How To Guide [GUIDE][REALME 8i][NARZO 50] Unlock Bootloader Flash TWRP and Root [RMX3151][RMX3286]

Search This thread
By:
Advanced…
pritish1998

pritish1998

Senior Member
Apr 30, 2016
393
412
IIT Dhanbad
pritish.stag-os.org
Moto G 2015
Asus ZenFone Max Pro M1
LuziferLess said:
so ummm, my phones on a36, what do i do?
Click to expand...
Click to collapse
You can pull your boot image easily,

In mtkclient folder run this

Code: 
python mtk r boot,vbmeta boot.img,vbmeta.img

While in brom mode...

Boot.img will be generated on the mtkclient directory

After that install the magisk apk given in the post above and patch your extracted boot image

Then rename the patched boot image to boot.patched and then flash it as mentioned in the post
 
xAlhanz04

xAlhanz04

Member
Apr 5, 2019
25
4
City of Nowhere :>
When I execute the cmd "python mtk da seccfg unlock" it will show this error, I did wipe using the mtk cmd twice but still not working. Running on A36 btw.
1643011133005.png


I'm having issues on camera, it crashes when I'm trying to open it. Is there any fix for this?
 
Last edited:
LuziferLess

LuziferLess

Member
Jan 23, 2022
5
1
Realme 8i
hey uh... so ive unlocked the bootloader and i was trying to root the phone, but the boot.patched file doesn't seem to be writing when i type python mtk w boot,vbmeta boot.patched,vbmeta.img.empty, it does everything right just before writing the boot.patched file, it looks like it just stopped writing. although the vbmeta file does seem to write properly. anyways im attaching a screenshot of the command line.


Screenshot 2022-01-24 160411.png
 
LuziferLess

LuziferLess

Member
Jan 23, 2022
5
1
Realme 8i
LuziferLess said:
hey uh... so ive unlocked the bootloader and i was trying to root the phone, but the boot.patched file doesn't seem to be writing when i type python mtk w boot,vbmeta boot.patched,vbmeta.img.empty, it does everything right just before writing the boot.patched file, it looks like it just stopped writing. although the vbmeta file does seem to write properly. anyways im attaching a screenshot of the command line.


View attachment 5517227
Click to expand...
Click to collapse
okay nvm, i repatched the boot file with magisk and tried again, it worked. seems like the file had some issues when being copied to the pc and it showed the file size as 0kb.
 
1

17721

Member
Sep 4, 2021
5
1
Can somebody explain how to install new OTA updates with a rooted phone?

Preferably in a step-by-step manner, just like in the first post here, because I'm not a tech-savvy person. Also, as far as I understand, everything are going to be erased when a new update will be installed, right?

Thanks!
 
V

vladfeofilov3151

New member
Feb 9, 2022
2
0
17721 said:
Может-нибудь объяснить, как установить новые OTA-обновления на рутированном телефоне?

Желательно пошагово, как в первом посте здесь, т.к. я не технический подкованный человек. Насколько я понимаю, все сотрется, когда будет установлено новое обновление, верно?

Спасибо!
Click to expand...
Click to collapse
https://4pda.to/forum/index.php?showtopic=1033761&view=findpost&p=113160731 look at this thread it's all there
 
D

DaLiV

Senior Member
Apr 17, 2007
93
5
Samsung Galaxy Note GT-N7000
Samsung Galaxy Note 4
vladfeofilov3151 said:
https://4pda.to/forum/index.php?showtopic=1033761&view=findpost&p=113160731 look at this thread it's all there
Click to expand...
Click to collapse
some words lead to "not an OTA" ... as "далее вайпы, формат дата" means Wipe+Format ... and that is new install procedure instead of update ... please don't point peoples to that they not want to do ...

OTA is not possible for rooted as they're is already changed and therefore can say have some sort of "custom" firmware ...

possible even can try to flash via tool only latest super ... but for sure - need back up ALL before begin, as in case that works not - you will want to restore normal state and not have one end with cleaned up phone ...

hovewer can make backup apps and datas inplace to SD (titanium/alfabackup/and so on) ... and restore with them afterwars ... possible ... but may be not all apps (like banking) will be restored (as they can tend to stick for some specific additional system datas, that will be touched by provided guide )
otherwise you will be on latest update...

if that possible to manage to download OTA update package ... then exist possibility to feed that to the updater ...
 
Last edited:
F-Google

F-Google

Member
Jan 13, 2022
16
1
Xiaomi Poco F3
when i enter this command "python mtk e metadata,userdata,md_udc" and i enter brom mode it shows it :

MTK Flash/Exploit Client V1.52 (c) B.Kerler 2018-2021

Preloader - Status: Waiting for PreLoader VCOM, please connect mobile

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.


...Port - Device detected :)
Preloader - CPU: MT6781(Helio A22)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x200000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x1066
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: B192BEE94D9B21021966AF44D1AEFC09
PLTools - Loading payload from generic_patcher_payload.bin, 0x568 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Traceback (most recent call last):
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtk", line 1843, in <module>
mtk = Main(args).run()
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtk", line 649, in run
mtk = mtk.bypass_security()
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtk", line 239, in bypass_security
if plt.runpayload(filename=self.config.payloadfile):
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtkclient\Library\pltools.py", line 100, in runpayload
if self.kama.payload(payload, addr, True, exploittype):
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtkclient\Library\kamakiri.py", line 134, in payload
if self.exploit2(payload, addr):
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtkclient\Library\kamakiri.py", line 113, in exploit2
ptr_send = unpack("<I", self.da_read(self.mtk.config.chipconfig.send_ptr[0][1], 4))[0] + 8
TypeError: 'NoneType' object is not subscriptable
 
pritish1998

pritish1998

Senior Member
Apr 30, 2016
393
412
IIT Dhanbad
pritish.stag-os.org
Moto G 2015
Asus ZenFone Max Pro M1
F-Google said:
when i enter this command "python mtk e metadata,userdata,md_udc" and i enter brom mode it shows it :

MTK Flash/Exploit Client V1.52 (c) B.Kerler 2018-2021

Preloader - Status: Waiting for PreLoader VCOM, please connect mobile

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.


...Port - Device detected :)
Preloader - CPU: MT6781(Helio A22)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x200000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x1066
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: B192BEE94D9B21021966AF44D1AEFC09
PLTools - Loading payload from generic_patcher_payload.bin, 0x568 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Traceback (most recent call last):
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtk", line 1843, in <module>
mtk = Main(args).run()
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtk", line 649, in run
mtk = mtk.bypass_security()
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtk", line 239, in bypass_security
if plt.runpayload(filename=self.config.payloadfile):
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtkclient\Library\pltools.py", line 100, in runpayload
if self.kama.payload(payload, addr, True, exploittype):
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtkclient\Library\kamakiri.py", line 134, in payload
if self.exploit2(payload, addr):
File "C:\Users\Kany2\Pictures\Realme 8i\mtkclient-main\mtkclient\Library\kamakiri.py", line 113, in exploit2
ptr_send = unpack("<I", self.da_read(self.mtk.config.chipconfig.send_ptr[0][1], 4))[0] + 8
TypeError: 'NoneType' object is not subscriptable
Click to expand...
Click to collapse
Do you have all the requirements mentioned in the post...first install those
 
JajoriaXD

JajoriaXD

New member
Mar 19, 2022
3
0
pritish1998 said:
  • Now type python mtk e metadata,userdata,md_udc hit enter - This command wipes data
  • Then power off your phone and hold both volume buttons and connect usb cable (DON'T LEAVE THE BUTTONS, KEEP THEM HOLDING THROUGHOUT THE PROCESS) - This boots device into BROM mode
Click to expand...
Click to collapse
When i was doing, USB Cable accidently disconnected now phone is not booting up and while connecting to pc it shows "USB Device not recognised" . Please help me :(
 
Last edited:
pritish1998

pritish1998

Senior Member
Apr 30, 2016
393
412
IIT Dhanbad
pritish.stag-os.org
Moto G 2015
Asus ZenFone Max Pro M1
Kombre212 said:
@pritish1998 have been searching this since yesterday, thanks. Anyway, does it works for any firmware versions? Mine is A.40.
Click to expand...
Click to collapse
Yes you have to pull your boot image first and patch it
Pulling boot image via mtkclient

Code: 
python mtk r boot,vbmeta boot.img vbmeta.img

After pulling the boot image patch it with the magisk apk given in the post

After patching the patched boot image will be in your phones download folder, rename that to boot.patched and flash with mtkclient as mentioned in the post 👍🏻
 
R

reignjoseph

Member
Apr 4, 2022
6
0
Help, after I root my Realme 8i , I cant enter in Recovery Mode it says (the serial is not match, fastboot_unlock_verify fail), Please help
 
Last edited:
You must log in or register to reply here.

Similar threads

pritish1998
How To Guide [GUIDE][UNBRICK] Realme 8i/Narzo 50 Unbrick Free without Auth [RMX3151][RMX3286]
Replies
72
Views
10K
aadarsh.maurya12
aadarsh.maurya12
pritish1998
Development [TWRP][OFFICIAL][spaced] Realme 8i/Narzo 50 TWRP Recovery
Replies
14
Views
5K
pritish1998
pritish1998
pritish1998
Development [ROM][11.0][12.0][RMX3151][RMX3286] Pixel Experience [UNOFFICIAL][AOSP]
Replies
18
Views
6K
X Λ N Ξ
X Λ N Ξ
pritish1998
Development [ROM][12.0][RMX3151][RMX3286] Project Radiant [UNOFFICIAL][AOSP]
Replies
6
Views
2K
ArkQuark
ArkQuark
pritish1998
Development [ROM][11.0] Lineage OS Fan Edition [RMX3151][RMX3286]
Replies
10
Views
3K
Anton-V-K
Anton-V-K

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 10
    pritish1998
    pritish1998
    Hi Guys!

    Since there is no deeptest.apk available for our device to unlock bootloader, we came up with another method to unlock bootloader unofficially!

    In this guide I'll tell you how to unlock bootloader, root with magisk and flash TWRP on your Realme 8i/Narzo 50 (RMX3151/RMX3286)

    Code: 
    /*
* This Guide is tested and working
* However I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about unlocking and flashing TWRP
* before flashing it! YOU are choosing to make these modifications.
*/


    1. UNLOCKING BOOTLOADER:

    Requirements
    • PC or Laptop
    • Internet connection
    • Realme 8i/Narzo 50
    • USB cable
    • Working Brain
    • Take a backup of your data since it'll be wiped
    • Go to About phone > Version and tap build number 7 times
    • Go to Settings > advanced settings > Developer options and turn on OEM unlocking and USB debugging
    STEPS
    • Install Python from windows store
    • Install USBDk
    • Download this and extract : https://github.com/bkerler/mtkclient/archive/refs/heads/main.zip
    • Download vbmeta and patched boot image (Download for your respective version) in copy to the mtkclient-main folder
    • Now open command prompt or powershell in that folder
    • Screenshot (58).png
    • Now type pip3 install -r requirements.txt and hit enter
    • Now type python mtk e metadata,userdata,md_udc hit enter - This command wipes data
    • Then power off your phone and hold both volume buttons and connect usb cable (DON'T LEAVE THE BUTTONS, KEEP THEM HOLDING THROUGHOUT THE PROCESS) - This boots device into BROM mode
    • Now type python mtk da seccfg unlock This will unlock the bootloader (If you face waiting for device issue then unplug the device and plug in the device again with holding volume buttons, also don't leave the buttons)
    • IMG_20211201_212023_350.jpg
    • After this unplug your phone and turn it on (It'll show your device dm verity corrupted and first boot might take 20-25 mins, don't panic)
    • Now your bootloader is unlocked
    • 20211201_213428.jpg
    • Due to realme's limitations you still can't access fastboot after unlocking via this method
    2. ROOTING YOUR DEVICE:
    • Install This Magisk apk
    • Now in pc type python mtk w boot,vbmeta boot.patched,vbmeta.img.empty hit enter
    • Then power off your phone and connect usb while holding both volume buttons (and don't leave them)
    • IMG_20211201_213448_962 (2).jpg
    • Now disconnect and reboot phone
    • Now open magisk
    • IMG_20211201_213458_216.jpg
      IMG_20211201_213500_384.jpg

    3. FLASHING TWRP RECOVERY:
    • Download TWRP - From here
    • Download and install Flashify app
    • Open Flashify and grant root permission
    • Select Recovery image and install the twrp you have downloaded
    • IMG_20211201_220206_593.jpg
    • After flashing is done click reboot now or you can reboot to recovery via magisk app
    • IMG_20211201_221211_553.jpg
    "Congrats Now we have working TWRP in our Realme 8i/Narzo 50"

    Credits:

    1. Me (@pritish1998) for TWRP, Unlock and Flashing guide
    2. B Kerler fot MTKClient
    3. Rohit for testing
    Stock boot Images (to revert root)

    If you face any issues contact me here
    View
    2
    C
    Charlie-117
    Thanks for the detailed guide, hope we get kernel sources soon.. 🤞
    View
    2
    SubwayChamp
    SubwayChamp
    sany.svenson said:
    Добрый вечер.А как теперь заблокировать загрузчик,подскажите пожалуйста.
    Click to expand...
    Click to collapse
    English is required, you can use your native language too, adding it to your post.

    Inside the tool is provided a README.md file with basic instructions and usage. To relock bootloader you can use python mtk xflash seccfg lock just be careful to not relock it while running custom binaries, you have to return completely back to stock prior to do that.
    View
    2
    pritish1998
    pritish1998
    HridayKrishna said:
    After successfully unlocking the bootloader my phone got stuck on boot......idk what is it called,bootloop maybe....Help me plz
    Click to expand...
    Click to collapse
    In brom mode use this command
    Code: 
    python mtk e metadata,userdata,md_udc
    To format data then reboot
    View
    1
    LuziferLess
    LuziferLess
    lanztotot said:
    hello good day .. how do i know if im running A20 A30 or A35 ? thankyou
    Click to expand...
    Click to collapse
    settings -> about phone -> version

    and u should see your realme ui version under "Version"

    edit: it was under "Build number". sorry.
    View

New posts