Manually patch boot.img for systemless root?

Search This thread
By:
Advanced…
M

MalikDrako

Member
Dec 15, 2016
22
3
I have a rare phone running Android 6.0 on a MT6750 with an unlocked bootloader (might be MT6750T since it is 1920x1080, but the only things I have found say MT6750)

I have been unable to get TWRP working on this phone after trying several porting guides and TWRP images. Almost all port attempts result in the boot image (logo.bin - android logo), followed by a black screen for a few seconds, then it reboots into Android.

Is it possible to manually patch the boot.img to gain root? If so, can someone point me to a guide for it? I found https://xdaforums.com/android/software-hacking/systemless-root-mediatek-t3309909 but PATH doesnt seem to be set anywhere in my boot image (grep -nrw 'boot.img-ramdisk' -e "PATH"). I tried adding "export PATH $PATH:/data/bin" or "export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin::/data/bin" to init.environ.rc with other exports, but I get a boot loop
 
S

shankar_vl

Senior Member
Mar 23, 2016
145
54
try recompile the decompiled boot.img without doing any changes and flash the compiled boot.img to see that there is no problem with respect to compilation of boot.img
 
rajeshca911

rajeshca911

Senior Member
Mar 12, 2014
123
32
Vizag
shankar_vl said:
try recompile the decompiled boot.img without doing any changes and flash the compiled boot.img to see that there is no problem with respect to compilation of boot.img
Click to expand...
Click to collapse
i decompiled and recompiled without any changes using kitchen tools and flashed back ... but its showing error.
same with recovery.img also


btw im using oppo f3 mt6750t
 
S

shankar_vl

Senior Member
Mar 23, 2016
145
54
rajeshca911 said:
i decompiled and recompiled without any changes using kitchen tools and flashed back ... but its showing error.
same with recovery.img also


btw im using oppo f3 mt6750t
Click to expand...
Click to collapse

Then its a compilation error. Its not being compiled correctly.
Btw, systemless root by supersu and magisk do a lot things like starting sudaemon, injecting supolicy changes, mounting su.img, etc. Its better to port a custom recovery and let supersu or magisk zip do all the required things to root your device.

Or if you want to be ambitious, dirty your hands with hackings, unzip these zip files and try to implement manually what is programmed there.

My suggestion is go for porting recovery from devices matching your device specs ( need not be 100%). There are several threads on this forum helping you out on this. I think chances of porting a workable custom recovery are brighter than manually compiling su compatible boot.img.
 
Last edited:
rajeshca911

rajeshca911

Senior Member
Mar 12, 2014
123
32
Vizag
There's the problem..
I did port custom recovery.
But when I flash it back to device it's showin error.

I understand that I need to dirt my hands more to get root my device

So I decided to compile revovery.. But oppO f3 source files r not available. I tried with omni Tom source. But it failed
 
Last edited:
S

shankar_vl

Senior Member
Mar 23, 2016
145
54
rajeshca911 said:
i decompiled and recompiled without any changes using kitchen tools and flashed back ... but its showing error.
same with recovery.img also


btw im using oppo f3 mt6750t
Click to expand...
Click to collapse

rajeshca911 said:
There's the problem..
I did port custom recovery.
But when I flash it back to device it's showin error.

I understand that I need to dirt my hands more to get root my device

So I decided to compile revovery.. But oppO f3 source files r not available. I tried with omni Tom source. But it failed
Click to expand...
Click to collapse

You said that even the imgs just compiled without any changes made to decompiled files are not able to boot. Then there must be something wrong with compiling. Your tools for compiling may not be correctly working.

There are carlive image kitchen tools. get them here https://xdaforums.com/android/development/tool-cika-carliv-image-kitchen-android-t3013658. They are known for flawless working.

What is more important now is that you have right tools for compiling imgs. Then you can think of further.
 
Last edited:
rajeshca911

rajeshca911

Senior Member
Mar 12, 2014
123
32
Vizag
shankar_vl said:
You said that even the imgs just compiled without any changes made to decompiled files are not able to boot. Then there must be something wrong with compiling. Your tools for compiling may not be correctly working.

There are carlive image kitchen tools. get them here https://xdaforums.com/android/development/tool-cika-carliv-image-kitchen-android-t3013658. They are known for flawless working.

What is more important now is that you have right tools for compiling imgs. Then you can think of further.
Click to expand...
Click to collapse
Thanks bro. But im using carliv kitchen tools only.
I didn't tried with other kitchen tools yet.. So i give a try other tools
 
S

shankar_vl

Senior Member
Mar 23, 2016
145
54
rajeshca911 said:
Thanks bro. But im using carliv kitchen tools only.
I didn't tried with other kitchen tools yet.. So i give a try other tools
Click to expand...
Click to collapse

no need. carliv tools are perfect. stick with them.

are you able to successfully flash imgs with sp flash tools? no matter whether you are able to boot with them.

as for porting, use twrp or any other custom recovery of SoC as yours, mt6750t and of OS version similar to yours as well.
 
Last edited:
rajeshca911

rajeshca911

Senior Member
Mar 12, 2014
123
32
Vizag
shankar_vl said:
no need. carliv tools are perfect. stick with them.

are you able to successfully flash imgs with sp flash tools? no matter whether you are able to boot with them.

as for porting, use twrp or any other custom recovery of SoC as yours, mt6750t.
Click to expand...
Click to collapse
Ok.. I stick with carliv as u suggested. And... Yes... Im able to flash img files to phone but not with sp flash tools. Im using professional tools ( uni tools from volcano) and also flashing using a cracked download tool meant for oppo devices. ( the download tool was created on base of sp flash tools only)

Then...
I just tried twrp porting only ( same soc mt6750t quitel k6000 plus i think.. Which chipset is mt6750t)
Also tried with oppo f1s twrp which chipset is mt6750.. ( not 6750t.. ) both went wrong..
seniors and xda developrs ( zackie& a guy from Indonesia unfortunately i forgot his name) also tried to. Port twrp for me. I also tried flashing their img files ..everything went not well.. There i have understood that either compiling or flashing causing error in my device
Thats y im trying to find other wayz.. There i found ur thread .& fetching useful checklist:good:
 
S

shankar_vl

Senior Member
Mar 23, 2016
145
54
rajeshca911 said:
Ok.. I stick with carliv as u suggested. And... Yes... Im able to flash img files to phone but not with sp flash tools. Im using professional tools ( uni tools from volcano) and also flashing using a cracked download tool meant for oppo devices. ( the download tool was created on base of sp flash tools only)


Then...
I just tried twrp porting only ( same soc mt6750t quitel k6000 plus i think.. Which chipset is mt6750t)
Also tried with oppo f1s twrp which chipset is mt6750.. ( not 6750t.. ) both went wrong..
seniors and xda developrs ( zackie& a guy from Indonesia unfortunately i forgot his name) also tried to. Port twrp for me. I also tried flashing their img files ..everything went not well.. There i have understood that either compiling or flashing causing error in my device
Thats y im trying to find other wayz.. There i found ur thread .& fetching useful checklist:good:
Click to expand...
Click to collapse

As you tried various flashing methods, you might have already known all the related intricasies of flashing. still I just want to mention that I presume you might have then known vcom drivers, creating scatter file with mtkdroid tools, loading scatter file and, most importantly switching off phone and plugging phone to PC just after clicking on flash button in sp flash tool.

And about the other tools of flashing you mentioned, sorry I will not be helpful.

A thing to mention regarding porting is taking care of mount points in fstab file and a similar file if any at /etc folder in ramdisk of decompiled port recovery. mount points should be same as fstab of your boot.img.

Besides, ensure kernel (Imaze) of port recovery is replaced with that of boot.img.
 
Last edited:
rajeshca911

rajeshca911

Senior Member
Mar 12, 2014
123
32
Vizag
shankar_vl said:
As you tried various flashing methods, you might have already known all the related intricasies of flashing. still I just want to mention that I presume you might have then known vcom drivers, creating scatter file with mtkdroid tools, loading scatter file and, most importantly switching off phone and plugging phone to PC just after clicking on flash button in sp flash tool.
And about the other tools of flashing you mentioned, sorry I will not be helpful.

A thing to mention regarding porting is taking care of mount points in fstab file and a similar file if any at /etc folder in ramdisk of decompiled port recovery. mount points should be same as fstab of your boot.img.

Besides, ensure kernel (Imaze) of port recovery is replaced with that of boot.img.
Click to expand...
Click to collapse

Your not helpfull??.. I don't agree with that. May be im Not in the position to catch your mind.
However.. Im not going to miss single chance to upgrade myself ( yes ofcourse from devs n seniors like u)
As you said
1) i have installed vcom drivers & fetched scatter file. ( again not from mtk droid tools) . I heard mtkdroid tools nOt fully supporting mt67xx Series. Even i tried modified mtkdroid tools developed by dev havoc.. And droid tool showed some info like cpu info.. Etc. But right hand side there was an error which saying that its usable to fetch info. . I presume the error may b causing by oppo. Own OS ( Color OS based on android 6.0).. And my last try was 2 months ago. So i dont know if there is any improvements in droid tools or not. Please privide me links if they updated/ supported 67xx series

2)yes i agree with mount points you mentioned. I was just replacing fstab file from stock to. Port. I didnt edit any. . I will check again and update u.

3) Actually im in dilemma to blame on cimpiling or flashing.. The device is not booting even i didn't modify any item after repack. I need solution for that. If that resolved... Automatically everything will b set up by themselves.. Pls share any views regarding this..
I know its difficult to u to guide until u have hands on it or personally seen d procedures & results

I may upload videos / pictures/ share Team viewer etc.. if u want to see it personally.. So.. U can better understand my problem , my flaws where i need to b improved ( onlynif u wish) however i need a mentor to guide n judge methods im following
 
S

shankar_vl

Senior Member
Mar 23, 2016
145
54
rajeshca911 said:
Your not helpfull??.. I don't agree with that. May be im Not in the position to catch your mind.
However.. Im not going to miss single chance to upgrade myself ( yes ofcourse from devs n seniors like u)
As you said
1) i have installed vcom drivers & fetched scatter file. ( again not from mtk droid tools) . I heard mtkdroid tools nOt fully supporting mt67xx Series. Even i tried modified mtkdroid tools developed by dev havoc.. And droid tool showed some info like cpu info.. Etc. But right hand side there was an error which saying that its usable to fetch info. . I presume the error may b causing by oppo. Own OS ( Color OS based on android 6.0).. And my last try was 2 months ago. So i dont know if there is any improvements in droid tools or not. Please privide me links if they updated/ supported 67xx series

2)yes i agree with mount points you mentioned. I was just replacing fstab file from stock to. Port. I didnt edit any. . I will check again and update u.

3) Actually im in dilemma to blame on cimpiling or flashing.. The device is not booting even i didn't modify any item after repack. I need solution for that. If that resolved... Automatically everything will b set up by themselves.. Pls share any views regarding this..
I know its difficult to u to guide until u have hands on it or personally seen d procedures & results

I may upload videos / pictures/ share Team viewer etc.. if u want to see it personally.. So.. U can better understand my problem , my flaws where i need to b improved ( onlynif u wish) however i need a mentor to guide n judge methods im following
Click to expand...
Click to collapse

I empathize with your frustration.

Truth is that with the devices which have not caught the fancy of developers, not having proven root methods, custom recovery, etc only, we take initiatives ourselves and learn the things the hard way which is essentially a true way learning. With popular devices having already so many developments, there is no scope for adventurism and fun as well.

Just see back what are all you gained in doing the things you did with your device for gaining root. Could it have been possible with the so called popular devices?

Now let's come to the issue. In all times of failed booting on compiled imgs, how did you restore them? flashing again stock boot and recovery imgs? and with tools you mentioned?

If you could flash stock boot and recovery with the tools you mentioned, then there is no problem with those flashing tools. Then it comes to the decompiling and recompiling of imgs.

If it could be possible, can you share here stock boot.img, and custom recovery you have selected for porting (also mention the device name, recovery pertained). Let me try.
 
Last edited:
rajeshca911

rajeshca911

Senior Member
Mar 12, 2014
123
32
Vizag
:DYup.. Bro.
What have you said all true.. during this journey i have learned so manythings like porting custom recovery , read back firmware etc and i cant forget what i have learned..:eek: so many trail and errors ;)

below link is the stock and custom recovery i tried to port

https://drive.google.com/file/d/0B6wWbhnrRZ_-V2RZQXByYjc4QVU/view?usp=drive_web

and a developer also tried to to port recovery for me .. below is the link which he modified for me
https://www.androidfilehost.com/?fid=745425885120760137

Im also enclosing stock boot.img
https://mega.nz/#!MF1ySQ4D!ku6RWfOP8QTkm75sNq_1_n-_Af0y843J0I0tiCHRa8k

My Device Details are
Manufacture : Oppo
Device name : Oppo f3
Model No : CPH1609
chipset : MT6750T , 4gb Ram , 64 Gb storage

[ I Really praying Inside ....:angel: god may give result for our endless efforts }
 
Last edited:
S

shankar_vl

Senior Member
Mar 23, 2016
145
54
@rajeshca911 can you give details for the custom recovery you have given links, like name of the device, its os ( lollipop, marshmallow, like), and chipset if possible, it pertained to.
 
rajeshca911

rajeshca911

Senior Member
Mar 12, 2014
123
32
Vizag
A

anandverma458

Member
Nov 1, 2016
31
5
rajeshca911

rajeshca911

Senior Member
Mar 12, 2014
123
32
Vizag
anandverma458 said:
I think the signature of the boot.img gets changed. Try to sign it after decompiling and recompiling by AVB patcher from here: https://xdaforums.com/android/software-hacking/signing-boot-images-android-verified-t3600606
Click to expand...
Click to collapse

Shall i sign both boot.img and recovery.img as well?? or is it enough to sign compiled recovery.img ?

---------- Post added at 07:57 AM ---------- Previous post was at 07:44 AM ----------

i generated public and private keys also signed and generated
boot_signed.img
recovery_signed.img

first i flashed both the images... result was soft brick and i had to flash original boot.img
second i flashed only signed recovery.img and same was repeated.
 
A

anandverma458

Member
Nov 1, 2016
31
5
rajeshca911 said:
Shall i sign both boot.img and recovery.img as well?? or is it enough to sign compiled recovery.img ?

---------- Post added at 07:57 AM ---------- Previous post was at 07:44 AM ----------

i generated public and private keys also signed and generated
boot_signed.img
recovery_signed.img

first i flashed both the images... result was soft brick and i had to flash original boot.img
second i flashed only signed recovery.img and same was repeated.
Click to expand...
Click to collapse

Actually, I had the same problem (I have vivo 1603). When I flashed boot.img after decompiling and recompiling,it bootlooped. I had twrp installed, so I first restored the backup of stock boot.img, and then installed the recompiled boot.img without rebooting. That worked for me

As you don't have custom recovery, I suggest that you first flash stock boot.img, and after the process completes, flash the recompiled boot.img without rebooting your device.
 
S

shankar_vl

Senior Member
Mar 23, 2016
145
54
Hey bro, I decompiled the stock boot.img to see that if 'verify' flag was preventing booting the system with other than stock recovery. Dm-verity is a recent security control for preventing booting with changed/modified kernel/system. But I could not find any such flags, but found verity_key, so I just deleted it and decompiled the boot.img. I am not sure whether it can solve your booting problem. Let's see will this now allow to boot with custom kernel. Here is the modified stock boot.img. http://www.mediafire.com/file/tc1k1ghmy76nfqd/modified_oppo_boot.img

Flash first this boot.img and then flash the custom recovery.imgs (you can try your recoveries also)

I have also ported two recovery.imgs. Both are ported from the twrps for the same device, K6000 plus. However, what I found for this k6000 plus was different in size. So I ported two twrp recovery imgs. Here are two twrp ported recoveries, one is from you have given links to and another is from what I found on this forum.
http://www.mediafire.com/file/4als7qmpwdz1iv4/oppo_port_twrpv1.img
http://www.mediafire.com/file/5xz7387at6rr0dy/oppo_port_twrpv2.img

Once again, I reiterate that first flash the modified boot.img and then try flashing the recoveries.

Best of luck
 
rajeshca911

rajeshca911

Senior Member
Mar 12, 2014
123
32
Vizag
anandverma458 said:
Actually, I had the same problem (I have vivo 1603). When I flashed boot.img after decompiling and recompiling,it bootlooped. I had twrp installed, so I first restored the backup of stock boot.img, and then installed the recompiled boot.img without rebooting. That worked for me

As you don't have custom recovery, I suggest that you first flash stock boot.img, and after the process completes, flash the recompiled boot.img without rebooting your device.
Click to expand...
Click to collapse

Bro thanks for your advice.. and i did same what you have said.. i flashed stock boot.img with out rebooting flashed recompiled boot.img the device didnt boot up.. i think culprit is something else .. that prevets booting custom images
 
You must log in or register to reply here.

Similar threads

Chainfire
  • Locked
[STABLE][2016.07.05] SuperSU v2.76 [CLOSED]
Replies
12K
Views
11M
Chainfire
Chainfire
mauam
  • Poll
[SuperSU][System-Mode][2.82 SR5]
Replies
617
Views
560K
A
AnonVendetta
Chainfire
  • Locked
[WIP][2016.01.21] Android 6.0 Marshmallow [CLOSED]
Replies
4
Views
676K
Chainfire
Chainfire
T
How to manually update su and SuperSu file through ADB root shell?
Replies
12
Views
71K
T
ThAnEb
BeansTown106
[AOSP] sepolicy patch for Marshmallow ROMs
Replies
19
Views
51K
J
Jacerany

Top Liked Posts

24 Hours All time

New posts