First of all, big thanks to @ngoralph sent me a link at May. It's a post looks like a working guide rooting A1601 with flash tool, however it's written in Vietnamese,none of us understand Vietnamese. I finally have some time to take a deeper look at that guide and figure it out how it works.
2017.11.04 Update
Added a stock recovery image generated with install-recovery.sh and boot.img(Generated from A1601EX_11_OTA_002_all_201704120142_wipe.zip) for those who don't have stock recovery image
Download Stock recovery of 20170412 : https://drive.google.com/open?id=0B1X00ZJdxkKyR3g5V3BuTlNYdlU
In short, It seems like the process was done by a tool from phone repair services. The tool itself did try to connect to an oppo server when it's opened. Anyway, lets start
Benefits in comparison with other known old root method:
1.No modification to system.img, no red status bar "root detected", no need to replace SystemUI.
2.Pass SafetyNet.
SOMETHING YOU HAVE TO KNOW BEFORE DOING
*NOTE:This method uses meta mode*
1.You need a clean install 6.0 stock rom(factory reset)(6.0 Stock firmware installed by stock recovery not twrp, all the twrp for F1s are buggy).
*why buggy? take a look at /cache/recovery/xxx.log, you'll find out the ported recovery was compiled with different PixelFormat and also many different specifications, that's why the twrp recovery often give you a black screen.
2.Some twrp automatically did some modifications with your system.img to prevent stock recovery being recovered at boot, that might be the reason everyone see the read status bar "root detected"(modification detected). (Edit: Now there're more version of ported TWRP available, so this issue depends on the version of your twrp)
3.The flash tool will only work when you have mtk driver installed properly on your PC.
4.The new added dm-varity in oppo 6.0 rom will cause /data become unreadable with recovery, thus a format of /data is required (systemless root needs /data readable with recovery because they put su.img in /data).
5.Until now, I think this CTR recovery is the most stable recovery for oppo F1s
Preparations : Installation & Downloads before rooting process
1.Install mtk driver:
If you haven't have mtk drivers installed, you can follow this tutorial to install it on your PC
https://tehnotone.com/windows-10-mtk-vcom-usb-drivers-for-32-64-bit-drivers-installation-tutorial/(this driver also works on win7)
To install the driver under Windows 10, the only method is entering trouble shoot menu to temporary disable Driver Signature Enforcement and install it.(after next reboot, the driver will not work again. You will need to do the same trouble shoot menu procedure again if you want to use it again)
If you want the driver works permantly , enabling test mode will does the trick. To enable test mode, open cmd.exe with administrator privilege,type following command
Other problems cause the flash tool not working!! If you're sure you installed mtk driver correctly.....
If you have Core Quarantine enabled in Windows Defender,the flash tool will not be able to download firmware to your phone.(Tried to fix driver problem but all no luck until i found this.......I spent almost a day to figure out this)
To disable Core Quarantine, go to ( Windows Defender Security Center> Device Security> Core Quarantine)
2.Download DownloadTool_1612.8.exe here
3.Download a Flashtool flashable stock rom here(Any build number version is okay, but need to match your phone's hardware specifications. 3GB ram = mt6750, 4GB ram= mt6755. Even you just want to flash a single partition, the FlashTool still need you to load a full firmware,so you have to download it.)
4.Download newest 6.0 stock firmware zip( You can use your own or here is a 20170412 6.0 build)
5.Download newest Magisk flashable zip here
6.Download a little modified CTR here with "ro.product.device=A1601" which can open all the stock firmware package. (modified from this CTR recovery (original CTR credits @BouyaPK) )
LASTEST EDIT : The modified CTR recovery seems has no problem to handle official OTA package correctly after being tested(unlike some old twrp builds have issues), if you found any problem with this CTR recovery for installing any official OTA Package, please report...
Good! Now you are ready to root your device !
Here's the steps:
old steps was abandoned due to lastest edit: no need to revert to stock recovery
1. Copy magisk, 6.0 stock firmware zip to your external sd card( internal storage may had been encrypted sometimes)
2.Flash CTR Recovery to your phone with DownloadTool...Video Demonstration for this step:
https://youtu.be/DPRzWiAaaCY
Open DownloadTool_1612.8.exe, choose "Developement Mode", enter password "oppodeve", then uncheck all partitions, leave only recovery checked, then select CTR recovery image as target. ==>Press start ==>Hold phone's volume up(when your phone is off) and connect it to PC with usb cable ==> the PC detected it ==> release volume up button.
3.After flashing CTR recovery, boot into recovery , hold Volume down key+ power key boot into CTR recovery
4.Do a full wipe with CTR recovery(factory reset in wipe menu)
5.[optional step] If you have android 6.0 on your phone installed before, your /data partition was encrypted when you boot 6.0 rom , you need to wipe /data(you will loose your internal SD data). To wipe /data , in CTR Recovery Click "Mounts/Storage" ==> Click "Format /data" . If you have 5.1 firmware on your phone before you do these steps, just skip this step.
6.Install stock firmware zip ( in CTR recovery main menu ==> Click "Install zip" ==> select the firmware zip and install) (IMPORTANT: you must not reboot phone before you've done step 7(install magisk)!!!!! If you reboot system before installing magisk, your /data will end up being encrypted, You will have to do step 5 wipe data then you can install magisk)
7.Install magisk zip ( in CTR recovery main menu ==> Click "Install zip" ==> select magisk and install)
8.reboot ==> select no when ask fix stock recovery
9. you have root with SafetyNet passed.
ScreenShots:
Proof Of SafetyNet On A1601 Marshmallow Rooted Rom
2017.11.04 Update
Added a stock recovery image generated with install-recovery.sh and boot.img(Generated from A1601EX_11_OTA_002_all_201704120142_wipe.zip) for those who don't have stock recovery image
Download Stock recovery of 20170412 : https://drive.google.com/open?id=0B1X00ZJdxkKyR3g5V3BuTlNYdlU
In short, It seems like the process was done by a tool from phone repair services. The tool itself did try to connect to an oppo server when it's opened. Anyway, lets start
Benefits in comparison with other known old root method:
1.No modification to system.img, no red status bar "root detected", no need to replace SystemUI.
2.Pass SafetyNet.
SOMETHING YOU HAVE TO KNOW BEFORE DOING
*NOTE:This method uses meta mode*
1.You need a clean install 6.0 stock rom(factory reset)(6.0 Stock firmware installed by stock recovery not twrp, all the twrp for F1s are buggy).
*why buggy? take a look at /cache/recovery/xxx.log, you'll find out the ported recovery was compiled with different PixelFormat and also many different specifications, that's why the twrp recovery often give you a black screen.
2.Some twrp automatically did some modifications with your system.img to prevent stock recovery being recovered at boot, that might be the reason everyone see the read status bar "root detected"(modification detected). (Edit: Now there're more version of ported TWRP available, so this issue depends on the version of your twrp)
3.The flash tool will only work when you have mtk driver installed properly on your PC.
4.The new added dm-varity in oppo 6.0 rom will cause /data become unreadable with recovery, thus a format of /data is required (systemless root needs /data readable with recovery because they put su.img in /data).
5.Until now, I think this CTR recovery is the most stable recovery for oppo F1s
Preparations : Installation & Downloads before rooting process
1.Install mtk driver:
If you haven't have mtk drivers installed, you can follow this tutorial to install it on your PC
https://tehnotone.com/windows-10-mtk-vcom-usb-drivers-for-32-64-bit-drivers-installation-tutorial/(this driver also works on win7)
To install the driver under Windows 10, the only method is entering trouble shoot menu to temporary disable Driver Signature Enforcement and install it.(after next reboot, the driver will not work again. You will need to do the same trouble shoot menu procedure again if you want to use it again)
If you want the driver works permantly , enabling test mode will does the trick. To enable test mode, open cmd.exe with administrator privilege,type following command
Code:
bcdedit /set testsigning on
Other problems cause the flash tool not working!! If you're sure you installed mtk driver correctly.....
If you have Core Quarantine enabled in Windows Defender,the flash tool will not be able to download firmware to your phone.(Tried to fix driver problem but all no luck until i found this.......I spent almost a day to figure out this)
To disable Core Quarantine, go to ( Windows Defender Security Center> Device Security> Core Quarantine)
2.Download DownloadTool_1612.8.exe here
3.Download a Flashtool flashable stock rom here(Any build number version is okay, but need to match your phone's hardware specifications. 3GB ram = mt6750, 4GB ram= mt6755. Even you just want to flash a single partition, the FlashTool still need you to load a full firmware,so you have to download it.)
4.Download newest 6.0 stock firmware zip( You can use your own or here is a 20170412 6.0 build)
5.Download newest Magisk flashable zip here
6.Download a little modified CTR here with "ro.product.device=A1601" which can open all the stock firmware package. (modified from this CTR recovery (original CTR credits @BouyaPK) )
LASTEST EDIT : The modified CTR recovery seems has no problem to handle official OTA package correctly after being tested(unlike some old twrp builds have issues), if you found any problem with this CTR recovery for installing any official OTA Package, please report...
Good! Now you are ready to root your device !
Here's the steps:
old steps was abandoned due to lastest edit: no need to revert to stock recovery
1. Copy magisk, 6.0 stock firmware zip to your external sd card( internal storage may had been encrypted sometimes)
2.Flash CTR Recovery to your phone with DownloadTool...Video Demonstration for this step:
https://youtu.be/DPRzWiAaaCY
Open DownloadTool_1612.8.exe, choose "Developement Mode", enter password "oppodeve", then uncheck all partitions, leave only recovery checked, then select CTR recovery image as target. ==>Press start ==>Hold phone's volume up(when your phone is off) and connect it to PC with usb cable ==> the PC detected it ==> release volume up button.
3.After flashing CTR recovery, boot into recovery , hold Volume down key+ power key boot into CTR recovery
4.Do a full wipe with CTR recovery(factory reset in wipe menu)
5.[optional step] If you have android 6.0 on your phone installed before, your /data partition was encrypted when you boot 6.0 rom , you need to wipe /data(you will loose your internal SD data). To wipe /data , in CTR Recovery Click "Mounts/Storage" ==> Click "Format /data" . If you have 5.1 firmware on your phone before you do these steps, just skip this step.
6.Install stock firmware zip ( in CTR recovery main menu ==> Click "Install zip" ==> select the firmware zip and install) (IMPORTANT: you must not reboot phone before you've done step 7(install magisk)!!!!! If you reboot system before installing magisk, your /data will end up being encrypted, You will have to do step 5 wipe data then you can install magisk)
7.Install magisk zip ( in CTR recovery main menu ==> Click "Install zip" ==> select magisk and install)
8.reboot ==> select no when ask fix stock recovery
9. you have root with SafetyNet passed.
ScreenShots:
Proof Of SafetyNet On A1601 Marshmallow Rooted Rom
Last edited: