Bootloader unlock / Root / Custom Recoveries / GSI / ROMs / Mods

Ene

Ene

Active member
Original poster
21 Oktober 2020
105
Germany / Bavaria
ONLY PROCEED IF YOU KNOW WHAT YOU'RE DOING
DON'T ATTEMPT TO RE-LOCK THE BOOTLOADER WHEN YOU MODIFIED THE BOOT IMAGE (Flashed Magisk)
I'M NOT RESPONSIBLE FOR ANY OF YOUR ACTIONS

Bootloader unlocking Guide

Preamble

Unlocking the Bootloader is required for modifying partitions on the device. This is required for gaining root access or flashing a custom recovery/ROM.
THIS PROCESS WILL WIPE ALL YOUR DATA

Prerequisites

  • a Linux/Mac/Windows PC (this Guide is intended for Windows 10 users)
  • USB Cable
  • SDK Platform Tools
  • USB Driver
  • Fastboot Driver - those install automatically via Windows Update when the device is attached while in Fastboot mode (make sure you have internet connection and enabled "Give me updates for other Microsoft produectes when I update Windows." in the Windows Update settings.

Guide

  1. download and extract the SDK Platform Tools into a folder on your drive root (e.g. C:\adb)
  2. download and extract the USB Drivers into a folder, open it and install the drivers via right clicking on the android_winusb.inf -> install
    1624050900315.png
  3. boot up your device
  4. open the settings app
    1. go to About phone
      About phone.jpg
    2. tap on the Buildnumber 7 times
      enable dev.jpg
    3. go to System
      System.jpg
    4. go to Developer options
      access dev.jpg
    5. enable Advanced restart and OEM unlocking
      enable dev settings.jpg
  5. hold the power button to bring up the power menu, tap on Restart and choose Bootloader
    reboot.jpg
  6. navigate inside the folder you extracted the SDK Platform Tools to and bring up the cmd (click inside the navigation bar, type cmd and hit enter)
    1605915353542.png
  7. type fastboot devicesand hit enter
    • if the device shows up continue
      1704480337220.png
    • if the device doesn't show up, open the Device Manager (devmgmt.msc) and look for an not correctly recognized Device (typically labeled "Android")
      1704480444629.png
      • right click "Android" -> Update Driver Software... -> Browse my computer for driver software -> Let me pick from a list of device drivers on my computer -> Show all Devices -> Have Disk... -> Browse... -> choose the downloaded android_winusb.inf -> Android Bootloader Interface
        (pictures)

        1704480461046.png
  8. type fastboot flashing unlock and hit enter
    1605915529901.png
  9. on your device, select the "UNLOCK THE BOOTLOADER" option with the volume buttons and confirm with the power button
    1605915767210.png
  10. your device should reboot and the bootloader is unlocked

Rooting Guide

Preamble

Rooting is the method of gaining the opportunity to modify partitions (from within the userspace).
Requires an unlocked bootloader, follow "Bootloader unlocking Guide"

Prerequisites

  • The same as for the "Bootloader unlocking Guide"
  • Magsik - download it and copy it onto your device
  • a Magisk-Patched boot.img
    • get it from this post (perhaps outdated) - make sure the image is matching the OS Version! -search in this thread for different Versions
    • Patch it yourself using Magisk
      1. download the matching boot image for your OS version (latest version here)
      2. install the Magisk-v*.apk on your device
      3. Start Magisk
      4. Tap on "install"
      5. choose "Select and Patch a File" and select your downloaded boot.img
      6. Wait for patching to finish, grab the patched boot.img and proceed with the Rooting Guide

Guide

  1. install the Magisk-v*.apk on your device
  2. boot into the bootloader (by using Advanced restart / holding down the volume-lower button and power-button together)
  3. navigate inside the folder you extracted the SDK Platform Tools to, copy the Magisk-Patched boot.img into it and name it to magisk_boot.img
  4. bring up the cmd inside this folder (click inside the navigation bar, type cmd and hit enter) type fastboot flash boot magisk_boot.imgand hit enter
    1. if the process is stuck and won't display SUCCESS after about 30 Seconds, abort it in the cmd by pressing Ctrl + C and press the volume-down button on the device to select "Reboot Bootloader". Confirm buy a press on the power-button and try again.
    2. after it displayed SUCCESS you can type in fastboot reboot and hit enter
  5. your device should reboot is now rooted
    1606204690627.png

