Related
This warning also serves to other variants.
I see that many users of this variant are using other variant binaries and images trying to unlock the bootloader and install TWRP recovery.
My advise is to not do this or you can end with a brick.
Even worse, when trying to unbrick the phone, people are using other variant nand backup images, this will lead you to the infamous lost IMEI problem, and from this point if you don't have your modemst partitions backups, you are lost.
Flashing KDZ won't recover these partitions, they are unique to your phone and are not flashed in a normal KDZ flash, the only way to flash them is in TWRP or ADB.
I already supplied the proper D410HN Kitkat v10c and Lollipop v20a/b/c (they are the same) unlocked aboots and bootstacks but people insist flashing files from other variants.
My advise is, after rooting your phone, before doing anything else, the first thing you must do is to backup your modemst1 and modemst2 partitions to make sure you IMEI data is safe. You can make this backup in ADB or Android Terminal app with:
Code:
dd if=/dev/block/platform/msm_sdcc.1/by-name/modemst1 of=/storage/external_SD/modemst1.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/modemst2 of=/storage/external_SD/modemst2.img
This will save modemst1.img and modemst2.img in your external microSD. If you want to save in your internal SD, replace /storage/external_SD to /sdcard.
Also, make a nand backup image in case of you need to make a testpoint or direct flash in nand to attempt to unbrick the phone.
Code:
dd if=/dev/block/mmcblk0 of=/storage/external_SD/unbrick.img bs=512 count=323583
This will save an unbrick.img in your external microSD. If you want to save in your internal SD, replace /storage/external_SD to /sdcard. Do not share this file with anyone else, this image have your IMEI data.
Why make your own unbrick.img file?
If you look at the partition table, you will have this:
Code:
GNU Parted 1.8.8.1.179-aef3
Using /dev/block/mmcblk0
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) unit s
unit s
(parted) print
print
Model: MMC 8WMB3R (sd/mmc)
Disk /dev/block/mmcblk0: 15269888s
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 16384s 147455s 131072s fat16 modem
2 147456s 149503s 2048s sbl1
3 149504s 150527s 1024s rpm
4 150528s 151551s 1024s tz
5 151552s 152575s 1024s sdi
6 152576s 156671s 4096s aboot
7 156672s 157695s 1024s rpmb
8 157696s 158719s 1024s tzb
9 158720s 162815s 4096s abootb
10 162816s 166911s 4096s pad
11 166912s 173055s 6144s modemst1
12 173056s 179199s 6144s modemst2
13 179200s 211967s 32768s misc
14 212992s 278527s 65536s ext4 persist
15 278528s 323583s 45056s laf
16 327680s 372735s 45056s boot
17 372736s 417791s 45056s recovery
18 417792s 423935s 6144s fsg
19 425984s 427007s 1024s fsc
20 427008s 428031s 1024s ssd
21 442368s 443391s 1024s DDR
22 458752s 459775s 1024s encrypt
23 459776s 460799s 1024s rct
24 475136s 491519s 16384s ext4 drm
25 491520s 507903s 16384s ext4 sns
26 507904s 548863s 40960s factory
27 548864s 614399s 65536s fota
28 622592s 624639s 2048s sbl1b
29 624640s 690175s 65536s ext4 mpt
30 704512s 909311s 204800s ext4 cust
31 917504s 918527s 1024s eksst
32 933888s 5128191s 4194304s ext4 system
33 5128192s 6971391s 1843200s ext4 cache
34 6971392s 15223807s 8252416s ext4 userdata
35 15237120s 15269854s 32735s grow
(parted)
This ubrick image have your partition table and the partitions until sector 323583 (partition 15 - laf), which is enough to enter in download mode and flash KDZ with LG Flash Tool and make a complete and perfect recover. This also explains why when you flash an unbrick image from a unknown source and variant you lose your IMEI, modemst1 (11) and modemst2 (12) partitions are flashed along, overwriting your unique data.
Keep your backups in a safe place and now you can go ahead and unlock the bootloader, install TWRP, change partitions size and etc knowing that if anything goes wrong, if you manage to unbrick your phone, you won't loose your IMEI.
Good luck :good:
Files:
Unlocked bootloaders (aboot):
D410HN KitKat v10c: http://www.mediafire.com/download/lg0ewb6vnl184mq/aboot_d410hn_v10c_unlocked_.zip
D410HN Lollipop v20abc: http://www.mediafire.com/download/dzp38dk9jivw31j/aboot_d410hn_v20abc_unlocked.zip
TWRP Custom Recovery: http://forum.xda-developers.com/lg-l90/development/recovery-twrp2-7-1-0lgl90w7xxshoxx-t2826150
Bootstacks:
D410HN KitKat v10c: http://www.mediafire.com/download/qx3cv5fzdzjsod2/Bootstack_D410hn_KitKat_v10c.zip
D410HN Lollipop v20c: http://www.mediafire.com/download/wxa5m1ch80hth54/Bootstack_D410hn_Lollipop_v20c.zip
Stock Flashable ZIP (for stock partition tables only):
D410HN KitKat v10c: http://www.mediafire.com/download/8u4zsj8tnyz4r6n/Flashable_D410hn_Stock_KitKat_v10c.zip
D410HN Lollipop v20c: http://www.mediafire.com/download/oqp0ubsq2jmzjph/Flashable_D410hn_Stock_Lollipop_v20c.zip
Thanks for posting these files for D410hn and warning owners of this LG L90 variant.
Recently, I decided to switch from stock to cyanogenmod and I got to find out your files in the middle of other posts.
Now this post made things crystal clear.
Thanks !
Gacrux, i must first of all thank you for your effort on gather all that info e put it on one post, this for us newbies was a great hand. But, for those like me that already have did things wrong, and already are on a mud puddle, and not expert like you guys here on XDA learning and teaching all concernments about root, flash, custom rom, stock, our beloved android, i must ask you some more of your patience, and write some more detailed tutorial, link us to posts that can help recover lost IMEI because used that russian files and process that you quote on another post. I managed after long time research to find a process that a could insert one of my IMEI to the slot one, but slot 2 stills IMEI "0", checked with *#06#. Interesting is that here on my home, phone are getting signal on both sims, i have tested and both can do and receive calls, data flow, etc, but when i got to drive to another near city, like go to my job, i loose signal on both. So, i dont have (i didnt know that i have to) that backups modemst1 and modemst2 partitions, what can i do ? I still can remove my battery and put on a paper that 2 IMEi numbers that i need, in case to do some process. I'm using D410HN lollipop 5.0.2, base band M8626A-AAAANAZM-1.0.6063 kernel 3.4.0+ ,next info LRX22G.A1440649755 and V20c-OP1-HQ What would be the steps i need to follow to at least try to put IMEI on place, unlock, install a more light rom, that consumes least internal storage space, but all functions like cameras, nfc, bluetooth, etc are working. I'm sure 100% that you will be helping a lot of people. Thanks another time, and awatin directions !
I'll try to look into this IMEI issue soon and try to find out if there is a chance to rebuild both modemst partitions with both SIM cards on D410hn, but from what I could find until now, I wouldn't get hopes up... In the past, when IMEI were stored in EFS partitions, they were stored in plain text and could be hex edited, but they don't do this anymore, I downloaded modemst partitions from two L90 and compared them and found out that this data is now fully encrypted.
You loose signal probably because you are using other variant modem and modemst data.
