• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

ZTE Blade A3 Prime Thread

D

Deleted User

Guest
ZTE BLADE A3 PRIME GENERAL THREAD

PHONE SPECS
As we find out more about the device I will list it here. Again I do not have one of these myself so I'm relying on people that do to feed me this info
  • Codename: Z5157, could be V or Y as a suffix depending on if it's Visible or Yahoo
  • Android: 10 stock
  • OS level 32 or 64 bit: 32 bit, with 64 bit binders (for GSIs)
  • Chipset: Quad Core MTK6761 2GHz, aka Helio A22
  • RAM: 2GB DDR4 (LPDDR4 I think)
  • Display: 5.4 inch 720x1440
  • Battery: 2660mAh removable
  • Storage: 32GB on board, up to 2TB SD card expansion
  • Headphone Jack: yes, 3.5mm
  • USB: Type C
  • Connection: up to 4G LTE
  • Network: Visible Mobile, Yahoo Mobile, or GABB. Not sure if network unlockable. Stock firmware can be switched while retaining original network capabilities (see below)

BOOTLOADER UNLOCKING (DO THIS FIRST)
Unlocking the bootloader is a pretty standard affair. No additional hoops to jump through. As far as I am aware this works on the latest security patch/firmware update so there's no reason not to update. Big shoutout to XDA user zaduma for finding this out, check out his original XDA thread HERE.
  • Enable OEM Unlocking in the Development Menu in Android
  • Reboot to bootloader, plug the phone into your computer where you have ADB/Fastboot installed
  • Plug it into the computer and issue a "fastboot flashing unlock" and confirm
  • Then issue a "fastboot flashing unlock_critical" and confirm
  • Reboot with "fastboot reboot". Phone should wipe itself, yada yada, standard bootloader unlocking affair
VBMETA/VERITY BYPASS (DO THIS RIGHT AFTER)
Reboot to fastboot mode and flash over the vbmeta partition with this one here. Extract the IMG file out of the ZIP before flashing. Thanks to XDA user lopesom for providing this to me. You must unlock your bootloader prior to doing this. The command is as follows:
fastboot --disable-verity --disable-verification flash vbmeta /path/to/custom/vbmeta.img

KERNEL SOURCE
Believe it or not ZTE actually made it available on their ZTE Open Source website. It's the Z5157V_Q source, kernel version 4.4. HUGE thanks to XDA user zaduma again for this. Great find! GitHub mirror HERE contains both kernel and vendor tree source.

STOCK ROM DUMP
Stock ROMs confirmed to work by XDA user Talysdaddy, flashable via SPFT v5.1924. He started out with the Visible variant but bricked it, using these to try and restore functionality. There are multiple variants for this phone for multiple carriers, however this user confirmed that firmwares for other carriers will indeed work on this phone if you brick it and you'll at least retain basic device functionality.
  • GABB variant: HERE. This is a network aimed at kids. Features like Developer Options will be locked out. Pretty stripped down and useless, but only linking for archival purposes
  • **Yahoo Mobile variant: HERE. Similar in function to Visible Mobile. This is the one Talysdaddy recommends because he thinks it's the more complete ROM. XDA user tlopez51 confirmed that Yahoo Mobile firmware works on Visible Mobile devices WITH cellular.
  • Visible Mobile variant: HERE. Thanks once again to XDA user tlopez51 for pulling all of this and posting it up online for everyone to benefit from. He's confirmed that this firmware is 100% functional, you can do a full Format All + Download in SPFT with this firmware package and it'll restore everything just fine.
**Yahoo firmware highlighted in red because, as of now, this appears to be the gold standard for modding. All Magisk/boot image/GSI flashing mods were done with Yahoo Mobile firmware as a base. Flashing from another firmware like Visible over to Yahoo shouldn't affect your network/cellular status, your Visible phone will still work on Visible's network for example. If you want to mod your device, we recommend flashing over to Yahoo first as a base

STOCK ROM FLASHING VIA SPFT
As stated in the section above, this was tested using SPFT version 5.1924. Flashing this phone via SPFT will be the same as any other MediaTek device, the only difference being when you plug this phone in to flash, it must be completely off, and you need to be holding Volume Down as you plug it for flashing/reading to work.

