• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Blade A3 Prime (Visible)

Search This thread

dtingley11222

Member
Nov 16, 2020
38
0
First, always dump your stock rom with these tools: https://github.com/bkerler/mtkclient

This is called mtkclient. It reverse engineers download mode so that we can pull down the flash. Once you put your phone in download mode, use this command to back up the whole flash

python mtk rf flash.bin

Now that we've made a backup, we can start screwing around with the phone.

Inside of that flash bin you can find all the partitions inside of it. Look for boot.img and vbmeta.img. After you find both of those, use magisk manager to root the stock boot.img.

Now we can also use this mtkclient software to unlock the bootloader. But we first have to erase metadata, userdata, and md_udc.

python mtk e metadata, userdata, md_udc

Now we can unlock the bootloader.

python mtk da seccfg unlock

After unlocking the bootloader, you can now flash partitions. Flash your patched boot.img in bootloader mode.

Fastboot flash boot (patched boot.img)

Now we need our original vbmeta. We need to flash it while disabling verification.

Fastboot - - disable-verity - - disable-verification flash vbmeta (vbmeta.img)

And that's it! Enjoy your rooted phone :)
 
First, always dump your stock rom with these tools: https://github.com/bkerler/mtkclient

This is called mtkclient. It reverse engineers download mode so that we can pull down the flash. Once you put your phone in download mode, use this command to back up the whole flash

python mtk rf flash.bin

Now that we've made a backup, we can start screwing around with the phone.

Inside of that flash bin you can find all the partitions inside of it. Look for boot.img and vbmeta.img. After you find both of those, use magisk manager to root the stock boot.img.

Now we can also use this mtkclient software to unlock the bootloader. But we first have to erase metadata, userdata, and md_udc.

python mtk e metadata, userdata, md_udc

Now we can unlock the bootloader.

python mtk da seccfg unlock

After unlocking the bootloader, you can now flash partitions. Flash your patched boot.img in bootloader mode.

Fastboot flash boot (patched boot.img)

Now we need our original vbmeta. We need to flash it while disabling verification.

Fastboot - - disable-verity - - disable-verification flash vbmeta (vbmeta.img)

And that's it! Enjoy your rooted phone :)
Hey uh I think there was an already existing root guide but atleast there’s a simpler one ig
 
  • Like
Reactions: dtingley11222

wkv2101

Member
Aug 4, 2011
40
14
First, always dump your stock rom with these tools: https://github.com/bkerler/mtkclient

This is called mtkclient. It reverse engineers download mode so that we can pull down the flash. Once you put your phone in download mode, use this command to back up the whole flash

python mtk rf flash.bin

Now that we've made a backup, we can start screwing around with the phone.

Inside of that flash bin you can find all the partitions inside of it. Look for boot.img and vbmeta.img. After you find both of those, use magisk manager to root the stock boot.img.

Now we can also use this mtkclient software to unlock the bootloader. But we first have to erase metadata, userdata, and md_udc.

python mtk e metadata, userdata, md_udc

Now we can unlock the bootloader.

python mtk da seccfg unlock

After unlocking the bootloader, you can now flash partitions. Flash your patched boot.img in bootloader mode.

Fastboot flash boot (patched boot.img)

Now we need our original vbmeta. We need to flash it while disabling verification.

Fastboot - - disable-verity - - disable-verification flash vbmeta (vbmeta.img)

And that's it! Enjoy your rooted phone :)
hahaha hey razer lol
 
  • Like
Reactions: dtingley11222

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    First, always dump your stock rom with these tools: https://github.com/bkerler/mtkclient

    This is called mtkclient. It reverse engineers download mode so that we can pull down the flash. Once you put your phone in download mode, use this command to back up the whole flash

    python mtk rf flash.bin

    Now that we've made a backup, we can start screwing around with the phone.

    Inside of that flash bin you can find all the partitions inside of it. Look for boot.img and vbmeta.img. After you find both of those, use magisk manager to root the stock boot.img.

    Now we can also use this mtkclient software to unlock the bootloader. But we first have to erase metadata, userdata, and md_udc.

    python mtk e metadata, userdata, md_udc

    Now we can unlock the bootloader.

    python mtk da seccfg unlock

    After unlocking the bootloader, you can now flash partitions. Flash your patched boot.img in bootloader mode.

    Fastboot flash boot (patched boot.img)

    Now we need our original vbmeta. We need to flash it while disabling verification.

    Fastboot - - disable-verity - - disable-verification flash vbmeta (vbmeta.img)

    And that's it! Enjoy your rooted phone :)
    Hey uh I think there was an already existing root guide but atleast there’s a simpler one ig
    1
    First, always dump your stock rom with these tools: https://github.com/bkerler/mtkclient

    This is called mtkclient. It reverse engineers download mode so that we can pull down the flash. Once you put your phone in download mode, use this command to back up the whole flash

    python mtk rf flash.bin

    Now that we've made a backup, we can start screwing around with the phone.

    Inside of that flash bin you can find all the partitions inside of it. Look for boot.img and vbmeta.img. After you find both of those, use magisk manager to root the stock boot.img.

    Now we can also use this mtkclient software to unlock the bootloader. But we first have to erase metadata, userdata, and md_udc.

    python mtk e metadata, userdata, md_udc

    Now we can unlock the bootloader.

    python mtk da seccfg unlock

    After unlocking the bootloader, you can now flash partitions. Flash your patched boot.img in bootloader mode.

    Fastboot flash boot (patched boot.img)

    Now we need our original vbmeta. We need to flash it while disabling verification.

    Fastboot - - disable-verity - - disable-verification flash vbmeta (vbmeta.img)

    And that's it! Enjoy your rooted phone :)
    hahaha hey razer lol
  • 4
    No I haven't gotten root on the Visible firmware. I have root on the Yahoo firmware. We don't know what is causing the bootlooping when trying to flash the magisk boot image on the Visible firmware. I'll attach the steps below of what I did to get root on the Yahoo firmware.. keep in mind my device originally had the Visible firmware (Z5157V) on it.

    1) Flash Stock Yahoo Firmware (Z5157Y)

    2) Enable Developer Options

    3) Enable OEM Unlock & USB Debugging in Developer Options

    4) Boot to Bootloader
    adb reboot bootloader

    5) Ensure Device is Recognized by PC
    fastboot devices

    6) Proceed with Unlocking
    (Press Volume Up After Each Command to Confirm)
    fastboot flashing unlock
    fastboot flashing unlock_critical

    7) Reboot Device
    fastboot reboot

    8) Enable USB Debugging Again
    (OEM Unlock Should be Grayed Out & Enabled)

    9) Boot to Bootloader
    adb reboot bootloader

    10) Flash VBmeta (Obtained from thread #283)
    fastboot --disable-verity --disable-verification flash vbmeta <PATH-TO-VBMETA-FILE-HERE>

    11) Flash Modded Boot Image (Obtained from thread #284)
    fastboot --disable-verity --disable-verification flash boot <PATH-TO-BOOT-IMAGE-FILE-HERE>
    View attachment 5382835View attachment 5382837
    gonna borrow your steps and tweak it for any visible users:

    1) Enable Developer Options

    2) Enable OEM Unlock & USB Debugging in Developer Options

    3) Boot to Bootloader
    adb reboot bootloader

    4) Ensure Device is Recognized by PC
    fastboot devices

    5) Proceed with Unlocking
    (Press Volume Up After Each Command to Confirm)
    fastboot flashing unlock
    fastboot flashing unlock_critical

    6) Reboot Device
    fastboot reboot

    7) Enable USB Debugging Again
    (OEM Unlock Should be Grayed Out & Enabled)

    8) Boot to Bootloader
    adb reboot bootloader

    9) Flash VBmeta (Obtained from thread #283)
    fastboot --disable-verity --disable-verification flash vbmeta <PATH-TO-VBMETA-FILE-HERE>

    10) Flash Boot OSS unpatched Image (Obtained from thread #215) (SKIP THIS STEP IF YOU'RE CONFIDENT PATCHING WILL NOT BOOTLOOP YOUR DEVICE)
    fastboot --disable-verity --disable-verification flash boot <PATH-TO-BOOT-IMAGE-FILE-HERE>

    11) Reboot Device
    fastboot reboot

    12) If step 11 works without bootlooping, install magisk canary 23001 and patch boot file from step 10

