[Guide] Enable ADB on the stock OxygenOS recovery

DroidFreak32 · Dec 4, 2020

Since we don't have TWRP yet for our 8T, having ADB enabled on the stock recovery can be really helpful if you are unlocked and rooted.
For example, removing problematic magisk modules.
I tried to install the EdExposed module and ended with a boot loop. To get back I had to flash the stock boot.img again and reconfigure all my modules again.

Having ADB enabled in OOS recovery will let us delete the problematic module at /data/adb/modules without having to delete the working modules.

Credit goes to @s3axel for the Post in Oneplus 8 forums
Quoting the procedure to create the modified recovery.img :

s3axel said:
Description of the method to modify recovery by yourself:

Prerequisites:

Android Image Kitchen (credit to osm0sis for providing this tool)

the original recovery image file (henceforth called "recovery.img"). You can extract this yourself from an update zip file by unpacking "payload.bin" and then use a tool like payload_dumper (credit to vm03 for providing this) to extract the recovery.img file

Now do the following:

unpack image with Image Kitchen --> this will create a "ramdisk" and a "Split_img" directory with the unpacked content within

navigate into the "ramdisk" folder and use a text editor (on windows preferably Notepad++) to edit the file "prop.default"

look for entry "ro.adb.secure" and change entry value from "1" to "0". Note this entry can occur multiple times (I noticed twice), change each --> this will prevent adb from asking for authorization (the recovery does not provide such a dialogue)

look for entry "ro.debuggable" and change this from "0" to "1" --> this actually enables ADB

look for entry "ro.secure" and change this from "1" to "0" --> may be unnecessary but I wanted to avoid brick in case a modified recovery would result in such a behavior

save textfile

repack the image with Android Image Kitchen and voila:

you have a new modified recovery image you can flash

Installation Procedure:

s3axel said:
Prerequisites:

Oneplus 8T

unlocked bootloader

access to fastboot on the phone

adb and fastboot

Installation:
Reboot the phone to fastboot, then flash the recovery from fastboot with the command

Code:

fastboot flash recovery <filename>

(with <filename> being the name of the recovery in the format of "recovery.img" you wish to flash)

Uninstall:
Same as installation, but flash the original stock recovery instead.

Usage:
Boot up recovery, enter the encryption key if the file system is encrypted. Then connect the phone to a PC and you are ready to go with adb. E.g. by using

Code:

adb shell

to open a shell and access the file system. Magisk modules are located in /data/adb/modules, deleting the corresponding directory there will remove the module in question.

Step-by-step this would be:

Code:

cd /data/adb/modules

to change to the Magisk modules directory

Code:

ls

to list the content of this directory, each module has its own directory, usually with a well-recognizable name

Code:

rm -r <directory>

to delete the directory in question. Tip: in console TAB-autocomplete works

Notes of caution:

ADB security is disabled as I could not get the recovery to allow for authorizing a connected computer. As a consequence, any computer connected is automatically authorized in ADB, although with an encrypted filesystem at least no data is accessible without the key.

with direct ADB access to your file system you can easily wreck you phone requiring a factory reset or even reinstallation of the OS from fastboot - please be careful about what you are doing

Credits: Thanks to osm0sis for Android kitchen and all great developers for the Oneplus devices.

Pre-patched files for the lazy (upto 11.0.4.5):
To find your model and build:

Code:

adb shell getprop ro.product.model
KB2001
adb shell getprop ro.build.version.ota
OnePlus8TOxygen_15.I.16_GLO_0160_2010150110

KB2000 / KB05?? - Chinese Variant

KB2001 / KB05DA - Indian Variant

KB2003 / KB05BA - EU Variant

KB2005 / KB05AA - International Variant thanks to @card13

KB2007 / KB05CB - T-Mobile Variant

Code:

❯ adb devices
List of devices attached
75317573        recovery
❯ adb shell
# df
Filesystem       1K-blocks    Used Available Use% Mounted on
rootfs             3648448   40396   3608052   2% /
tmpfs              3837328    1160   3836168   1% /dev
tmpfs              3837328       0   3837328   0% /mnt
tmpfs              3837328       0   3837328   0% /apex
tmpfs              3837328       4   3837324   1% /linkerconfig
tmpfs              3837328      24   3837304   1% /tmp
/dev/block/sda11    491464  140484    350980  29% /mnt/vendor/op2
/dev/block/sda20     11760     164     11596   2% /metadata
/dev/block/dm-3    1516540 1511956      4584 100% /vendor
/dev/block/sda2      27632   10452     17180  38% /mnt/vendor/persist
/dev/block/dm-7  110397292 6627020 103770272   7% /data

DroidFreak32 · Oct 21, 2020

I will edit this post over time with few notes/misc stuff.

For some reason, the only way we can boot into the recovery is to perform a fastboot flash.
Fastboot boot recovery.img does not seem to work and I have no idea why. (Even on stock recovery.img!!)
It just ends up in a black screen.
If someone could explain why it'll be great, cuz if we can just temporarily boot into the patched recovery, we can pull the boot.img files and provide root for all the variants of the 8T without waiting for a full OTA, with the below method:

Next, there *might* be a way to root other variants of 8T which do not have the full OTA zips
WARNING: I am NOT responsible if this does not work. you have been advised! This can render your recovery partition unusable until OnePlus releases full OTA ZIPs for all variants of the 8T!

s3axel · Oct 21, 2020 at 5:15 PM

DroidFreak32 said:
I will edit this post over time with few notes/misc stuff.

For some reason, the only way we can boot into the recovery is to perform a fastboot flash.
Fastboot boot recovery.img does not seem to work and I have no idea why. (Even on stock recovery.img!!)
It just ends up in a black screen....

Sadly I have no real explanation either, but I had the same effect during my testing - I assumed it's related to some mechanism around the encryption of the partitions.

Cheers & thanks for continuing this for the 8T !

dijia1124 · Oct 22, 2020 at 12:40 PM

Sorry but I want to ask a noob question: can I use this method to adb sideload a FULL OTA zip via this recovery as currently when I'm trying to switch to EU OOS from IN OOS, the local upgrader says that I can't install an older version of OOS

DroidFreak32 · Oct 23, 2020 at 6:47 AM

dijia1124 said:
Sorry but I want to ask a noob question: can I use this method to adb sideload a FULL OTA zip via this recovery as currently when I'm trying to switch to EU OOS from IN OOS, the local upgrader says that I can't install an older version of OOS

No I don't think this recovery allows flashing in the first place.

theincognito · Oct 23, 2020 at 3:07 PM

DroidFreak32 said:
No I don't think this recovery allows flashing in the first place.

Well, first of all, nice of you to post this for everybody. I had did this following the same tutorial, my first day I received my phone itself, and I also encountered the same issue of unable to boot recovery img.

Btw, you are right. OnePlus disabled adb sideload in their A/B devices. I researched extensively and couldn't find a way to re-enable it.
Well, even if it was present, it will only allow zips with signed keys from OP to be flashed, so not a replacement for TWRP anyway.

As for flashing OP updates and other custom roms, you can use fastbootd.

card13 · Oct 30, 2020 at 10:33 PM

@theincognito Did you ever figure out the reason why they disabled ADB and ADB Sideloading? And do you know if OnePlus has a workaround (new protocol or command to accomplish the same effect)?

theincognito · Oct 31, 2020

card13 said:
@theincognito Did you ever figure out the reason why they disabled ADB and ADB Sideloading? And do you know if OnePlus has a workaround (new protocol or command to accomplish the same effect)?

First of all, ADB was there to facilitate ADB sideloading. Once sideloading went away, they removed ADB entirely.

As for removing sideloading, as far as I can understand, it started when they switched to A/B partition for their phones, because by default, A/B devices don't have a dedicated recovery partition(like Pixel/Android One phones). So they removed it.
However, from OnePlus 8, OnePlus brought back the dedicated recovery partition while still using A/B. So, now, if they want, they could bring back the sideloading, imo.

As for workaround, there are only 2 options: TWRP (or any custom recovery) and fastbootd.

You can flash stock roms via fastbootd, but that involves extracting the zip via payload and flashing the images individually. As for custom roms, from fastbootd, you can use "fastboot update <rom.zip>". As simple as that.

card13 · Oct 31, 2020

@theincognito Thank you for the info it is very, very informative and gives me a lot of ideas of what to try next!
@DroidFreak32 I uploaded all my Recovery files to my GDrive, along with all my rooting files. https://drive.google.com/drive/folders/1-i4P8sWPfyqwgYvBsKWAAftQW7m66Z70?usp=sharing

liver20 · Nov 13, 2020 at 12:23 AM

Hace latest ota 11.0.3.4 BA recovery modified and recovery stock?