Make sure when flashing, set the mode to Download Only.

When flashing over my phone from Visible to Yahoo, I flashed everything EXCEPT THE PRELOADER. That might be safe to flash, but I choose not to touch that because if you screw up your preloader, your phone is pretty much toast. But I can confirm that Yahoo-everything else with Visible-preloader seems to work just fine.

ROOT PRIVILEGES WITH MAGISK
This took us a long time to get. We're pretty sure it was just due to a glitch in Magisk that (at the time of writing this) is only present in Canary testing and not in the normal stable release branch. Anyway, do the following steps below, and if that doesn't work then patch your boot image further before flashing with the OSS Patcher.
  • Download the stock firmware that corresponds with your phone, and in the archive pull out the boot.img file. Send the boot.img to your phone's storage for later
  • Install the Magisk Manager app on your phone. For now you want to use the CANARY testing branch because the normal release branch doesn't have some patches needed to make it work.
  • In the Magisk app, select Install, then Select and Patch Image (the one that implies you're giving it a boot image to patch, NOT direct patch mode). Browse and select the boot.img you put on your phone earlier.
  • Once it's done, pull the image Magisk spit back out to your computer
  • Reboot the phone to fastboot, and on a computer flash the boot image that Magisk spit back out with the following command: fastboot --disable-verity --disable-verification flash boot /path/to/magisk/boot/image.img
  • Reboot the phone again and you should now have full root privs!
If you don't want to do any of this, XDA user tlopez51 has a guide HERE with completed images that you should be able to use for Visible firmware.

If you have Yahoo Stock firmware, follow THESE steps instead from XDA user Jerry12798

CUSTOM RECOVERY
It appears that the recovery partition is stored in the boot image. I think the Xperia Z2 did something similar. Custom recovery on this phone might be possible, albeit very tricky.

CUSTOM ROMS VIA GSI IMAGES
XDA user tlopez51 helped us out a lot with this part. The GSI used for his instructions was this one here, but in theory any Android 10+ GSI should work. You need to do the vbmeta stuff outlined above before flashing a GSI or it might not work. When picking a GSI, look for the following 3 things or else it won't work:
  1. Built for A/B partition
  2. "a64", not "aarch64". This means 32 bit Android, with 64 bit binders
  3. VNDK support built in

I will outline below the steps I used to get GSI's working on here, starting from a Yahoo Mobile firmware base flashed with SPFT. You will need the LATEST FASTBOOT, you can install the latest ones from XDA RIGHT HERE. I say this because if you're running an old version, you'll probably end up soft bricking your phone like I did. I used the adb and fastboot from Linux Mint 20.2's sources, but it was too old and didn't have all of the commands listed below. Anyway, without further ado:

  1. From powered off, hold Vol Up and Power until you see ZTE then let go. This will boot you to recovery
  2. Select Boot to Fastboot from recovery. This will get you to fastbootd. This is where you want to be
  3. fastboot -w to erase userdata and cache and all that
  4. fastboot delete-logical-partition system to nuke the system partitions, you need to clean them out to give the GSI enough space to install into
  5. fastboot --disable-verity --disable-verification --skip-reboot --slot all flash system PATHTOIMAGE.img to flash the actual image. When you download the image, it will probably be a .img.xz file. You need to extract the .img file itself from the .img.xz before flashing.
  6. Reboot the phone, wait a while, and then it should boot!
 
Last edited by a moderator:
I've got a basically untouched Z5157V from Visible that I don't have service on yet. I'm going to look into how to dump the stock ROM and will advise when complete.
 
If someone wants to forward me the process to do this it will save a lot of time since this will be me first time looking into doing so.
 
JtSpott said:
If someone wants to forward me the process to do this it will save a lot of time since this will be me first time looking into doing so.
Click to expand...
Just got your message now. let me look up a writeup I put on XDA and forward it to you, please stand by

EDIT: it would be ideal if you had a Linux box for this because then you dont have to deal with drivers, but anyway here's a writeup for how to use SPFT to take backups. If there's any errors let me know and I'll try to help you through them

https://forum.xda-developers.com/t/blade-a3-prime-visible.4128481/page-4#post-84486759

The key here is downloading the Yahoo Mobile firmware that I linked to in the post there. You'l' be utilizing the Yahoo Mobile preloader and scatter file to dump the Visible stuff. It's a bit of a tedious process, but in theory what you should be able to do is work your way down the scatter file and replace/overwrite all the images in the Yahoo Mobile firmware with the Visible Mobile version. In my thread there I outlined how to do it with the boot image, but if you work your way down the scatter file replacing all the images mentioned (some have file names, some do not, ignore the ones that don't have file names) we'll have a complete dump.

My advice too is to replace the preloader LAST. Work your way down the scatter file and get every other image specified first before doing that one. Sometimes preloaders can get a bit screwy with newer MediaTek devices, as in you'll dump it with the parameters that it lists but it still won't come out right. As a matter of fact, the preloaders might even be identical, in which case it's unnecessary to even replace something that already works fine.

I apologize for dumping a huge responsibility like this on you, I only do this because I don't have the device myself (but I do take interest in it). If I had one of these I'd work through all of this on my own since I have experience with this, and then post up my results for everyone else to freely use. If you do choose to do this though, it would be a big help to everyone else
 
Last edited by a moderator:
jasonmerc said:
Just got your message now. let me look up a writeup I put on XDA and forward it to you, please stand by

EDIT: it would be ideal if you had a Linux box for this because then you dont have to deal with drivers, but anyway here's a writeup for how to use SPFT to take backups. If there's any errors let me know and I'll try to help you through them

https://forum.xda-developers.com/t/blade-a3-prime-visible.4128481/page-4#post-84486759

The key here is downloading the Yahoo Mobile firmware that I linked to in the post there. You'l' be utilizing the Yahoo Mobile preloader and scatter file to dump the Visible stuff. It's a bit of a tedious process, but in theory what you should be able to do is work your way down the scatter file and replace/overwrite all the images in the Yahoo Mobile firmware with the Visible Mobile version. In my thread there I outlined how to do it with the boot image, but if you work your way down the scatter file replacing all the images mentioned (some have file names, some do not, ignore the ones that don't have file names) we'll have a complete dump.

My advice too is to replace the preloader LAST. Work your way down the scatter file and get every other image specified first before doing that one. Sometimes preloaders can get a bit screwy with newer MediaTek devices, as in you'll dump it with the parameters that it lists but it still won't come out right. As a matter of fact, the preloaders might even be identical, in which case it's unnecessary to even replace something that already works fine.

I apologize for dumping a huge responsibility like this on you, I only do this because I don't have the device myself (but I do take interest in it). If I had one of these I'd work through all of this on my own since I have experience with this, and then post up my results for everyone else to freely use. If you do choose to do this though, it would be a big help to everyone else
Click to expand...


Sorry for the delayed response.... I just now circled back to see if there was any new activity on this thread. I a going to read your procedure and will attempt this task later today. If I run into any hurdles I will be back here asking some questions. For now I am just going to say we should have the dump later today.
 
JtSpott said:
Sorry for the delayed response.... I just now circled back to see if there was any new activity on this thread. I a going to read your procedure and will attempt this task later today. If I run into any hurdles I will be back here asking some questions. For now I am just going to say we should have the dump later today.
Click to expand...
Actually you're cool, dont sweat it, another guy already did a full partition dump of the Visible Mobile firmware that I linked in the OP. If you want you can download it and keep it handy so you have a stable base to flash everything back to. If you check further on that XDA thread we're trying to get a modded boot.img with Magisk Root to work, as well as a GSI Treble ROM.
 
need help with the string to put patched image back in to fast boot with the disable verify thing... please help.. the file is on my desktop but no matter how i put it it its not taking it to flash the file with the disable verify stuff please help.
 
desilynn79 said:
need help with the string to put patched image back in to fast boot with the disable verify thing... please help.. the file is on my desktop but no matter how i put it it its not taking it to flash the file with the disable verify stuff please help.
Click to expand...