Regarding the storage issue, I have a self made slim version of stock v20c and modified the partition tool in this topic (http://forum.xda-developers.com/lg-...ck-partition-table-tool-lg-l90really-t2946323) to fit to my needs, and more importantly, to change the units he used to respect the partitions beginnings and ends (partition by sectors I find to be more precise and safe), I removed everything that I judged useless from the stock LG rom and remade the partition table to shrink system partition to give more room for userdata.
I removed this stuff from the original ROM:
/system/usbautorun.iso
/system/app/Books
/system/app/ChromeWithBrowser
/system/app/Drive
/system/app/Gmail2
/system/app/GoogleTTS
/system/app/Hangouts
/system/app/LGPCSuiteUI
/system/app/LGSearchWidgetProvider
/system/app/LGWeather
/system/app/LGWeatherService
/system/app/LGWeatherTheme
/system/app/Maps
/system/app/Music2
/system/app/Newsstand
/system/app/PlayGames
/system/app/PlusOne
/system/app/Street
/system/app/talkback
/system/app/Videos
/system/app/YouTube
/system/apps/bootup/LGBoxnet
/system/apps/bootup/LGFlashlightWidget
/system/apps/bootup/LGSmartWorld
/system/apps/bootup/LGTaskManager
/system/priv-app/LGApplicationManager
/system/priv-app/LGBackup
/system/priv-app/LGBrowser
/system/priv-app/LGDictionary
/system/priv-app/LGDMSClient
/system/priv-app/LGEasyHome
/system/priv-app/LGEmail
/system/priv-app/LGFileManager
/system/priv-app/LGMemo
/system/priv-app/LGPCSuite
/system/priv-app/LGQTranslator
/system/priv-app/LGUpdateCenter
/system/priv-app/Velvet
/system/vendor/carrier/system/LGRemoteCall
/system/vendor/carrier/system/rspermlge
/system/vendor/overlay/com.android.browser
/system/vendor/overlay/com.lge.appbox.client
/system/vendor/overlay/com.lge.bnr
/system/vendor/overlay/com.lge.easyhome
/system/vendor/overlay/com.lge.email
/system/vendor/overlay/com.lge.filemanager
/system/vendor/overlay/com.lge.lgworld
/system/vendor/overlay/com.lge.task
/system/vendor/overlay/com.lge.updatecenter
/system/vendor/overlay/com.lge.sizechangable.weather
/system/vendor/overlay/com.lge.sizechangable.weather.theme.optimus
My post on the repartition tool thread about my personal changes: http://forum.xda-developers.com/showpost.php?p=63218497&postcount=151
So, about that modem partitions, i read somewhere, that some "box" called octopus/octoplus can repair that **** i did on my phone e by that restore that 2 IMEI to his place, i looked into some tecnicians here im my city, but anyone have that, nor knows nothing that can repair, help me, i will try a day off my job next week to search on a bigger city for a technical assistance that have this box to try it out, this is what i could found, about this problem losing imei by overrun that partition where they are writed. I must say that I have encountered too much resistence from the people that knows how to do the process, because they think i stole the phone, even seeing me gather to his front door inside my police uniform. I must thank you Gacrux another time to be willing to help me and other people, even without know me, thank you man ! About your rom, all hardware is functional ? Did you managed to reduce the size of that system data about to 4.21 GB that are untouchable, chequing from configuration=>general=>storage just below cache data, "many" where when i click i can see that "system data" in about 4.21 GB. I already did a full wipe, but i dont have a custom recovery, because i tried to install twrp from "rom installer" from JRummy and it says that no one is compatible with my phone. This is one thing that i wanted to with a custom recovery, install a custom rom that have this system data a little smaller.
My phone is fully functional, mainly because from the start I never flashed other variant files in my phone and after rooting I knew it was a wise move to backup my modemst partitions before doing anything else after root the phone.
When I decided to mod my L90 I saw that nobody had unlocked the D410hn variant or made proper bootstack for us, with a little search I realized how to unlock our kitkat and lollipop aboots with IDA disassembler and built the proper bootstack from the partitions extracted of our kdz file.
As far as I tested, from bootloader downgrade and softbricks, the modemst and own unbrick images were enough to make a perfect recover of the phone (I had to simulate some scenarios in my own phone to test if my files and my advises would actually work).
Unfortunately, for the ones that didn't know that they MUST do some obligatory backups files, the lack of these backups lead them to problems like the one you are facing.
Custom recovery can be flashed with adb, no need for app, I'll post later when I arrive home.
System partition is actually 2GB. With stock LG ROM, there are around 60MB free. The debloating I did freed around 610MB, this allowed me to reduce system partition to 1.39GB. Also, I reduced cache partition from 900MB to 64MB. The difference was given to userdata partition, allowing me to grow from the stock 3.34GB to 5.38GB.
thank you your attention ! From your knowledge im making my own, thank you for advices too, that i will follow for sure !
To flash custom recovery with adb only (needs root and unlocked bootloader, if you already have, there is no need to repeat):
1. Root.
2. Copy aboot.bin and recovery.img (rename TWRP_2.8.7.0_270615_L90.img) to the root of your external microSD card.
3. Open adb shell or android terminal, take superuser permission with su and allow it in your phone screen.
4. Flash the hacked unlocked bootloader for D410HN Lollipop with dd if=/storage/external_SD/aboot.bin of=/dev/block/platform/msm_sdcc.1/by-name/aboot
5. Flash custom recovery (TWRP) with dd if=/storage/external_SD/recovery.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
To boot the custom recovery, from android you can send reboot recovery in adb or terminal (needs su). To boot recovery from the phone off, hold VOL - and PWR, when LG logo appears, release and hold PWR button. A blank screen asking to reset the phone to factory settings will appear, select YES twice and wait custom recovery to boot. Don't worry, your phone won't be reset since stock recovery was replaced with a custom one.
Well, i think i can take that line of commands with ADB, but the problem here is that files, can you please link that needed files that are "for sure" functioning in D410HN lollipop 5.0.2, because i dont want a new brick ! You can link to some post, that you are certain about, and i will go there e download, thanks again !
edit: I dont have unlocked bootloader, because, as i said i was feared that i could download wrong files and did **** again, if you can help in this one too, i will pay a beer !
edit: About root, i tried purpledrake, towelroot, and others, last one, and only that works was kingroot, fully functional, checked with root checker.
I think I found a way to recover the second SIM IMEI.
Requires Qualcomm Product Support Tools (QPST), HxD (or any other decent hex editor), LG Mobile Support Tool and an IMEI to HEX converter.
Though I didn't tested it myself in my own phone, I believe it's going to works, also in any Dual-SIM variant.
I'll first try to find a way to convert the SIM to those HEX values (they are not a straight text to HEX conversion), if OK, I'll write something about this matter and will post soon.
---
It's done, read: http://forum.xda-developers.com/lg-l90/general/imei-fix-2nd-sim-slot-t3229097
Hi there. I also have a D410hn. I was on 20b rooted and using TWRP, then the 20c upgrade came. So I've used your 20c flashable zip to go to 20c.
It worked just fine, then I've used the flashable superuser as you've suggested and it worked just fine too. The problem is that when I go to phone settings -> about this phone -> software info it displays "V20B-SCA-XXXX". I've checked build.prop and it shows 20c, so what's wrong?
If I flash your 20c bootstack it will fix it? Will I lose something like have to root or install custom recovery again?
Thanks
Sent from my LG-D410 using XDA Free mobile app
Flash v20c bootstack. Lollipop bootstack v20c is different from v20ab, as noted here: http://forum.xda-developers.com/showpost.php?p=63292272&postcount=57
The user who edits the topic didn't updated to include the newer bootstack for D410hn.
You are not going to loose anything since it won't flash boot and system partitions.
