ROOT + CWM - Readback your ROM with SP-Flash Tools.

mrsim

KingOfNoobs
Staff member
Mar 1, 2014
16,207
2,366
113
47
London UK
hi.. I'm a newbie in regards to this. Is it really okay if i try this this tutorial? is it dangerous? Is there a possibility that it will brick my phone? thanks very much
​no of course not all it does is use your backed up rom to create CWM and root the device is all...just make sure you follow the video correctly as the only part that could fuck it up is adding the wrong number of zero's when asked
 

iaSnalcA

New Member
Feb 28, 2015
25
0
1
28
hmm..thanks very much mrsim.. ahhhh,..so just a part of the rom will be replaced? the recovery? am I right?
 

d3rpate

New Member
Sep 2, 2015
1
0
1
Hey guys, I just got my Siswoo C55 and tried to root it with several oneclick apps (Kingoroot,Kingroot,...) - nothing worked. I found this tutorial and was excited because of the great and detailed instructions.

The Problem MTK Droid Tools doesn't find an IMEI on my device. I will also get an Error Message (shown in the screenshot below) 

I can't create a Scatter File (in the second screenshot) - probably because of the missing IMEI?

Drivers are installed correctly. USB debugging is on.

Can anyone help?

View attachment 1530

View attachment 1531
 

L34XXOR

New Member
Oct 13, 2015
25
23
3
Hey guys, today i want to show you how to root your phone and install CWM. This works to 100% on every phone !

 

 

You need a usb cable and a pc with mtk droid tools and sp-flash tools

 

 

The download can be found in the phone tutorial section.

 

Video tutorial :

 

 

 



 

pls forgive me if i sound a bit strange in the video or forgot something, i´m a bit sick and dont feel good


 

PLEASE DONT USE THIS IF YOU ALREADY HAVE A BACKUP !! IF YOU GOT A BACKUP JUST CREATE CWM FROM YOUR BOOT.IMG !

 

 

Now first of all you need to create a scatter file.

1. Scatter creation

 

Scatter is the text file with adress of the blocks, necessary for the SP FlashTool program.

to create it you need to connect your phone to the pc , run mtk droid tools and click on blocks map and create scatter.

After creation of scatter don't close the main window of the program!

 

 

Otherwise once again it is necessary to turn on phone.

 



[

2. In SP FlashTool choose this scatter and go on the Read Back tab.

 



 

3. Choose path and a ROM file name

Click on Add button. Double click of a mouse on the appeared line. Choose a file name, the name has to begin with ROM_ as offers FlashTool! Remember path and the name of ROM_ file.

 



 

4. Determine the ROMsize

 

Type has to stand in HEX. In the field of Start Address it is necessary to write down 0x000000. In the field of Length we copy from scatter the address of the block following after RECOVERY. If you want to make a full backup , just copy the last adress block. For phones with type of the blocks EXT4 it is the cache block address. The number in the Hex format has to begin with 0x

 



 

5 . Choose Read Page Only on yaffs2 type blocks phones

In FlashTool choose Read Page Only in the field of Read Method. If this field isn't present, the window with this question can emerge, too we choose Page Only. On phones with EXT4 blocks it doesn't get out (as a rule). In the newer versions you won´t find that. There is no need to adjust it.

[



 

6. Read Back ROM_

 

Click on Read Back button and connect the switched-off phone to PC. Here the options depending on a concrete phone are possible. Maybe it is necessary to press at the same time with connect of a cable the camera or volume buttons. 

 

 



 

7. Prepare files for FlashTool and make CWM

 

If everything passed without errorss, we open the MTK Droid Root & Tools window which we left on 1th step. If for some reason the window isn't present, it is necessary to turn on phone and to connect it to the program. Click on To process file ROM_ from FlashTool button and choose the ROM_* file saved on the 6th step. At successful unpacking rom it will be offered to choose CWM from similar phone. Chosen CWM it is checked on compliance to the connected phone and if ok, the CWM is created. Starting with v2.4.0 CWM it is made automatically and the file from similar phone shouldn't be looked for any more!

 

 



 

8. Download new CWM to the phone

 

 

Start FlashTool, choose scatter in the folder created on the 7th step. Remove marks from all blocks! Click on RECOVERY and we choose the file CWM in the same folder which was created on the 7th step. Click Download and connect a cable to PC (phone has to be switched off) and expect the end of process. DANGEROUS! On this step the CWM recovery block has to be marked only! Also it is necessary to use only the Download button and not to use at all the Firmware Upgrade button!. DO NOT FLASH PRELOADER

 



 

9. Make backup, install SuperUser etc

Load phone in CWM mode, connect to MTK Droid Root & Tools, go on the tab root, backup, recovery and, pressing on this tab the necessary buttons, we do:

- backup! ! !

- install superuser (often mean "get root" under it)

- and other if need

 

 



 

 

 

http://forum.xda-developers.com/showthread.php?t=1538053

 

[bE SURE TO FLASH SUPERSU ZIP IN CWM TO GET ROOT IF MTK DROID TOOLS DOESNT WORK !!!!!

 

 

Never needlessly Download preloader and DSP_BL blocks! It is always dangerous!

 

 

And now ENJOY ROOT & CWM !!!
Does this require a device with an unlocked bootloader? And what are the chances of bricking my device if I do it on a device with a locked bootloader?
 
Likes: mrsim

mrsim

KingOfNoobs
Staff member
Mar 1, 2014
16,207
2,366
113
47
London UK
Does this require a device with an unlocked bootloader? And what are the chances of bricking my device if I do it on a device with a locked bootloader?
IF your bootloader is unlocked then yes always unlock a bootloader before trying to modify a device...what device do you have and are you sure it has a locked bootloader...not many chinese devices have locked bootloaders
 

sbp

New Member
Feb 3, 2016
3
1
3
 


I wonder if you have any idea why after a successful read back by SP Flash Tool resulting in a ROM_0 file, i obtained a processed folder by MTK Droid Tools 2.5.3 containing all the required files and images, except the preloader.bin. This one is missing from my folder, although in SP Flash Tool read back phase i selected the start address of PRELOADER (0x0) and in the length field i entered the start address of CACHE (0x52800000), extracted from the scatter file?


 


If you watch closely the video tutorial posted by Itxtutor at the start of this thread, you will observe that when he opens MTK Droid Tools 2.5.3 and enters the command to process the file from Flash Tool, the resulting folder is missing the preloader.bin also. This fact is visible even in the status windows of MTK Droid Tools. The application list all the other images and files extracted but the preloader.bin, which of course is missing or not processed.


 


For what i know so far, the preloader.bin file is required by SP Flash Tool to enable the phone / tablet download mode. Is it right or is it not?
The reason is perhaps that the preloader is in a different <b>region</b> of flash memory than the other parts of "ROM": the preloader sits in EMMC_BOOT1 region -- it gets loaded as the hardware boots, 'long' before all the user-facing partitions that MTKDroid Tools manipulates boot. BTW, it's not a coincidence that the preloader is an obscure .bin file, while all the other partitions are easier to pack and unpack. In fact, unlike all the other partitions, it's a strange-but-true fact that if you "read-back" your preloader to a .bin file with SP Flash Tool, and then "download" the file you just created <b>back</b> to the phone, you will almost certainly brick your device. (The file that's read-back has an extra 2K padded at the beginning compared to the file you need to download). Since this code is so low-level and finishes the initialization of the hardware, it's **exceedingly** device specific, and you can almost NEVER get away with flashing ANYTHING but the exact correct file.  The author of MTK Droid Tools undoubtedly know this only too well, so he doesn't put that file anywhere where you might just flash it out of habit and brick your phone.


And you're correct that lots of guides say you need to have the preloader.bin file present in order to download, I think that might be an old-wive's tale. **all** the guides I've seen say that you don't have to flash it, but it must be there. But I believe I've download many times without it.
 
Likes: mrsim

mrsim

KingOfNoobs
Staff member
Mar 1, 2014
16,207
2,366
113
47
London UK
The reason is perhaps that the preloader is in a different <b>region</b> of flash memory than the other parts of "ROM": the preloader sits in EMMC_BOOT1 region -- it gets loaded as the hardware boots, 'long' before all the user-facing partitions that MTKDroid Tools manipulates boot. BTW, it's not a coincidence that the preloader is an obscure .bin file, while all the other partitions are easier to pack and unpack. In fact, unlike all the other partitions, it's a strange-but-true fact that if you "read-back" your preloader to a .bin file with SP Flash Tool, and then "download" the file you just created <b>back</b> to the phone, you will almost certainly brick your device. (The file that's read-back has an extra 2K padded at the beginning compared to the file you need to download). Since this code is so low-level and finishes the initialization of the hardware, it's **exceedingly** device specific, and you can almost NEVER get away with flashing ANYTHING but the exact correct file.  The author of MTK Droid Tools undoubtedly know this only too well, so he doesn't put that file anywhere where you might just flash it out of habit and brick your phone.


And you're correct that lots of guides say you need to have the preloader.bin file present in order to download, I think that might be an old-wive's tale. **all** the guides I've seen say that you don't have to flash it, but it must be there. But I believe I've download many times without it.
sense... :good2:
 

jinxt

New Member
Apr 14, 2016
9
3
3
Hi everyone


Thanks itx for an awesome tutorial


Everything is straighforward and goes well for me. However when I try to root the phone (MT6572) supersu zip installs without problem but the phone is not rooted.


 


I am presented with "android upgrading" on every reboot.


MTK tools has a yellow box but cant root using it.


I'm assuming that my problems being unable to root, are because the bootloader on my phone is locked. Can I flash the patched boot.img from the tutorial in order to get an unlocked bootloader? would this help me then obtain root?


 


I dont want to mess things up so I thought I would ask here first.


Thanks


j


PS> the other thought I had was that problems are maybe due to my /system partition still being locked to read-only mode which has nothing to do with the bootloader i guess
 
Last edited by a moderator:
Likes: mrsim

mrsim

KingOfNoobs
Staff member
Mar 1, 2014
16,207
2,366
113
47
London UK
Hi everyone


Thanks itx for an awesome tutorial


Everything is straighforward and goes well for me. However when I try to root the phone (MT6572) supersu zip installs without problem but the phone is not rooted.


 


I am presented with "android upgrading" on every reboot.


MTK tools has a yellow box but cant root using it.


I'm assuming that my problems being unable to root, are because the bootloader on my phone is locked. Can I flash the patched boot.img from the tutorial in order to get an unlocked bootloader? would this help me then obtain root?


 


I dont want to mess things up so I thought I would ask here first.


Thanks


j


PS> the other thought I had was that problems are maybe due to my /system partition still being locked to read-only mode which has nothing to do with the bootloader i guess
did you manage to create a custom CWM recovery...did you flash this recovery...?


how do you know that your bootloader is locked...most if not all mtk devices have an unlocked bootloader,also after flashing the superSU.zip try downloading the app from the playstore this can sometimes be needed,another thing to try is to get an older or newer version of superSU,(which version are you flashing),do you have access to 'fastboot' if yes you can run a fastboot command to check if your bootloader is locked or not


and lastly we have a user here who has posted a method to also get root check it out if you get stuck




 
 

jinxt

New Member
Apr 14, 2016
9
3
3
thanks for the reply King


 


I used the itx tutorial to get cwm recovery flashed to the phone via spflash (scatter/mtkdroid/split ROM_0 ..etc)


cwm recovery works perfectly. however every version of supersu###.zip I've tried doesnt yield root (even though there are no install errors, supersu seems to install correctly every time.


The device is on 4.2.2, its an alps MT6572 (s4 clone) but from my research is a very obscure model, not seen before anywhere.


Every available root method has failed except for iroot which says its succeeded but after the phone reboots, root is not present.


Via fastboot I get the following:


1. (attached image) get "..." and flashing underscore, thats it


2. (atached image) phone reboots into bootloader but no other info on phone screen, only says its in fastboot mode


3. dialling  *#*#7378423#*#*  in dialler yields nothing


So I assume the bootloader is locked because of this behaviour and the fact I cant achieve root. Unless there are some other commands I dont know about the I can try to ascertain bootloader status?.


I have followed http://forum.xda-developers.com/showthread.php?t=2684210 and currently have su/busybox in /system/bin and Superuser.apk in /system/app ,all chmodded, and all checked as present but on reboot i dont have root. Hence I'm a little stuck. 


I will try the last method you have posted right now


Thanks for your help


j


 


 

View attachment 4724

View attachment 4725
 
Likes: mrsim

jinxt

New Member
Apr 14, 2016
9
3
3
fastboot oem unlockt         gives the same result as attachment 1, "..." then flashing underscore only


 


I have gone through  ...





and this guide is excellent, I've flashed the outputted boot.img to my device once all build prop edits were done and rebooted into recovery, installed supersu and busybox, rebooted again but still no root access


I cant install supersu from playstore, I get an error-22


It seems any app the wants to install something to the RO mounts fails and I cant remount as RW without root. 


The phone seems to be behaving exactly as before even though I flashed the recompressed boot.img using spflash. Now I think i'll try to download the boot.img actually on the phone currently,  decompress it and check if the build.prop changes are still present


If you have any other suggestions please let me know and once again I appreciate your help


j 


PS> I have now gone through the process of extracting the boot.img currently on the device. I have checked the default.prop from the unpacked file and it seems to still have all the changes I made:


-------------------------------------------------------------


#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=0
ro.allow.mock.location=1
persist.mtk.aee.aed=on
ro.debuggable=1
[HASHTAG]#persist[/HASHTAG].sys.usb.config=mass_storage
persist.sys.usb.config=mtp,adb
persist.service.acm.enable=0
persist.service.adb.enable=1
ro.mount.fs=EXT4


-------------------------------------------------------------


Now I dont know whar else I can do since I still dont have root access after following the instructions to unlock bootlader and flash pre-rooted boot.img. What do you think King?
 
Last edited by a moderator:
Likes: mrsim

mrsim

KingOfNoobs
Staff member
Mar 1, 2014
16,207
2,366
113
47
London UK
fastboot oem unlockt         gives the same result as attachment 1, "..." then flashing underscore only


 


I have gone through  ...





and this guide is excellent, I've flashed the outputted boot.img to my device once all build prop edits were done and rebooted into recovery, installed supersu and busybox, rebooted again but still no root access


I cant install supersu from playstore, I get an error-22


It seems any app the wants to install something to the RO mounts fails and I cant remount as RW without root. 


The phone seems to be behaving exactly as before even though I flashed the recompressed boot.img using spflash. Now I think i'll try to download the boot.img actually on the phone currently,  decompress it and check if the build.prop changes are still present


If you have any other suggestions please let me know and once again I appreciate your help


j 


PS> I have now gone through the process of extracting the boot.img currently on the device. I have checked the default.prop from the unpacked file and it seems to still have all the changes I made:


-------------------------------------------------------------


#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=0
ro.allow.mock.location=1
persist.mtk.aee.aed=on
ro.debuggable=1
[HASHTAG]#persist[/HASHTAG].sys.usb.config=mass_storage
persist.sys.usb.config=mtp,adb
persist.service.acm.enable=0
persist.service.adb.enable=1
ro.mount.fs=EXT4


-------------------------------------------------------------


Now I dont know whar else I can do since I still dont have root access after following the instructions to unlock bootlader and flash pre-rooted boot.img. What do you think King?
PM or email @bovirus am sure he will be able to give you some help in this matter


also when you attempt to connect via fastboot do you first try


'fastboot devices'


does your device serial show up...?