[ROOT] [GUIDE] Tips for rooting cheap Chinese MediaTek MTK MT67xx (100s of models)

[lsemprini]

So you've got a cheap Chinese phone based on the budget MediaTek MTK MT67xx SoC (system-on-a-chip) chipset and you want to root it.

You've tried lots of tools and failed, and you've been searching the internet and xda for your model and found nothing (or you might have found stock ROMs for your device online but not rooted ones). Read on....

These phones are INSANELY common all across Asia because MediaTek is the cheapest chip manufacturer and so is the top choice for <USD$100 super-cheap (often free subsidized) phones. Here is a partial list of phones that use the MT67xx across many countries:

Sony Xperia E4g | Kingzone N3 Plus | Bluboo X8 4G | Bluboo X6 | Elephone P6000 | Just5 Blaster | Unistar X8 | Ulefone Be Pro | Cubot X16 | Lenovo Vibe P1m | Meizu m2 | Doogee X5Pro | Lenovo A2010 | Acer Liquid Z530 | Micromax Canvas Express 4G Q413 | Huawei Enjoy 5 | Elephone M2 | Doogee Valencia2 Y100 Pro | Gionee Marathon M5 | coolpad note 3 lite | coolpad note 3 | Alcatel One Touch Flash Plus | Gionee Elife S7 | Lenovo Vibe S1 | Lenovo K3 Note | Lenovo P70 | Lenovo A7000[35] | Meizu M1 Note | Sony Xperia C4 / C4 Dual | Sony Xperia C5 Ultra / C5 Ultra Dual | DaKeLe Big Cola 3 (iPhone 6 clone) | HTC One E9s | HTC Desire 820s | Mlais M52 Red Note | Innjoo One [36] | Ulefone Be Touch[37] | Ulefone Be Touch 2 | Kingzone Z1 | Umi eMax | Mstar S700 | Vivo X6/X6 Plus | THL 2015[38] | Huawei Enjoy 5s | Elephone M2 | Lenovo A7010 | Lenovo K4 Note | Acer Liquid Z530S | Meizu m2 note | InnJoo two [39] | Infinix Note 2 X600 | Elephone P6000 Pro | Elephone P8000 | BLU Life One X (2016) | BLUBOO XTOUCH | Coolpad Note 3 | Quantum Go 4G | Xiaomi Redmi Note 3 | Xiaomi Redmi Note 2/ Prime | LeTV Le 1s | Meizu m1 metal | Meizu MX5 | Gionee Elife E8 | Sony Xperia M5 / M5 Dual | BLU Pure XL | Allview X2 Soul Xtreme | HTC One M9+ | HTC One E9+ | Infinix Zero 3 | Lenovo K5 Note | Sony Xperia XA | Meizu MX6 | iNew L4 1 GB | Oukitel U8 Universe Tap | Bluboo C100 | Siswoo A5 price comparison | Gionee Marathon M5 | Zopo Color E ZP350 | Doogee S6000 | Cubot X15 | Meizu m2 2GB 16GB | VK World VK560 | ZTE Blade D6 | Leagoo Elite 4 1GB 16GB | Oukitel U6 | iNew L4 2 GB | VK World Discovery S1 | Wiko Selfy 4G | Acer Liquid Z630 2GB 16GB | THL 2015 A | Blackview BV2000 | UMI Fair 1GB 8GB | NO.1 S6 (4g) | iNew U5 | ZTE Blade V6 | Huawei Enjoy 5 TIT-AL00 | Acer Liquid Z530 | Uhans U100 | Zopo Hero 1 | Ulefone Paris X | Zopo Flash C ZP530+ | ZTE Blade A1 | Uimi U6 | Gionee Marathon M5 Prime | Uimi U6c | HomTom HT7 Pro | ZTE Small Fresh 3 C880S | Zopo Color S5.5 | KingZone N5 MT6735 1.3GHz | MyWigo City 2 | LG K8 K350N | AIS Lava iris 500 | Lava iris 550Q

I am including the list above for two reasons:

• so that people searching for their model may find this thread and be helped
• so that you can just get a glimpse of the insane variety of companies and models that use the same chip family

For reasons explained below, you will find that most of these devices are resistant to the "easy" one-click rooting methods and most of them do not work with ANY of the "easy" tools that have been developed for other phones, even MediaTek (MTK)-specific tools. Of course tool support will improve over time, but as we will explain, there is something unique about your MediaTek device that will always make it harder to root.

I finally got my MT67xx-based phone rooted, and here is the information that I wished someone had posted on xda as I slogged through my search.

My goal here is NOT to provide the steps for a specific phone model, but rather to help the (literally) millions of you out there who have MT67xx-based phones find a solution by giving you a few basics to understand MediaTek MTK and rooting, and pointing you in the right direction so you know what questions to ask.

There's some bad news, and some worse news...

WHAT ALL THESE PHONES HAVE IN COMMON:

The MT67xx chipset inside your phone uses a relatively new (2014) 64-bit processor architecture, compared to the ubiquitous MediaTek MTK MT65xx, MT83xx, MT81xx processors that use a 32-bit architecture. And around the same time that MT67xx came out, MediaTek also switched devices to a new filesystem/partition format which determines where and how Android and all your data gets stored in your device's flash memory.

What these two technical changes mean is that:

• many of the vulnerabilities in Android that the "easy" one-click root tools exploited to do their job (e.g. old standbys like RageAgainstTheCage, framaroot, etc.) no longer work. Updating Android is another thing that often causes these vulnerabilities to cease to work, but changing processor architectures is a biggie too.
  
• many (but not all) of the old tools developed to root and otherwise modify MediaTek devices broke, and have not yet been fixed. Most notable is the MTK Droid Tool, a standard tool for hacking MTK devices that you will still find used in 99% of guides out there on the internet. It doesn't work on your MT67xx (at least no version I could find). Same is true of many other tools, such as some of the tools to reset your phones IMEI when rooting/modding operations disrupt your ability to call, tools to get into "MTK Engineer Mode" etc.

That is why you will find so many pages on the internet that say "Root Any Android Phone" (complete BS: if you see this, the person is either clueless or lying) or even "Root Any MediaTek Phone" and the procedure fails.

So, you would think that the cool ROM hackers and root tool folks would whip up some new tools quickly, right?

This is the point where you need to understand a harsh reality...

WHAT ALL THESE PHONES DON'T HAVE IN COMMON:

This is perhaps Android's greatest strength and weakness: every manufacturer (as well as ROM hacker here on xda) is free to tweak open-source Android in almost any way they see fit, whether to save money, integrate a new feature, customize for local market and culture, try to lock out competition, or whatever. And so they did.

Even though these devices all use MT67xx chips, it seems like every manufacturer felt compelled to make as many tiny changes as possible, and the result is that there is no easy way for kind xda hackers to develop one master ROM image of Android that will run on them all (rooted or otherwise). And it's even hard to make a rooting tool or mod that works on all devices.

Instead, the device-specific differences are significant enough that you actually need a developer to spend hours to days on each model in order to produce a workable Android ROM (rooted or otherwise).

And that is why, all over xda-developers and other sites, you rarely see custom ROMs for your MTK device. Although I'm guessing there are many times more cheap MTK devices in the world than devices with more expensive chipsets, the market of cheap devices is utterly fragmented into hundreds of vendors, so it is generally not worth any ROM hacker's time to develop for a particular device, because the reward (glory or karma, whatever turns them on) is minimal compared to a single device (e.g. most Samsungs) that is used by millions.

