How To Guide Full ROM dump of T-Mobile variant & guide on gaining root access without magisk

[lentm]

Here is stock boot.img for 11.0.1.7.DE18CB T-Mobile variant

96 MB file on MEGA

mega.nz

Wow, I thought 11.0.1.5 is the latest for T-Mobile. Why am I not getting any update notification? It keeps saying I have the latest one. :\

Edit: I'm bootloader unlocked and rooted.

 

[towardsdawn]

Wow, I thought 11.0.1.5 is the latest for T-Mobile. Why am I not getting any update notification? It keeps saying I have the latest one. :\

Edit: I'm bootloader unlocked and rooted.

I'm pretty sure they stagger the updates so not everyone gets them at the same time. You should be on 11.0.1.6 though, that shows up as available on their website . I am also unlocked and rooted, if you're rooted you will get the update notification but then it will say installation update failed when you try to update.

 

[lentm]

I'm pretty sure they stagger the updates so not everyone gets them at the same time. You should be on 11.0.1.6 though, that shows up as available on their website . I am also unlocked and rooted, if you're rooted you will get the update notification but then it will say installation update failed when you try to update.

I don't know why. It's weird. I just don't get any OTA update notification since I bootloader unlocked and rooted my N200.
If OTA update anyways fail after unlocking and rooting, I will just stay where I am.

 

[edale1]

You can still receive and install updates with the bootloader unlocked. The problem has to be in the rooting.

 

[lentm]

You can still receive and install updates with the bootloader unlocked. The problem has to be in the rooting.

Yea, that I can't give up for VPN Hotspot app, so convenient compared to PDANet+

 

[lentm]

Here is stock boot.img for 11.0.1.7.DE18CB T-Mobile variant

96 MB file on MEGA

mega.nz

Thank you, I was able to take OTA, 11.0.1.8 with this boot.img
How did you extract this img by the way?

 

[towardsdawn]

Thank you, I was able to take OTA, 11.0.1.8 with this boot.img
How did you extract this img by the way?

I did the steps in the guide I wrote here and I also installed the OTA after factory resetting. If you want stock boot.img for the current installed version you can skip the factory reset step.

However, as long as there wasn't a major Android version update (which changes boot.img drastically), there is a much easier way.

The boot.img is probably similar enough between OTAs that you can

1. uninstall Magisk if it is installed, get OTA
2. fastboot getvar all to get active partition
3. boot a Magisk patched boot.img from a previous system version by

   fastboot boot patched_old_boot.img

   to get root. make sure to avoid doing fastboot flash because that would get rid of the new boot.img and replace it with the old boot.img.
4. do the final dd step in the above guide.

 

[lentm]

I did the steps in the guide I wrote here and I also installed the OTA after factory resetting. If you want stock boot.img for the current installed version you can skip the factory reset step.

However, as long as there wasn't a major Android version update (which changes boot.img drastically), there is a much easier way.

The boot.img is probably similar enough between OTAs that you can

1. uninstall Magisk if it is installed, get OTA
2. fastboot getvar all to get active partition
3. boot a Magisk patched boot.img from a previous system version by

   fastboot boot patched_old_boot.img

   to get root. make sure to avoid doing fastboot flash because that would get rid of the new boot.img and replace it with the old boot.img.
4. do the final dd step in the above guide.

Oh..right...I should've booted a patched img file before I flash. arrghhh.
Can you share a stock 11.0.1.8 boot.img file when you have a chance?
I appreciate it!

 

[towardsdawn]

Oh..right...I should've booted a patched img file before I flash. arrghhh.
Can you share a stock 11.0.1.8 boot.img file when you have a chance?
I appreciate it!

Here you go (I've also included factory stock boot.img and factory patched boot.img). I figured out an even better method which is:

1. Uninstall Magisk, Restore images
2. Get OTA. Make sure "Automatic system updates" is turned off under Developer Options, this way the device won't automatically reboot after the OTA
3. Before rebooting, adb su and then dd the new boot.img
4. Continue system update and reboot the phone
5. Install Magisk by patching the new boot.img

I would suggest avoiding using Magisk's "install to inactive slot after OTA" because that bricked my phone for whatever reason and I had to factory reset.

 

[lentm]

Here you go (I've also included factory stock boot.img and factory patched boot.img). I figured out an even better method which is:

1. Uninstall Magisk, Restore images
2. Get OTA. Make sure "Automatic system updates" is turned off under Developer Options, this way the device won't automatically reboot after the OTA
3. Before rebooting, adb su and then dd the new boot.img
4. Continue system update and reboot the phone
5. Install Magisk by patching the new boot.img

I would suggest avoiding using Magisk's "install to inactive slot after OTA" because that bricked my phone for whatever reason and I had to factory reset.

I really appreciate it!!
and for the better method, Step 1 always didn't work for me.
It would say there's no image backed up...and complete uninstall option will not revert back to "real" original boot image, just removing Magisk. (ota will show error, safetynet check will fail).

 

[towardsdawn]

I really appreciate it!!
and for the better method, Step 1 always didn't work for me.
It would say there's no image backed up...and complete uninstall option will not revert back to "real" original boot image, just removing Magisk. (ota will show error, safetynet check will fail).

I think you said above you did fastboot flash the magisk patched img. Using fastboot flash no backup is created. Using Magisk direct install, Magisk will create a backup of the stock image. If that is the case you can do the following:

1. If you don't have a copy of Magisk patched 11.0.1.8 boot.img, use Magisk app to patch the stock 11.0.1.8 img and adb pull to your computer
2. fastboot flash the stock 11.0.1.8 img
3. fastboot boot the patched img
4. Open Magisk app, Direct Install magisk to force Magisk to create a backup, and reboot

That way in the future you can do Magisk uninstall restore image and it will work.

