INTRODUCTION I have successfully rooted the Lenovo Tab M8. I would like to document this root, how I did it, and what I learned from it on this subreddit in order to give back to you folks for helping me in the past. This is going to be an in-depth guide which will hopefully help you understand the rooting process better, and help you troubleshoot if things go wrong. This guide is very detailed and overwhelming, but if you pay attention and read through it, I guarantee you'll be satisfied because you'll be able to not only root, but know what you're doing. This way, you don't have to go making all the mistakes yourself like I did.
Before you begin, I hope you have at least some experience with Linux, and the more general computer knowledge you have, the better. I try to make this guide n00b friendly, but it goes into a lot of nerdy detail. I also hope you're comfortable with command-line utilities and paths. If you don't know something, I have a list of helpful resources in the appendix. I was a n00b once too, and I can honestly say that this experience has turned me from a novice rooter to an actual rooter.
The Tablet My device is a Lenovo Tab M8. More specifically it's a TB 8505fs I got at Walmart for 100 bucks. Pretty sure this is the identical model right here:
https://www.lenovo.com/us/en/tablets/android-tablets/lenovo-tab-series/Lenovo-TB-8505/p/ZZITZTATB58 This thing is a pretty good buy. It's the perfect size for E-books, can still fit in a large pocket, has good stats for its price, and has a great battery life. Here are some of the stats you can obtain from the above link:
CPU: MediaTek Helio A22 Tab, Quad-Core, 2.0 GHz
32 Gigs storage, 2GB RAM. The stats are decent, especially considering the thing doesn't come with too much bloatware, so it's not weighed down very much. Nevertheless, I wanted to root it primarily for the educational experience, but also in order to De-Google this device.
Android OS: 10, upgraded from 9 against my will before I could root it. Upon doing some research I believe the root process is the same, although your stock ROM might be different.
The OS I was using was Linux Mint, although the process is the same on Windows except for how you download ADB.
PREPARATIONS This tablet is great cuz you don't need to do anything special to root it. Its bootloader is unlockable by default. It's the usual process to unlock: just tap your build number to unlock manufacturer options and then make sure you enable USB debugging and OEM unlocking. Now, you can use adb to get into the bootloader, or you can use the hardware shortcut to enter the bootloader which is the usual power button + volume down key hold. You don't have to actually unlock the bootloader with fastboot yet, because I'll explain that later.
First, make sure you have ADB and fastboot installed. If you're on Windows you have to download it, so here's an official updated link for Windows, as suggested by comments:
https://developer.android.com/studio/releases/platform-tools A better alternative is to use Linux; I did this entirely on Linux Mint. If you are on Linux, you can use your distro's package manager (in this case apt since Mint is Debian based, use sudo apt-get install adb and sudo apt-get install fastboot to download your tools from verified repos.
Next, get on your Lenovo tablet and download Magisk Manager. Here's a link to it, complete with downloads and information. I recommend reading it.The official GH link is
https://topjohnwu.github.io/Magisk/ IF YOU ARE DOING THE "NO PHONE HOME GOOGLE" CHALLENGE WHERE YOU WANT TO KEEP YOUR LENOVO OFFLINE THROUGHOUT THE ENTIRE ROOT PROCESS, YOU CAN INSTALL ANY apk VIA YOUR COMPUTER BY USING THE COMMAND adb -d install [package_name.apk] (the -d flag is for direct USB connection, refer to fastboot and adb guide posted at the appendix)
NOTE ABOUT SP FLASH TOOL: There is another way to root devices such as this one with MediaTek (MTK) chipsets using SP Flash Tool. Here is a link to it if you need, but we won't be using this method, as it's mainly useful if you cannot unlock/enter fastboot, which does not apply to the Lenovo M8.
https://spflashtool.com/ Also in order to use this tool, you need the stock ROM and the scatter file for the device.
THE STOCK ROM Anyway, the most important thing you'll need in order to root your tablet is a stock ROM. You can find a variety of stock ROMs right here, but make sure it matches your build number:
https://firmwarefile.com/lenovo-tab-m8-tb-8505f NOTE: MAKE SURE YOU DOWNLOAD YOUR STOCK ROM FOLDER ONTO YOUR ANDROID DEVICE FIRST, not onto your computer. If you download it onto your computer, transfer it to the device.