Sometimes the cheap MTK software/hardware changes that break both root tools and ROMs seem trivial and pointless. Like a vendor might move a critical system file for no obvious reason, switch the order of SD cards so that old software breaks, leave out key system programs they thought "nobody would need," introduce new and usually-broken encryption methods to lock out modders, etc.

THE SILVER LINING

Seems pretty grim, huh?

This cloud has one major silver lining.

I'm going to tell you about a tool that does work on MT67xx devices. You may or may not end up using this tool as part of your rooting strategy (more below), but it's good to hear some good news sometime

As far as I can tell, all MediaTek devices MT67xx, MT65xx, MT83xx, MT81xx work with the SP Flash Tool, a MediaTek MTK-specific tool that lets you flash (write) new versions of Android and tools that you need to install or modify Android (ROMs, custom recovery images, recovery updates) on to your device.

SP Flash Tool lets you flash "images" to your device, even if your device is totally bricked or has been utterly wiped clean from some earlier messup. An "image" is geek speak for a file that contains the whole contents of a partition of your Android device's storage, such as the partitions that contain the Android operating system (boot and system), the partitions that contain a recovery tool that lets you do less primitive operations like updating Android, installing SuperSU, or backing up your device (recovery), or even the partition with the logo shown on boot (logo).

So that means SP Flash Tool is super-powerful and super-dangerous (in fact, it's suicidal if you use it on a device containing important data you haven't backed up), but on the other hand it also means that at least you always have some tool that can install new images, no matter how messed up you have made your device.

The significance of this cannot be understated. For Android devices with other chipsets, there is of course some way to flash images (various tools referred to as "recovery console," "bootloader/fastboot mode," etc), but the chipset and manufacturers (even on some MediaTek MTK devices) try to ruin your day by:

• locking your bootloader or recovery console so it can only flash images cryptographically signed by the manufacturer using secret keys, meaning you can't use them to modify your phone in the way you want,
• providing you only with flashing methods that work if the certain partitions stay intact---meaning that if you make a certain kind of mistake, you may much more easily "brick" your phone so that you have no way of ever using it for anything but a doorstop.

MediaTek's SP Flash Tool, on the other hand, does not get in your way with any kind of lock---it always lets you flash images to the device, even if your flash memory has become completely garbled with nonsense. The tool literally works on your phone before your phone has started to boot up (kind of scary actually and a huge design flaw security risk, oh well). It is still up to you of course to flash something that works, but at least you have the option.

A very important principle for SP Flash Tool is: only flash partitions that you need to flash. That will likely be recovery, and maybe boot/system and maybe logo if you are playing around. Even though you may find a ROM with all partitions, only flash the ones the instructions say you need to flash. Otherwise you invite problems that might clear important settings on your device (e.g. mobile radio/carrier settings you need for your calling to work, etc.).

You're probably thinking that using SP Flash Tool, you can first make a backup of your device, so that no matter what you try, you can always restore your backup. Good news: this is kind of true: the SP Flash Tool is capable of this kind of backup, as seen in this thread, this thread, and this thread. But when you look at those threads, you will see there is a catch: the technique relies on being able to extract something called a "scatter file" from your device, and the tool they always use for this? You guessed it, MTK Droid Tool, the tool that doesn't (yet) work on MT67xx devices. This nice thread explains the situation and gives you a way to get the "scatter file" to make your backup, but as you can see it's more technical than many people will be willing to do. So basically we are waiting for better tools to be available to less technical users for backing up MT67xx devices. If you don't mind bricking your device at all or until such a tool comes out, it won't matter. But for most users you will want some kind of backup in your rooting strategy. If anyone knows of a better new tool that works on MT67xx, please reply below.

So consider the application of SP Flash Tool as a backup tool for MT67xx devices to be something that's not ready for everyone yet. If anyone knows an easier tool for making scatter files on MT67xx or even doing backup, let us know.

There are other ways of making backups of your device before you attempt to root your device, though, so you might not need to use SP Flash Tool as your backup. More later...

Also, some reading this thread may have found a stock ROM for your exact device (one that is just like the manufacturer gave you, not rooted) that can serve as your backup in case your rooting attempts fail.

HOW TO ROOT YOUR PHONE

Typically when you want to root any Android device, you google the name of the device with "root" and you will find either:

• "easy" one-click rooting tools (e.g. Kingoroot, Kingroot, One Click Root, framaroot) that you install on your device or your PC and click one button to root.
• software that you are supposed to flash to your Android device to make it rooted (either complete ROM images containing a complete copy of Android for your device, already rooted and usually with other handy mods, or flashable update images that root your existing copy of Android).

The "easy" one-click tools may be worth trying, because they literally are just one click, but they come with a massive downside: many of them, such as Kingoroot, have been repeatedly accused of, and occasionally caught at, doing extremely shady things on your device after installation, such as sending your device's private IMEI number to servers in China. Kingroot (yes, it's different from Kingoroot) is a one-click tool that is recommended on xda, but which installs extremely invasive "purify" and/or "scanning" software on your device (also frequently connecting with servers in China for unknown reasons which the closed-source makers of these tools will not disclose). I personally find the many creepy clone Kingroot advertising websites and obviously-fake "user" posts about Kingroot that are gushingly positive about Kingroot to be a major, major red flag. If they have to make fake one-sided posts to convince people to install, what are they hiding? Many people use Kingroot simply because they've tried everything else and it's the only one-click tool that can root their device (because the Kingroot developers accomplish root using new exploits that nobody else has found, and devote significant resources to keeping up to date on exploits, perhaps using money they got from.....), then they use other tools that supposedly strip away Kingroot and its bloat/sketchiness and replace it with a more trusted root solution such as SuperSU (SuperSU requires your phone to be already rooted or requires you to flash something to install it). There even seems to be an arms war between Kingroot and these "Kingroot stripping tools" which causes problems on your phone as each party releases updates. You get the picture.

If you're reading this thread, you may have already tried these one-click tools and seen that they don't work on your MT67xx, or you may be too suspicious of them.

So, you moved on to looking for software that you could flash to your device that would root your device.

You searched in xda and Google for your make and model and found.....nothing. Except hopefully this thread.

Now you know why you didn't find anything using your make and model (you didn't skip the sections above, did you?). Fortunately, there is some hope.

Flashable software that can root your device will likely take one of two forms:

• ROM: A complete ROM (complete version of Android, with images for boot and system partitions) that is already rooted, and probably contains other nice enhancements you might like as well. To use a ROM image, you flash the boot image and system image your boot and system partitions using SP Flash Tool.
• UPDATE: An update file that you apply on top of your existing version of Android to get root, such as the one distributed with SuperSU. To apply this type of update, you don't install an APK file (e.g. from the Play Store). Instead, you download a "recovery flashable ZIP" and boot your device into a special "recovery mode" where you make some choices on a retro 1970s text menu to choose and apply the update---more later.

If you want to use a ROM, the ROM definitely has to be customized for your device. Flashing a ROM meant for another device is a near-guarantee to render your device inoperable, unless the other device literally only differs by the marketing name (extremely unlikely: remember when we said above how each manufacturer loves to make tiny confounding changes?).

So you are unlikely to find a ROM for your device at all (if you did, you probably wouldn't be reading this thread). If you have a lot of spare time on your hands, you could try flashing ROMs from a lot of similar devices (definitely it must be the same chipset and Android version, ideally same country, same mobile carrier or another company that actually uses the same mobile carrier's network). But that's not too likely to succeed. If you do succeed, my god definitely post it to xda so future people can be helped.

So you are left with the option of rooting your device using a "recovery flashable ZIP" update like the one that comes with SuperSU.

You still need to ask two questions:

• does SuperSU (or other rooting package) work on my device?
• does the "recovery mode" that comes with your device let you flash these ZIPs?

For question 1 you are not likely to find an answer (again because of the insane fragmentation of devices in the MTK market as explained above). So you are going to have to just try it, after making a backup. You can at least feel comforted by the fact that the amazing developer, Chainfire, has done insane amounts of work to make SuperSU's flashable installer ZIP work on as many devices as possible. But it's nearly impossible that he's had time to test on your MTK device, because of the severe low-end market fragmentation problem explained above (and don't ask him to: it's your job to try).

You can find many tutorials on the internet about how to get to your device's recovery mode (it's device-specific but typically involves holding down 2-3 buttons while turning on your device then making further menu choices, then holding down two buttons again when you see an image of an android laying on his back) and how to install the "recovery flashable ZIP" that comes with SuperSU or your root package.

Question 2 really depends on your device. Even though all devices we are talking about here use MT67xx chips, many device makers give you a crippled "recovery mode" that will only install updates cryptographically signed by the manufacturer using a secret key, meaning they are useless for installing SuperSU. You should just give it a try and see if you get an error message during install about the "signature" of the update being wrong (remember, while trying the SuperSU update, if you suddenly see the android lying down again, hit the same sequence of buttons that you used to get into the recovery console in the first place to get back to a screen with actual information).

If the stock recovery mode that comes with your device is not suitable for installing SuperSU, then you need to replace the recovery mode that comes with your phone with a "custom recovery" (Chainfire actually recommends using a custom recovery anyway to avoid problems). Fortunately, you have a tool in your arsenal which can replace the stock recovery with a custom recovery: SP Flash Tool. Whew. The recovery mode on your device is on one of those partitions that you can flash with SP Flash Tool. All you need to do is find a custom recovery "image" from the internet that can do SuperSU. By far the most common custom recovery tools people use are called TWRP and CWM (ClockWorkMod). These custom recovery tools even give you other cool features that the stock recovery didn't, like the ability to make backups in a way that is much easier and less technical than with SP Flash Tool.

So everything's great, right? Just install TWRP/CWM and then install SuperSU.

Well, not quite. It turns out that just like Android versions, recovery images have to be built specifically for your device. There isn't just one file for TWRP/CWM: there's one per device. So you are now faced with the challenge of finding a custom recovery image that works on your device.

So it seems like Catch-22, right? You're stuck.

Well, not exactly. It turns out that while recovery consoles are indeed device-specific, they are less device specific than Android versions. Your chances of finding a recovery image that was designed for another similar MT67xx device but works on your device are much greater than your (near zero) chances of finding a complete Android ROM that does the same.

So search on xda and Google for the chipset of your device, and look for people who have successfully used custom recovery images across similar devices. For example, my device has an MT6735 so I searched on xda and found several threads where people used recovery consoles across devices. Read the threads for your chipset and see if you recognize any similar devices. Or just try some (after making a back-up of course, including a backup of the stock recovery image in case you need to go back to that (though some devices have a nifty feature where they will restore the stock recovery automatically if a custom recovery crashes)). They may work, they may not. If you have success, definitely report it here to help others.

So hopefully, maybe with some trial and error, you can install SuperSU to root your phone, either using your phone's stock recovery or a working custom recovery that you can find on the internet. Whew.

Since you will be looking for rooting solutions on the internet and seeing many guides, I should mention that other than using SP Flash Tool or the recovery mode, there is another way to flash images to your device, usually known as the bootloader or "fastboot mode." Fastboot mode is an alternative to the "recovery mode" (you enter the fastboot mode by pushing a different set of buttons down as you turn on your device). You will find tons of references to fastboot mode as it is a key way to flash on many devices, but for your MediaTek MTK device, fastboot mode is unlikely to be useful to you: as an MTK owner, you have access to SP Flash Tool which is not encumbered by the many restrictions that some device vendors place on fastboot mode and is pretty much better all-around. Fastboot mode involves using adb command line tools, which are intimidating to some users. Many vendors completely lock down fastboot mode so that it cannot flash at all, some vendors require you to find a magic easter egg option to enable fastboot flashing and force you to erase all your data in the process of just turning that switch on, and some vendors make you call them to get a l33t secret code that you have to use to enter to unlock fastboot using an "oem unlock". Fortunately, you can bypass all that idiotic DRM nonsense by just using SP Flash Tool and get the same work done. The only advantage of fastboot mode is on some devices it lets you boot a proposed recovery console to try it one time without actually installing it: but on my device, and many MTK devices, that functionality is simply not implemented.

So what if you have exhausted all the possibilities above, and you are still stuck: None of the one-click tools work on your device. You can't find a ROM for your device. SuperSU can't be installed using your stock recovery mode, and you can't find any custom recovery image that works on your device that you could use to install SuperSU on your device. Well, then you are really in new territory where there are further steps you can take, but it's going to get a lot more technical. Since SP Flash Tool works, you do have the power to modify system files on your device, so you do have the power to root the device. First of all you can become a ROM developer and build a ROM for your device, but that is a massive undertaking and I don't even know if you can find the correct drivers to accomplish this. So instead, to get root, you're going to have to figure out how to extract a partition image (boot or system) from your device, extract all the files from that image (there are "kitchens" on xda that help you do this kind of thing), modify those files in a way that gives you root, flash the partition back, and then boot your system normally, letting the nefarious code you added give you root as the system boots. This is non-trivial but kind of fun if you are into that kind of punishment. I went through that whole process because I thought my device was one of those extreme cases (I had not yet figured out that there was probably some other custom recovery image that would have worked on my device, because there was no thread explaining this fact on xda ). The steps I took are definitely beyond the scope of this post, but if folks are interested I can share some details in a separate post (there is nothing revolutionary: I hacked /init.rc to perform an elaborate series of file copies, chmod, chown, etc. at user boot time to install SuperSU, basically simulating all the many steps that SuperSU would have taken from its install script in the recovery mode, had I been able to use the useless locked recovery mode on my device).

After you root your phone (and depending on how you root your phone) you may run into a situation where you can no longer make/receive calls because you have accidentally cleared out your phone's IMEI setting.

This, again, is a case where there are a ton of tools to fix your IMEI that are designed specially for MTK devices, but most of them do not work on MT67xx series, only the older chips (yes, you guessed it, including our old friend MTK Droid Tool).

So you will probably have to hunt around until you find an IMEI fixer that works. Many guides suggested a super-creepy Chinese app called Mobile Uncle that includes a horrific screen begging me to install all the most privacy-destroying popular Chinese social media apps, but Mobile Uncle failed to work on my MT67xx, so save yourself the viruses and use another tool. After I rooted my phone I tried 3 different apps until I found one called "MTK Engineering" that just worked, and I set my IMEI by following the visual guide in method number 1 on this website (I didn't use Mobile Uncle but the UI is the same), adding in the extra hack of adding a space between the "AT" and the "+" , and surrounding the IMEI number in quotes, as explained on this website. Phew.

Good luck and hope this guide saved you from going down several 12-hour ratholes like I did!!!

MANY MANY THANKS: I have linked to many articles on xda and the internet above. Please explore those links for more information. Thanks to Chainfire for sure for SuperSU and for whoever made SP Flash Tool (MediaTek?). And I really got a lot of helpful info from alexzap's articles. This MTK rooting/flashing guide is also pretty cool but doesn't address the newer MT67xx issues.

 

[lsemprini]

(reserved)

 

[Gibz97]

So you've got a cheap Chinese phone based on the budget MediaTek MTK MT67xx SoC (system-on-a-chip) chipset and you want to root it.

First of all, thank you very much for such an educational thread. I am also a newbie to MediaTek devices but after owning an MT6752 Desire 820s there are a ton of things I have learned so far with the device and MediaTek in general which I am glad to share.

So that means SP Flash Tool is super-powerful and super-dangerous (in fact, it's suicidal if you use it on a device containing important data you haven't backed up), but on the other hand it also means that at least you always have some tool that can install new images, no matter how messed up you have made your device.

I totally agree with you, SP Flashtool is the best thing to have ever happened to the MediaTek fraternity. I have been using it to test flashing partitions on my phone, corrupting the bootloader and bricking the device but it would always come to my rescue.
It is so powerful such that it can unlock, lock or relock the bootloader on HTC devices without using the official HTC bootloader unlocking method, fastboot or adb and does not require root.
The HTC bootloader somehow restricts a phone to boot into meta mode for flashing but holding volume up while connecting phone to PC tends to force the phone to access meta mode where flashing of any partition can be carried out by SP Flashtool.
I consider this a security risk but still interesting as it is too easy to access the device's userdata partition via a recovery hack since it can unlock the device's bootloader and flash a custom recovery, preserving the userdata partition which would have been wiped if one used official methods unless one encrypted their internal storage.
However newer MediaTek devices seem to have fixed this security hole. The likes of HTC One M9+, E9 and E9+ with an MT6795 processor cannot be flashed by SP Flashtool unless the device is S-off as of now. It could work with an SP Flashtool update maybe?

So consider the application of SP Flash Tool as a backup tool for MT67xx devices to be something that's not ready for everyone yet. If anyone knows an easier tool for making scatter files on MT67xx or even doing backup, let us know.

Well, it is possible to backup newer MediaTek SOCs (MT67XX) devices using SP Flashtool's Readback feature without root but it requires the exact scatter file of the firmware one is currently on, or at least the Partition start address of a partition you want to back up and its physical size if one cannot get the scatter file.
MTKDroidtools can at least show the partition types on the MT67XX devices but unfortunately the start and physical addresses of the partitions are not exactly as they are supposed to be on the device.
However if you are lucky to find the scatter file you can use it to readback on SP Flashtool, not reading back the entire NAND of the phone but reading back each partition individually as it is depicted on the scatter file and saving the backup file as partion_name.img eg boot.img. This is technically dding an entire partition but without using root.
The start address is depicted on the scatter file and the length is the partition_size on the scatter file.
This can be vital especially for creating a custom recovery for a device which is currently unrooted.

 

[FrenzyR]

So you've got a cheap Chinese phone based on the budget MediaTek MTK MT67xx SoC (system-on-a-chip) chipset and you want to root it.

You've tried lots of tools and failed, and you've been searching the internet and xda for your model and found nothing (or you might have found stock ROMs for your device online but not rooted ones). Read on....

These phones are INSANELY common all across Asia because MediaTek is the cheapest chip manufacturer and so is the top choice for <USD$100 super-cheap (often free subsidized) phones. Here is a partial list of phones that use the MT67xx across many countries:



I am including the list above for two reasons:

• so that people searching for their model may find this thread and be helped
• so that you can just get a glimpse of the insane variety of companies and models that use the same chip family

For reasons explained below, you will find that most of these devices are resistant to the "easy" one-click rooting methods and most of them do not work with ANY of the "easy" tools that have been developed for other phones, even MediaTek (MTK)-specific tools. Of course tool support will improve over time, but as we will explain, there is something unique about your MediaTek device that will always make it harder to root.

I finally got my MT67xx-based phone rooted, and here is the information that I wished someone had posted on xda as I slogged through my search.

My goal here is NOT to provide the steps for a specific phone model, but rather to help the (literally) millions of you out there who have MT67xx-based phones find a solution by giving you a few basics to understand MediaTek MTK and rooting, and pointing you in the right direction so you know what questions to ask.

There's some bad news, and some worse news...

WHAT ALL THESE PHONES HAVE IN COMMON:

The MT67xx chipset inside your phone uses a relatively new (2014) 64-bit processor architecture, compared to the ubiquitous MediaTek MTK MT65xx, MT83xx, MT81xx processors that use a 32-bit architecture. And around the same time that MT67xx came out, MediaTek also switched devices to a new filesystem/partition format which determines where and how Android and all your data gets stored in your device's flash memory.

What these two technical changes mean is that:

• many of the vulnerabilities in Android that the "easy" one-click root tools exploited to do their job (e.g. old standbys like RageAgainstTheCage, framaroot, etc.) no longer work. Updating Android is another thing that often causes these vulnerabilities to cease to work, but changing processor architectures is a biggie too.
  
• many (but not all) of the old tools developed to root and otherwise modify MediaTek devices broke, and have not yet been fixed. Most notable is the MTK Droid Tool, a standard tool for hacking MTK devices that you will still find used in 99% of guides out there on the internet. It doesn't work on your MT67xx (at least no version I could find). Same is true of many other tools, such as some of the tools to reset your phones IMEI when rooting/modding operations disrupt your ability to call, tools to get into "MTK Engineer Mode" etc.

That is why you will find so many pages on the internet that say "Root Any Android Phone" (complete BS: if you see this, the person is either clueless or lying) or even "Root Any MediaTek Phone" and the procedure fails.

So, you would think that the cool ROM hackers and root tool folks would whip up some new tools quickly, right?

This is the point where you need to understand a harsh reality...

WHAT ALL THESE PHONES DON'T HAVE IN COMMON:

This is perhaps Android's greatest strength and weakness: every manufacturer (as well as ROM hacker here on xda) is free to tweak open-source Android in almost any way they see fit, whether to save money, integrate a new feature, customize for local market and culture, try to lock out competition, or whatever. And so they did.

Even though these devices all use MT67xx chips, it seems like every manufacturer felt compelled to make as many tiny changes as possible, and the result is that there is no easy way for kind xda hackers to develop one master ROM image of Android that will run on them all (rooted or otherwise). And it's even hard to make a rooting tool or mod that works on all devices.

Instead, the device-specific differences are significant enough that you actually need a developer to spend hours to days on each model in order to produce a workable Android ROM (rooted or otherwise).

And that is why, all over xda-developers and other sites, you rarely see custom ROMs for your MTK device. Although I'm guessing there are many times more cheap MTK devices in the world than devices with more expensive chipsets, the market of cheap devices is utterly fragmented into hundreds of vendors, so it is generally not worth any ROM hacker's time to develop for a particular device, because the reward (glory or karma, whatever turns them on) is minimal compared to a single device (e.g. most Samsungs) that is used by millions.

Sometimes the cheap MTK software/hardware changes that break both root tools and ROMs seem trivial and pointless. Like a vendor might move a critical system file for no obvious reason, switch the order of SD cards so that old software breaks, leave out key system programs they thought "nobody would need," introduce new and usually-broken encryption methods to lock out modders, etc.

THE SILVER LINING

Seems pretty grim, huh?

This cloud has one major silver lining.

I'm going to tell you about a tool that does work on MT67xx devices. You may or may not end up using this tool as part of your rooting strategy (more below), but it's good to hear some good news sometime

As far as I can tell, all MediaTek devices MT67xx, MT65xx, MT83xx, MT81xx work with the SP Flash Tool, a MediaTek MTK-specific tool that lets you flash (write) new versions of Android and tools that you need to install or modify Android (ROMs, custom recovery images, recovery updates) on to your device.

SP Flash Tool lets you flash "images" to your device, even if your device is totally bricked or has been utterly wiped clean from some earlier messup. An "image" is geek speak for a file that contains the whole contents of a partition of your Android device's storage, such as the partitions that contain the Android operating system (boot and system), the partitions that contain a recovery tool that lets you do less primitive operations like updating Android, installing SuperSU, or backing up your device (recovery), or even the partition with the logo shown on boot (logo).

So that means SP Flash Tool is super-powerful and super-dangerous (in fact, it's suicidal if you use it on a device containing important data you haven't backed up), but on the other hand it also means that at least you always have some tool that can install new images, no matter how messed up you have made your device.

The significance of this cannot be understated. For Android devices with other chipsets, there is of course some way to flash images (various tools referred to as "recovery console," "bootloader/fastboot mode," etc), but the chipset and manufacturers (even on some MediaTek MTK devices) try to ruin your day by:

• locking your bootloader or recovery console so it can only flash images cryptographically signed by the manufacturer using secret keys, meaning you can't use them to modify your phone in the way you want,
• providing you only with flashing methods that work if the certain partitions stay intact---meaning that if you make a certain kind of mistake, you may much more easily "brick" your phone so that you have no way of ever using it for anything but a doorstop.

MediaTek's SP Flash Tool, on the other hand, does not get in your way with any kind of lock---it always lets you flash images to the device, even if your flash memory has become completely garbled with nonsense. The tool literally works on your phone before your phone has started to boot up (kind of scary actually and a huge design flaw security risk, oh well). It is still up to you of course to flash something that works, but at least you have the option.

A very important principle for SP Flash Tool is: only flash partitions that you need to flash. That will likely be recovery, and maybe boot/system and maybe logo if you are playing around. Even though you may find a ROM with all partitions, only flash the ones the instructions say you need to flash. Otherwise you invite problems that might clear important settings on your device (e.g. mobile radio/carrier settings you need for your calling to work, etc.).

You're probably thinking that using SP Flash Tool, you can first make a backup of your device, so that no matter what you try, you can always restore your backup. Good news: this is kind of true: the SP Flash Tool is capable of this kind of backup, as seen in this thread, this thread, and this thread. But when you look at those threads, you will see there is a catch: the technique relies on being able to extract something called a "scatter file" from your device, and the tool they always use for this? You guessed it, MTK Droid Tool, the tool that doesn't (yet) work on MT67xx devices. This nice thread explains the situation and gives you a way to get the "scatter file" to make your backup, but as you can see it's more technical than many people will be willing to do. So basically we are waiting for better tools to be available to less technical users for backing up MT67xx devices. If you don't mind bricking your device at all or until such a tool comes out, it won't matter. But for most users you will want some kind of backup in your rooting strategy. If anyone knows of a better new tool that works on MT67xx, please reply below.

So consider the application of SP Flash Tool as a backup tool for MT67xx devices to be something that's not ready for everyone yet. If anyone knows an easier tool for making scatter files on MT67xx or even doing backup, let us know.

There are other ways of making backups of your device before you attempt to root your device, though, so you might not need to use SP Flash Tool as your backup. More later...

Also, some reading this thread may have found a stock ROM for your exact device (one that is just like the manufacturer gave you, not rooted) that can serve as your backup in case your rooting attempts fail.

HOW TO ROOT YOUR PHONE

Typically when you want to root any Android device, you google the name of the device with "root" and you will find either:

• "easy" one-click rooting tools (e.g. Kingoroot, Kingroot, One Click Root, framaroot) that you install on your device or your PC and click one button to root.
• software that you are supposed to flash to your Android device to make it rooted (either complete ROM images containing a complete copy of Android for your device, already rooted and usually with other handy mods, or flashable update images that root your existing copy of Android).

The "easy" one-click tools may be worth trying, because they literally are just one click, but they come with a massive downside: many of them, such as Kingoroot, have been repeatedly accused of, and occasionally caught at, doing extremely shady things on your device after installation, such as sending your device's private IMEI number to servers in China. Kingroot (yes, it's different from Kingoroot) is a one-click tool that is recommended on xda, but which installs extremely invasive "purify" and/or "scanning" software on your device (also frequently connecting with servers in China for unknown reasons which the closed-source makers of these tools will not disclose). I personally find the many creepy clone Kingroot advertising websites and obviously-fake "user" posts about Kingroot that are gushingly positive about Kingroot to be a major, major red flag. If they have to make fake one-sided posts to convince people to install, what are they hiding? Many people use Kingroot simply because they've tried everything else and it's the only one-click tool that can root their device (because the Kingroot developers accomplish root using new exploits that nobody else has found, and devote significant resources to keeping up to date on exploits, perhaps using money they got from.....), then they use other tools that supposedly strip away Kingroot and its bloat/sketchiness and replace it with a more trusted root solution such as SuperSU (SuperSU requires your phone to be already rooted or requires you to flash something to install it). There even seems to be an arms war between Kingroot and these "Kingroot stripping tools" which causes problems on your phone as each party releases updates. You get the picture.

If you're reading this thread, you may have already tried these one-click tools and seen that they don't work on your MT67xx, or you may be too suspicious of them.

So, you moved on to looking for software that you could flash to your device that would root your device.

You searched in xda and Google for your make and model and found.....nothing. Except hopefully this thread.

Now you know why you didn't find anything using your make and model (you didn't skip the sections above, did you?). Fortunately, there is some hope.

Flashable software that can root your device will likely take one of two forms:

• ROM: A complete ROM (complete version of Android, with images for boot and system partitions) that is already rooted, and probably contains other nice enhancements you might like as well. To use a ROM image, you flash the boot image and system image your boot and system partitions using SP Flash Tool.
• UPDATE: An update file that you apply on top of your existing version of Android to get root, such as the one distributed with SuperSU. To apply this type of update, you don't install an APK file (e.g. from the Play Store). Instead, you download a "recovery flashable ZIP" and boot your device into a special "recovery mode" where you make some choices on a retro 1970s text menu to choose and apply the update---more later.

If you want to use a ROM, the ROM definitely has to be customized for your device. Flashing a ROM meant for another device is a near-guarantee to render your device inoperable, unless the other device literally only differs by the marketing name (extremely unlikely: remember when we said above how each manufacturer loves to make tiny confounding changes?).

So you are unlikely to find a ROM for your device at all (if you did, you probably wouldn't be reading this thread). If you have a lot of spare time on your hands, you could try flashing ROMs from a lot of similar devices (definitely it must be the same chipset and Android version, ideally same country, same mobile carrier or another company that actually uses the same mobile carrier's network). But that's not too likely to succeed. If you do succeed, my god definitely post it to xda so future people can be helped.

So you are left with the option of rooting your device using a "recovery flashable ZIP" update like the one that comes with SuperSU.

You still need to ask two questions:

• does SuperSU (or other rooting package) work on my device?
• does the "recovery mode" that comes with your device let you flash these ZIPs?

For question 1 you are not likely to find an answer (again because of the insane fragmentation of devices in the MTK market as explained above). So you are going to have to just try it, after making a backup. You can at least feel comforted by the fact that the amazing developer, Chainfire, has done insane amounts of work to make SuperSU's flashable installer ZIP work on as many devices as possible. But it's nearly impossible that he's had time to test on your MTK device, because of the severe low-end market fragmentation problem explained above (and don't ask him to: it's your job to try).

