8 have the device completely open see permissive avb verity disabled root and magisk an bootloader unlocked with mtk client I can flash anything I’ve had a port running already of Twrp
but I’m building an absolute working version and I’ve had a gsi flashed what you mean how
Brom always hits perfect for me if I have the mtk client sitting with command ran and have the device off and plug in from off it will connect .. You don’t need to be connected to run the command. I run the command then connect and it flashes I usually have it connected to the magnetic end then just have to plug in USB. But now I use Linux Windows the USB can be tricky cuz of vcom drivers I’ll gladly give out my email anyone need help with anything watch related. Be.rt.pittman76@ gmail any time I’ll help all I can I have a new thread up now that has a protocol to build two fully functioning but if have to say the learning curve is tremendous. Is extremely advanced. I’d say it’s the ore to some future deterministical analytical twrp builder with ai. But I started it I’m good with that
1 Like
Wow so you might wanna keep your eyes out on my xda thread I’ll be dropping a very nice twrp build sometime this week I’m thinking by fri april 17 2026
1 Like
Just wanting to put my twrp build out there it’s not completed but will
L be soon it’s booting and safe to flash and test I take no responsibility for those who flash without experience. I will help anyone though just get at me here xda my GitHub or telegram which I’ll be linking here
Primary repository for forensic-grade Android development. Focused on technical sovereignty and hardware autonomy#Lokmat5Max #MT6762 #HelioP22 twrp #AndroidWear #Mediatek root #Bootloader firmware #AndroidDevelopment
You can get to my repository and recovery and source through telegram too
2 Likes
Let’s keep this stuff together in the same thread.
Thanks
1 Like
I’m gonna drop one off my finding I found code on the stopwatch.apk that basically would give any app that knows how to use it complete root user access or anything on the device, I actually am reporting it waiting on my cve id right now
3 Likes
we have same on ASR watch
1 Like
We have same on almost all Android watches that use in-house custom apps.
This is the problem with these “custom in-house” Android apps made to keep various brands happy. I’m sure that if the regular AOSP apps were included correctly and “per function” apps were built correctly, we would not see these problems. But the brands will not budge…. So far.
It’s nothing to do with the main OEM, this is purely brand pressure for firmware that they want. If OEM refuses to accommodate them, they will go elsewhere. So it’s a vicious circle. Always has been.
The sad truth is that you can easily see that far too many and unnecessary permissions have also been assigned to them. Basically just lazy work.
Rather than done correctly and per function requirements, they seem to just dish out full permissions to all apps. It’s a real problem and needs to stop before someone has a breach.
In my opinion.
2 Likes
i really hope we can find one in mimu system so it can be used to activate adb
is a good thing we always want more permission then less you should be happy to have one click root
1 Like
Good for us maybe, but bad for the OEM.
1 Like
I should have a fully functioning fbe decrypting twrp bby the end of the week it’s already booting I have a few errors I have to work through but all the main parts are there. I knew this was going to be a lot more complex than I initially intended it has turned into a full reverse engineering of the entire device . But by time I done I’ll be able to build something vanilla for the rom and I will build a clean implementation of the sensor stack for aosp and get rid of their oem apps
3 Likes
Well done. 
Nice work. I let the OEM guys know about the stopwatch app. Hopefully they won’t use it again. Definitely a good idea to get rid of all the custom OEM apps. That’s exactly how we made the Android 10 version we released here.
Much cleaner and secure experience.
Thanks
1 Like