Rooting Every Spreadtrum SC6820/SC8810 phones ! (1.5)
Hello,
In this thread I will teach you every method I had to use to root any Spreadtrum devices, Starting with the riskless ones to the reckless ones.
I have to warn you that the last root method (using ResearchDownload to load a modified system.img) may be dangerous ! (because of possible partition table changes)
The others methods are pretty safe, don't be afraid by them if you do exactly what I wrote.
Theses processors are also named SP6820 and SP8810, it's exactly the same processor, it's just some misnaming from Chinese sellers.
Theses methods do work on the newest Spreadtrum CPUs, like the SC7710 (the 3G WCDMA model), and the more powerful SC8825/SC6825 (dual core).
Why buying a Spreadtrum based phone ?
They are really cheap, and they work amazingly well ! They can play some games and emulators very well, that's unexpected for such low end devices (50$ or less)
They usually only have 256MB of RAM but despite that, they still runs well ! (I tested a lot of games and some 3D games are working flawlessly, pretty amazing) - I discovered that they are using zram (or other swap methods) to provide more RAM by compressing it when needed. That's pretty neat and really helps with such a small amount of RAM !
They are very good as a portable multimedia device, to read mails, browsing the web, play some games, mp3, videos.
As a 2G phone they are competent, but the 2G modem is not as good as the one in MTK processors. (It takes longer to load something in the same conditions)
Boot very fast, and have decent battery life. (3-4 hours of video out of a 1200 mAh battery - 5-6 hours out of a 1800 mAh)
Why you should not ?
Not true anymore, but they were extremely difficult to root in some cases.
They don't seem to be well tested ... You can have a microphone so quiet nobody will be able to ear you. But it's easy to fix as you can see here: http://ift.tt/1r0doRS
They don't have any form of usable 3G support. (except the SC7710 who have WCDMA 850/2100 compatibility)
They usually have only 256MB of RAM again. So that can be a problem when you are, for example, using Opera Mobile Classic with more than 3 tabs. And make the transition between apps longer.
SC6820 and SC8810 model are all using Android 2.x, even if some are marketed as Android 4.0 phone (very big and blatant lie !)
They usually use android 2.3, but some are only Android 2.2 phones ! (The fake Android 4.0.3 for instance is usually only android 2.2)
SC6825 and SC8825 seems to only have a (real this time) Android 4.0.3 firmware. 4.1 are better is often advertised, but it's again ... lies ... Android 4.0 is not really suitable for phones with only 256 MB of RAM, so SC6825/8825 phones are pretty rough on the edges. Using more than one tab on the default web browser is asking for troubles for example.
They all use the MocorDroid Firmware. It's some kind of fork of Android that use NON-Standards and sometime buggy Launchers and they often use alternative keyboards like Go Keyboard which is kind of a bad choice considering the RAM and ROM constraints on theses devices ...
The only difference between the SC6820 and the SC8810 is the support for the Chinese form of 3G.
If you don't live in china, that means this two processors are essentially the same. (Don't trust sellers, the 8810 is NOT WCDMA "3G" compatible)
Some phones with the fake Android 4.0.3 based on 2.3.5 will brick themselves nearly 2 months after you first used it. It's a really weird behavior of this early Spreadtrum firmware. So if you have this firmware, just do whatever it takes to root it, make a backup and install CWM as soon as possible to be able to recover from this possible breakage. It's only a problem with a fraction of Spreadtrum phones, but you will be very happy if you have installed CWM before encountering it ^^ (applicable only if you bought one in 2012)
A lot of fakery in the Spreadtrum scene. For example fake MTK6515/MTK6572 phones that are in fact just SC6820/SC6825 phones with a firmware modified to lie its processor ID to populars android benchmarking tools like Antutu Benchmark.
If you are searching for a 512MB RAM phone, you'd better go for an MTK(6575/6572 or better) Phone. As you will never find a real 512MB Spreadtrum phone in the jungle of lies you are looking at ...
On all model with 2.3.5 based firmware (SC6820 and SC8810 essentially), you can have a lot of problems with the SIM card detection on some sim cards. For example I can't call somebody with mine, but I can answer a call or send/receive SMS ... Very weird bug ...
