FORUMS
Remove All Ads from XDA

Amazing Temp Root for MediaTek ARMv8

835 posts
Thanks Meter: 1,030
 
By diplomatic, Senior Member on 17th April 2019, 12:51 PM
Post Reply Email Thread
18th April 2019, 10:35 AM |#11  
OP Senior Member
Thanks Meter: 1,030
 
Donate to Me
More
Quote:
Originally Posted by KevMetal

looks great ...i want to try it on a Vodafone carrier branded mtk67__ device in Spain / Europe to see what happens ...

ultimately i would want to use su to pull a copy of stock recovery to sd card / that and boot partition.img

what about after pulling stock recovery & porting twrp i flash twrp with flashfire or similar and after booting directly to recovery flash dm-verity disable .zip ...

reason being that bootloader is locked and this device is on marshmallow ...

*so my question is ...
will mounting rw on marshmallow trip dm-verity immediately and bootloop instantly or only on reboot ...if it's on reboot it would serve my purpose ..

* next question is if im running as su in shell how will I "give" escalated privileges to third party apk like flashfire for example or is it possible to disable dm-verity from root shell using commands ?

or installing mixplorer with root privileges for examle ..

Cool... let us know the results of running mtk-su on that phone, as well as the full model name so I can list it.

So you're on the right track about installing permanent root. I was pretty vague about it in the OP because it's a complex topic and it's pretty risky territory. Before trying to mod your boot image with systemless root and/or verity disabled, you have to check how restrictive your BL is. It's very possible that it can accept self-signed or unsigned images without needing to unlock. You can check this in a minesweeper fashion by flashing your stock recovery with the OEM signature removed and see if it boots. If not, Android will restore the stock recovery automatically, no harm done.

If you want to flash partitions from a root shell, you can use the dd command. FlashFire is a glorified dd flasher. For example, to flash a recovery image you would do
dd if=recovery.img of=/dev/block/platform/mtk-msdc.0/11230000.MSDC0/by-name/recovery
The exact path of the dev node varies by device. You should do more research about it if you're interested. To dump partitions, essentially do the reverse of if= and of=.

If you want, you can post your stock recovery image and I can modify it so you can test how restrictive your BL is. There's no need to jump ahead to TWRP yet.
The Following User Says Thank You to diplomatic For This Useful Post: [ View ] Gift diplomatic Ad-Free
 
 
18th April 2019, 12:33 PM |#12  
bigrammy's Avatar
Senior Member
Flag huddersfield
Thanks Meter: 2,305
 
More
Quote:
Originally Posted by diplomatic

If you want, you can post your stock recovery image and I can modify it so you can test how restrictive your BL is. There's no need to jump ahead to TWRP yet.

Most MTK's allow the boot probably due to difficulties during OTA patches indeed a lot of the OEM OTA's I have seen actually flash the recovery.img to the boot partition first then reboot do the update flash the recovery to recovery partition then reboot to recovery do the final check then reflash the boot.img back to the boot partition.
I think this is so if the OTA fails at any point they are always in recovery mode. If any of that makes sense
Some mtk fstab's I have seen even have a flag that states verify "recoveryonly" so you can flash a TWRP recovery.img to the boot and it will boot up but it will not if flashed to the recovery of course OEM's may have other ideas and implementations so caution and a way back are definitely needed.
It's definitely a game of Russian roulette with a one in six chance of you finding the loaded chamber.
Been too secure can backfire on OEM's and cost them as with the Amazon Fire Phone I brick 3 or 4 of those suckers trying to unlock it and even they could do nothing with them so they would just give me a new one and I am convinced they actually locked themselves out on that devices and that's why it never got a version update or bootloader unlock which is a shame because it was a good phone.
The Following 2 Users Say Thank You to bigrammy For This Useful Post: [ View ] Gift bigrammy Ad-Free
18th April 2019, 03:21 PM |#13  
OP Senior Member
Thanks Meter: 1,030
 
Donate to Me
More
Quote:
Originally Posted by bigrammy

Most MTK's allow the boot probably due to difficulties during OTA patches

OK, but I don't see how any of this would prevent cryptographic signature checking and enforcement at any OTA installation stage. Do you have any reason to believe that most devices that are not unlockable have support for unsigned images?
18th April 2019, 03:41 PM |#14  
bigrammy's Avatar
Senior Member
Flag huddersfield
Thanks Meter: 2,305
 
More
Quote:
Originally Posted by diplomatic

OK, but I don't see how any of this would prevent cryptographic signature checking and enforcement at any OTA installation stage. Do you have any reason to believe that most devices that are not unlockable have support for unsigned images?

Depends on oem I guess eg: Lenovo TAB2 never unlock the bootloader, Infocus Never unlocked the bootloader, All China brands various I never unlocked the bootloaders yet all rooted with custom recovery's installed although most of these were Android 6.0 so AVB used by Magisk SuperSU etc works for them.
Nokia3 I did unlock the bootloader but I beginning to think maybe I didn't need to and maybe I can test that theory soon when I get one back I loaned out.
Big brands like Sony Defo need to be unlocked but lessor brands I am not so sure about.
The Following User Says Thank You to bigrammy For This Useful Post: [ View ] Gift bigrammy Ad-Free
18th April 2019, 03:50 PM |#15  
OP Senior Member
Thanks Meter: 1,030
 
Donate to Me
More
OK, good to know, @bigrammy
18th April 2019, 04:16 PM |#16  
bigrammy's Avatar
Senior Member
Flag huddersfield
Thanks Meter: 2,305
 
More
Quote:
Originally Posted by diplomatic

OK, good to know, @bigrammy

I might try flash the boot of my Sony XA1 (bootloader locked) with a TWRP recovery over the weekend and see what happens. It just means me having to boot windows to recover it if it fails and I have not done that in 18 months or more
EDIT: Unsigned TWRP Failed to boot so now I will try with a AVB signed image and see what happens.
EDIT 2: AVB signed TWRP Failed verification check too.

PS: Never unlocked the Lumigon T3 (my daily driver) either and that was marketed a secure device it took me about 30 min's to to make a scatter file then pull the boot with SPFlashTool ported over TWRP from my Infocus pre patched the boot with Magisk flashed them back done. Again it seems AVB sig was enough for this device too but again Android 6.0.
The Following User Says Thank You to bigrammy For This Useful Post: [ View ] Gift bigrammy Ad-Free
19th April 2019, 08:23 AM |#17  
OP Senior Member
Thanks Meter: 1,030
 
Donate to Me
More
OK.... it would be interesting what happens with the Sony...

It's pretty much the same deal with the Asus Zenpad series. The Z3xxM series, based on MT8163, can be flashed without unlocking the BL. On the old Android 6 FW, you needed to have an AVB signature for it go through. On Android 7, you don't even need that. However, for the high-end MT8176-based Zenpad Z500M, they locked it down so that you'd need to unlock before installing a custom boot/recovery--OEM sig support only.

Quote:
Originally Posted by bigrammy

EDIT: Unsigned TWRP Failed to boot so now I will try with a AVB signed image and see what happens.
EDIT 2: AVB signed TWRP Failed verification check too.

LOL... I guess I'll have to stick to unlocking my Sonys before installing root.
The Following User Says Thank You to diplomatic For This Useful Post: [ View ] Gift diplomatic Ad-Free
22nd April 2019, 11:11 PM |#18  
ahhl's Avatar
Senior Member
Thanks Meter: 105
 
More
I have a question

I have been looking ways to root redmi 6a. Xiaomi have been imposing 15d grace period one any request to unlock boot loader. Very annoyed

My question is if I manage to root it and install TWRP. can I still modify the boot loader without unlocking it?

Tia


Sent from my Redmi 6A using Tapatalk
23rd April 2019, 12:13 AM |#19  
OP Senior Member
Thanks Meter: 1,030
 
Donate to Me
More
Hi, @ahhl

If you can install and boot TWRP without unlocking the bootloader, you can almost definitely install permanent root to a boot image. The question is whether the locked BL on that phone will boot an image that is unsigned or wipe out instead. This is what bigrammy and I were just talking about above. I'd love to know if mtk-su works on that phone, btw....
23rd April 2019, 01:32 AM |#20  
ahhl's Avatar
Senior Member
Thanks Meter: 105
 
More
i will try. but i am just novice😁. i read thru the conversation between you and bigrammy, only to 30% goes thru my head😅

if i manage run mtk-su, then flash twrp, if the flashing did not work, it will just reboot back using stock boot.? i do not have to worry something i need to do just like bigrammy did for 30min, just to get the phone running? as the reboot just wipe twrp? is this true?
23rd April 2019, 02:39 AM |#21  
mrmazak's Avatar
Senior Member
Thanks Meter: 1,115
 
More
Quote:
Originally Posted by ahhl

i will try. but i am just novice. i read thru the conversation between you and bigrammy, only to 30% goes thru my head

if i manage run mtk-su, then flash twrp, if the flashing did not work, it will just reboot back using stock boot.? i do not have to worry something i need to do just like bigrammy did for 30min, just to get the phone running? as the reboot just wipe twrp? is this true?

i have been on the Redmi telegram support forum since December. Unlocking bootloader is needed for getting twrp onto device. AVD is active and DM-Verity is enforced.
Once bootloader is unlocked, verity still needs to be disabled or else stock recovery gets forced back onto phone.

Also that phone has similar soc as my main device Mediatek MT6761 Helio A22 on the 6A mine has Mediatek MT6762 Helio P22

mtk-su did not work for me on testing.

15 days to wait is not really that bad. Some people have claimed 60-90 plus days wait to get unlock code.
The Following User Says Thank You to mrmazak For This Useful Post: [ View ] Gift mrmazak Ad-Free
Post Reply Subscribe to Thread

Tags
mediatek, mt67xx, root

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes