About Me

header ads

How To Root Every Spreadtrum SC6820/SC8810 Phones

Hello,
First I have to apologizes if I'm not fully understandable. I'm french, english is not my native language.
If you find anything that could be rephrased better, or anything like that, please tell me !
I have to warn you that the last root method (using ResearchDownload to load a modified system.img) have not been widely tested on real hardware yet ! So this method may be dangerous ! (because of possible partition table changes)
The others methods are pretty safe, don't be afraid by them if you do exactly what I wrote.

Theses processors are also named SP6820 and SP8810, it's exactly the same processor.

Why buying a Spreadtrum based phone ?

They are really cheap, and they work amazingly well ! (some can even run N64 games, that's unbelievable on a 60 $ or less phone)
My phone with an SC6820 at 1 ghz is rated 3346 on Antutu benchmark, pretty good !
A good old MTK6516 (very old MTK processor still available in the same price range) got 600~ on the same Antutu Benchmark.
They usually have only 256MB of RAM but despite that, they work with pretty much everything ! (I tested a lot of games, only big 3D ones are not working at all. Some 3D games are working flawlessly) - I discovered that they are using zram swap to provide more RAM by compressing it when needed. That's pretty neat !

They are very good as a portable multimedia device, to read mails, browsing the web, play some games, mp3, videos.
They work perfectly with wifi only and no sim card. You can easily find 4" phones way better than 4.3" tablets. (4.3" tablets usually have resistive screen and no multitouch)
As a 2G phone they are competent, but the 2G modem is not as good as the one in MTK processors. (It takes longer to download something in the same conditions)

Boot very fast, and have descent battery life. (3-4 hours of video out of a 1200 mAh battery - 5-6 hours out of a 1800 mAh)

Why you should not ?

They are extremely difficult to root in some cases. And it seems to go worse and worse as the time goes by ! (especially if you are the first to root a new model)
They don't seem to be well tested ... You can have a microphone so quiet nobody will be able to ear you. But it's easy to fix as you can see here: Spreadtrum: Amplify the microphone (Microphone is too quiet / silent) - xda-developers
They don't have any form of usable 3G support.
They usually have only 256MB of RAM again. So that can be a problem when you are, for example, using Opera Mobile with more than 3 tabs. And make the transition between apps longer.
They all use Android 2.x, even if some are marketed as Android 4.0 phone (very big and blatant lie !)
They usually use android 2.3, but some are only Android 2.2 phones ! (The fake Android 4.0.3 for instance is only android 2.2)
They all use (or almost all use) the MocorDroid Firmware. It's some kind of fork of Android 2.3 that use NON-Standards and sometime buggy Launchers and they often use Go Keyboard which is kind of a bad choice considering the RAM and ROM constraints ...
The only difference between the SC6820 and the SC8810 is the support for the Chinese form of 3G.
If you don't live in china, that means this two processors are essentially the same. (Don't trust sellers, their is NO Spreadtrum processor fully "3G" compatible)

Some phones with the fake Android 4.0.3 based on 2.3.5 will brick themselves nearly 2 months after you first used it. It's a really weird behavior of this early Spreadtrum firmware. So if you have this firmware, just do whatever it takes to root it, make a backup and install CWM as soon as possible to be able to recover from this possible breakage. It's only a problem with a fraction of Spreadtrum phones, but you will be very happy if you have installed CWM before encountering it ^^

A lot of fakery in the Spreadtrum scene. For example fake MTK6515 phones that are in fact just SC6820 phones with a firmware modified to lie its processor ID to populars android benchmarking tools like Antutu Benchmark.

If you are searching for a 512MB RAM phone, you'd better go for an MTK(6515 or better) Phone, the price difference is really worth it !


Now, a little warning for french readers: Ne marche pas très bien avec l'opérateur français Free, une carte sim sur 2 seulement semble marcher. Les cartes sim ne "marchant pas" ont ce problème:
Vous pouvez recevoir les appels, utiliser internet, envoyer et recevoir des SMS, mais vous ne pouvez pas faire d'appels !

Why rooting it ?

Because a lot of them come with a lot of sh*tty softwares, including the bad launcher and keyboard.
Because they can come with a "Virus" that can send SMS messages to china (so you have to pay for unwanted international SMS cost)
I myself have this Virus on one of my phones, as of now, I haven't noticed anything unusual. Just the useless, unkillable com.android.caivs.app process eating 15 MB of RAM doing nothing. (It is a significant waste of ram on such devices)
(As of now I only seen this malware on Feiteng devices - You can share your experience with this thing down bellow)

More about CAIVS here: http://web.archive.org/web/201108120...portfolio2.htm

How-to do that ?!

If you are lucky you will be able to root your phone by traditional means.
If you are not, you can root them by manually adding the root utilities to the ROM.

I will describe every methods that you should try in order of difficulty and risks.

Before doing any of that, go to the android setting -> applications -> Development -> Check USB Debugging.

Universal Root utilities

None of them work on all Spreadtrum devices. But as they can work, please try them !

Try X-ray maybe: X-Ray for Android

If some warning comes up, you have a security hole, so you can root your phone easily.
If you have none, you will have to use Fastboot or ResearchDownload !

1.1 - Z4Root

Just try z4root !

[APP] z4root - xda-developers

z4root is a little tool to root Android 2.2 and sometime work on 2.3
It's known to work on devices with the fake Android 4.0.3 and MocorDroid 2.2.2
It may work on more of them, just try, there is no risks at all.

Make sure you have at least 50 MB of available space on the /data partition before trying this. (not the SDCard, the Applications Space)

Try a temporary root to see if it works, then you can do the permanent root.

You will maybe have to try it 2 or 3 times before it works.

Even if it doesn't work, reboot the phone after this. Because it can eat your battery while running in the backgroung if it fails.

1.2 - UnLockRoot

Try using unlockroot: UnlockRoot/UnlockPhone/UnlockFlash---Android Root

It's known to work on some MocorDroids (2.2.2 (Fake 4.0.3) 2.3.5 and 2.3.6)

To make unlockroot work, you may have to install the adb drivers for Spreadtrum first.

2 - Custom Firmware Flash

Please never use any custom firmware available in .pac file format ! Or at least, don't use them before doing a full backup of your current firmware !

Feiteng A7100 (only if you have the mt6515_c910_ht_en_4.0_v01 rom/firmware on it !!! If not, don't touch it, you will end up with a brick ! Or screen reversed, or other strange bugs): [ROM] Feiteng A7100 - Spreadtrum SC6820 - Rooted - xda-developers

If you have a Feiteng A7100 I really recommend NOT TO USE this rom ! Why ? Because it only work on a fraction of A7100, newer releases of the same phone don't use the same firmware. With this tutorial here, you can root your A7100 easily and way safer. Please go to "4-" on this tutorial to know how to root your A7100.

If you append to find some others Custom roms for spreadtrum devices, or are making one, please send me a PM, I will link them here.

3 - Fastboot to the rescue !

If every fast, simple and secure methods are not working, then this will be difficult my friend !

3.1 - Find Fasboot

First, let check if we have fastboot in your phone !

Fastboot is a little tool inside the bootloader. It's here to help you flash the firmware.
Not every Spreatrum phones have it, so let's check if you are lucky !

You can access it by powering on the phone up while holding a key.

First power off your phone.
Then hold some button like volume+
while pressing this button, press and hold down the power button.
Keep holding the two buttons until the screen light up.

You should now have something on your screen. Maybe a system diagnostic tool (a menu with a set of system tests, that's totally useless) or maybe the recovery mode (a screen with a warning sign, and now your phone is stuck here until you pull out the battery) or, and that means victory, a screen that says "Fastboot".

If you are not on fastboot, but are on the Recovery or the System Test, turn the phone off again and try another button press at boot time exactly like I said before.
This time, try the Home button if you have one, or the Volume-.
You should also try buttons combinations. Like volume up and down at the same time. Home + vol Up, etc and maybe the 3 at the same time ...

(if you just boot as if nothing was pressed, you maybe have to unplug the battery, wait for a while and put it back before powering the phone on. Theses things are also not working when the usb/charging cable is plugged in - if some keys combinations are not doing anything, it's perfectly fine, it means they don't trigger any hidden boot mode)

If nothing bring fastboot up, you have to use the Spreadtrum Debug tool "ResearchDownload" ...
So Skip to "4-" ! ^^

3.2 - Install the drivers

If you append to find Fastboot, we will have to install the PC part of it !

Like every android phone, you have to install adb and his drivers to access the Android Debug Bridge.
You can find them and learn how they work here: How To: Install ADB and Fastboot on your Windows computer for use with your Android phone | Reviews, news, tips, and tricks | dotTech

On Ubuntu or Debian Linux you just have to install them that way:


Code:
sudo apt-get install android-tools-adb android-tools-fastboot
You also have to install the phone drivers if you are using Windows:

ADB Drivers: Spreadtrum Drivers.7z

Debug Drivers: SCI-android-usb-driver-jungo-v4.7z

Mirror: DEBUG_TOOL.7z

Then you will have to tell adb what phone to use. By that I mean adding the PCI ID to a text file to tell adb that this peripheral is compatible.

The Spreadtrum PCI ID is 0x1782

add this line to "Your user directory/.android/adb_usb.ini"

Code:
0x1782
3.3 - Using fastboot to load CWM (Clockwork Mod)

CWM work on some of theses Spreadtrum devices, most of the time, the screen is reversed, but it works !
On some phone, you will be presented with a blank screen, but CWM will work ... That will just be very difficult to navigate ... (don't bother and use another method if you append to be in this boat)

Here are the recovery images available for Spreadtrum device to my knowledge:

* cwm-recovery-SC6820.img.7z - extracted from a random SC6820 that I don't remember
* cwm-recovery-SC8810.img.7z - i9270+
* CWM-recovery-SC8810-nonpadded.img.7z - 5830, S5830, Q5830, Q206 and GT-N9300 (maybe more)
* cwm-recovery-S9300-S3.img.7z - S9300 (SC6820A S3 Clone)
* cwm-recovery-Feiteng_GT-A7100.img.7z - Feiteng GT-A7100 and probably more Feiteng devices.
* cwm-recovery-S6500-TV.img.7z - 6500-TV or S560
* cwm-recovery-N9300.img.7z - N9300 (I9300 Clone)
* cwm-recovery-S930-N8820-i9300.img.7z - S930 or N8820

If your device is not listed or the one for your device doesn't work, try them all, even if your phone is SC6820 and the recovery was made for SC8810, if none are working, we will have to flash the entire system partition, which is a lot more difficult and dangerous ...

Flashing CWM to the phone:

Linux Only: Initialize ADB:

Code:
sudo adb kill-server
sudo adb start-server
Boot your phone in fastboot mode.
Be sure your device shows up:

Code:
fastboot devices
if your device show up, it's time to flash

Code:
fastboot flash recovery recovery.img
It's flashed ! Let's reboot now.

Code:
fastboot reboot
Start on CWM, if it works, you can start to root the phone !

Download this patch: SuperuserAndFullBackup.zip
Put it on the root of your SD Card.
Now you will have to boot on CWM, he is on the same key combination than the old useless recovery was. (Most of the time Volume- and Power)

You can also try this command with adb:

Code:
adb reboot recovery
Now it's the perfect time to do a full backup of your firmware with CWM, so please do so, that can come in handy. (please go to the end of this tutorial after rooting your phone to know how to make a FULL backup. CWM will only make a partial one.)

choose apply update.zip
Choose the file you have put on your sd card before
Apply it then reboot.

This update.zip have pushed everything needed to root your phone in the right place, you should be rooted now !

If you have an error like:"Can't mount /sdcard" you may have to try with another SD Card and be sure your SD Card if formated as Fat32.

3.4 - Using Fastboot to load a modified system partition image

Please follow the instructions down bellow on how to "5 - Create a rooted system partition image"

When you have done your Rooted system partition image, flash it like that:

Code:
sudo fastboot devices
#if your device show up, it's time to flash

Code:
sudo fastboot flash system system.img
#It's flashed ... Now let's reboot with all the apprehension of the world

Code:
sudo fastboot reboot
If it boots (should boot), you will be up and rooting !

4 - Spreadtrum ResearchDownload tool to the rescue !

First, if you have fastboot, use fastboot ! It's simple, more reliable, faster. It's bottomline better !
If you don't have fastboot or can't figure out how to bring him up on your phone despite trying for about an hour. This tool will most likely work.

First, you should use Windows XP 32bits. Even real XP or in virtualbox.
It might work on windows 7 32 bits and 64 bits but you will have to tweak the system to allow installation of non signed devices drivers ...

ResearchDownload work as this:
First you start the Channelserver - This thing is here to make a bridge between the tools and the driver.
Then you start ResearchDownload.

Now you can make a full firmware flash (you should not !! It's a terrible idea !) or flash a single partition. But to do that, unfortunately, you should have a compatible set of fdl files.
Finding them on google is impossible, you have to extract them from your full firmware .pac file.
If you can't find your firmware on the Internet, you will have to try every single one you can find from others firmwares. I gathered all the fdl files I could find in a single package, so it won't be that difficult.

It's highly probable that you will find one that will work with your phone. This thing have to boot the phone and flash the Nand Flash chip. I'm pretty sure there is not a lot of different ways to do this on a single processor.

I really don't know the risks of using a wrong fdl set. But we haven't seen any risks at all yet. Some will work on your phone, others will just do nothing. You will just have to try every single one until one work.
I named the folders with the names of the phones I know working with theses. So it will be easier to find the good one. (A7100, 6500-TV, 5830, Q206 and S930 users will feel very lucky ^^)


4.1 - Learn how ResearchDownload Work

First you have to install the drivers, you can find them here:
ADB Drivers: Spreadtrum Drivers.7z
Debug Drivers: SCI-android-usb-driver-jungo-v4.7z

Then you have to plug your phone to your computer with your micro usb cable. Your phone have to be powered on.
Be sure every pieces of hardware are detected and installed correctly.
As you can see, this phone is not just detected as an ADB device, or as a mass storage device.
It actually have an internal serial port to usb adapter !
In other words that means this processor provide a way to flash his nand very easily even if it is fully bricked. It's a rare and pretty good feature you don't see that often. In fact, most of the time you have to solder a real serial port yourself on the phone motherboard, then have to use a Serial to USB adapter to have this level of access to the hardware.

So yes, back to tutorial.

Now you will have to unplug your phone and turn it off.

You have to download the debug tools, you can download them here: DEBUG_TOOL.7z

First you have to start the channel server, you will have to disable your firewall for this app, it's because this tool use a network protocol to communicate with the other tools.
Then open ResearchDownload.

ResearchDownload is a weird flashing utility, it can open a .pac firmware file and can make a .pac out of .img files. You also can flash .img files and that's what we will do. But unfortunately it can't make a full backup ... So be careful !

The cog logo is here to let you open a .pac file. We don't need that as we probably don't have it.

The "two cogs logo" let you configure the flash utility.
Click on this to bring a new window.
On the download settings window, click on select product then choose your type of phone. (SC8810 or SC6820, it doesn't really matters if you take the wrong one out of those two.)
Then uncheck "Select All Files" as you don't have any of theses.
You can see FDL1 and FDL2 are still checked, and you don't have those files ...
As they are needed to start the Flash utility, we will have to find them.
I came across only 3 different FDL1 files, but for theses FDL1 it seems every phone have his own FDL2.
You will have to find the ones that work for you.

Here is an archive of nearly every FDLs available: FDL Files.7z

Choose one FDL1, and one FDL2 located in the same folder. (you can choose a File with a right click on the FileName blank space in front of FDL1)

Click on OK.
Then click on the "Play button" saying start download.
It may show some warning, it's not a problem.

Now, press Volume Down on your phone, then you have to plug it on the USB Port, still holding the button.

You can release the button when the flash begins.

You may have to press an other button than Volume-. Some phones are reported to use the Home Button instead.
You may also have to remove, wait a while, and reinsert the battery before holding volume- or after the flashing procedure to be able to start the phone.


If ResearchDownload shows you an error or timeout, try another set of FDLs Files. Keep trying until you find one pair that work !

If it works the flashing process should start right away. Just a millisecond after Windows have detected and initialized the device when you plugged it.

