Axon 7 root without bootloader unlocked

tenfar · Aug 18, 2016 at 5:30 PM

KyJelly69 said:
can we get a guide with what order to do the steps in if you are doing it for the first time including creating a stock backup please

It's simple,if you want to backup stock recovery,you just flash twrp to boot partition,just a simple rename files .my tool will flash boot.img to boot partition with-b option.and flash recovery.img to recovery partition with-r option.
It will not check what the real file is,just base on file name

r3xx3r · Aug 18, 2016 at 5:31 PM

tenfar said:
Have you backup your data. What model you have? This shows it works on your model. And what you need to do is format data.the password required is because the devices's data is a encrypted file system. So maybe the boot is newly flashed so the private key is different. If you didn't backup your data,flash back to stock boot image,if you have backed up your data,boot into stock recovery do a factory reset.

I can't find the stock boot image. Can you link me to it and instructions on how to flash it please?

tenfar · Aug 18, 2016

r3xx3r said:
I can't find the stock boot image. Can you link me to it and instructions on how to flash it please?

What's your model? You can read through the thread,you will find the firmware for both eu model and us model.replace the boot.img with the stock boot.img.and run my program with -b option again.

r3xx3r · Aug 18, 2016

tenfar said:
What's your model? You can read through the thread,you will find the firmware for both eu model and us model.replace the boot.img with the stock boot.img.and run my program with -b option again.

My model number is 2017U and I don't see the firmware for this model anywhere.

tenfar · Aug 18, 2016 at 5:43 PM

r3xx3r said:
My model number is 2017U and I don't see the firmware for this model anywhere.

https://idlekernel.com/flash-tools/firmware/ailsa_ii_A2017U/

tdgillihan · Aug 18, 2016

r3xx3r said:
Okay, slight problem here. After following your instructions I rebooted to Android and I get a message that says "To start Android, enter your password" I have never set a password and I don't know what this message is. I have not seen it before. I have been using my fingerprint and a pin to unlock my phone but neither seem to work. Any ideas on how to get passed this??

I have the US version with a locked bootloader.
I can get into TWRP just fine.

I have also seen this on other devices where if you have a fingerprint lock it looks for the backup password or pattern etc. Does zte not require any backup password in case the fp scan doesn't work?
@tenfar, perhaps recommending disabling all locks before doing this would be a good thing if it's going to look for it as it appears to?

tenfar said:
Have you backup your data. What model you have? This shows it works on your model. And what you need to do is format data.the password required is because the devices's data is a encrypted file system. So maybe the boot is newly flashed so the private key is different. If you didn't backup your data,flash back to stock boot image,if you have backed up your data,boot into stock recovery do a factory reset.

EDIT: make that *delete* all stored lockscreen password, scans etc.
Sent from my Nexus 6 using Tapatalk

r3xx3r · Aug 18, 2016 at 5:53 PM

tdgillihan said:
I have also seen this on other devices where if you have a fingerprint lock it looks for the backup password or pattern etc. Does zte not require any backup password in case the fp scan doesn't work?
@tenfar, perhaps recommending disabling all locks before doing this would be a good thing if it's going to look for it as it appears to?

Sent from my Nexus 6 using Tapatalk

They have an option for a backup pin which is what I use but that entering that pin doesn't work. I just flashed the stock boot.img and wiped cache, dalvik, and data in twrp and now my phone seems to be fine. Luckily I didn't have anything important stored on it lol

tdgillihan · Aug 18, 2016

r3xx3r said:
They have an option for a backup pin which is what I use but that entering that pin doesn't work. I just flashed the stock boot.img and wiped cache, dalvik, and data in twrp and now my phone seems to be fine. Luckily I didn't have anything important stored on it lol

Ouch! Remember the first 3 rules of flashing:
1. Make a backup first.
2. Make a backup first.
3. Make a backup first.
?
Try deleting all stored locks (fp scans, pins patterns etc) and please try this again (after making a backup of at least system and boot img on your card). Would be nice to know if this works for us in US. Thanks.
Oh! It's always best to use a password for the backup to fp scan if you can. It's the most secure and it's what it looks for in these situations instead of a pin etc I'm thinking.

Sent from my Nexus 6 using Tapatalk

r3xx3r · Aug 18, 2016 at 6:22 PM

nope. Unfortunately it doesn't seem to work. I was able to get back into my phone, I turned off all lock settings and tried this again and it gave me the exact same problem. This time I am sure there is no password, yet it keeps asking for one.

tdgillihan · Aug 18, 2016 at 6:38 PM

r3xx3r said:
nope. Unfortunately it doesn't seem to work. I was able to get back into my phone, I turned off all lock settings and tried this again and it gave me the exact same problem. This time I am sure there is no password, yet it keeps asking for one.

I think you have to delete all the saved fp scans.

Sent from my Nexus 6 using Tapatalk

r3xx3r · Aug 18, 2016 at 6:55 PM

tdgillihan said:
I think you have to delete all the saved fp scans.

Sent from my Nexus 6 using Tapatalk

no, I checked that there were no stored fingerprints or passwords or anything. I just tried setting a lock screen password and it still doesnt work. Also, my WiFi wont turn on now. Any ideas? Anyone have the stock recovery they can send me that may help?

Is there a way to unlock the bootloader using TWRP? The only method I found requires the stock recovery.

KyJelly69 · Aug 18, 2016

tenfar said:
It's simple,if you want to backup stock recovery,you just flash twrp to boot partition,just a simple rename files .my tool will flash boot.img to boot partition with-b option.and flash recovery.img to recovery partition with-r option.
It will not check what the real file is,just base on file name

I'm still confused. Your app can put twrp on the boot partition or the recovery partition?
Instead of going into that detail just do it like this:
IF YOU HAVE NOT DONE ANYTHING YET START WITH STEP 1 IF YOU HAVE ALREADY CREATED YOUR BACKUP START WITH STEP 3
STEP 1. do this...
STEP 2. do this...
STEP 3. now that we have backed up the system image do this...
...

Edit:My phone has just been delivered and I want to make sure I have a stock backup before I try anything else.

KyJelly69 · Aug 18, 2016 at 8:36 PM

Will this root stay working after an OTA?

peramikic · Aug 18, 2016 at 9:11 PM

r3xx3r said:
nope. Unfortunately it doesn't seem to work. I was able to get back into my phone, I turned off all lock settings and tried this again and it gave me the exact same problem. This time I am sure there is no password, yet it keeps asking for one.

tdgillihan said:
I think you have to delete all the saved fp scans.

Sent from my Nexus 6 using Tapatalk

This is most likley since /data is encrypted on phone setup. Flashing that boot.img most likely breaks the crypto-chain. You would probably have to format the /data (factory-reset) after putting on new image so that the default password is re-encrypted with the new key when the phone reinitialized. And purge all the FP you might have saved.

---------- Post added at 01:11 PM ---------- Previous post was at 01:02 PM ----------

KyJelly69 said:
I'm still confused. Your app can put twrp on the boot partition or the recovery partition?
Instead of going into that detail just do it like this:
IF YOU HAVE NOT DONE ANYTHING YET START WITH STEP 1 IF YOU HAVE ALREADY CREATED YOUR BACKUP START WITH STEP 3
STEP 1. do this...
STEP 2. do this...
STEP 3. now that we have backed up the system image do this...
...

Edit:My phone has just been delivered and I want to make sure I have a stock backup before I try anything else.

The app can flash TWRP to both partitions. . So you can run TWRP as boot in order to backup stock recovery first. Then you can flash modified boot to see if it works. If you change stock recovery to TWRP aftre that and if you have that stock recovery backup, you can always flash it back in order to flash the full STOCK firmware (only CN and EU for now). You would just load TWRP as boot again, flash stock recovery and then reboot to it, flash full stock formware

I might write this up later if i find time but this should pretty much explain why TWRP can be flashe as both /boot and /recovery. Best would be if we get to fastboot to reboot to TWRP withouht flashing it. Then we can dump the whole phone in stock. But if you have stock boot.img already, that pretty much should do it. We just need the image from B20, not B20_boot to really be able to go to stock.

tdgillihan · Aug 18, 2016 at 9:37 PM

r3xx3r said:
no, I checked that there were no stored fingerprints or passwords or anything. I just tried setting a lock screen password and it still doesnt work. Also, my WiFi wont turn on now. Any ideas? Anyone have the stock recovery they can send me that may help?

Is there a way to unlock the bootloader using TWRP? The only method I found requires the stock recovery.

I think stock recovery is the only thing we didn't have yet. But let me look around for it. Didn't you do a full backup including recovery in twrp? If so you should be able to restore it in twrp. Not sure that you have to use stock recovery to unlock bl. Have you tried the method in the guide that @DrakenFX made?

Always thank those who are helpful...and just ignore those who aren't.

---------- Post added at 01:37 PM ---------- Previous post was at 01:29 PM ----------

Here's a link to the files that have been pulled: https://idlekernel.com/flash-tools/firmware/ailsa_ii_A2017U/B20/
No recovery though.

Always thank those who are helpful...and just ignore those who aren't.