Alternatively, you may google your build number and try to locate your stock ROM that way. The stock ROM is the most important thing. It should contain boot.img, system.img, recovery.img, user-data.img, vbmeta.img, and a scatter file as well as a whole bunch of other things. Make sure your stock ROM directory has all that, and that it has your build number in there somewhere.
"What are the .img 'image files'?" you may ask. Those are partitions that you can flash with fastboot. For this guide you'll only need boot.img and vbmeta.img, but in the highly likely event that you end up in a bootloop, having these partitions can help you get OUT of a bootloop.
THE ROOT PROCESS I chose the Magisk Manager patched boot image root method. It's pretty simple actually. Before proceeding, make sure you are all set with the preparation step. The general idea behind this root is that Magisk patches a boot image, which you flash to the boot partition. This custom Magisk image contains your su binary and custom kernel. If you haven't installed Magisk Manager yet, you should do it on your device. You should know how to install an apk file. At this point, you should also have your stock rom downloaded on your device, preferably placed somewhere you can easily access it like the Downloads directory.
"What is the su binary?" you may ask...
su is the switch user binary in Linux, which allows you to take actions as the root account. Getting "su" on Android is the same as rooting. On an unrooted Android, it's not that you don't have permission to use the "su" binary; the su binary doesn't exist at all! Thus, if you want root, you gotta add it.
"What is Magisk?" a n00b might ask...
Magisk is a lot of things, but in this context it is a way to root your device without alerting the fascist Google safety net which will discriminate against your device just because it was rooted. Additionally, Magisk Manager will control which apps can use root once you have the su binary added. Indeed, Magisk was made by ingenious Russian hackers. :)
Patching your boot.img with Magisk This part's simple. On your tablet, enter Magisk Manager and click Magisk, install, select and patch a file, then navigate to wherever your stock ROM directory is that you should have saved in Downloads probably, and find boot.img. This will make Magisk Manager patch boot.img, and create a custom boot.img that is named something along the lines of magisk_patched_boot.img. IT DOES NOT OVERWRITE YOUR STOCK BOOT.IMG, AND THAT'S A GOOD THING. I'LL EXPLAIN WHY IN THE RECOVERY/RESCUE SECTION. At any rate, if this is successful, your patched boot image is now in the same directory as the rest of your images. If you would like to know exactly what it's called, check the Magisk logs. If you're asking what the patched boot image is, you should read about how the boot image loads the kernel and the ramdisk. This patched one loads the su binary. If that doesn't make sense to you, don't worry about it.
Extracting your ROM directory Now that you have your stock ROM directory, with the patched magisk boot.img in it, you need to transfer it to your computer. This is because fastboot works with image files which are on your PC, and not on your Android. There are a lot of ways as I'm sure you know to transfer a file from Android to PC: you can use Google Drive for instance, or a standard USB media connection. Unfortunately, Linux doesn't usually support direct USB communication for media transfer, so I recommend doing this using adb if you're on Linux. This is how you'd do it with ADB:
- Connect your Lenovo to your computer with a microUSB cable
- Ensure USB debugging is turned on in dev. settings, and that your device appears when you use the command adb devices -l . It will probably say "unauthorized" and that's OK. If it says that, just open up your Lenovo and hit "accept this computer's RSA key"
- Open up a shell using the command adb -d shell this is a Linux shell by the way, so I hope you know some basic Linux commands. If you don't you shouldn't be rooting. See appendix for a small guide. If you're too scared to use Linux, use a different method to transfer your stock ROM directory to your computer.
- Find your downloads directory, or wherever your stock ROM folder is. It should be inside your sdcard directory. Once you have the directory filepath, use adb -d pull [path-to-directory] to copy the directory to your current working directory in Linux.
- None of these steps are necessary if you're on Windows where you can just enable USB file transfer, or if you transfer the directory some other way like via internet or SD card. You can get creative here, it doesn't really matter. The end result must be that you have your stock ROM directory, together with the patched boot image, on your computer disk somewhere.
NOTE: to use adb or fastboot on Windows, you must open CMD in the directory where you have them installed. This is probably where your stock ROM image is going to be pulled.