---------- Post added at 01:23 AM ---------- Previous post was at 01:22 AM ----------

card13 said:
@theincognito Thank you for the info it is very, very informative and gives me a lot of ideas of what to try next!
@DroidFreak32 I uploaded all my Recovery files to my GDrive, along with all my rooting files. https://drive.google.com/drive/folders/1-i4P8sWPfyqwgYvBsKWAAftQW7m66Z70?usp=sharing

Have latest ota 11.0.3.4 BA recovery modified and recovery stock?

ChillDuder · Nov 13, 2020

hmm. seems, they changed something with the adb rights in 11.0.3.4.
ls /data is also permitted.

(edit: i used adb-recovery to delete a magisk module previous on 11.0.2.3)

DroidFreak32 · Nov 13, 2020

ChillDuder said:
hmm. seems, they changed something with the adb rights in 11.0.3.4.
ls /data is also permitted.

(edit: i used adb-recovery to delete a magisk module previous on 11.0.2.3)

It's working fine here
What's your 8t model?

Also updated the op with links for patched recovery from 11.0.3.4

ChillDuder · Nov 23, 2015 26 2 23

DroidFreak32 said:
It's working fine here
What's your 8t model?

Also updated the op with links for patched recovery from 11.0.3.4

KB2003
Thank you. I'll flash again later. Maybe i did something wrong in the prop file.

hanajoruno · Jul 17, 2017 1 0 0

if your device been rooted and grant su for adb shell, you can also use CMD to enter commands "
>adb shell
$su
#magisk --remove-modules
"to remove all modules and reboot;
others,you had to flash the stock boot.img again

ChillDuder · Nov 14, 2020

hanajoruno said:
if your device been rooted and grant su for adb shell, you can also use CMD to enter commands "
>adb shell
$su
#magisk --remove-modules
"to remove all modules and reboot;
others,you had to flash the stock boot.img again

su in adb shell dont worked for me (su binary isnt installed from magisk)
but for whatever reason, i have to reboot normaly, and via advanced poweroff menu directly to recovery. then it worked flawless. weird. previous i reboot to fastboot and from there to recovery. seems that this maybe is a differnce.

KrishTej · Jul 10, 2017 34 8 8

Thank you! Thank you so much. I tried a risky module and it crashed my phone. I was so scared as I had a lot of important data which I didn't backup. I followed your guide and I was able to remove the module and boot properly. I just can't thank you enough. You saved my life.

card13 · Nov 14, 2020 at 11:15 PM

@liver20 No I am still on 11.0.1.2 since I haven't had time this week (life loves to get in the way) to unroot -> Apply Incremental OTA update file -> re-root.

xDanVitox · Nov 30, 2020 at 2:00 AM

I'm getting the black screen even after flashing the recovery. I can get into adb but have no way of decrypting? I am not able to enter my pattern. Am I missing something here?

DroidFreak32 · Nov 30, 2020 at 5:19 PM

xDanVitox said:
I'm getting the black screen even after flashing the recovery. I can get into adb but have no way of decrypting? I am not able to enter my pattern. Am I missing something here?

What's your oos build and 8t variant?
Have you tried manualy patching the recovery image yourself from your oos build instead of using the patched images by me?

xDanVitox · Nov 30, 2020 at 5:32 PM

DroidFreak32 said:
What's your oos build and 8t variant?
Have you tried manualy patching the recovery image yourself from your oos build instead of using the patched images by me?

I'm on 11.0.4.5 - KB2005

I did, yes. I used the broken TWRP to pull the recovery off of my phone and patched that. I tried using the one from unpacked kebab image as well. Tried booting and flashing and both give the same result. They both "work" but result in blank screen. Flashing back my backup original copy from my phone returns normal function.

Am I supposed to be seeing my pattern input the same as stock?

And thanks for the response!

[Guide] Enable ADB on the stock OxygenOS recovery

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Member

Attachments

Senior Member

Member

New member

Member

Attachments

Member

Senior Member

Senior Member

Senior Member

Senior Member