When you have the right FDLs, you can go to the next step, flashing something useful ^^ (we haven't flashed anything as of now, just been searching for a compatible flashing bios)

If your working FDLs folder does not have the name of your phone, please tell me what phone you have and what FDLs you used so I can rename them.

4.2 - Using ResearchDownload to load CWM (Clockwork Mod)

Do exactly as said before, but check the "Recovery" checkbox on Download Settings. and choose one of theses CWM images:
* cwm-recovery-Feiteng_GT-A7100.img.7z - Feiteng GT-A7100 and probably more Feiteng devices.
* cwm-recovery-S6500-TV.img.7z - 6500-TV or S560
* cwm-recovery-N9300.img.7z - N9300 (I9300 Clone)
* cwm-recovery-S930-N8820-i9300.img.7z - S930 or N8820
* CWM-recovery-SC8810-nonpadded.img.7z - 5830, S5830, Q5830, Q206 and GT-N9300 (maybe more)
* cwm-recovery-SC6820-nonpadded.img.7z - extracted from a random SC6820 that I don't remember
* cwm-recovery-SC8810-2-nonpadded.img.7z - i9720+
* cwm-recovery-S9300-S3.img.7z - S9300 (SC6820A S3 Clone)

When you flashed one successfully, try to boot on recovery (Usually by holding Volume- while holding the power button until the screen light up).

If your device is not listed or the one for your device doesn't work, try them all, even if your phone is SC6820 and the recovery was made for SC8810, if none are working, we will have to flash the entire system partition, which is a lot more difficult and dangerous ...

Download this patch: SuperuserAndFullBackup.zip
Put it on the root of your SD Card.
Now you will have to boot on CWM, remember, he is on the same key combination than the old useless recovery was.

You can also try this command with adb:

Code:
adb reboot recovery
Now it's the perfect time to do a full backup of your firmware with CWM, so please do so, that can come in handy. (please go to the end of this tutorial after rooting your phone to know how to make a FULL backup. CWM will only make a partial one.)

choose apply update.zip
Choose the file you have put on your sd card before
Apply it then reboot.

This update.zip have pushed everything needed to root your phone in the right place, you should be rooted now !

If you have an error like:"Can't mount /sdcard" you may have to try with another SD Card and be sure your SD Card if formated as Fat32.

4.3 - Using ResearchDownload to load a modified system partition image

Now we are in deep **** ! This can be tedious ... You will need to drink a lot of coffee, then you will probably pull your hair off, but it's possible to root every single Spreadtrum devices this way !

Please follow the instructions down bellow on how to "5 - Create a rooted system partition image"

When you have done your Rooted system partition image, reboot on Windows, then flash it like that:

Do exactly as said on the paragraph on how ResearchDownload works, but check the "System" checkbox on Download Settings, and choose your modified system.img file to flash it on the device.

As it is still not tested at all, you will have to pray some kind of Spreadtrum *** and hope it will be successful ...

The first boot after the flash can be very VERY long. It's perfectly normal.

After the flash is done, please make a full backup (see bellow how you can do that), so I can make a Clockwork recovery partition working with your phone.

You may need to flush your data partition with CWM to avoid some crazy bugs after the flash. You will have theses bugs because of the partitions realignment that might occurs as a result of using a slightly different FDL set as the manufacturer.
Don't even try to do a factory settings reset before installing CWM, as I don't know what ******* can lie ahead if you do a factory reset without any working recovery installed
(If your phone doesn't boot after the flash, it is possible to flush the data and cache partition with ResearchDownload. I will explain it, if needed !)

5 - Create a rooted system partition image

Please always try the CWM method first ! There is no risks at all to destroy your phone if the recovery is not working. Here we are making a new system image to flash on the system partition, this partition contain the Android operating system. I will try to explain everything as good as I can, but if you make a mistake, if you don't read my warnings, you can brick your phone very easily !

That will be difficult ... And you will have to use a Linux computer, or Linux in Virtualbox, or in a Live CD, basically you will need Linux somewhere on your computer ^^

Why ? Because we will have to preserve unix permissions on an extracted tar archive ! Trust me, you will probably brick your phone if you do that on windows ...

#Install ADB

Code:
sudo apt-get install android-tools-adb android-tools-fastboot
#Configure ADB

Code:
mkdir ~/.android
Code:
echo 0x1782 > ~/.android/adb_usb.ini
#Start the ADB server

Code:
sudo adb kill-server
sudo adb start-server
#Just let's check just in case if your device is already rooted

Code:
adb shell su -c id
Possible answers:
uid = 0 (root) gid = 0 (root) - your phone is already rooted ! (if you haven't noticed it, it's because superuser.apk is not installed, so just push it and install it via ADB and you are rooted !)
SU: Permission denied - You are not rooted ... Good luck then !

#Now we will backup the system partition !

Code:
adb shell tar -cf /mnt/sdcard/system.tar system
Please pay attention to the errors !

There will be missing files, and we will have to add theses by ourselves after the backup to pretend to have a full backup.
Here is the archive for the known missing files: btdbus.tar

If you have more than theses:
Code:
tar: can not open 'system/etc/dbus.conf': Permission denied
tar: can not open 'system/etc/bluetooth/audio.conf': Permission denied
tar: can not open 'system/etc/bluetooth/auto_pairing.conf': Permission denied
tar: can not open 'system/etc/bluetooth/input.conf': Permission denied
tar: can not open 'system/etc/bluetooth/main.conf': Permission denied
tar: system/lost+found: Permission denied
tar: Error exit delayed from previous errors
Then you should just give up, or tell me so I can send you the missing files.

Note: Lost+found is not important, it's just a folder automatically created by Linux to collect any corrupt files.

#Now we will pull this nearly full backup to our computer. Please keep it preciously somewhere secure.

Code:
adb pull /mnt/sdcard/system.tar
#Warning, theses next steps have to be made ONLY on Linux on an ext2/3/4 partition ! Please never attempts to do this on Windows or On Linux on a FAT32 partition.
#untar the archive

Code:
sudo tar -xvpf system.tar
#now we will restore the files we have not been able to backup.
#Download this archive if you haven't done this before: btdbus.tar
#Then extract it on the same folder as you extracted your system.tar file with this command:

Code:
sudo tar -xvpf btdbus.tar
#Now it's time to add the root utilities, you can download them from here: root.tar

Code:
sudo tar -xvpf root.tar
sudo cp Superuser.apk system/app/Superuser.apk
sudo install -m 06755 su system/xbin/su
#Now we will get rid of this virus ! (the file name can be something else. Like caivs.apk, or some random numbers at the end)

Code:
sudo rm system/app/eyuSales_20121116.apk
#And now you will have to make a flashable system image with this tool, included in the root.tar archive

Code:
sudo ./mkyaffs system system.img
#Now you can reboot your phone in fastboot or use researchdownload to flash your new System image.

6 - Do a full nand backup and help me make you a new CWM recovery

Please if you have rooted your phone using another method than the CWM method, and have tried every CWM images without any luck, that mean I can do a CWM that work on your device !
The only thing I need to make a new CWM image is a backup of your boot.img, and to make a backup you need root or CWM.

Here is how to do a full nand backup of your beloved Spreadtrum: Spreadtrum SC6820/SC8810 Full Backup - xda-developers

Then send me your boot.img file and I will send you a recovery.img that you can flash to your recovery partition.
That will help new users to root a lot faster the same phone as you, and will make your life easier if you have to restore a backup.

7 - Don't forget to remove to caivs Virus

When you are rooted, you can remove the Virus or any preinstalled apps using TitaniumBackup.

I suggest you to remove everything you have preinstalled if it is available on the Google Play Store (except the keyboard or the launcher !!!). For example if you have an old version of ES File Explorer on your phone preventing you from updating it, you can remove it safely, then install the updated version from the the Play Store.
Never try to remove something that you don't know what it is !

For the Launcher or keyboard. You can remove them only if you installed a new one on the System partition and tested it successfully !

-----

I want to thanks every peoples at Forum.China-iPhone.Ru and Yekdall for being one of the first to type something in English about spreadtrum firmware modding !

Please tell me if you see a dead link ! I will fix it !

Post a Comment

0 Comments