360 N6 Lite (QIKU): help is needed: 1)to root the device 2)to cope with AVB

Search This thread

vp1117

Senior Member
Jan 30, 2019
85
12
Device: 360 N6 Lite by QIKU, Snapdragon 630

Device is running stock ROM based on android 8.1, no mods, no tweaks, just a stock android. I've never ever messed with any system files/partitions.

Stock ROM was re-flashed a few days ago after this thread was posted - to satisfy request of some person who thought I had ROM tampered with.

I can re-flash ROM as many times as would be needed, upon request if anybody is really keen to help.

Addtional info about my device:

1. fastboot has limited functionality: it cannot flash any partiton. Therefore, if I have to flash certain partition, like booot/recovery/system I only can do it with QFIL flashing software.

2. I can patch stock boot.img by Magisk alright. However, after I flash patched boot phone goes to Red State (or bootloop if phone is connected to PC), so Magisk is not an option here. Or I'm just so stupid I do not see how to benefit from Magisk. Log of Magisk patching the stock boot is attached here.
I thought I might have a chance with superSU though.

3. bootloader is unlocked if I can trust the info below:
(bootloader) unlocked:yes
(bootloader) off-mode-charge:0
(bootloader) charger-screen-enabled:0
(bootloader) battery-soc-ok:yes
(bootloader) battery-voltage:3975
(bootloader) version-baseband:
(bootloader) version-bootloader:
(bootloader) variant:SDM EMMC
(bootloader) partition-type:cache:ext4
(bootloader) partition-size:cache: 0x1F400000
(bootloader) partition-type:userdata:ext4
(bootloader) partition-size:userdata: 0x5EBBFBE00
(bootloader) partition-type:system:ext4
(bootloader) partition-size:system: 0xE0000000
(bootloader)
secure:yes
(bootloader) serialno:********
(bootloader) product:QK1713-A01
(bootloader) max-download-size:536870912
(bootloader) kernel:uefi
(bootloader)
Verity mode: true
(bootloader) Device unlocked: true
(bootloader)
Device critical unlocked: true
(bootloader) Charger screen enabled: false


Phone is apparently not rooted as shown on attached pics. However, when I run <adb shell> command, it appears as if there is a root already installed as I see # prompt, not $.

This phone really makes me crazy. I cannot flash custom recovery, I cannot flash any partition using fastboot, I cannot flash any zip-package and I cannot figure out how to properly install SU-binary.

Any help is much appreciated!
 

Attachments

  • Screenshot_2021-05-15-16-05-24[1].png
    Screenshot_2021-05-15-16-05-24[1].png
    62.7 KB · Views: 25
  • Screenshot_2021-05-15-16-22-32[1].png
    Screenshot_2021-05-15-16-22-32[1].png
    211.4 KB · Views: 22
  • Screenshot_2021-05-15-16-31-26[1].png
    Screenshot_2021-05-15-16-31-26[1].png
    93.5 KB · Views: 25
  • boot.014.patched.23.0.txt
    4.1 KB · Views: 6
Last edited:
D

Deleted member 1890170

Guest
In the thread linked to above one can see BusyBox is installed on phone. BusyBox by default comes with the SU-binary. Check this.
 

vp1117

Senior Member
Jan 30, 2019
85
12
Sure. Could you please share details what exactly to be checked: files/locations/permissions/what?

Just in case:

1|QK1713:/ # ls /system/bin/su
ls: /system/bin/su: No such file or directory
1|QK1713:/ # ls /system/xbin/su
ls: /system/xbin/su: No such file or directory
1|QK1713:/ #
QK1713:/ # find /system -name "su"
QK1713:/ #
QK1713:/ # find /data -name "su"
QK1713:/ #
QK1713:/ # find /system -name "busy*"
/system/bin/busybox
QK1713:/ #
 
Last edited:

vp1117

Senior Member
Jan 30, 2019
85
12
Regarding AVB: the goal is to deactivate AVB 1.0 in order to be able to flash custom recovery (TWRP).


In Magisk log it is said 'Boot image is signed with AVB 1.0'

As mentioned here: AVB 1.0 there is no VBMETA partitions on devices with AVB 1.0. This is almost correct statement re my device. To be more precise: there is such a partition, list of partitions is attached. But VBMETA is filled with all zeroes. File mmcblk0p57 (dd-ed from device) is also attached, it consists of zeroes

Also, VBMETA partition is not supposed to be flashed when flashing stock ROM. Here's what is there in rawprogram0.xml:

Code:
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="vbmeta"  ...
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="vbmetabak" ...

So, I conclude it should be useless for me to try anything like:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img

Question is: is there any way how to deactivate AVB 1.0 so that I could flash boot.img patched by Magisk? Image of stock boot is attached herewith.

Or, almost the same question: what needs to be done with stock boot in order for my device does not reject custom recovery?
 

Attachments

  • partitions.txt
    7.9 KB · Views: 7
  • mmcblk0p57.zip
    246 bytes · Views: 3
  • boot.014.original.img.zip
    12.2 MB · Views: 3
Last edited:

Bondyuk

Member
Jun 29, 2010
11
1
Does your QFil tool allow you to add additional options when flashing an image?

I know you don't believe that your phone uses vbmeta, but we can't rule it out unless you can flash it properly.
I still find it really hard to believe that they removed the ability to flash from fastboot. It makes me think it is more likely that the syntax of the command is different. That's just my gut feeling and of course I may be wrong.

Do you know if your device uses A/B partitioning?

What happens if you use TWRP and try:
fastboot boot recovery.img
 

vp1117

Senior Member
Jan 30, 2019
85
12
Does your QFil tool allow you to add additional options when flashing an image?
QFIL - Qualcomm Flash Image Loader. It can flash any partition I want to but it does not support command line parameters: it is ran as a separate program, not from command line if it is what you mean.

I know you don't believe that your phone uses vbmeta, but we can't rule it out unless you can flash it properly.
Well, as I mentioned: VBMETA is filled with all zeroes. Do you think all zeroes can effectively prevent me from using customized images?

Do you know if your device uses A/B partitioning?
It certainly does not.

What happens if you use TWRP and try:
I cannot use TWRP because TWRP is a customized (changed) recovery. My ugly device does NOT allow using amended partition. It relates to both boot and recovery.
 
Last edited:

Austinredstoner

Senior Member
Feb 3, 2021
965
2,072
Redmi Note 10 Pro
Device: 360 N6 Lite by QIKU, Snapdragon 630

Device is running stock ROM based on android 8.1, no mods, no tweaks, just a stock android. I've never ever messed with any system files/partitions.

Addtional info about my device:

1. fastboot has limited functionality: it cannot flash any partiton, therefore the only way I can flash anything is by QFIL
2. I can patch stock boot.img by Magisk alright. However, when I flash patched boot phone goes to Red State (or bootloop if phone is connected to PC), so Magisk is not an option here. Or I'm just so stupid I do not see how to benefit from Magisk. I hope I might have a chance with superSU though.
Log of Magisk patching the stock boot is attached here.
3. bootloader is unlocked:
(bootloader) unlocked:yes
(bootloader) off-mode-charge:0
(bootloader) charger-screen-enabled:0
(bootloader) battery-soc-ok:yes
(bootloader) battery-voltage:3975
(bootloader) version-baseband:
(bootloader) version-bootloader:
(bootloader) variant:SDM EMMC
(bootloader) partition-type:cache:ext4
(bootloader) partition-size:cache: 0x1F400000
(bootloader) partition-type:userdata:ext4
(bootloader) partition-size:userdata: 0x5EBBFBE00
(bootloader) partition-type:system:ext4
(bootloader) partition-size:system: 0xE0000000
(bootloader)
secure:yes
(bootloader) serialno:********
(bootloader) product:QK1713-A01
(bootloader) max-download-size:536870912
(bootloader) kernel:uefi
(bootloader)
Verity mode: true
(bootloader) Device unlocked: true
(bootloader)
Device critical unlocked: true
(bootloader) Charger screen enabled: false


Phone is apparently not rooted as shown on attached pics. However, when I run <adb shell> command, it appears as if there is a root already installed: https://xdaforums.com/t/i-need-help-rooting-my-zte-quest-5.4276715/post-85018813

This phone really bothers me. I cannot flash custom recovery, I cannot flash any partition using fastboot and I cannot figure out how to properly install SU-binary.

Any help is much appreciated!
What's your android version I see that you're using SuperSU just to let u know SuperSU only works on Android Nougat and below this means if you're running android Oreo and above SuperSU will no longer work for Android Oreo and above I recommend u to use magisk
 

vp1117

Senior Member
Jan 30, 2019
85
12
What's your android version I see that you're using SuperSU just to let u know SuperSU only works on Android Nougat and below this means if you're running android Oreo and above SuperSU will no longer work for Android Oreo and above I recommend u to use magisk
I'm not using superSU. I only wanted to explore if it would be possible to use superSU on my device.

Stock ROM is based on Oreo.

I cannot use Magisk.
 
D

Deleted member 1890170

Guest
I'm not using superSU. I only wanted to explore if it would be possible to use superSU on my device.
What do you really want to have: SuperSU or SU ( read: Switch User )? SuperSU is a Superuser access management tool ( authored by Chainfire ), whereas SU is a binary ( ported from Linux distros ) that allows to perform actions on Android with Superuser privileges similar to the Administrator privileges on Windows OS.
 

vp1117

Senior Member
Jan 30, 2019
85
12
What do you really want to have: SuperSU or SU ( read: Switch User )? SuperSU is a Superuser access management tool, whereas SU is a binary that allows to perform actions on Android with Superuser privileges similar to the Administrator privileges on Windows OS.
Thank you. You are right: probably, I'm not clear in stating of my goal. I need to be able to run file managers like Root Explorer with root privileges, i.e. to access and amend files in system areas.
 
D

Deleted member 1890170

Guest
Sure. Could you please share details what exactly to be checked: files/locations/permissions/what?

Just in case:

1|QK1713:/ # ls /system/bin/su
ls: /system/bin/su: No such file or directory
1|QK1713:/ # ls /system/xbin/su
ls: /system/xbin/su: No such file or directory
1|QK1713:/ #
QK1713:/ # find /system -name "su"
QK1713:/ #
QK1713:/ # find /data -name "su"
QK1713:/ #
QK1713:/ # find /system -name "busy*"
/system/bin/busybox
QK1713:/ #
This screenshot of Android's terminal window shows that phone's Android must be somehow rooted because of # is shown instead of $ in front of each line

Run either on computer
Code:
adb devices
adb shell "mount -t auto -o rw,remount /system"
or in Android terminal
Code:
mount -t auto -o rw,remount /system

Is it giving you a 'not permitted' error - or similar?
 
Last edited by a moderator:

vp1117

Senior Member
Jan 30, 2019
85
12
This screenshot of Android's terminal window shows that phone's Android must be somehow rooted because of # is shown instead of $ in front of each line

Run either on computer
Code:
adb devices
adb shell "mount -t auto -o rw,remount /system"
or in Android terminal
Code:
mount -t auto -o rw,remount /system

Is it giving you a 'not permitted' error - or similar?

From PC's command prompt:

Z:\android\adb>adb devices
List of devices attached
b839ca58 device

Z:\android\adb>adb shell "mount -t auto -o rw,remount /system"

Z:\android\adb>


At the same time, from android terminal application:
Screenshot_2021-05-17-18-36-01[1].png
 
D

Deleted member 1890170

Guest
@vp1117

The screenshot shows that Android Terminal app is launched as normal user, not as superuser as former screenshots provided here by you show it.

I have come to the conclusion that your phone is no longer in its state of delivery, as initially claimed by you: there are simply too many things that do not fit together.

Hence my recommendation: Do a Factory Reset, then re-flash phone's Stock ROM to get rid off of all mods you applied so far, wipe phone's Cache partition, and afterwards restart your attempts to root it from the scratch - of course having the appropriate knowledge how to do it.

My last 2 cents here:
To re-flash phone's Stock ROM you use YGDP tool
DL: https://droidfilehost.com/download/download-ygdp-tool-version/
 
Last edited by a moderator:
  • Like
Reactions: eduardo.M

vp1117

Senior Member
Jan 30, 2019
85
12
Have done it.

For ROM re-flashing I used QIKU vendor's utility, not YGDP. Screenhots of re-flashing are attached.

Next, the only thing I did was to install Material Terminal and Root Explorer applications.

Here are results of same commands executing:

4.png


5.png



And Root Explorer denying device having been tooted:
6.png
 

Attachments

  • 1.png
    1.png
    53.5 KB · Views: 5
  • 2.png
    2.png
    45.7 KB · Views: 4
  • 3.jpg
    3.jpg
    149.4 KB · Views: 3
D

Deleted member 1890170

Guest
Once you run "adb shell" and you get greeted with a # prompt then you can perform commands in "adb shell" without having to run su. BTW: This is because of in your phone's Android properties ro.secure by default is set to 0.

Be happy!


You can try to add the su applet ( what is missing in your pre-installed no-root version of BusyBox ) to Android at your own - what requires both the phone's bootloader got unlocked and the Android's SELinux got disabled before:

Code:
adb devices
adb shell "mkdir -p  /data/local/tmp"
adb push <location-of-su-applet-on-pc-here> /data/local/tmp
adb shell
chmod 0777 /data/local/tmp/su
chown root:root /data/local/tmp/su
chcon /data/local/tmp/su u:object_r:su_exec:s0
mount -t auto -o rw,remount /system
mv -f /data/local/tmp/su  /system/bin/su
mount -t auto -o ro,remount  /system
exit
adb reboot


The matching su applet you fetch from SuperSU.zip.
 
Last edited by a moderator:

vp1117

Senior Member
Jan 30, 2019
85
12
Once you run "adb shell" and you get greeted with a # prompt then you can perform commands in "adb shell" without having to run su. BTW: This is because of in your phone's Android properties ro.secure by default is set to 0.
Thank you for guiding me.

There is a lot of information in your last post that I have to digest and understand being at zero-knowledge level.

Let me start with this:

ro.secure - is it defined in default.prop stored in boot.img?

8.png
9.png
 
Last edited:
D

Deleted member 1890170

Guest
@vp1117

It's the file build.prop located in /system directory what is the file of interest, not the "default.prop" file.
Build.prop contains all those final settings / commands that make an Android device run smoothly.

I'm pretty sure build.prop on your phone contains the lines

ro.secure=0
ro.debuggable=1
persist.service.adb.enable=1


FYI: If ro.secure=0 then adbd runs as root.



BTW:
I no longer participate this thread: It just doesn't make sense to me anymore.
 
Last edited by a moderator:
  • Angry
Reactions: vp1117

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    D
    Deleted member 1890170
    @vp1117

    The screenshot shows that Android Terminal app is launched as normal user, not as superuser as former screenshots provided here by you show it.

    I have come to the conclusion that your phone is no longer in its state of delivery, as initially claimed by you: there are simply too many things that do not fit together.

    Hence my recommendation: Do a Factory Reset, then re-flash phone's Stock ROM to get rid off of all mods you applied so far, wipe phone's Cache partition, and afterwards restart your attempts to root it from the scratch - of course having the appropriate knowledge how to do it.

    My last 2 cents here:
    To re-flash phone's Stock ROM you use YGDP tool
    DL: https://droidfilehost.com/download/download-ygdp-tool-version/