Related
@MikeChannon removed OP. please close
what? lol
hi ionioni,
many thanks for your tool. I could successfully create a signed bios file. During the flashing process, i believe, it shows no errors. But after a automatically reboot just the teclast logo appears.
I did a "RESTORE DEFAULT" and "SAVE AND RESET" but when i try to flash android with the mirek tool, it shows the same error message (get_path:344...) .
Do you have any suggestions what i can try to restore a working state?
Thank you.
the_dude_84 said:
During the flashing process, i believe, it shows no errors. But after a automatically reboot just the teclast logo appears
Click to expand...
Click to collapse
at the end of the bios flashing, before the reboot, did you received a "RESTORE COMPLETED! Rebooting the tab to load new BIOS!" message? if not, what messages you got when flashing? what are the steps you are doing? more details ... this tool job is to write a (user provided) bios file, not fixing specific stuff (other) on your tab
later edit: the error 'get_path:344' is normal to be shown. the x98 bootloader (efilinux file) will at first try to get a handle for the device (disk) it was started from, but when it is run directly from the bios, ie dnx mode (normally it loads/executes from his EFI partition on mmc) the call returns no handle (as it should) and this is causing the message. is a normal message if starting from dnx, what is not normal, is if after that the bootloader won't be able to load and execute the kernel from the passed boot image.
the tablet just restarts without such a message you named. I used my prevously saves bios with your tool and flash it. What steps i can do to convince the tablet to start the kernel?
Did you repair the saved BIOS before flash by this new tool?
You have to change from FE FE at 400Dh and 400Eh address to FF FF with a hex editor!
updated OP with v2 of the tool as it seems these x98 tabs are not having the most conforming EFI firmware in the bios (it 'forgets' the consistent mapped device so i hard-coded it in the tool, it would have map to the same path anyways as it is a consistent /virtual/ disk that is used as environment during the flashing, so this 'patch' just helps the non-conforming devices /such as x98 so far/ not limits)
blackbile said:
Did you repair the saved BIOS before flash by this new tool?
You have to change from FE FE at 400Dh and 400Eh address to FF FF with a hex editor!
Click to expand...
Click to collapse
do you know what those two bytes are about? can anyone say that he bricked his tab by flashing a FE FE bios? (i have flashed my bios back dozen times so far on my Lenovo and did not knew about this until read someplace on these posts so i checked my backup bios file and sure thing it did have the FE FE inside at that offset... i guess is something wrong with my tab since it did not bricked )
joke aside, i cannot say whether this IS or IS NOT true, but what i can say is that there were two users i assisted in flashing back their bios backup (on x98 models) and both had FE FE at that offset and they did NOT BRICKED ( @florent.m was on ant the other don't recall)... i wish i knew more about WHY this needs to be done, not just YOU MUST instructions... what i know is that area belongs to the nvram of TXE region (is the EFFSOSID partition of it) but since Intel takes care that no one has access to TXE related info i sure would be interested in someone saying what those two bytes are accounted for (and more of course)...
again someone who has a flash programmer can check easily and safely (i have but as i said i cannot hard-brick it )
I'm still not able to flash. I get this error message upon running fastboot boot image_name.img
Code:
INVALID size (7586586 bytes) for pushed package! This tool will only accept a (md5) BIOS file for input. You MUST run md5add.exe on your BIOS file and push the file it produces.
ABORTING
I did run md5add on the img and I did run fastboot boot on the image it produced (16 bytes larger than the original). What am I doing wrong?
BTW, by pushing does it mean that I have to run anything else besides those 2 commands on fastboot?
andrepd said:
I'm still not able to flash. I get this error message upon running fastboot boot image_name.img
Code:
INVALID size (7586586 bytes) for pushed package! This tool will only accept a (md5) BIOS file for input. You MUST run md5add.exe on your BIOS file and push the file it produces.
ABORTING
I did run md5add on the img and I did run fastboot boot on the image it produced (16 bytes larger than the original). What am I doing wrong?
BTW, by pushing does it mean that I have to run anything else besides those 2 commands on fastboot?
Click to expand...
Click to collapse
read the op again !!! and do exactly the steps detailed there!!! you need to use YOUR signed bios file generated with md5add ... instead you are WRONGLY!!! using some boot image file (luckily for you there is a size check too, otherwise you would have been flashing a kernel on your bios chip, oh boy...)
again:
the first instruction pushes the bios efi flasher tool
the second one pushes YOUR bios (signed) file that you want to flash on your bios chip. to make sure that the bios file that is wrote by the tool is not altered during the transfer i added the extra md5 signing step, so before it will start the effective flashing the efi tool will check the bios file received against the md5 signature appended (this step is normally not needed, but on some PC could be that the usb transfer misbehaves)
Thanks a lot for your efforts and help!!!
ionioni said:
read the op again !!! and do exactly the steps detailed there!!! you need to use YOUR signed bios file generated with md5add ... instead you are WRONGLY!!! using some boot image file (luckily for you there is a size check too, otherwise you would have been flashing a kernel on your bios chip, oh boy...)
again:
the first instruction pushes the bios efi flasher tool
the second one pushes YOUR bios (signed) file that you want to flash on your bios chip. to make sure that the bios file that is wrote by the tool is not altered during the transfer i added the extra md5 signing step, so before it will start the effective flashing the efi tool will check the bios file received against the md5 signature appended (this step is normally not needed, but on some PC could be that the usb transfer misbehaves)
Click to expand...
Click to collapse
But the image I'm flashing isn't even 7586586 bytes... I'm flashing with this tool as per this post http://forum.xda-developers.com/showpost.php?p=64854157&postcount=26 (img in the OP of that thread)
Sorry I'm a bit confused... Is that boot image the wrong one to flash then?
Thank you very much!
I think it worked and is waiting for input or is even done already, but I'm quite cautious now, so I don't want to press anything yet
It says:
FPT operation passed
_
Click to expand...
