FORUMS
Remove All Ads from XDA

[Recovery][Kernel] [8.1] Install TWRP, remove encryption, get Magisk on Visible R2

85 posts
Thanks Meter: 47
 
By FEGuy, Member on 1st August 2019, 06:11 AM
Post Reply Email Thread
2nd January 2020, 04:45 PM |#111  
Junior Member
Thanks Meter: 0
 
More
When I installed the pie ota, I couldn't get to the installation of magisk because after flashing the twrp img with qfil, twrp would no longer boot with the stock pie boot image. I'm sure flashing the patched boot image would allow twrp to boot, but I was afraid of not having access to edl if both failed.
3rd January 2020, 03:55 PM |#112  
Dib Membrane's Avatar
Junior Member
Thanks Meter: 6
 
More
@rkcbernard: I see. I wonder if the Pie OTA would install smoothly if an R2 were rooted but used the stock recovery. I was going to go ahead and try just updating my non-rooted R2, but I'd forgotten that I had eventually installed TWRP on that device. And when I tried to get it to install the Pie update, it just rebooted into TWRP and sat there waiting for me to tell it what to do; rebooting afterwards confirmed the OS was still on 8.1. I tried poking around a bit (haven't tried searching exhaustively) looking for a downloaded ZIP file to manually have TWRP install, but I didn't see what I was looking for.

Anyhow, since the OTA fails to install when TWRP is in place, one thing I guess I could try would be to revert to the stock recovery on my unrooted R2, then do the OTA, then confirm whether root is still working.

As for the custom boot image being likely to work fine after installing the Pie OTA, I'm not so sure about that. @FEGuy had to cobble together the kernel of that custom boot image from the source that ZTE apparently provided incompletely despite the GNU GPL rules, with missing bits filled in from I guess the official Linux source tree or somewhere. In the OTA, I'd be surprised if the stock kernel in the boot image isn't being updated to a new version along with the jump from Android 8.1 to 9.
The Following User Says Thank You to Dib Membrane For This Useful Post: [ View ] Gift Dib Membrane Ad-Free
4th January 2020, 03:54 AM |#113  
Junior Member
Thanks Meter: 4
 
More
Logcat Snagged OTA Visible R2 9.0 Pie
I just got my Visible R2 in the mail and am excited to get things rooted I did a logcat and captured the latest OTA for 9 Pie in an attempt to help someone else who might be able to do more with it than me

Uploaded to Mega:
https: // mega .nz / #!3pgXmY7Q!tIchKoWVjqBScWBbf9m5GT-K0S9qm6-eeVQXbx3PouY
The Following 2 Users Say Thank You to snacks777 For This Useful Post: [ View ] Gift snacks777 Ad-Free
4th January 2020, 07:44 AM |#114  
Dib Membrane's Avatar
Junior Member
Thanks Meter: 6
 
More
Quote:
Originally Posted by snacks777

I just got my Visible R2 in the mail and am excited to get things rooted I did a logcat and captured the latest OTA for 9 Pie in an attempt to help someone else who might be able to do more with it than me

Uploaded to Mega:
https://mega.nz/#!3pgXmY7Q!tIchKoWVj...6-eeVQXbx3PouY

Thanks, snacks777! I'm downloading your OTA capture now. Also, I believe I'm able to post external links, so I've removed the spaces in your quoted URL above.

I didn't know logcat would be helpful for something like this. Do you just mean that you looked through logcat messages to find out what the name and location of the ZIP file were? That's a good idea. Not sure if all logcat utilities are created the same, but I just ran CatLog on my unrooted R2, and then started a new download of the Pie OTA, but no messages related to this came up in CatLog. It's feasible I'll get a message once the redownload is finished, though (on pretty slow Internet right now).

Snacks, I'd like to replicate your results with the OTA capture; could you give me a bit more guidance as to how to go about it? That way we can also see how, if at all, the capture I get differs from the one you got, and then people will know there hasn't been any tampering (assuming we're not colluding, nor sock-puppets of each other, of course ), and where any unique IDs appear, if any.

