Magisk on G7 Play XT1952-4 Installed Succesfully

Search This thread
By:
Advanced…
P

pbarrette

Senior Member
Aug 7, 2012
267
361
Alabama
coderasm said:
Do you guys know if this solution will work for CHANNEL_T_QPY30.85_18_9_cid21_subsidy_MPCS_RSU_QCOM_regulatory_XT1952_6_CFC.xml?
When I use MagiskManager 8.0.7 I get a patched image around 17.6mb. I can successfully flash it. When I reboot and get to the lock screen I am unable to swipe to unlock the screen. The touchscreen and fingerprint sensor are completely dead. The power and volume buttons work, but I'm essentially locked out of the phone without any touch sensors working. When I reflash the original boot.img I still have the same problem. I have to resort to a full firmware reflash to fix the problem.
Click to expand...
Hi @coderasm

I don't know.

Which boot image were you patching? The one from your firmware version or the one that M47Z uploaded? If it's M47Z's boot image, then I'm not entirely surprised there are issues since you usually can't mix and match partition images across different firmware versions.

In either case, why don't we try to find out? If you're willing to give it a shot, this boot image is pre-patched with Magisk 21.4 and is based on the MetroPCS QPY30.85_18_9 image for XT1952-6 that you mention above.

For everyone else out there, my AndroidFileHost Folder currently has Magisk infused boot images for:
magisk_patched_METROPCS_10_QPY30.85-18-9.img (Untested)
magisk_patched_RETAIL_10_QPYS30.52-22-12.img (Tested, working)
magisk_patched_RETUS_10_QPYS30.85-23-3.img (Tested, working)

Also, as a side-note, my device is the XT1952-T, T-Mobile US, Revvlry variant. I got it SIM unlocked from T-Mo, then bootloader unlocked via Motorola's website. I have installed both the RETAIL and RETUS firmware and both seem to work without issue.

The device isn't my primary device and it has a data-only SIM in it, so I can't speak to VoLTE or VoWiFi functionality.
 
C

coderasm

New member
Jan 21, 2021
3
0
pbarrette said:
Hi @coderasm

I don't know.

Which boot image were you patching? The one from your firmware version or the one that M47Z uploaded? If it's M47Z's boot image, then I'm not entirely surprised there are issues since you usually can't mix and match partition images across different firmware versions.

In either case, why don't we try to find out? If you're willing to give it a shot, this boot image is pre-patched with Magisk 21.4 and is based on the MetroPCS QPY30.85_18_9 image for XT1952-6 that you mention above.

For everyone else out there, my AndroidFileHost Folder currently has Magisk infused boot images for:
magisk_patched_METROPCS_10_QPY30.85-18-9.img (Untested)
magisk_patched_RETAIL_10_QPYS30.52-22-12.img (Tested, working)
magisk_patched_RETUS_10_QPYS30.85-23-3.img (Tested, working)

Also, as a side-note, my device is the XT1952-T, T-Mobile US, Revvlry variant. I got it SIM unlocked from T-Mo, then bootloader unlocked via Motorola's website. I have installed both the RETAIL and RETUS firmware and both seem to work without issue.

The device isn't my primary device and it has a data-only SIM in it, so I can't speak to VoLTE or VoWiFi functionality.
Click to expand...
I was patching the one from my firmware version. I made some dumb mistakes which I know better not to do now. I ended up erasing the phone's IMEI somehow and could not bring it back after flashing stock firmware. I took it to the metropcs store and played dumb like the phone stopped working for some reason and they said they would send it back to be fixed free of charge. I had flashed it back to the stock firmware and locked the bootloader again. When I get the g7 play back I will try your patched boot image. So in the meantime while I wait for the phone to come back I had to get a another phone. I ended up getting the same phone you have, the XT1952-T, T-Mobile US, Revvlry variant. How did you get the bootloader unlocked? I tried submitting the unlocker codes for my phone to the motorolla site, but it said the phone was not eligible for unlocking. Do I have to get the sim unlocked from tmobile first before getting the bootloader unlocked? Thanks for your help.
 
P

pbarrette

Senior Member
Aug 7, 2012
267
361
Alabama
Hi @coderasm,

You know that Moto keeps track of bootloader unlocks and may refuse to fix your -6, right?

I purchased my XT1952-T from a brick and mortar T-Mobile store and paid in full. I asked T-Mobile support to SIM unlock it immediately and they agreed since I was a post-paid customer with no financed devices and years of account history. Otherwise, you need to have the phone active for 30 or 45 days before they allow you to SIM unlock.

I didn't request my bootloader unlock from Motorola until months after the SIM unlock, so I don't know if there is a delay between purchasing and the IMEI becoming eligible on the Moto bootloader code site. I also don't know if you have to be SIM unlocked first, but my phone was.
 
C

coderasm

New member
Jan 21, 2021
3
0
pbarrette said:
Hi @coderasm,

You know that Moto keeps track of bootloader unlocks and may refuse to fix your -6, right?

I purchased my XT1952-T from a brick and mortar T-Mobile store and paid in full. I asked T-Mobile support to SIM unlock it immediately and they agreed since I was a post-paid customer with no financed devices and years of account history. Otherwise, you need to have the phone active for 30 or 45 days before they allow you to SIM unlock.

I didn't request my bootloader unlock from Motorola until months after the SIM unlock, so I don't know if there is a delay between purchasing and the IMEI becoming eligible on the Moto bootloader code site. I also don't know if you have to be SIM unlocked first, but my phone was.
Click to expand...
Thanks for the clarification. I didn't think about motorola keeping a log of me requesting a bootloader unlock code. Oh well, the phone was dirt cheap. I bought my revvlry from a brick and mortar store and have a years old account with metro/tmobile as well. I'll try contacting tmobile directly if the gplay doesn't pan out.
 
LuisFernando97

LuisFernando97

Member
Mar 7, 2021
5
1
@daftshanks Good evening friend, I hope you are having an excellent weekend. I strongly ask you on behalf of all the users who have this particular device and model to update or make a new post about Android 10 with Magisk very kindly and thank you very much in advance.
 
  • Like
Reactions: €D.
M

motog7playtest

New member
Apr 17, 2021
1
0
Lurking but never posted.

I have two identical Moto G7 Play XT1952-6 (Apparently MetroPCS)
Magisk working on one, and not the other.

Device #1:
BL: MBM-2.1-channel_t-272b230-190614
Magisk adb sideload via twrp worked.
Sequence approx.: TWRP > LOS > TWRP > Magisk adb sideload

Device #2:
BL: MBM-2.1-channel_t-9edb71e-190923
Magisk did NOT work using adb sideload via twrp

I also tried many other variations, wipe everything, Magisk first, last, using LineageOS recovery, TWRP, etc on the second Moto G7 Play, but I have not be able to get Magisk to work. The first one worked relatively easily (but I have done so many tests, that I don't specifically remember the sequence that worked)

Posting this in case it might be of use to someone. I will try updating the bootloader once I am certain that I won't mess anything up since, I don't really need to root, just doing it more for the learning/research/experimentation.

Magisk 22.1
LineageOS 18.1 up to date
LineageOS recovery subsequently replaced by TWRP
adb and fastboot from linux

Specific actions/commands in sequence (approx??):
UI: Android debug activate
adb reboot bootloader
fastboot oem get_unlock_data
fastboot oem unlock XXX......
fastboot reboot
UI: Android OEM unlock
adb reboot bootloader
fastboot boot twrp-3.5.2_10-0-channel.img
adb sideload lineage-18.1-20210411-nightly-channel-signed.zip
adb reboot system
UI: Android debug activate
adb reboot recovery
adb sideload twrp-installer-3.5.2_10-0-channel.zip
adb reboot recovery
adb sideload Magisk-v22.1.zip
adb reboot system

Android rooted, confirmed by Magisk app in LOS
 
You must log in or register to reply here.

Similar threads

F
GSI in G7 Play XT1952-2
Replies
8
Views
4K
F
filipedonato
Q
Moto G7 Play (XT1952-1) Stock QPYS30.52-22-2 (Android 10) with Magisk v20.4
Replies
3
Views
846
sd_shadow
sd_shadow
Viva La Android
[GUIDE][xt1952-4] Cellular Data on Sprint Compatible Moto G7 Play with GSI ROMs
Replies
57
Views
5K
Viva La Android
Viva La Android
L
How To Successfully Install Twrp For G7 Play
Replies
90
Views
20K
€D.
L
How to Install Android 10 successfully on Your Moto G7 play
Replies
51
Views
15K
LuisFernando97
LuisFernando97

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 11
    D
    daftshanks
    Magisk on G7 Play XT1952-4 Installed Succesfully

    (Just a heads up. I have never posted to XDA before but have lurked on here for years. I don't have enough posts to post it in the Dev section. So I apologize if my post format is bad. But I will do my best. Hopefully I am not reporting old news, I've been waiting a few months to finally get Magisk to work on this phone.)

    I do not take responsibility if you brick your phone doing this. So do it at your own risk.

    Google Drive folder link with all files at the bottom of this post with screenshots as well

    Install:

    • Firmware used during this is PPY29.105_160 (Firmware included in GDrive folder)
    • BOOTLOADER HAS TO BE UNLOCKED ON YOUR PHONE
    • I suggest you to backup and factory reset your phone before doing this.
    • If you're already on this firmware, then I have placed both the stock boot.img and the magisk_patched.img separate as well so you don't have to unzip the full firmware. I haven't tried this with other models of this phone or firmwares. Upgrade to this firmware if on an older version. Multiple ways to do so I'm sure you can figure it out :)
    • Copy the boot.img to your phones storage
    • Install Magisk Manager 7.3.4 aka 239 (APK in GDrive folder). Make sure all 3 options are checked in advanced settings in Magisk. Click install on Magisk and patch the file and locate it on your phone.
    • Place the patched.img in your ADB folder. Reboot into fastboot. I used CMD in Windows so I ran the following "fastboot flash boot magisk_patched.img"
    • Toggle up to Boot Recovery
    • Please Note. When I did the following. For some reason I was unable to get to the stock recovery after doing this. If I remove modules and reboot the phone Magisk is "not installed" however if you reboot the phone and go into Fastboot mode and then select the option of boot to recovery, it boots the phone normal with magisk enabled??? :confused. Eh at this point I'm just glad to have Magisk installed on this phone finally lol. I'm sure you can find the answer in the Magisk in Recovery section here
    • Magisk should be installed now after booting up. Check Magisk Manager to verify.


    Notes:

    • I tried to install one module just to verify it wasn't a fluke and I was able to do so successfully
    • Once again I apologize if this post is unorganized or anything. Running on little sleep
    • I will do my best to answer any questions you might have from my experience when I am able to.

    GOOGLE DRIVE FOLDER LINK
    View
    2
    P
    pbarrette
    So ... I dug a bit deeper into what was going on.

    It turns out that because our device is 32bit, it uses an older kernel zImage format despite using A/B partitions and newer the Two-Stage-Init, System-As-Root boot process.

    That zImage format looks like: "Header" -> "zImage" -> "Footer"

    The header consists of a binary loader that is used to both decompress the gzip'ed image and boot the kernel, as well as a listing of offsets within the file to other important bits like the signature and Device Tree Blob, or (DTB).

    Once you decompress the actual zImage and patch it, there's no guarantee that it will re-compress back down to the exact size of the previous one.
    If it's not the same size, then all the offsets to the other bits of the boot image get out of sync.
    On top of that, topjohnwu says that it's too difficult to generically fix up the offsets across all the phones that might use this scheme, so he's not going to fix it.

    Apparently, someone put in a bug report for the G7 Play before, and that was closed over a year ago for basically the same reason.

    So I decided, why not try to get the re-compressed zImage to exactly match the original and see what happens.

    To do this I used:
    Android Image Kitchen by @osm0sis
    A capable hex editor
    7zip

    I started by unpacking the boot.img with AIK.
    I then used my hex editor to extract the gzip'ed kernel.

    You can usually recognize a gzip file because it starts with 0x1F8B08.
    Finding the end of the gzip file is a bit more tricky, since AFAIK, they don't all end the same way. You could likely parse the offset out of the gzip header, but for me it was just faster to look for a likely end of the file, extract to that point, then test it with 7zip. Once you get no errors out of 7zip, you've found the end.

    Now you can extract the actual compressed kernel and search for "skip_initramfs" and replace it with "want_initramfs".

    Then use gzzip.exe from the AIK to compress it back down using "gzip.exe -9 -n cKernel" and check its file size.
    If it's an exact match, you're almost done. If not, we're going to have to do some more work.

    Gzip is fairly consistent. So if you're only a few bytes off, you'll need to change a few things in your uncompressed kernel that don't really matter. Datetime stamps are good for that, because nobody really cares exactly what time it was compiled. So, since I was only 1 byte short of an exact match, I added some complexity to the timestamp, so now it reads "Tue Sep 29 19:59:49 CDT 2020". If you need less bytes, try reducing the complexity of the timestamp, like "Tue Sep 29 00:00:01 CDT 2020" instead.

    Now that we've got a re-compressed kernel, insert it back into the zImage file, replacing the existing one.
    When that's done, we re-pack the boot image using AIK with: repackimg.bat --original

    The "original" option just means "don't rebuild the ramdisk". Since we didn't change it, we don't need to.
    Now you can use Magisk Manager to build the image using the "recovery" option against your newly packed image.
    Then do a "fastboot flash boot magisk_patched.img" and reboot normally.

    If that seems like a bit of work; It is. So I can understand why it would be difficult to implement directly into Magisk.
    That said, I'll follow the ticket I put in and see why it's not at least generating an error.
    This is especially problematic considering that the option to force Recovery Mode seems to now be missing if a ramdisk is detected.

    If all this seems outside your comfort zone or skill level, I get that too.
    That's why I did the work and saved you the trouble:
    https://androidfilehost.com/?fid=10763459528675594222

    This boot image is from RETUS_10_QPYS30.85-23-3 and is pre-flashed with Magisk 21.1
    It may work on other variants with patch level 2020-10-01, but I can't guarantee that.
    Worst case, just re-flash your already working "Recovery Mode" patched image.

    Once flashed (if it works for your variant), Magisk will be active on a normal reboot.
    Unfortunately, it also overrides the Moto Recovery mode, so you probably shouldn't take an OTA with it.

    Note that I will likely not be updating these images, as my primary phone is a Pixel 5.
    This is why I have outlined the steps required to reproduce the work.
    View
    2
    V
    veryspecialagent
    I'm just adding this because it wasn't clarified above and in case there are others out there as dense as me:

    This process posted by the OP WORKS. If you're using the XT1952-4 (Boost), use the firmware Viva la Android linked above.

    If you're getting that error message and don't have root, it's because you missed the last step: Reboot recovery.

    For whatever reason if you reboot regular it won't have root access (you don't lose root, it's just inaccessible). Reboot recovery from the fastboot menu, your phone will start up after the bad key message, and if you run a root check you'll see you are, in fact, rooted.
    View
    1
    Viva La Android
    Viva La Android
    Nice work OP. Well written guide. Clear and concise.
    View
    1
    LuisFernando97
    LuisFernando97
    @daftshanks Good evening friend, I hope you are having an excellent weekend. I strongly ask you on behalf of all the users who have this particular device and model to update or make a new post about Android 10 with Magisk very kindly and thank you very much in advance.
    View

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone