Related
For those who use any official MIUI release (be it Global or Chinese, Stable or Dev):
Download your GSI of preference from Treble-compatible Devices Development section of XDA to your PC. Make sure you download an ARM64 A-only version.
In TWRP on your phone, hit Wipe and then Format Data and confirm it with typing „yes”
Connect your phone in fastboot mode to your PC
Open the command prompt in the folder where your fastboot.exe is located
Type: fastboot flash system path_to_your_GSI.img (Tip: you can also type fastboot flash system and drag and drop it on the command prompt window)
Type: fastboot reboot
The device should reboot to your freshly installed GSI.
For those who use xiaomi.eu ROM: (YMMV, it worked for me so I put it here, see below if it doesn't work for you)
Download your GSI of preference from Treble-compatible Devices Development section of XDA to your PC. Make sure you download an ARM64 A-only version.
Download vendor.img from here to your PC. You can also use any official vendor.img provided in official Xiaomi fastboot firmware packages if you know what you’re doing.
In TWRP on your phone, hit Wipe and then Format Data and confirm it with typing „yes”
Connect your phone in fastboot mode to your PC
Open the command prompt in the folder where your fastboot.exe is located
Type: fastboot flash system path_to_your_GSI.img (Tip: you can also type fastboot flash system and drag and drop it on the command prompt window)
Type: fastboot flash vendor path_to_your_vendor.img (you can drag and drop as well)
Type: fastboot reboot
Alternate, easier (and preferred) way:
Download and flash any official MIUI release like this one here
Follow instructions for official MIUI releases above
The device should reboot to your freshly installed GSI.
How to pass SafetyNet on GSI:
Download the latest Magisk 16.6 and flash it through TWRP
Reboot
In Magisk Manager app, open the side menu and tap Download
Download MagiskHide Props Config, install it and reboot
After reboot, go to Setting and Developer Options and enable Terminal app, right under ADB debugging option
A Terminal app should appear in your apps list. If not, you can also use any terminal emulator app from Play Store
Type „su”, hit enter and grant root permissions
Type „props” and hit enter
Type „1”, hit enter
Type „f”, hit enter
Type „11”, hit enter
Type „7”, hit enter
Type „y”, hit enter
Type „y”, hit enter and your device will reboot
If you care about auto-brightness (which i bet you do), you can also set the module manually to Mi MIX 2S fingerprint:
Follow steps 1-9 from above
Type:
Code:
Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys
and hit enter (thanks @cnrd for the tip!)
Type "y", hit enter
Type "y", hit enter and your device will reboot
After booting successfully, your device will pass SafetyNet, you can check it in Magisk Manager. Tested on my Chinese (XE model) device with the latest Resurrection Remix official GSI, Google Pay is working fine.
Using the Mi 6 ctsProfile kills the background light (at least on phh-treble), use the Mi Mix 2S profile instead:
Code:
Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys
cnrd said:
Using the Mi 6 ctsProfile kills the background light (at least on phh-treble), use the Mi Mix 2S profile instead:
Code:
Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys
Click to expand...
Click to collapse
Added, thanks!
Great tutorial, thank you very much!
Has anyone tried this with the latest pixel experience gsi? Resurrection Remix is running fine but pixel experience always reboots to the fastboot screen.
I used the instructions from the pixel experience thread, but without success. I read the whole thread again and again and did it step by step as mentioned to be sure not to miss any important steps. Not luck.
Can you try it with the Mix2S and confirm that it works and how you it?
Don't want to capture this thread. I'm just desperately trying to get this done to boot.
Best regards
Kleinholzinferno
Thanks for the explain.
Is the OP using this method on a different device? I don't recall seeing any ROMs for the Mix 2S.
napes22 said:
Thanks for the explain.
Is the OP using this method on a different device? I don't recall seeing any ROMs for the Mix 2S.
Click to expand...
Click to collapse
OP is using a Treble ROM. If you go to the Treble section of XDA, there's a bunch of ROMs that will work for the 2s. Instead of flashing a device specific zip file you can flash a generic image file that will work on any phone that supports treble, like the Mi Mix 2s.
This guide walks you through flashing those images, and getting Magisk to work on the 2s.
russphil said:
OP is using a Treble ROM. If you go to the Treble section of XDA, there's a bunch of ROMs that will work for the 2s. Instead of flashing a device specific zip file you can flash a generic image file that will work on any phone that supports treble, like the Mi Mix 2s.
This guide walks you through flashing those images, and getting Magisk to work on the 2s.
Click to expand...
Click to collapse
Thanks, although I had upgraded the Beta to 8.7.10, so probably won't be flashing anything until a workaround comes along. I'm waiting for someone to confirm if it's only for Redmi Note 5.
Thank you for the tutorial, maybe you could add the fact that you have to use the fastboot.exe from miflash.
I´ve used the Minimal ADB and Fastboot Files but they make write Errors and the Rom won´t boot.
Hope I could try this method on my Mi 6X, will report back once I can unlock my Bootloader.
marcii-ec said:
Thank you for the tutorial, maybe you could add the fact that you have to use the fastboot.exe from miflash.
I´ve used the Minimal ADB and Fastboot Files but they make write Errors and the Rom won´t boot.
Click to expand...
Click to collapse
I've done it through Minimal ADB and Fastboot on Windows and through Fastboot on macOS and both work fine.
napes22 said:
Thanks, although I had upgraded the Beta to 8.7.10, so probably won't be flashing anything until a workaround comes along. I'm waiting for someone to confirm if it's only for Redmi Note 5.
Click to expand...
Click to collapse
You can check it if you reboot to Fastboot and see if "fastboot getvar anti" returns anything. If it does, your device has anti-rollback protection enabled.
As far as I know, anti-rollback is enabled on MIX 2S from 8.7.16 onwards, so you should be safe.
woofwoof75 said:
Hope I could try this method on my Mi 6X, will report back once I can unlock my Bootloader.
Click to expand...
Click to collapse
If your device is Treble-compatible, it should work with no problems, however keep in mind that should you run into any issues when using the provided fingerprint, you have to look up some from a stable MIUI for your device.
teddy74eva said:
You can check it if you reboot to Fastboot and see if "fastboot getvar anti" returns anything. If it does, your device has anti-rollback protection enabled.
As far as I know, anti-rollback is enabled on MIX 2S from 8.7.16 onwards, so you should be safe.
Click to expand...
Click to collapse
Yeah, when I run "fastboot getvar anti" I get invalid variable. Which leads me to believe that I don't have any issues at the moment. I won't upgrade from 12, but I'd like to move to Treble at some point.
EDIT: Just checked the "flash_all.bat" file within the 8.7.12 file and saw the following
::set CURRENT_ANTI_VER=1
::for /f "tokens=2 delims=: " %%i in ('fastboot %* getvar anti 2^>^&1 ^| findstr /r /c:"anti:"') do (set version=%%i)
::if [%version%] EQU [] set version=0
::if %version% GTR %CURRENT_ANTI_VER% (
Click to expand...
Click to collapse
Looks like 8.7.12 for Mi Mix 2S is not screwed.
Hello fellow gsi users. I'm new to this props editing thing and wanted to ask two questions for noobs.
If I follow the terminal commands in the OP the device fingerprint shows Xiaomi Mi 6 8.0.0 right? Is this right to use for the MiMix2S? I think so otherwise it wouldn't be mentioned to use.
And i don't understand the command for the auto brightness. What exactly does this do? Enable the automatic brightness settings from the original rom?
Need advice please. Maybe there's a thread that I haven't found yet that explains this topic. I'm eager to get more information but all I found was too general and not the answers I was looking for.
kleinholzinferno said:
Hello fellow gsi users. I'm new to this props editing thing and wanted to ask two questions for noobs.
If I follow the terminal commands in the OP the device fingerprint shows Xiaomi Mi 6 8.0.0 right? Is this right to use for the MiMix2S? I think so otherwise it wouldn't be mentioned to use.
And i don't understand the command for the auto brightness. What exactly does this do? Enable the automatic brightness settings from the original rom?
Need advice please. Maybe there's a thread that I haven't found yet that explains this topic. I'm eager to get more information but all I found was too general and not the answers I was looking for.
Click to expand...
Click to collapse
Basically, setting your fingerprint to Mi6 8.0 fools Google's checks of your installed system's certification, telling them that you are currently running a certified and tested Mi6 firmware. Every firmware has to follow Google's standards and rules for it to be able to fully use Google Services.
Now, I've included Mi6 fingerprint in my guide because it's readily available in MagiskHide Props, thus making it easier to set everything up to a workable state. However, as one user mentioned, if you use Mi6 fingerprint on MIX 2S, it breaks autobrightness. So, in order to be fully certified and keep autobrightness working, you can manually enter a fingerprint provided in the first post, which comes from MIX 2S 8.0 firmware. The only downside is that you have to be careful not to make any mistake when typing, so it's a little bit harder.
If you can live without autobrightness (since, as of now, it's terribly slow), feel free to use the Mi6 preset fingerprint. If you care or if you want to do things as they should be done, go for the manual route. Both of them will make your device Google certified and both of them will allow you to pass SafetyNet checks.
I may generalized some things or not mention them due to my lack of knowledge. If anybody would like to correct something, please do so
P.S. I may completely delete the preset fingerprint guide, as I don't think it's that hard to enter the proper fingerprint manually and it would definitely make things clearer.
Thank you very much for this information, makes everything much clearer for me.
Regarding auto brightness: I don't mind if it works for now, I can live with the manual settings. Better than a laggy auto settings thingy that doesn't worm properly.
The only thing that bothers me is that the screen is much too bright at night (or with night light activated) even in the lowest setting. Is there any possibility to change the minimum value?
Could you explain how to enter the proper fingerprint manually?
Best regards
Edit: nevermind the last question, I found it. In the newer version there's an entry for the mi mix 2s. Xiaomi devices are now listed under number 12, not 11 and the mi mix 2s is listed as own device. Works perfectly fine! Safety net passed, all green now!
So project treble android Q based GSI image is released.
So any one try it and know us is it working or not.
Actually i will Do that but i am Outside so i cants do it rightnow.
so it will be helpful to know whats working and how the rom is as it is beta release we can except the bugs.
Download link ARM64 AOSP:
https://developer.android.com/preview/gsi-release-notes
Same problem as Q sGSI from Erfan and my Blueline Q port. MediaProjectionService incorrect uid or something.
We might have to wait for OP to fix it cause I tried multiple vendors and boot.imgs and none worked.
And repacking Q GSI and AOSP Master builds just breaks their boot so I can't even mod system or anything.
ProtoDeVNan0 said:
Same problem as Q sGSI from Erfan and my Blueline Q port. MediaProjectionService incorrect uid or something.
We might have to wait for OP to fix it cause I tried multiple vendors and boot.imgs and none worked.
And repacking Q GSI and AOSP Master builds just breaks their boot so I can't even mod system or anything.
Click to expand...
Click to collapse
Ok man lets take some time u will do it..... ?
To install the Android Q GSI on your device, you’ll need to meet the following requirements:
Your device "launched" with Android 9 Pie and is Treble-compliant.....
Our device launched with Oreo
Is it going to work?
The difference between Oreo launched and Pie launched, is that Oreo didn't enforce System ad root, only Treble
Pie enforces system as root, so thats maybe the reason? We still have the Oneplus 6t that is absolutly the same so.
CyanideIII said:
To install the Android Q GSI on your device, you’ll need to meet the following requirements:
Your device "launched" with Android 9 Pie and is Treble-compliant.....
Our device launched with Oreo
Is it going to work?
Click to expand...
Click to collapse
Booted fine on OP5,
GSI from Erfan,
evilbait said:
Booted fine on OP5,
GSI from Erfan,
Click to expand...
Click to collapse
Any link pls?
CyanideIII said:
To install the Android Q GSI on your device, you’ll need to meet the following requirements:
Your device "launched" with Android 9 Pie and is Treble-compliant.....
Our device launched with Oreo
Is it going to work?
Click to expand...
Click to collapse
If you read the requirements document (from the OP link) then the op6, even though not released with pie, meets all the criteria to be able to boot the gsi.
---------- Post added at 10:05 PM ---------- Previous post was at 10:02 PM ----------
Astrubale said:
Any link pls?
Click to expand...
Click to collapse
In the treble section
https://forum.xda-developers.com/pr...ment/rom-android-p-developer-preview-t3816659
Has anyone booted yet?
goRt said:
If you read the requirements document (from the OP link) then the op6, even though not released with pie, meets all the criteria to be able to boot the gsi.
Click to expand...
Click to collapse
-They are unlocked.
-They have Treble support.
-They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI.
I know but why they said ”launched with Android 9"? All devices that launched with Android 8 must have treble Support!
CyanideIII said:
-They are unlocked.
-They have Treble support.
-They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI.
I know but why they said ”launched with Android 9"? All devices that launched with Android 8 must have treble Support!
Click to expand...
Click to collapse
The GSI requirements document:
https://developer.android.com/topic/generic-system-image
goRt said:
The GSI requirements document:
https://developer.android.com/topic/generic-system-image
Click to expand...
Click to collapse
Dude you're just ignoring my question
I copied that terms from Android developer site and wrote my problem with that
And again you just shared that link
NVM ???
CyanideIII said:
Dude you're just ignoring my question
I copied that terms from Android developer site and wrote my problem with that
And again you just shared that link
NVM ???
Click to expand...
Click to collapse
Dude,
You're ignoring the answer that I've pointed you to twice, because you don't like the answer:
https://developer.android.com/topic/generic-system-image#device-compliance
Code:
Check devices for compliance
GSI works only on devices with the following characteristics:
They are unlocked.
They have Treble support.
They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI.
Warning: Attempting to flash GSI to a non-compliant device could result in your device becoming non-bootable. Always confirm that your device is compliant before flashing, and follow the installation steps provided by your device's manufacturer.
GSI doesn't support rollback. You will need a recovery method and original system ROM to revert to the original system.
To determine whether your device can use GSI and determine which GSI OS version you should install, do the following:
Check for Treble support by running the following command:
adb shell getprop ro.treble.enabled
If the response is false, the device isn't compatible with GSI and you shouldn't continue. If the response is true, continue to the next step.
Check for cross-version support by running the following command:
adb shell cat /system/etc/ld.config.version_identifier.txt \
| grep -A 20 "\[vendor\]"
Note: Depending on your platform, the configuration file in the preceding command may or may not have a version identifier in it.
In the output, look in the section [vendor] for namespace.default.isolated.
If the value for that attribute is true, then the device fully supports Vendor Native Development Kit (VNDK) and can use any GSI operating system (OS) version. Choose the latest GSI OS version available.
If the value for the attribute is false, then the device isn't fully VNDK-compliant, and the device can use only the GSI for the same on-device OS version. For example, an Android 9 (API version 28) device that isn't VNDK-compliant can load only an Android 9 GSI image.
The GSI CPU architecture type must match the device’s CPU architecture. To find the right CPU architecture for the GSI image, run the following command:
adb shell getprop ro.product.cpu.abi
Use the output to determine which GSI image to use when flashing your device. For example, on a Pixel 3, the output would indicate that the CPU architecture is arm64-v8a, so you would use the arm64 type of GSI.
For devices that were upgraded to Android 9 from an earlier version, there are two different types of legacy GSI images available: _a and _ab. The system user's privilege level on the device determines which type to use.
To determine the system user’s privilege level, run the following command:
adb shell cat /proc/mounts | grep -q /dev/root && echo "system-as-root" || \
echo "non-system-as-root"
If the output of the command is system-as-root, you must use the _ab type of GSI image. If the output is non-system-as-root, you must use the _a type. If neither value is in the output of the command, the device isn't compatible with GSI and you shouldn't continue.
CyanideIII said:
Dude you're just ignoring my question
I copied that terms from Android developer site and wrote my problem with that
And again you just shared that link
NVM
Click to expand...
Click to collapse
You can also just read further than "They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI." and enter each command to check for GSI support.
The OnePlus 6, even if launched with Android 8, has been updated to Android 9, and is fully compliant with GSI requirements (check attachment)
goRt said:
Dude,
You're ignoring the answer that I've pointed you to twice, because you don't like the answer:
https://developer.android.com/topic/generic-system-image#device-compliance
Code:
Check devices for compliance
GSI works only on devices with the following characteristics:
They are unlocked.
They have Treble support.
They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI.
Warning: Attempting to flash GSI to a non-compliant device could result in your device becoming non-bootable. Always confirm that your device is compliant before flashing, and follow the installation steps provided by your device's manufacturer.
GSI doesn't support rollback. You will need a recovery method and original system ROM to revert to the original system.
To determine whether your device can use GSI and determine which GSI OS version you should install, do the following:
Check for Treble support by running the following command:
adb shell getprop ro.treble.enabled
If the response is false, the device isn't compatible with GSI and you shouldn't continue. If the response is true, continue to the next step.
Check for cross-version support by running the following command:
adb shell cat /system/etc/ld.config.version_identifier.txt \
| grep -A 20 "\[vendor\]"
Note: Depending on your platform, the configuration file in the preceding command may or may not have a version identifier in it.
In the output, look in the section [vendor] for namespace.default.isolated.
If the value for that attribute is true, then the device fully supports Vendor Native Development Kit (VNDK) and can use any GSI operating system (OS) version. Choose the latest GSI OS version available.
If the value for the attribute is false, then the device isn't fully VNDK-compliant, and the device can use only the GSI for the same on-device OS version. For example, an Android 9 (API version 28) device that isn't VNDK-compliant can load only an Android 9 GSI image.
The GSI CPU architecture type must match the device’s CPU architecture. To find the right CPU architecture for the GSI image, run the following command:
adb shell getprop ro.product.cpu.abi
Use the output to determine which GSI image to use when flashing your device. For example, on a Pixel 3, the output would indicate that the CPU architecture is arm64-v8a, so you would use the arm64 type of GSI.
For devices that were upgraded to Android 9 from an earlier version, there are two different types of legacy GSI images available: _a and _ab. The system user's privilege level on the device determines which type to use.
To determine the system user’s privilege level, run the following command:
adb shell cat /proc/mounts | grep -q /dev/root && echo "system-as-root" || \
echo "non-system-as-root"
If the output of the command is system-as-root, you must use the _ab type of GSI image. If the output is non-system-as-root, you must use the _a type. If neither value is in the output of the command, the device isn't compatible with GSI and you shouldn't continue.
Click to expand...
Click to collapse
casual_kikoo said:
You can also just read further than "They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI." and enter each command to check for GSI support.
The OnePlus 6, even if launched with Android 8, has been updated to Android 9, and is fully compliant with GSI requirements (check attachment)
Click to expand...
Click to collapse
Now i get it
Sorry and thank you both
i really want to test this but not sure how
Any new info on Android 10 for op6
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Software root method for MediaTek MT67xx, MT816x, and MT817x!
So it's no big secret that not too long ago, I found a way to achieve temporary root on MediaTek chipsets. No preinstalled root solution or device unlock was needed. The tool I created, MTK-SU, was originally aimed at helping Amazon Fire HD owners to easily root and unlock their tablets. (Without it, most models need a hardware mod to achieve root & unlock. This tool made rooting accessible to many times the number of owners. It also made possible to root the Fire TV gen 2.) But funny story: this method actually works on virtually all of MediaTek's 64-bit chips. Many devices of various vendors have already been confirmed.
So in case it's not clear, what mtk-su does is give you a root shell to do with as you please. It's like running 'su', but without the need to have su installed. That may be a holy grail for locked devices. On some devices, it may be possible to install a root manager for permanent root using mtk-su as a springboard.
The original thread is here: Rapid Temporary Root for HD 8 & HD 10. It's a great resource for info. But please avoid posting there about non-Amazon devices. This new thread is a catchall topic for other devices and vendors.
DISCLAIMERAnything you do that is described in this thread is at your own risk. No one else is responsible for any data loss, corruption or damage of your device, including that which results from bugs in this software. There is a nonzero chance of any of these events happening as a result of using the tools or methods here.
REQUIREMENTSMastery of the Thanks button under XDA posts
A phone or tablet based on Mediatek MT67xx, MT816x, MT817x or MT6580 chipsets
Either:
A PC with ADB installed to interact with your device, or
A terminal emulator app
Familiarity with ADB (if using PC) and basic Linux shell commands
You agree to post the model name of any unconfirmed device which ran mtk-su successfully
INSTRUCTIONS FOR ADB
Make sure you meet all the requirements listed above, especially the first and last ones.
Download the current mtk-su zip file to your PC and unzip it. Inside will be 2 directories: 'arm' & 'arm64' with an 'mtk-su' binary in each. Pick one for your device. Differences between the flavors:
arm64: 64-bit kernel and userspace
arm: 32-bit userspace on a 64-bit or 32-bit kernel (will also work in 64-bit userspace)
Connect your device to ADB and push mtk-su to your /data/local/tmp folder
adb push path/to/mtk-su /data/local/tmp/
Open an adb shell
adb shell
Change to your tmp directory
cd /data/local/tmp
Add executable permissions to the binary
chmod 755 mtk-su
At this point keep your device screen on and don't let it go to sleep. Run the command
./mtk-su
It should only take a second or two. If the program gets stuck for more than a few seconds and your device is awake, press Ctrl+C to close it.
The -v option turns on verbose printing, which is necessary for me to debug any problems.
The output of ./mtk-su -v is similar to this:
Spoiler
Code:
$ ./mtk-su -v
param1: 0x3000, param2: 0x18040, type: 2
Building symbol table
kallsyms_addresses pa 0x40bdd500
kallsyms_num_syms 70337, addr_count 70337
kallsyms_names pa 0x40c66d00, size 862960
kallsyms_markers pa 0x40d39800
kallsyms_token_table pa 0x40d3a100
kallsyms_token_index pa 0x40d3a500
Patching credentials
Parsing current_is_single_threaded
ffffffc000354868+50: ADRP x0, 0xffffffc000fa2000
ffffffc000354868+54: ADD xd, x0, 2592
init_task VA: 0xffffffc000fa2a20
Potential list_head tasks at offset 0x340
comm swapper/0 at offset 0x5c0
Found own task_struct at node 1
cred VA: 0xffffffc0358ac0c0
Parsing avc_denied
ffffffc0002f13bc+24: ADRP x0, 0xffffffc001113000
ffffffc0002f13bc+28: LDR [x0, 404]
selinux_enforcing VA: 0xffffffc001113194
Setting selinux_enforcing
Switched selinux to permissive
starting /system/bin/sh
UID: 0 cap: 3fffffffff selinux: permissive
#
Some other options:
mtk-su -c <command>: Runs <command> as root. Default command is /system/bin/sh.mtk-su -s: Prints the kernel symbol tablemtk-su -Z <context>: Runs shell in a new selinux context. Example: ./mtk-su -Z u:r:logd:s0If you see any errors other than about unsupported or incompatible platform or don't get a root shell, report it here. When reporting a problem with a device, please post a link to the firmware and/or the kernel sources.
Please post the model of any device that works with mtk-su that's not already confirmed.
Important: in rare cases, it may be necessary to run the tool multiple times before you hit UID 0 and get selinux permissive. If you don't achieve root on a particular run, the "UID: N cap: xxxxx...." line will reflect that. If it doesn't say "UID: 0 cap: 3fffffffff selinux: permissive", type exit to close the subshell and try mtk-su again.
WARNING If you have a device with Android 6 or higher, it likely has dm-verity enabled. On such a device one does not simply remount the system partition as read/write. The remount command will probably fail. But if you succeed in forcing it somehow it will trigger dm-verity, which will result in a very bad day. Your device will become inoperable until you restore the stock system partition.