It worked, settings display 20c now. Thanks
Sent from my LG-D410 using XDA Free mobile app
Hello. I have D405n and when I try to unlock bootloader i bricked phone. Then I was searching for solution and somehow did that with success but in setting phone was D405 (without N). It was few months ago but these days I was testing custom roms and noticed that on rom 5.1.1 i dont have imei and dont have signal, but on stock lollipop I have signal but imei is zero. Any ideas how to fix this?
Would help flashing loader?
Fangio92 said:
Hello. I have D405n and when I try to unlock bootloader i bricked phone. Then I was searching for solution and somehow did that with success but in setting phone was D405 (without N). It was few months ago but these days I was testing custom roms and noticed that on rom 5.1.1 i dont have imei and dont have signal, but on stock lollipop I have signal but imei is zero. Any ideas how to fix this?
Would help flashing loader?
Click to expand...
Click to collapse
Try QPST: http://forum.xda-developers.com/showthread.php?t=2701861
This can also be a 5.1.1 issue or you are in a different bootloader. CM development for L90 is a little messy, don't know if it's using kitkat or lollipop bootloader now.
How to flash stock bootloader? I try flashing 4.4 kdz and 5.0 kdz and its the same.
Fangio92 said:
How to flash stock bootloader? I try flashing 4.4 kdz and 5.0 kdz and its the same.
Click to expand...
Click to collapse
http://forum.xda-developers.com/lg-l90/general/guide-flash-stock-kdz-offline-lg-l90-t2803479
Done that few times and its the same... QPST not working but with EFS I manage to read data but not to write.
If I get a backup of another L90 and restore it to mine, and then change the IMEI 1 through the QPST, does it works?
ps .: my IMEI 2 is zero
LG-D410HN "deadboot"
Hello, have a LG D410hn with deadboot, someone would have Loader.img file D410hn (Brazil), as did only with the D410 and the front camera has stopped working and zeroed IMEI. If anyone can help I am grateful!
I have serious doubts about the so called "proof of root" youtube video for 4.4.4 N900V, so I've decided to start a research related thread so we don't have to rely on someone who will probably give everyones hopes up. Since N900V NJ4 4.4.4 is the oldest flashable version on those of us stuck on 4.4.4 or 5.0, I will be focusing on that build. Here are a few exploits I've found so far which may definitely lead to a root exploit for everyone who is patiently waiting for root access (including me):
1) Android sensord Local Root Exploit - says tested on LG L7, but may also apply to N900V (unconfirmed)
2) Linux Kernel < 3.4.5 - Local Root Exploit (ARM - Android 4.2.2 / 4.4) - N900V NJ6 has kernel version 3.4.0, so this exploit may be a viable option
3) Nexus 5 Android 5.0 - Local Root Exploit - May also apply to other devices as it relies an selinux flaw
Here is a very interesting page I found about ABOOT, and details of the Android boot process: http://newandroidbook.com/Articles/aboot.html
We should also look into possibly using Loki for the note 3: https://github.com/djrbliss/loki
Here is an excellent site which lists all know Android root vulnerabilities categorized by Android software version: http://androidvulnerabilities.org/by/version/
UPDATE: I have some really good news which I came across which applies to N900V NJ6 (build KTU84P):
http://www.androidpolice.com/2014/06/19/google-rolling-out-android-4-4-4-update-ktu84p-with-a-security-fix-factory-imagesbinaries-up-for-nexus-devices/
According to the above, the vulnerability which towelroot exploits was in fact not patched in build KTU84P.
I'm going to compile towelroot and add the N900V to the supported device list, and theoretically it should provide root.
Here are some ideas I'm investigating for achieving root on NJ6:
1) Inject su and SuperUser.apk into the sparse ext4 format system.img.ext4 from the odin package
2) If someone has a rooted N900V and is on 4.4.4 NJ6 firmware, please do a raw dump of your full system partition, and post it. I may be able to convert to a pre-rooted odin package
3) Find unused executable from system.img.ext4 (in sparse format), find the offset of the unused executable in the sparse image, and directly replace the binary data of the executable with the binary data of su (replaced e2fsck with su executable (zero padded to match size of e2fsck), haven't been able to successfully flash with ODIN yet, still investigating what aboot checks that is causing it to fail)
4) NJ6 is running Kernel version 3.4.0, I'm sure there are quite a few Linux exploits which work on Kernel version 3.4.0 and lower.
This is successfully exploiting a vulnerability and is rebooting my note 3 (not installing su yet, haven't had time to fully research how this root exploit works:
https://github.com/retme7/CVE-2014-7911_poc/
I've attached the prebuilt apk for this vulnerability. I'm getting activity on logcat, just don't have time to look into it fully until I get off of work.
i downgraded from of1 to nk1
i also tried going from of1 directly to nj6.
just tick on nand erase in odin
scottgl9 said:
This is successfully exploiting a vulnerability and is rebooting my note 3 (not installing su yet, haven't had time to fully research how this root exploit works:
https://github.com/retme7/CVE-2014-7911_poc/
I've attached the prebuilt apk for this vulnerability. I'm getting activity on logcat, just don't have time to look into it fully until I get off of work.
Click to expand...
Click to collapse
go on bro, we believe in you !
sorry for annoy you guys, but I don't get it, this xploid is for get just root, or for unlock the boot loader (at least??)
SLver said:
sorry for annoy you guys, but I don't get it, this xploid is for get just root, or for unlock the boot loader (at least??)
Click to expand...
Click to collapse
we need root to be able to unlock bootloader
Team Win Recovery Project 3.1.1-0
This is for the A2017, A2017U, and A2017G.
WARNING: The ZTE Axon 7 stock boot image has dm-verity, which prevents you from booting if you swipe to enable system modifications!
SOLUTION: Follow the full rooting steps below in order to allow system modifications without the risk of a boot loop!
WHAT IS TWRP?
Oh come on, you know what it is - don't try to fool me!
In case you're serious, though...
Team Win Recovery Project is a custom recovery for Android devices.
It allows you to back up and restore your data, flash custom ROMs to your device, repair broken file systems, and root your device.
Read more about TWRP here: https://twrp.me/about/
DOWNLOAD
You can find the device page here:
http://teamw.in/devices/zteaxon7.html
There is a download link there, as well as instructions on how to flash it.
You can find up to date fastboot & adb binaries here!
UNLOCKING YOUR BOOTLOADER
WARNING: Unlocking your bootloader will erase all userdata on the device! Your device will be completely reset to factory defaults!
A2017U or A2017 users can simply unlock from EDL mode using MiFlash here.
I do not have a method for A2017G, there may be other threads on XDA to guide you through the process.
FULL STEPS FOR OBTAINING ROOT
Follow these instructions until someone nice comes along and makes a video from them (without ads):
Unlock your bootloader! See above!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Download TWRP for the ZTE Axon 7.
Reboot your device into fastboot mode. To do this, select reboot from the power menu and hold the [Volume Up] button while your device reboots or boots from power off.
Once you're in fastboot with your bootloader unlocked, you're ready to flash TWRP. To do this, run the command (replacing twrp.img with the actual image name):
fastboot flash recovery twrp.img
Once the image is flashed, you should use your volume keys to navigate to RECOVERY and the press the power key to select it.
At this point, you will reach the screen asking you if you want to allow system modifications.
By swiping right, you will trigger dm-verity, and if you don't follow the next step you will be unable to boot!
If you are going to root your device and follow the rest of these steps, then it is safe to swipe right and enable modifications.
If you want to be rooted with SuperSU:
Download the latest SuperSU stable by Chainfire.