Oh, and just to confirm, your R2 came with Android 8.1 installed, yes?
The Following 2 Users Say Thank You to Dib Membrane For This Useful Post: [ View ] Gift Dib Membrane Ad-Free
4th January 2020, 08:08 AM |#115  
Junior Member
Thanks Meter: 4
 
More
Quote:
Originally Posted by Dib Membrane

Thanks, snacks777! I'm downloading your OTA capture now. Also, I believe I'm able to post external links, so I've removed the spaces in your quoted URL above.

I didn't know logcat would be helpful for something like this. Do you just mean that you looked through logcat messages to find out what the name and location of the ZIP file were? That's a good idea. Not sure if all logcat utilities are created the same, but I just ran CatLog on my unrooted R2, and then started a new download of the Pie OTA, but no messages related to this came up in CatLog. It's feasible I'll get a message once the redownload is finished, though (on pretty slow Internet right now).

Snacks, I'd like to replicate your results with the OTA capture; could you give me a bit more guidance as to how to go about it? That way we can also see how, if at all, the capture I get differs from the one you got, and then people will know there hasn't been any tampering (assuming we're not colluding, nor sock-puppets of each other, of course ), and where any unique IDs appear, if any.

Oh, and just to confirm, your R2 came with Android 8.1 installed, yes?

Thanks for fixing the spaces Happy to share yes I enabled USB debugging connected the device and ran in one terminal
Code:
adb logcat > file.log
and in a second terminal
Code:
tail -f file.log | grep ota
Connected to the internet on the device and clicked the check updates option to grab the ota url from log file. should show a link out like this to the file.
https:// imgur .com/ YpvE8vH

Not sure if its a helpful file. Yes I was on 8.1 when it came out of the box now I took it to go to 9.0 with this ota.
The Following 2 Users Say Thank You to snacks777 For This Useful Post: [ View ] Gift snacks777 Ad-Free
7th January 2020, 10:40 AM |#116  
Dib Membrane's Avatar
Junior Member
Thanks Meter: 6
 
More
Info 2 Confirmed Pie OTA hashes; case-sensitivity prevents installing from TWRP
Quote:
Originally Posted by snacks777

Code:
adb logcat > file.log
and in a second terminal
Code:
tail -f file.log | grep ota

Thanks, Snacks — I completely forgot logcat could be used that way. And makes sense that I wasn't seeing the message with the CatLog app on my unrooted R2, since without root, the adb debug privileges are necessary to see most of the messages.

Quote:

Connected to the internet on the device and clicked the check updates option to grab the ota url from log file. should show a link out like this to the file.

On my device, I had already started and paused download of the update, and unfortunately that logcat message doesn't appear when you restart an update download, nor when it completes. It probably does if you restart from scratch, but I didn't try that as my Internet is not that fast, and a 1.29 GB download takes awhile. Therefore, after some failed attempts to do a search for all files named *.zip, I just poked around on the device with the TWRP file manager until I found that the OTA had been saved as /cache/update.zip (a location you can't access from within Android if you don't have root).

I ran checksums of the update.zip file and got the same results as your 4ae51f05a63ed93282671c3667f18c15668282a3.zip:

Code:
     MD5: 3a07db094cb0e905bca405559079d165
   SHA-1: 4ae51f05a63ed93282671c3667f18c15668282a3
 SHA-256: d52009fb146517c49d7a337ea8b628882bc04b36616aa5b5122f1a87c1e87798
 SHA-512: 07c0bc767f64521ce4ba72616c93820ce9e5001cba75a10d928674e9b78506f7938720132ca01a9995eca77dfb9c9d318a67c8dab0f068660acff5d42bf84ee9
SHA3-256: 04f21f6a6171b4c1064e2e89dfcf2f78442838c9d82e99fdd88dc60a629b42b5
SHA3-512: 40c331bbe9313261386378c8a882fa648af67ba4fcd36fd1abb867a0528ef36659b5efe149437dffff3316f8da0534b5b5f1fe0043b7e3b6002bc889847a0192
So there are no unique IDs in the update ZIP, which is good.

Quote:

Not sure if its a helpful file.

Yes, definitely helpful; thanks again. Unfortunately when I rebooted into TWRP after completing the OTA redownload, it attempted to automatically install the update, but failed with this output:
Running Recovery Commands
Installing zip file '/cache/update.zip'
Checking for Digest file...
E3004: This package is for "Z5151" devices; this is a "z5151".
Updater process ended with ERROR: 7
Error installing zip file '/cache/update.zip'
Done processing script file
I extracted the update.zip contents on my PC and did a search for that error message:
% find . -type f -exec fgrep -Hn "package is for" {} \;
./META-INF/com/google/android/updater-script:1:getprop("ro.product.device") == "Z5151" || abort("E3004: This package is for "Z5151" devices; this is a "" + getprop("ro.product.device") + "".");
According to https://forum.xda-developers.com/wiki/Device_codename:
Write down the value of the ro.product.device parameter. This will be your device codename. The [codename] corresponds to the project code name of the device itself. This is almost never the sales name of the device. If you have built CM before (and again, you better have!), you should be familiar with the concept of a code name for each device. Like the vendor name, the codename is always lowercase and contains no spaces.
So, weird that the update script expects uppercase "Z5151". Just ZTE sloppiness?

It would be very easy to remove that first line from the updater-script and then re-zip everything (there doesn't seem to be any checksum that needs to be regenerated), but I'm concerned that besides the capitalization of the device codename, there might be other assumptions that don't hold when running the update under TWRP, and it might mess something up.

Seems like it would be safer to restore the original recovery partition and then let it do the update. Of course, to do that, I'd have to figure out how to properly reflash just the recovery partition without touching the other ones. Also, if TWRP fails to work after the Pie update (even when installed after the update rather than before it), not sure if it would be possible to still install Magisk somehow at that point (e.g. disguise it as an OTA update)?

Anyone have any thoughts on those two alternatives? Anyone successfully installed the Pie OTA with TWRP?

Quote:

Yes I was on 8.1 when it came out of the box now I took it to go to 9.0 with this ota.

So you've already updated your R2 to 9? Have you tried to do the TWRP and Magisk installs since doing that? Any luck?
The Following 2 Users Say Thank You to Dib Membrane For This Useful Post: [ View ] Gift Dib Membrane Ad-Free
8th January 2020, 12:13 AM |#117  
Junior Member
Thanks Meter: 4
 
More
I haven't yet I was working on that but unfortunately had issues on my Mac with the packages to run the recovery tools. But yes my current version is Android 9 now and I'm planning on seeing what I can do with it. I would be careful flashing that update with recovery as I understand it may mess up the dm-verity since it will most likely touch the boot and or recovery partition. I think only way is using the recovery tool to flash boot and recovery images. So my main goal rn is get windows or Ubuntu running on my other pc so I can hopefully get the tool working. But I need to play around a bit to see how the tools work I'm planning on doing that hopefully a evening this week.
12th January 2020, 03:19 PM |#118  
Junior Member
Thanks Meter: 0
 
More
Sorry I hope this is the right place to do this... I have the visible r2 and recently got the OTA update to Android 9 pie. when I went to go back through this process it failed and I no longer have a recovery system. Any ideas how to fix?
14th January 2020, 07:08 PM |#119  
OP Member
Flag Marquette, MI
Thanks Meter: 47
 
More
I haven't touched my R2 in a couple of months now, so I have no idea what the Pie situation is; honestly I didn't think it'd actually get released. Just finished downloading the OTA, I'll dig up the phone and start poking around. If there's no stock images uploaded I'll at least upload the stock boot and recovery images for Pie so people can recover from broken builds. If TWRP, etc. is actually broken on Pie it might take longer to track down the issue.
The Following User Says Thank You to FEGuy For This Useful Post: [ View ] Gift FEGuy Ad-Free
15th January 2020, 07:57 PM |#120  
OP Member
Flag Marquette, MI
Thanks Meter: 47
 
More
Still haven't had a lot of time to muck around, but here's what I've found:

-Seems like some actual security checking is in place; I can't get the stock recovery to boot if I've taken it apart and put it back together, much less boot TWRP.

-The update patched a bunch of partitions, including both the bootloader and secondary bootloader. Might be able to flash back to earlier versions from the B10/B12 updates to bypass verity checks, but you could just as easily brick your phone doing that. Alternatively, if the partition checking is just dm-verity in the kernel, flashing a different boot partition might be enough to get going.

-The Pie update did bring a new kernel, upgrading from 3.18.71 to 3.18.120. It also updated the boot partition to use the Pie-standard system-as-root feature; in other words, there's no ramdisk in the boot partition, and Magisk can't inject itself into the boot process in a standard way. Instead it has to be installed into the recovery partition and hijack the recovery boot process every time you want to boot into a rooted system. This is a moot point right now for two reasons - can't boot modified partitions at the moment, and there's no source code available for the updated kernel. No idea if booting the older kernel with the Pie system/vendor partitions would work or lead to stability issues, either.

At the moment, it seems like if there are no rollback protections it'd be easier just to do a full downgrade to Oreo, then install a Pie image (either a GSI or attempting to flash and boot just the system/vendor partitions from the official Pie update) and run with that, rather than doing a full upgrade and dealing with the extra protections in place.

For anyone who tried booting TWRP after the Pie update, here's the stock recovery.img. Just unpack it and flash it with QFIL/qdl - if you're not sure how to do that, just follow Step 1 in the guide in the first post, using this package instead of the TWRP zip.
The Following User Says Thank You to FEGuy For This Useful Post: [ View ] Gift FEGuy Ad-Free
15th January 2020, 08:51 PM |#121  
tarvoke's Avatar
Senior Member
Flag Slightly Outside America
Thanks Meter: 50
 
More
Quote:
Originally Posted by FEGuy

I haven't touched my R2 in a couple of months now, so I have no idea what the Pie situation is; honestly I didn't think it'd actually get released. Just finished downloading the OTA, I'll dig up the phone and start poking around. If there's no stock images uploaded I'll at least upload the stock boot and recovery images for Pie so people can recover from broken builds. If TWRP, etc. is actually broken on Pie it might take longer to track down the issue.

many thanks for the recovery zip link!

yeah, lol, I had tried the twrp image on my 1st R2 (already updated to pie/9) and was not too surprised the recovery was entirely broken, didn't exactly care too much give this is a nineteen dollar phone hahaha.
bought a 2nd R2, installed working twrp, then let it download the OTA update, just didn't allow install but copied the file. was planning to transfer to laptop and gank the recovery image out of it, but you already did thank you again

oh, for others interested -
Code:
/cache # ls -l
drwx------    2 system   system        4096 Jan  1  1970 backup
drwx------    2 system   system        4096 Jan  1  1970 backup_stage
drwxrwxrwx    2 root     root          4096 Jan  1  1970 keybox
drwxrwx---    2 root     root          4096 Jan 15 17:35 lost+found
-rw-r--r--    1 root     root          1515 Jan  1  1970 magisk.log
-rw-r--r--    1 root     root          2157 Jan 15 18:30 magisk.log.bak
drwxrwx---    2 system   cache         4096 Jan 15 19:13 recovery
drwxrwx---    2 system   system        4096 Jan 15 17:43 time
-rw-------    1 u0_a23   u0_a23   1393246069 Jan 15 19:04 update.zip
/cache # md5sum update.zip 
3a07db094cb0e905bca405559079d165  update.zip
/cache # sha1sum update.zip 
4ae51f05a63ed93282671c3667f18c15668282a3  update.zip
/cache #
EDIT: apologies, @Dib Membrane already covered the checksums lol! (huh, the MENTION tag doesn't work anymore?)
but yeah my next step will likely be messing with GSI/treble images I guess? /EDIT
Post Reply Subscribe to Thread

Tags
zte-visible-r2

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes