How do I root the Lemfo Lem16 Android 11 smart watch?
How do I root the Lemfo Lem16 Android 11 smart watch?
(03-02-2023, 08:10 AM)emassey0135 Hello,
I purchased a Lemfo LEM16 smart watch and I am trying to root it using Magisk. It has a Unisoc chip and runs full Android 11 with some modifications to make it better suited to a smart watch. I have been trying to create a custom signed vbmeta image and sign the patched boot image using the tutorial at https://www.hovatek.com/forum/thread-32664.html . I extracted the firmware images from the pac file using the SPD upgrade tool and patched boot.img using the Magisk app, and I have unlocked my boot loader. I extracted the keys from the stock vbmeta-sign.img using a Windows program, and I generated a public key from the RSA4096 key linked in the tutorial to a file named new.bin, and signed the patched boot image with the private key using the instructions at https://www.hovatek.com/forum/thread-32674.html except I ran avbtool erase_footer on the patched boot image first. I also created a custom vbmeta image using all the keys, partition names, and ordering from the original image, except replacing the boot key with my generated public key. I used the RSA4096 key linked in the first tutorial as the signing key for the new vbmeta. I ran the padding script for Android 10 afterward since there is none listed for Android 11, and used 16384 as the padding size in the avbtool command since this seems to be correct from investigating the original vbmeta image as described in the second post of the first tutorial thread. However, when I flash the new images, the device goes into a boot loop and I have to restore the original firmware with the SPD research tool. I am not sure what I am doing wrong. Do I need to change the flags for verified boot in the vbmeta or boot image? What else could be causing this problem? I have attached the original vbmeta image, its info from running avbtool info_image on it, the custom vbmeta image I generated, its info, the info for the stock boot image, the info for the signed patched boot image, a zip file containing the keys from my stock vbmeta image along with my new public key, and the command I used to generate the custom vbmeta.