Click to collapse
In the flash.bat from another tool (TTT-Update the BIOS on your X98 Air II/3G to the latest dual boot version) it should write that status to a log file and continue with either flash passed or failed, but apparently it doesn't continue automatically in my case.
Hope anyone knows if it is safe to do anything. I've pressed the power button shortly as a confirmation command, but that doesn't do anything.
andrepd said:
But the image I'm flashing isn't even 7586586 bytes... I'm flashing with this tool as per this post http://forum.xda-developers.com/showpost.php?p=64854157&postcount=26 (img in the OP of that thread)
Sorry I'm a bit confused... Is that boot image the wrong one to flash then?
Click to expand...
Click to collapse
This is a DIFFERENT tool! that one you are refering to already has a BIOS file in it...
This one flashes a bios file YOU MUST provide!
Bolsnerk said:
Thank you very much!
I think it worked and is waiting for input or is even done already, but I'm quite cautious now, so I don't want to press anything yet
It says:
In the flash.bat from another tool (TTT-Update the BIOS on your X98 Air II/3G to the latest dual boot version) it should write that status to a log file and continue with either flash passed or failed, but apparently it doesn't continue automatically in my case.
Hope anyone knows if it is safe to do anything. I've pressed the power button shortly as a confirmation command, but that doesn't do anything.
Click to expand...
Click to collapse
As said on some x98 devices (having a specific bios?) it seems that after the bios is flashed 100% it hangs... not so much you can do but force a power off/reboot ... you should be fine
ionioni said:
This is a DIFFERENT tool! that one you are refering to already has a BIOS file in it...
This one flashes a bios file YOU MUST provide!
Click to expand...
Click to collapse
Okay, I got it working, phew, I was being a total noob and confusing everything. I took the dual boot BIOS, added the md5 hash with the tool you provided and flashed it with your tool. Everything went well. Thank you for your work and sorry for being a total moron
andrepd said:
Okay, I got it working, phew, I was being a total noob and confusing everything. I took the dual boot BIOS, added the md5 hash with the tool you provided and flashed it with your tool. Everything went well. Thank you for your work and sorry for being a total moron
Click to expand...
Click to collapse
Excellent!
ionioni said:
do you know what those two bytes are about? can anyone say that he bricked his tab by flashing a FE FE bios? (i have flashed my bios back dozen times so far on my Lenovo and did not knew about this until read someplace on these posts so i checked my backup bios file and sure thing it did have the FE FE inside at that offset... i guess is something wrong with my tab since it did not bricked )
joke aside, i cannot say whether this IS or IS NOT true, but what i can say is that there were two users i assisted in flashing back their bios backup (on x98 models) and both had FE FE at that offset and they did NOT BRICKED ( @florent.m was on ant the other don't recall)... i wish i knew more about WHY this needs to be done, not just YOU MUST instructions... what i know is that area belongs to the nvram of TXE region (is the EFFSOSID partition of it) but since Intel takes care that no one has access to TXE related info i sure would be interested in someone saying what those two bytes are accounted for (and more of course)...
again someone who has a flash programmer can check easily and safely (i have but as i said i cannot hard-brick it )
Click to expand...
Click to collapse
IonIoni,
All,
1st - thanks again for your tool, it saved my tablet (teclast C5J8)
2nd - yes the boot file I provided to Ionioni was untouched, a direct copy of the bios as dumped by mirek backup tool, and up to now, everything is working fine, either on android, or on Windows 10.
and when I say everything fine......I want to say as before..........the GPS is still not working (((((((
thanks a lot,
Cheers,
Florent
Holy moley, the last 24 hours have been intense, that is how old my x98 air iii is, and I have read over a thousand pages here on XDA in that time, i've also managed to soft brick it trying to flash a dual boot bios as per Techknights/Techtablets guides, not sure why or where exactly things went bad, now i'm stuck in a boot loop, red Chinese symbols with a tiny arrow beside it, but reading this gives me some hope, no idea how to follow the simple instructions above when you say..
" IMPORTANT: run the md5add tool on your bios file md5add.exe your_bios_file your_signed_bios_file. "
tried a few things and got nowhere, I tried to open the bios file that you said to place in the same folder as the other two files, with the md5add tool and a small window flashed on screen for a millisecond then disappeared, that's all no file was produced lol
Also not sure what this part means too..
"start in dnx mode and input:
fastboot flash osloader bios_flasher.efi.."
I can get into dnx mode ok but thats all how do I input anything?
My head is fried but I will stay up and try again, it's 5am (Ireland)
Am I missing an elephant in the room? like some other software the everyone else has already installed except noobs like me?
pilot error said:
Holy moley, the last 24 hours have been intense, that is how old my x98 air iii is, and I have read over a thousand pages here on XDA in that time, i've also managed to soft brick it trying to flash a dual boot bios as per Techknights/Techtablets guides, not sure why or where exactly things went bad, now i'm stuck in a boot loop, red Chinese symbols with a tiny arrow beside it, but reading this gives me some hope, no idea how to follow the simple instructions above when you say..
" IMPORTANT: run the md5add tool on your bios file md5add.exe your_bios_file your_signed_bios_file. "
tried a few things and got nowhere, I tried to open the bios file that you said to place in the same folder as the other two files, with the md5add tool and a small window flashed on screen for a millisecond then disappeared, that's all no file was produced lol
Also not sure what this part means too..
"start in dnx mode and input:
fastboot flash osloader bios_flasher.efi.."
I can get into dnx mode ok but thats all how do I input anything?
My head is fried but I will stay up and try again, it's 5am (Ireland)
Am I missing an elephant in the room? like some other software the everyone else has already installed except noobs like me?
Click to expand...
Click to collapse
i wonder how could the instructions in this op be more simple...
you must:
1. find a BIOS file for you model, make sure it is the CORRECT one or you might hard-brick when you flash it
2. sign the file using the md5add tool, this will create a new file, the signed bios file
3. start in dnx mode and load the efi bios flasher tool and then you bios signed file (the steps are in the op)
ionioni said:
i wonder how could the instructions in this op be more simple...
you must:
1. find a BIOS file for you model, make sure it is the CORRECT one or you might hard-brick when you flash it
2. sign the file using the md5add tool, this will create a new file, the signed bios file
3. start in dnx mode and load the efi bios flasher tool and then you bios signed file (the steps are in the op)
Click to expand...
Click to collapse
You know what ionioni, they may be simple to you, but this is my FIRST android tab, its only two days old and it's soft bricked on the very first try at bios flashing from following equally simple instructions from techtablets, flashing new bios from within android using update ifwi.apk, I did exactly that chose the 2.02 dual boot bios that everyone else used, copied it to internal storage and pressed the button.
That is all I did to ruin this tablet lol
What techtablets did NOT mention is he was already rooted on mirek190 v6, that is why my tab is softbricked, not because I chose the wrong files.
No idea how to do this step.. "sign the file using the md5add tool", when i search about it, the only results are back in here?
Can you point me in the right direction to learn about md5add?
Thnk you..
pilot error said:
You know what ionioni, they may be simple to you, but this is my FIRST android tab, its only two days old and it's soft bricked on the very first try at bios flashing from following equally simple instructions from techtablets, flashing new bios from within android using update ifwi.apk, I did exactly that chose the 2.02 dual boot bios that everyone else used, copied it to internal storage and pressed the button.
That is all I did to ruin this tablet lol
What techtablets did NOT mention is he was already rooted on mirek190 v6, that is why my tab is softbricked, not because I chose the wrong files.
No idea how to do this step.. "sign the file using the md5add tool", when i search about it, the only results are back in here?
Can you point me in the right direction to learn about md5add?
Thnk you..
Click to expand...
Click to collapse
i give you the tools and the how-to use them...
again, you need to do this:
1. FIND a bios file for your tab model, ask around and some other owner can point you at it, but take care as this is the file that will be programmed in your tablet so if it is not good you will HARD-BRICK (ask ten times before using it once)
2. after you have found the file, use the md5add tool to sign, if for eg the file is named some_bios_file.bin you can input at a command prompt:
md5add.exe some_bios_file.bin signed_bios.bin (the signed_bios.bin file will be generated)
3. start your tab in dnx mode and input:
fastboot flash osloader bios_flasher.efi
fastboot boot signed_bios.bin and this will start the flashing process... messages will be shown on your tab screen while progressing...
the md5add.exe and bios_flasher.efi files can be found in the attachment to the first post (op)
the bios file is your responsibility to find
when done if the bios file you used is correct you should be able to use again the tab (ie no more bootloop)
i must repeat: be careful what bios file you use, if it's a wrong one you can HARD-BRICK! ask around for that...
Hi everyone and thanks for your time. I will get straight to the point:
All these tests were made on G925V 5.1.1 , rooted with eng boot. (Look at my profile for my post on how to downgrade from 7.0 ,and all below, to 5.1.1 and for for root turorial)
-The samsung downgrade mechanism relies on a flag set in the different partitions to determine its version.
- The phone looks for the flag "SYSMAGIC X" where X is the version. (Starting from 0, meaning SYSMAGIC 0= version 1)
-The following partitions have the flag:
*BOTA0 <----gets its files from sboot.bin (bootloader first partition)
* BOTA1 <-------gets its files from cm.bin (bootloader second partition)
*BOOT <----- from boot.img
*CACHE <-----from cache.img
*RECOVERY <----from recovery.img
*SYSTEM <------from system.img
*sdb <---- which is the bootloader as a whole I believe, don't quote me in this, just a deduction.
All these files can be accessed through a full tar or by dumping them using dd if of.
Bota0, bota1, boot, system,recovery,cache..etc can be found in :
/dev/block/platform/15570000.ufs/by-name
Putting any of these in a hex editor, you will find the line "SYSMAGIC 3" (in my case for 5.1.1, binary version 4).
If you dump /dev/block/sda18 , edit with hex editor and edit the SYSMAGIC to one version lower. Save then dd back to sda18, reboot the phone and guess what?
SYSTEM REV. CHECK FAIL. DEVICE:3 BINARY:2.
All this is assumption but the line is there and it seems to pass every check and just assumes thats the version.
Hope someone can take it further. I unfortunately bricked my s6 writing the wrong partiton back over the bootloader...and well...bad bootloader....no more download mode.
Be careful, devs please help. Anyone with a device willing to use as a ginny pig, pm me.
dragoodwael said:
Hi everyone and thanks for your time. I will get straight to the point:
All these tests were made on G925V 5.1.1 , rooted with eng boot. (Look at my profile for my post on how to downgrade from 7.0 ,and all below, to 5.1.1 and for for root turorial)
-The samsung downgrade mechanism relies on a flag set in the different partitions to determine its version.
- The phone looks for the flag "SYSMAGIC X" where X is the version. (Starting from 0, meaning SYSMAGIC 0= version 1)
-The following partitions have the flag:
*BOTA0 <----gets its files from sboot.bin (bootloader first partition)
* BOTA1 <-------gets its files from cm.bin (bootloader second partition)
*BOOT <----- from boot.img
*CACHE <-----from cache.img
*RECOVERY <----from recovery.img
*SYSTEM <------from system.img
*sdb <---- which is the bootloader as a whole I believe, don't quote me in this, just a deduction.
All these files can be accessed through a full tar or by dumping them using dd if of.
Bota0, bota1, boot, system,recovery,cache..etc can be found in :
/dev/block/platform/15570000.ufs/by-name
Putting any of these in a hex editor, you will find the line "SYSMAGIC 3" (in my case for 5.1.1, binary version 4).
If you dump /dev/block/sda18 , edit with hex editor and edit the SYSMAGIC to one version lower. Save then dd back to sda18, reboot the phone and guess what?
SYSTEM REV. CHECK FAIL. DEVICE:3 BINARY:2.
All this is assumption but the line is there and it seems to pass every check and just assumes thats the version.
Hope someone can take it further. I unfortunately bricked my s6 writing the wrong partiton back over the bootloader...and well...bad bootloader....no more download mode.
Be careful, devs please help. Anyone with a device willing to use as a ginny pig, pm me.
Click to expand...
Click to collapse
That is great news. What else do you know of the magic bytes at the footer of the system image?
I'm going to look into this.
All of those partitions, probably even the cache partition with it's metadata file from the CSC, have points that have access to the private signing key burned into the Trust Zone firmware.
Hi, I followed your tut on downgrading my SM-G925V to 5.1.1 and also got root which was great, but I guess its pretty worthless as its only temporary til reboot, has there been any further progress on permanent root on the G925v? Great work btw all involved!
Warning - USE THIS GUIDE AT YOUR OWN RISK. I AM NOT RESPONSIBLE IF YOU END UP BRICKING YOUR DEVICE.
[Update 29.08.2019] Added new download locations for raw images
[Update 07.01.2019] Added more current raw image for ZS620KL WW 80.30.96.111
[Update 25.10.2018] Added raw image for ZS621KL.
[Update 09.08.2018] Updated for 80.11.37.95 and future versions.
[Update 20.07.2018] I was able to root FW 80.11.37.86 with Magisk Manager 5.8.3 so you are no longer locked to FW 80.11.37.69 and do not have to downgrade.
This guide is split into two sections: rooting and downgrade/unbrick.
Each section is split into a quick how to for experienced users and a more detailed guide.
General info:
The most current firmware as of 20.07.18 is 80.11.37.86. Newer versions will work too!
This guide is written for firmware 80.11.37.86. If you do not want to upgrade/downgrade to 80.11.37.86 you will need to use the firmware (zip file from ASUS) you are on in all the steps.
If you upgrade your firmware to a newer version AFTER rooting it you will lose root! You will need to patch the boot.img of the new firmware again > follow the rooting guide.
I have only tested this on my ZS620KL Z01RD WW version. It should work on other variants JP/RU.
Magisk hide is working and Safetynet check passes.
Bugs/problems:
Unlocking the bootloader will void your warranty! Currently there is no method known to relock it!
You will get a warning message about your unlocked bootloader at every boot.
You will no longer receive OTA updates but you can download the new firmwares directly from Asus.
You will get a warning message about an internal problem every boot. Which you can disable if you do not need write access to the vendor partition.
> see rooting guide 10.
[Downloads]
for rooting
The latest and official platform tools (adb/fastboot) directly from google.
https://dl.google.com/android/repository/platform-tools-latest-windows.zip
Payload_dumper to extract the boot.img from the firmware:
https://androidfilehost.com/?fid=818070582850510260
Magisk Manager:
https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
The bootloader unlock app and the 80.11.37.86 firmware for your device (WW/RU/JP) from ASUS:
https://www.asus.com/Phone/ZenFone-5Z-ZS620KL/HelpDesk_Download/
for downgrade/unbrick
raw firmware (ZS620KL WW):
WW 80.10.8.54
https://www.androidfilehost.com/?fid=1899786940962570681
https://mega.nz/#F!2fIgmAoa!2q4ra3R1Cp0fyKZDYdVMwg
WW 80.30.96.111
https://www.androidfilehost.com/?fid=1899786940962570682
https://drive.google.com/file/d/16OgxiPFSDJwhitnqJaITuO-XPOrg_7q9/view
https://mega.nz/#F!2fIgmAoa!2q4ra3R1Cp0fyKZDYdVMwg
Confirmed working by amscova.
raw firmware (ZS621KL):
https://addrom.com/raw-rom-unbrick-for-asus-zenfone-5z-zs621kl/
https://www.androidfilehost.com/?fid=1899786940962570680
https://mega.nz/#F!2fIgmAoa!2q4ra3R1Cp0fyKZDYdVMwg
Confirmed working by B Nath.
[Rooting how to]
Upgrade to firmware 80.11.37.86 and enable usb debugging.
Unlock your bootloader with the app.
Extract boot.img from firmware using payload_dumper.
Patch boot.img with magisk manager.
fastboot flash boot patched_boot.img.
Enjoy root.
[Rooting guide]
You can root any firmware from 80.11.37.86 up with this guide. To upgrade to a newer firmware version copy the zip file (e.g. UL-Z01R-WW-80.11.37.86-user.zip) you downloaded from Asus
to the root of your phones internal memory and reboot or unplug your usb cable.
You will get an update found notification. Start the update. To downgrade check the downgrade guide below.
Enable usb debugging in System > Developer options. If you can not see System > Developer options go to System > About phone > Software information > Build number and tap it multiple times.
This will make the Developer options visible.
WARNING! Upgrading to some firmwares disables usb debugging and you need to enable it again.
Make a backup of all the data you do not want to lose.
Download the platform tools and extract them into a folder (i will use c:\5z\ in this guide) this will create a subfolder platform-tools.
You need a current fastboot version for this to work (due to a/b slots/partitions), so please use the current platformtools!
Download the bootloader unlock app, extract the UnlockTool_9.1.0.3_180621_fulldpi_Draco_GDPR.apk and copy it to your phone.
Use a filemanager on your phone to install it and follow the on screen instructions to unlock the bootloader.
WARNING! You will lose your warranty and all data on the phone so backup beforehand. You will see the first warning message at boot after this. There is currently no method know to relock the bootloader.
Download payload_dumper and extract it to c:\5z\. A payload_dumper-win64 folder will be created.
Download the firmware zip of the version you have on your phone and extract payload.bin from the zip to c:\5z\payload_dumper-win64\payload_input\ folder.
Start c:\5z\payload_dumper-win64\payload_dumper.exe and let it finish. Now copy the c:\5z\payload_dumper-win64\payload_output\boot.img to your phone (i will use the download folder).
Download Magisk Manager, copy the apk to your phone and use a filemanager on your phone to install it. Start the app and update it if you are asked.
When you are asked if you want to install Magisk > install. Select Method > Patch Boot Image File. Now select the boot.img in the download folder and let it finish patching.
Copy the patched_boot.img from the MagiskManager folder on your phone to c:\5z\platform-tools\
Start your phone in fastboot mode. To do that press and hold "power+volume up" to switch it on until you see the fastboot menu. If you are having trouble getting there,
it helps to release the power button first then the volume up when you see the menu.
Now connect the phone to your computer with the original usb cable. Open a command line with admin privileges and excute the following commands:
To switch to the fastboot dir:
Code:
cd c:\5z\platform-tools\
To check if your phone has been found:
Code:
fastboot devices
You should see the serial number of your phone.
Now flashing the patched boot image:
Code:
fastboot flash boot patched_boot.img
The output should look something like this:
target reported max download size of 268435456 bytes
sending 'boot' (18724 KB)...
OKAY [ 0.620s]
writing 'boot_a'...
OKAY [ 0.133s]
finished. total time: 0.756s
And the reboot:
Code:
fastboot reboot
Your phone should be booting now and you will see the second warning message "There is an internal problem with your device...".
If you want to get rid of that warning and do not need write access to your vendor partition (you most likely do not):
Open Magisk Manager and in the main screen press Uninstall > Restore Images to restore the images, check Preserve AVB 2.0/dm-verity checkbox in "Advanced Settings" on the main screen, then reinstall Magisk by pressing Install > direct install in the main screen.
Should you be stuck in the Zenfone boot animation or something went wrong, you will need to follow the steps in the unbrick section.
Otherwise your phone is rooted now. Enjoy.
[Downgrade/unbrick how to]
Download and extract the raw firmware.
With the phone in fastboot mode execute flashall_aft.cmd in the extraction folder.
You are now downgraded/unbricked with firmware 80.10.8.54.
Copy firmware version of your choice to internal sd card root and reboot/unplug usb cable to get "update notification".
Start the update to selected firmware from the "update found" notification.
[Downgrade/unbrick guide]
If you need to downgrade the firmware or if you have somehow bricked your device you can try to flash a raw (full) image of the phone.
Download and extract the raw firmware to c:\5z\raw.
If the download link is no longer working google for WW__ZS620KL_80.10.8.54_MP_user_20180517175955_release.zip and download it.
Start your phone in fastboot mode. To do that press and hold "power+volume up" to switch it on until you see the fastboot menu. If you are having trouble getting there,
it helps to release the power button first then the volume up when you see the menu.
Now connect the phone to your computer with the original usb cable. Open a command line with admin privileges and excute the following commands:
To switch to the fastboot dir:
Code:
cd c:\5z\raw
To flash the raw image:
Code:
flashall_aft.cmd
This will take a few minutes and the phone will reboot automatically. The first boot will take a little longer but your phone should now be unbricked and downgraded to 80.10.8.54.
You can now go to the root section of the guide and upgrade to a more current firmware.
Thanks to Renaf2 for his ZE620KL guide, GSPD and amscova for providing the ZS620KL raw image links and B Nath for finding the ZS621KL raw image.
Nice Theard
Thank You for your work
Upgrade after rooting
Hello,after downgrade and rooting the phone with your method,it is posible to put in internal memory the last version of firmware(80.11.37.86) and upgrade the phone,or the phone remains blocked in the version of firmware(80.11.37.69) which we make downgrade and root?Thank you for your hard work.
isthisadagger said:
Warning - USE THIS GUIDE AT YOUR OWN RISK. I AM NOT RESPONSIBLE IF YOU END UP BRICKING YOUR DEVICE.
Click to expand...
Click to collapse
Process is too long. I am working on unofficial Unlock Tool so that we can retain the warranty.
For downgrading, there is a tool for that. For me, fastboot codes may mess up the system/cache partitions.
If anyone wanna test my unlocking tool, feel free to PM me via Telegram
MOD EDIT: LINK REMOVED
The distribution of social media links is no longer allowed on XDA. Please refer to the thread linked below:
Telegram and Whatsapp Channels - Going Forward
mihaitaiosub said:
Hello,after downgrade and rooting the phone with your method,it is posible to put in internal memory the last version of firmware(80.11.37.86) and upgrade the phone,or the phone remains blocked in the version of firmware(80.11.37.69) which we make downgrade and root?Thank you for your hard work.
Click to expand...
Click to collapse
Yes it is possible but you will lose root.
Patching the boot.img for 80.11.37.79 and 80.11.37.86 does not seem to work with this method.
isthisadagger said:
Yes it is possible but you will lose root.
Patching the boot.img for 80.11.37.79 and 80.11.37.86 does not seem to work with this method.
Click to expand...
Click to collapse
And is not possible to root again whith method described on this thread?
mihaitaiosub said:
And is not possible to root again whith method described on this thread?
Click to expand...
Click to collapse
This is why we need TWRP.
mihaitaiosub said:
And is not possible to root again whith method described on this thread?
Click to expand...
Click to collapse
It is possible with Magisk Manager 5.8.3.
isthisadagger said:
Warning - USE THIS GUIDE AT YOUR OWN RISK. I AM NOT RESPONSIBLE IF YOU END UP BRICKING YOUR DEVICE.
[Update 20.07.2018] I was able to root FW 80.11.37.86 with Magisk Manager 5.8.3 so you are no longer locked to FW 80.11.37.69 and do not have to downgrade.
This guide is split into two sections: rooting and downgrade/unbrick.
Each section is split into a quick how to for experienced users and a more detailed guide.
General info:
The most current firmware as iof 20.07.18 is 80.11.37.86.
I have only tested this on my ZS620KL Z01RD WW version. It should work on other variants JP/RU.
This guide is written for firmware 80.11.37.86. If you do not want to upgrade to 80.11.37.86 you will need to use the firmware you are on in all the steps.
Magisk hide is working and Safetynet check passes.
Bugs/problems:
Unlocking the bootloader will void your warranty!
You will get a warning message about your unlocked bootloader at every boot.
You will get a warning message about an internal problem every boot. Which you can disable if you do not need write access to the vendor partition.
> see rooting guide 10.
[Downloads]
for rooting
The latest and official platform tools (adb/fastboot) directly from google.
https://dl.google.com/android/repository/platform-tools-latest-windows.zip
Payload_dumper to extract the boot.img from the firmware:
https://androidfilehost.com/?fid=818070582850510260
Magisk Manager:
https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
The bootloader unlock app and the 80.11.37.86 firmware for your device (WW/RU/JP) from ASUS:
https://www.asus.com/Phone/ZenFone-5Z-ZS620KL/HelpDesk_Download/
for downgrade/unbrick
raw firmware:
https://drive.google.com/file/d/1ogbQeeNDRPFCb9jl3kpRDK_DmsneQ0xL/view?usp=drivesdk
[Rooting how to]
Upgrade to firmware 80.11.37.86 and enable usb debugging.
Unlock your bootloader with the app.
Extract boot.img from firmware using payload_dumper.
Patch boot.img with magisk manager.
fastboot flash boot patched_boot.img.
Enjoy root.
[Rooting guide]
You can root any firmware up to 80.11.37.86 with this guide. To upgrade to a newer firmware version copy the zip file (e.g. UL-Z01R-WW-80.11.37.86-user.zip) you downloaded from Asus
to the root of your phones internal memory and reboot or unplug your usb cable.
You will get an update found notification. Start the update. To downgrade check the downgrade guide below.
Enable usb debugging in System > Developer options. If you can not see System > Developer options go to System > About phone > Software information > Build number and tap it multiple times.
This will make the Developer options visible.
WARNING! Upgrading to some firmwares disables usb debugging and you need to enable it again.
Make a backup of all the data you do not want to lose.
Download the platform tools and extract them into a folder (i will use c:\5z\ in this guide) this will create a subfolder platform-tools.
You need a current fastboot version for this to work (due to a/b slots/partitions), so please use the current platformtools!
Download the bootloader unlock app, extract the UnlockTool_9.1.0.3_180621_fulldpi_Draco_GDPR.apk and copy it to your phone.
Use a filemanager on your phone to install it and follow the on screen instructions to unlock the bootloader.
WARNING! You will lose your warranty and all data on the phone so backup beforehand. You will see the first warning message at boot after this.
Download payload_dumper and extract it to c:\5z\. A payload_dumper-win64 folder will be created.
Download the firmware zip of the version you have on your phone and extract payload.bin from the zip to c:\5z\payload_dumper-win64\payload_input\ folder.
Start c:\5z\payload_dumper-win64\payload_dumper.exe and let it finish. Now copy the c:\5z\payload_dumper-win64\payload_output\boot.img to your phone (i will use the download folder).
Download Magisk Manager, copy the apk to your phone and use a filemanager on your phone to install it. Start the app and update it if you are asked.
When you are asked if you want to install Magisk > install. Select Method > Patch Boot Image File. Now select the boot.img in the download folder and let it finish patching.
Copy the patched_boot.img from the MagiskManager folder on your phone to c:\5z\platform-tools\
Start your phone in fastboot mode. To do that press and hold "power+volume up" to switch it on until you see the fastboot menu. If you are having trouble getting there,
it helps to release the power button first then the volume up when you see the menu.
Now connect the phone to your computer with the original usb cable. Open a command line with admin privileges and excute the following commands:
To switch to the fastboot dir:
Code:
cd c:\5z\platform-tools\
To check if your phone has been found:
Code:
fastboot devices
You should see the serial number of your phone.
Now flashing the patched boot image:
Code:
fastboot flash boot patched_boot.img
The output should look something like this:
target reported max download size of 268435456 bytes
sending 'boot' (18724 KB)...
OKAY [ 0.620s]
writing 'boot_a'...
OKAY [ 0.133s]
finished. total time: 0.756s
And the reboot:
Code:
fastboot reboot
Your phone should be booting now and you will see the second warning message "There is an internal problem with your device...".
If you want to get rid of that warning and do not need write access to your vendor partition (you most likely do not):
Open Magisk Manager and in the main screen press Uninstall > Restore Images to restore the images, check Preserve AVB 2.0/dm-verity checkbox in "Advanced Settings" on the main screen, then reinstall Magisk by pressing Install > direct install in the main screen.
Should you be stuck in the Zenfone boot animation or something went wrong, you will need to follow the steps in the unbrick section.
Otherwise your phone is rooted now. Enjoy.
[Downgrade/unbrick how to]
Download and extract the raw firmware.
With the phone in fastboot mode execute flashall_aft.cmd in the extraction folder.
You are now downgraded/unbricked with firmware 80.10.8.54.
Copy firmware version of your choice to internal sd card root and reboot/unplug usb cable to get "update notification".
Start the update to selected firmware from the "update found" notification.
[Downgrade/unbrick guide]
If you need to downgrade the firmware or if you have somehow bricked your device you can try to flash a raw (full) image of the phone.
Download and extract the raw firmware to c:\5z\raw.
If the download link is no longer working google for WW__ZS620KL_80.10.8.54_MP_user_20180517175955_release.zip and download it.
Start your phone in fastboot mode. To do that press and hold "power+volume up" to switch it on until you see the fastboot menu. If you are having trouble getting there,
it helps to release the power button first then the volume up when you see the menu.
Now connect the phone to your computer with the original usb cable. Open a command line with admin privileges and excute the following commands:
To switch to the fastboot dir:
Code:
cd c:\5z\raw
To flash the raw image:
Code:
patchall_aft.cmd
This will take a few minutes and the phone will reboot automatically. The first boot will take a little longer but your phone should now be unbricked and downgraded to 80.10.8.54.
You can now go to the root section of the guide and upgrade to a more current firmware.
Thanks to Renaf2 for his ZE620KL guide and GSPD for providing the raw image name.
Click to expand...
