360 N6 Lite (QIKU): help is needed: 1)to root the device 2)to cope with AVB

Search This thread

vp1117

Senior Member
Jan 30, 2019
55
6
Device: 360 N6 Lite by QIKU, Snapdragon 630

Device is running stock ROM based on android 8.1, no mods, no tweaks, just a stock android. I've never ever messed with any system files/partitions.

Stock ROM was re-flashed a few days ago after this thread was posted - to satisfy request of some person who thought I had ROM tampered with.

I can re-flash ROM as many times as would be needed, upon request if anybody is really keen to help.

Addtional info about my device:

1. fastboot has limited functionality: it cannot flash any partiton. Therefore, if I have to flash certain partition, like booot/recovery/system I only can do it with QFIL flashing software.

2. I can patch stock boot.img by Magisk alright. However, after I flash patched boot phone goes to Red State (or bootloop if phone is connected to PC), so Magisk is not an option here. Or I'm just so stupid I do not see how to benefit from Magisk. Log of Magisk patching the stock boot is attached here.
I thought I might have a chance with superSU though.

3. bootloader is unlocked if I can trust the info below:
(bootloader) unlocked:yes
(bootloader) off-mode-charge:0
(bootloader) charger-screen-enabled:0
(bootloader) battery-soc-ok:yes
(bootloader) battery-voltage:3975
(bootloader) version-baseband:
(bootloader) version-bootloader:
(bootloader) variant:SDM EMMC
(bootloader) partition-type:cache:ext4
(bootloader) partition-size:cache: 0x1F400000
(bootloader) partition-type:userdata:ext4
(bootloader) partition-size:userdata: 0x5EBBFBE00
(bootloader) partition-type:system:ext4
(bootloader) partition-size:system: 0xE0000000
(bootloader)
secure:yes
(bootloader) serialno:********
(bootloader) product:QK1713-A01
(bootloader) max-download-size:536870912
(bootloader) kernel:uefi
(bootloader)
Verity mode: true
(bootloader) Device unlocked: true
(bootloader)
Device critical unlocked: true
(bootloader) Charger screen enabled: false


Phone is apparently not rooted as shown on attached pics. However, when I run <adb shell> command, it appears as if there is a root already installed as I see # prompt, not $.

This phone really makes me crazy. I cannot flash custom recovery, I cannot flash any partition using fastboot, I cannot flash any zip-package and I cannot figure out how to properly install SU-binary.

Any help is much appreciated!
 

Attachments

  • Screenshot_2021-05-15-16-05-24[1].png
    Screenshot_2021-05-15-16-05-24[1].png
    62.7 KB · Views: 10
  • Screenshot_2021-05-15-16-22-32[1].png
    Screenshot_2021-05-15-16-22-32[1].png
    211.4 KB · Views: 8
  • Screenshot_2021-05-15-16-31-26[1].png
    Screenshot_2021-05-15-16-31-26[1].png
    93.5 KB · Views: 10
  • boot.014.patched.23.0.txt
    4.1 KB · Views: 0
Last edited:

vp1117

Senior Member
Jan 30, 2019
55
6
Check this.
Sure. Could you please share details what exactly to be checked: files/locations/permissions/what?

Just in case:

1|QK1713:/ # ls /system/bin/su
ls: /system/bin/su: No such file or directory
1|QK1713:/ # ls /system/xbin/su
ls: /system/xbin/su: No such file or directory
1|QK1713:/ #
QK1713:/ # find /system -name "su"
QK1713:/ #
QK1713:/ # find /data -name "su"
QK1713:/ #
QK1713:/ # find /system -name "busy*"
/system/bin/busybox
QK1713:/ #
 
Last edited:

vp1117

Senior Member
Jan 30, 2019
55
6
Regarding AVB: the goal is to deactivate AVB 1.0 in order to be able to flash custom recovery (TWRP).


In Magisk log it is said 'Boot image is signed with AVB 1.0'

As mentioned here: AVB 1.0 there is no VBMETA partitions on devices with AVB 1.0. This is almost correct statement re my device. To be more precise: there is such a partition, list of partitions is attached. But VBMETA is filled with all zeroes. File mmcblk0p57 (dd-ed from device) is also attached, it consists of zeroes

Also, VBMETA partition is not supposed to be flashed when flashing stock ROM. Here's what is there in rawprogram0.xml:

Code:
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="vbmeta"  ...
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="vbmetabak" ...

So, I conclude it should be useless for me to try anything like:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img

Question is: is there any way how to deactivate AVB 1.0 so that I could flash boot.img patched by Magisk? Image of stock boot is attached herewith.

Or, almost the same question: what needs to be done with stock boot in order for my device does not reject custom recovery?
 

Attachments

  • partitions.txt
    7.9 KB · Views: 4
  • mmcblk0p57.zip
    246 bytes · Views: 1
  • boot.014.original.img.zip
    12.2 MB · Views: 2
Last edited:

Bondyuk

Member
  • Jun 29, 2010
    11
    0
    Does your QFil tool allow you to add additional options when flashing an image?

    I know you don't believe that your phone uses vbmeta, but we can't rule it out unless you can flash it properly.
    I still find it really hard to believe that they removed the ability to flash from fastboot. It makes me think it is more likely that the syntax of the command is different. That's just my gut feeling and of course I may be wrong.

    Do you know if your device uses A/B partitioning?

    What happens if you use TWRP and try:
    fastboot boot recovery.img
     

    vp1117

    Senior Member
    Jan 30, 2019
    55
    6
    Does your QFil tool allow you to add additional options when flashing an image?
    QFIL - Qualcomm Flash Image Loader. It can flash any partition I want to but it does not support command line parameters: it is ran as a separate program, not from command line if it is what you mean.

    I know you don't believe that your phone uses vbmeta, but we can't rule it out unless you can flash it properly.
    Well, as I mentioned: VBMETA is filled with all zeroes. Do you think all zeroes can effectively prevent me from using customized images?

    Do you know if your device uses A/B partitioning?
    It certainly does not.

    What happens if you use TWRP and try:
    I cannot use TWRP because TWRP is a customized (changed) recovery. My ugly device does NOT allow using amended partition. It relates to both boot and recovery.
     
    Last edited:

    Austinredstoner

    Senior Member
    Feb 3, 2021
    385
    1
    401
    Moto G7
    Device: 360 N6 Lite by QIKU, Snapdragon 630

    Device is running stock ROM based on android 8.1, no mods, no tweaks, just a stock android. I've never ever messed with any system files/partitions.

    Addtional info about my device:

    1. fastboot has limited functionality: it cannot flash any partiton, therefore the only way I can flash anything is by QFIL
    2. I can patch stock boot.img by Magisk alright. However, when I flash patched boot phone goes to Red State (or bootloop if phone is connected to PC), so Magisk is not an option here. Or I'm just so stupid I do not see how to benefit from Magisk. I hope I might have a chance with superSU though.
    Log of Magisk patching the stock boot is attached here.
    3. bootloader is unlocked:
    (bootloader) unlocked:yes
    (bootloader) off-mode-charge:0
    (bootloader) charger-screen-enabled:0
    (bootloader) battery-soc-ok:yes
    (bootloader) battery-voltage:3975
    (bootloader) version-baseband:
    (bootloader) version-bootloader:
    (bootloader) variant:SDM EMMC
    (bootloader) partition-type:cache:ext4
    (bootloader) partition-size:cache: 0x1F400000
    (bootloader) partition-type:userdata:ext4
    (bootloader) partition-size:userdata: 0x5EBBFBE00
    (bootloader) partition-type:system:ext4
    (bootloader) partition-size:system: 0xE0000000
    (bootloader)
    secure:yes
    (bootloader) serialno:********
    (bootloader) product:QK1713-A01
    (bootloader) max-download-size:536870912
    (bootloader) kernel:uefi
    (bootloader)
    Verity mode: true
    (bootloader) Device unlocked: true
    (bootloader)
    Device critical unlocked: true
    (bootloader) Charger screen enabled: false


    Phone is apparently not rooted as shown on attached pics. However, when I run <adb shell> command, it appears as if there is a root already installed: https://forum.xda-developers.com/t/i-need-help-rooting-my-zte-quest-5.4276715/post-85018813

    This phone really bothers me. I cannot flash custom recovery, I cannot flash any partition using fastboot and I cannot figure out how to properly install SU-binary.

    Any help is much appreciated!
    What's your android version I see that you're using SuperSU just to let u know SuperSU only works on Android Nougat and below this means if you're running android Oreo and above SuperSU will no longer work for Android Oreo and above I recommend u to use magisk
     

    vp1117

    Senior Member
    Jan 30, 2019
    55
    6
    What's your android version I see that you're using SuperSU just to let u know SuperSU only works on Android Nougat and below this means if you're running android Oreo and above SuperSU will no longer work for Android Oreo and above I recommend u to use magisk
    I'm not using superSU. I only wanted to explore if it would be possible to use superSU on my device.

    Stock ROM is based on Oreo.

    I cannot use Magisk.
     

    jwoegerbauer

    Senior Member
  • Jul 11, 2009
    5,512
    9
    1,326
    European Union
    I'm not using superSU. I only wanted to explore if it would be possible to use superSU on my device.
    What do you really want to have: SuperSU or SU ( read: Switch User )? SuperSU is a Superuser access management tool ( authored by Chainfire ), whereas SU is a binary ( ported from Linux distros ) that allows to perform actions on Android with Superuser privileges similar to the Administrator privileges on Windows OS.
     

    vp1117

    Senior Member
    Jan 30, 2019
    55
    6
    What do you really want to have: SuperSU or SU ( read: Switch User )? SuperSU is a Superuser access management tool, whereas SU is a binary that allows to perform actions on Android with Superuser privileges similar to the Administrator privileges on Windows OS.
    Thank you. You are right: probably, I'm not clear in stating of my goal. I need to be able to run file managers like Root Explorer with root privileges, i.e. to access and amend files in system areas.
     

    jwoegerbauer

    Senior Member
  • Jul 11, 2009
    5,512
    9
    1,326
    European Union
    Sure. Could you please share details what exactly to be checked: files/locations/permissions/what?

    Just in case:

    1|QK1713:/ # ls /system/bin/su
    ls: /system/bin/su: No such file or directory
    1|QK1713:/ # ls /system/xbin/su
    ls: /system/xbin/su: No such file or directory
    1|QK1713:/ #
    QK1713:/ # find /system -name "su"
    QK1713:/ #
    QK1713:/ # find /data -name "su"
    QK1713:/ #
    QK1713:/ # find /system -name "busy*"
    /system/bin/busybox
    QK1713:/ #
    This screenshot of Android's terminal window shows that phone's Android must be somehow rooted because of # is shown instead of $ in front of each line

    Run either on computer
    Code:
    adb devices
    adb shell "mount -t auto -o rw,remount /system"
    or in Android terminal
    Code:
    mount -t auto -o rw,remount /system

    Is it giving you a 'not permitted' error - or similar?
     
    Last edited:

    vp1117

    Senior Member
    Jan 30, 2019
    55
    6
    This screenshot of Android's terminal window shows that phone's Android must be somehow rooted because of # is shown instead of $ in front of each line

    Run either on computer
    Code:
    adb devices
    adb shell "mount -t auto -o rw,remount /system"
    or in Android terminal
    Code:
    mount -t auto -o rw,remount /system

    Is it giving you a 'not permitted' error - or similar?

    From PC's command prompt:

    Z:\android\adb>adb devices
    List of devices attached
    b839ca58 device

    Z:\android\adb>adb shell "mount -t auto -o rw,remount /system"

    Z:\android\adb>


    At the same time, from android terminal application:
    Screenshot_2021-05-17-18-36-01[1].png
     

    jwoegerbauer

    Senior Member
  • Jul 11, 2009
    5,512
    9
    1,326
    European Union
    @vp1117

    The screenshot shows that Android Terminal app is launched as normal user, not as superuser as former screenshots provided here by you show it.

    I have come to the conclusion that your phone is no longer in its state of delivery, as initially claimed by you: there are simply too many things that do not fit together.

    Hence my recommendation: Do a Factory Reset, then re-flash phone's Stock ROM to get rid off of all mods you applied so far, wipe phone's Cache partition, and afterwards restart your attempts to root it from the scratch - of course having the appropriate knowledge how to do it.

    My last 2 cents here:
    To re-flash phone's Stock ROM you use YGDP tool
    DL: https://droidfilehost.com/download/download-ygdp-tool-version/
     
    Last edited:
    • Like
    Reactions: eduardo.M

    vp1117

    Senior Member
    Jan 30, 2019
    55
    6
    Have done it.

    For ROM re-flashing I used QIKU vendor's utility, not YGDP. Screenhots of re-flashing are attached.

    Next, the only thing I did was to install Material Terminal and Root Explorer applications.

    Here are results of same commands executing:

    4.png


    5.png



    And Root Explorer denying device having been tooted:
    6.png
     

    Attachments

    • 1.png
      1.png
      53.5 KB · Views: 0
    • 2.png
      2.png
      45.7 KB · Views: 0
    • 3.jpg
      3.jpg
      149.4 KB · Views: 0

    jwoegerbauer

    Senior Member
  • Jul 11, 2009
    5,512
    9
    1,326
    European Union
    Once you run "adb shell" and you get greeted with a # prompt then you can perform commands in "adb shell" without having to run su. BTW: This is because of in your phone's Android properties ro.secure by default is set to 0.

    Be happy!


    You can try to add the su applet ( what is missing in your pre-installed no-root version of BusyBox ) to Android at your own - what requires both the phone's bootloader got unlocked and the Android's SELinux got disabled before:

    Code:
    adb devices
    adb shell "mkdir -p  /data/local/tmp"
    adb push <location-of-su-applet-on-pc-here> /data/local/tmp
    adb shell
    chmod 0777 /data/local/tmp/su
    chown root:root /data/local/tmp/su
    chcon /data/local/tmp/su u:object_r:su_exec:s0
    mount -t auto -o rw,remount /system
    mv -f /data/local/tmp/su  /system/bin/su
    mount -t auto -o ro,remount  /system
    exit
    adb reboot


    The matching su applet you fetch from SuperSU.zip.
     
    Last edited:

    vp1117

    Senior Member
    Jan 30, 2019
    55
    6
    Once you run "adb shell" and you get greeted with a # prompt then you can perform commands in "adb shell" without having to run su. BTW: This is because of in your phone's Android properties ro.secure by default is set to 0.
    Thank you for guiding me.

    There is a lot of information in your last post that I have to digest and understand being at zero-knowledge level.

    Let me start with this:

    ro.secure - is it defined in default.prop stored in boot.img?

    8.png
    9.png
     
    Last edited:

    jwoegerbauer

    Senior Member
  • Jul 11, 2009
    5,512
    9
    1,326
    European Union
    @vp1117

    It's the file build.prop located in /system directory what is the file of interest, not the "default.prop" file.
    Build.prop contains all those final settings / commands that make an Android device run smoothly.

    I'm pretty sure build.prop on your phone contains the lines

    ro.secure=0
    ro.debuggable=1
    persist.service.adb.enable=1


    FYI: If ro.secure=0 then adbd runs as root.



    BTW:
    I no longer participate this thread: It just doesn't make sense to me anymore.
     
    Last edited:

    Top Liked Posts

    • There are no posts matching your filters.
    • 1
      @vp1117

      The screenshot shows that Android Terminal app is launched as normal user, not as superuser as former screenshots provided here by you show it.

      I have come to the conclusion that your phone is no longer in its state of delivery, as initially claimed by you: there are simply too many things that do not fit together.

      Hence my recommendation: Do a Factory Reset, then re-flash phone's Stock ROM to get rid off of all mods you applied so far, wipe phone's Cache partition, and afterwards restart your attempts to root it from the scratch - of course having the appropriate knowledge how to do it.

      My last 2 cents here:
      To re-flash phone's Stock ROM you use YGDP tool
      DL: https://droidfilehost.com/download/download-ygdp-tool-version/
    • 1
      @vp1117

      The screenshot shows that Android Terminal app is launched as normal user, not as superuser as former screenshots provided here by you show it.

      I have come to the conclusion that your phone is no longer in its state of delivery, as initially claimed by you: there are simply too many things that do not fit together.

      Hence my recommendation: Do a Factory Reset, then re-flash phone's Stock ROM to get rid off of all mods you applied so far, wipe phone's Cache partition, and afterwards restart your attempts to root it from the scratch - of course having the appropriate knowledge how to do it.

      My last 2 cents here:
      To re-flash phone's Stock ROM you use YGDP tool
      DL: https://droidfilehost.com/download/download-ygdp-tool-version/
    Our Apps
    Get our official app!
    The best way to access XDA on your phone
    Nav Gestures
    Add swipe gestures to any Android
    One Handed Mode
    Eases uses one hand with your phone