[GUIDE][MODDED FIRMWARE][9.0.6][OP3/T]The least annoying 9.0.x firmware

nvertigo67

Senior Member
Dec 28, 2011
5,937
12,143
253
9.0.x Firmware update without loosing data

This is NOT the complete rom. This is just the firmware. If you don't know the difference see https://forum.xda-developers.com/showpost.php?p=83183385&postcount=173 .

First we've assumed his thread is for users wanting to avoid relocking the bootloader, reformating and reencrypting or suffering from selinux isn't enforcing anymore after updating. Since more and more issues with upgrading from 5.0.x firmware to 9.0.x firmware have shown up recently, you should consider this: https://forum.xda-developers.com/on...re-barrier-t3941164/post79827007#post79827007

Avoid relocking and/or reformating/reencrypting

For avoiding reformating all these three requirements have to be met:

  1. The device has a 5.0.x bootloader and keymaster (this is the case, if you run OxygenOS 5.0.x, if you use a custom rom and flashed some 5.0.x firmware yourself or if you use a previous version of the firmware package provided in this thrread.
  2. The 5.0.x bootloader is unlocked.
  3. The device is encrypted (meaning: the userdata partition is encrypted; always keep in mind OxygenOS forces encryption of userdata, no matter if you set a secured boot passphrase).

If only one single of these three prerequisites in not met, this thread is not for you! Every direction, flashable zip package and help in this thread relies on the above setup! (You can use the modded firmwarw packages, too, of course! But you arn't in need to do so, and may want to consider using the stock fw packages from @hellcat50, @kamilmirza or from my firmware archive)

Before processing further we need to know and accept some basic information on the bootloader and the keymaster:
  • If you just update the firmware from 5.0.x to 9.0.x and boot the above defined setup, your data is gone. It doesn't matter if you boot to recovery or system: your data is gone.
  • If you just downgrade the firmware from 9.0.x to 5.0.x on a system formated and encrypted with 9.0.x and boot, your data is gone. It doesn't matter if you boot to recovery or system: your data is gone.

To avoid this (and to be able to change between 9.0.x and 5.0.x firwmares and roms on the fly without loosing data), I've created firmware packages, which contain the complete 9.0.x firmware, but bootloader and keymaster. These are taken from OxygenOS 5.0.8.

General note: for sdcard-slot-less devices like Oneplus 3 and 3T I highly recommend a type-c usb stick for keeping backups, firmwares, roms etc.

OxygenOS
  1. flash official twrp-3.3.1-0 and reboot to recovery (you can skip this, if you already use twtp-3.3.1-0, of course - later twrp versions may also work, but twrp-3.3.1-0 has proofed to work)
  2. take a nandroid
  3. (dirty) flash OxygenOS 9.0.x rom's flashable zip
  4. without rebooting(!) flash
  5. without rebooting(!) flash twrp-3.3.1-0 again
  6. wipe cache and dalvik
  7. reboot to system and enjoy OxygenOS 9.0.x!

Custom roms
(not containing firmware - to my knowledge: all custom roms)
  1. flash the twrp, recommended for the custom rom you are going to use
  2. take a nandroid
  3. flash
  4. reboot to recovery
  5. (dirty) flash your preferred, 9.0.x firmware needing custom rom (if your rom doesn't need 9.0.x firmware, stay with 5.0.8)
  6. wipe cache and dalvik
  7. reboot to system and enjoy your custom rom

Getting selinux enforcing again

Prerequisites:
  1. your device runs 9.0.x firmware
  2. your device shows selinux is running in permissive mode or selinux is disabled

Just take a nandroid and flash the modded fw and reboot. If you get a decryption failure, format (not wipe!) data and resetup (either clean or from a nandroid).

Sidenote: keeping the 5.0.8 bootloader and keymaster is less then ideal. It's working for now - nobody knows which nice surprises future builds will have. Perhaps the future bootloaders don't require to be locked on encrypted userdata partition, which would mean we wouldn't expirience the 9.0.x-5.0.x barrier any more. If Oneplus keeps it the way it is now, a clean flash (including format and reencryption) is the way to go.

Sidenote 2 (credits: @Viper The Ripper):
To determine the currently installed fw, just look at /system/vendor/firmware_mnt/verinfo/ver_info.txt. Either in your currently run rom, or within twrp.

If you choose to check ver_info .txt in twrp firmware_mnt isn't mounted:

firmware_mnt is the modem partition. In twrp's terminal check if the modem partion is already mounted:
Code:
grep /dev/block/bootdevice/by-name/modem /proc/mounts | cut -d '  ' -f2
grep /dev/block/sde11 /proc/mounts | cut -d '  ' -f2
If one of the commands returns the mountpoint for the modem partition append /verinfo/ver_info.txt.

If no mountpoint is returned mount it manually:
Code:
mount /system #if not already mounted
mount /dev/block/bootdevice/by-name/modem /system/vendor/firmware_mnt
Check the fs layout for system as root. In twrp /system may end up as /system/system.

Now check for "Time_Stamp".

To determine the currently used bootloader (is different from "Time_Stamp" for my modded fw packages, of course!) use a rooted shell (i.e. "adb shell su -c" or the twrp terminal):
Code:
dd if=/dev/block/bootdevice/by-name/aboot | strings | grep "compiled at"
None of the above is really new. None of the above can't be found across other threads. Since it's ask over and over again, I thought it's a good idea to put it in one thread.

Alipay, WeChatpay, Soter and IFAA

The modem firmware contains some alipay* and soter* files used for Alipay and WeChatpay. Since these are suspect to be a privacy hazard, I've modified NON-HALOS.bin to not contain any of these files any more. You'll find these packages in the Firmware archive with "-no-alipay" in it's filename. For details on rom included Alipay/WeChatpay stuff see: https://forum.xda-developers.com/oneplus-3/how-to/guide-deblob-alipay-ifaa-tencent-soter-t4064893

Happy flashing!

Firmware archive
 
Last edited:

sandeep_kumar

Senior Member
Feb 21, 2017
488
127
0
Indore
The release of Oxygen OS 9.0 created so many posts regarding data loss when choosing custom ROM. You have done a great job in saving the future posts regarding the firmware and data loss. Thanks buddy.
 
  • Like
Reactions: nvertigo67

dapezzz

Senior Member
Jan 21, 2008
58
7
28
Many thanks for this tutorial, worked flawlessly !
(coming from stock 5.0.3 with unlocked bootloader).

Currently testing this Pie build, seems to work without any problem and smoothly.... have to wait few days to confirm about battery drainage :)

I have a question : if a new 9.0.4 build is provided, will we have to repeat this procedure with the new flashable zip ?

Thank you !
 
  • Like
Reactions: nvertigo67

nvertigo67

Senior Member
Dec 28, 2011
5,937
12,143
253
I have a question : if a new 9.0.4 build is provided, will we have to repeat this procedure with the new flashable zip ?

Thank you !
Yes. You want to keep 5.0.8 bootloader and keymaster.

Sidenote #1: keeping the 5.0.8 bootloader and keymaster is less then ideal. It's working for 9.0.2 and 9.0.3 - nobody knows which nice surprises 9.0.4 will have. Perhaps the 9.0.4 bootloader doesn't require to be locked on encrypted userdata partition, which would mean we wouldn't expirience the 9.0.x-5.0.x barrier any more. If Oneplus keeps it the way it is now, a clean flash (including format and reencryption) is the way to go.

Sidenote #2: I'll add sidenote #1 to OP. :)
 

jesrani

Senior Member
Mar 29, 2011
1,002
73
68
Mumbai
I am on OOs 5.0.4 with BluSpark TWRP, unlocked bootloader, rooted with Magisk and encrypted.
If i follow your method, can i upgrade without losing data? Or is a clean flash recommended?
Will the root and encryption remain after upgrade?
In the 9.0.3 thread there are many issues with this version. Is it better to wait for the next version?