Without exiting TWRP, transfer the SuperSU zip to your device over MTP* and flash it using [Install] in TWRP.
---or (not both) ---
If you want to be rooted with Magisk:
Download the latest Magisk stable by topjohnwu.
Without exiting TWRP, transfer the Magisk zip to your device over MTP* and flash it using [Install] in TWRP.
---or (not both) ---
If you want to be rooted with something else or just want a bootable system:
Download the latest dm-verity and forced encryption disabler zip.
Without exiting TWRP, transfer the no-verity-opt-encrypt zip to your device over MTP* and flash it using [Install] in TWRP.
This will also allow you to use [Format Data] to completely disable your encryption if desired.
Go to [Reboot] -> [System].
Wait 2-5 minutes for your device to finish setting itself up. (SuperSU will reboot you a few times)
* MTP, known as Media Transfer Protocol, is the same way you transfer files from your PC to your device when booted into system.
UPDATING TWRP
To update TWRP, simply download the new twrp.img on your phone, then boot into your current TWRP and flash it.
To flash a twrp.img, navigate to [Install] -> [Flash Image] -> select your twrp.img -> [x] Recovery -> Flash!
After that, just use [Reboot] -> [Recovery] to reboot into the updated TWRP.
CHANGES
v3.1.1-0 (twrp.me) - See release details here!
v3.1.0-0 (twrp.me) - See release details here!
v3.0.4-1 (build.nethunter.com) - Fix crash on selecting reboot with an empty data partition, add Data backup warnings
v3.0.4-0 (build.nethunter.com) - Capability restoration for Nougat, F2FS backport support, EXT4 decryption support
v3.0.3-1 (twrp.me) - Use crypto libraries from ROM (Nougat support). Fix USB OTG and Fast Charging. Reduce boot times.
v3.0.3-0 (twrp.me) - Renamed to ailsa_ii, Persist merged with EFS, Modem no longer mounted, Backup/Restore/Flash Bluetooth/System Image added. LA.HB.1.3.1.c1-19500-8x96.0 + Linux 3.18.45.
v3.0.2-0 (twrp.me) - Initial release.
FEATURES
MTP support
USB OTG storage support
Legacy USB Mass Storage mode support - use your phone like an SDCard reader or flash drive!
Hardware Qualcomm-based full-disk encryption support
f2fs file system support (read, write, format, backup & restore)
exFAT file system support (read, write, format)
NTFS file system support (read, write, format)
ADB root
Full SELinux support
Built in android 6.0 tree
Allows ZTE full OTA flashing (only for A2017U firmware)
KNOWN ISSUES
F2FS takes a long time to boot, see below.
WHY DOES F2FS MAKE TWRP SO SLOW?
When TWRP boots up or wipes partitions and a few other scenarios, it checks each partition to see how much disk space is used. Ext4 handles disk usage calls quite efficiently and will finish this very fast. F2FS on the other hand is very slow when it comes to checking disk usage. We're unsure why this is. Every file on the F2FS formatted partition adds a little more time, and a device that is 30 GB full could take up to 10 minutes to boot TWRP!
I suggest switching your data partition to ext4 - all the f2fs hype is merely from benchmarks that don't actually represent real world use (ie. you're not writing thousands of files per second)
For someone who doesn't do lots of write access to their data partition, ext4 can actually be advantageous (it has faster access times and reads!)
HOW DO I GET LOGS SO WHEN I COMPLAIN I'M NOT COMPLETELY IGNORED OR SHAMED BY OTHER USERS?
To get logs while in TWRP, you should connect your device to your PC and use adb.
adb pull /tmp/recovery.log
adb exec-out dmesg > dmesg.log
This will create 2 files in the directory your shell is currently in, recovery.log and dmesg.log. You will need to upload these somewhere such as a pastebin or Google Drive. You can also attach it to your XDA post (recommended!)
If you are having an operating system boot issue, you should gather a ramoops log instead. Do this while in TWRP after the failed boot:
adb exec-out "tar c /sys/fs/pstore 2>/dev/null" > pstore.tar
CONTACT & SUPPORT
You can find us on IRC at #twrp on chat.freenode.net.
You can also post in this thread and I will attempt to answer any questions you may have.
SOURCE CODE
TWRP: https://github.com/omnirom/android_bootable_recovery (android-7.1)
Device tree: https://github.com/TeamWin/android_device_zte_ailsa_ii (android-6.0)
Kernel: https://github.com/jcadduono/android_kernel_oneplus_msm8996 (twrp-6.0)
CONTRIBUTIONS
Gerrit for TWRP: http://gerrit.omnirom.org/
Gerrit for officially supported devices: http://gerrit.twrp.me/
XDA:DevDB Information
Team Win Recovery Project for the ZTE Axon 7, Tool/Utility for the ZTE Axon 7
Contributors
jcadduono, Team Win
Source Code: https://github.com/TeamWin/android_device_zte_ailsa_ii
Version Information
Status: Stable
Current Stable Version: 3.0.4-1
Stable Release Date: 2017-02-08
Created 2016-12-09
Last Updated 2017-11-25
Link does not work is there a typo?
lokissmile said:
Link does not work is there a typo?
Click to expand...
Click to collapse
Nope, bigbiff is just taking long time to hit the go button on jenkins to build the device and rebuild twrp.me lol
I think he fell asleep
You can use this for now: https://build.nethunter.com/test-builds/twrp/zte/twrp-3.0.2-0-a2017u.img
Downloaded and installed although not sure how this differs from the one in the unlock thread. Made a backup everything seems OK. Thanks!
lafester said:
Downloaded and installed although not sure how this differs from the one in the unlock thread. Made a backup everything seems OK. Thanks!
Click to expand...
Click to collapse
It shouldn't be any different, or any differences there are should be minimal.
One (and maybe only) notable difference might be that it uses ZTE's USB configuration rather than Google's.
It also supports legacy mass storage. (accessing sdcard like a flash drive, instead of MTP)
I should also add that it's pretty much 1/3 of the size too lol.
UnjustifiedDev's unofficial TWRP is 3.0.2-2. I recall people were having issues with restoring some partitions (mostly EFS), so he backported the bugfix from the 7.0 TWRP code, which seemed to have fixed the issues. Does this official build include that bugfix?
Is there any technical reason why this version shouldn't be installed on A2017G?
xtermmin said:
UnjustifiedDev's unofficial TWRP is 3.0.2-2. I recall people were having issues with restoring some partitions (mostly EFS), so he backported the bugfix from the 7.0 TWRP code, which seemed to have fixed the issues. Does this official build include that bugfix?
Click to expand...
Click to collapse
That bug was fixed in September on the 6.0 branch.
_phk_ said:
Is there any technical reason why this version shouldn't be installed on A2017G?
Click to expand...
Click to collapse
I don't have any technical reason, just from what I've read it won't boot. You can try it, let me know what happens. Actually please do, because if it does boot it would be quite pleasing and I'd end up unifying them.
Is this TWRP using the stock B29 kernel or your custom Kernel?
I was building my own TWRP for the Axon-7 the other day. Mainly to include more partitions for backup purpose while working on CM and back to stock. (Especially persist).
As far as I saw the CM rom messes with persist (creates folders and files in persist).
Should ZTE release Android 7.0 in January I want to be able to go back using the backup created of B29 and simply run the OTA.
If CM messes with persist and one goes back to B29 to upgrade to Android 7. The OTA partitions check before upgrade will probably fail with checksum errors. And the upgrade will fail.
One would have to go all the way back to factory B20 then =>B27 =>B29=>Android 7.