Unlocking your bootloader This step is pretty straightforward, and can be done at any point once you get into developer mode and hit "enable OEM unlock." This must be done before flashing your patched image, however. At this point you probably have your patched boot.img together with your stock images inside your stock ROM directory, on your computer's hard drive. If you don't, refer to the guide above. Alternatively, you can unlock your bootloader first. It doesn't matter.
In order to unlock the bootloader, you need to get into fastboot mode. For a reference of fastboot commands, check the appendix. You can get into fastboot either by powering the device off and using the hardware key shortcut (power+vol down hold) or by connecting your tablet via USB and using the adb -d reboot fastboot command.
At this point, your Lenovo's screen should be black, and it should say FASTBOOT MODE at the bottom. This is good. You can use the fastboot devices command to see if your device is being seen. If not, you might need drivers, but I didn't have to install drivers on my Linux Mint machine. In order to unlock your bootloader, you must now use this command: fastboot flashing unlock. Your tablet will prompt you for confirmation. Accept it and wait for the success message. When you reboot your device again, for instance with the command fastboot reboot , you should see the message "ORANGE STATE, YOUR DEVICE HAS BEEN UNLOCKED AND CANNOT BE TRUSTED." That's a good thing, it means progress.
Flashing the patched boot.img This is the part where you actually overwrite your boot partition on your tablet. Beware, this is also the part where you're most likely to enter a bootloop, although I will explain how to get out of said bootloop in the rescue/recovery section. So, get your device into fastboot mode again. This can be done with adb -d reboot fastboot or through the hardware shortcut.
Once your device is in fastboot mode, navigate your computer to your stock ROM directory. If you're on Windows, I suggest putting your stock ROM directory into the same directory as your ADB and fastboot. Fastboot flash syntax is: fastboot flash [partition_name] [path_to_image_file_on_local_machine]
In order to flash our custom patched boot.img, we must first disable the verified boot verification.
IF YOU DON'T DO THIS, YOU'LL END UP IN A BOOTLOOP! If you forget the --disable-verification flag, you will end up in a bootloop! I warned you! More info on VBMeta here:
https://source.android.com/security/verifiedboot Disable verified boot by using this command: fastboot flash vbmeta --disable-verification ./vbmeta.img where ./vbmeta.img is the path to your vbmeta.img file. It may be a little different, for instance if you're on Windows you use backslashes \ and not forward slashes / to separate directories, so if you're in your fastboot folder it would be something more like fastboot flash vbmeta --disable-verification .\stock_rom_folder\vbmeta.img. Seriously though, I hope you know
how relative and absolute paths work, for your own good. From here on out, I will assume you know how to use paths. If you don't, you should brush up on the basics before rooting.
Now that you've flashed vbmeta with the --disable-verification flag, you can flash your boot partition. Use this command: fastboot flash boot ./magisk_patched_boot.img where ./boot.img is the path to your PATCHED boot.img. Watch out, you have a plain boot.img which is stock, and you don't want to flash that one, even though if you do it's no big deal; you just have to flash your custom boot.img afterwards. Also, if for some reason this doesn't work, the
original post I read actually flashed the patched_boot.img twice: once BEFORE flashing vbmeta.img with --disable-verification, and once AFTER. However, they said that only flashing it AFTER is required. I flashed it twice, once before and once after, and it worked. The key is that you flash your custom boot image AFTER you flash vbmeta.img with --disable-verification. This is because Android Verified Boot (AVB) will not allow you to boot from your patched boot image if you allow it to verify it cryptographically, as it lacks the key. Check the verified boot link above for more info on that.
At this point, if everything went well, you can use fastboot reboot to boot your Android. It might take a while longer than usual, but once you boot, you should be rooted.
NOTE: Both adb and fastboot are tab-friendly. If you know how to use tab-autocomplete, it can help a lot as you're doing all this.
I HAVE ROOT, WHAT SHOULD I DO NOW? If you followed the above guide, you should be able to give and revoke application root permissions using the Magisk Manager app you installed earlier. Google Play Store should still be usable. At this point, I would check if you actually have root on your device. There are a lot of ways to do this, but a safe one would be to connect your tablet via USB to your computer and open a shell with adb -d shell, and try to use the command su to switch user. It should lag a little and not let you, but you should get a pop-up question on your tablet asking if you want to grant the program "Shell" root permissions. Go ahead and do it, this is a safe program. It's your Android's internal shell. Now you have root privileges when you connect an ADB shell. Try using su again, and it should work. Alternatively, download any app that asks for root permissions and see if it works. Careful though, giving any app root permissions is a good way to get into all kinds of trouble. Many times you think you're the one hacking, but you end up being the one who gets hacked.
Now that you have root, you can go wild. The limits are up to your imagination and skill. I went about getting rid of every piece of Google spyware and adware on my tablet. I also installed hardware-identifier spoofing apps which allow me to change my MAC, my bluetooth MAC, and my IMEI. These are powerful privacy measures; so powerful that the mods of this subreddit might not even like that I mentioned them. It's not illegal, and it's fair game, mods! This tablet can't accept a SIM card!
BEFORE YOU GO CRAZY, please read my recovery section. For the love of god, back up your data before you proceed with doing anything to the system partition, or giving anything besides Shell root access!
RESCUE/RECOVERY I'm stuck in a bootloop! So you bootlooped. No big deal. I bootlooped multiple times and figured out how to rescue my device, and now I'll pass that knowledge on to you. It's an enriching experience to be honest. Here's the bad news: this Lenovo does not support TWRP custom recovery, and to my knowledge it doesn't actually have a recovery partition that you can access. In other words, adb -d reboot recovery sends you into fastboot mode.
Here's the good news: if you have your stock ROM, then you just have to flash the stock copy of whatever partition you think you messed up. Don't forget, the fastboot flash syntax is: fastboot flash [partition_name] [path_to_image_file_on_local_machine] so for instance in order to reset my system partition to stock, I would do fastboot flash system ./system.img , assuming I'm already in my ROM directory on my PC.
I made this nice mini-guide which tells you which partition you probably messed up, depending on your action, and what resetting said partition will do. When in doubt, you can flash all of the following:
boot partition
If you're flashing the stock boot.img on your device, it's probably because you are in a bootloop that doesn't even get to the lock screen of your device. If something is the matter with your boot partition, you should only see the Red Lenovo Logo, and it should NOT do the normal boot thing it does where it cycles through a bunch of images with random people doing exciting things which have nothing to do at all with the tablet such as BMXing. The major reasons for needing to flash boot.img are:
- Downloading the stock ROM for the wrong build. In this case, only flashing the boot.img from the correct build will revive your device. I hope you saved or wrote down your build somewhere.
- Forgetting to flash the vbmeta partition with the --disable-verification flag before flashing your magisk_patched_boot.img will send you into a bootloop, as I warned you before. If you forgot to do this, then you can just flash vbmeta.img with the flag shown above, and then flash your patched boot.img again. You do not need to touch vbmeta if you're flashing the stock boot.img
- Completely resetting the device. Keep in mind to lock the bootloader again, you must use the command fastboot flashing lock
fastboot flash boot ./boot.img is how you flash stock boot partition
system partition
If you're flashing the stock system.img, it means you've irreparably messed up your system partition. This can happen if you remove the wrong system app or package, or if you otherwise mess with the system files. This type of bootloop may appear almost exactly like the bootloop from a bad boot.img, but it can be characterized by your device trying to boot, but then going into fastboot mode.
By the way, system apps/packages are things like Google Play Services; the ones you can't remove on an unrooted Android. Removing these can be good for battery and to remove Google's spying, but it can send you into a bootloop so fast it'll make your head spin. This is why I recommend to back up your system.img (see below) before every attempt of messing with it. One wrong move and you have to start over. In fact, if you're an inexperienced rooter, I don't recommend messing with any system app until you read about the Android system and Google what each app/package you want to mess with does. With that being said, you can make a flashable backup image of your current system.img if you use the dd command. More info on that below in the backup options section.
fastboot flash system ./system.img is how you flash stock system partition. This will restore all system apps and services. It may fail to rescue the device unless you also flash the user-data partition, depending on how badly you messed up.
user-data partition
This is probably the most common bootloop. It's usually characterized by getting to your lock screen from boot, and the device shutting off. This happened to me because I installed an app from the Play Store which listed trackers on my device and could uninstall system apps, but people on the comment section were saying it caused bootloops. The device worked fine until I tried to reboot it, lol.