You can find many tutorials on the internet about how to get to your device's recovery mode (it's device-specific but typically involves holding down 2-3 buttons while turning on your device then making further menu choices, then holding down two buttons again when you see an image of an android laying on his back) and how to install the "recovery flashable ZIP" that comes with SuperSU or your root package.

Question 2 really depends on your device. Even though all devices we are talking about here use MT67xx chips, many device makers give you a crippled "recovery mode" that will only install updates cryptographically signed by the manufacturer using a secret key, meaning they are useless for installing SuperSU. You should just give it a try and see if you get an error message during install about the "signature" of the update being wrong (remember, while trying the SuperSU update, if you suddenly see the android lying down again, hit the same sequence of buttons that you used to get into the recovery console in the first place to get back to a screen with actual information).

If the stock recovery mode that comes with your device is not suitable for installing SuperSU, then you need to replace the recovery mode that comes with your phone with a "custom recovery" (Chainfire actually recommends using a custom recovery anyway to avoid problems). Fortunately, you have a tool in your arsenal which can replace the stock recovery with a custom recovery: SP Flash Tool. Whew. The recovery mode on your device is on one of those partitions that you can flash with SP Flash Tool. All you need to do is find a custom recovery "image" from the internet that can do SuperSU. By far the most common custom recovery tools people use are called TWRP and CWM (ClockWorkMod). These custom recovery tools even give you other cool features that the stock recovery didn't, like the ability to make backups in a way that is much easier and less technical than with SP Flash Tool.

So everything's great, right? Just install TWRP/CWM and then install SuperSU.

Well, not quite. It turns out that just like Android versions, recovery images have to be built specifically for your device. There isn't just one file for TWRP/CWM: there's one per device. So you are now faced with the challenge of finding a custom recovery image that works on your device.

So it seems like Catch-22, right? You're stuck.

Well, not exactly. It turns out that while recovery consoles are indeed device-specific, they are less device specific than Android versions. Your chances of finding a recovery image that was designed for another similar MT67xx device but works on your device are much greater than your (near zero) chances of finding a complete Android ROM that does the same.

So search on xda and Google for the chipset of your device, and look for people who have successfully used custom recovery images across similar devices. For example, my device has an MT6735 so I searched on xda and found several threads where people used recovery consoles across devices. Read the threads for your chipset and see if you recognize any similar devices. Or just try some (after making a back-up of course, including a backup of the stock recovery image in case you need to go back to that (though some devices have a nifty feature where they will restore the stock recovery automatically if a custom recovery crashes)). They may work, they may not. If you have success, definitely report it here to help others.

So hopefully, maybe with some trial and error, you can install SuperSU to root your phone, either using your phone's stock recovery or a working custom recovery that you can find on the internet. Whew.

Since you will be looking for rooting solutions on the internet and seeing many guides, I should mention that other than using SP Flash Tool or the recovery mode, there is another way to flash images to your device, usually known as the bootloader or "fastboot mode." Fastboot mode is an alternative to the "recovery mode" (you enter the fastboot mode by pushing a different set of buttons down as you turn on your device). You will find tons of references to fastboot mode as it is a key way to flash on many devices, but for your MediaTek MTK device, fastboot mode is unlikely to be useful to you: as an MTK owner, you have access to SP Flash Tool which is not encumbered by the many restrictions that some device vendors place on fastboot mode and is pretty much better all-around. Fastboot mode involves using adb command line tools, which are intimidating to some users. Many vendors completely lock down fastboot mode so that it cannot flash at all, some vendors require you to find a magic easter egg option to enable fastboot flashing and force you to erase all your data in the process of just turning that switch on, and some vendors make you call them to get a l33t secret code that you have to use to enter to unlock fastboot using an "oem unlock". Fortunately, you can bypass all that idiotic DRM nonsense by just using SP Flash Tool and get the same work done. The only advantage of fastboot mode is on some devices it lets you boot a proposed recovery console to try it one time without actually installing it: but on my device, and many MTK devices, that functionality is simply not implemented.

So what if you have exhausted all the possibilities above, and you are still stuck: None of the one-click tools work on your device. You can't find a ROM for your device. SuperSU can't be installed using your stock recovery mode, and you can't find any custom recovery image that works on your device that you could use to install SuperSU on your device. Well, then you are really in new territory where there are further steps you can take, but it's going to get a lot more technical. Since SP Flash Tool works, you do have the power to modify system files on your device, so you do have the power to root the device. First of all you can become a ROM developer and build a ROM for your device, but that is a massive undertaking and I don't even know if you can find the correct drivers to accomplish this. So instead, to get root, you're going to have to figure out how to extract a partition image (boot or system) from your device, extract all the files from that image (there are "kitchens" on xda that help you do this kind of thing), modify those files in a way that gives you root, flash the partition back, and then boot your system normally, letting the nefarious code you added give you root as the system boots. This is non-trivial but kind of fun if you are into that kind of punishment. I went through that whole process because I thought my device was one of those extreme cases (I had not yet figured out that there was probably some other custom recovery image that would have worked on my device, because there was no thread explaining this fact on xda ). The steps I took are definitely beyond the scope of this post, but if folks are interested I can share some details in a separate post (there is nothing revolutionary: I hacked /init.rc to perform an elaborate series of file copies, chmod, chown, etc. at user boot time to install SuperSU, basically simulating all the many steps that SuperSU would have taken from its install script in the recovery mode, had I been able to use the useless locked recovery mode on my device).

After you root your phone (and depending on how you root your phone) you may run into a situation where you can no longer make/receive calls because you have accidentally cleared out your phone's IMEI setting.

This, again, is a case where there are a ton of tools to fix your IMEI that are designed specially for MTK devices, but most of them do not work on MT67xx series, only the older chips (yes, you guessed it, including our old friend MTK Droid Tool).

So you will probably have to hunt around until you find an IMEI fixer that works. Many guides suggested a super-creepy Chinese app called Mobile Uncle that includes a horrific screen begging me to install all the most privacy-destroying popular Chinese social media apps, but Mobile Uncle failed to work on my MT67xx, so save yourself the viruses and use another tool. After I rooted my phone I tried 3 different apps until I found one called "MTK Engineering" that just worked, and I set my IMEI by following the visual guide in method number 1 on this website (I didn't use Mobile Uncle but the UI is the same), adding in the extra hack of adding a space between the "AT" and the "+" , and surrounding the IMEI number in quotes, as explained on this website. Phew.

Good luck and hope this guide saved you from going down several 12-hour ratholes like I did!!!

MANY MANY THANKS: I have linked to many articles on xda and the internet above. Please explore those links for more information. Thanks to Chainfire for sure for SuperSU and for whoever made SP Flash Tool (MediaTek?). And I really got a lot of helpful info from alexzap's articles. This MTK rooting/flashing guide is also pretty cool but doesn't address the newer MT67xx issues.

My device MT6735 I want IMEI restore tool
I tried mobileuncle tool not working for imei backup restore

 

[Aerieana]

Wow, a lot to read there, but this has been the most helpful thing I have found so far related to rooting my phone model. Not sure why this thread hadn't appeared in my earlier Google searches even though this thread has already been around for three months. Anyway...

You said your device has an MT6735 SoC, can I ask which phone model you have? as that's the exact same SoC that mine has (LG K8), and you've managed to root yours.

Apparently trying to root an LG K8 with a one-click root tool has bricked a few people's phones, so I don't even want to give that option a try.

It seems the best method for me to try would be getting a working custom recovery onto my phone, then installing SuperSU, all after making a backup of course. Hopefully I won't need to resort to modifying files myself like you had done, I dunno if I'd be confident enough to either.

Thank you for such a thorough guide and explanation. Time to go look up custom recoveries~

 

[X-weApon-X]

The significance of this cannot be understated. For Android devices with other chipsets, there is of course some way to flash images (various tools referred to as "recovery console," "bootloader/fastboot mode," etc), but the chipset and manufacturers (even on some MediaTek MTK devices) try to ruin your day by:

• locking your bootloader or recovery console so it can only flash images cryptographically signed by the manufacturer using secret keys, meaning you can't use them to modify your phone in the way you want,
• providing you only with flashing methods that work if the certain partitions stay intact---meaning that if you make a certain kind of mistake, you may much more easily "brick" your phone so that you have no way of ever using it for anything but a doorstop.

.

I have an iBaby888 i6S+ Clone, mt6735, very good chip, hampered by bad design in the way the device's main storage is. Of course, I can fix this with a tool called "Reziser" which will open up that 2gb upper limit, BUT, I need to apply the zip from a Custom Recovery. But I can't INSTALL any Custom Recovery, Why? Because the bootloader is not only LOCKED: it is NON-UNLOCKABLE. /fastboot oem unlock = FAILS every time. I don't comprehend this idiocy of design, in a device that comes with a fake IMEI in the first place. Not to mention the device has issues with Google App updates which cause play store to stop working within 5 minutes of unboxing.

What do I do to unlock this? Or, better yet, is there a pre-made, unlocked Recovery ROM I can flash with SPflash, that is 8.4mb or less? One of the reasons why TWRP fails is that it tells me that my Boot.img or Recovery.img are too big and will cause "overlap" - When I know that I they are *not* too large. But I am thinking this failure is occurring because of the LOCKED state of my boot loader and stock recovery. And the Stock recovery is practically worthless.

Is there some kind of secret code or fastboot command I can apply to bust the crud out of this junk? This device COULD run as well as the device it is mimicking, if not for the 2gb main storage limit and locked bootloader that prevents all useful tools from being loaded. I can't even install xPosed, because the main binary has to be installed via Recovery, and it is also why SuperSU Me bricks the device, Kingroot is the only method of rooting it, and there is no working method of replacing Kingroot with SuperSU, all because of the locked issue.

I have a similar my6582 device, I rooted it and installed CWM recovery, no sweat, using MTK Droid tools. But Oh Yes! Guess what! There is NO Version of the tool for 67xx's! and that device actually has a 4gb storage area, in that respect it's a better device, save for the very low-res screen (160dpi, my iBaby version is 320dpi).

So, you got anything I can try, I am only just learning now to work with Androids, I have been an Apple Jailbreaker for 5 years (which is why I love these clones). I had a similar issue with running out of system storage space on Apple devices too, but we use system folder stashing (symlinking to the larger user partition) to prevent our system storage from being stuffed full. I have noticed on my Samsung and other higher end androids, I am always given 8 to 16 gb of system storage. But these MediaTek devices, why in blazes are they only given 2 to 4gb of space. when the chip can handle so much more? I can only move so many apps to my card with Apps2SD, and if you move too many, the system does not run well.

Sorry for the rant, I have been up against brick wall city over and over today, I have tried a dozen tools that all failed to unlock my bootloader, all for the same reason, the default unlock method just doesn't work.

 

[losmilosmi]

Wow, a lot to read there, but this has been the most helpful thing I have found so far related to rooting my phone model. Not sure why this thread hadn't appeared in my earlier Google searches even though this thread has already been around for three months. Anyway...

You said your device has an MT6735 SoC, can I ask which phone model you have? as that's the exact same SoC that mine has (LG K8), and you've managed to root yours.

Apparently trying to root an LG K8 with a one-click root tool has bricked a few people's phones, so I don't even want to give that option a try.

It seems the best method for me to try would be getting a working custom recovery onto my phone, then installing SuperSU, all after making a backup of course. Hopefully I won't need to resort to modifying files myself like you had done, I dunno if I'd be confident enough to either.

Thank you for such a thorough guide and explanation. Time to go look up custom recoveries~

Have you managed to root your LG K8?

 

[Pawemix]

LG K8

I see I'm not the only one wondering about rooting his/her LG K8 Let me know if u figure out sth about it

 

[jago25_98]

Would be good to see some tracking on which phones have had success before we buy the phone.... what do I best search for in choosing a cheap phone?

 

[kracot]

Alcatel Onetouch POP Astro 5042T MT6732

removed

 

[kracot]

some interesting information regarding flashing and rooting some MT67xx phones

removed

 

[Chaos Storm]

I have an iBaby888 i6S+ Clone, mt6735, very good chip, hampered by bad design in the way the device's main storage is. Of course, I can fix this with a tool called "Reziser" which will open up that 2gb upper limit, BUT, I need to apply the zip from a Custom Recovery. But I can't INSTALL any Custom Recovery, Why? Because the bootloader is not only LOCKED: it is NON-UNLOCKABLE. /fastboot oem unlock = FAILS every time. I don't comprehend this idiocy of design, in a device that comes with a fake IMEI in the first place. Not to mention the device has issues with Google App updates which cause play store to stop working within 5 minutes of unboxing.

I have the same device as you. I managed to get it rooted by using Kingroot & Kinguser APK here on XDA. Once that was done, I backed up the chinese bloatware to the sd card and removed them. I now have about 500gb free space on system as I moved most of my must have apps to the system/apps folder.

Google Play for me does not crash because I changed the space available. This I believe is the key, Google Play crashing was always because of low space. Mine has updated and I can still use it.

The only isue I have is that the 6735 is slow. I don't know if it's the cheap sd/emmc or lack of RAM, but the phone can get pretty slow. Now that I have root I can make changes here and there. I plan on opening it up and replacing the SD card with a faster one.

I've tried unlocking the bootloader and it failed for mine too. I may try one of these services that unlocks MTK bootloaders.

Still working on performance on mine but thus far I have removed 90% of the iPhone esque apps and have all Android appsnow, no more Apple looks...only lock screen and settings.

 

[X-weApon-X]

I have the same device as you. I managed to get it rooted by using Kingroot & Kinguser APK here on XDA. Once that was done, I backed up the chinese bloatware to the sd card and removed them. I now have about 500gb free space on system as I moved most of my must have apps to the system/apps folder.

When you removed those, did they leave an ugly icon on the springboard? What did you use to remove them, I used Apps2SD. I really want to know how to access the icons on the "Springboard", I don't know where they are in the Filesystem.

I created a TWRP recovery for mine, it's totally upside down, really difficult to manage, but the first thing I did when I booted, was to go into recovery and close it right away to install SuperSU. From there, it's easy. I can share the recovery.img I made. It's larger than the allotted 6544kb, I'm not sure if it is causing me any problems, it might be because of the larger size.

Google Play for me does not crash because I changed the space available. This I believe is the key, Google Play crashing was always because of low space. Mine has updated and I can still use it.

Did you use "Resize"? - I used that, and it increases UserData from 2gb to 4gb, that's as big as it gets. My Samsung GTAB3 has 12gb of UserData, that's adequate, I can install ALL of my apps to internal. But you can't install Resizer from anywhere than Recovery. Same with the Lollipop version of xPosed.

The only issue I have is that the 6735 is slow. I don't know if it's the cheap sd/emmc or lack of RAM, but the phone can get pretty slow. Now that I have root I can make changes here and there. I plan on opening it up and replacing the SD card with a faster one.

6735 is much faster than an MT6582, but any speed is cancelled out by the inordinate partitioning system. Just not enough ROOM. My GTAB3 seems much faster, but only because I have so much more free space even after installing 100 apps.

Replacing the SDcard Should be easy, I did it to my other clone, installed my Patriot card, which is the best card I've had. Be really careful, take the SIM slot out, unscrew the two bottom screws, then use one of the Apple Suction Cup tools to pull up from the Home/Touch ring. The entire assembly should pop right out. Be very careful! Flip it over, and unscrew all of the little screws. Take the audio assembly out from the bottom, and then you can probably see where the Card goes in if you pull up on the Motherboard, on mine it is right under the Front Camera. There is a little battery taped in there, untape that and you'll see a little Ribbon Cable, carefully take that off. The Card slot is right underneath, you can reach in with Tweezers and pull it out, then reverse the process putting the new card in. Of course, on the iBaby clone, it may be more like the Sophone, once you start pulling up on the Display, you will see if it's a full assembly or if the Display comes off. If that's the case, it's much easier to get to the Card slot, but you have to carefully remove the display.

One thing I noticed, without GAPPs it hauls arse. I was running it after flashing with Format+Download, after reboot, it has a *****in Android black logo on white, with a little "Bite mark" cut out of the side. I love that. here are the codes to add the Apple logo and GAPPs:

1. *#35741#*

2.*#15963#*

Choose the leftmost button on the first row.

Choose the rightmost button on the second row.

Tap on Reboot.

- That process will do a "factory reset" while Installing GAPPs, so don't install any apps before you do that.

I've tried unlocking the bootloader and it failed for mine too. I may try one of these services that unlocks MTK bootloaders.

There is no need to do it, if you install a Recovery, I can give you my image. Once you have TWRP installed, you can do everything.

Still working on performance on mine but thus far I have removed 90% of the iPhone esque apps and have all Android appsnow, no more Apple looks...only lock screen and settings.

I left the Camera, Calculator, "Facetime" = Skype, but I hate Skype so I removed the fook out of THAT. That damned "UC Browser" has to go, and the "Tips", "Watch" and "Stocks" are placeholders that do nothing. "Health" is Runtastic, but the Chinese version has SLife which is a better app. I backed all of the cloneapps with Titanium, but they are system apps, so I don't know if they can be restored, I'm trying to restore SLife now. Didn't go in. I'll try again later. But I, wondering if when you uninstalled the crappapps, if it left icons on your springboard.

Crap! I just tried to install Xposed, and FAILED because my 2GB System area is TOTALLY full, probably because of the GAPPS + the Crappapps. Now I have to get in there and delete the crap out of some serious stuff. The GAPPS apps are HUGE. I don't want them all, just Market/Google. Google Music was installed, I hate that and don't use it.

Oh Yah, if you find you want to block Google App updates, read down in this thread. This was about 2 months of research before I came up with this method, which worked until I flashed my device a month ago:

http://forum.xda-developers.com/group.php?do=discuss&group=&discussionid=4064

I just followed my own instructions, so we'll see how effective this is.



---------- Post added at 01:38 AM ---------- Previous post was at 01:30 AM ----------

 

[Chaos Storm]

When I removed the apps I also removed the Home Launcher and replaced it with Google Home. However, after a few system edits it has started to crash, most likely because some of the system functions are tied to the home launcher, so I've reverted it back to semi stock.

I removed the apps by using Root Explorer and going to:

/system/apps , /system/priv-app, /system/vendor/operator/app, /system/app_ch, /system/app_en and cut & paste to the sd card. There is at least 600MB of space just in useless chinese apps.

If you have a TWRP to share that would be awesome.

Is there a way to backup the stock recovery just in case? To flash the new recovery do you do that via fastboot?

Thanks in advance!

 

[Chaos Storm]

So I spent some time today porting TWRP and got that working.

From what I've read from the TWRP thread, I would need to compile TWRP from sources to fix the rotation bug. I might do that if I have time.

Since CyanogenMod was released for another MTK6735 device, I am doing a quick and dirty port to see how well if at allit plays with the goophone, as CM would be awesome to have.

 

[Chaos Storm]

Since CyanogenMod was released for another MTK6735 device, I am doing a quick and dirty port to see how well if at allit plays with the goophone, as CM would be awesome to have.

Well, quick and dirty it was. Even though I double checked the META-INF and made sure everything was OK, the second attempt at porting resulted in a bootloop and no more recovery.

Anyways, I found the required firmware files on needrom and have gotten the phone back running.What's interesting is that on the previous build the dialer code would not work, but now they do. Anyways, now that I have a rom for this phone, I can hack to my hearts content.

 

[AndroNight]

META Mode MT6753

Hi guys,

I spend a few hours to recover my bricket ulefone paris via SP Flash Tool & going into META mode.

Problem is: device isnt recognized any more after a flash with a wrong preloader (ok, it was an offical rom, but anyway..). But how does the META mode for the MT6753 chipset works?
I´ve tried several combinations (Volume +, Volume + and Power, Volume -, etc.) when connecting it via USB to my PC running SP Flash with the correct image - but the device manager show no new device.
Before the false flash it worked perfect....

So is there another possibility to flash this device via META mode or is the another key combination for META mode?

Thanks!

 

[emre2746]

Thanks!

A huge thank you for being the only one out there to clearly articulate the issue that is specific to the MTK chipset and SP Tools version that needs to be used. I waded through so many forums to find this very useful info. Appreciated.

 

[Gulpiyuri]

Estupenda y muy trabajada explicación de lsemprini :good:

Para los profanos se deduce entonces que hay que confiar de las app´s como kingoroot, etc. que te prometen con 1 click brickear tu phone, tienes muchas posibilidades de conseguirlo.

Me uno al equipo entonces de los que tenemos un MediaTek MT6750 comprado barato, pero eso sí, con 3 Gb de RAM y 32 Gb de ROM + slot card.

Pero soy de los que me gusta to have root in my phone y veo que tendré que esperar.

He visto for developers este sitio con esta información que me ha parecido interesante: http://www.ayudaroot.com/general/conseguir-archivo-scatter-cualquier-dispositivo-mtk/

Please, up any information about news news.

Cheeeeeers!

 

[Gulpiyuri]

Root to alls Meizu

Hi guys!

Good news para los poseedores de terminales Meizu.
No se necesita aplicaciones de terceros ni correr el riesgo de dejar hecho un ladrillo nuestro juguete, ya que la firma Meizu contempla el derecho de superusuario desde nuestro propio terminal. Puede variar según que modelo, en concreto desde el que yo tengo el Meizu M5 se hace de forma tan sencilla como ir a:

Ajustes > huellas y seguridad > permisos de superusuario. Además puedes escoger qué tipo de aplicaciones tendrán derechos de superuser y cuáles no lo tendrán.

En otros modelos se hace desde la cuenta "My flame" que es la ROM que usa Meizu en Android.

click en My Flame > para acceder a más ajustes del registro > en Personal Settings, en la parte inferior verás que hay la opción con otro click de > abrir > system privileges

Y eso es todo amigos! sencillo y sin complicaciones, como debe de ser !

Una vez tenemos root privileges sobre nuestro Meizu, me gustaría si alguien sabe cómo hacer un downgrade de smarshmallow a kitkat, ya que no me gusta nada la 6, para mí, la mejor es la 4.4.4.

Bye!