Related
Credits :- @Snoop05 for 15 sec ADB Installer , @Grarak for TWRP , @Chromium for the thread template !
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Information
Rooting this device is actually quite a simple and easy process. Before you begin, it is recommended that you at least try to understand what each part of the process will do. Although this guide will elongate each step in order to show all of the details, the method used can be broken up into 3 main steps: Unlocking the Bootloader, Installing a Custom Recovery and finally Rooting. Each new step relies on the previous step to have been completed, and a basic summary of each part is:
Unlocking Bootloader: Opens the door to the internal memory of the device to be written on to. This allows you to flash images onto the main partitions of the phone.
Installing a Custom Recovery: A custom recovery is flashed onto the recovery partition of the device and overwrites the stock recovery that exists by default. Custom recoveries bring lots of functionality and give you the ability to perform wipes, install flashable zips, create full backups of your NAND (Nandroid backup), and various other features. An unlocked bootloader is needed to install a custom recovery.
Rooting: You can gain root by either flashing via recovery a pre-rooted custom rom, or flashing a zip containing the SuperSU binaries. A custom recovery is necessary to do this.
After completing these steps your phone will be rooted, the phone will have a custom recovery installed, and the phones bootloader will be unlocked. This, in our opinion, is the most practical and beneficial method for rooting your phone. It gives you some basic adb/fastboot knowledge, and should hopefully help you have a decent understanding of what is going on. Also this method will work regardless of what android version your phone has.
If you are confused by anything in this guide, we would highly suggest getting it clarified being before moving on. Ask your question in this thread and we or someone else will likely answer. Also we would suggest that you read over the whole thread a few times before actually doing anything to the phone.
Understood? Good...let's begin
Setup, Preparation and Prerequisites
Basic tasks that may be referred to throughout this guide:
Open command prompt - Press Shift + Right Click anywhere on the screen and select Open Command Window here/
Enter fastboot mode- Turn the phone off. Hold volume up + power until the "fastboot" screen appears. [Alternatively, if Advanced Reboot is enabled, you can press Reboot -> Bootloader from the power menu.]
Enter recovery mode - Turn the phone off. Hold volume down + power until the "OnePlus Logo" screen appears. [Alternatively, if Advanced Reboot is enabled, you can press Reboot -> Recovery from the power menu.]
ADB and Fastboot Installation
1. Download the ADB For Windows from here :- https://drive.google.com/open?id=0B0MKgCbUM0itNVB1elljU2NPR0k
2. Run the .exe file downloaded from above as Administrator.
3. Press 'Y' every time the installer asks for.
4. Continue Driver Installation.
Now,ADB and Fastboot have been installed on your PC. Great !
Some Important Things
Show File Extensions - Open a command prompt window and run "Control folders" (without the quotes). Go to the View tab and uncheck the "Hide extensions for known file types" option. This will help avoid confusion when renaming files.
Battery - Ensure that your phone has at least 60% battery remaining, and that your PC is plugged in and wont shut down spontaneously during the process. The procedure doesn't take very long , but its best to have enough charge in case something goes wrong.
Backup (Optional) - Unlocking the bootloader will/should completely wipe all data from the device. This includes apps, settings and even the contents of the internal sdcard (pictures, music, etc.). Copy all important files off the phone onto a PC or upload them to a cloud.
Downloads
Download a custom recovery and the SuperSU zip below. Place both files on the desktop.
TWRP:
TWRP
Root:
SuperSU
USB Debugging - On your phone go to Settings > About phone > Tap on Build number 7 times. This will enable Developer options. Now go back to Settings > Developer options > Enable USB debugging
Enable OEM Unlocking - On your phone go to Settings > Developer options. Then enable the 'OEM Unlocking' option. Also,a free advice, make sure that from now on,OEM unlocking option is enabled before you reboot. Sometimes,it might get disabled itself.
Enable Advanced Reboot - On your phone go to Settings > Developer options. Then enable the 'Advanced Reboot' option.
1. Unlocking Bootloader
Turn the phone off. Then boot it into fastboot mode by holding volume up + power. The phone will display "fastboot" text indicating that it has successfully entered fastboot mode.
Plug the phone into your PC, then open a command prompt window on the desktop (Shift + Right Click -> Open Command Window here) and type :-
Code:
fastboot devices
This command will list the connected devices. If your phones serial number shows up you are good to go and may continue. If the phone is NOT listed this indicates that your drivers are not installed correctly. In order for you to continue you must fix your drivers so that your phone is listed under fastboot devices.
If the phone has been recognized by the command above, proceed to unlocking the bootloader with the following command: Remember that this step will/should wipe EVERYTHING off the phone
Code:
fastboot oem unlock
After the above command has finished excuting, run the following
Code:
fastboot reboot
Now, your phone will reboot. Continue to the next step to install Custom Recovery ...
Wait until the phone has fully booted up into android, then adjust the following settings on the phone:
USB Debugging - On your phone go to Settings > About phone > Tap on Build number 7 times. This will enable Developer options. Now go back to Settings > Developer options > Enable USB debugging
Enable OEM Unlocking - On your phone go to Settings > Developer options. Then enable the 'OEM Unlocking' option. Also,a free advice, make sure that from now on,OEM unlocking option is enabled before you reboot. Sometimes,it might get disabled itself. [Most probabaly,it will already be enabled as you did it above.Then,NO NEED to disable and enable it.]
Enable Advanced Reboot - On your phone go to Settings > Developer options. Then enable the 'Advanced Reboot' option.
2. Flashing TWRP
Turn the phone off. Then boot it into fastboot mode by holding volume up + power.
Rename the recovery file that you downloaded above to recovery.img. *Make sure that you rename it to recovery.img NOT recovery.img.img* ,Make sure that this file is placed on the desktop.
Open a new command prompt on desktop and run the following commands:
Code:
fastboot flash recovery recovery.img
Once the flash has completed, Don't use the "Fastboot Reboot" Command Instead Unplug Your phone then Manually boot it into recovery by keeping Power + Volume Down button pressed.
In TWRP, select Reboot and then select System. Now your phone will boot into System and you have cleared Steps 2/3 . Grats.
So, now, time has come to do what we want to achieve through all this. The 'ROOT' . Keep following .
But,before that, take a Nandroid Backup.
3. Making a Nandroid Backup
Warning: before you make a backup with TWRP you must remove all lockscreen security. If you do not do this you will not be able to unlock your device after restoring your backup (entering your pin will result in an "incorrect pin" message), you'll be forced to perform a factory reset to boot into Android. To remove lockscreen security go to Settings>Security>Screen Lock and set it to swipe/none.
A Nandroid Backup is a very important thing to have before installing any custom software on your device. It's basically a backup of your stock system that you can fall back on if anything goes wrong or if you just want your stock ROM back. You can also use Nandroid Bckup to create a backup of your favorite ROM set up exactly the way you like it. The backup you create can be easily restored using the restore tool in TWRP recovery.
Boot into TWRP Recovery .
Go to Backup Menu and select all the listed partitions.
Swipe to take Backup. The process will take some time.
Reboot
Now, let us continue to rooting !
4. Rooting
Now that your phone has an unlocked bootloader and a custom recovery installed, you have two options to gain root (Pick one or the other. You don't need to do both. ).
Option A) Flash SuperSU binaries which will give you root with the stock ROM
Confirm that you have downloaded the SuperSU zip from the downloads section above. Connect OP3 to PC and send SuperSU to your phone.
Turn the phone off. Then boot into recovery mode by holding volume down + power. Leave the phone at the main screen of the custom recovery for now.
Install > browse to SuperSU zip and select it
Swipe to confirm the installation. Then reboot.
Option B) Flash a custom rom which will come pre-rooted
Note that not all custom roms will be pre rooted, however the majority of them are. Read the OP of the ROM thread to see what the verdict is.
Copy a custom rom (you can find these in the OnePlus 3 ROMs, Kernels, Recoveries, & Other Development section of XDA or Custom OP3 Software section on OnePlus Forums) onto the phone (remember the location of where you copy it to)
Turn the phone off then boot into recovery mode by holding volume down + power. To install a custom ROM the general procedure to follow is: wipe Dalvik + System + Data + Cache, flash ROM, flash GApps.
Wipe > Advanced Wipe > Select Dalvik + System + Data + Cache > Swipe to Wipe
Install > browse to the location where you previously copied the ROM zip and select it > Swipe to confirm the installation
Install GApps using same process as ROM, then reboot.
Keep in mind that the first boot after installing a custom ROM & wiping the phone may take longer than usual, as the phone will need to rebuild the dalvik cache and initialize other first boot stuff.
Congrats! That is all! Your phone now has an unlocked bootloader, a custom recovery installed and is rooted. Enjoy !
The very first thing we highly recommend you to do now is to take EFS Backup and save it at your cloud and PC. It is very very important.
5. Making an EFS Backup
All too often, we've seen folks who have a corrupted or missing EFS Partition. This results in your IMEI being lost and no cellular activity on the device at all. This can be a royal PITA to fix, and some folks haven't been able to fix it at all. You can take a precautionary measure to safeguard yourself against this by taking a couple of minutes to back up your modemst files.
Open up Terminal Emulator on your phone (if you don't have it you can download it here).
Once it's open you'll be greeted with a command line prompt, in which you can enter text commands, the first thing you need to do is enable root access by entering this line (press the enter key on your on-screen keyboard after each command to issue it):
Code:
su
If this is the first time you've used Terminal Emulator a Superuser or SuperSU popup will appear, make sure you grant root access.
Now enter these two commands:
Code:
dd if=/dev/block/sdf1 of=/sdcard/modemst1.bin bs=512
Code:
dd if=/dev/block/sdf2 of=/sdcard/modemst2.bin bs=512
This will place two files (modemst1.bin & modemst2.bin) on your internal storage. Make sure you copy them to your PC and other Clouds immediately so that you have a backup there to use if you need to restore it in future.
That's it !! Incase you ever need to restore Nanroid or EFS Backups, continue.
6. Restoring a Nandroid Backup
Note: If you happened to forget to remove lockscreen security (PIN/Pattern/Fingerprint) before creating your backup, and you cannot get into your OS after restoring, you can do the following to fix the issue. Boot into TWRP and use the built in file manager to delete /data/sytem/locksettings.db. This should be enough to get you into your OS again. If it isn't you can also try deleting /data/system/locksettings.db-shm and /data/system/locksettings.db-wal. If this still doesn't fix your issue you can delete /data/system/gatekeeper.password.key and /data/system/gatekeeper.pattern.key.
Boot into TWRP Recovery .
[Only and Only if you want to restore /system and /data too from the Backup] Wipe > Advanced Wipe > Select Dalvik + System + Data + Cache > Swipe to Wipe. Go back to TWRP Home.
Go to Restore Menu and select the backup you want to restore.
Select the partitions you want to restore.
Swipe to Restore. The process will take some time.
