Oppo F5 Youth Rooting

smankusors
Junior Member

16

22-10-2021, 06:54 PM

#1

Hello Hovatek,

I want to root my device Oppo F5 Youth so I could take full control of it. Currently the firmware is at latest version (CPH1725EX_11_A.45_200903), which I already regreted for doing that. Because of it, I could not use the root vulnerability that discovered 2 years ago. So I decided to downgrade the firmware. But I cannot do that on the recovery because I got error message saying "The install version is lower that the current" or something like that.

I decided to flash using SP Flash Tool v5.2124, I got detected as Oppo Preloader in Windows. I already installed the driver, and the SP Flash Tool correctly recognized it. But after downloading the DA, the error "STATUS_BROM_CMD_SEND_DA_FAIL" appears, then the device rebooted. I also tried with Miracle Thunder v2.82, but the same behaviour happened, after downloading the DA, the device rebooted.

So I shorted the test point according to what I found in the Google. Now it detected as Mediatek Preloader. Finally one step closer, but still same error "STATUS_BROM_CMD_SEND_DA_FAIL".

Is there anything else I can do to root this device? ?

Thanks,

hovatek
Administrator

49,832

23-10-2021, 10:13 AM

#2

(22-10-2021, 06:54 PM)smankusors Hello Hovatek,

I want to root my device Oppo F5 Youth so I could take full control of it. Currently the firmware is at latest version (CPH1725EX_11_A.45_200903), which I already regreted for doing that. Because of it, I could not use the root vulnerability that discovered 2 years ago. So I decided to downgrade the firmware. But I cannot do that on the recovery because I got error message saying "The install version is lower that the current" or something like that.

I decided to flash using SP Flash Tool v5.2124, I got detected as Oppo Preloader in Windows. I already installed the driver, and the SP Flash Tool correctly recognized it. But after downloading the DA, the error "STATUS_BROM_CMD_SEND_DA_FAIL" appears, then the device rebooted. I also tried with Miracle Thunder v2.82, but the same behaviour happened, after downloading the DA, the device rebooted.

So I shorted the test point according to *****. Now it detected as Mediatek Preloader. Finally one step closer, but still same error "STATUS_BROM_CMD_SEND_DA_FAIL".

Is there anything else I can do to root this device? ?

Thanks,

the error you're getting is due to mtk secure boot, you can flash using mtk bypass @ https://www.hovatek.com/forum/thread-37957.html
for rooting, you could try unlocking bootloader @ https://www.hovatek.com/forum/thread-40300.html then patch boot using magisk @ https://www.hovatek.com/forum/thread-21427.html

This post was last modified: 23-10-2021, 10:14 AM by X3non.

smankusors
Junior Member

16

23-10-2021, 01:08 PM

#3

Thanks for the reply,

Unfortunately I already tried the mtkclient before, and I requested help from the author here https://github.com/bkerler/mtkclient/issues/119

I tried with MTK bypass, it successfully disable the protections (like mtkclient did). But when I tried back with SP Flash Tool, the device is not responding, and the error STATUS_PROTOCOL_ERR shows up

Any ideas? Should I leave the short on or should I remove it after detected on the PC? Is there need for timing when I should remove the short?

hovatek
Administrator

49,832

25-10-2021, 11:13 AM

#4

(23-10-2021, 01:08 PM)smankusors Thanks for the reply,

Unfortunately I already tried the mtkclient before, and I requested help from the author here https://github.com/bkerler/mtkclient/issues/119

I tried with MTK bypass, it successfully disable the protections (like mtkclient did). But when I tried back with SP Flash Tool, the device is not responding, and the error STATUS_PROTOCOL_ERR shows up

Any ideas? Should I leave the short on or should I remove it after detected on the PC? Is there need for timing when I should remove the short?

let me see a screenshot of what you selected in miracle thunder and the outcome
with mtkbypass + spft, did you try both USB & UART connections in spft?
are you able to boot this device into fastboot mode?

ideally, you should remove the short after getting a detection

smankusors
Junior Member

16

26-10-2021, 05:00 PM

#5

(25-10-2021, 11:13 AM)X3non ideally, you should remove the short after getting a detection

ah yes, I just realized this. Now it works! I can flash the firmware using SP Flash Tool now. First I need to hold the short, plug the USB in, remove the short, run the MTK-bypass utility, and download in SP Flash Tool.

And... uh oh... battery is not charging, touchscreen is not working (I still haven't assembled this back)

Oh welp, I take care of that later,

Anyway, I still have no luck about unlocking bootloader. The device seems time out when using mtkclient. I already tried with combination of MTK-bypass but still no luck.