Correct me if I'm wrong.
But shouldn't we include at least those partitions that CM touches in TWRP for proper restore possibilities? And future upgrades of Stock?
celoxocis said:
...If CM messes with persist and one goes back to B29 to upgrade to Android 7. The OTA partitions check before upgrade will probably fail with checksum errors. And the upgrade will fail...
Click to expand...
Click to collapse
So far, none of the OTAs (at least for the US model) have done a check of persist, but who knows if they will for Nougat.
celoxocis said:
Is this TWRP using the stock B29 kernel or your custom Kernel?
I was building my own TWRP for the Axon-7 the other day. Mainly to include more partitions for backup purpose while working on CM and back to stock. (Especially persist).
As far as I saw the CM rom messes with persist (creates folders and files in persist).
Should ZTE release Android 7.0 in January I want to be able to go back using the backup created of B29 and simply run the OTA.
If CM messes with persist and one goes back to B29 to upgrade to Android 7. The OTA partitions check before upgrade will probably fail with checksum errors. And the upgrade will fail.
One would have to go all the way back to factory B20 then =>B27 =>B29=>Android 7.
Correct me if I'm wrong.
But shouldn't we include at least those partitions that CM touches in TWRP for proper restore possibilities? And future upgrades of Stock?
Click to expand...
Click to collapse
It uses a custom very minimal kernel configuration with modifications to make it more compatible with TWRP.
Why does modification of persist matter? Persist can't affect OTAs as it's meant to be modified, it's only a firmware/calibration cache.
If it ever had an issue you could simply type:
make_ext4fs /dev/block/bootdevice/by-name/persist
CM should not modify any partitions that are meant to be static.
The only partitions that will need to be fixed to take OTAs should be: boot, system, recovery, modem (NON-HLOS.bin)
The only reason modem needs to be fixed is because it's used in TWRP and I can't enable both backup and read-only at the same time.
Update: I'll just make two entries, backup/restore for raw modem emmc, and read-only mount for decrypt. (should be safe to do this with mounttodecrypt unmounting it)
xtermmin said:
So far, none of the OTAs (at least for the US model) have done a check of persist, but who knows if they will for Nougat.
Click to expand...
Click to collapse
They will not. There is no logical reason to check a partition that is designed to be modified.
In fact, I'll add Persist (calibration data) to the Wipe page!
jcadduono said:
It uses a custom very minimal kernel configuration with modifications to make it more compatible with TWRP.
Why does modification of persist matter? Persist can't affect OTAs as it's meant to be modified, it's only a firmware/calibration cache.
If it ever had an issue you could simply type:
make_ext4fs /dev/block/bootdevice/by-name/persist
Click to expand...
Click to collapse
Thanks for the clarification. I just remember when I was dirty flashing CM13 months ago when doing one of my devices bring-up. TWRP would complain with error 7 (I think?).
When I run a diff of the partitions it touched (I checked all init.rc's) I found the difference in persist. Reverting back the persist with DD (I always do a DD backup of my untouched devices, on all partitions before messing with them and store them on my NAS). The dirty flash went fine. Ever since that I include persist in my TWRP's.
I don't mind not having it in TWRP. I can bake my own anytime
celoxocis said:
Thanks for the clarification. I just remember when I was dirty flashing CM13 months ago when doing one of my devices bring-up. TWRP would complain with error 7 (I think?).
When I run a diff of the partitions it touched (I checked all init.rc's) I found the difference in persist. Reverting back the persist with DD (I always do a DD backup of my untouched devices, on all partitions before messing with them and store them on my NAS). The dirty flash went fine. Ever since that I include persist in my TWRP's.
I don't mind not having it in TWRP. I can bake my own anytime
Click to expand...
Click to collapse
I just replaced the -0 version, new one has modem read only and persist shows up in wipe page as "Persist (calibration data)" so people know what they're wiping.
There's a lot of partitions that seem scary and screw up your device when they're corrupt but you can just either format them (in the case of persist) or dd zeros to them (in the case of misc, modemst1, modemst2, efsg, and efsc) and the OS/firmware will regenerate everything on boot like you just took it out of the box.
any reason to flash this version of TWRP over the one UnjustifiedDev's made?? I can just flash the twrp.img file right?
celoxocis said:
Is this TWRP using the stock B29 kernel or your custom Kernel?
I was building my own TWRP for the Axon-7 the other day. Mainly to include more partitions for backup purpose while working on CM and back to stock. (Especially persist).
As far as I saw the CM rom messes with persist (creates folders and files in persist).
Should ZTE release Android 7.0 in January I want to be able to go back using the backup created of B29 and simply run the OTA.
If CM messes with persist and one goes back to B29 to upgrade to Android 7. The OTA partitions check before upgrade will probably fail with checksum errors. And the upgrade will fail.
One would have to go all the way back to factory B20 then =>B27 =>B29=>Android 7.
Correct me if I'm wrong.
But shouldn't we include at least those partitions that CM touches in TWRP for proper restore possibilities? And future upgrades of Stock?
Click to expand...
Click to collapse
I was under the impression that you couldn't install OTAb updates with an unlocked bootloader anyway. Is this not true?
abdi7451 said:
I was under the impression that you couldn't install OTAb updates with an unlocked bootloader anyway. Is this not true?
Click to expand...
Click to collapse
Bootloader status hasn't been checked by the OTAs so far (on the US model anyway). I've been able to go from a bootloader unlocked B20 -> official B27 OTA -> TWRP+CM13 -> Restore my B27 backup in TWRP + reflash stock recovery -> official B29 OTA -> reflash TWRP+CM13. As long as you are completely stock besides the bootloader, you can apply OTAs fine. (you can check the updater script in the OTA files for specifics on what it checks and what it patches)
xtermmin said:
Bootloader status hasn't been checked by the OTAs so far (on the US model anyway). I've been able to go from a bootloader unlocked B20 -> official B27 OTA -> TWRP+CM13 -> Restore my B27 backup in TWRP + reflash stock recovery -> official B29 OTA -> reflash TWRP+CM13. As long as you are completely stock besides the bootloader, you can apply OTAs fine. (you can check the updater script in the OTA files for specifics on what it checks and what it patches)
Click to expand...
Click to collapse
I am rooted and unlocked bootloader. How do apply the stock recovery in order to receive OTA updates?
Just wanna clarify this... B20 bootloader allows the fastboot OEM unlock command, and once you're unlocked, you can flash any bootloader you want. Flashing B29 bootloader does not lock you, once unlocked, always unlocked. Unless you relock it yourself. You can even go older than B20 bootloader. Feel free to play around with BL versions. I like B20 because no stupid 5 second warning thing.
If I already have the unofficial version for TWRP should I install this one over it or is it really the same thing?
@jcadduono, I think most people would find it helpful if you could list what's different between the now official version and @Unjustified Dev's version, as I know they've been developed semi in parallel.
WARNING #1: operations indicated on this post might potentially brick your device, make it unusable, to cause explosions, eruptions of nearest volcano and a lot of similar disasters.
For sure they will void your warranty in most countries and need all of your data permanently deleted, so make a copy of anything valuable before starting and don't do any operations if you are not a trained guy and sure about what you are going to do.
These are *not* operations for rookies. I will not be responsible in any case about eventual damages. XDA is your friend: if unsure, please ask! :fingers-crossed:
WARNING #2: operations elencated on this post are indicated and first hand tested as working only on Moto Z2 Force (Nash) XT1789-06 GSM/3G/LTE dual sim 6GB RAM 64GB storage unbranded international version on sale on German market with Nougat v.7.1.1 onboard.