Reboot
7. Restoring an EFS Backup
If by chance you end up with a corrupt EFS partition all you need to do is flash the files back to your device using fastboot.
Boot into fastboot mode (power + volume up) and connect your phone to your PC via usb cable.
Keep modemst1.bin and modemst2.bin (backed up earlier) on your desktop and open command window there.
These fastboot commands will restore the files:
Code:
fastboot flash modemst1 modemst1.bin
Code:
fastboot flash modemst2 modemst2.bin
Reboot your device.
Code:
fastboot reboot
Now disconnect phone from PC. Hope your IMEI etc is back.
That's it for the guide. Enjoy !
Source of TWRP image?
anandbibek said:
Source of TWRP image?
Click to expand...
Click to collapse
Oneplus 3 forums. I think it's against XDA rules for me to link it there, so I'll link a similar post
http://forum.xda-developers.com/oneplus-3/how-to/custom-rom-op3-t3398784
Does rooting the op3 voids warrenty ???
just now got the phone .. Need to restore backups from titanium backup
And kindly tell me whether after unlocking bootloader only datas will be erased or the stock rom too ??
Only data
Sent from my LG-D855 using XDA-Developers mobile app
HatRiGt said:
Does rooting the op3 voids warrenty ???
just now got the phone .. Need to restore backups from titanium backup
And kindly tell me whether after unlocking bootloader only datas will be erased or the stock rom too ??
Click to expand...
Click to collapse
#YOLO
yes and yes
HatRiGt said:
Does rooting the op3 voids warrenty ???
just now got the phone .. Need to restore backups from titanium backup
And kindly tell me whether after unlocking bootloader only datas will be erased or the stock rom too ??
Click to expand...
Click to collapse
No. Rotting OP3 doesn't void warranty, as is the case with OPO, OP2, OPX.
Only Data.
Sent from my OnePlus2 using XDA Labs
Has anyone successfully rooted the device with this method yet? Any reports on how you had to modify it or what may have gone wrong and how you corrected it?
i rooted my op3 successfully =) the only bad sideeffect is the "warning bootloader is open" message. this only appears at boot and tells that the devices is not googles trusted anymore.
Dr4g0n said:
i rooted my op3 successfully =) the only bad sideeffect is the "warning bootloader is open" message. this only appears at boot and tells that the devices is not googles trusted anymore.
Click to expand...
Click to collapse
A kernel with dm verity disabled can be flashed. None for now. Will try to get one soon.
Best Regards,
Naman.
Sent from my OnePlus2 using XDA Labs
Dr4g0n said:
i rooted my op3 successfully =) the only bad sideeffect is the "warning bootloader is open" message. this only appears at boot and tells that the devices is not googles trusted anymore.
Click to expand...
Click to collapse
And opening the bootloader probably disables the possibility of getting OTA updates as well? Could it be rooted without opening the bootloader, so OTA updates can still be obtained?
UnnamedFile said:
And opening the bootloader probably disables the possibility of getting OTA updates as well? Could it be rooted without opening the bootloader, so OTA updates can still be obtained?
Click to expand...
Click to collapse
Yes. It is because of dm verity
Sent from my OnePlus2 using XDA Labs
Dr4g0n said:
i rooted my op3 successfully =) the only bad sideeffect is the "warning bootloader is open" message. this only appears at boot and tells that the devices is not googles trusted anymore.
Click to expand...
Click to collapse
UnnamedFile said:
And opening the bootloader probably disables the possibility of getting OTA updates as well? Could it be rooted without opening the bootloader, so OTA updates can still be obtained?
Click to expand...
Click to collapse
BTW You guys rooted from this guide ? Because, ideally, it should disable dm verity.
Sent from my OnePlus2 using XDA Labs
I don't guess you can do a "fastboot boot recovery.img" like on Nexus devices? I'd like to keep stock recovery but will flash twrp if that's the only option once the stock images are available.
lensgrabber said:
I don't guess you can do a "fastboot boot recovery.img" like on Nexus devices?
Click to expand...
Click to collapse
Nope, I just tried:
http://forum.xda-developers.com/showpost.php?p=67349425&postcount=14
I'd like to keep stock recovery but will flash twrp if that's the only option once the stock images are available.
Click to expand...
Click to collapse
Same here.
OnePlus 5: Unlock Bootloader | Flash TWRP | Root | Nandroid & EFS Backup & More !!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Before you start, OTA up to the latest System Update available.
Settings > System Updates > Download & Install the latest available
Introduction
Rooting this device is actually quite a simple and easy process. Before you begin, it is recommended that you at least try to understand what each part of the process will do. Although this guide will elongate each step in order to show all of the details, the method used can be broken up into 3 main steps:
Unlocking the Bootloader
Installing a Custom Recovery
Gaining Root Access
Each new step relies on the previous step so please follow the entire process and a basic summary of each part is described as below:
Unlocking BootloaderOpens the door to the internal memory of the device to be written on to. This allows you to flash images onto the main partitions of the phone.
Installing a Custom RecoveryA custom recovery is flashed onto the recovery partition of the device and overwrites the stock recovery that exists by default. Custom recoveries bring lots of functionality and give you the ability to perform wipes, install flashable zips, create full backups of your device (Nandroid backup), and various other features. An unlocked bootloader is needed to install a custom recovery.
Gaining Root AccessYou can gain root by either flashing via recovery a pre-rooted custom rom, or flashing a zip containing the SuperSU binaries or by Flashing Magisk Zip for a system less root. A custom recovery is necessary to do this.
After completing these steps your phone will be rooted, the phone will have a custom recovery installed and an unlocked bootloader. This, in my opinion, is the a practical and beneficial method for rooting your phone. It will give you some basic adb/fastboot knowledge, and should hopefully help you have a decent understanding of the entire process. This method will work regardless of any android version on the phone.
If you are confused by anything in this guide, I highly suggest getting it clarified being before moving on. Ask your question in this thread and I or someone else will likely answer. Also we would suggest that you read over the whole thread a few times before actually doing anything to the phone.
Setup, Preparation & PrerequisitesBasic tasks that may be referred to throughout this guide:Open Command Prompt: Press Shift + Right Click anywhere on the screen and select Open Command Window here
Enter Fastboot/Bootloader Mode: Turn the phone off. Hold volume up + power until the "fastboot" screen appears. [Alternatively, if Advanced Reboot is enabled, you can press Reboot > Bootloader from the power menu.]
Enter Recovery Mode: Turn the phone off. Hold volume down + power until the "OnePlus Logo" screen appears. [Alternatively, if Advanced Reboot is enabled, you can press Reboot -> Recovery from the power menu.]
ADB and Fastboot Installation1. Download the ADB For Windows from here Credits @Snoop05 his Original XDA Thread Here
Or You can manually update Fastboot and ADB binaries here Credits @lj50036 his Original XDA Thread Here
2. Run the .exe file downloaded from above as Administrator.
3. Press 'Y' every time the installer asks for.
4. Continue Driver Installation.
Now, ADB and Fastboot have been installed on your PC and should be Working as desired.
Things To RememberShow File Extensions :good:
Open a command prompt window and run "Control folders" (without the quotes). Go to the View tab and uncheck the "Hide extensions for known file types" option. This will help avoid confusion when renaming files.
Battery :good:
Ensure that your phone has at least 60% battery remaining, and that your PC is plugged in and wont shut down spontaneously during the process. The procedure doesn't take very long , but its best to have enough charge in case something goes wrong.
Backup (Optional) :good:
Unlocking the bootloader will/should completely wipe all data from the device. This includes apps, settings and even the contents of the internal sdcard (pictures, music, etc.). Copy all important files off the phone onto a PC or upload them to a cloud.
USB Debugging :good:
On your phone go to Settings > About phone > Tap on Build number 7 times. This will enable Developer options. Now go back to Settings > Developer options > Enable USB debugging
Enable OEM Unlocking :good:
On your phone go to Settings > Developer options. Then enable the 'OEM Unlocking' option. Also make sure that from now on, OEM unlocking option is enabled before you reboot as sometimes, it might get disabled itself.
Enable Advanced Reboot :good:
On your phone go to Settings > Developer options. Then enable the 'Advanced Reboot' option.
Unlocking Bootloader
Turn the phone off. Then boot it into fastboot mode by holding volume up + power or select reboot to bootloader if advanced reboot is activated via developer options. The phone will display "fastboot" text indicating that it has successfully entered fastboot mode.
Plug the phone into your PC, then open a command prompt window on the desktop (Shift + Right Click -> Open Command Window here) and type:
Code:
fastboot devices
This command will list the connected devices. If your phones serial number shows up you are good to go and may continue. If the phone is NOT listed this indicates that your drivers are not installed correctly. In order for you to continue you must fix your drivers so that your phone is listed under fastboot devices.
If the phone has been recognized by the command above, proceed to unlocking the bootloader with the following command:
Remember this Step will WIPE EVERYTHING off the phone so Backup all your Data
Code:
fastboot oem unlock
You would be greeted with a Unlock Bootloader Warning page, Hit the Vol button to select Yes and turn it Blue and Hit the Power Button to Execute the selection
Your device will reboot, show you a Secure boot warning, reboot into stock recovery and wipe all data. Once done, your phone will reboot into the OS.
Please continue and follow the next post to install Custom Recovery
Flashing TWRP Recovery
Downloads:
Recovery:
Codeworkx TWRP | Blu_Spark TWRP
Magisk
Wait until the phone has fully booted up into android, then adjust the following settings on the phone:
USB Debugging:
On your phone go to Settings > About phone > Tap on Build number 7 times. This will enable Developer options. Now go back to Settings > Developer options > Enable USB debugging
Enable OEM Unlocking:
On your phone go to Settings > Developer options. Then enable the 'OEM Unlocking' option and make sure that from now on, OEM unlocking option is enabled before you reboot. Sometimes, it might get disabled itself.
Enable Advanced Reboot:
On your phone go to Settings > Developer options. Then enable the 'Advanced Reboot' option.
Download all the files, place SuperSU or Magisk on Device Internal Memory and TWRP img in the Android Folder under the Platform Tools folder in C Drive
Then boot it into fastboot/bootloader mode by holding volume up + power or selecting the reboot to bootloader via advanced reboot options.
Open a new command prompt in the same location and run the following commands:
Code:
fastboot flash recovery (file name).img
Once the flash has completed, Don't use the "Fastboot Reboot" Command Instead Unplug Your phone then Manually boot it into recovery by keeping Power + Volume Down button pressed or you can also use the command:
Code:
fastboot boot recovery.img
PS: DO NOT BOOT IN OS JUST YET & CONTINUE TO THE ROOTING POST
Gaining Root Access
This is a continued post from the above post...
For Users who want to remain Encrypted: :fingers-crossed:
1. Boot into TWRP Recovery and allow system modifications.
2. Swipe right and enable modifications.
3. Select your preferred Language, Tap “Never show this screen on boot again,” and Swipe allow modification.
4. Navigate to Install and select Magisk Or SuperSU to root OnePlus 5.
5. Swipe to confirm the flash
6. Reboot System
Keep in mind that the first boot after wiping the phone may take longer than usual, as the phone will need to rebuild the dalvik cache and initialize other first boot and would reboot a few times due to SuperSU Flash.
For Users who want to Decrypt Data have to Format Data & Flash No Verity OP5 Zip :fingers-crossed:
1. Boot into TWRP Recovery and allow system modifications.
2. Swipe right and enable modifications.
3. Select your preferred Language, Tap “Never show this screen on boot again,” and Swipe allow modification.
Go to “Wipe” section and tap “Format Data”, and type “yes” to mount internal storage
4. Download & Transfer no_verity_op5.zip to the device over MTP from here Credits @snowwolf725
5. Go to “Install” section, select no_verity_op5.zip, and swipe to confirm the flash
6. Transfer latest Magisk/SuperSU to the device over MTP to your Oneplus 5 & Swipe to confirm the flash
7. Reboot System
* MTP, known as Media Transfer Protocol, is the same way you transfer files from your PC to your device when booted into system.
Congrats! That is all! Your Device now has an unlocked bootloader, a custom recovery installed and is rooted along with your preference of staying encrypted or decrypted.
Warning: Do not flash partial update OTAs (under 1 GB) on a modified device! If you want to use partial OTAs, you must first flash a full OTA that it applies to, and then flash the partial OTA from stock recovery. Flashing partial OTAs from TWRP will either fail or soft brick your device. You can return to a usable state by flashing full zips in recovery.
Enjoy :fingers-crossed:
Making a Nandroid BackupWarning: before you make a backup with TWRP you must remove all Lockscreen Security. If you do not do this you will not be able to unlock your device after restoring your backup (entering your pin/pattern/password will result in an "incorrect pin/pattern/password" message), you'll be forced to perform a factory reset to boot into Android.
To remove lockscreen security go to
Settings > Security > Screen Lock and set it to Swipe/None.
A Nandroid Backup is a very important thing to have before installing any custom software on your device. It's basically a backup of your stock system that you can fall back on if anything goes wrong or if you just want your stock ROM back.
You can also use Nandroid Bckup to create a backup of your favorite ROM set up exactly the way you like it. The backup you create can be easily restored using the restore tool in TWRP recovery.
To Create Nandroid Backup:
1. Boot into TWRP Recovery .
2. Go to Backup Menu and select all the listed partitions.
3. Name the Backup if needed (Optional)
4. Swipe to take Backup.
This proces should take 4 to 8 minutes depending upon the size of data.
5. Reboot System when done.
Your Nandroid will be stored in the Backup Folder inside TWRP Folder /sdcard/TWRP/BACKUPS
Restoring a Nandroid Backup
1. Boot into TWRP Recovery
2. Go to Restore Menu and select the backup you want to restore.
3. Select the partitions you want to restore.
4. Swipe to Restore. The process will take 6 to 10 minutes.
5. Reboot system once done
Note: If you happened to forget to remove lockscreen security (PIN/Pattern/Password) before creating your backup, and you cannot get into your OS after restoring, you can do the following to fix the issue.
Boot into TWRP
Use the TWRP File Manager and Navigate to /data/sytem/ and delete the following files:
locksettings.db
locksettings.db-shm
locksettings.db-wal.
gatekeeper.password.key
gatekeeper.pattern.key
You may or may not have all the above files so delete the ones you have.
Reboot the phone and (if you've set a PIN) enter it to decrypt the storage one more time. After that you can simply unlock your phone with a swipe.
Upon Boot > Go into Settings > Security > set your preferred unlock method
Android will ask you if you want to set a boot-time code too so select as per convenience.
Making an EFS BackupAll too often, we've seen folks who have a corrupted or missing EFS Partition. This results in your IMEI being lost and no cellular activity on the device at all. This can be a royal PITA to fix, and some folks haven't been able to fix it at all. You can take a precautionary measure to safeguard yourself against this by taking a couple of minutes to back up your modemst files.
Download & Open up Terminal Emulator on your phone from here
Once it's open you'll be greeted with a command line prompt, in which you can enter text commands, the first thing you need to do is enable root access by entering this line (press the enter key on your on-screen keyboard after each command to issue it):
Code:
su
If this is the first time you've used Terminal Emulator a Superuser or SuperSU popup will appear, make sure you grant root access.
Now enter these two commands:
Code:
dd if=/dev/block/sdf1 of=/sdcard/modemst1.bin bs=512
Code:
dd if=/dev/block/sdf2 of=/sdcard/modemst2.bin bs=512
This will place two files (modemst1.bin & modemst2.bin) on your internal storage.
Make sure you copy them to your PC and Cloud immediately so that you have a backup there to use if you need to restore it in future.
That's it !! In case you ever need to restore Nanroid or EFS Backups, please continue and follow the next post...
Restoring an EFS BackupIf by chance you end up with a corrupt EFS partition all you need to do is flash the files back to your device using fastboot.
Boot into fastboot mode (power + volume up) and connect your phone to your PC via usb cable.
Keep modemst1.bin and modemst2.bin (backed up earlier) on your desktop and open command window there.
These fastboot commands will restore the files:
Code:
fastboot flash modemst1 modemst1.bin
Code:
fastboot flash modemst2 modemst2.bin
Reboot your device.
Code:
fastboot reboot
Now disconnect phone from PC. Your IMEI should be back.
That's it for this guide, Enjoy :highfive:
Thank you for your support !!
First OTA 4.5.1
Theoretically unlocking the bootloader and flashing TWRP should be identical to the OnePlus 3/3T and previous devices, i.e. just like a Nexus (R.I.P.).
jmazzamj said:
Theoretically unlocking the bootloader and flashing TWRP should be identical to the OnePlus 3/3T and previous devices, i.e. just like a Nexus (R.I.P.).
Click to expand...
Click to collapse
Indeed its similar. Just making it clear for the new users here in one thread so there is no confusion.
Funk Wizard said:
Indeed its similar. Just making it clear for the new users here in one thread so there is no confusion.
Click to expand...
Click to collapse
Thank you for this! I'm going to get this device as soon as it's back in stock. It will be my first ever OnePlus device (coming from a Pixel XL). I'll still be using that but the dev support seems to be the highest with these devices.
Definitely going to use this guide to get all setup, so thanks again!
Just wondering though, I've never dealt with this dm-verity thing, what is this exactly?
Also, the day I decide to sell this phone for the next generation OnePlus (6), is it relatively simple to get back to stock and relock the bootloader?
Sorry for all the questions, just want to be thorough before doing all of this and potentially bricking my new device lol
Thank you!
Link to TWRP?
Sent from my OnePlus 3T using XDA Labs
rickysidhu_ said:
Thank you for this! I'm going to get this device as soon as it's back in stock. It will be my first ever OnePlus device (coming from a Pixel XL). I'll still be using that but the dev support seems to be the highest with these devices.
Definitely going to use this guide to get all setup, so thanks again!
Just wondering though, I've never dealt with this dm-verity thing, what is this exactly?
Also, the day I decide to sell this phone for the next generation OnePlus (6), is it relatively simple to get back to stock and relock the bootloader?
Sorry for all the questions, just want to be thorough before doing all of this and potentially bricking my new device lol
Click to expand...
Click to collapse
First of all Welcome to the Oneplus Community Buddy, hope your get the device soon, i am also waiting for my unit likewise :fingers-crossed:
DM Verity is just another screen warning just like the secure boot screen, which depicts an unlocked bootloader and a modified recovery, it can be taken care off easily and even if you dont it wont harm in any way just take some addition 5 to 7 seconds on boot. I am here to help so it will be taken care off.
Also its easy to get back to stock as all full zips and both TWRP and Stock Recovery Flashable so just a process of 5 minutes to be precise once you have the required downloads and once stock bootloader can also be locked again via fastboot command.
If you just follow the steps on the guide, everything will be fine. Just wait for the official TWRP source to be released, should not be long though.
Thanks again for supporting Oneplus and Welcome to the Community :highfive:
MrMeeseeks said:
Link to TWRP?
Sent from my OnePlus 3T using XDA Labs
Click to expand...
Click to collapse
Will update when released, waiting for the official maintainer to be assigned, or if someone can build an unofficial build to begin with :fingers-crossed:
Funk Wizard said:
Thread Under Construction...
Waiting for hands on experience with the device !!
Click to expand...
Click to collapse
So fast?
You guys are the best!
Hey, many thanks for the guide.
I will be coming from an LG G6.
Question: since there is no external SD card, if we place SuperSU, DM-Verify etc on our internal memory...when we unlock the bootloader will the phone also wipe the internal sd memory??
First, thanks to @Uzephi and @41rw4lk for helping me to use/recover my phone. Please, read and do not underestimate the guides: our phone is tricky! We have two system partitions (slot a and b) to allow stock updates on-the-fly. This complicates the normal flashing process and if you do not follow the steps, you may bootloop. Use these guides at your own risk!
Reading this page is a good beginning to understanding the A/B partitioning scheme and how Motorola Z2 Force works:
1) Our phone has A/B partitioning, so flashing Magisk/XPosed is different
2) It does not support Project Treble (faster stock updates)
3) It does not a recovery partition, so flashing TWRP is different
Note also that the RSD Lite from Motorola has issues with Windows 10 and you’ll need to manual flash firmware if you bootloop (see Process E below). Other way is directly flashing from Qualcomm EDL mode (Emergency Download Mode) from which users can perform various tasks like unbricking, unlock bootloader, and installation of any custom ROMs.
Right now, this guide has 5 parts (maybe we can dual boot our phone in the future). If you just want to use a rooted stock ROM, please, search for other guides here on xda. These guides were written (and tested) using a Motorola Z2 Force XT1789-05 phone (Brazil), although most of it should work for other variants if you download and use proper firmware files for these other phones. For other models, better if you follow Uzephi’s guide.
A. Opening bootloader
B. Preparing the phone to move into custom ROMs (AOSP) + TWRP recovery
C. Flashing a custom AOSP ROM + rooting
D. Dirty flashing AOSP ROM updates
E. Recovering from bricks or returning to stock
F. Oreo ROM features comparison table
If you want to move your Motorola Z2 Force to Project Treble ROMs, please, check this guide.
Here is a list of the ROMs that are waiting for you.
A. Opening bootloader
With enough battery in your phone (80%), you can follow the Motorola official guide which steps are:
1. Backup everything you need. Your phone will be reseted including the internal sdcard.
2. Into the phone, enable the Developer Options clicking 7 times over the version (About section in the Settings). Go to Developer Options, click the OEM unlock option to enable it. Also enable USB debugging.
3. Install the Motorola drivers in your computer, but (in my personal experience) not the Android SDK suggested in the official guide. Instead, extract these adb/fastboot files in a blank folder of your computer.
3.1) Do not use other adb/fastboot binaries: I cannot guarantee they will work.
