<
I dumped the 4 files listed in the commands above, this took about 1hr to get 4gb.
For good measure I dumped all the partitions as well, the 24gb userdata took 11hrs.
After dumping everything the VM was sluggish so I rebooted and reinstalled open-vm-tools and remounted the hdd.
Once I have these files I can provide the boot partition to magisk to root the phone.
There's a build of TWRP, but after reading https://xdaforums.com/t/blu-b130dl-unlock-recovery-root-release.4350825/page-2 they warn TWRP is not functional on this device and can brick your phone.
Magisk can be ran from TWRP, but I'm not going to.
Further reading has lead me to believe it's probably best not to use anyones base.img's as they will likely only work for their build. People should really stop uploading them.
If I had to guess autoflash.zip will work on more devices as it restores enby_dashie's filesystem.
But the script only overwrites part of the filesystem and this will also likely have incompatibilities depending on the version...
I was reading people's wifi/bluetooth stopped working and they couldn't figure out why trying to follow the XDA writeup.
No one has made a custom rom for this phone.
I'm just going to go with the magisk method on the mtkclient github and skip overwriting partitions with binaries from whatever group.
### Sim Unlocking Detour
I don't think anyone has publicly cracked the sim unlock process yet.
You'll need to pay for an unlock code or active tracfone service and request after 12 months.
It's mentioned on xdaforums that sim locking is done by the apk in `com.tf.tfsecurity`
This $240 russian hardware can do it somehow: https://forum.gsmhosting.com/vbb/f1110/tracfone-b130dl-unlock-done-done-2989340/
There are online versions of it too, I'm guessing you can message them and come to a deal.
I think the going rate is $70/year to use a remotely accessible box.
https://forum.gsmhosting.com/vbb/f1110/list-resellers-pandora-box-pandora-online-ready-stock-2955203/
There a few services on ebay for $6 that'll unlock the carrier for you.
There are a lot of scam unlocking services, some legit.
I know some of these companies have been busted hacking into the cell networks and installing backdoors to unlock phones.
So if you are wondering how they work that might be how.
Some call the company for you and ask for it to be unlocked, if you had service long enough it'll work.
If I were gonna risk $30 getting scammed I think I would try unlockbase.com, but who knows if it'll work.
It's possible the com.tf.tfsecurity app has a backdoor code.
https://blog.uint.dev/network-unlocking-without-carrier-or-oem-intervention-on-mtk/
Even if you unlock the phone, the IMEI will be blacklisted still for major carriers in the US.
So you'll have to change that as well.
Maybe one of those $6 ebay offers will do that for you for a fee too.
You basically need to take a number from a broken phone with a clean imei then flash it over.
This tool might work: https://androidmtk.com/download-sp-meta-tool
I imagine carriers don't like it when two phones are reporting the same imei so make sure wherever you get your imei it doesn't get reused.
I don't need cellular data, so I'm not gonna worry about that for now.
### Back to rooting the device
Now finally to fully unlock the bootloader, I went to flash tools tab and pressed Unlock Bootloader
I unplugged the USB, and held down the power.
On boot it says the bootloader is unlocked with a warning message before booting.
It then gave me a Android Recovery screen telling me I needed to wipe the phone.
Which I did and the phone booted properly.
The Blu branded start screen can be disabled from the top right hamburger icon.
I then used adb to put the partitions on the phone, used adb to install magisk, and ran magisk to patch the partition.
```
./adb.exe push boot.bin sdcard/Download/
./adb.exe install Magisk.apk
```
I then pulled back the patched image.
```
./adb.exe pull sdcard/Download/magisk_patched-26400_yCKAn.img .
```
From here I needed to get back into BROM to flash it.
I pulled the battery, plugged in the usb, held volume up, volume down, power. It showed the bootloader unlocked screen, I let go of volume up, down, power.
I then held volume up, down, power again for 3 seconds and it booted into BROM and was detected by MTKClient
I opened the Write partition(s) tab, found boot, clicked set and found my magisk modified boot image.
I had to use terminal and rename it from `.img` to `.img.bin`
I then found vbmeta, clicked set, and found the empty vbmeta in /opt/mtkclient
I also had to rename it from `.img.empty` to `.img.empty.bin`
Then taking a leap of faith I pressed `Write Partition(s)`
When the writing was finished, I unplugged the USB, held down the power button and the phone booted.
I opened magisk and it asked to do additional setup and I clicked ok and it rebooted the phone.
This time when I opened magisk the super user tab was not grayed out.
```
./adb.exe shell
su
whoami
```
Gives me a grant prompt and I have I root now.
Quite the process.
Also my wifi works.
Once you give wifi a bunch of ad apps install
Android OTA updates check to see if the bootloader is unlocked and stops the process if it is, so there's no cause for concern on an update bricking the device.
### Back to SIM Unlocking
The SIM unlock binary is in: `/product/priv-app/TFSecurity/TFSecurity.apk`
and there's another in: `/system/app/VZWRemoteSimlockService/VZWRemoteSimlockService.apk`
I unpacked those binaries using dex2jar and jdgui, but I didn't see any hardcoded unlock codes.
I imagine you could modify those binaries.
Instead I went to https://tfwunlockpolicy.com and punched in my IMEI and it said my phone was eligible for unlocking.
Even though I've never activated this phone and it's sat on the shelf for the last 2 years.
Maybe tracfone just feels bad for anyone using a Blu phone.
I guess I just wait for the email?
# Update
It has been a week and no email from trackfone.
It's not worth sim unlocking this phone. My carrier uses eSim which this device does not support and I don't see myself using this device for cellular.
]]>