Recovery Flashing Guide

Preamble

A custom recovery expands the possibilities to manage device partitions without an installed OS.
Requires an unlocked bootloader, follow "Bootloader unlocking Guide"
STILL IN EARLY STAGES

Prerequisites

  • The same as for the "Bootloader unlocking Guide"
  • a custom Recovery
    • get it from the "Custom Recoveries" section

Guide

  1. boot into the bootloader (by using Advanced restart / holding down the volume-lower button and power-button together)
  2. navigate inside the folder you extracted the SDK Platform Tools to, copy the custom Recovery *.img into it and rename it to recovery.img
  3. bring up the cmd inside this folder (click inside the navigation bar, type cmd and hit enter) type fastboot flash recovery recovery.img (or fastboot boot recovery.imgfor using it without modifying partitions) and hit enter
    1. if the process is stuck and won't display SUCCESS after about 30 Seconds, abort it in the cmd by pressing Ctrl + C and press the volume-down button on the device to select "Reboot Bootloader". Confirm buy a press on the power-button and try again.
    2. after it displayed SUCCESS you can type in fastboot reboot recovery and hit enter
  4. your device now uses a custom Recovery

GSI (Generic System Image) Flashing Guide

Preamble

A GSI (Generic System Image) is an universal ROM which can run on every Treble enabled device. More Info

Prerequisites

  • The same as for the "Bootloader unlocking Guide"
  • The most recent Version of a LineageOS ROM ZIP
  • payload-dumper-go
  • product_gsi.img
  • a GSI Image
    • Type arm64_b
    • extracted and renamed to system.img
    • no version newer than the newest flashed LineageOS ROM because else some sensors won't work
    • I recommend this one (but it won't receive any more updates)

Guide

  1. Install the LineageOS ROM following this Guide
  2. Extract the payload.bin from the LineageOS ROM ZIP
  3. Copy the payload.bin next to the payload-dumper-go.exe and execute payload-dumper-go.exe payload.bin
  4. Copy the following extracted files into a folder:
    • boot.img
    • dtbo.img
    • recovery.img
    • vbmeta.img
    • vbmeta_system.img
    • vbmeta_vendor.img
  5. Copy the product_gsi.img and GSI system.img you want to flash into the folder as well
  6. Copy the following Code into a flash.bat (change fastboot to the path of your fastboot.exe installation)
    Code: 
    fastboot flash boot_a boot.imgfastboot flash boot_b boot.img
fastboot flash dtbo_a dtbo.img
fastboot flash dtbo_b dtbo.img
fastboot --disable-verity --disable-verification flash vbmeta_a vbmeta.img
fastboot --disable-verity --disable-verification flash vbmeta_b vbmeta.img
fastboot --disable-verity --disable-verification flash vbmeta_system_a vbmeta_system.img
fastboot --disable-verity --disable-verification flash vbmeta_system_b vbmeta_system.img
fastboot --disable-verity --disable-verification flash vbmeta_vendor_a vbmeta_vendor.img
fastboot --disable-verity --disable-verification flash vbmeta_vendor_b vbmeta_vendor.img
fastboot flash recovery recovery.img
fastboot reboot fastboot
fastboot flash product_a product_gsi.img
fastboot flash product_b product_gsi.img
fastboot flash --disable-verification system_a system.img
fastboot flash --disable-verification system_b system.img
REM fastboot flash recovery_a twrp_shift6mq.img
REM fastboot flash recovery_b twrp_shift6mq.img
fastboot format:ext4 metadata
fastboot format:f2fs userdata
fastboot --set-active=a
fastboot reboot
pause
  7. boot into the bootloader (by using Advanced restart / holding down the volume-lower button and power-button together)
  8. execute the flash.bat ⚠️ THIS WILL EARSE ALL YOUR DATA ⚠️
  9. after you have set up your device, go into settings -> Phh Treble Settings -> Qualcomm features and enable "Disable stereo support on VoIP" to fix no audio in calls
  10. execute the commands with ADB to disable HDR for videos:
    Code: 
    adb shell settings put global are_user_disabled_hdr_formats_allowed 0
adb reboot