KyJelly69 · Aug 18, 2016 at 9:40 PM

peramikic said:
This is most likley since /data is encrypted on phone setup. Flashing that boot.img most likely breaks the crypto-chain. You would probably have to format the /data (factory-reset) after putting on new image so that the default password is re-encrypted with the new key when the phone reinitialized. And purge all the FP you might have saved.

---------- Post added at 01:11 PM ---------- Previous post was at 01:02 PM ----------

The app can flash TWRP to both partitions. . So you can run TWRP as boot in order to backup stock recovery first. Then you can flash modified boot to see if it works. If you change stock recovery to TWRP aftre that and if you have that stock recovery backup, you can always flash it back in order to flash the full STOCK firmware (only CN and EU for now). You would just load TWRP as boot again, flash stock recovery and then reboot to it, flash full stock formware

I might write this up later if i find time but this should pretty much explain why TWRP can be flashe as both /boot and /recovery. Best would be if we get to fastboot to reboot to TWRP withouht flashing it. Then we can dump the whole phone in stock. But if you have stock boot.img already, that pretty much should do it. We just need the image from B20, not B20_boot to really be able to go to stock.

What is the best way to backup the entire stock ROM?
if I flash twrp to boot so I can backup stock recovery how do I backup stock boot if twrp was written there?
If I flash twrp to recovery first I could backup stock boot but not stock recovery.

---------- Post added at 04:40 PM ---------- Previous post was at 04:39 PM ----------

tdgillihan said:
I think stock recovery is the only thing we didn't have yet. But let me look around for it. Didn't you do a full backup including recovery in twrp? If so you should be able to restore it in twrp. Not sure that you have to use stock recovery to unlock bl. Have you tried the method in the guide that @DrakenFX made?

Always thank those who are helpful...and just ignore those who aren't.

---------- Post added at 01:37 PM ---------- Previous post was at 01:29 PM ----------

Here's a link to the files that have been pulled: https://idlekernel.com/flash-tools/firmware/ailsa_ii_A2017U/B20/
No recovery though.

Always thank those who are helpful...and just ignore those who aren't.

That system.img is B20 right?

peramikic · Aug 18, 2016 at 10:12 PM

KyJelly69 said:
What is the best way to backup the entire stock ROM?
if I flash twrp to boot so I can backup stock recovery how do I backup stock boot if twrp was written there?
If I flash twrp to recovery first I could backup stock boot but not stock recovery.

---------- Post added at 04:40 PM ---------- Previous post was at 04:39 PM ----------

That system.img is B20 right?

As of right now you can't backup both with only one phone. The system is probably dump from the B20_Boot aftre BL unlock if those are jkuczera's dumps, as is boot.img and the rest of the files

tdgillihan · Aug 18, 2016 at 10:27 PM

peramikic said:
As of right now you can't backup both with only one phone. The system is probably dump from the B20_Boot aftre BL unlock if those are jkuczera's dumps, as is boot.img and the rest of the files

Ok, so now I'm confused. Based on your previous post, why couldn't you run twrp as boot and do a full backup of everything, then start over and flash twrp as recovery?

Always thank those who are helpful...and just ignore those who aren't.

peramikic · Aug 18, 2016 at 11:17 PM

tdgillihan said:
Ok, so now I'm confused. Based on your previous post, why couldn't you run twrp as boot and do a full backup of everything, then start over and flash twrp as recovery?

Always thank those who are helpful...and just ignore those who aren't.

You have to flash TWRP in either /boot or /recovery. We can't boot in TWRP as of yet, fastboot boot is missing i believe

tdgillihan · Aug 18, 2016

peramikic said:
You have to flash TWRP in either /boot or /recovery. We can't boot in TWRP as of yet, fastboot boot is missing i believe

That's different than what you said before:
"The app can flash TWRP to both partitions. . So you can run TWRP as boot in order to backup stock recovery first. Then you can flash modified boot to see if it works. If you change stock recovery to TWRP aftre that and if you have that stock recovery backup, you can always flash it back in order to flash the full STOCK firmware". I must be misunderstanding something.

KyJelly69 said:
What is the best way to backup the entire stock ROM?
if I flash twrp to boot so I can backup stock recovery how do I backup stock boot if twrp was written there?
If I flash twrp to recovery first I could backup stock boot but not stock recovery.

---------- Post added at 04:40 PM ---------- Previous post was at 04:39 PM ----------

That system.img is B20 right?

Always thank those who are helpful...and just ignore those who aren't.

Axon 7 root without bootloader unlocked

Retired Recognized Developer

Senior Member

Retired Recognized Developer

Senior Member

Retired Recognized Developer

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member