This bug seems to be related on the type a sim card you have. With some their is no problem at all.
I can confirm that it's working flawlessly on SC6825 and 8825 based phones with the real 4.0.3 based firmware.
Why rooting it ?
Because a lot of them come with a lot of sh*tty softwares, including the bad launcher and keyboard.
Because they can come with a "Virus" that can send SMS messages to china (so you have to pay for unwanted international SMS cost)
I myself have this Virus on one of my phones, as of now, I haven't noticed anything unusual. Just the useless, unkillable com.android.caivs.app process eating 15 MB of RAM doing nothing. (It is a significant waste of ram on such devices)
(As of now I only seen this malware on Feiteng devices - You can share your experience with this thing down bellow)
More about CAIVS here: http://ift.tt/1yf3rq1
That virus was on most of the earliest Spreadtrum phones but don't seem to be a worry nowadays. But I haven't tried any new Feiteng devices. They were so poor in quality that I will never buy feiteng again so find it by yourselves if you feel adventurous xD
How-to do that ?!
If you are lucky you will be able to root your phone by traditional means.
If you are not, you can root them by manually adding the root utilities to the ROM.
I will describe every methods that you should try in order of difficulty and risks.
Before doing any of that, go to the android setting -> applications -> Development -> Check USB Debugging.
Universal Root utilities
Theses methods are safe, and the second one is, as of now, working on every Spreadtrum phones flawlessly !
1.1 - Z4Root
Just try z4root !
[APP] z4root | Android | XDA Forums
z4root is a little tool to root Android 2.2 and sometime work on 2.3
It's known to work on devices with the fake Android 4.0.3 based on 2.2 and MocorDroid 2.2.2
It may work on more of them, just try, there is no risks at all.
Make sure you have at least 50 MB of available space on the /data partition before trying this. (not the SDCard, the Applications Space)
Try a temporary root to see if it works, then you can do the permanent root.
You will maybe have to try it 2 or 3 times before it works.
Even if it doesn't work, reboot the phone after this. Because it can eat your battery while running in the backgroung if it fails.
1.2 - vRoot
vRoot is a chinese tool to root many devices !
It's proved to work very well with Spreadtrum (and MTK) devices. I used it successfully on a lot of Spreadtrum devices, even the most recent ones (SC8825).
You only need a Windows Computer (I personally use it on Windows 7 32bits).
Then download it from here: Get vroot_English version_Oneclick root tool.
Install it and then open it.
As of now you only need to plug your USB cable to your computer, and then click on the Root button. (you don't need to do anything else, don't touch your phone)
Once it's done and the phone rebooted you will be rooted !
The root app is some kind of custom chinese one, but it's working properly.
Don't try to replace it with SuperSU as SuperSU don't seem to work properly on Spreadtrum devices.
If you want to understand what the root app is saying, try to set the language on your device to English.
2 - Custom Firmware Flash
Please never use any custom firmware available in .pac file format ! Or at least, don't use them before doing a full backup of your current firmware !
Feiteng A7100 (only if you have the mt6515_c910_ht_en_4.0_v01 rom/firmware on it !!! If not, don't touch it, you will end up with a brick ! Or screen reversed, or other strange bugs): http://ift.tt/1r0dn0n
If you have a Feiteng A7100 I really recommend NOT TO USE this rom ! Why ? Because it only works on a fraction of A7100, newer releases of the same phone don't use the same firmware. With this tutorial here, you can root your A7100 easily and way safer. Please go to "4-" on this tutorial to know how to root your A7100.
If you append to find some others Custom roms for spreadtrum devices, or are making one, please send me a PM, I will link them here.
3 - Fastboot to the rescue !
If every fast, simple and secure methods are not working, then this will be difficult my friend !
3.1 - Find Fasboot
First, let check if we have fastboot in your phone !
Fastboot is a little tool inside the bootloader. It's here to help you flash the firmware.
Not every Spreatrum phones have it, so let's check if you are lucky !
You can access it by powering on the phone up while holding a key.
First power off your phone.
Then hold some button like volume+
while pressing this button, press and hold down the power button.
Keep holding the two buttons until the screen light up.
You should now have something on your screen. Maybe a system diagnostic tool (a menu with a set of system tests, that's totally useless) or maybe the recovery mode (a screen with a warning sign, and now your phone is stuck here until you pull out the battery) or, and that means victory, a screen that says "Fastboot".
If you are not on fastboot, but are on the Recovery or the System Test, turn the phone off again and try another button press at boot time exactly like I said before.
This time, try the Home button if you have one, or the Volume-.
You should also try buttons combinations. Like volume up and down at the same time. Home + vol Up, etc and maybe the 3 at the same time ...
(if you just boot as if nothing was pressed, you maybe have to unplug the battery, wait for a while and put it back before powering the phone on. Theses things are also not working when the usb/charging cable is plugged in - if some keys combinations are not doing anything, it's perfectly fine, it means they don't trigger any hidden boot mode)
If nothing bring fastboot up, you have to use the Spreadtrum Debug tool "ResearchDownload" ...
So Skip to "4-" ! ^^
3.2 - Install the drivers
If you append to find Fastboot, we will have to install the PC part of it !
Like every android phone, you have to install adb and his drivers to access the Android Debug Bridge.
You can find them and learn how they work here: http://ift.tt/1r0doBq
On Ubuntu or Debian Linux you just have to install them that way:
Code:
Quote:
sudo apt-get install android-tools-adb android-tools-fastboot
You also have to install the phone drivers if you are using Windows:
ADB Drivers: Spreadtrum Drivers
Debug Drivers: SCI-android-usb-driver-jungo-v4
Mirror: DEBUG_TOOL
Then you will have to tell adb what phone to use. By that I mean adding the PCI ID to a text file to tell adb that this peripheral is compatible.
The Spreadtrum PCI ID is 0x1782
add this line to "Your user directory/.android/adb_usb.ini"
Code:
Quote:
0x1782
3.3 - Using fastboot to load CWM (Clockwork Mod)
CWM work on some of theses Spreadtrum devices, most of the time, the screen is reversed, but it works !
On some phone, you will be presented with a blank screen, but CWM will work ... That will just be very difficult to navigate ... (don't bother and use another method if you append to be in this boat)
Here are the recovery images available for Spreadtrum device to my knowledge:
* cwm-recovery-SC6820.img - extracted from a random SC6820 that I don't remember
* cwm-recovery-SC8810.img - i9270+
* CWM-recovery-SC8810-nonpadded.img - 5830, S5830, Q5830, Q206 and GT-N9300 (maybe more)
* cwm-recovery-S9300-S3.img - S9300 (SC6820A S3 Clone)
* cwm-recovery-Feiteng_GT-A7100.img - Feiteng GT-A7100 and probably more Feiteng devices.
* cwm-recovery-S6500-TV.img - 6500-TV or S560
* cwm-recovery-N9300.img - N9300 (I9300 Clone)
* cwm-recovery-S930-N8820-i9300.img - S930 or N8820
If your device is not listed or the one for your device doesn't work, try them all, even if your phone is SC6820 and the recovery was made for SC8810, if none are working, we will have to flash the entire system partition, which is a lot more difficult and dangerous ...
Flashing CWM to the phone:
Linux Only: Initialize ADB:
Code:
Quote:
sudo adb kill-server sudo adb start-server
Boot your phone in fastboot mode.
Be sure your device shows up:
Code:
Quote:
fastboot devices
if your device show up, it's time to flash
Code:
Quote:
fastboot flash recovery recovery.img
It's flashed ! Let's reboot now.
Code:
Quote:
fastboot reboot
Start on CWM, if it works, you can start to root the phone !
Download this patch: SuperuserAndFullBackup
Put it on the root of your SD Card.
Now you will have to boot on CWM, he is on the same key combination than the old useless recovery was. (Most of the time Volume- and Power)
You can also try this command with adb:
Code:
Quote:
adb reboot recovery
Now it's the perfect time to do a full backup of your firmware with CWM, so please do so, that can come in handy. (please go to the end of this tutorial after rooting your phone to know how to make a FULL backup. CWM will only make a partial one.)
choose apply update.zip
Choose the file you have put on your sd card before
Apply it then reboot.
This update.zip have pushed everything needed to root your phone in the right place, you should be rooted now !
If you have an error like:"Can't mount /sdcard" you may have to try with another SD Card and be sure your SD Card if formated as Fat32.
3.4 - Using Fastboot to load a modified system partition image
Please follow the instructions down bellow on how to "5 - Create a rooted system partition image"
When you have done your Rooted system partition image, flash it like that:
Code:
Quote:
sudo fastboot devices
#if your device show up, it's time to flash
Code:
Quote:
sudo fastboot flash system system.img
#It's flashed ... Now let's reboot with all the apprehension of the world
Code:
Quote:
sudo fastboot reboot
If it boots (should boot), you will be up and rooting !
4 - Spreadtrum ResearchDownload tool to the rescue !
First, if you have fastboot, use fastboot ! It's simple, more reliable, faster. It's bottomline better !
If you don't have fastboot or can't figure out how to bring him up on your phone despite trying for about an hour. This tool will most likely work.
First, you should use Windows XP 32bits. Even real XP or in virtualbox.
It might work on windows 7 32 bits and 64 bits but you will have to tweak the system to allow installation of non signed devices drivers ...
ResearchDownload work as this:
First you start the Channelserver - This thing is here to make a bridge between the tools and the driver.
Then you start ResearchDownload.
Now you can make a full firmware flash (you should not !! It's a terrible idea !) or flash a single partition. But to do that, unfortunately, you should have a compatible set of fdl files.
Finding them on google is impossible, you have to extract them from your full firmware .pac file.
If you can't find your firmware on the Internet, you will have to try every single one you can find from others firmwares. I gathered all the fdl files I could find in a single package, so it won't be that difficult.
It's highly probable that you will find one that will work with your phone. This thing have to boot the phone and flash the Nand Flash chip. I'm pretty sure there is not a lot of different ways to do this on a single processor.
I really don't know the risks of using a wrong fdl set. But we haven't seen any risks at all yet. Some will work on your phone, others will just do nothing. You will just have to try every single one until one work.
I named the folders with the names of the phones I know working with theses. So it will be easier to find the good one. (A7100, 6500-TV, 5830, Q206 and S930 users will feel very lucky ^^)
4.1 - Learn how ResearchDownload Work
First you have to install the drivers, you can find them here:
ADB Drivers: Spreadtrum Drivers
Debug Drivers: SCI-android-usb-driver-jungo-v4
Then you have to plug your phone to your computer with your micro usb cable. Your phone have to be powered on.
Be sure every pieces of hardware are detected and installed correctly.
As you can see, this phone is not just detected as an ADB device, or as a mass storage device.
It actually have an internal serial port to usb adapter !
In other words that means this processor provide a way to flash his nand very easily even if it is fully bricked. It's a rare and pretty good feature you don't see that often. In fact, most of the time you have to solder a real serial port yourself on the phone motherboard, then have to use a Serial to USB adapter to have this level of access to the hardware.
So yes, back to tutorial.
Now you will have to unplug your phone and turn it off.
You have to download the debug tools, you can download them here: DEBUG_TOOL
First you have to start the channel server, you will have to disable your firewall for this app, it's because this tool use a network protocol to communicate with the other tools.
Then open ResearchDownload.
ResearchDownload is a weird flashing utility, it can open a .pac firmware file and can make a .pac out of .img files. You also can flash .img files and that's what we will do. But unfortunately it can't make a full backup ... So be careful !
The cog logo is here to let you open a .pac file. We don't need that as we probably don't have it.
The "two cogs logo" let you configure the flash utility.
Click on this to bring a new window.
On the download settings window, click on select product then choose your type of phone. (SC8810 or SC6820, it doesn't really matters if you take the wrong one out of those two.)
Then uncheck "Select All Files" as you don't have any of theses.
You can see FDL1 and FDL2 are still checked, and you don't have those files ...
As they are needed to start the Flash utility, we will have to find them.
I came across only 3 different FDL1 files, but for theses FDL1 it seems every phone have his own FDL2.
You will have to find the ones that work for you.
Here is an archive of nearly every FDLs available: FDL Files
Choose one FDL1, and one FDL2 located in the same folder. (you can choose a File with a right click on the FileName blank space in front of FDL1)
Click on OK.
Then click on the "Play button" saying start download.
It may show some warning, it's not a problem.
Now, press Volume Down on your phone, then you have to plug it on the USB Port, still holding the button.
You can release the button when the flash begins.
You may have to press an other button than Volume-. Some phones are reported to use the Home Button instead.
You may also have to remove, wait a while, and reinsert the battery before holding volume- or after the flashing procedure to be able to start the phone.
If ResearchDownload shows you an error or timeout, try another set of FDLs Files. Keep trying until you find one pair that work !
If it works the flashing process should start right away. Just a millisecond after Windows have detected and initialized the device when you plugged it.
When you have the right FDLs, you can go to the next step, flashing something useful ^^ (we haven't flashed anything as of now, just been searching for a compatible flashing bios)
If your working FDLs folder does not have the name of your phone, please tell me what phone you have and what FDLs you used so I can rename them.
4.2 - Using ResearchDownload to load CWM (Clockwork Mod)
Do exactly as said before, but check the "Recovery" checkbox on Download Settings. and choose one of theses CWM images:
* cwm-recovery-Feiteng_GT-A7100.img - Feiteng GT-A7100 and probably more Feiteng devices.
* cwm-recovery-S6500-TV.img - 6500-TV or S560
* cwm-recovery-N9300.img - N9300 (I9300 Clone)
* cwm-recovery-S930-N8820-i9300.img - S930 or N8820
* CWM-recovery-SC8810-nonpadded.img - 5830, S5830, Q5830, Q206 and GT-N9300 (maybe more)
* cwm-recovery-SC6820-nonpadded.img - extracted from a random SC6820 that I don't remember
* cwm-recovery-SC8810-2-nonpadded.img - i9720+
* cwm-recovery-S9300-S3.img - S9300 (SC6820A S3 Clone)
When you flashed one successfully, try to boot on recovery (Usually by holding Volume- while holding the power button until the screen light up).
If your device is not listed or the one for your device doesn't work, try them all, even if your phone is SC6820 and the recovery was made for SC8810, if none are working, we will have to flash the entire system partition, which is a lot more difficult and dangerous ...
Download this patch: SuperuserAndFullBackup
Put it on the root of your SD Card.
Now you will have to boot on CWM, remember, he is on the same key combination than the old useless recovery was.
You can also try this command with adb:
Code:
Quote:
adb reboot recovery
Now it's the perfect time to do a full backup of your firmware with CWM, so please do so, that can come in handy. (please go to the end of this tutorial after rooting your phone to know how to make a FULL backup. CWM will only make a partial one.)
choose apply update.zip
Choose the file you have put on your sd card before
Apply it then reboot.
This update.zip have pushed everything needed to root your phone in the right place, you should be rooted now !
If you have an error like:"Can't mount /sdcard" you may have to try with another SD Card and be sure your SD Card if formated as Fat32.
4.3 - Using ResearchDownload to load a modified system partition image
Now we are in deep **** ! This can be tedious ... You will need to drink a lot of coffee, then you will probably pull your hair off, but it's possible to root every single Spreadtrum devices this way !
Please follow the instructions down bellow on how to "5 - Create a rooted system partition image"
When you have done your Rooted system partition image, reboot on Windows, then flash it like that:
Do exactly as said on the paragraph on how ResearchDownload works, but check the "System" checkbox on Download Settings, and choose your modified system.img file to flash it on the device.
As it is still not tested at all, you will have to pray some kind of Spreadtrum *** and hope it will be successful ...
The first boot after the flash can be very VERY long. It's perfectly normal.
After the flash is done, please make a full backup (see bellow how you can do that), so I can make a Clockwork recovery partition working with your phone.
You may need to flush your data partition with CWM to avoid some crazy bugs after the flash. You will have theses bugs because of the partitions realignment that might occurs as a result of using a slightly different FDL set as the manufacturer.
Don't even try to do a factory settings reset before installing CWM, as I don't know what ******* can lie ahead if you do a factory reset without any working recovery installed
(If your phone doesn't boot after the flash, it is possible to flush the data and cache partition with ResearchDownload. I will explain it, if needed !)
5 - Create a rooted system partition image
Please always try the CWM method first ! There is no risks at all to destroy your phone if the recovery is not working. Here we are making a new system image to flash on the system partition, this partition contain the Android operating system. I will try to explain everything as good as I can, but if you make a mistake, if you don't read my warnings, you can brick your phone very easily !