Verify both OEM unlocked and USB debugging are checked in Developer mode then boot to bootloader not fastbootd mode. From Android OS connect USB cable and in a terminal window type adb reboot bootloader. Watch for any pop ups asking for permissions then re-type adb reboot bootloader command again.

Note: Examples below are for Linux system. If Windows use backlash > \ instead of forward slash > / .

***(Device in bootloader => FASTBOOT)***
***************************************************************************************************************************
Example command to boot from image (no flashing):

fastboot --disable-verity --disable-verification boot /home/user/Desktop/magisk_patched-22104_94wbB.img
***************************************************************************************************************************
Problem with above step in my experience is the device tends to boot to Android OS even if the image fails to load as the bootloader process will revert to booting from the oem image so not really a true indicator of success. The true test is to flash it as per the below. If after flashing the device goes into bootloop then re-flash the OEM image with SPFT and you must use either option Firmware Upgrade or Format all + Download.

***(Device in bootloader => FASTBOOT)***
***************************************************
fastboot flashing unlock
***************************************************
On device press VOL UP to accept.

***(Device in bootloader => FASTBOOT)***
***************************************************************************************************************************
fastboot --disable-verity --disable-verification --skip-reboot flash vbmeta /home/user/Desktop/vbmeta_Mod-MT6761-10.img
***************************************************************************************************************************

***(Device in bootloader => FASTBOOT)***
***************************************************************************************************************************
Example command to flash image:

fastboot --disable-verity --disable-verification flash boot /home/user/Desktop/magisk_patched-22104_94wbB.img
 
Last edited:
dun4today said:
Verify both OEM unlocked and USB debugging are checked in Developer mode then boot to bootloader not fastbootd mode. From Android OS connect USB cable and in a terminal window type adb reboot bootloader. Watch for any pop ups asking for permissions then re-type adb reboot bootloader command again.

Note: Examples below are for Linux system. If Windows use backlash > \ instead of forward slash > / .

***(Device in bootloader => FASTBOOT)***
***************************************************************************************************************************
Example command to boot from image (no flashing):

fastboot --disable-verity --disable-verification boot /home/user/Desktop/magisk_patched-22104_94wbB.img
***************************************************************************************************************************
Problem with above step in my experience is the device tends to boot to Android OS even if the image fails to load as the bootloader process will revert to booting from the oem image so not really a true indicator of success. The true test is to flash it as per the below. If after flashing the device goes into bootloop then re-flash the OEM image with SPFT and you must use either option Firmware Upgrade or Format all + Download.

***(Device in bootloader => FASTBOOT)***
***************************************************
fastboot flashing unlock
***************************************************
On device press VOL UP to accept.

***(Device in bootloader => FASTBOOT)***
***************************************************************************************************************************
fastboot --disable-verity --disable-verification --skip-reboot flash vbmeta /home/user/Desktop/vbmeta_Mod-MT6761-10.img
***************************************************************************************************************************

***(Device in bootloader => FASTBOOT)***
***************************************************************************************************************************
Example command to flash image:

fastboot --disable-verity --disable-verification flash boot /home/user/Desktop/magisk_patched-22104_94wbB.img
Click to expand...

so from in the android phone im suppose to open something called terminal? i guess i missed that step... where can i get this? and i need to type the command into said terminal 2x correct? and not from pc side?
my vbmeta file is labels opposite how you typed it... my file is called what you called the actual image and the image is just name vbmeta. and my magisk patched file is labeled just that and is directly on my desktop (windows)
oem unlocking and usb debugging are selected im am currently in orange state. if im understanding correctly the bootloader is now unlocked.
the disable verification is disabling the "signature" verification thus allowing for the root?

my magisk file used the visible stock img to patch, even though the yahoo one is the ' gold standard' i prefer to keep it as close to carrier stock without all the chyt i dont use taking up valuable space.