Flashing a stock user-data.img means you lose all your data. However, if your data isn't backed up, it's probably gone already unless you're a digital forensics expert and know secrets that I don't. This is why I advocate backing up your data, and discuss several ways of doing that in the following section:
[CUSTOM IMAGES AND BACKUPS]
"
I have root, but I am afraid of going into a bootloop and losing all my data!" Smart. If you don't have that concern, you should. I lost all my data a few times because I didn't back it up. Here, I'll discuss
backup options so you don't have to start all over from square one. Much like most things in life, serious failure with a rooted device is best addressed BEFORE it actually happens, by using a backup! Here are some viable backup options, together with their use cases and information:
- Backing up user-data via USB on Windows: If you know how to connect your device to your Windows computer for data transfer, then you can back up the data on your user-data partition without doing anything fancy. This only works for the user-data partition, and does not create a flashable image.
- Backing up via adb backup is great, and allows restoring with adb restore. I'm not going to post about this in-depth, but if you're interested I suggest looking these commands and their syntax up. It's all in the man pages.
- Using a partition managebackup app. This is a risky idea because the app itself could have ads, or could bootloop your device. I don't recommend this method very much, especially for noobs. It may seem easy, but it's a good way to eat shit. Normally rooters flash TWRP to their recovery partition to do this, but this device doesn't support TWRP to my knowledge so we have to cope.
- [EXPERTS ONLY] Use dd to manually back up your partition. Watch out! This is the hardest, most dangerous, but also most rewarding way. They call dd disk destroyer for a reason! One false move and you're going back to square 1! You need to know your partition layout and you may need to unmount your partition! If you know which dev is which partition (there are utilities for this in Linux), you may do something like this: dd if=/dev/mtd/mtd1 of=/sdcard/recovery.img bs=4096 to backup your recovery image, assuming your recovery partition is in /dev/mtd/mtd1
"Please help, I messed up so bad I can't even get into fastboot and I have a bootloop!" This is the point where you have to use SP Flash tool to unfuck your device. I've never fucked it up that bad, but I hear you can still rescue it if you use that tool.
That's it! If you enjoyed this, give me a like or something. I'm starting a Youtube channel too where I'll show you how this is all done. Oh, I'm not responsible for you messing your device up. That's on you. Oh, if you want me to do a root guide for your device, I only do MTK (MediaTek) chipsets, and my next guide will be for the Alcatel A30 where I'll be rooting it with the SP flash tool scatter file method. But do feel free to ask me to do some other device, I might just make a guide about it.
A little about me I'm a computer science student with a passion for hacking and Android rooting. I've rooted many devices before, but this was my first one where I actually knew what I was doing. It's one thing to follow instructions or use a one-click-root security exploit app, but it's a whole other thing to do your own research and actually understand the process. One day I hope to work in the mobile security industry, but if I end up somewhere else, I feel like Android will always be a hobby of mine. I feel like rooting sets you free from the tracking device in your pocket. It is a way to keep private information like where you are at all times and what you do on your phone private, and to get rid of the "it's your phone but it's actually ours to do with as we please" mentality of Google. You don't have to agree with me here, but that's what motivates me.
appendix Fastboot and ADB command guide:
https://www.androidjungles.com/adb-fastboot-commands/ (keep in mind, on Linux you can just use adb --help and fastboot --help as well as the manpages to see detailed information)
ADB and fastboot download (FOR WINDOWS):
https://developer.android.com/studio/releases/platform-tools Basic Linux commands:
https://maker.pro/linux/tutorial/basic-linux-commands-for-beginners Creating backups of partition images (DO
NOT COPY-PASTE DD COMMANDS. IF YOU DON'T UNDERSTAND WHY NOT, THEN DON'T F*CKING USE DD) and read the manpage, please!
https://www.addictivetips.com/mobile/how-to-backup-your-android-phones-boot-recovery-and-system-partition-images/ https://android.stackexchange.com/questions/203891/how-to-take-full-image-backup-of-partitions-or-emmc (pay attention, this is not for the same type of device, though it mentions MTK devices.)