That will be difficult ... And you will have to use a Linux computer, or Linux in Virtualbox, or in a Live CD, basically you will need Linux somewhere on your computer ^^
Why ? Because we will have to preserve unix permissions on an extracted tar archive ! Trust me, you will probably brick your phone if you do that on windows ...
#Install ADB
Code:
Quote:
sudo apt-get install android-tools-adb android-tools-fastboot
#Configure ADB
Code:
Quote:
mkdir ~/.android
Code:
Quote:
echo 0x1782 > ~/.android/adb_usb.ini
#Start the ADB server
Code:
Quote:
sudo adb kill-server sudo adb start-server
#Just let's check just in case if your device is already rooted
Code:
Quote:
adb shell su -c id
Possible answers:
uid = 0 (root) gid = 0 (root) - your phone is already rooted ! (if you haven't noticed it, it's because superuser.apk is not installed, so just push it and install it via ADB and you are rooted !)
SU: Permission denied - You are not rooted ... Good luck then !
#Now we will backup the system partition !
Code:
Quote:
adb shell tar -cf /mnt/sdcard/system.tar system
Please pay attention to the errors !
There will be missing files, and we will have to add theses by ourselves after the backup to pretend to have a full backup.
Here is the archive for the known missing files: btdbus
If you have more than theses:
Code:
Quote:
tar: can not open 'system/etc/dbus.conf': Permission denied
tar: can not open 'system/etc/bluetooth/audio.conf': Permission denied
tar: can not open 'system/etc/bluetooth/auto_pairing.conf': Permission denied
tar: can not open 'system/etc/bluetooth/input.conf': Permission denied
tar: can not open 'system/etc/bluetooth/main.conf': Permission denied
tar: system/lost+found: Permission denied
tar: Error exit delayed from previous errors
Then you should just give up, or tell me so I can send you the missing files.
Note: Lost+found is not important, it's just a folder automatically created by Linux to collect any corrupt files.
#Now we will pull this nearly full backup to our computer. Please keep it preciously somewhere secure.
Code:
Quote:
adb pull /mnt/sdcard/system.tar
#Warning, theses next steps have to be made ONLY on Linux on an ext2/3/4 partition ! Please never attempts to do this on Windows or On Linux on a FAT32 partition.
#untar the archive
Code:
Quote:
sudo tar -xvpf system.tar
#now we will restore the files we have not been able to backup.
#Download this archive if you haven't done this before: btdbus
#Then extract it on the same folder as you extracted your system.tar file with this command:
Code:
Quote:
sudo tar -xvpf btdbus.tar
#Now it's time to add the root utilities, you can download them from here: root
Code:
Quote:
sudo tar -xvpf root.tar sudo cp Superuser.apk system/app/Superuser.apk sudo install -m 06755 su system/xbin/su
#Now we will get rid of this virus ! (the file name can be something else. Like caivs.apk, or some random numbers at the end)
Code:
Quote:
sudo rm system/app/eyuSales_20121116.apk
#And now you will have to make a flashable system image with this tool, included in the root.tar archive
Code:
Quote:
sudo ./mkyaffs system system.img
#Now you can reboot your phone in fastboot or use researchdownload to flash your new System image.
6 - Do a full nand backup
Here is how to do a full nand backup of your beloved Spreadtrum: http://ift.tt/1r0dp8s
7 - Don't forget to remove to caivs Virus
When you are rooted, you can remove the Virus or any preinstalled apps using Link2SD.
I suggest you to remove everything you have preinstalled if it is available on the Google Play Store (except the keyboard or the launcher !!!). For example if you have an old version of ES File Explorer on your phone preventing you from updating it, you can remove it safely, then install the updated version from the the Play Store.
Never try to remove something that you don't know what it is !
For the Launcher or keyboard. You can remove them only if you installed a new one on the System partition and tested it successfully !
-----
I want to thanks every peoples at Forum.China-iPhone.Ru and Yekdall for being one of the first to type something in English about spreadtrum firmware modding !
via Welcome to gsm-tips http://ift.tt/1r0gZPR