Then just curious, I skipped the UBL part, and jump straight to patching the boot.img. Now the device won't boot anymore, it says image damaged, haha just I expected

Should I flash the previous firmware? I tried, but then I can't flash several partitions because STATUS_SEC_VIOLATE_ANTI_ROLLBACK

justshez
Intern

2,483

26-10-2021, 05:42 PM

#6

(26-10-2021, 05:00 PM)smankusors
(25-10-2021, 11:13 AM)X3non ideally, you should remove the short after getting a detection

ah yes, I just realized this. Now it works! I can flash the firmware using SP Flash Tool now. First I need to hold the short, plug the USB in, remove the short, run the MTK-bypass utility, and download in SP Flash Tool.

And... uh oh... battery is not charging, touchscreen is not working (I still haven't assembled this back)

Oh welp, I take care of that later,

Anyway, I still have no luck about unlocking bootloader. The device seems time out when using mtkclient. I already tried with combination of MTK-bypass but still no luck.

Then just curious, I skipped the UBL part, and jump straight to patching the boot.img. Now the device won't boot anymore, it says image damaged, haha just I expected

Should I flash the previous firmware? I tried, but then I can't flash several partitions because STATUS_SEC_VIOLATE_ANTI_ROLLBACK

have you tried flashing only the stock boot.img since that's the only partition you modified?

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.

hovatek
Administrator

49,832

27-10-2021, 11:02 AM

#7

(26-10-2021, 05:00 PM)smankusors Anyway, I still have no luck about unlocking bootloader. The device seems time out when using mtkclient. I already tried with combination of MTK-bypass but still no luck.

run the MTKclient, hold the short, plug the USB in, remove the short. see if it makes any difference

(26-10-2021, 05:00 PM)smankusors Should I flash the previous firmware? I tried, but then I can't flash several partitions because STATUS_SEC_VIOLATE_ANTI_ROLLBACK

flashing back stock boot.img should fix the device as @Abdulakeem14 mentioned

smankusors
Junior Member

16

27-10-2021, 05:00 PM

#8

(26-10-2021, 05:42 PM)Abdulakeem14 have you tried flashing only the stock boot.img since that's the only partition you modified?

yes, but now it's back to the beginning. Still cannot unlock bootloader though. Then I decided temporary hard coded some code of mtkclient to be able to unlock the bootloader. Now it's successfully unlocked.

After that, I flashed the patched boot.img again and.. uh the Oppo logo shows up, with warning of bootloader unlocked, but it's bootloop again.

Well I actually patched the boot.img on different device, does that affect anything? Also, I'm not sure if I should use the boot.img or recovery.img... any info for Oppo F5 Youth (CP1725)?

Also.... about the battery and touchscreen problem... is this because I downgraded the firmware? Or maybe dirty connector? Or should I completely assembled the phone?

hovatek
Administrator

49,832

28-10-2021, 10:51 AM

#9

(27-10-2021, 05:00 PM)smankusors After that, I flashed the patched boot.img again and.. uh the Oppo logo shows up, with warning of bootloader unlocked, but it's bootloop again.

when you unlock the bootloader without flashing patched boot, does the device bootloop?

(27-10-2021, 05:00 PM)smankusors Well I actually patched the boot.img on different device, does that affect anything? Also, I'm not sure if I should use the boot.img or recovery.img... any info for Oppo F5 Youth (CP1725)?

it doesn't affect anything if you patched on a different device and you should use boot.img

(27-10-2021, 05:00 PM)smankusors Also.... about the battery and touchscreen problem... is this because I downgraded the firmware? Or maybe dirty connector? Or should I completely assembled the phone?

if you know / have the firmware you previously had on the device, you can flash that then it'll help confirm if it's a SW or HW problem

smankusors
Junior Member

16

28-10-2021, 04:18 PM

#10

(28-10-2021, 10:51 AM)X3non when you unlock the bootloader without flashing patched boot, does the device bootloop?

no, it boots normally

(28-10-2021, 10:51 AM)X3non if you know / have the firmware you previously had on the device, you can flash that then it'll help confirm if it's a SW or HW problem

unfortunately the latest working firmware is A.45, which I do have the OTA package, but it's missing recovery.img, cache.img, and userdata.img. The only newest flash package I have is A.41. So if I use system.img from A.45, and userdata.img from A.41, it's stuck at Oppo logo.

Oh wait, I actually can flash the A.45 on the stock recovery. And yes now it still boots normally, but the battery and touchscreen still broken. ***** me.

Welp, I'm also tried to patch the boot.img with Magisk from A.45, and it's bootlooped again Big Grin

View a Printable Version

Users browsing this thread:
1 Guest(s)

Find us

Call us

Mail us

Useful Links

Actions