dd syntax: dd if=[path to input file] of=[path to output file]
Verified Boot Information (For those who want to become L33t Haxxors):
https://source.android.com/security/verifiedboot Stock ROM download page (but you can find your own or ask me in comments, but provide build number pls):
https://firmwarefile.com/lenovo-tab-m8-tb-8505f Magisk Manager Download:
https://magiskmanager.com/ or on GH
https://topjohnwu.github.io/Magisk/ submitted by 20 Best Offline iphone (iOS) Games to Play Without Internet (2020) Are you looking for a great little handful of games to play offline on iOS iPhone mobile devices? All 20 of the following games can be played without an internet connection and offer a great gaming experience. 20 offline games for iOS to make the time without WiFi or data pass fast. App Store is full of great apps and games to accommodate your free time. However, most of them require you to be connected to the wireless or mobile Internet at all times. All in all, it’s one of the coolest free offline games for iPhone and iPad you can play. Install: (Free, offers in-app purchases) 2. Jetpack Joyride. If you are on the lookout for an action-filled endless running game that can keep up and running all the time, Jetpack Joyride is for Best free games for iPhone (iOS 6 and below) ... Play as Tyler, Cody, Garrett, Cory, Coby, and the greatest mascot of all time, Panda! LEADERBOARDS Prove your trick shot skills against your friends and family all over the world! ... - Play offline! No Wi-Fi is needed to play! 22 Best iPhone Games of All Time Discover Apple App Store gaming greatness. by. Jim Squires. ... Not updated since 2015 (iOS 9). Free to try, but costs to unlock the whole game. Heavy graphics requirements. ... The 10 Best Offline Games for Android in 2021. 15 Best Free iOS Games You Can Play on Your iPhone or iPad [2019] iPhone and iPad provide an ideal environment for a wide range of mobile games with great graphics and dynamic features to impart excellent illusions and visuals. FEATURES: • 72 different levels across 2 game modes • 6 unique environments • Choose from over 100 disguises to wear • Finish a level fast to earn up to 3 stars • Golden Shorts are hidden in all Story levels • Race against a ghost of your best score • Split times at gates show +/- your best score • Earn achievements both online and offline • Easy access to Game Center scores ... The best Free offline slot games for Android no download games are now available for users, but the old ones still need to be downloaded to PCs and mobile devices before they run. Most offline slots are adaptable for Android devices, PCs, iPads, tablets, and iOS. Top 10 Best Free Offline Games For Android & iOS. There are loads of offline games for Android and iOS available via Google Play Store, and Apple’s App Store that does not require internet. Before I listing down with respect to their genre, it would be a nice idea to list down the top ten regardless of the genre. Minecraft Pocket Edition Best free games for iPhone (iOS 9 and below) ... Levels range from easy to hard for all adults to enjoy – accessible on-the-go, offline and online. ... Black Ops and Call of Duty®: Modern Warfare®, available for the first time for free. Or squad up with friends in a brand new 100-person battle royale survival map.
Register now at whatoplay.com: https://bit.ly/2yZFomFhttps://whatoplay.com/ios/free/ - Complete list of all free-to-play iOS games.Our updated ranking of the... Ranking the best iPhone & iPad video games ever released. These are the top-rated iOS mobile games available on the Apple App Store. You may get these throug... Top 10 Best iPhone Games of All Time REDUXSubscribe: http://goo.gl/Q2kKrD and also Ring the Bell to get notified // Have a Top 10 idea? Submit it to us here!... Ah, .io games. Years ago they used to be extremely popular, and while there are still a chunk of people playing .io games, they're long past their prime. Sin... In this video ill show you the top 20 best android huge size games of all timeif you like this video then please: like subscribe and sharelike my fb page: ht... As we waver on the cusp of a new generation, we take stock of the games that have stood the test of time. Here are the 100 best games of all time...in 10 min... No internet? No problem! There are too many offline games, but look through them to find the best ones for your Android and iOS phones. Here are our choices.... 10 Best FREE TO PLAY Video Games of All Time (BEST FREE GAMES)Watch more TOP 10s Here https://goo.gl/MhaUYMSubmit your Top 10 Ideas Here https://goo.gl/V5c... We've ranked the best FREE iPhone & iPad first-person shooters available on the Apple App Store These are the highest rated free-to-play FPS Games for your i...