Click to collapse
Does unbricking lock the bootloader back since we will be flashing a raw a file.
With Magisk Manager 5.8.3 the whole guide works like a charm
THX
My Zenfone 5z isn't being detected in fastboot mode, kindly help with correct driver softwares, my PC is running on Windows 10
Update : I got my phone to detect in fastboot
How to wipe cache partition
Hi,
I am able to boot into recovery on Z5z but not able to see "wipe cache partition" option. I only see a wipe data/factory reset option.
I want to wipe cache to see if battery life improves. Can anyone let me know how to do this?
Thanks
chandru.biradar2 said:
Does unbricking lock the bootloader back since we will be flashing a raw a file.
Click to expand...
Click to collapse
No.
kelly66 said:
Hi,
I am able to boot into recovery on Z5z but not able to see "wipe cache partition" option. I only see a wipe data/factory reset option.
I want to wipe cache to see if battery life improves. Can anyone let me know how to do this?
Thanks
Click to expand...
Click to collapse
Honestly killing the cache rarely helps things.
hi guys how to do this on Macbook pro? Any clues?
shantanudl said:
hi guys how to do this on Macbook pro? Any clues?
Click to expand...
Click to collapse
I do not have any experience with mac os but if you want to root:
Adb/fastboot is available for mac os. All you need to do is find a tool to extract the boot.img from the payload.bin.
If you want to downgrade/unbrick: You would need to convert the bat/cmd files in the full firmware to some shell scripts and exchange the fastboot.exe.
How do I un-root, re-lock bootloader?
ferez said:
How do I un-root, re-lock bootloader?
Click to expand...
Click to collapse
unroot: You press "uninstall" in magisk manager or install an updated firmware without patching boot.img or downgrade.
I have not tried re-locking the bootloader.
So if I'm getting this right, after unlocking the bootloader I will not get OTA updates.
But I will be able to download the latest version (SKU) from Asus and put it in /sdcard/ folder, and rebooting will start the update of the new firmware.
Is this correct?
Kind regards
/Jens
jens13 said:
So if I'm getting this right, after unlocking the bootloader I will not get OTA updates.
But I will be able to download the latest version (SKU) from Asus and put it in /sdcard/ folder, and rebooting will start the update of the new firmware.
Is this correct?
Kind regards
/Jens
Click to expand...
Click to collapse
You won't get OTAs + your warranty is voided (due to unlocking Officially)
Yes, you can update your phone by sideloading the zip from ASUS Support Website
thanks to yahoo mike for solving the problem with the TWRP not working, you're a saint!
due to the fact that i want to prevent the painful process of trying to find out which twrp works for TB-X605L_S210224_200910_ROW, i will have to point it out to those who have the kind of firmware installed on their Lenovo Tab M10 and try to use TWRP version higher than 4.0 and it doesnt work - TWRP will never work, but there's still a way out for people who want root:
THE MAGISK BOOT.IMG METHOD IN THE FLESH FOR PEOPLE WHOSE TABLETS CANT GET ROOTED THE TWRP WAY!
Disclaimer: the boot.img file which was patched by magisk only works with TB-X605L_S210224_200910_ROW
For other versions you have to use LMSA to snatch the firmware and get the specific files.
This method also works on TB-X605X - same LMSA procedure, same result.
what will you need:
the first and important one - knowledge that i dont care if you couldnt use your 2 brain cells to follow the steps and proceed to brick the device by slapping a boot image on a recovery one and the fact that if you havent started the process yet your data (if theyre not backed up) will be WIPED
Click to expand...
Click to collapse
2 - a tablet, obviously (common sense)
3 - a computer
4 - Android SDK platform tools
5 - boot.img with magisk installed on it
6 (optional) - If you have no ramdisk, LMSA to at least get the recovery.img file
THE STEPS:
if you havent started the rooting process yet:
Spoiler
Code:
1 - Go to device details and tap the serial number 7 times, dev mode should activate
2 - Go to dev settings and activate OEM unlocking and USB debugging
3 - On your computer you should have downloaded SDK platform tools, extract in C:/
4 - Afterwards get into the platform-tools folder, click the path line and type CMD
5 - Type adb devices to see if it installed correctly, your device should appear
6 - Type adb reboot bootloader, wait until the device reboots, you should see FASTBOOT MODE in red text
7 (LAST CHANCE TO BACK UP YOUR FILES, IF YOU PROCEED YOUR UNBACKED DATA WILL BE PERMANENTLY WIPED) - Type this: fastboot oem unlock-go
8 - type fastboot reboot
YOU MAY PROCEED TO THE ROOTING PROCESS PART 2.
If you already unlocked OEM (ROOTING PROCESS PART 2):
1 - Go on your device and download Magisk Manager (Version is 23.0)
2 - install the APK file
3 - open magisk manager and check the ramdisk
We will look at 2 situations:
Yay! Ramdisk is checked as Yes! The process will be hassle free and you wont have to use LMSA to get the firmware!:
Spoiler
Code:
1 - On your computer put the modified boot.img file into the platform-tools folder (Dont worry, it doesnt bite)
2 - Move on to the CMD prompt and enter: adb reboot bootloader
3 - then type in: fastboot flash boot (THE FILE)
4 - after that reboot your device by typing in: fastboot reboot
5 - HURRAH! Now you have installed root using the boot method AND without TWRP! Its best to check it with root checker for best measure though.
OH HELL NAH! IN THIS RARE CIRCUMSTANCE YOUR RAMDISK IS LITERALLY NONEXISTANT AS CONFIRMED BY THE CHECKED NO! HERE'S THE HARD WAY:
Spoiler
Code:
1 - If not already, download LMSA (or just search on the internet lul)
2 - Install LMSA and make sure you have connected your device to the computer
3 - Go to the Rescue tab and download the Firmware
4 - the path should be C:\ProgramData\LMSA\Download\RomFiles\TB-X605L_S210224_200910_ROW, you should see recovery.img
5 - snatch it and then place it into the download folder of your device
6 - use magisk manager to install magisk on the recovery image (MAKE SURE TO CHECK RECOVERY MODE IN MAGISK MANAGER OPTIONS, IT MUST BE CHECKED!!!!)
7 - snatch it by typing the command into the command prompt: adb pull /sdcard/Download/magisk_patched_[random_strings].img
8 - boot your device into bootloader with this: adb reboot bootloader
9 - now flash it into recovery: fastboot flash recovery magisk_patched_[random strings].img
10 - reboot with fastboot reboot
11 - Congrats, you got root! Unfortunately for you and your nonexistant ramdisk you have to boot into recovery to run the system with magisk
12 - use the recovery key combo until you see the splash screen, then release the keys. You will boot into magisk as it hijacks the recovery
13 - and thats how you root without ramdisk! you have gone through the entire pain of having to now use the recovery combo and releasing keys in order to boot into the system with root, but hey, you got root!
if you brick your device and/or meet the device reaper under the name of QUALCOMM USB DIAGNOSTIC, you're pretty much dead and i do not take any responsibility. that was your choice to go with this method.
if you blame me for anything ranging from alarm clock app failing and cant wake you up because it couldnt access the vibration and/or sound to a god forsaken thermonuclear war because the error code of the qualcomm usb diagnostic somehow gave you nuclear access codes, here's the response: COPE AND SEETHE
Click to expand...
Click to collapse
Notice this will VOID YOUR WARRANTY.
I am not to blame for BRICKED DEVICE.
Do this at YOUR OWN RISK.
Things you need :
1: OnePlus Nord N100 - Oxygen OS 11.0.5.BE83BA
2: Computer with Adb and Fastboot Installed - check google for adb and fastboot
3: Unlocked Bootloader - https://source.android.com/devices/bootloader/locking_unlocking
4: Adb Enabled in developer options aka USB debugging
5: The Boot.img - below
6: Magisk.apk - https://magiskmanager.com/
Guide :
Step 1: Patch Boot.img with Magisk
Open the magisk app and select Install>Select And Patch a File>Boot.img>Let's go
And then wait for :
Output file is written to
/storage/emulated/0/Download/magisk...img
- All done!
Press the arrow at the top and close Magisk for now
Step 2: Connect to the Computer with adb and fastboot installed
On Phone :
Allow the computer to browse files
On Computer :
Go in the file explorer to your phones downloads( This Computer\BE2013\Internal shared storage\Download ) folder and find the magisk...img
Copy the magisk...img to your desktop or any other folder if you can find it in Command Prompt(Windows)
Then Open Command Prompt(Windows)/Terminal(Linux)
Cd to your work folder(Desktop) or the "any other folder"
cd Desktop(Windows)
Step 3: Boot the device into bootloader
Do a check if the device is connected with:
adb devices
On phone :
Allow USB debugging
If nothing shows up on the phone or it says the phone is unauthorized reconnect the phone and try again.
On Computer :
Next we reboot the phone to bootloader with :
adb reboot bootloader
The phone will restart and you shall see a big START
Step 4: The Final Step Test & Install Root
Testing if everything works as expected eg Wifi, Bluetooth, Hotspot, Other stuff because these things broke for me once because I used the wrong version of boot.img.
Id still test them.
On Computer :
fastboot devices
If there is the same device as in Step 3 adb devices command all should be working expected.
Optional :
fastboot boot magisk...img Tip Use TAB to autocomplete in Command Prompt(Windows)
Next up test if all of the wireless stuff is working eg Wifi, Bluetooth, Hotspot, Other stuff
You can also open magisk to see if the device is Rooted.
Going back to bootloader is important for the next sub step("Flashing").
adb reboot bootloader
Flashing :
Did you boot the magisk...img?
If yes did everything work?
If not do not do this part!
fastboot flash boot magisk...img
fastboot reboot
Done!
Sorry for any typing mistakes if there is any.
If you have any questions ill be slow to respond if I even respond.
Sincerely Maxi
Where did you get this boot image?
I am getting the same behavior I get when trying to patch the global boot image - will not boot this TM model phone.
bouyakasha said:
Where did you get this boot image?
I am getting the same behavior I get when trying to patch the global boot image - will not boot this TM model phone.
Click to expand...
Click to collapse
I extracted the boot image from OTA update.
What do you mean with TM model phone? This is for the BE83BA.
hello someone does not have a rom 11.0.1be83ba I formatted the whole system unfortunately
Grilmama said:
hello someone does not have a rom 11.0.1be83ba I formatted the whole system unfortunately
Click to expand...
Click to collapse
Here https://forum.xda-developers.com/t/...ota-oxygenos-repo-of-oxygenos-builds.4253501/
https://otafsg-cost-az.coloros.com/OnePlusN100_EEA/OnePlusN100Oxygen_14.E.25_GLO_0250_2203311235/patch/amazone2/GLO/OnePlusN100Oxygen/OnePlusN100Oxygen_14.E.25_GLO_0250_2203311235/OnePlusN100Oxygen_14.E.25_OTA_0250_all_2203311235_0a17ce328283d7.zip
Hi. Anyone can you extract Oxygen OS 11.0.5. BE83BA boot.img for me? Thank you! Can't access PC.
VPH20 said:
https://otafsg-cost-az.coloros.com/OnePlusN100_EEA/OnePlusN100Oxygen_14.E.25_GLO_0250_2203311235/patch/amazone2/GLO/OnePlusN100Oxygen/OnePlusN100Oxygen_14.E.25_GLO_0250_2203311235/OnePlusN100Oxygen_14.E.25_OTA_0250_all_2203311235_0a17ce328283d7.zip
Hi. Anyone can you extract Oxygen OS 11.0.5. BE83BA boot.img for me? Thank you! Can't access PC.
Click to expand...
Click to collapse
The post has been updated. It includes the updated boot.img.
Ma_x11 said:
The post has been updated. It includes the updated boot.img.
Click to expand...
Click to collapse
Thank you very much!