and is user user or "user" like if the main user that spot would be the name of the computer
ex: fastboot --disable-verity --disable-verification flash boot /home/Desnchris/Desktop/magisk_patched-22104_94wbB.img
or would it be
fastboot --disable-verity --disable-verification flash boot /home/user/Desnchris/Desktop/magisk_patched-22104_94wbB.img

i have not tried to do anything as of ready your reply back to me or the other fella on another post as i had questipns toboth of yall to clarify before i proceed. that and its been a busy day.
i like to complete when i start rooting but sometimes it takes patience.
thanks for understanding
 
Ok. All commands are always typed from a terminal (comand prompt) window on the pc. It is much easier this way but you can install a terminal emulator on the Android device however you would be limited to typing only adb commands while in the Android OS. When typing a command in terminal for the device to do or execute you are normally connected to a USB port (pc and device) but there is a difference when to do so as when in flashing via the fastbootb or bootloader => FASTBOOT screens. All of these screens are menus you can access while in the Android Recovery mode.

How you open up the Android Recovery can be a bit tricky at first. Essentially if you read through the posts you remove the battery wait 8 seconds or so then re-insert the battery. Now hold down the VOL-UP & PWR buttons together and let go all the buttons once you see something come up visually on the screen of the device. That is how you get into the Android Recovery menu. That is if the device is operating normally otherwise VCOM is the last resort for emergency recovery.

A much faster way to Android Recovery is to type in terminal adb reboot recovery while in the Android OS or adb reboot bootloader to get to the bootloader => FASTBOOT screen in a hurry. I explain VCOM next.

What is VCOM mode? VCOM mode is what you need to access when the phone is essentially in a brick kinda status such as in an endless bootloop cycle. Typically is what you get when you flash something the device boot sequence doesn't like or system is not able to verify that the flash file is not tampered with or is the wrong kind for the model or phone type, etc after you've done the flashing and were somehow successful at getting it flashed to the device.

You already know about VCOM mode if you've used SPFT before hand but thought to cover that as well.

Next. I presented examples as to how you would fastboot commands. I used "user" in my examples meaning you replace "user" with whatever is the name of whoever is the owner of the Desktop environment. You can type whoami in terminal to see who the user is if unsure but I see you already figured that out.

fastboot --disable-verity --disable-verification flash boot /home/Desnchris/Desktop/magisk_patched-<or-whatever-name-magisk-assigns>.img or simply rename it boot.img, rom.img, etc.

Just make sure not to flash a boot.img to vbmeta or vice versa. The system will probably not let you but be cautious at what you mean to do. Notice in the fastboot command the words "flash boot" means it is going to flash in your case the Magisk patch file to the boot slot.

Lastly. Yes when ever you unlock the bootloader you will get Orange state. If you re-lock it, it should go away but root is only possible if in the bootloader unlocked or Orange state for this device.

FYI. there is a Red state too but takes a bit of tampering to get there. Either way SPFT and VCOM is your last recovery resort. Also, --disable-verity --disable-verification are supposed to ensure the flash file gets past verification and signature cross checking but these flags are no longer needed once you first flash the vbmeta_Mod-MT6761-10.img to the vbmeta slot. I use these flags just as a force of habit or when needing to make certain the flash gets through no matter what - kinda of a brute force mode.

And is okay to use the Visible rom. I did use the Visible rom initially to root. Either the Yahoo or Visible is okay. In my use of both images the Yahoo image does load much faster when re-flashing via SPFT too.

Hope is all a bit more clear.
 
Last edited:
i have boot looped and i have not used spft before that i remeber, it just looks similar to odin. Again its been quite a while so i feel as if i am a noob...
so now im at how do i get into down load mode for the phone ( volume up and power isnt working) and what all files to i need to put where in spft and then which items need selected.... omg idk what i did wrong...
 
Unless you don't have a backup of the original image then download mine from HERE. Extract the zip file into a folder on your Desktop name it Visible. Run SPFT as an admin. In SPFT for the Download-Agent box click the choose folder icon over on the right and select the MTK_AllInOne_DA.bin file located in the root of the SPFT folder. For the Scatter-loading File click on the choose folder over to the right and go to the Visible folder then select the MT6761_Android_scatter.txt file. You should immediately see a list of files load into the SPFT module.