They will probably work on most of unlockable bootloader & SIM unlocked versions, included US -04 versions too, but you'll test them yourself.
They are not intended for (US mainly...) CDMA versions (-01 & -03 if I don't go wrong...) since of a bit different hw/fw so avoid to apply them "as is" on those devices.
WARNING #3: there will probably be better methods to obtain same results and, for sure, there would be more in future. This is only a "recap" of what I've found working and applied first hand on my unbranded XT1789-06 Nash - with, IMHO, great results... - on November 2017.
I think this could be useful for many.
WARNING #4: I'm Italian, English is not my first Language, so... be patient!
1. INTRODUCTION
On this guide you will not find anything particularly new and/or not already present on this section of XDA.
So, why this guide? For some reasons...
First of all, to date every guide posted here is for a single operation (e.g. root, TWRP, etc...) and do not take in needed consideration interactions between single operations that, often, can be present, potentially dangerous and/or lead to unexpected behaviours.
More, for a single operation here there are often different posts with different guides/solutions and this could leads to errors and or doubts about what's better for our device...
Last but not the least, to date Nash developers here are mainly from US and so working on devices for the most part provided with branded fw and/or a bit different hw/fw respect to international unbranded versions sold on Europe, Asia, South America & Australia.
From my previous experience with my "old" Griffin (Moto Z) Motorola's fws are often interchangeable between devices with no (or only minimal...) issues at all, but, anyway, having a guide with operations first hand tested on same device is surely safer...
So, in this guide I'll link all best single guides posted here and I'll comment & link them to obtain a single complete "to do list" of works...
2. WHAT WE'LL GET
Following this guide we'll get a Moto Z2 Force with unlocked bootloader, latest available firmware (at present...) on board, a working TWRP recovery, complete root access, BusyBox support (needed for A LOT of interesting sw/tasks...) and Xposed support (I don't think I need to explain Xposed features & benefits here... ).
Taking in consideration how Moto's devices come with a "quite stock/vanilla" Android version on board, they are between the best devices to be rooted & Xposed provided to obtain a great customized system.
If you want to remain stock with your device eventually go with Samsungs (or similar...), but if you want a device that is a "blank canvas" for your customizations, Motorolas and this configuration would quite be the best you could want.
You are surely thinking about lack of Magisk and "SU hiding" solutions... obviously there are reasons for this.
Magisk: I have first hand seen how Magisk is a "very intrusive" software with its installation, it goes to modify *A LOT* of things on system partitions and this could leads to eventual issues/incompatibility.
More, it has its own rooting system (that in my humble opinion isn't better than SuperSU) that I preferred not to use (beneath I think it could be disabled... ) and that could conflict with SuperSU, if not now, maybe on successive Magisk updates (as it happened on my old Griffin... ).
Last but not the least, it seems to still have issues with particular partitioning present on our device (we'll see them later) and with TWRP flashing for same reasons...
Not to mention how, to date, it has really so few functions/modules we can't have using Xposed....
SUhide: there is a detailed guide on how to install succesfully SuperSU with its SUhide function on our device. On the same guide it's reported how that method is uncompatible with Xposed and leads to unsolvable bootloops if we setup both of them.
It is still not clear (to me...) if this is related to SUhide itself or to the different SU installation needed for SUhide to work but, anyway, I preferred Xposed obviously.
Not to mention that for Xposed have been developed some modules to succesfully hidden root (even if I don't know if they already works with Nougat... )
3. LET'S TAKE A LOOK TO OUR DEVICE
Knowledge is power. So, taking a look to our device particular features will help us to avoid errors and eventual issues...
Motorola developed our device with a new configuration/partitioning scheme seen before only on Google Pixels / Pixels XL, making our device probably the first "not Google" one to adopt it.
It is mainly marked by two news:
- there is no more a recovery partition :crying:
- there are two copies of boot and system partitions, called boot_a, boot_b, system_a & system_b and device is capable eventually to boot from every of them :cyclops:
Let's look them in details..
Recovery is obviously still present victory BUT it has no more its own partition, it is instead included in boot partition (where before there was only kernel and little more...) creating a potentially unwanted (by us tweakers, probably wanted by Google for the opposite reason! ) link between boot and recovery where safe rules would want them as unlinked as possible!
This leads to the need to flash a boot.img containing both kernel and recovery when we want to update only one of them (e.g. installing TWRP...) and this will have to be taken in account every time we would go to update kernel, TWRP but even when rooting (in fact, at first, developers were not able to gain root together with TWRP... issue then solved succesfully :highfive.
On Pixels their developers have found some methods to overcome this problem, but on our device, to date, we still don't have a complete solution to this issue. Anyway we are going in the right direction and it will be only matter of time in my opinion (especially since I'm "stressing" our developers to realize a similar solution...! ).
Double partitions for boot & system, often referred as "A/B partitioning" is a system introduced by Google to distribute OTAs in safer & seamless way, without interrupting user work during updates... (bah... ).
They are so totally unuseful as originally designed for US, since of going with TWRP/root, OTAs are no more a solution to upgrade and this partitioning scheme introduced some complications which have led to issues as with Magisk (as already seen...).
BUT as soon as we'll learn how to well manage them, new horizons will open (like updating fw on a partition still having the older one on the other for safety reasons and/or having two different fw versions and be able to choose what to boot from.. ). It's only matter of time...
Anyway in this guide we'll face them ever with safe in mind at the moment...
4. READY? LET'S GO WITH UNLOCKING BOOTLOADER!
If your device has unlockable bootloader (and if it is an international unbranded XT1789-06 it should have...!), you can easily unlock it with this good guide:
https://forum.xda-developers.com/z2-force/how-to/how-to-unlock-bootloader-t-mobile-t3654657
There is no more to say about this guide since it is well done, only some notes:
- guide title speaks of T-Mobile but obviously is suitable for international/unbranded too...
- please note that unlocking bootloader will wipe from your device all data & media storage (and they will be wiped again in successive steps, so *be sure* not having nothing valuable - e.g. your girl pics.. - before starting with procedures);
- install Motorola's latest drivers & fastboot provided on their site as hinted on guide. Don't skip this step to avoid potential issues in successive steps...
- if I don't wrong remember, step 8 of guide has to be repeated two times to confirm unlocking. Anyway look at your console messages and follow directions...
Reboot to system and make a fast configuration (we'll wipe them in minutes... ) to check all is ok and re-enabling usb debugging is preferred.
5. DOWNLOAD & UPDATE YOUR FW
I don't know with what firmware your device will come, BUT if it has anything *before* Nougat v.7.1.1 rel. NXPS26-122-68-1 we well go to update to this for following reasons:
- we need a (good) complete stock fw image to be flashed in case of problems;
- it is updated to September 2017 security patch;
- we have a TWRP with *this exact kernel* (they are linked in same image, remember?) for those (like me... ) which like a "so close to stock as possible" system...
This firmware can be downloaded from the following link: https://mirrors.lolinet.com/firmwar...ubsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip (about 2,35 GB..)
PLEASE NOTE: If you have newer firmware don't use this BUT try to download a matching version with your actual one.
Zipped file has to be fully unzipped into the folder containing fastboot executable (downloaded from Motorola!) on your PC.
If you get any error unzipping, *DON'T FLASH* anything and download again (eventually from another browser/PC).
Fastboot sequence I used is the following:
Code:
fastboot devices
pause
fastboot flash modem NON-HLOS.bin
pause
fastboot flash fsg fsg.mbn
pause
fastboot erase modemst1
pause
fastboot erase modemst2
pause
fastboot flash bluetooth BTFM.bin
pause
fastboot flash dsp adspso.bin
pause
fastboot flash logo logo.bin
pause
fastboot flash boot boot.img
pause
fastboot flash system system.img_sparsechunk.0
pause
fastboot flash system system.img_sparsechunk.1
pause
fastboot flash system system.img_sparsechunk.2
pause
fastboot flash system system.img_sparsechunk.3
pause
fastboot flash system system.img_sparsechunk.4
pause
fastboot flash system system.img_sparsechunk.5
pause
fastboot flash system_b system_b.img_sparsechunk.0
pause
fastboot flash system_b system_b.img_sparsechunk.1
pause
fastboot flash system_b system_b.img_sparsechunk.2
pause
fastboot flash system_b system_b.img_sparsechunk.3
pause
fastboot flash oem oem.img
pause
fastboot erase carrier
pause
fastboot erase cache
pause
fastboot erase userdata
pause
fastboot erase ddr
pause
fastboot reboot
That is ready to be put into a batch file to avoid errors and having the possibility to check results of every single flashing since of pause commands presence (press a key to continue to next file). Batch file has to be placed and started from same folder of fastboot & unzipped files to avoid errors.
Please note:
- I've added a fastboot devices command as first to check if your device is properly connected;
- I've used stock sequence of flashing BUT removed gpt (partitions) and bootloader for safety reasons (no need to flash them usually... and let Motorola upgrading your bootloader rarely is a good choice... )
If all flashes will go fine your device /data would be wiped (yes, again!) and phone will reboot after last command.
If something go wrong stop the sequence by CTRL+C and do not reboot your phone until you have understood/cleared/fixed what has gone wrong.
If fine, again... reboot to system and make a fast configuration (we'll wipe them in minutes... ) to check all is ok and re-enabling usb debugging is preferred.
6. INSTALL TWRP
This is a quite simple step, but you have to take a decision before you start...
I'll provide two different boot+TWRP image files as attachment to chose from (both of them realized by @joemossjr )
First one is composed by stock NPXS26 kernel and TWRP v.2 (it's a 3.1.1-0 in TWRP versions), while the second is composed by a kernel recompiled (with little modifications) from sources by joemossjr and TWRP v.3 (still a 3.1.1-0 in TWRP versions) with some little improvements (you can go to his thread for details on TWRP https://forum.xda-developers.com/z2-force/development/twrp-3-1-1-0-moto-z2-force-nash-t3687421 and to this one for details on Pantheon kernel https://forum.xda-developers.com/z2-force/development/kernel-pantheon-kernel-t3702208 ).
If you are on NXPS software version (flashed before) and want to remain "full stock" go with TWRPNPXS.zip, otherwise (you preferring newest firmware or want all newest features) go with TWRPREV3.zip.
Both files *have to be* decompressed, *can't be directly flashed* and your choice of them has to be flashed in fastboot mode with the command:
Code:
fastboot flash boot TWRPxxxx.img
where xxxx is matching your choice.
If all have gone fine, you can now reboot to recovery and make some backups if you prefer (please note you will need to place them to an sd card or to a plugged USB key, since internal memory will be fully deleted again soon...
PLEASE NOTE: during this phase still *don't enable* TWRP to Mount system as R/W ("Swipe to allow modifications for /system" message...) since it could lead to a not booting system if DM verity check is still enabled (it shouldn't since what @ChainfireXDA reported on Twitter, but it is better to be safe...).
A reboot to system to check all is still ok is preferred. If TWRP asks to install his app files on exit, *be sure* to decline/skip (ever! There is an option in TWRP to disable this request too!).
PLEASE NOTE: this way we are flashing ONLY ONE of the boot partitions with TWRP (usually boot_a) while the other (boot_b) is unaffected. This is a wanted behaviour to stay on "safe side".
PLEASE NOTE: On the linked thread @joemossjr put a flashable zip file to update it from inside TWRP itself which flash both boot_a & boot_b. So if you'll want to update to newer versions (and remain on safe side...) unzip that file too (instead to flash it in TWRP), extract boot.img contained inside and flash it with the same command indicated before.
Please note all newer versions will use Pantheon Kernel.
WARNING: If you will in future reflash kernel/TWRP to update them, you would lose both root & disabled forced encryption!!!
So, after every boot.img flashing *you will need*, before booting system, to boot TWRP and flash again SuperSU before reboot to system.
If you fail to do this you'll face bootloops and/or your /data partition will be corrupted. So a /data backup (on external storage!) before a kernel/TWRP update would be mandatory.
7. ROOT & DECRYPT DEVICE
In this step we will go to finally root the device and decrypt its /data partition. This operation *will delete all data again* on you device (downloaded files & pics too!).
Decryption of /data is needed for many reasons:
- to date TWRP is unable to work with compressed /data (and, anyway, it's ever dangerous to work with encrypted data backups/restore... )
- some advanced software you'll go to use could have issues with encrypted data
- a decrypted device is slightly faster
- you definitely will want it unencrypted... listen to me!
Since our phone will come "force encrypted" (it can't be disabled on stock fw!), we need SuperSU help on this and so we'll need to follow *at perfection* the following provided sequence!
Not all SuperSU are equals (more... they are all different! :silly so, tested working fine version to be used is this: http://download.chainfire.eu/1220/SuperSU/SR5-SuperSU-v2.82-SR5-20171001224502.zip?retrieve_file=1
If newer will be out, don't mind, you could ever upgrade it from inside a working system...
Steps are:
- boot to fastboot mode (from off, VOL DOWN + POWER)
- from fastboot mode select RECOVERY mode
- go to wipe menu and select /data FORMAT (not wipe or factory reset, FORMAT!)
- if you have placed downloaded SuperSU zip file on SDcard or USB key browse to it in TWRP Install menu (otherwise connect your phone to PC and trasfer it to internal memory and then browse for it), then Flash it.
- *do not* and I repeat it, *do NOT* clear cache/dalvik cache
- reboot to system
First boot could take a while and probably it reboots one (or two...) times, but at the end it will boot... :fingers-crossed:
You'll have to reconfigure again your system BUT this time, if all has gone fine, it's the good one, so you can do a better configuration if you want.
You will need a working Play Store for next steps, so add a data SIM and/or a wireless network and setup a Google account to enable it.
To check if all has gone fine you should have:
- a SuperSu icon into apps drawer
- on Settings - Security there should be an option to encrypt your system (DON'T chose it! :silly instead of the previous "encrypted" status..
It could be a good moment to download an useful Root check app. A good one is Root Check by JRummy Apps which is able to check Busybox & Xposed presence too (and more...).
8. BUSYBOX & XPOSED
If you have reached this point and all is fine, now it's very simple to complete.
Both Busybox & Xposed can in fact be installed from inside a working rooted system, so...
- download from Play Store BusyBox (free version) by Stephen (Stericson), open it, grant root permissions and press Install button without wait all the (unuseful) checks
- reboot
- enable in Settings - Security the "unknown sources"
- download from here https://forum.xda-developers.com/attachment.php?attachmentid=4319220&d=1509453299 latest Xposed installer/manager apk
- install it, open it and grant root
- select Xposed v.88.2 (or newer if available) for arm64 (if many options are showed be sure to select this, arm64!!!) and select Install (*NOT* via recovery... simply normal Install)
- when prompted for a reboot, accept it.
Please note first reboot could take a while and, again, it could self reboot one (or two times...). When at last it will reboot... gotcha!!! It's cigar time!!! :victory:
Well... it has been a LONG WORK to write this as simple & complete as possible. I hope to not have inserted any error and to have been enough clear on provided instructions.