Sent from my ONEPLUS A3003 using Tapatalk
 

nvertigo67

Senior Member
Dec 28, 2011
5,937
12,143
253
I am on OOs 5.0.4 with BluSpark TWRP, unlocked bootloader, rooted with Magisk and encrypted.
If i follow your method, can i upgrade without losing data? Or is a clean flash recommended?
Will the root and encryption remain after upgrade?
Reread the OP, please. All of the above questions has been already answered in OP.

In the 9.0.3 thread there are many issues with this version. Is it better to wait for the next version?

Sent from my ONEPLUS A3003 using Tapatalk
Which issues are you refering to? Which version are you refering to - oos or this package?

For the first: As clearly stated in OP: I don't know.

If the latter: the derp in packaging oxygenos-9.0.3-bl-km-5.0.8-firmware-3T.zip has been fixed within <12h after the issue report.
 

jesrani

Senior Member
Mar 29, 2011
1,002
73
68
Mumbai
Reread the OP, please. All of the above questions has been already answered in OP.







Which issues are you refering to? Which version are you refering to - oos or this package?



For the first: As clearly stated in OP: I don't know.



If the latter: the derp in packaging oxygenos-9.0.3-bl-km-5.0.8-firmware-3T.zip has been fixed within <12h after the issue report.
Maybe it's there in OP but i couldn't understand. I don't know what is keymaster. As per point 2, this solution is for 5.0.8 unlocked bootloader but I am on 5.0.4.
Hence I am asking. Hope you can answer my query since I am not so technical and don't understand in depth.
Also, as I understand, this procedure is for wanting to dirty flash from 5.0.x to 9.0.x. If I want to clean flash, then should I follow 9.0.3 thread?
By issues I meant the various problems reported by users in the 9.0.3 thread. Is that because of improper flashing and whether using the OP procedure ensures trouble free 9.0.3 or is 9.0.3 still work in progress in which case is it better to wait for next version?

Sent from my ONEPLUS A3003 using Tapatalk
 

nvertigo67

Senior Member
Dec 28, 2011
5,937
12,143
253
Maybe it's there in OP but i couldn't understand. I don't know what is keymaster. As per point 2, this solution is for 5.0.8 unlocked bootloader but I am on 5.0.4.
I am on OOs 5.0.4 with BluSpark TWRP, unlocked bootloader, rooted with Magisk and encrypted. If i follow your method, can i upgrade without losing data?
This is answered in the OP by the bold first line:

9.0.x Firmware update without loosing data
Or is a clean flash recommended?
This is answered in OP. The recommended procedure for using the fw package for OOS, is:

OxygenOS
  1. flash official twrp-3.3.1-0 and reboot to recovery (you can skip this, if you already use twtp-3.3.1-0, of course)
  2. take a nandroid
  3. (dirty) flash OxygenOS 9.0.x rom's flashable zip
  4. without rebooting(!) flash
  5. without rebooting(!) flash twrp-3.3.1-0 again
  6. wipe cache and dalvik
  7. reboot to system and enjoy OxygenOS 9.0.x!
As you can see, dirty flashing is part of the recommended procedure.

Will the root and encryption remain after upgrade?
You can always relash a root package (if root persists depwnds on the support of the rom for addon.d, not on this package). The OP clearly states, that data persists. Since the encryption is unrevertable (you can only format to get rid of the encryption, persisting data on an encrypted partition implies that the encryption persists.

Also, as I understand, this procedure is for wanting to dirty flash from 5.0.x to 9.0.x. If I want to clean flash, then should I follow 9.0.3 thread?
This is not the purpose of this package, but you can clean flash, of course. If you want to cleanflash anyway, you may want to consider, formating the complete data partition. It's not much more effort. But as stated: it will work.

By issues I meant the various problems reported by users in the 9.0.3 thread. Is that because of improper flashing and whether using the OP procedure ensures trouble free 9.0.3 or is 9.0.3 still work in progress in which case is it better to wait for next version?
If you mean OxygenOS (and not fw packages) when just mentioning 9.0.3.: I don't know. I'm not involved in Oneplus' development.

Most of the problems with the fw update is a lack of reading, a lack of thinking or a combination of both.

Keymaster is a part of the firmware uswd for (among other functions) for encryption.

I hope all your questions are answered now.
 