DOWNLOADCurrent Version
Release 23
Spoiler: Changelog
Release 23 - August 24, 2020
Add support for some early Linux 3.10 tablet firmware
Add support for kernels with some debug features enabled
Release 22 - May 8, 2020
Expand kernel support
Enable seccomp handling for Android 8
Release 21 - March 14, 2020
Add support for more devices
Fix seccomp on 3.18 arm kernels
Release 20 - Dec 28, 2019
Add support for MT6580
Add support for some MT8183 versions
Fix handling of some 32-bit 4.x kernels with stack protection
Move to NDK build
Release 19 - October 20, 2019
Add -Z option for setting custom selinux context
Fix seccomp on armv7
Fix seccomp handling on late-revision 3.18 kernels
Improve error printing for critical failures
Strip supplementary groups in root shell
Do not spawn root shell on critical failures
Release 18 - July 29, 2019
Add support for kernel address space layout randomization (KASLR)
Change status output format
Release 17 - July 13, 2019
Fix missing capabilities under adb shell in Android 9.x
Disable seccomp in app mode of Android 9.x
Add support for MT6771 on Android 8.x
Reliability improvements
Release 16 - June 9, 2019
Add support for 32 & 64-bit kernels compiled with CONFIG_KALLSYMS_BASE_RELATIVE
Add support for MT676x on Android 7.x
Speedups
Release 15 - May 29, 2019
Run shell/command in global mount namespace -- mounting from apps is now visible to the whole system
Release 14 - May 22, 2019
Remove restriction for adb shell initial run on Android 8.0+
Add support for 32-bit kernels compiled under Android 8.0+
Add initial support for MT6771 on Android 9+
Minor bug fixes
Release 13 - May 16, 2019
Improve stack protection detection -- add support for some armv7-kernel 3.x phones
Release 12 - April 26, 2019
Unify the arm and armv7-kernel binaries into one
Support Linux 4.9.x
Improve speed and possibly reliability
Fix arm64 support for phones on kernel 3.10.65
Fix stack protection workaround for armv7 kernels
Update readme file
Release 11 - April 10, 2019
Fix up and enable rooting for 32-bit kernels -- first such device confirmed (thanks @anthonykb)
Improve criteria for detecting strong stack protection
Release 10 - April 7, 2019
Fix support for the latest Oreo devices
Add compatibility for kernels with stack protection (Nokia phones)
Improve reliability
Initial support for 32-bit (armv7) kernels -- needs testing
Release 9 - April 1, 2019
Confirmed support for at least some Oreo devices
Fix bugs with R8
Release 8 - March 30, 2019 (REMOVED)
Lay the groundwork for Oreo devices
Improve performance
Improve reliability
Release 7 - March 17, 2019
Add/fix support for many Linux ver. ≤ 3.18.22 devices
Fix arm binary on Fire HD 10
Release 6 - March 13, 2019
Add support for some devices with kernel 4.4.x (MT8167 confirmed by @cybersaga)
Minor bug fixes
Release 5 - March 7, 2019
Support kernels with CONFIG_KALLSYMS_ALL disabled
Improve reliability
Release 4 - March 4, 2019
Improve compatibility with phones
Support Fire TV 2 new FW
Minor bug fixes
Improve reliability
Release 3 - March 1, 2019
Add support for HD 10 7th gen
Add support for 3.10 kernel layout
Add possible support for MT67xx phones
Improve reliability
Release 2 - Feb. 27, 2019
Add support for HD 8 8th gen and 32-bit only user stacks
FAQI got the error, "This firmware cannot be supported". What's up with that?
This means that your device's firmware is not prone to the mechanism used by mtk-su. It may be a new device or it may have started from a firmware update. It will not be feasible to add root support for the current or future firmware versions. Check the last supported firmware version in post 4. If the last working FW is not listed and your device used to work with mtk-su, please report the last working version and/or your current version. In those cases, it may be possible to get mtk-su support by downgrading the firmware.
I got the error, "Firmware support not implemented". What gives?
That means that mtk-su does not recognize the type of firmware on your device. While It's technically possible to add basic detection, most of the time this error happens on devices that have already blocked mtk-su access. So implementing it would only kick the can down the road and probably lead to a, "This firmware cannot be supported" message (see above). If your device has Android 10+ or a security patch level at 03-2020 or higher, or if your firmware is newer than the last compatible version in post 4, there is no need to report this error.
Will this work on my phone?
Yes, it will work on your phone, unless it doesn't. But to be serious, there is no point in asking this question. If you have the device in hand, it is much quicker to just try out the above procedure than to wait for a response. You are usually the best person to answer that question. If your device is listed among the confirmed models or, to a lesser extent, your chipset is supported, that's a good indication that mtk-su will succeed, but that is not guaranteed. You should report your success or failure in this thread, along with the requested materials if it fails.
Why don't you reply to my post?
I read every post in this thread, and respond to practically every post that warrants a response. Sometimes I will only click a Thanks as an acknowledgement. The reasons I may not answer your question are:
It has already been answered in the FAQ or multiple times in the thread.
Your post is unrelated to this project. It may be specific to your device, which would make it off topic for this thread.
Your question is extremely vague and you appear to be intentionally leaving out basic information (e.g. fishing).
After getting a root shell I'm still getting 'permission denied' errors. WTH?
It may be that selinux is still being enforced. Having root with selinux enabled somehow ends up being more restrictive than a normal shell user. First, check that mtk-su succeeded in setting selinux to permissive by running getenforce. If it says Enforcing, then exit your shell and run mtk-su again.
Will this work on an MT65xx or MT8127?
There is no support for most 32-bit chips. But there may be a couple where it's possible.
Does this thing unlock the bootloader?
No, it does nothing to unlock the bootloader.
I ran mtk-su successfully, but my apps still don't have root permissions.
Mtk-su does not give apps root permissions. It is not a permanent root solution in and of itself. It opens a command shell that has root and administrative capabilities within the context of that shell. It's up to you what you want to do with it. But also, there is a way to load Magisk using this tool without the need to unlock your bootloader. Just follow this guide.
How does this tool work?
It overwrites the process credentials & capabilities in the kernel in order to gain privileges. It also turns off selinux enforcement by overwriting the kernel's selinux_enforcing variable. As for how it accesses that memory, the tool involves making use of the vulnerability known as CVE-2020-0069.
Can I include mtk-su in my app or meta-tool?
Generally speaking, you may not distribute any mtk-su zip or binaries with your software. That includes doing any automatic download of those files into your app. You can still use it with your tools. But you should ask your users to visit this thread and download the current release zip themselves. No apps have been permitted to bundle or auto-download mtk-su.
CREDITS
Thank you to everyone who has tested and provided feedback to help me add support for the large variety of MTK-based devices out there. There are simply too many people to list.
MediaTek, Inc., who leave holes and backdoors in their OS to make software like this possible :good:
Thank you to everyone who has donated. You're the best!
INSTRUCTIONS FOR TERMINAL APPYou can optionally run mtk-su on a terminal emulator such as Terminal Emulator for Android (recommended) or Termux. The basic idea is to copy the executable to the terminal app's internal directory and run it from there. These are the instructions for Termux, but a similar procedure applies to all terminal shell apps.
Make sure you meet all the requirements from the first post, especially the first and last ones.
Download the current mtk_su zip to your device and unzip it. Take note of where you extracted it. Pick the variant that fits your device. (See above.)
Open Termux and copy the mtk-su binary to its home directory, which in this case is the shell's initial working directory.
General idea: cp path/to/mtk-su ./
For example,
cp /sdcard/mtk-su_r14/arm64/mtk-su ./
For this to work, you have to enable the Storage permission for your term app. Do not try to circumvent the cp command with clever copying methods involving file managers or external tools. Mtk-su will not get the right permissions that way.
Make file executable
chmod 700 mtk-su
Run the program
./mtk-su
If mtk-su fails, post the output of ./mtk-su -v here along with a link to firmware and/or kernel sources, if possible.
Note that for most terminal shell apps, the internal app directory is stored in the variable $HOME. So in general you would do
cd
cp path/to/mtk-su ./
chmod 700 mtk-su
./mtk-su
PROJECTS USING THIS TEMP ROOT
Partition Backup Helper for Termux by @mrmazak
Creates a script that automatically backs up your device's partitions, which may come in handy for repairs or experimenting.
Full bootless root with Magisk (for 20.x to 21.4) by @diplomatic
Loads Magisk without modifying the firmware.
Full bootless root with Magisk for 22.x+ by @HemanthJabalpuri
Loads the latest Magisk version without modifying the firmware.
Status
NOTE: Any firmware update released after March, 2020 is bound to block this temp root. Think twice before updating your device if you would like to keep using mtk-su.
Confirmed Devices
Acer Iconia One 10 B3-A30/B3-A40/B3-A50 series
Acer Iconia One 8 B1-860 series
Acer Iconia Talk S
Alba tablet series
Alcatel 1 5033 series
Alcatel 1C
Alcatel 3L (2018) 5034 series
Alcatel 3T 8
Alcatel A5 LED 5085 series
Alcatel A30 5049 series
Alcatel Idol 5
Alcatel/TCL A1 A501DL
Alcatel/TCL LX A502DL
Alcatel Tetra 5041C
Alcatel U5 / Orange Rise 52
Alldocube iPlay10 Pro
Alldocube iPlay8
Amazon Fire 7 2019 -- up to Fire OS 6.3.1.2 build 0002517050244 only
Amazon Fire HD 8 2016 -- up to Fire OS 5.3.6.4 build 626533320
Amazon Fire HD 8 2017 -- up to Fire OS 5.6.4.0 build 636558520 only
Amazon Fire HD 8 2018 -- up to Fire OS 6.3.0.1 only
Amazon Fire HD 10 2017 -- up to Fire OS 5.6.4.0 build 636558520 only
Amazon Fire HD 10 2019 -- up to Fire OS 7.3.1.0 only
Amazon Fire TV 2 -- up to Fire OS 5.2.6.9 only
ANRY S20
ASUS ZenFone 3 Max ZC520TL
ASUS ZenFone Max Plus X018D
ASUS ZenPad 3s 10 Z500M
ASUS ZenPad Z3xxM(F) MT8163-based series
Barnes & Noble NOOK Tablet 7" BNTV450 & BNTV460
Barnes & Noble NOOK Tablet 10.1" BNTV650
Blackview A8 Max
Blackview BV9600 Pro (Helio P60)
BLU Life Max
BLU Life One X
BLU R1 series
BLU R2 LTE
BLU S1
BLU Tank Xtreme Pro
BLU Vivo 8L
BLU Vivo XI
BLU Vivo XL4
Bluboo S8
BQ Aquaris M4.5
BQ Aquaris M8
CAT S41
Coolpad Cool Play 8 Lite
Coolpad Legacy S(R)
Cubot Power
Doogee X70
Dragon Touch K10
Echo Feeling
Evercoss Genpro X Pro S50
Gionee F103 Pro
Gionee M7
Gionee S9
HiSense Infinity H12 Lite
HTC Desire 12
HomTom HT20
Huawei GR3 series
Huawei Y5II
Huawei Y6II MT6735 series
ION Gravity
Lava Iris 88S
Lenovo A5
Lenovo C2 series
Lenovo Tab E7
Lenovo Tab E8
Lenovo Tab2 A10-70F
Lenovo Tab3 10
Lenovo Vibe K5 Note
LG K8+ (2018) X210ULMA (MTK)
LG K10--K430 series
LG K10 (2017)
LG K50
LG Q7 (MTK)
LG Stylo 4 (MTK) -- up to Q710AL11k
LG Tribute Dynasty
LG X power 2/M320 series (MTK)
LG Xpression Plus 2/Harmony 3/K40 LMX420 series
Lumigon T3
Meizu M5c
Meizu M6
Meizu Pro 7 Plus
Motorola Moto C series
Motorola Moto E3 series (MTK)
Motorola Moto E4 series (MTK)
Nokia 1
Nokia 1 Plus
Nokia 3
Nokia 3.1
Nokia 3.1 Plus
Nokia 5.1
Nokia 5.1 Plus/X5
Odys PACE 10 (MT8163)
Onn 7" Android tablet
Onn 8" & 10" tablet series (MT8163) -- up to 10/2019 FW only
Oppo A59 series
Oppo A5s -- up to A.30 only
Oppo A7x -- up to Android 8.x
Oppo F5 series/A73 -- up to A.39
Oppo F7 series -- Android 8.x only
Oppo F9 series -- Android 8.x only
Oppo R9xm series
Oukitel K6
Oukitel K9
Oukitel K12
Oukitel U18
Philips E518
Protruly D7
RCA Voyager III - RCT6973W43MDN
Realme 1
Realme 3
Snopow M10 series
Sony Xperia C4
Sony Xperia C5 series
Sony Xperia L1
Sony Xperia L3
Sony Xperia M5 series
Sony Xperia XA series
Sony Xperia XA1 series
Southern Telecom Smartab ST1009X (MT8167)
Teclast M30
TECNO Spark 3 series
Umidigi F1 series
Umidigi Power
Verizon Ellipsis 10 HD QTAXIA1
Vernee Mix 2
Wiko Ride
Wiko Sunny
Wiko View3
Xiaomi Redmi 6/6A series
ZTE Blade 10 Prime
ZTE Blade A530
ZTE Blade A7 Prime
ZTE Blade D6/V6
ZTE Blade V8 Lite
ZTE Quest 5 Z3351S
ZTE Voyage 4S/Blade A611/Blade A610
Support Problematic*
Most/all Vivo phones
Most/all Huawei/Honor models with Android 8+
Most Oppo phones in app mode
Oppo F11 -- up to CPH1911EX_11_A.22 only
Most/all Samsung MTK-based phones
Supported Chipsets
Including, but not limited to: MT6735, MT6737, MT6738, MT6739, MT6750, MT6752, MT6753, MT6755, MT6757, MT6758, MT6761, MT6762, MT6763, MT6765, MT6771, MT6779, MT6795, MT6797, MT6799, MT8163, MT8167, MT8173, MT8176, MT8183, MT6580, MT6595
* These devices typically use kernel modifications to deter root access via exploits. But this temp root method can still attain root on most of these models in theory. However, I will not be adding support for such non-standard kernels in the main release versions. A tailored version of mtk-su can be made to handle a protected kernel in a specific firmware. This is not something I'm usually motivated to do. But it's possible to make such a version if you can somehow encourage me.
Re-re-reserved
Great work mate!! I would liked to of kept secret till I got myself a new Sony L3 and backup the ta thought.
:laugh:
:highfive:
LOL... thanks!
Don't worry man, no one reads this forum
Great work. Having used both a hardware root method and this method on a pair of devices I have, mtk-su was waaaaaaay easier to work with. Big thanks!
looks great ...i want to try it on a Vodafone carrier branded mtk67__ device in Spain / Europe to see what happens ...
ultimately i would want to use su to pull a copy of stock recovery to sd card / that and boot partition.img
what about after pulling stock recovery & porting twrp i flash twrp with flashfire or similar and after booting directly to recovery flash dm-verity disable .zip ...
reason being that bootloader is locked and this device is on marshmallow ...
*so my question is ...
will mounting rw on marshmallow trip dm-verity immediately and bootloop instantly or only on reboot ...if it's on reboot it would serve my purpose ..
* next question is if im running as su in shell how will I "give" escalated privileges to third party apk like flashfire for example or is it possible to disable dm-verity from root shell using commands ?
or installing mixplorer with root privileges for examle ..
KevMetal said:
looks great ...i want to try it on a Vodafone carrier branded mtk67__ device in Spain / Europe to see what happens ...
ultimately i would want to use su to pull a copy of stock recovery to sd card / that and boot partition.img
what about after pulling stock recovery & porting twrp i flash twrp with flashfire or similar and after booting directly to recovery flash dm-verity disable .zip ...
reason being that bootloader is locked and this device is on marshmallow ...
*so my question is ...
will mounting rw on marshmallow trip dm-verity immediately and bootloop instantly or only on reboot ...if it's on reboot it would serve my purpose ..
* next question is if im running as su in shell how will I "give" escalated privileges to third party apk like flashfire for example or is it possible to disable dm-verity from root shell using commands ?
or installing mixplorer with root privileges for examle ..
Click to expand...
Click to collapse
@diplomatic made a good outline of the the steps to "jump" into full root. At least until rebooted.
I will add the link to the post, but keep the discussion that follows , here in this thread
*Copied from post https://forum.xda-developers.com/showpost.php?p=79348378&postcount=569
diplomatic said:
For advanced users or devs: here's a general overview for a method to get root with Magisk without having to modify your boot image.
Get a Magisk zip file and extract the magiskinit binary. Push magiskinit to your device.
Extract the magisk binary from magiskinit with ./magiskinit -x magisk
Make a symbolic link to (or a copy of) magiskinit and call it magiskpolicy.
Make a symbolic link to (or a copy of) magisk and call it su.
Make a small ext4 image of about 2 to 4MB (using something like make_ext4fs -J -l 2MB). In it, place Magisk's magisk and su binaries. The su binary could be either a link to magisk or a copy of it. (Idea borrowed from @k4y0z's unlock method.)
Get a root shell with mtk-su
Patch the running sepolicy with a magisk context using ./magiskpolicy --live --magisk 'allow magisk * * *' .
Start a temporary Magisk daemon with ./magisk --daemon
Start a temporary Magisk root shell with ./su. This may involve prompts from Magisk Manager.
Check to make sure the new root shell has the context u:r:magisk:s0. Don't proceed if it's not that context.
From the magisk context shell, mount the ext4 image to /system/xbin with
losetup /dev/block/loop0 magisk.img
mount /dev/block/loop0 /system/xbinYou may be able to combine those 2 commands into one, but I wasn't able to on my device.
Kill the temporary magisk daemon with killall magiskd. The point of this is to launch a new daemon from within the magisk se-context. Otherwise there will be problems with selinux.
Start a new daemon with magisk --daemon. Notice that there's no ./ at the start. This is to test the loopback img.
Exit the temporary ./su shell. You may get an error message, but that's fine. At this point you should be back to the mtk-su shell.
Exit the mtk-su shell.
Check if su works. You should get a prompt from Magisk Manager.
At this point, if you get a normal root shell, you can do setenforce 1.
Now all apps that want su access will have it with proper prompting.
Have some app execute steps 6 through 17 at every startup.
Steps 1-5 are done once. Step 6 onward are done at every boot session. A script would probably help. I'm sure this is missing some details, but I just wanted to convey the general idea.
EDIT: If you get this system up and running, you of course want to avoid updating Magisk binaries through MM. That's pretty important because doing so will probably stop your device from booting.
Click to expand...
Click to collapse
KevMetal said:
looks great ...i want to try it on a Vodafone carrier branded mtk67__ device in Spain / Europe to see what happens ...
ultimately i would want to use su to pull a copy of stock recovery to sd card / that and boot partition.img
what about after pulling stock recovery & porting twrp i flash twrp with flashfire or similar and after booting directly to recovery flash dm-verity disable .zip ...
reason being that bootloader is locked and this device is on marshmallow ...
*so my question is ...
will mounting rw on marshmallow trip dm-verity immediately and bootloop instantly or only on reboot ...if it's on reboot it would serve my purpose ..
* next question is if im running as su in shell how will I "give" escalated privileges to third party apk like flashfire for example or is it possible to disable dm-verity from root shell using commands ?
or installing mixplorer with root privileges for examle ..
Click to expand...
Click to collapse
Cool... let us know the results of running mtk-su on that phone, as well as the full model name so I can list it.
So you're on the right track about installing permanent root. I was pretty vague about it in the OP because it's a complex topic and it's pretty risky territory. Before trying to mod your boot image with systemless root and/or verity disabled, you have to check how restrictive your BL is. It's very possible that it can accept self-signed or unsigned images without needing to unlock. You can check this in a minesweeper fashion by flashing your stock recovery with the OEM signature removed and see if it boots. If not, Android will restore the stock recovery automatically, no harm done.
If you want to flash partitions from a root shell, you can use the dd command. FlashFire is a glorified dd flasher. For example, to flash a recovery image you would do
dd if=recovery.img of=/dev/block/platform/mtk-msdc.0/11230000.MSDC0/by-name/recovery
The exact path of the dev node varies by device. You should do more research about it if you're interested. To dump partitions, essentially do the reverse of if= and of=.
If you want, you can post your stock recovery image and I can modify it so you can test how restrictive your BL is. There's no need to jump ahead to TWRP yet.
diplomatic said:
If you want, you can post your stock recovery image and I can modify it so you can test how restrictive your BL is. There's no need to jump ahead to TWRP yet.
Click to expand...
Click to collapse
Most MTK's allow the boot probably due to difficulties during OTA patches indeed a lot of the OEM OTA's I have seen actually flash the recovery.img to the boot partition first then reboot do the update flash the recovery to recovery partition then reboot to recovery do the final check then reflash the boot.img back to the boot partition.
I think this is so if the OTA fails at any point they are always in recovery mode. If any of that makes sense :laugh:
Some mtk fstab's I have seen even have a flag that states verify "recoveryonly" so you can flash a TWRP recovery.img to the boot and it will boot up but it will not if flashed to the recovery of course OEM's may have other ideas and implementations so caution and a way back are definitely needed.
It's definitely a game of Russian roulette with a one in six chance of you finding the loaded chamber.
Been too secure can backfire on OEM's and cost them as with the Amazon Fire Phone I brick 3 or 4 of those suckers trying to unlock it and even they could do nothing with them so they would just give me a new one and I am convinced they actually locked themselves out on that devices and that's why it never got a version update or bootloader unlock which is a shame because it was a good phone. :silly:
bigrammy said:
Most MTK's allow the boot probably due to difficulties during OTA patches
Click to expand...
Click to collapse
OK, but I don't see how any of this would prevent cryptographic signature checking and enforcement at any OTA installation stage. Do you have any reason to believe that most devices that are not unlockable have support for unsigned images?
diplomatic said:
OK, but I don't see how any of this would prevent cryptographic signature checking and enforcement at any OTA installation stage. Do you have any reason to believe that most devices that are not unlockable have support for unsigned images?
Click to expand...
Click to collapse
Depends on oem I guess eg: Lenovo TAB2 never unlock the bootloader, Infocus Never unlocked the bootloader, All China brands various I never unlocked the bootloaders yet all rooted with custom recovery's installed although most of these were Android 6.0 so AVB used by Magisk SuperSU etc works for them.
Nokia3 I did unlock the bootloader but I beginning to think maybe I didn't need to and maybe I can test that theory soon when I get one back I loaned out.
Big brands like Sony Defo need to be unlocked but lessor brands I am not so sure about.
OK, good to know, @bigrammy
diplomatic said:
OK, good to know, @bigrammy
Click to expand...
Click to collapse
I might try flash the boot of my Sony XA1 (bootloader locked) with a TWRP recovery over the weekend and see what happens. It just means me having to boot windows to recover it if it fails and I have not done that in 18 months or more :laugh:
EDIT: Unsigned TWRP Failed to boot so now I will try with a AVB signed image and see what happens.
EDIT 2: AVB signed TWRP Failed verification check too. :laugh:
PS: Never unlocked the Lumigon T3 (my daily driver) either and that was marketed a secure device it took me about 30 min's to to make a scatter file then pull the boot with SPFlashTool ported over TWRP from my Infocus pre patched the boot with Magisk flashed them back done. Again it seems AVB sig was enough for this device too but again Android 6.0. :laugh:
OK.... it would be interesting what happens with the Sony...
It's pretty much the same deal with the Asus Zenpad series. The Z3xxM series, based on MT8163, can be flashed without unlocking the BL. On the old Android 6 FW, you needed to have an AVB signature for it go through. On Android 7, you don't even need that. However, for the high-end MT8176-based Zenpad Z500M, they locked it down so that you'd need to unlock before installing a custom boot/recovery--OEM sig support only.
bigrammy said:
EDIT: Unsigned TWRP Failed to boot so now I will try with a AVB signed image and see what happens.
EDIT 2: AVB signed TWRP Failed verification check too. :laugh:
Click to expand...
Click to collapse
LOL... I guess I'll have to stick to unlocking my Sonys before installing root.
I have a question
I have been looking ways to root redmi 6a. Xiaomi have been imposing 15d grace period one any request to unlock boot loader. Very annoyed
My question is if I manage to root it and install TWRP. can I still modify the boot loader without unlocking it?
Tia
Sent from my Redmi 6A using Tapatalk
Hi, @ahhl
If you can install and boot TWRP without unlocking the bootloader, you can almost definitely install permanent root to a boot image. The question is whether the locked BL on that phone will boot an image that is unsigned or wipe out instead. This is what bigrammy and I were just talking about above. I'd love to know if mtk-su works on that phone, btw....
i will try. but i am just novice?. i read thru the conversation between you and bigrammy, only to 30% goes thru my head?
if i manage run mtk-su, then flash twrp, if the flashing did not work, it will just reboot back using stock boot.? i do not have to worry something i need to do just like bigrammy did for 30min, just to get the phone running? as the reboot just wipe twrp? is this true?
Welcome to the one and only, the original, universal,
System-RW / Super-RW feat. Make-RW / ro2rw (read-only-2-read/write super partition converter) by lebigmac
Also known as: THE-REAL-RW, FULL-RW, EXT4-RW, EROFS-RW, EROFS-2-RW, F2FS-RW, F2FS-2-RW, EROFS-2-EXT4-CONVERTER, F2FS-2-EXT4-CONVERTER, Super Resizer/Flasher, SYSTEM-RW / PRODUCT-RW / VENDOR-RW / ODM-RW, root enhancer, real root, FULL ROOT, RW MULTI TOOL and many more aliases!
(NOTE: Full F2FS-RW support coming in 1. quartal 2023 ! Get your Samsungs ready!)
The prophecy has finally been fulfilled.
Making Android ten years younger!
Inspiring a whole generation of talented developers and empowering the open source community.
The Pandora's Box has been fully unlocked at last!
The genie has been unleashed from within the bottle!
Sesame! Open up now!
Let the Olympic Android System Modding Games (OASMG) begin!
The power is now in YOUR hands! And don't forget:
With great power comes great responsibility!
Creation date: February 2021
Updated: January 2023
Requirements:
rooted STOCK Android 10 or newer
at least 10+ GB free space on phone for dumping data
Description:
A script for all Android power users that wish to make their read-only Android 10+ system read/write-able again to remove bloatware and make more thorough customizations to their device.Script only modifies super and vbmeta partitions. /data partition is not affected. It's only used for dumping data and for storing script files.In a nutshell this is what the script is doing:
Spoiler: What is the script doing under the hood?
dumps your existing super partition
extracts embedded read-only sub-partitions (system, system_ext, odm, vendor, product...) from specified super image
makes these sub-partitions read/write-able using the one and only original MakeRW/ro2rw algorithm
joins everything back together to new super.img
flashes read/write-able patched super image back to device using the super fast Kolibass technique (only available in recovery mode)
NOTE:
The script can be run both inside custom recovery and inside Android operating system.
If you run script in Android mode you will need to fastboot flash the patched image(s) manually!
To check whether or not the script worked correctly you can run this code:
Bash:
adb shell
su
mount -o remount,rw /
mount -o remount,rw /odm
mount -o remount,rw /product
mount -o remount,rw /system_ext
mount -o remount,rw /vendor
mount | grep dm- | head -5
Manual installation:
Spoiler: Manual installation
Extract flashable.zip and copy sysrw_*VERSION* folder into /data/local/tmp/
run this command to make the script executable:
chmod +x /data/local/tmp/sysrw_*VERSION*/sysrw
Automatic installation:
Spoiler: Automatic installation
Installation of the script has never been this easy!Download the flashable.zip below, do NOT enable zip signature verification and simply install it in your custom recovery (works in TWRP, OrangeFox and PBRP!)The update binary will auto-detect the arguments in config.ini and launch the script accordingly
Flashable zip custom usage:
Spoiler: Flashable zip custom usage
You can easily modify the custom script execution arguments in the included config.ini file. Simply extract the flashable.zip, edit the included config.ini file with notepad and then save the file. Next compress the sysrw_*VERSION* and META-INF folders again as a new flashable .zip and install it in recovery. Have fun playing around with your config.ini
Script usage:
Simply execute the program from the terminal shell with or without custom argumentsOptional script arguments:
Spoiler: Optional script arguments
Replace x with your custom value
in=x
Specify existing super image as input [OPTIONAL]
Omitting this parameter is equivalent to using [email protected] which is equivalent to using your super block device as input
out=x
Specify patched super image output file path [OPTIONAL]
Omitting this parameter is equivalent to using [email protected] and the patched super image will be saved as ./img/super_patched.bin by default
size=x
Specify the extra free space (in megabytes) to be added to each sub-partition of super.img [OPTIONAL]
Omitting this parameter is equivalent to using [email protected] which will activate the auto-resize feature
-r
Specify whether or not the patched super image should be output in raw file format [OPTIONAL]
Omitting this parameter will create a sparse patched super image by default
Usage examples:
Bash:
adb shell
su
cd /data/local/tmp/sysrw_1.33
chmod +x ./sysrw
# Run program with default settings [RECOMMENDED]
./sysrw
# Specify existing super image as input [OPTIONAL]
./sysrw in=./img/super_original.img
# Specify patched super image output file path [OPTIONAL]
./sysrw out=./img/super_patched_new.img
# Specify the extra free space (in megabytes) to be added to each sub-partition of super.img [OPTIONAL]
./sysrw size=15
# Specify whether or not the patched super image should be output in raw file format [OPTIONAL]
./sysrw -r
# EXPERT EXAMPLE (Warning! This command could potentially corrupt your system. Only use at your own risk in recovery mode!)
./sysrw in=img/super_original.bin out=`realpath /dev/block/by-name/super` -r
Uninstallation:
Spoiler: Uninstallation
To free up space and keep script as well as r/w capability you can simply delete /img subfolder at /data/local/tmp/sysrw_*VERSION*/img
To delete script and keep r/w capability you can simply delete whole script folder at /data/local/tmp/sysrw_*VERSION*
To undo all changes performed by the script you can simply reflash original stock read-only super image and re-enable dm-verity and verification either through adb/fastboot or with the included avbctl binary.
Troubleshooting:
Spoiler: Troubleshooting
If you can't get this script to work on your device check out the brand new sophisticated superrepack tool by @munjeniERROR 73: Troubleshooting repair script instructions@harpreet.s slot switching workaroundIf you get any errors from the update-binary in your custom recovery during installation of the flashable .zip then please send me this log file /tmp/recovery.logand a screenshot of your error. Thanks! Make sure the script folder was correctly extracted to:/data/local/tmp/sysrw_*VERSION*If you can't run the script try making the file executable like this: chmod +x ./sysrwIf you still can't get it to work run which sh in your shell and replace the shebang in the first line of the script with the output of that command. Don't remove the first two #! symbols though. Then save the file and try again.Make sure you've got full read / write access to the /data/local/tmp directory and that the containing files are not encrypted in custom recovery!If you get a bootloop after successfully creating and flashing super_patched.bin then that's probably because you didn't properly disable your dm-verity and verification.To undo any bootloop simply re-flash original stock read-only super image and re-enable dm-verity and verification with the included avbctl binary or through adb/fastboot. Those are the only changes performed by the script. If you have any more questions just ask in this thread. Good luck!
About:
Spoiler: About
I did not come up with all this by myself. After searching for a solution for countless days without success, going even as far as learning hex editing - I accidentally came across a couple of very interesting threads burried deep inside the new forum interface where this method has been described by various rw enthousiasts (links can be found in the credits section below). Therefore most credit goes to these rw enthousiasts. I'm only the amateur who put it all together into a compact script so that everybody can enjoy an Android system that's read/write-able again. Just like it used to be in Android 9 or earlier. Before these annoying 'shared_blocks' and 'EROFS' read-only features were implemented.
Credits:
Huge thanks to @Brepro1 for allowing me to use his awesome tutorial and make it into a script. Without your tutorial guiding me I couldn't have created this script.Huge thanks to @Kolibass for allowing me to use his partition tools for Android. Without your tools this script would not work on the Android platform!Big thanks @munjeni for allowing me to use his amazing superunpack V1 tool in the initial version. It helped me to understand how these super images work.Thanks @AndyYan your great tutorial also helped me a lot for automating the script especially the lpdump part.Thanks @bynarie for making available his otatools package! A part of it was bundled with the initial version which helped me to create this universal version. It's still part of the troubleshooting repair script to fix error 73.Thanks @HemanthJabalpuri for assisting me in optimizing the underlying algorithm!
Disclaimer:
Spoiler: Disclaimer
#Disclaimer v3.0This open source software is provided as is without any kind of warranty or support whatsoever.By using and viewing this software you agree to the following terms:
Under no circumstances shall the author be held responsible for any damages that may occur from the (inappropriate) use of this software (or parts thereof).
All responsibility, liability and risk lies with the end-user. You hereby agree not to abuse this software for illegal purposes.
Please don't steal, hack, crack, mod, hex-edit, decompile, rebrand and / or abuse this software or parts thereof. Thank you!
This software can be re-uploaded to 3rd party websites indefinitely as long as the software itself (or any parts thereof) were not modified by unauthorized 3rd parties without the original author's prior knowledge and explicit written consent
This software (or parts thereof) were provided for free only for non-commercial, educational, personal, legal purposes
To use this software (or parts thereof) for commercial purposes, please rent a commercial usage license
Thank you very much for your support! Thanks to your amazing support I can continue working on this project and other interesting projects like this.
Enjoy debloating and customizing your fully read/write-able next-gen Android device!
Please post your feedback, suggestions and your Olympic Android System Mods (OASMG) @ the official SystemRW / SuperRW feat. MakeRW / ro2rw by lebigmac links below. Thanks
https://forum.xda-developers.com/t/...tition-converter-resizer-by-lebigmac.4247311/
https://forum.xda-developers.com/t/...n-converter-erofs-rw-ext4-rw-f2fs-rw.4536821/
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Confirmed working on these devices:
Spoiler: Device list
Xiaomi Poco X3 NFC
Xiaomi Poco X3 Pro
Xiaomi Poco X2 - Android 10/11
Xiaomi Poco X2 - Android 11
Xiaomi Poco F2 Pro - Android 11
Xiaomi Mi 10 T Lite - Android 11
Xiaomi Mi 10 T lite - Android 11
Xiaomi Mi 10 - Android 11
Xiaomi Mi 10 Ultra - Android 11
Xiaomi Mi 10i 5G (gauguin) - Android 11
Xiaomi Mi Note 10 Lite - Android 11 - OrangeFox
Xiaomi Redmi Note 12 5G - Android 12 - latest MIUI 13.0.3
Xiaomi Redmi 9 - Android 10
Xiaomi Redmi 9 - Android 10
Xiaomi Redmi Note 9 Pro joyeuse - Android 10
Xiaomi Redmi Note 9 Pro gauguin (China) - Android 10
Xiaomi Redmi Note 9S - Android 11 - MIUI Global 12.5.3 Stable (RJWEUXM)
Xiaomi Redmi 9T - Android 11
Xiaomi Redmi K30 - Android 10
Xiaomi Redmi K30S Ultra(China), Android 11
Asus ROG Phone 3 - Android 10
Asus ROG Phone 5 - Android 11
OnePlus Nord - Android 11
OnePlus 8T - Android 11
Doogee S96Pro - Android 10
F150 model B2021 - Android 10
Realme C12 - Android 11
Realme GT 5G - Android 12
Pixel 4a (sunfish) - Android 11
Google Pixel 4 XL (coral) - Android 10
and many more!
NOTE: Please post your feedback in this thread (with screenshot as proof that you are RW) if you want your device to be included in this list
Download
current status: experimental
If you like this project and want to support further development of it & the creation of more amazing projects like this then please feel free to donate to the original developer lebigmac by clicking the button below. Thanks! Your support is very much appreciated!
Donate
If the script works on your device please send me your log files from this folder:
/data/local/tmp/systemrw_1.32/log/
And please write your phone model - Android version - firmware version
Then I can add you to the list of successful devices and it will be helpful for further development. Thank you!
doesn't work for me!
You're supposed to run this on the phone
This universal version is different from the previous Linux only version!
Please follow the instructions in the first post or in the comment section of the script itself!
It looks like I'll have to make a flashable zip out of this. Please give me a day or two to learn more about flashable zip's!
I just wanted to release it as soon as possible because I know many people were waiting for the new universal version
lebigmac said:
you're supposed to run this on the phone
Please follow the instructions in the first post or in the comment section of the script itself!
Click to expand...
Click to collapse
you mean terminal of twrp?
Thanks for your hard work. So I just need to copy the file to my storage and run it with TWRP ( I use orangefox) and nothing more?
Manual installation:
Extract BUNDLE.zip
Extract flashable.zip
Copy systemrw_1.32 folder into /data/local/tmp/
It should look like this:
/data/local/tmp/systemrw_1.32
Please keep in mind I have not tested this in orangefox but only in twrp so you will be the first person to do so!
Is orangefox an engineer build like twrp? You can check this by doing
Code:
getprop ro.build.type
when I run " getprop ro.build.type" the answer is "eng"
lebigmac said:
yes but the makesysrw_1.15 folder containing the script should go into /data/local/tmp/
so it should look like this:
/data/local/tmp/makesysrw_1.15
Also if you have orangefox you can simply replace the TWRP check at line #303 with this:
Code:
if ( whoami>/dev/null ); then
Please keep in mind I have not tested this in orangefox but only in twrp so you will be the first person to do so!
If orangefox is anything like twrp it should work! Is orangefox an engineer build like twrp?
you can check this by doing
Code:
getprop ro.build.type
Click to expand...
Click to collapse
If I try to access the link it says "
403 Forbidden"
Download link updated
It works. Device: Xiaomi Redmi Note 9 Pro joyeuse
uvzen said:
IT WORKS! Device: Xiaomi Redmi Note 9 Pro joyeuse
Click to expand...
Click to collapse
You've got to be kidding me!
Thanks for your feedback uvzen. I think you were the first one to try it. Congratulations
Can you please tell me do you have a super partition on your device? What Android version?
And how did you like the flashing process? Was it smooth and fast?
Thanks to a suggestion by user @Kolibass the flashing is now super fast in this new version!
lebigmac said:
You've got to be kidding me!
Thanks for your feedback uvzen. I think you were the first one to try it. Congratulations
Can you please tell me do you have a super partition on your device? What Android version?
And how did you like the flashing process? Was it smooth and fast?
Thanks to a suggestion by user @Kolibass the flashing is super fast in this new version!
Click to expand...
Click to collapse
Device: Xiaomi Redmi Note 9 Pro joyeuse Android 10 MIUI 12.0.1
I have a super partition and the process took about 5 minutes
So is your system read-write now? Did you use any special arguments when calling the script such as size=100 to give extra free space to your partitions? That's useful so you can copy stuff to system. Otherwise you can only delete stuff...
lebigmac said:
So are you read-write now? Did you use any special arguments when calling the script such as size=100 to give extra free space to your partitions? That's useful so you can copy stuff to system. Otherwise you can only delete stuff xD
Click to expand...
Click to collapse
I used ./makesysrw.sh size=300 but that's not enough and now I will try with size=1000
1 GB (1024 MB) is probably too much
Did you try copy stuff into /system yet to see if it's read write?
In your favorite root file manager you can click the remount as R/W button on top.
You can also try mounting your partition(s) as read/write manually like this:
I mean 300MB is not enough for me xD
Please post an instructional video
can't access to tmp because it is encripted in twrp, any help please
@walid77dz did you try to boot into android, set a PIN code and then reboot to TWRP and decrypt everything by entering your PIN code?
Can someone please make a custom rom for oppo a5s i'm begging
i tried like 10 gsi roms and none of them worked properly
Because GSI ROMs require Android supports Project Treble, have you checked phone supports Project Treble?
Using ADB simply type the following command:
Code:
adb shell "getprop ro.treble.enabled"
It will return a boolean value, true if your device supports Treble and false if it doesn't.
jwoegerbauer said:
Because GSI ROMs require Android supports Project Treble, have you checked phone supports Project Treble?
Using ADB simply type the following command:
Code:
adb shell "getprop ro.treble.enabled"
It will return a boolean value, true if your device supports Treble and false if it doesn't.
Click to expand...
Click to collapse
when i said worked properly i meant being stable because i know my phone is treble supported a only system and i tried many os like arrowos, havocos, phh aosp (10-9-8.1) but they all crash a lot and a lot of hardware does not work like fingerprint and face unlock and the brightness is at max 50%
If you flash a GSI ROM all OEM / vendor specific files ( the drivers ) are missing by default, hence you must not be surprised that a lot of hardware isn't working as expected.
jwoegerbauer said:
If you flash a GSI ROM all OEM / vendor specific files ( the drivers ) are missing by default, hence you must not be surprised that a lot of hardware isn't working as expected.
Click to expand...
Click to collapse
yea that's why it kinda disappointing
i was trying to make the gsi rom recognize the hardware but i couldn't find a solution