If you'll find any errors please report to me for corrections.
Newer & better methods are welcome too.
If you liked this, PLEASE USE THANKS BUTTON!
EneTec
MANY THANKS TO:
@seniorstew
@joemossjr
@jhofseth
@Uzephi
for their useful linked guides and/or great development! :good:
Reserved #1.
Reserved #2.
Awesome guide! One of the most intricate guides that goes over every last detail that I've read on XDA in a long time. Thank you. ?
...
Great guide, thanks for the notes re: Xposed...I kept trying to install from TWRP (habit)
3's&7's said:
Great guide, thanks for the notes re: Xposed...I kept trying to install from TWRP (habit)
Click to expand...
Click to collapse
Our device still needs some cautions & tips...
Issue with Modem/Radio
After following your guide to the letter, my phone would not connect to a mobile network and would say "Error while searching for networks" when I tried to force it to find one. I ended up following this guide to try and get back to a working setup:
https://forum.xda-developers.com/z2...m-stock-november-hybrid-rom-t-mobile-t3712795
Unfortunately, nothing is working. Any help would be greatly appreciated.
Thanks!
-Josh-
I figured it out. Had to use the Flash ALL Package from that other post. The modem firmware is very specific.
might be this is the reason i loose 4G+ (4G instead) signal after flashing lmfao
just Wow!! What a great post!!
Damn! Why did follow this guide!? I knew I didn't need to flash anything but boot/boot_a and stay on stock FW with only TWRP from Pantheon kernel!
Now I have a Moto Z2 Force (Dual SIM, UK, retail) without wifi, mac 02:00:00:00:00:00:00:00 and it cannot switch it on!
Any one have full stock image, at least of the boot partition from Dual SIM, UK?
PS: No need to link to Factory Image Moto Z2 Force (NASH) RETAIL. both of them aren't fixing anything for me.
hashnon said:
Damn! Why did follow this guide!? I knew I didn't need to flash anything but boot/boot_a and stay on stock FW with only TWRP from Pantheon kernel!
Now I have a Moto Z2 Force (Dual SIM, UK, retail) without wifi, mac 02:00:00:00:00:00:00:00 and it cannot switch it on!
Any one have full stock image, at least of the boot partition from Dual SIM, UK?
PS: No need to link to Factory Image Moto Z2 Force (NASH) RETAIL. both of them aren't fixing anything for me.
Click to expand...
Click to collapse
Bitdefender blocked it for me for the longest time, then after reinstalling minimal ADB and Fastboot, Motorola Manager, and allowing access to Windows File Explore through Bitdefender, it worked for me; check your antivirus, hope that helps.
Blocked what? And anyway, I don't have any antivirus. There is brain and Linux for that!
hashnon said:
Blocked what? And anyway, I don't have any antivirus. There is brain and Linux for that!
Click to expand...
Click to collapse
Oh my bad, lol
Ok, fixed it my self, this: https://forum.xda-developers.com/ne...0000000000-t3257465/post65960082#post65960082 gave me general idea what to do and what to check.
hashnon said:
Ok, fixed it my self, this: https://forum.xda-developers.com/ne...0000000000-t3257465/post65960082#post65960082 gave my general idea what to do and what to check.
Click to expand...
Click to collapse
Good to hear that, I got so mad when I went in and tried rooting my Z2F without reading this guide first on the very first day that I got it. ??
Deester4x4jr said:
I figured it out. Had to use the Flash ALL Package from that other post. The modem firmware is very specific.
Click to expand...
Click to collapse
This is intended/tested only on EU/intl. XT1789-06... on what version did you applied all this?
ilovemeow said:
might be this is the reason i loose 4G+ (4G instead) signal after flashing lmfao
Click to expand...
Click to collapse
This is intended/tested only on EU/intl. XT1789-06... on what version did you applied all this?
hashnon said:
Ok, fixed it my self, this: https://forum.xda-developers.com/ne...0000000000-t3257465/post65960082#post65960082 gave me general idea what to do and what to check.
Click to expand...
Click to collapse
This is intended/tested only on EU/intl. XT1789-06... on what version did you applied all this?
How do you fix your wifi issue exactly?
Hi
I was struggling through the past 4 days since I Bricked my device. And as they say "The charity of knowledge is spreading it"
this will not be a real guide. only links and referral to other guides with some noop-friendly (Such as me) notes (As some people doesn't know that lenovo K12 is the same device as Moto G9 play)
1st: Unlocking bootloader -> The process for unlocking the bootloader is similar to that of a Moto device. You can find detailed instructions on how to unlock the bootloader for Motorola devices at GetDroidTips.The process is similar to the Moto device, you can search getdroidtips for how to unlock bootloader for motorolla devices, it is really a well specified described there
2nd:
In case you are on Stock ROM and want to install Custom ROM
- Unfortunately, there is no single custom ROM available for Guamp devices (Lenovo k12 or Moto G9)
- Although, there Guamp devices supports GSI roms (They are non-specific roms. you can consider them a custom roms without specification to our device)
Here is the guide How to install them: Here - Thanks to michaelmelita1
Notes:
1. You can install any GSI from this link, It only should support the a/b partitions
Here is an example: https://github.com/ponces/treble_build_pe/releases/
If you read the package name (Arm64-ab) any GSI containing them name means it is compatible with our devices
2. From the previous link, always install the biggest package (Do NOT install package contating "Slim" or "Vndklite"
3. Some packages have letter written in the name such as (bvN = Vanilla/No Google apps ||||| bgN=contains Google apps)
Up to the moment, I have tried (And I can confirm it works) the following GSI ROMS (Android 13 only)
Pixel Experience Plus 13.0 v2023.04.21
OctaviOS
Miku UI
3rd: How to root
- You should do these steps just after installing the new ROM, and before booting into the system (after finishing the installation process reboot into recovery directly and install Magisk)
- If you booted to your system, you need to wipe your FULL DATA and everything. enter recovery (TWRP) -> Reset -> Format data -> write yes and then confirm
1. Install TWRP - Discussed in this mechaelmelita1 thread also: here
2. Install Magisk APK file from here
3. Rename the magisk file into (Magisk.ZIP) -> Just change the .APK to .ZIP
4. Move the Magisk.ZIP to your device by a laptop using whatever method, then through TWRP screen -> Install -> Choose the Magisk.ZIP and install it
5. Reboot and starts your system
6. If you faced the issue (Abnormal state - "su" binary not from Magisk has been detected) -> then install this module (Link) through magisk
4th: You want to go back to stock ROM:
- Here is the trick, I spent days to find the proper ROM
- First you should connect your device to a fastboot -> Write this code:
Code:
Fastboot getvar all
this code will reveal a lot of details
- Look for your device version (The retail)
You will find it in Fingerprint line
Mine was: RPXS31.Q2-58-17-7-3
1. Go to this website: Here
2. Copy you device version and Search for your ROM in this website (It has to be specifically the same, I mean a ROM with the name RPXS31.Q2-58-17-7 will not work, because the last 3 isn't there which means it is not specific to your device)
3. Enter bootloader (Bootloader, not fastboot) and follow the steps here - thanks to jitendrapingale35 (Check the next step, there is 2 additional commands you need to add)
4. After executing the command
Code:
fastboot flash super super.img_sparsechunk.16
, add the following two commands and then continue with the instructions in the thread:
Code:
fastboot flash super super.img_sparsechunk.17
fastboot erase carrier
That is all for now
I will post anything new I can add
This is my first guide, so accept any mistakes or misunderstandings
Thank you