3.2) You need to use a USB 2.0 port of your computer. Some users report that USB 3.0 will also work.
4. Open a command line window in the adb/fastboot folder (step 3), reboot the phone into the bootloader (see adb command below or press power + volume down buttons). Plug the phone on computer (see 3.2 above). Test the connection and run the command to get the code for unlocking:
Code:
adb reboot bootloader
fastboot devices
fastboot oem get_unlock_data
You’ll get:
Code:
(bootloader) Unlock data:
(bootloader) <code 1>
(bootloader) <code 2>
(bootloader) <code 3>
(bootloader) <code 4>
(bootloader) <code 5>
5. You’ll need to join 5 codes and, after logging into your own Motorola account, check by clicking the button “Can my device be unlocked” (step 6) by Motorola here. Read the text: your warranty will be void if you go ahead. Consider if you have enough knowledge, time and money to deal with a troublesome (or bricked) device. Although, it’s not that easy to hard brick this phone (see process E below).
Code:
<code 1><code 2><code 3><code 4><code 5>
6. You’ll receive back an email with the code to unlock your bootloader (if it is available for your model). Then you’ll run the following command:
Code:
fastboot oem unlock <code 1><code 2><code 3><code 4><code 5>
7. You’ll receive a warning that all your data would be erased (see step 1 above) and need to re-run the same command to confirm. At this point, your bootloader should be unlocked. As an Android restriction, each time you boot the phone you’ll see a warning. Do nothing, wait for 5 seconds and the phone boots normally. Some users bother with this warning and try to get rid of it.
B. Preparing the phone to move into custom ROMs (AOSP) + TWRP recovery
Requirements: unlocked bootloader (see guide A) and no security lock: disable PIN, gestures and fingerprinting (because TWRP cannot read the locked/cryptographed data of the phone). Enough battery in your phone (80%).
If you do not prepare your phone to custom ROMs and if you do not have both bootloaders of the phone in the same Android version of the ROM you’ll flash, you’ll hard brick the phone and lose also the access to the bootloader! You’ve been warned: follow the guide!
Note: if you hard brick, I suggest you be prepared to follow the Unbrick Qualcomm mobiles with Step-by-step guide or the Unbrick All Qualcomm Snapdragon’s from Qualcomm HS-USB QDLoader 9008 guide, but I never tested them myself. You can also use Qualcomm Flash Image Loader (QFIL) tool.
1. Backup everything you need. Your phone will be reset including the internal sdcard.
2. Into the phone, enable the Developer Options clicking 7 times over the version (About section in the Settings). Go to Developer Options and enable USB debugging.
3. Install the Motorola drivers and the adb/fastboot files.
3.1) do not use other adb/fastboot binaries: we cannot guarantee they will work.
3.2) you need to use a USB 2.0 port of your computer. Some users report that USB 3.0 will also work.
4. Download the firmware of the same Android major version of the future ROM you’ll install (Oreo for Oreo ROMs, for instance). When (and if) we move to Android P, most probably we will need to follow this guide again.
- Retail (XT1789-05) (Europe/Brazil).
- Other models (branded): ATT, Sprint, T-Mobile (TMO), USC, Verizon.
- Note: NPXS26 versions stand for Nougat and OPXS27 for Oreo. You do not need Nougat versions for anything.
5. Extract the zip contents to a blank folder in your computer.
6. Download the FlashAll_XT1789-05.zip file, extract the content and move all files to the same firmware folder (step 5 above). Be sure to overwrite any file (if needed).
7. Run the Preparation.bat file there to generate the flashfile.bat file that will send the commands to the phone. Credits: the original preparation files were from RootJunky (can be downloaded here) and include more options that we do not need for our purpose here. Also, it includes adb/fastboot binaries that could not work with our phone.
8. Reboot the phone into the bootloader (see adb command below or power + volume down buttons). Open a command line window in the firmware folder (step 5 above), test the connection and execute the flashfile.bat file generated on step 7.
Code:
adb devices
adb reboot bootloader
fastboot devices
flashfile.bat
Never ever unplug the device from the USB 2.0 port while flashing the firmware. This could cause a hard brick and your device will be dead.
9. There is a pause at the end. You should review if everything went fine (or even click on the menu of the command line window, select all and copy&paste the contents in a .txt file for further help/revision).
10. Reboot your phone into the system (ROM) and do a quick configuration (remember that everything will be deleted when you install TWRP further…).
11. Into the phone, enable the Developer Options clicking 7 times over the version (About section in the settings). Go to Developer Options and enable USB debugging.
12. Download both the .img and .zip file of the TWRP recovery from the official site. It's the same file for all models/variants of Z2 Force phone. Put the files into our firmware folder (step 5 above). Copy the .zip file to the phone internal card. Note: versions older than 3.2.2-2 does not support PIN/Password/Fingerprint, so disable them before proceed. Most probably, ROMs before July 20th, 2018 cannot be flashed in older TWRP.
13. Now boot (not flash) the TWRP .img file using a command line window in the same firmware folder (step 5 above):
Code:
adb devices
adb reboot bootloader
fastboot devices
fastboot boot <TWRP file name>.img
14. Only now that you’re inside TWRP temporarily flash the TWRP .zip file you’ve saved into the phone (step 12 above).
15. Reboot into TWRP (use the main reboot menu in TWRP).
16. Now, you should reboot again into bootloader: inside TWRP, go to Reboot menu and choose Bootloader.
17. Now you will wipe all user data via bootloader. This is necessary to use an AOSP ROM when you come from stock. Using a command line window in the same firmware folder of your computer (step 5 above), run the following commands:
Code:
fastboot devices
fastboot -w
18. Now you can reboot the phone into System using the buttons volume up/down to navigate and confirming with the Power button. You’ll be with stock ROM and TWRP. If you want to move to a custom AOSP ROM, do a quick configuration: into the phone, enable the Developer Options clicking 7 times over the version (About section in the settings). Go to Developer Options and enable USB debugging and go to the proper guide (Process C).
C. Flashing a custom AOSP ROM + rooting
1. Requirements:
1.1 Motorola drivers.
1.2 Our custom adb/fastboot files (others may not work!).
1.3 USB debugging enabled into the Developer Options.
1.4 If you're using TWRP older than 3.2.2-2, disable disable PIN/gestures/fingerprinting. Also, most probably, ROMs after July 20th, 2018 cannot be flashed in older TWRP.
1.5 An USB 2.0 port of your computer (some users report that USB 3.0 will also work).
1.6 Two Oreo bootloaders (process B above).
1.7 Permanent TWRP
1.8 Enough battery in your phone (80%).
2. Download the AOSP ROM you want and move the .zip files to the phone. Right now, we have:
2.1 Dirty Unicorns: no need for Gapps. Official and Weeklies can be dirty flashed interchangeably. RC has a different signature. Support on Google+ page. More about DU kernel.
2.2 Lineage OS 15.1. MindTheGapps needed. OpenGapps not compatible yet. XDA thread.
2.3 Mokee: Gapps needed. Take care: online guides assume that you already have an AOSP ROM, TWRP and rooted device.
Deprecated (?)
2.4 AOSiP: no need for Gapps. XDA thread.
2.5 Invictrix. Gapps are built in. XDA thread
3. Choose the root method and download the .zip files: Magisk (suggested) or LineageOS SU Addon. Move the .zip files to phone. Note: if you bootloop on Magisk, most probably you’re flashing a wrong/different version of Magisk or you did not reboot between flashing ROM/Gapps and Magisk. Note: SuperSu is deprecated.
4. Reboot into TWRP:
Code:
adb reboot recovery
Then flash the ROM. It will be flashed in two steps only in the “other” slot. We have two slots, A and B. Our phone can be upgraded on-the-fly because the update is always applied to the slot not booted, the “other” slot. Then, immediately, flash the .zip TWRP or you will lose it.
5. Go to Reboot menu of TWRP and reboot into bootloader. Then, in the folder with adb/fastboot binaries (see 1.2 above), you need to wipe data (including sdcard) with the following commands:
Code:
fastboot devices
fastboot -w
6. Now you need to reboot the phone into System using the buttons volume up/down and confirming with the Power button (or typing fastboot reboot into the command line windows). You’ll be with an AOSP ROM and TWRP.
7. Once into the phone, enable the Developer Options clicking 7 times over the version (About section in the settings). Go to Developer Options and enable USB debugging if you intend to dirty flash ROM updates.
8. Reboot into TWRP again, flash Magisk (your settings and modules will be preserved). Note: if you bootloop on Magisk, remember it is mandatory to reboot between ROM flash (step 4 above) and GApps/Addon flash due to verity/slot-swap logic.
9. A good place to read what is not working is in the section known problems of LineageOS.
D. Dirty flashing AOSP ROM updates
1. If you follow all the processes above, you can dirty flash updates because you have:
1.1 Motorola drivers installed.
1.2 Specific adb/fastboot files for our phone and an USB 2.0 port in a Windows computer (some users report that USB 3.0 will also work).
1.3 Unlocked bootloaders (Process A above).
1.4 Permanent TWRP running and TWRP .zip file placed inside your phone and ready to be flashed again.
1.5 An AOSP ROM already running.
1.6 Developer Options and USB debugging enabled.
1.7 If you're using TWRP older than 3.2.2-2, disable disable PIN/gestures/fingerprinting. Also, most probably, ROMs after July 20th, 2018 cannot be flashed in older TWRP.
1.8 Enough battery in your phone (80%)
2. Download your ROM .zip update, copy it into the phone sdcard and reboot your phone into TWRP. See download links here.
3. Within TWRP you should flash (install) things in the following order:
3.1 ROM update .zip file. Remember that, at this time, the update will be flashed int the other slot and inside phone you’ll have both the system before update (in the booted slot) and updated ROM in the other slot.
3.2 TWRP .zip file (step 1.4 above) once again (do not skip this step or you’ll bootloop!).
4. Reboot to System: if you skip this step, you’ll bootloop.
5. Reboot into TWRP again, flash Magisk (your settings and modules will be preserved) or LineageOS SU Addon .zip file. Note: if you bootloop on Magisk, most probably you’re flashing a wrong/different version of Magisk. I suggest v16.0 and, after you got rooted with 16.0, you can update. It is mandatory to reboot between ROM flash (step 4 above) and GApps/Addon flash due to verity/slot-swap logic.
Note: SuperSu is deprecated.
6. Wipe Dalvik/ART cache: go to Wipe menu of TWRP > Advanced Wipe > Dalvik/ART Cache only.
7. Reboot your phone into System (ROM) will use the “other” slot, the one with the updated ROM.
8. You can use XPosed installer app (and reboot).
9. Now you can add your PIN, fingerprint, gestures back until next flashing.
E. Recovering from soft bricks or returning to Stock
If you’re reading this is because you already unlock your bootloader (see guide A) and anything went wrong, but you still can boot your phone into bootloader. Plug your phone and get enough battery (even if you do not see any charging signal).