Now go to the dropdown menu box below the Authentication File box (leave this one as is) and choose Format All + Download in that drop down menu. You should see all files automatically get checked. See the attached.

Power down the phone and take the battery out of it then re-insert it back after 6 to 8 seconds. Have your USB cable at hand but only the one end should be plugged into the PC USB port. Go to SPFT and click on the Download button with the green arrow pointing down over it. Go to the phone and hold down the VOL-DOWN button then insert the USB cable into the phone. No need to hurry just follow each step precisely. Wait a few seconds and you should see a red line sweep across at the bottom of the SPFT window. Let go of the VOL-DOWN button. Following that a yellow line will stream across for each file that loads into the phone. The last file is the userdata and will take the longest to load so be patient it should all finish in about 10 minutes give or take depending on the speed of your pc processor, usb port type, etc.

When is all done you should see an OK box with a check mark pop up. Take the battery out of the phone and re-insert it back after a few seconds and press and hold the power ON button. You will probably be presented with a message that the image failed to boot. Just choose to do an erase and the phone will reboot normally on its own afterwards.

So why did the root process fail you may ask? The answer has to do with a host of things but likely is a compatibility issue between this model phone and the ability for Magisk to get past the phone's internal read only file system is my uneducated best guess. However, do know that it did work for me early on but have not been able to replicate the root process however I remain confident while retracing my steps and hopefully the Magisk developers will have a fix. Also note that Magisk has gone through several iterations since my being successful at rooting this device in their fixing other problems. Code writing tends to work that way. You fix something and something else breaks.
 

Attachments

  • Screenshot from 2021-04-30 22-01-23.png
    Screenshot from 2021-04-30 22-01-23.png
    215.2 KB · Views: 341
Last edited:
im am now downloading your backup just to have it. currently installing the other visible from the other thread to see what happens.. its taking longer than the yahoo file but thats ok... hopefully thats not a bad thing.

for whatever reason the yahoo one just loads for a bit and then will freeze up and auto reboot. stays on for less than 5 min in between each reboot. dont even have to be doing anything. hopefully flashing back to visible fixes that. otherwise the phone is pointless... worst case ill flash your file and see what that does... at a standstill until then. and you saying if it wont take the magisk image then basically i cant root right now?

maybe im missing a step. should i be fully reboot and load in between each step? the vbmeta file doesnt seem as though it does anything and doesnt auto reboot but once in fastboot adb wont reboot it.. i have to manually boot.
and i have been flashing the vbmeta file and then flashing the image file right after... wondering if thats the issue or maybe i missed another step. its what i get when im trying to read and comprhend when im tired or have migraine and im impatient lol.thank you again for all you help. i super appreciate it
 
flashing back the visible file from the other thread stops the rebooting over and over but now have no phone signal so far and my imei is missing???
 
Boot loop after tried get root :-(
  • Download the stock firmware that corresponds with your phone, and in the archive pull out the boot.img file. Send the boot.img to your phone's storage for later
  • Install the Magisk Manager app on your phone. For now you want to use the CANARY testing branch because the normal release branch doesn't have some patches needed to make it work.
  • In the Magisk app, select Install, then Select and Patch Image (the one that implies you're giving it a boot image to patch, NOT direct patch mode). Browse and select the boot.img you put on your phone earlier.
  • Once it's done, pull the image Magisk spit back out to your computer
  • Reboot the phone to fastboot, and on a computer flash the boot image that Magisk spit back out with the following command: fastboot --disable-verity --disable-verification flash boot /path/to/magisk/boot/image.img
  • Reboot the phone again and you should now have full root privs!
 
Heads up for those following, I have a Blade A3 Prime coming soon to me. Won't be posting here much, but follow the much-more-active XDA thread about the Blade A3 Prime for all dev activity.

LINK HERE
 
You must log in or register to reply here.
Back
Top Bottom