    13) Boot to Bootloader
    adb reboot bootloader

    14) Flash magisk patched OSS boot image
    fastboot --disable-verity --disable-verification flash boot <PATH-TO-BOOT-IMAGE-FILE-HERE>

    15) Reboot Device
    fastboot reboot
    3
    I hope so too. Hope to understand this /super partition crap. I can't guarantee anything, but now that I'll have one, I can work much faster than solely doing it via messages like this and waiting for someone else to test.
    3
    Good news, won the bid. Wait a week or two and I'll be in the game for real
    2
    @tlopez51 I've been gone for a while, looks like a LOT happened in the span of 2 months. Would you be cool giving a TLDR summary of the progress? It looks like Magisk is finally working, that's great!
    Good to hear from you. Surely I would help in anyway to provide an update but I am not familiar with TLDR. Also, just like you I had dropped out after the last and final Magisk release but periodically would check in.

    Just recent there's been a spark of interest on this project and I see some folks have had some issues. Thanks to member luridphantom for keeping a watchful eye to help others while I slept at the wheel.

    Overall I think the most pressing problem is the result of wiping clean the IMEI to recover from the endless bootloop status. This would not be an issue at all if an oem rom backup was available to restore from. I myself have one such phone. You may recall I had jumped right into this project failing to take a snapshot of the oem rom due to that I was having some issues at the time but nevertheless took the risk. Unfortunately many did not heed to the warnings I too posted. As a result, I went ahead and revised my previous guides and hopefully any new comer will not fall into the same trap.

    Just an FYI.
    From all of my research the IMEI is not hard coded on this phone as far as I can tell but working to find out where it was kept it turns out is in the nvdata file which you will have from a backup. You can always flash this file back and it will restore the IEMI. In a pinch, you can flash the nvdata file from a working phone to another ZTE Blade A3 Prime where the IMEI was wiped clean to get data and calling features working again.

    As you may know, topjohnwu is no longer working on the Magisk project so I think we hit a wall on any new or further developments. Not sure we can push this project any further along.

    Let me know your thoughts.
    2
    Good to hear from you. Surely I would help in anyway to provide an update but I am not familiar with TLDR. Also, just like you I had dropped out after the last and final Magisk release but periodically would check in.

    Just recent there's been a spark of interest on this project and I see some folks have had some issues. Thanks to member luridphantom for keeping a watchful eye to help others while I slept at the wheel.

    Overall I think the most pressing problem is the result of wiping clean the IMEI to recover from the endless bootloop status. This would not be an issue at all if an oem rom backup was available to restore from. I myself have one such phone. You may recall I had jumped right into this project failing to take a snapshot of the oem rom due to that I was having some issues at the time but nevertheless took the risk. Unfortunately many did not heed to the warnings I too posted. As a result, I went ahead and revised my previous guides and hopefully any new comer will not fall into the same trap.

    Just an FYI.
    From all of my research the IMEI is not hard coded on this phone as far as I can tell but working to find out where it was kept it turns out is in the nvdata file which you will have from a backup. You can always flash this file back and it will restore the IEMI. In a pinch, you can flash the nvdata file from a working phone to another ZTE Blade A3 Prime where the IMEI was wiped clean to get data and calling features working again.

    As you may know, topjohnwu is no longer working on the Magisk project so I think we hit a wall on any new or further developments. Not sure we can push this project any further along.

    Let me know your thoughts.
    I was actually the one helping people here as well as others from the Discord but eh oh well lol. So there's no way to modify the nvdata file?
    So we cannot flash between variants then? Like visible should not flash yahoo? I'll update my AF post when I get a computer to access it on. I take it this somehow boot looped and wiped peoples devices. Which is weird, because I recall you doing it before and you had no issues.

    Be careful too with IMEI changing, in certain countries like the USA it's *basically* illegal to wipe or change the IMEI of your phone to something else, the only exception being to restore a lost one (that came with the device).

    I did not know Magisk support stopped. Did he say why? What will replace it? That's a shame since Magisk seemed to be the only way to get root access these days.
    Actually the only way I was able to get root was by first flashing the Yahoo stock firmware from your site.. I'm unable to get root on the Visible variant no matter what I try