1. Install the Motorola drivers and the specific adb/fastboot files for our phone. Remember, follow the rules because our device is tricky!
1.1) Do not use other adb/fastboot binaries: we cannot guarantee they will work.
1.2) You need to use a USB 2.0 port of your computer (some users report that USB 3.0 will also work).
2. Download the latest firmware for your model:
- Retail (XT1789-05) (Europe/Brazil).
- Other models (branded): ATT, Sprint, T-Mobile (TMO), USC, Verizon.
- Note: NPXS26 versions stand for Nougat and OPXS27 for Oreo. You do not need Nougat versions for anything.
3. Extract the zip contents to a blank folder in your computer.
4. Download the FlashAll_XT1789-05.zip file (it should work for other Motorola Z2 Force models as well), extract the content and move all files to the same firmware folder (step 2 above). Be sure to overwrite any file (if needed).
5. Run the Preparation.bat file there to generate the flashfile.bat file that will send the commands to the phone. Credits: the original preparation files were from RootJunky (can be downloaded here) and include more options that we do not need for our purpose here. Also, it includes adb/fastboot binaries that could not work with our phone.
6. Reboot the phone into the bootloader (see adb command below or power + volume down). Open a command line window in the firmware folder (step 5 above), test the connection and execute the flashfile.bat file generated on step 5.
Code:
adb reboot bootloader
fastboot devices
flashfile.bat
Never ever unplug the device from the USB 2.0 port while flashing the firmware. This could cause a hard brick and your device will be dead.
7. There is a pause at the end. You should review if everything went fine (or even click on the menu of the command line window, select all and copy&paste the contents in a .txt file for further help/revision).
8. Reboot your phone into system (ROM) and do not forget, later, to enable the Developer Options and USB debugging again.
Note: if you hard brick, I suggest you be prepared to follow the Unbrick Qualcomm mobiles with Step-by-step guide or the Unbrick All Qualcomm Snapdragon’s from Qualcomm HS-USB QDLoader 9008 guide, but I never tested them myself. You can also use Qualcomm Flash Image Loader (QFIL) tool. Maybe these Latest 2017 Qualcomm Diag QD-Loader Windows 10 Drivers signed will help you.
F. Oreo ROM features comparison
This is a table for Oreo ROM features comparison for Motorola Z2 Force - nash.
I would like to receive feedback and updates from the users, as I can't keep changing from one ROM to another and they get new features, updates, improvements, etc.
I consider Lineage OS 15.1 our stock ROM regarding to customization. So, it's not listed there.
Legend:
Code:
X = Feature present
XX = ROM excels in this particular feature (in my opinion).
If you want to move your Motorola Z2 Force to Project Treble ROMs, please, check this guide.
Here is a list of the ROMs that are waiting for you.
I came back to stock ROM. the problem is that it gets stuck in the initial configurations of the android trying to find a wifi network, to continue the configuration, without success, because I see in fastboot that the baseband is unknown, and I also can not install any rom, or recovery image because I have the following message in fastboot: FLASHING_LOCKED. and since I can not get past the initial android settings, I also can not unlock the developer options to enable OEM unlocking. now I'm standing in a rom that does not leave the initial configuration, it does not connect to any network and a fastboot that does not let me install anything. and I also tried the recovery mode and even tried to install an update via sideload, without success. I do not know what else to do if you can give me a light.
renanjones said:
I came back to stock ROM. the problem is that it gets stuck in the initial configurations of the android trying to find a wifi network, to continue the configuration, without success, because I see in fastboot that the baseband is unknown, and I also can not install any rom, or recovery image because I have the following message in fastboot: FLASHING_LOCKED. and since I can not get past the initial android settings, I also can not unlock the developer options to enable OEM unlocking. now I'm standing in a rom that does not leave the initial configuration, it does not connect to any network and a fastboot that does not let me install anything. and I also tried the recovery mode and even tried to install an update via sideload, without success. I do not know what else to do if you can give me a light.
Click to expand...
Click to collapse
I see two possible scenarios:
1. Your bootloader is locked (yet) (see guide A).
2. Your in a "false locked" situation that, maybe, could be solved by resetting data via recovery or in bootloader (with the command: fastboot -w).
Great tutorial, but I did not get 4g in any of the roms, only 3g
Gutto said:
Great tutorial, but I did not get 4g in any of the roms, only 3g
Click to expand...
Click to collapse
I got 4G in any ROM... AOSIP, DU or Invictrix...
Are you using a branded (carrier) phone? If not, maybe you should return to stock (to recover any changes on partitions).
Technical said:
I got 4G in any ROM... AOSIP, DU or Invictrix...
Are you using a branded (carrier) phone? If not, maybe you should return to stock (to recover any changes on partitions).
Click to expand...
Click to collapse
My cell phone and Sprint, I did every process that you indicated, but not 4G
So I followed the instructions as noted, as soon as I got to the root installation part, it started throwing a "cannot mount /system" error. I thought a reboot would solve the issue, but now I think I'm bricked. Can't boot into anything, all I can do is plug my phone in and listen to it keep disconnecting every 10 seconds or so. The phone had booted up fine prior to starting the installation process, and I don't see how just a bad ROM install is preventing me from getting into either bootloader or recovery. Any advice?
For clarity, i'm unable to use QBOOT to do anything since after it hits the "powered on" state I'm assuming it's in, it just resets and does the same thing over and over again
shalpp said:
So I followed the instructions as noted, as soon as I got to the root installation part, it started throwing a "cannot mount /system" error. I thought a reboot would solve the issue, but now I think I'm bricked. Can't boot into anything, all I can do is plug my phone in and listen to it keep disconnecting every 10 seconds or so. The phone had booted up fine prior to starting the installation process, and I don't see how just a bad ROM install is preventing me from getting into either bootloader or recovery. Any advice?
For clarity, i'm unable to use QBOOT to do anything since after it hits the "powered on" state I'm assuming it's in, it just resets and does the same thing over and over again
Click to expand...
Click to collapse
Have you tried holding vol dwn + pwr btn to force it into bootloader mode? If you can get there, then you can use the keys to get to recovery and try a factory reset. If that don't work, go back to bootloader mode and try flashing back to stock. Might double check that the battery has plenty of charge.
41rw4lk said:
Have you tried holding vol dwn + pwr btn to force it into bootloader mode? If you can get there, then you can use the keys to get to recovery and try a factory reset. If that don't work, go back to bootloader mode and try flashing back to stock. Might double check that the battery has plenty of charge.
Click to expand...
Click to collapse
I'm unable to get the phone out of qboot (or whatever it's called). I've tried using a blank-flash but all that happens is device restarts as made evident by the "device disconnect" sound playing every few seconds. The phone had around 80% when I started the process. Should I just let it die and try loading into BL after a few hours of this thing power cycling itself?
shalpp said:
I'm unable to get the phone out of qboot (or whatever it's called). I've tried using a blank-flash but all that happens is device restarts as made evident by the "device disconnect" sound playing every few seconds. The phone had around 80% when I started the process. Should I just let it die and try loading into BL after a few hours of this thing power cycling itself?
Click to expand...
Click to collapse
It's weird that it is power cycling like that. Have you tired unplugging the phone and booting? Whether it's recovery, bootloader, qboot; you need to get to one place or the other if possible because power cycling won't allow you to do anything. If you can get a stable boot in any mode I would suggest moving your cable to another port so any corruptions aren't a factor anymore. I don't think a drain will resolve anything, but I've never heard anyone mention power cycling like that.
41rw4lk said:
It's weird that it is power cycling like that. Have you tired unplugging the phone and booting? Whether it's recovery, bootloader, qboot; you need to get to one place or the other if possible because power cycling won't allow you to do anything. If you can get a stable boot in any mode I would suggest moving your cable to another port so any corruptions aren't a factor anymore. I don't think a drain will resolve anything, but I've never heard anyone mention power cycling like that.
Click to expand...
Click to collapse
Power cycling is just an assumption since regardless of whatever port its in it keeps an endless loop of connect, disconnect". Basically after rebooting the device after attempting to install the ROM is when it went black and started not doing anything other than connect, disconnect
shalpp said:
Power cycling is just an assumption since regardless of whatever port its in it keeps an endless loop of connect, disconnect". Basically after rebooting the device after attempting to install the ROM is when it went black and started not doing anything other than connect, disconnect
Click to expand...
Click to collapse
When it's trying to connect do you have a pop up on your pc showing what it sees the phone as? Does it say nash fastboot, or 9008, Z2? That might give some idea of where it's failing.
41rw4lk said:
When it's trying to connect do you have a pop up on your pc showing what it sees the phone as? Does it say nash fastboot, or 9008, Z2? That might give some idea of where it's failing.
Click to expand...
Click to collapse
It appears as Qualcomm 9008
It only starts the loop after starting a blankflash. That's about the only response I get out of the device, otherwise it does absolutely nothing, no combination of buttons do anything
Edit: Confirmed connect/disconnect on another machine with the same driver configuration
[Guide] OnePlus 6T [Fajita]: Unlock | Flash TWRP | Root | Nandroid & EFS Backup !!
[Guide] OnePlus 6T [Fajita]: Unlock Bootloader | Flash TWRP | Root | Nandroid & EFS Backup !!
This Guide will not work on the T-Mobile Carrier Locked Device as it may have the 40 Day/Fully Pay off restriction set by the carrier
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Before you start, OTA up to the latest System Update available.
Settings > System Updates > Download & Install the latest available
Thank You all for your support!!
Never Settle :fingers-crossed:
Introduction
Unlock & Rooting OnePlus 6T would give you additional benefits like you can install special apps, Flash Custom ROMs & Custom Mods, you can streamline your phone performance and many extra features. The real performance of an Android smartphone can only be unlocked once it is rooted.
Rooting this device is actually quite a simple and easy process. Before you begin, it is recommended that you at least try to understand what each part of the process will do. Although this guide will elongate each step in order to show all of the details, the method used can be broken up into 3 main steps:
1. Unlocking the Bootloader
2. Installing a Custom Recovery
3. Gaining Root Access
Each new step relies on the previous step so please follow the entire process and a basic summary of each part is described as below:
Unlocking BootloaderOpens the door to the internal memory of the device to be written on to. This allows you to flash images onto the main partitions of the phone.
Installing a Custom RecoveryA custom recovery is flashed onto the recovery partition of the device and overwrites the stock recovery that exists by default. Custom recoveries bring lots of functionality and give you the ability to perform wipes, install flashable zips, create full backups of your device (Nandroid backup), and various other features. An unlocked bootloader is needed to install a custom recovery.
Gaining Root AccessYou can gain root by either flashing via recovery a pre-rooted custom rom, or by Flashing Magisk Zip for a system less root.
After completing these steps your phone will be rooted, the phone will have a custom recovery installed and an unlocked bootloader. This, in my opinion, is the a practical and beneficial method for rooting your phone. It will give you some basic adb/fastboot knowledge, and should hopefully help you have a decent understanding of the entire process. This method will work regardless of any android version on the phone.
If you are confused by anything in this guide, I highly suggest getting it clarified being before moving on. Ask your question in this thread and I or someone else will likely answer. Also we would suggest that you read over the whole thread a few times before actually doing anything to the phone.
Setup, Preparation & Prerequisites
Basic tasks that may be referred to throughout this guide:Open Command Prompt: Press Shift + Right Click anywhere on the screen and select Open Command Window here
Enter Fastboot/Bootloader Mode: Turn the phone off. Hold volume up + power until the "fastboot" screen appears. [Alternatively, if Advanced Reboot is enabled, you can press Reboot > Bootloader from the power menu.]
Enter Recovery Mode: Turn the phone off. Hold volume down + power until the "OnePlus Logo" screen appears. [Alternatively, if Advanced Reboot is enabled, you can press Reboot -> Recovery from the power menu.]
ADB and Fastboot Drivers Installation1. Download & Update OnePlus 6T Drivers From Here
2. Download & Update Fastboot and ADB Binaries/Drivers from Here
3. Run the .exe file downloaded from above as Administrator.
4. Press 'Y' every time the installer asks for.
5. Continue Driver Installation.
Now, ADB and Fastboot have been installed on your PC and should be Working as desired.
Things To RememberShow File Extensions
Open a command prompt window and run "Control folders" (without the quotes). Go to the View tab and uncheck the "Hide extensions for known file types" option. This will help avoid confusion when renaming files.
Battery
Ensure that your phone has at least 60% battery remaining, and that your PC is plugged in and wont shut down spontaneously during the process. The procedure doesn't take very long , but its best to have enough charge in case something goes wrong.
Backup (Optional)
Unlocking the bootloader will/should completely wipe all data from the device. This includes apps, settings and even the contents of the internal sdcard (pictures, music, etc.). Copy all important files off the phone onto a PC or upload them to a cloud.
USB Debugging
On your phone go to Settings > About phone > Tap on Build number 7 times. This will enable Developer options. Now go back to Settings > Developer options > Enable USB debugging
Enable OEM Unlocking
On your phone go to Settings > Developer options. Then enable the 'OEM Unlocking' option. Also make sure that from now on, OEM unlocking option is enabled before you reboot as sometimes, it might get disabled itself.
Enable Advanced Reboot
On your phone go to Settings > Developer options > Enable the 'Advanced Reboot' option.
Unlocking Bootloader
Turn the phone off. Then boot it into fastboot mode by holding volume up + power or select reboot to bootloader if advanced reboot is activated via developer options. The phone will display "fastboot" text indicating that it has successfully entered fastboot mode.
Plug the phone into your PC, then open a command prompt window on the desktop (Shift + Right Click -> Open Command Window here) and type:
Code:
fastboot devices
This command will list the connected devices. If your phones serial number shows up you are good to go and may continue. If the phone is NOT listed this indicates that your drivers are not installed correctly. In order for you to continue you must fix your drivers so that your phone is listed under fastboot devices.
If the phone has been recognized by the command above, proceed to unlocking the bootloader with the following command:
Remember this Step will WIPE EVERYTHING off the phone so Backup all your Data
Code:
fastboot oem unlock
You would be greeted with a Unlock Bootloader Warning page, Hit the Vol button to select Yes and turn it Blue and Hit the Power Button to Execute the selection
Your device will reboot, show you a Secure boot warning, reboot into stock recovery and wipe all data. Once done, your phone will reboot into the OS.
Please continue and follow the next post to install Custom Recovery
Flashing TWRP Recovery
Downloads:
Official TWRP | TWRP Thread | Credits @mauronofrio
Root
Magisk
Wait until the phone has fully booted up into android, then adjust the following settings on the phone:
USB Debugging
On your phone go to Settings > About phone > Tap on Build number 7 times. This will enable Developer options. Now go back to Settings > Developer options > Enable USB debugging
Enable OEM Unlocking
On your phone go to Settings > Developer options. Then enable the 'OEM Unlocking' option and make sure that from now on, OEM unlocking option is enabled before you reboot. Sometimes, it might get disabled itself.
The OnePlus 6T uses the newer AB partition scheme first introduced on the Pixel 1. As such there is no recovery partition. Instead, the recovery is part of the boot image. You will temporarily boot TWRP to perform and later perform a more permanent TWRP installation.
Download all the files, place Magisk & TWRP installer zip on Device Internal Memory and TWRP img on your PC
Then boot it into fastboot/bootloader mode by holding volume up + power or selecting the reboot to bootloader via advanced reboot options.
Open a new command prompt in the same location and run the following commands:
Code:
fastboot boot twrp img name
You will temporarily boot into TWRP
Now in TWRP, tap on Install and browse to the zip and install it (the zip will probably be in /sdcard/Downloads). TWRP will now be installed to both slots. TWRP is now installed.
PS: DO NOT BOOT IN OS JUST YET & CONTINUE TO THE ROOTING POST
Gaining Root Access
This is a continued post from the above post...
1. Boot into TWRP Recovery
2. If you want to stay systemless continue without swiping right else Swipe and enable modifications.
3. Select your preferred Language, Tap “Never show this screen on boot again,” and Swipe allow modification.
4. Navigate to Install and select Magisk to root.
5. Swipe to confirm the flash
6. Reboot System
Keep in mind that the first boot after wiping the phone may take longer than usual, as the phone will need to rebuild the dalvik cache and initialize other first boot and might reboot a few times.
* MTP, known as Media Transfer Protocol, is the same way you transfer files from your PC to your device when booted into system.
Congrats! Your Device now has an unlocked bootloader, a custom recovery installed and is rooted !!
Warning: Do not flash partial update OTAs (under 1 GB) on a modified device! If you want to use partial OTAs, you must first flash a full OTA that it applies to, and then flash the partial OTA from stock recovery. Flashing partial OTAs from TWRP will either fail or soft brick your device. You can return to a usable state by flashing full zips in recovery.
Enjoy :fingers-crossed:
Making a Nandroid Backup
Warning: before you make a backup with TWRP you must remove all Lockscreen Security. If you do not do this you will not be able to unlock your device after restoring your backup (entering your pin/pattern/password will result in an "incorrect pin/pattern/password" message), you'll be forced to perform a factory reset to boot into Android.
To remove lockscreen security go to
Settings > Security > Screen Lock and set it to Swipe/None.
A Nandroid Backup is a very important thing to have before installing any custom software on your device. It's basically a backup of your stock system that you can fall back on if anything goes wrong or if you just want your stock ROM back.
You can also use Nandroid Bckup to create a backup of your favorite ROM set up exactly the way you like it. The backup you create can be easily restored using the restore tool in TWRP recovery.
To Create Nandroid Backup:
1. Boot into TWRP Recovery .
2. Go to Backup Menu and select all the listed partitions.
3. Name the Backup if needed (Optional)
4. Swipe to take Backup.
This proces should take 5 to 7 minutes depending upon the size of data.
5. Reboot System when done.
Your Nandroid will be stored in the Backup Folder inside TWRP Folder /sdcard/TWRP/BACKUPS
Restoring a Nandroid Backup
1. Boot into TWRP Recovery
2. Go to Restore Menu and select the backup you want to restore.
3. Select the partitions you want to restore.
4. Swipe to Restore. The process will take 5 to 7 minutes.
5. Reboot system once done
Note: If you happened to forget to remove lockscreen security (PIN/Pattern/Password) before creating your backup, and you cannot get into your OS after restoring, you can do the following to fix the issue.
Boot into TWRP
Use the TWRP File Manager and Navigate to /data/sytem/ and delete the following files:
locksettings.db
locksettings.db-shm
locksettings.db-wal.
gatekeeper.password.key
gatekeeper.pattern.key
You may or may not have all the above files so delete the ones you have.
Reboot the phone and (if you've set a PIN) enter it to decrypt the storage one more time. After that you can simply unlock your phone with a swipe.
Upon Boot > Go into Settings > Security > set your preferred unlock method
Android will ask you if you want to set a boot-time code too so select as per convenience.
Making an EFS BackupAll too often, we've seen folks who have a corrupted or missing EFS Partition. This results in your IMEI being lost and no cellular activity on the device at all. This can be a royal PITA to fix, and some folks haven't been able to fix it at all. You can take a precautionary measure to safeguard yourself against this by taking a couple of minutes to back up your modemst files.
Download & Open up Terminal Emulator on your phone from here
Once it's open you'll be greeted with a command line prompt, in which you can enter text commands, the first thing you need to do is enable root access by entering this line (press the enter key on your on-screen keyboard after each command to issue it):
Code:
su
If this is the first time you've used Terminal Emulator a Superuser or SuperSU popup will appear, make sure you grant root access.
Now enter these two commands:
Code:
dd if=/dev/block/sdf2 of=/sdcard/modemst1.bin bs=2048
Code:
dd if=/dev/block/sdf3 of=/sdcard/modemst2.bin bs=2048
This will place two files (modemst1.bin & modemst2.bin) on your internal storage.
Make sure you copy them to your PC and Cloud immediately so that you have a backup there to use if you need to restore it in future.
That's it !! In case you ever need to restore Nanroid or EFS Backups, please continue and follow the next post...
Restoring an EFS BackupIf by chance you end up with a corrupt EFS partition all you need to do is flash the files back to your device using fastboot.
Boot into fastboot mode (power + volume up) and connect your phone to your PC via usb cable.
Keep modemst1.bin and modemst2.bin (backed up earlier) on your desktop and open command window there.
These fastboot commands will restore the files:
Code:
fastboot flash modemst1 modemst1.bin
Code:
fastboot flash modemst2 modemst2.bin
Reboot your device.
Code:
fastboot reboot
Now disconnect phone from PC. Your IMEI should be back.
That's it for this guide, Enjoy :highfive:
Just in Case if you want to go back to stock, please follow the below to safely lock the bootloader and return to 100% Stock device:
Before you start, make sure you deactivate and uninstall all mods, magisk modules substratum overlays and any other system/build.prop mods that you may have executed/experimented with.
1. Download the latest full rom from my update thread.
2. Move the Downloaded file from the Downloads folder to the root of device internal storage.
3. Navigate to Settings > System Update > Settings > Local upgrade > Select latest OOS Full Zip
4. Flash the Full Zip
5. Upon Successful Flash > Reboot to Recovery
6. Factory Reset and Wipe internal from Recovery to Reset the device
7. Reboot To Fastboot/Bootloader Menu
8. Connect the device and execute the below command
Code:
fastboot oem lock
9. Select the Volume Button to Select Lock Bootloader and Power Button to Execute the command :good:
10. Device will Reboot and Lock the Bootloader and there would be no more secure boot prompt on the reboot to confirm :good:
Feel free to ask if you have any questions.
