android 10 some devices started to use them. They are developer hell in my opinion.
Some TWRP versions allow you to just resize the partition on the fly, while on my phone, it's not an added feature yet. I'm also not sure if the resize does an auto-wipe either then you could also find yourself in trouble if you couldn't immediately get to Fastbootd. Some ROMs will boot to "Device is corrupt" if things like this change, just a warning, which I tried by switching A/B slots, but I had luckily installed TWRP on the other partition and was able to switch slots there and go back to booting.
UPDATE: I was able to eventually locate why the Super partition was getting full - there are temp files created as dynamic partitions when trying to install an OTA - I had to delete any logical partitions with the extension "-cow" which existed for system and system_ext (on the Op8T I was using), I was on slot A, so they were called system_a-cow and system_ext-cow, I deleted them like this:
fastboot delete-logical-partition system_a-cow
fastboot delete-logical-partition system_ext_a-cow
To see if you have any temp files present, you type:
fastboot getvar-all
And scroll through them and see if any of these mystery -cow files are present.
(bootloader) is-logical:system_a-cow:yes
(bootloader) is-logical:system_ext_a-cow:yes
Whew! That was a pain. But no more waiting for incremental updates to become full ROMs anymore on a rooted phone!
Oh, and I put the update for OOS here: https://forum.xda-developers.com/t/...install-from-fastbootd.4316147/#post-85441161