adb shell cmd display set-user-disabled-hdr-types
adb shell cmd display set-user-disabled-hdr-types 1 2 3 4

Custom Recoveries [Discussion 💬]

GSIs

Custom ROMs

Mods

Honorable Mentions

  • 👨‍💻 Shift Staff for the Device/OS
  • 🔓 @7usr7local for the first unlocked bootloader
  • 👏 @mispecht for the first rooted device
  • 👑 @Lhotze for the extracted OS-L Bootimage
 

Anhänge

Zuletzt bearbeitet:
  • Like
  • Love
Reaktionen: Matilda, Limuxader, shivagnihotri und 12 andere
@Ene

Hi,

which version of beta testing did you choose? Guessing OS-L?

As far as I know there aren't any guides/links to unroot/recovery/rom the 6mq yet.

If you've chosen OS-G, rooting/custom rom etc is prohibited until successful Google certification (y)
 
Martin S. schrieb:
@Ene

Hi,

which version of beta testing did you choose? Guessing OS-L?

As far as I know there aren't any guides/links to unroot/recovery/rom the 6mq yet.

If you've chosen OS-G, rooting/custom rom etc is prohibited until successful Google certification (y)
Zum Vergrößern anklicken....

I'm running OS-L, because I aim to install microG anyway (which requires an unlocked bootloader...)

(btw, how big is the international community here? Shall we continue in English like most Forums do or is deutsch the go-to? 🤔)
 
  • Like
  • Love
Reaktionen: Limuxader, NoG....eFan und Martin S.
Hi @Ene,

fastboot flashing unlock worked for me (got my 6mq yesterday, Build number QQ2A.200501.001.B3 release-keys, ShiftOS version SHIFT6MQ, SOS.30.0.L.20201113, Kernel Version 4.9.206-shift #1 Fri Nov 13 13:43:46 CET 2020, Build Date Fri Nov 13 13:54:24 CET 2020)
Code: 
~ $ fastboot flashing unlock
                                                   OKAY [  0.038s]
Finished. Total time: 0.040s
~ $ fastboot --version
fastboot version 29.0.5-5949299
Installed as [...]
~ $
To know what you may have missed, we need to know more details: Was your phone in fastboot mode? Did you allow unlocking in the system settings?

Alas, myself I am stuck at the point after unlocking: How do I root the phone with neither a custom recovery nor a OTA flash image available? Or did I miss one of them?

Cheers

Edit: Corrected Kernel/Build dates - thanks to @Ene.
 
Zuletzt bearbeitet:
  • Like
Reaktionen: Martin S.
7usr7local schrieb:
Hi @Ene,

fastboot flashing unlock worked for me (got my 6mq yesterday, Build number QQ2A.200501.001.B3 release-keys, ShiftOS version SHIFT6MQ, SOS.30.0.L.20201113, Build date Nov 13th 2020 13:43:46)
Code: 
~ $ fastboot flashing unlock
                                                   OKAY [  0.038s]
Finished. Total time: 0.040s
~ $ fastboot --version
fastboot version 29.0.5-5949299
Installed as [...]
~ $
To know what you may have missed, we need to know more details: Was your phone in fastboot mode? Did you allow unlocking in the system settings?

Alas, myself I am stuck at the point after unlocking: How do I root the phone with neither a custom recovery nor a OTA flash image available? Or did I miss one of them?

Cheers
Zum Vergrößern anklicken....

Wow nice, these are good news! I unlocked about 50 different devices yet and never ran into such a problem, I have no idea what could have missed 🤔
I'll check back later this evening and provide all possible details. I used the newest fastboot (and successfully ran fastboot devices, so fastboot should be working) and enabled OEM Unlocking in the developer options tho.
And I'll try to extract the boot image from an OTA Update (https://downloads.shiftphones.com/axolotl), patch it with magisk and flash it via fastboot:
www.thecustomdroid.com

Extract Android OTA Payload.bin File using Payload Dumper Tool

Learn how to dump and extract Android OTA Payload.bin file to get the boot.img (for rooting with Magisk), vendor.img, and other other important partition images.
www.thecustomdroid.com www.thecustomdroid.com
 
  • Like
Reaktionen: Martin S.
Ene schrieb:
So, after 13 Months after preordering my 6mq it now arrived but until now I had no luck with unlocking the bootloader.
fastboot devices lists the device but fastboot oem unlock fails (FAILED (remote: 'Command not supported in default implementation')). fastboot flashing unlock also produces an error, FAILED (remote: 'Unrecognized command flashing unlock').
What am I missing? Shouldn't the "Lovephones" stay true to the product description?


Also, I haven't found any threads about a Custom Recovery for the 6mq yet, nor ROMs (which aren't possible with a locked bootloader anyways).

As of now, my 800€ device is nothing more than expensive electrical waste.

Pinging @amartinz if there is a solution in sight.

Best Regards
Zum Vergrößern anklicken....

Hi,

just wanted to add that I have the same response like @Ene and am also very interested to root the device to restore backups (Titanium backup). I have just the same OS-Version and build number as @7usr7local.

Cheers
 
Zuletzt bearbeitet:
  • Build number QQ2A.200501.001.B3 release-keys
  • ShiftOS version SHIFT6MQ, SOS.30.0.L.20201113
  • Build date Fri Nov 13 13:54:24 CET 2020
In comparison to @7usr7local, my Build date differs.
Also I use fastboot version 30.0.5-6877874 on Windows 10

EDIT:
@7usr7local probably posted the build date of his kernel, not system image because the his posted timestamp matches my kernel version. So I think it's safe to assume, that our devices software is identical.
 
Zuletzt bearbeitet:
For clarification: How to boot into fastboot? I did it over the "enhance restart menu" developer option as well as the recovery menu and adb. It only boots the userspace fastbootd, I think this device doesn't feature the old fashioned fastboot anymore?

EDIT: Seems like I was on the wrong page. You have to boot into the bootloader, not fastbootd. I tried booting into the bootloader before, but my device wasn't detected by fastboot. I now tried again and fastboot worked in the bootloader mode. I'll edit the OP accordingly.
 
Zuletzt bearbeitet:
I successfully extracted and patched the bootimage from the initial ShiftOS-3.0.G-20200721-RELEASE-axolotl.zip Update. But I can't get it flashed (flashing the original boot doesn't work either)...

>fastboot flash boot magisk_patched.img fastboot: error: Failed to identify current slot

>fastboot flash boot magisk_patched.img fastboot: error: cannot get boot partition size

I attached the image for you to try...(it also shrunk from 66Mb to 13Mb tho)

EDIT: removed the faulty boot.img
 
Zuletzt bearbeitet:
I wouldn't necessarily use system images not intended for the 6mq running OS-L..

Someone else tried something similar (Ok, he used stuff from the 6m :ROFLMAO: ) very early, I think it was even one of the first posts in the beta forum.

He soft bricked his 6mq (y) and needed "some help".
During the OS-G beta, unlocking/rooting/custom recoveries and roms were and still are prohibited, but that wouldn't irritate that user 😁
 
Zuletzt bearbeitet:
  • Like
Reaktionen: blackcat
Martin S. schrieb:
I wouldn't necessarily use system images not intended for the 6mq running OS-L..

Someone else tried something similar (Ok, he used stuff from the 6m :ROFLMAO: ) very early, I think it was even one of the first posts in the beta forum.

He soft bricked his 6mq (y) and needed "some help".
During the OS-G beta, unlocking/rooting/custom recoveries and roms were and still are prohibited, but that wouldn't irritate that user 😁
Zum Vergrößern anklicken....
I seriously doubt that the bootimage differs between the OS-G and OS-L variant.
Pinging @amartinz again, he could provide the OS-L bootimage and give advises how to flash it.
 
Zuletzt bearbeitet:
  • Like
Reaktionen: Uli und Martin S.
grüß euch,
wir haben nun auch unser 6mq bekommen,

wo bitte kann ich die ShiftOS-Light Version dafür bekommen ?

danke sagt der Wolf
 
Hallo,

bist du Google oder OS-L Vorab-Tester?
Das jeweilige Test-Betriebssystem ist schon aufgespielt (y)
Es gibt noch keine offiziellen Links/Guides zum 6mq OS-L, soweit ich weiss.
 
hi,
wir wurden als Betatester für OS-L genommen und haben ein 6mq mit Google erhalten.
eigentlich dachten wir auch das richtige sei vorinstalliert.
 
  • Wow
Reaktionen: Martin S.
vor einiger Zeit haben wir ein 5me gekauft, da konnten wir dann selbst die Lite-Version installieren.
Wir haben kein Goggleaccount auf unseren Geräten
 
Ui, dann ist da was schief gelaufen.. fragt doch einfach mal beim Support nach, vielleicht bekommt ihr die OS-L Variante gegen euere 6mq eingetauscht?
 
Ene schrieb:
I successfully extracted and patched the bootimage from the initial ShiftOS-3.0.G-20200721-RELEASE-axolotl.zip Update. But I can't get it flashed (flashing the original boot doesn't work either)...

>fastboot flash boot magisk_patched.img fastboot: error: Failed to identify current slot

>fastboot flash boot magisk_patched.img fastboot: error: cannot get boot partition size

I attached the image for you to try...(it also shrunk from 66Mb to 13Mb tho)
Zum Vergrößern anklicken....

I tried the same:
I was able to flash the patched magisk_patched.img
Bash: 
<hostname>:/<dir> # fastboot --slot a flash boot magisk_patched.img
target reported max download size of 805306368 bytes
Sending 'boot_a' (12736 KB)...
OKAY [  0.545s]
Writing 'boot_a'...
OKAY [  0.256s]
Finished. Total time: 0.808s
but after booting I could not switch on wifi ...
magisk manager showed me that magisk is installed
After that I flashed the extracted unpatched boot.img
but also with that wifi didn't work ....
Also my magisk_patched.img was much smaller than extracted unpatched boot.img

Any idea how to get back the original boot.img?
In https://downloads.shiftphones.com/axolotl are only builds for ShiftOS-G ...
 
Zuletzt bearbeitet:
  • Like
Reaktionen: Martin S.
mispecht schrieb:
I tried the same:
I was able to flash the patched magisk_patched.img
Bash: 
<hostname>:/<dir> # fastboot --slot a flash boot magisk_patched.img
target reported max download size of 805306368 bytes
Sending 'boot_a' (12736 KB)...
OKAY [  0.545s]
Writing 'boot_a'...
OKAY [  0.256s]
Finished. Total time: 0.808s
but after booting I could not switch on wifi ...
magisk manager showed me that magisk is installed
After that I flashed the extracted unpatched boot.img
but also with that wifi didn't work ....
Also my magisk_patched.img was much smaller than extracted unpatched boot.img

Any idea how to get back the original boot.img?
In https://downloads.shiftphones.com/axolotl are only builds for ShiftOS-G ...
Zum Vergrößern anklicken....

Those are great news! So it's possible to flash the boot image. Tbh, it's just my second time working with an A/B partitioned device, seems kinda tricky. I guess it didn't work for me because I didn't specify the slot I wanna flash to.
You only flashed the bootimage on Slot A, so if you can switch back to Slot B, WiFi should be working again. But the fastboot command to switch slots (--set-active=b) didn't work for me.
I would try to nail down the OTA Update Server by network traffic sniffing and hope I can pull an update image from there. But because there haven't been any updates released for OS-L yet, I'm not sure this will be successful. And also it's strange, that your WiFi still doesn't work after you flashed back the extracted boot image, I didn't thought the OS-G and OS-L kernels would differ. Maybe because the WiFi search service on the OS-G is based on GAPPS Location Services?
 
Zuletzt bearbeitet:
Hi Ene, yes I agree, direction is promising. I hope Shift will provide an image also for OS-L. I expect with that I can at least "repair" my phone and perhaps than the patch with magisk will also work ...
Do you know a way to extract boot.img from a working device?
Switch to slot B also didn't worked for me, I assume because I never applied an update slot B is empty.

With
fastboot getvar all
I get
Code: 
...
(bootloader) partition-type:boot_b:raw
(bootloader) partition-size:boot_b: 0x4000000
...
(bootloader) partition-type:boot_a:raw
(bootloader) partition-size:boot_a: 0x4000000
...
(bootloader) current-slot:a
(bootloader) has-slot:boot:yes
(bootloader) slot-retry-count:b:7
(bootloader) slot-unbootable:b:yes
(bootloader) slot-successful:b:no
(bootloader) slot-retry-count:a:7
(bootloader) slot-unbootable:a:no
(bootloader) slot-successful:a:yes
(bootloader) slot-count:2
...

It seems that B was never booted, but I can only see partition size and I don't know how to see whether there is any content in partition.
 
Ene schrieb:
I'm running OS-L, because I aim to install microG anyway (which requires an unlocked bootloader...)

(btw, how big is the international community here? Shall we continue in English like most Forums do or is deutsch the go-to? 🤔)
Zum Vergrößern anklicken....
Are you sure microG requires an unlocked bootloader? Afaik the only requirement is support for signature spoofing and I hope it is enabled in the ShiftOS-L builds already. If not well then root is required to enable signature spoofing. However the instructions for previous versions of ShiftOS-L do not mention that signature spoofing needs to be explicitly enabled.
 
  • Like
Reaktionen: Doobie
mispecht schrieb:
Do you know a way to extract boot.img from a working device?
Zum Vergrößern anklicken....

If the bootloader is unlocked there is a method you can extract phone-partitions using the emergency-flash-mode from the qualcomm-chipset.

forum.hovatek.com

How to use QFIL to backup firmware from Qualcomm Android

This is a step-by-step guide on how to use Qualcomm Flash Image Loader (QFIL) to backup or readback from Qualcomm smartphones and tablets. QPST contains this QFIL and other tools. It enables you flash
forum.hovatek.com forum.hovatek.com

but this need an qualcomm-device-specific
"firehose-programmer-file" and i think here it fails again.
Greetz
____
Wenn der Bootloader entsperrt ist, gibt es eine Methode, mit der Telefonpartitionen mithilfe des Notfall-Flash-Modus aus dem Qualcomm-Chipsatz extrahieren können.
Dies erfordert jedoch eine qualcomm-gerätespezifische
"firehose-programmer-file" und ich denke hier scheitert es wieder.
Greetz
 
Zuletzt bearbeitet:
Ene schrieb:
I successfully extracted and patched the bootimage from the initial ShiftOS-3.0.G-20200721-RELEASE-axolotl.zip Update. But I can't get it flashed (flashing the original boot doesn't work either)...
Zum Vergrößern anklicken....
mispecht schrieb:
Any idea how to get back the original boot.img?
In https://downloads.shiftphones.com/axolotl are only builds for ShiftOS-G ...
Zum Vergrößern anklicken....
You guys are either very brave or very ...

I did rooting the past, it was some time ago, but I always checked, are there instructions and all the required stuff available for my specific device?
For the L-Version everything is available is the software running on the devices shipped to the Beta testers. No instructions which may be device specific, no software, nothing to switch back in case something goes wrong.

Now you played with the new devices without a strategy if things go wrong :confused:
 
  • Like
Reaktionen: Martin S.
Du musst dich einloggen oder registrieren, um hier zu antworten.
Oben Unten