PS: Tested on Global Version, Please check T-Mobile thread for T-Mobile version, Thanks
I assume this is only for non TMo devices for the first 40 days. Or will this unlock them also?
This is a boilerplate thread, it will not work with T-Mobile without modifying the instructions.
jpeckinp said:
I assume this is only for non TMo devices for the first 40 days. Or will this unlock them also?
Click to expand...
Click to collapse
LLStarks said:
This is a boilerplate thread, it will not work with T-Mobile without modifying the instructions.
Click to expand...
Click to collapse
This guide will unlock all other versions which includes both Global and Chinese variants. T-Mobile Version may have the fully paid/40 days carrier restrictions.
I shall add the disclaimer on the OP for T-Mobile Users
Hey Funk Wizard,
It is also possible to unlock bootloader and stop there right? In case i would like to root and/or flash custom recovery or roms later. Im asking so that i dont have to wipe my data to unlock the bootloader, but i want to keep my phone clean in the beginning.
Thanks in advance!
Gsopx19 said:
Hey Funk Wizard,
It is also possible to unlock bootloader and stop there right? In case i would like to root and/or flash custom recovery or roms later. Im asking so that i dont have to wipe my data to unlock the bootloader, but i want to keep my phone clean in the beginning.
Thanks in advance!
Click to expand...
Click to collapse
Unlocking the bootloader wipes everything in your phone
You can better unlock the bootloader before setting up your device
And finally , yes you can unlock the bootloader first & install twrp and root whenever you want
The guide makes very limited sense as of writing, as there is no TWRP version out yet for the OP 6T ...using TWRP for the OP 6 on the OP 6T will result in a crash.
Great tutorial funk. Easy to read and follow and good on you for going into detail on the EFS backup/restore. Hopefully is saves people from a bricked device!
I'm getting my oneplus 6t tomorrow. Will root it right away.
---------- Post added at 03:49 AM ---------- Previous post was at 03:43 AM ----------
g0ne_wild said:
The guide makes very limited sense as of writing, as there is no TWRP version out yet for the OP 6T ...using TWRP for the OP 6 on the OP 6T will result in a crash.
Click to expand...
Click to collapse
Ya ur right. Blu_spark wil most probably make one once the official one gets released. His recovery is working great on oneplus 6.
Will there be a guide to root without installing TWRP? I prefer that because you can do the OTA with relative ease.
Please note, the TWRP image used IS NOT the official TWRP image.
I am not responsible for any any harm, such as bricking, or bootloops, which may happen to your device. This is what worked for me.
Warning
As stated by @beatbreakee , do not flash anything on a T-Mobile related device.
Please read beatbreakee's comment regarding this.
Warning
This has only been tested on Android 13. This guide may not work for other Android versions.
Prerequisites
Unlocked Bootloader
Magisk 25.2 Installation ZIP (see attached files)
TWRP Image (download from GDrive)
ADB and Fastboot tools are installed on your machine. Please see this guide
Android 13
Spoiler: Step 1 - Unlocking Bootloader
Step 1 - Unlocking Bootloader:
1.A - Enable OEM Unlocking:
1. Open Settings Application -> About device -> Version -> Tap on Build Number 7 times
2. Open Settings Application -> Additional Settings -> Developer Options
3. Enable OEM Unlocking
4. Enable USB Debugging
1.B - Entering Bootloader
The bootloader must be unlocked in order to flash the recovery.
Ensure the device is connected to the computer via ADB by entering the following command
Code:
adb devices
The output should be something similar to this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(note the device name on the left will not be the same)
Reboot into the bootloader by entering the following command:
Code:
adb reboot bootloader
1.C - Unlock
Once entered, enter the following command:
Code:
fastboot flashing unlock
WARNING: THIS WILL WIPE ALL DATA ON THE DEVICE
Use the volume keys to select unlocking, and then use the power button to confirm.
Once complete, enter the following command:
Code:
fastboot reboot
You will now have to go through the device setup.
Repeat steps 1.A and 1.B to enter back into the bootloader
Spoiler: Step 2 - Flashing TWRP
Step 2 - Flashing TWRP:
2.A - Entering Bootloader
Repeat steps 1.A and 1.B to re-enter the bootloader
2.B - Flashing TWRP:
Again, this IS NOT the official TWRP image. I am not responsible for any harm which this may cause to this device. That being said, it appears to be functional.
The image used is from a leak found on this XDA post
This is not a bootable image. You must flash. fastboot boot img will not work
Enter the following commands to flash the TWRP image:
Code:
fastboot flash recovery_a twrp.img
Code:
fastboot flash recovery_b twrp.img
Code:
fastboot reboot recovery
You should notice you are in TWRP.
You may need to change the language to English.
2.C - Changing TWRP Language:
1. Tap on the button on the Second column, Third Row
2. Tap on the World icon
3. Select your language
4. Tap on the button on the bottom right corner of your display.
2.D - Booting into your phone
1. Select Reboot
2. Select System
You should now have successfully booted in the system with TWRP installed as your recovery
Spoiler: Step 3 - Flashing Magisk
Step 3 - Flashing Magisk:
3.A Preparing the Device:
1. Move the Magisk-v25-2.zip to your device
2. Reboot into your recovery / TWRP
This can be done by entering the following ADB command:
Code:
adb reboot recovery
3.B - Flashing Magisk:
1. Tap Install
2. Select the Magisk-v25-2.zip
3. Swipe to flash (this may take some time)
4. Tap Reboot
5. Tap System
You should now enter the device
3.C - Installing Magisk APK
Install the Magisk APK, click here to download the APK.
Install the APK, and you should have root!
Spoiler: Fixing Data Backup [Optional]
If you encounter a createTarFork() exited with error 255, do the following:
1. Reboot into TWRP
2. Select File Manager
3. Navigate to /data
4. Copy /data/fonts into /sdcard/
5. Copy /data/nandswap into /sdcard/
6. Delete /data/fonts
7. Delete /data/nandswap
The error should now be resolved
The deleted files should not cause any issues. If any issues do occur, then promptly restore them using the backups made to /sdcard/.
Spoiler: Bypassing Safetynet [Optional]
Step - Bypassing Safetynet:
This is optional; however, highly recommend
Note, due to the nature of Safetynet, this can change at anytime and may begin failing in the future.
A - Repackaging Magisk
1. Launch Magisk Manager
2. Tap Settings Icon (Top Right Corner)
3. Tap "Hide The Magisk App"
4. Enter New Application Name
5. Click OK and wait
6. Uninstall original Magisk APK if it has persisted
B - Enable Zygisk & Deny List
1. Launch Magisk Manager
2. Tap Settings Icon (Top Right Corner)
3. Enable "Zygisk"
4. Enable "Enforce Deny List"
C - Configure Deny List
it is recommended to add any application you would like to hide from Magisk here
1. Launch Magisk Manager
2. Tap Settings Icon (Top Right Corner)
3. Tap "Configure DenyList"
4. Tap the 3 dots in the top right and select "Show System Apps"
5. Select the following applications:
~ Android System
~ Google Play Store
~ Google Play Services
~ Google Services Framework
D - Delete App Data
1. Launch Settings Application
2. Select Apps
3. Select App Management
4. Clear data for the following apps:
~ Google Play Store
~ Google Play Services
~ Google Services Framework
5. Reboot the device
E - Flash Universal Safetynet Fix
1. Download the Universal Safetynet Fix
2. Launch Magisk
3. Select Modules
4. Select "Install From Storage"
5. Select Universal Safetynet Fix
6. Wait for Flashing to complete
7. Reboot
F - Test Safetynet
1. Install YASNAC
2. Grant Super User rights
3. Select "Run Safetynet Attestation"
If both checks pass, you successfully have passed Safetynet!
PlasmaTornado said:
Please note, the TWRP image used IS NOT the official TWRP image.
I am not responsible for any any harm, such as bricking, or bootloops, which may happen to your device. This is what worked for me.
Prerequisites
Unlocked Bootloader
Magisk 25.2 Installation ZIP (see attached files)
TWRP Image (download from GDrive)
ADB and Fastboot tools are installed on your machine. Please see this guide
Step 1 - Unlocking Bootloader:
1.A - Enable OEM Unlocking:
1. Open Settings -> About -> Tap on Build Number 7 times
2. Open Developer Settings
3. Enable OEM Unlocking
4. Enable Android Debugging Bridge (ADB)
1.B - Entering Bootloader
The bootloader must be unlocked in order to flash the recovery.
Ensure the device is connected to the computer via ADB by entering the following command
Code:
adb devices
The output should be something similar to this:
View attachment 5792895
(note the device name on the left will not be the same)
Reboot into the bootloader by entering the following command:
Code:
adb reboot bootloader
1.C - Unlock
Once entered, enter the following command:
Code:
fastboot oem unlock
WARNING: THIS WILL WIPE ALL DATA ON THE DEVICE
Then finally:
Code:
fastboot reboot
You will now have to go through the device setup.
Repeat steps 1.A and 1.B to enter back into the bootloader
Step 2 - Flashing TWRP Image:
2.A - Entering Bootloader
Repeat steps 1.A and 1.B to re-enter the bootloader
2.B - Flashing TWRP:
Again, this IS NOT the official TWRP image. I am not responsible for any harm which this may cause to this device. That being said, it appears to be functional.
The image used is from a leak found on this XDA post
! It is HIGHLY recommended that you boot into the twrp.img before flashing to ensure that TWRPworks . I did not, but I recommend you do. !
To test this, enter the following command:
Code:
fastboot boot twrp.img
Enter the following commands to flash the TWRP image:
Code:
fastboot flash recovery_a twrp.image
Code:
fastboot flash recovery_b twrp.image
Code:
fastboot reboot recovery
You should notice you are in TWRP.
You may need to change the language to English.
2.C - Changing TWRP Language:
1. Tap on the button on the Second column, Third Row
2. Tap on the World icon
3. Select your language
4. Tap on the button on the bottom right corner of your display.
2.D - Booting into your phone
1. Select Reboot
2. Select System
You should now have successfully booted in the system with TWRP installed as your recovery
Step 3 - Flashing Magisk:
3.A Preparing the Device:
1. Move the Magisk-v25-2.zip to your device
2. Reboot into your recovery / TWRP
This can be done by entering the following ADB command:
Code:
adb reboot recovery
3.B - Flashing Magisk:
1. Tap Install
2. Select the Magisk-v25-2.zip
3. Swipe to flash (this may take some time)
4. Tap Reboot
You should now enter the device
3.C - Installing Magisk APK
If for some reason the Magisk Installer did not install the Magisk APK, click here to download the APK.
Install the APK, and you should have root!
Click to expand...
Click to collapse
Good post but one problem...to unlock is " fastboot flashing unlock"
Canuck Knarf said:
Good post but one problem...to unlock is " fastboot flashing unlock"
Click to expand...
Click to collapse
Of course! Thank you, used to the old way of unlocking
I wonder about any major issues with this TWRP as of now. Updating ZIP OOS13 with flashing magisk direclty is working etc.?
kouzelnik3 said:
I wonder about any major issues with this TWRP as of now. Updating ZIP OOS13 with flashing magisk direclty is working etc.?
Click to expand...
Click to collapse
Following the method created by @dladz should still work perfectly fine!
There could still be issues with this TWRP as this is not an official image.
AFAIK Switching ROM is still untested, but decryption, backups and flashing are all confirmed working, which for me makes me feel significantly more comfortable
I won't switch ROMs as there aren't any, so this is ok. I was just asking if installing official OOS updates can be done via twrp now with flashing magisk right after for example.
But I glad decryption, backups and flashing zips working fine now. This is great news!
kouzelnik3 said:
I won't switch ROMs as there aren't any, so this is ok. I was just asking if installing official OOS updates can be done via twrp now with flashing magisk right after for example.
But I glad decryption, backups and flashing zips working fine now. This is great news!
Click to expand...
Click to collapse
This has yet to be tested but I have high hopes! If anyone could confirm in the near future it would be fantastic!
PlasmaTornado said:
This has yet to be tested but I have high hopes! If anyone could confirm in the near future it would be fantastic!
Click to expand...
Click to collapse
I will try factory wipe...flash flash from 2213...to 2215...might work
Canuck Knarf said:
I will try factory wipe...flash flash from 2213...to 2215...might work
Click to expand...
Click to collapse
Fantastic news. Let us know the results!
i wouldnt advise ANYONE with an original TMOBILE device, ANY attempt to flash ANY firmware from the official builds just yet. Tmobile embedded a VERY WELL HIDDEN check into the EFS partition that only appeared in builds after 11_A.14 ... This check forcefully activates a lock triggered by the CarrierDevicePolicy.xml in the efs system... and if the Region and model does not match the original build that it came with, all of your apps will be completely disabled and there is nothing accessible but the settings button. It also disables ADB/USB debugging completely, and deauthorizes your computer from the adb wireless keys too... then it removes the USB DEBUGGING toggle from settings, followed by a persistent message that your phone is "Violating Contract Policy... Please contact after sales for support" ... Tmobile cannot remove this warning... and even them sending an UNLOCK request to your phone for APPROVED will get ignored by your phone. You can hear ringing, but cannot accept calls... hear emails but not open them,.. and you dialer is in emergency calls only!...
At this point you will think panic is the only option, but instead just Pull your sim card, and use your buttons to force reboot and enter recovery .... Then do a Format Data ,,,, followed by a reboot, but do not put your sim back in... Until you go thru the whole setup wizard, enable usb debugging, and then flash a rollback package to a fw earlier than the one i listed above, your phone will INSTANTLY lock again any time you insert ANY sim card.
Im very sure that there is a system process that can be disabled which will at least block the lockout.... but i dont have that knowledge as to which process(es) are calling it! A logcat generated about 15 screens on my computer as soon as i plugged a sim in... so that was too much for me to sift thru. This is present on both the 10 Pro and 10 T so be warned.... If you are already not using your original T-MO firmware, but you also have been loading other regions with no problem, that does not matter.... I have found an exact reference to the ORIGINAL FW build and Model # that was loaded by TMO at the factory level, in several different TXT and XML files inside the EFS part. AND my 10T and 10 Pro BOTH have been fully bricked, then formatted and flashed thru an authorized MSM Account.... Doing an ERASE ENTIRE FILE SYSTEM, thru msm, did not get rid of this file, so i doubt a twrp level wipe will do it either... MAYBE an "unlock Critical" in Fastboot, followed by a "Fastboot wipe", "DM-verity disable", and "VB-Meta erasure" MIGHT take out this crazy security system, but i know this .... if you flash an original FW using TWRP, it has protections in it to keep IT (twrp) from being overwritten, so you might find yourself in bootloop territory if you region hop.... cuz the fw might notice the changes to the partitions... For now, until someone is brave enough to challenge the Android 12 kernel and remove these trapdoors, I would just be happy you have TWRP, and wait for the person who finds and slays the Tmobile Dragon hidden in our phones! But this is truly an android 12 function that was put in place for Carrier and Manufacturer benefit ONLY. Another strike against 1+
beatbreakee said:
i wouldnt advise ANYONE with an original TMOBILE device, ANY attempt to flash ANY firmware from the official builds just yet. Tmobile embedded a VERY WELL HIDDEN check into the EFS partition that only appeared in builds after 11_A.14 ... This check forcefully activates a lock triggered by the CarrierDevicePolicy.xml in the efs system... and if the Region and model does not match the original build that it came with, all of your apps will be completely disabled and there is nothing accessible but the settings button. It also disables ADB/USB debugging completely, and deauthorizes your computer from the adb wireless keys too... then it removes the USB DEBUGGING toggle from settings, followed by a persistent message that your phone is "Violating Contract Policy... Please contact after sales for support" ... Tmobile cannot remove this warning... and even them sending an UNLOCK request to your phone for APPROVED will get ignored by your phone. You can hear ringing, but cannot accept calls... hear emails but not open them,.. and you dialer is in emergency calls only!...
At this point you will think panic is the only option, but instead just Pull your sim card, and use your buttons to force reboot and enter recovery .... Then do a Format Data ,,,, followed by a reboot, but do not put your sim back in... Until you go thru the whole setup wizard, enable usb debugging, and then flash a rollback package to a fw earlier than the one i listed above, your phone will INSTANTLY lock again any time you insert ANY sim card.
Im very sure that there is a system process that can be disabled which will at least block the lockout.... but i dont have that knowledge as to which process(es) are calling it! A logcat generated about 15 screens on my computer as soon as i plugged a sim in... so that was too much for me to sift thru. This is present on both the 10 Pro and 10 T so be warned.... If you are already not using your original T-MO firmware, but you also have been loading other regions with no problem, that does not matter.... I have found an exact reference to the ORIGINAL FW build and Model # that was loaded by TMO at the factory level, in several different TXT and XML files inside the EFS part. So this is truly an android 12 function that was put in place for Carrier benefit ONLY. Another strike against 1+
Click to expand...
Click to collapse
Absolutely despicable and such an anti-consumer technique.
This stands against everything OnePlus was. It's sad to see OnePlus turn into such an anti-developer phone
A Carrier should never have this much power over a device. It is absurd
heres a google drive link to my account if anyone wants to see a video of what you will go thru if triggered!
feel free to share or re-upload the link/video to anywhere... ppl need to know this is happening thanks to Tmobile and Oneplus collaboration. I have not seen any reference to another carrier inside any of the device policy files, and my phone was restored to a NON TMO branded build of android 12 for the 2217 NA model, so it should NOT have even recognized the TMO policies cuz i even used a new sim card after the MSM Unbrick, and it still instantly locked in less than a second of plugging it in... heres the vid
https://drive.google.com/file/d/17H6YpGrUCe1Y7PoFji4gperdpTHNX5AI/view?usp=sharing
also everyone should know, that EVERY fw on the internet no matter whether it is labeled, 2213, or 2215... 2217, as well as 2413-2419 ALL have EVERY other model's manifest built in and all of the restrictions / bloatware that each region comes with, saved into the OFP extracted files.... so there really is nothing that expressly was bricking your phones by simply flashing a different labeled FW..... the brick came from the manifest reading the region identifiers that the manifests are labeled under.... it is a file that is again picked by some random hidden check inside the TMO EFS, and as soon as your phone tries to boot the newly flashed FW, the TMO Lock is what bricks your phone, to either a bootloop state, or if you continue to force a flash by using Fastboot , you will have a non responsive phone, thanks to this stupid security issue. If unresponsive, the only way out is MSM Tool... and i can help you locate your test points if your buttons dont work.
I cannot publicly post a picture nor a description of where the test points lie inside the 10T , because i already got a cease and desist letter from BBK and i dont know if they have said anything to the mods here about posting Undisclosed hardware access points.... but ive been a member here almost 10 years, and i aint risking a ban from a tattle tale company! There are test points on the 10 t though,.. just well hidden!
The 2nd pic is of the 2217 Unpacked OFP , yet the build prop shows a 2210-2211 base in one and a 2413-2415 base in the.... with NO 2217 in either prop,or manifest file, yet when my phone was flashed back from Brick status, THIS is the FW that was used, and my phone identifies as a 2217 NA now..... can oneplus be any more clear that they have completely turned against us, by straight SHOWING US that they are being super cryptic and sneaky in something as common as the BUILD.PROP files?!?
The weird thing happened to me. I was doing "fastboot boot twrp.img" and adb gave me an error "Too many links" and the device only shows a OP logo for a half second, then turned off and then again repetatively.
Even if I turned off the device by holding power button + volume up + volume down, then turned on, same behavior happened.
Well, my fastboot was accessible so I did "fastboot boot boot.img" which worked and system booted up. But what happened, what might been wrong?
kouzelnik3 said:
The weird thing happened to me. I was doing "fastboot boot twrp.img" and adb gave me an error "Too many links" and the device only shows a OP logo for a half second, then turned off and then again repetatively.
Even if I turned off the device by holding power button + volume up + volume down, then turned on, same behavior happened.
Well, my fastboot was accessible so I did "fastboot boot boot.img" which worked and system booted up. But what happened, what might been wrong?
Click to expand...
Click to collapse
It could been...cause you might of had to many things open containing the same file...plus you might want to try the command ( fastboot flash recovery_a )....then ( fastboot flash recovery_b )
Canuck Knarf said:
It could been...cause you might of had to many things open containing the same file...plus you might want to try the command ( fastboot flash recovery_a )....then ( fastboot flash recovery_b )
Click to expand...
Click to collapse
Oh. I had opened like two or three folders containing that file, yes. But this can cause it? Wow. And I wanted to try to boot it first instead of flashing it.
kouzelnik3 said:
Oh. I had opened like two or three folders containing that file, yes. But this can cause it? Wow. And I wanted to try to boot it first instead of flashing it.
Click to expand...
Click to collapse
Yeah i hear you but I'm not sure if this a bootable version or a just install version....I will try it on mine to see if i get the same as you
Don't use command "fastboot boot twrp.img"....your phone will keep rebooting to op logo...but fastboot still works
Canuck Knarf said:
Don't use command "fastboot boot twrp.img"....your phone will keep rebooting to op logo...but fastboot still works
Click to expand...
Click to collapse
Yeah, I realised that, this happened to me. Thanks to fastboot I was able to boot into stock boot image, so nothign really happened, but hey. So if I dont want to flash it but only try it, what willl be the command? Fastboot boot recovery twrp.img?
kouzelnik3 said:
Yeah, I realised that, this happened to me. Thanks to fastboot I was able to boot into stock boot image, so nothign really happened, but hey. So if I dont want to flash it but only try it, what willl be the command? Fastboot boot recovery twrp.img?
Click to expand...
Click to collapse
It appears the image is not bootable. As stated, this is the one thing I didn't try.
I have amended the guide. Thank you