 

[lentm]

I think you said above you did fastboot flash the magisk patched img. Using fastboot flash no backup is created. Using Magisk direct install, Magisk will create a backup of the stock image. If that is the case you can do the following:

1. If you don't have a copy of Magisk patched 11.0.1.8 boot.img, use Magisk app to patch the stock 11.0.1.8 img and adb pull to your computer
2. fastboot flash the stock 11.0.1.8 img
3. fastboot boot the patched img
4. Open Magisk app, Direct Install magisk to force Magisk to create a backup, and reboot

That way in the future you can do Magisk uninstall restore image and it will work.

Seems to be working correctly! I really appreciate it!

 

[EnumC]

I did the following to try to replicate what EnumC did and I got the same stock boot.img but in partition A instead of partition B:

Used MSMDownloadTool to reset to factory image

Unlocked bootloader with one line adb command

Download phhusson's GSI as EnumC mentioned

Installed msys2 with mingw64 tool chain, base devel, and mingw64 gettext, add an include statement and include asprintf in order to build simg2img on Windows (I've attached my build for 64 bit Win 10 here)

Unzip GSI.xz and then unsparse it using simg2img

Follow instructions here to install GSI. The $(du) is to calculate disk usage of the system_raw.img on your PC

adb reboot fastboot, fastboot getvar all to get active partition (factory image should be a)

You can now adb shell, su, and then dd to extract /dev/block/bootdevice/by-name/boot_a

This was exactly what I did, except I used WSL instead! Thank you so much for writing it out in more depth. I was going to write a dump script & more in-depth instructions last summer, but T-Mobile threw me a bone with their new promos and I got myself an S21 instead. Hurray, no root for me!

If you haven't already, I'll post the script for dumping the partitions from any device that has BL unlock but no stock firmware yet using that GSI method.

 

[Duanpao]

This was exactly what I did, except I used WSL instead! Thank you so much for writing it out in more depth. I was going to write a dump script & more in-depth instructions last summer, but T-Mobile threw me a bone with their new promos and I got myself an S21 instead. Hurray, no root for me!

If you haven't already, I'll post the script for dumping the partitions from any device that has BL unlock but no stock firmware yet using that GSI method.

Any update on that dump script?

 

[TheLoonyRebel]

Here you go (I've also included factory stock boot.img and factory patched boot.img).

Thank you so much for sharing your patched boot.img.

 

[cass89]

Can't get dsu to install.. following

Dynamic System Updates (DSU) | Android Developers

Dynamic System Updates (DSU) lets developers install a GSI side by side with the device's system image on a DSU-supported device that runs Android 10 or higher.

developer.android.com

"Step 4: launch dsu using adb" gives me error "cut not recognized as internal/external command"..
I'm using windows but afaik that command runs inside adb shell, so it's executed on the phone.. "cut" command works inside terminal emulator on the phone so I'm not sure how to fix this..
Anyone else have this problem? I searched around but can't find anything

 

[towardsdawn]

Can't get dsu to install.. following

Dynamic System Updates (DSU) | Android Developers

Dynamic System Updates (DSU) lets developers install a GSI side by side with the device's system image on a DSU-supported device that runs Android 10 or higher.

developer.android.com

"Step 4: launch dsu using adb" gives me error "cut not recognized as internal/external command"..
I'm using windows but afaik that command runs inside adb shell, so it's executed on the phone.. "cut" command works inside terminal emulator on the phone so I'm not sure how to fix this..
Anyone else have this problem? I searched around but can't find anything

The $(du... |cut) tells your system shell to launch another shell to run the command, then use the return value of the command as a value to be passed as a parameter to the start-activity command. The start-activity command receives that parameter and then runs inside the android adb shell.

On PC unless you have installed msys2 or something similar and have cut in your $PATH, your system shell won't have the cut command available. This is no issue because the purpose of the command is to get the file size of the system_raw.img in bytes. You can do that manually on PC (right click, properties) and enter in the number in place of that command.

This is one of the cases where the documentation assumes everyone reading it runs Linux

 

[T3CHN0T33N]

The $(du... |cut) tells your system shell to launch another shell to run the command, then use the return value of the command as a value to be passed as a parameter to the start-activity command. The start-activity command receives that parameter and then runs inside the android adb shell.

On PC unless you have installed msys2 or something similar and have cut in your $PATH, your system shell won't have the cut command available. This is no issue because the purpose of the command is to get the file size of the system_raw.img in bytes. You can do that manually on PC (right click, properties) and enter in the number in place of that command.

This is one of the cases where the documentation assumes everyone reading it runs Linux

I am having trouble with launching the DSU. (attached images)
Any advice?

 

[towardsdawn]

I am having trouble with launching the DSU. (attached images)
Any advice?

For KEY_SYSTEM_SIZE parameter, is that the size of the unzipped GSI.img (NOT the size of GSI.img.gz)?

Have you followed all the steps here?

Otherwise I have no idea, sorry.

 

[T3CHN0T33N]

For KEY_SYSTEM_SIZE parameter, is that the size of the unzipped GSI.img (NOT the size of GSI.img.gz)?

Have you followed all the steps here?

Otherwise I have no idea, sorry.

oof, yeah, I'll double-check though..

edit: It seems I had the size of the gziped file, oops. I'll try it now.
update: yup