Last edited:

jesrani

Senior Member
Mar 29, 2011
1,002
73
68
Mumbai
This is answered in the OP by the bold first line:





This is answered in OP. The recommended procedure for using the fw package for OOS, is:



As you can see, dirty flashing is part of the recommended procedure.



You can always relash a root package (if root persists depwnds on the support of the rom for addon.d, not on this package). The OP clearly states, that data persists. Since the encryption is unrevertable (you can only format to get rid of the encryption, persisting data on an encrypted partition implies that the encryption persists.



This is not the purpose of this package, but you can clean flash, of course. If you want to cleanflash anyway, you may want to consider, formating the complete data partition. It's not much more effort. But as stated: it will work.



If you mean OxygenOS (and not fw packages) when just mentioning 9.0.3.: I don't know. I'm not involved in Oneplus' development.

Most of the problems with the fw update is a lack of reading, a lack of thinking or a combination of both.

Keymaster is a part of the firmware uswd for (among other functions) for encryption.

I hope all your questions are answered now.
Thank you so much for the detailed answers. It is very helpful.

Sent from my ONEPLUS A3003 using Tapatalk
 

ciarpame

Senior Member
Apr 21, 2011
235
103
73
Great workaround to this annoying firmware upgrade issue, for me is good to go until Android Q (provided the trick continues to work for future updates) so I can avoid clean flashing for a while longer (just changed car tires, by the way).
I just wonder about step 4 in "custom ROM" guide section: I followed the instruction to the letter (and now I'm running LOS16 latest build without issues) but usually I never reboot between firmware flashing and ROM flashing, should I?
 
Last edited:

nvertigo67

Senior Member
Dec 28, 2011
5,937
12,143
253
Great workaround to this annoying firmware upgrade issue, for me is good to go until Android Q (provided the trick continues to work for future updates) so I can avoid clean flashing for a while longer (just changed car tires, by the way).
I just wonder about step 4 in "custom ROM" guide section: I followed the instruction to the letter (and now I'm running LOS16 latest build without issues) but usually I never reboot between firmware flashing and ROM flashing, should I?
It surely doesn't hurt to ensure that twrp has been booted with the fw you want to use with the rom. You also verify that data is still decrybtable.

In other words: being paranoid, doesn't mean they arn't behind me... (there's intentionaly no emoji at this point).
 

nvertigo67

Senior Member
Dec 28, 2011
5,937
12,143
253
Last edited:

Dirk

Senior Member
May 11, 2009
12,424
3,808
0
I've updated the modded fw for op3t to 9.0.4:
oxygenos-9.0.4-bl-km-5.0.8-firmware-3T.zip

As soon as the zip for op3 is available I'll update the modded fw for op3, too. I'll update OP, when the modded fw for op3 is available.

I've updated the modded fw for op3 to 9.0.4:
oxygenos-9.0.4-bl-km-5.0.8-firmware-3.zip

Happy flashing!

Do you foresee any issues using 9.0.4 on ROMs that are using 9.0.3 Blobs? (There probably aren't any changes in the Firmware itself anyway, are there?)
 

nvertigo67

Senior Member
Dec 28, 2011
5,937
12,143
253
Do you foresee any issues using 9.0.4 on ROMs that are using 9.0.3 Blobs? (There probably aren't any changes in the Firmware itself anyway, are there?)
I don't know WHAT is changed (maybe just the build date time stamp) due to no access to the soirces, but I'm sure somethimg HAS changed:
Code:
[email protected] /usr/local/src/oxygenos $ git diff 9.0.3 9.0.4 -- firmware-update/
diff --git a/firmware-update/BTFM.bin b/firmware-update/BTFM.bin
index a75db126..3ecb64e1 100644
Binary files a/firmware-update/BTFM.bin and b/firmware-update/BTFM.bin differ
diff --git a/firmware-update/NON-HLOS.bin b/firmware-update/NON-HLOS.bin
index 7b8ded82..272ef271 100644
Binary files a/firmware-update/NON-HLOS.bin and b/firmware-update/NON-HLOS.bin differ
diff --git a/firmware-update/cmnlib.mbn b/firmware-update/cmnlib.mbn
index 740a0478..39b6e350 100644
Binary files a/firmware-update/cmnlib.mbn and b/firmware-update/cmnlib.mbn differ
diff --git a/firmware-update/cmnlib64.mbn b/firmware-update/cmnlib64.mbn
index 256c1eaf..dcd705e9 100644
Binary files a/firmware-update/cmnlib64.mbn and b/firmware-update/cmnlib64.mbn differ
diff --git a/firmware-update/devcfg.mbn b/firmware-update/devcfg.mbn
index 124f6cb5..b8ea852d 100644
Binary files a/firmware-update/devcfg.mbn and b/firmware-update/devcfg.mbn differ
diff --git a/firmware-update/emmc_appsboot.mbn b/firmware-update/emmc_appsboot.mbn
index 98460cb5..e029c6d8 100644
Binary files a/firmware-update/emmc_appsboot.mbn and b/firmware-update/emmc_appsboot.mbn differ
diff --git a/firmware-update/hyp.mbn b/firmware-update/hyp.mbn
index 46861424..a79840f9 100644
Binary files a/firmware-update/hyp.mbn and b/firmware-update/hyp.mbn differ
diff --git a/firmware-update/keymaster.mbn b/firmware-update/keymaster.mbn
index 6f56fa42..9be2c8d1 100644
Binary files a/firmware-update/keymaster.mbn and b/firmware-update/keymaster.mbn differ
diff --git a/firmware-update/pmic.elf b/firmware-update/pmic.elf
index 98e3814e..4761a34d 100644
Binary files a/firmware-update/pmic.elf and b/firmware-update/pmic.elf differ
diff --git a/firmware-update/rpm.mbn b/firmware-update/rpm.mbn
index f7a58c5e..2be70998 100644
Binary files a/firmware-update/rpm.mbn and b/firmware-update/rpm.mbn differ
diff --git a/firmware-update/tz.mbn b/firmware-update/tz.mbn
index 2ef84924..16180da2 100644
Binary files a/firmware-update/tz.mbn and b/firmware-update/tz.mbn differ
diff --git a/firmware-update/xbl.elf b/firmware-update/xbl.elf
index cd7dab31..7dd92bd4 100644
Binary files a/firmware-update/xbl.elf and b/firmware-update/xbl.elf differ
[email protected] /usr/local/src/oxygenos $
 

Dirk

Senior Member
May 11, 2009
12,424
3,808
0
I don't know WHAT is changed (maybe just the build date time stamp) due to no access to the soirces, but I'm sure somethimg HAS changed:
Code:
[email protected] /usr/local/src/oxygenos $ git diff 9.0.3 9.0.4 -- firmware-update/
diff --git a/firmware-update/BTFM.bin b/firmware-update/BTFM.bin
index a75db126..3ecb64e1 100644
Binary files a/firmware-update/BTFM.bin and b/firmware-update/BTFM.bin differ
diff --git a/firmware-update/NON-HLOS.bin b/firmware-update/NON-HLOS.bin
index 7b8ded82..272ef271 100644
Binary files a/firmware-update/NON-HLOS.bin and b/firmware-update/NON-HLOS.bin differ
diff --git a/firmware-update/cmnlib.mbn b/firmware-update/cmnlib.mbn
index 740a0478..39b6e350 100644
Binary files a/firmware-update/cmnlib.mbn and b/firmware-update/cmnlib.mbn differ
diff --git a/firmware-update/cmnlib64.mbn b/firmware-update/cmnlib64.mbn
index 256c1eaf..dcd705e9 100644
Binary files a/firmware-update/cmnlib64.mbn and b/firmware-update/cmnlib64.mbn differ
diff --git a/firmware-update/devcfg.mbn b/firmware-update/devcfg.mbn
index 124f6cb5..b8ea852d 100644
Binary files a/firmware-update/devcfg.mbn and b/firmware-update/devcfg.mbn differ
diff --git a/firmware-update/emmc_appsboot.mbn b/firmware-update/emmc_appsboot.mbn
index 98460cb5..e029c6d8 100644
Binary files a/firmware-update/emmc_appsboot.mbn and b/firmware-update/emmc_appsboot.mbn differ
diff --git a/firmware-update/hyp.mbn b/firmware-update/hyp.mbn
index 46861424..a79840f9 100644
Binary files a/firmware-update/hyp.mbn and b/firmware-update/hyp.mbn differ
diff --git a/firmware-update/keymaster.mbn b/firmware-update/keymaster.mbn
index 6f56fa42..9be2c8d1 100644
Binary files a/firmware-update/keymaster.mbn and b/firmware-update/keymaster.mbn differ
diff --git a/firmware-update/pmic.elf b/firmware-update/pmic.elf
index 98e3814e..4761a34d 100644
Binary files a/firmware-update/pmic.elf and b/firmware-update/pmic.elf differ
diff --git a/firmware-update/rpm.mbn b/firmware-update/rpm.mbn
index f7a58c5e..2be70998 100644
Binary files a/firmware-update/rpm.mbn and b/firmware-update/rpm.mbn differ
diff --git a/firmware-update/tz.mbn b/firmware-update/tz.mbn
index 2ef84924..16180da2 100644
Binary files a/firmware-update/tz.mbn and b/firmware-update/tz.mbn differ
diff --git a/firmware-update/xbl.elf b/firmware-update/xbl.elf
index cd7dab31..7dd92bd4 100644
Binary files a/firmware-update/xbl.elf and b/firmware-update/xbl.elf differ
[email protected] /usr/local/src/oxygenos $
In that case we'll have to wait and see what, if anything, the official firmware breaks/fixes on custom ROMs. (Providing anyone is brave enough to try it). :)

Thanks for keeping this updated. I believe i will be using it when/if our time comes on crDroid.
 
  • Like
Reactions: nvertigo67

nvertigo67

Senior Member
Dec 28, 2011
5,937
12,143
253
In that case we'll have to wait and see what, if anything, the official firmware breaks/fixes on custom ROMs. (Providing anyone is brave enough to try it). :)

Thanks for keeping this updated. I believe i will be using it when/if our time comes on crDroid.
Honestly, I don't belive it will be "fixed": if they revert the changes forcing a locked bootloader or a reformat, would mean that everybody who has changed to the stock fw (with reformating) would need to do the same again.

Also: the pic of the updater app here: https://forum.xda-developers.com/showpost.php?p=79818899&postcount=1427 suggests, that the OnePlus devs arn't really knowing how to fix... ;)

"As of now, we don't know, if decryption issue of /data partition that was present on OOS 9.0.2 for users with unlocked bootloader has been fixed. [...]"

For the changed kernel command line forcing selinux to permissive even with bl locked, the OnePlus devs do not even know about...

Just some thoughts...
 

Dirk

Senior Member
May 11, 2009
12,424
3,808
0
@Dirk:

I've added the selinux issues to OP. Would you check that part for consistence, please?

I've also changed the threads title - thanx for that idea!
Like the title update. :D

We originally assumed that running unencrypted meant there would be no problems using official firmware and your modified firmware wouldn't be needed in those cases. Now we know that that's not always the case.

Conversely there's been no reports of anyone having any problems using the modified firmware. Whether encrypted, unencrypted, dirty flash, clean flash. As far as i'm concerned the modified firmware is the only one that should be used under any circumstance (on ROMs that require it).

Anyone still on a 5.0.8 setup can flash the modified firmware, and continue dirty flashing LOS/Based ROMs without having to worry about issues. It doesn't get easier than that!

Anyone who uses the official firmware is taking a gamble right now. You might get away with no issues. You might run into 'selinux permissive', or other problems. The information in the OP should be enough for anyone to recover to a working state. A clean install using the modified firmware as a last resort is at least, foolproof and working properly.
 

Scorpion70

Senior Member
Feb 28, 2016
227
37
0
Hi,
I'm on havoc 2.6 with 5.0.8 firmware and decrypted (3t). i wanna clean flash latest havoc with latest firmware. should i flash normal 9.0.4 firmware or modded 9.0.4 firmware?