We can stay on the 5.0/5.0.2 bootloader (motoboot.img) and partition table (gpt.bin) and flash rooted 5.1 images using MoFo as well as the 5.1 kernel and radios using fastboot. Details for the XT1096 are here:
http://forum.xda-developers.com/showpost.php?p=61685122&postcount=46
Do not take the 5.1 OTA - flash manually!!!
If you upgrade to the 5.1 bootloader and partition table - YOUR COPY OF MOFO.EXE WILL NO LONGER WORK FOR YOUR DEVICE!!!!
There was a little bit of weirdness when I flashed the rooted image and tried to go into recovery to wipe cache - the dead android kept flashing at me and I couldn't get into the recovery menu. So then I flashed the 5.1 recovery. It is working fine now. I think I will flash back to 5.0 and then reflash it to see if that happens again.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Excellent news! Thanks @JulesJam!
We all learned a lot with our prior MoFo experience, so here's hoping the features are added to the 5.1 ROM with less troubleshooting this time.
Where is the rooted copy you used?
Can the mofo crew just update the binary to read the new gpt?
d33dvb said:
Can the mofo crew just update the binary to read the new gpt?
Click to expand...
Click to collapse
I am not sure what you are talking about.
MoFo.exe relies on an exploit to trick the bootloader to allow you to flash an unsigned system image. According to maiko1, the exploit was patched in the 5.1 bootloader. Supposedly he is working on trying to find an exploit in the 5.1 bootloader that he can use to do the same thing but only time will tell if he can find one.
Legacystar said:
Where is the rooted copy you used?
Click to expand...
Click to collapse
I didn't post it anywhere yet b/c of the issues I was having. @mikeoswego has a rooted image that he baked useful features into. When he posts his, I will just flash that and see how it works. He has a thread in the Android Development section of this forum where he posts his images.
http://forum.xda-developers.com/showpost.php?p=61702833&postcount=215
JulesJam said:
I am not sure what you are talking about.
MoFo.exe relies on an exploit to trick the bootloader to allow you to flash an unsigned system image. According to maiko1, the exploit was patched in the 5.1 bootloader. Supposedly he is working on trying to find an exploit in the 5.1 bootloader that he can use to do the same thing but only time will tell if he can find one.
Click to expand...
Click to collapse
I thought it was that it could not verify your device because of the way it read your info on the device. I assumed he used a zero day he had to attack the verification step of fastboot. I had thought about attacking in this manner. I mean, without busybox, can we try normal Linux shell privilege escalation attacks for this kernel version just like a desktop Linux machine? Are there any previous root methods and how they were obtained? I still say at this point, it would be great to be told what the exploit was, even without code.
---------- Post added at 05:01 AM ---------- Previous post was at 05:00 AM ----------
So it was specific to the bootloader, do we know at which version it became patched?
d33dvb said:
So it was specific to the bootloader, do we know at which version it became patched?
Click to expand...
Click to collapse
Its worked on all versions from 4.4.4 on up but according to maiko1, not on 5.1.
double post.
d33dvb said:
I still say at this point, it would be great to be told what the exploit was, even without code.
Click to expand...
Click to collapse
I think if the exploit has been patched, he should release what the exploit was as there is no harm at this point in releasing that information. Someone should ask him to do that.
The exploit was posted awhile ago according to jcase. What maiko didn't do was post his code for mofo because he owns that. If you want more info pm or tweet jcase.
Related
News about the G3 getting Lollipop OTA in Poland next week.
Thoughts?
http://phandroid.com/2014/11/08/lg-g3-lollipop-update-official/
Edit: another link
http://www.droid-life.com/2014/11/08/lg-g3-lollipop-upgrade-starts-this-week-in-poland/
That is great news! Can't wait
timmytim said:
That is great news! Can't wait
Click to expand...
Click to collapse
Think you will be able to tinker with it ?
2SHAYNEZ
Would be nice to see this ported to other variants so we VS985 users don't have to wait for Verizon.
shayneflashindaily said:
Think you will be able to tinker with it ?
2SHAYNEZ
Click to expand...
Click to collapse
Well I will attempt to but I expect the same issues that we are having with F400S lollipop update. We haven't been able to get a port going yet
Would it be better to wait for a flashable ROM as if we do an OTA update we might not be able to get root back for a while... (different boot loader)?
exciting
I am excited. Of course I'm in Australia so thr chances of it rolling out to me in a hurry is slim, but as with all things phone related its a matter of time. This just means that LG is keen to keep some marketshare goodwill. It also means that it will be sooner rather than later that the awesome devs in XDA take it and bake it better.
objektive_1 said:
News about the G3 getting Lollipop OTA in Poland next week.
Thoughts?
http://phandroid.com/2014/11/08/lg-g3-lollipop-update-official/
Click to expand...
Click to collapse
Ha! xD
S3V3N said:
Ha! xD
Click to expand...
Click to collapse
So next rom would be based on 5.0?
Since Poland users gave d855, would any d855 user be able to flash manually, given access to appropriate files? If yes, would it then be able to be put into a custom rom accessible to all (similar to how CloudyG3 allows me, a d850 user, to run 10n (which alone would be unflashable, if i am not mistaken))?
In theory yes. However im not flashing until a custom ROM is made. Root i can just about live without (I guess the kernel will need bumping).
I am from poland... Yesterday i got ota information about update but i dont know what update it was because i am on AndroidNow hd 2.4 and have bump! So i disable ota because i am afraid i will stock in recovery... Is a way to go back all to stock to take this ota? And if i get this the bump! And root toll may not work?
oposiasty said:
So next rom would be based on 5.0?
Click to expand...
Click to collapse
Of course we do
sielski said:
I am from poland... Yesterday i got ota information about update but i dont know what update it was because i am on AndroidNow hd 2.4 and have bump! So i disable ota because i am afraid i will stock in recovery... Is a way to go back all to stock to take this ota? And if i get this the bump! And root toll may not work?
Click to expand...
Click to collapse
you can download ota and if it tells you it's 5.0 you can provide us the zip without flashing it
edit: aaaaand for you all to know you can't port it to other devices without proper kernel... different carriers have different partitions and kernels are built differently for each version thats why we can't port the f400s to d855 even if was able to boot the kernel it goes panic because of the incorrect partitions and configurations.. we need sources
manups4e said:
you can download ota and if it tells you it's 5.0 you can provide us the zip without flashing it
edit: aaaaand for you all to know you can't port it to other devices without proper kernel... different carriers have different partitions and kernels are built differently for each version thats why we can't port the f400s to d855 even if was able to boot the kernel it goes panic because of the incorrect partitions and configurations.. we need sources
Click to expand...
Click to collapse
How to download ?
it's an ota go into system infos > updates > check for updates.... then download it and post it here (don't flash it.. you will loose root and possibility to root)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Is the bootloader on the Android 5 is open???
Of course not
Damn. I want root AND 5.0. (and yeah bump!)
I'm on d855 off contract (Sweden). Let's see if we can get the .zip from Poland.
Hey guys I have made a simple script that allows you to flash back the stock (non root, non modified) 5.0_LXE22.46.11 system for the XT1096!!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This is good for mofo users who need to restore their phones back to stock unrooted system.
THIS IS ONLY FOR XT1096 USERS!!! Verizon Moto x 2014's
Originally you have to flash all 9 sparse chunks using fastboot to get the stock system back on the phone. Well this tool just runs through all 9 automatically. Also I included the options to factory reset the phone (userdata and cache wipe) and reboot the phone after your done.
Make sure you have the Moto X drivers installed. If not download and install Motorola Device manager. Boot your phone into bootloader mode and plug into computer. Make sure you phone is charged over 20%.
Download the archive, unzip and double click run the "RUN ME TO FLASH STOCK!!!" bat file. Choose a number and let the script automate everything for you.
http://bit.ly/1H4hPX8
Thanks I just used this works perfectly to flash back to stock without losing data. Software status: OFFICIAL
Much better than typing out the lines each time. I am lazy lol.
tacosrdelicioso said:
Thanks I just used this works perfectly to flash back to stock without losing data. Software status: OFFICIAL
Click to expand...
Click to collapse
Did you do anything in particular to get the status back to official? I tried this on mine last night with no luck.
All I did was press one on my keyboard
Slack3r said:
Did you do anything in particular to get the status back to official? I tried this on mine last night with no luck.
Click to expand...
Click to collapse
Do you mean the software status official? Or changing the modified software status in BootLoader from modified to official?
if you mean the bootloader, this will not change it from modified to official. This just flashes the official stock lollipop system.
Can I use this to go back to 5.0 from the latest OTA?
I went to the official OTA from Verizon and wanted to get root again.
Would it brick me to run this to get back to 5.0 stock?
Twistitup said:
Can I use this to go back to 5.0 from the latest OTA?
I went to the official OTA from Verizon and wanted to get root again.
Would it brick me to run this to get back to 5.0 stock?
Click to expand...
Click to collapse
Yes.
Sent from my Moto X
Mac of York said:
Yes.
Sent from my Moto X
Click to expand...
Click to collapse
Are you saying yes that it will brick me or that it will successfully downgrade me?
tacosrdelicioso said:
Thanks I just used this works perfectly to flash back to stock without losing data. Software status: OFFICIAL
Click to expand...
Click to collapse
Really? No matter what I do I have Software Status: Modified. I will have to try again.
---------- Post added at 06:33 PM ---------- Previous post was at 06:30 PM ----------
Twistitup said:
Can I use this to go back to 5.0 from the latest OTA?
I went to the official OTA from Verizon and wanted to get root again.
Would it brick me to run this to get back to 5.0 stock?
Click to expand...
Click to collapse
If you took the 5.1 OTA, then you are now on the 5.1 bootloader. The exploit that MoFo relies on was closed in the 5.1 bootloader and so MoFo no longer works for your device. There is no way to downgrade from the 5.1 bootloader to the 5.0 bootloader.
All this will do is downgrade your system but your bootloader will stay on 5.1 and MoFo does not work if you are running the 5.1 bootloader.
According to this post on the ZTE forums, the OTA should be available in 24-72 hours for the US variant.
Link: https://community.zteusa.com/thread/12438
I thought they said they would be releasing the stock images along with the OTA though? Or did I misunderstand something. . .
no T-mobile wifi calling update?
BoboBrazil said:
no T-mobile wifi calling update?
Click to expand...
Click to collapse
Well it's not obviously stated in the changelog, but it may be one of the "minor enhancements" in #7, although I doubt it. I guess we'll just have to wait and see.
Pollito788 said:
Well it's not obviously stated in the changelog, but it may be one of the "minor enhancements" in #7, although I doubt it. I guess we'll just have to wait and see.
Click to expand...
Click to collapse
You would think that would be a major bullet point, so I'm not too hopeful lol
https://dl1.ztems.com/zxmdmp/downlo...ZTE A2017U/81526/update_P996A01_B20_to_B27.up
Go forth and be updated.
TeutonJon78 said:
https://dl1.ztems.com/zxmdmp/downlo...ZTE A2017U/81526/update_P996A01_B20_to_B27.up
Go forth and be updated.
Click to expand...
Click to collapse
May I ask how/where you got the link?
Pollito788 said:
May I ask how/where you got the link?
Click to expand...
Click to collapse
"adb logcat" on a computer while checking for the update on the phone. It will always list the update URL. It's a pretty big patch -- 376 MB. Boot and recovery are modified but no separate fastboot. So either that's been added into the normal partition commands, or it's still going to be an OTA to enable bootloader unlocking.
Can't wait to hear from the brave souls who update first have to say. I'm goign to keep my root/twrp for now
Pollito788 said:
According to this post on the ZTE forums, the OTA should be available in 24-72 hours for the US variant.
Link: https://community.zteusa.com/thread/12438
I thought they said they would be releasing the stock images along with the OTA though? Or did I misunderstand something. . .
Click to expand...
Click to collapse
"B27" Downloaded and installed. Not all of what everyone/most where asking for, but substantial enough to make a believer out of me. Security patch level at September 1, 'Backup account' no longer greyed out, tweeked signal strength indicator, audio no longer drops out when starting camera and probably a host of other tweeks under the hood.
No announcement about stock images, not good.
I have OTA
Spoiler
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my ZTE A2017U
Strangely enough, I have dropbox installed after the update.
Unless I butt installed it just before (I do not use dropbox).
I'm fairly sure that the last update for the EU model installed an app as well (though not Dropbox).
How do we make a twrp flashbacks zip out of this that won't take away twrp?
Anyone that rooted without unlocking the bootloader tried this update?
Just updated and step count showed up.
Sent from my ZTE A2017U using XDA-Developers mobile app
Recently window and clear all button changed for the better.
Sent from my ZTE A2017U using Tapatalk
Good to hear ZTE brings another software upgrade.
Hope the European version not too long to receive same level of treatment.
Can I ask if seeing any improvements on double tap to wake responsive to be more accurate with a range of press or the same behavior as being from beginning??
Thanks.
Sent from my iPad Air 2
XblackdemonX said:
Anyone that rooted without unlocking the bootloader tried this update?
Click to expand...
Click to collapse
I'm currently on stock B20, locked and unrooted.
I posted the same in @DrakenFX's thread, but I'm happy to try out whatever folks think would be best:
1.) Unlock via the thread instructions and then update to B27
2.) Update to B27, then try to unlock via the thread instructions
3.) Other?
tolymatev said:
Just updated and step count showed up. View attachment 3879910
Sent from my ZTE A2017U using XDA-Developers mobile app
Click to expand...
Click to collapse
Do you have holster mode on? Or is the pedometer always on?
Hey everyone
The update is now rolling out to unlocked models
Any issues let me know but otherwise enjoy!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thanks to Doctor_hue for the image!
-Rox
I'm getting an error when downloading. Can it be uploaded to the developer portal?
Somebody?
Anybody?
*taps mic* Is this thing on?
blackknightavalon said:
I'm getting an error when downloading. Can it be uploaded to the developer portal?
Click to expand...
Click to collapse
Clear the cache on your Google play service, reboot your phone and try again. The changelog was wrong the first time so they might have taken it down for a second to change it.
Giving it a shot now
---------------------------------------------------------------
Same issue
blackknightavalon said:
Giving it a shot now
---------------------------------------------------------------
Same issue
Click to expand...
Click to collapse
Damn okay nuke play services by deleting all the data it has then and do the same steps reboot and try again
blackknightavalon said:
Giving it a shot now
---------------------------------------------------------------
Same issue
Click to expand...
Click to collapse
Are you rooted? Can't update if you are.
rogeriskira said:
Are you rooted? Can't update if you are.
Click to expand...
Click to collapse
Yes, but I should still be able to download the .zip
---------- Post added at 10:54 PM ---------- Previous post was at 10:49 PM ----------
...and that's a no. The image needs to be uploaded to the developer portal
blackknightavalon said:
Yes, buy I should still be able to download the .zip
---------- Post added at 10:54 PM ---------- Previous post was at 10:49 PM ----------
...and that's a no. The image needs to be uploaded to the developer portal
Click to expand...
Click to collapse
Wait your image says installation problem not download problem and I didn't know you were rooted so that is likely the problem (can't install the update from that menu because you're rooted) unless someone pulls the OTA file you're either gonna have to unroot or flash a previous build.
Rox598 said:
Wait your image says installation problem not download problem and I didn't know you were rooted so that is likely the problem (can't install the update from that menu because you're rooted) unless someone pulls the OTA file you're either gonna have to unroot or flash a previous build.
Click to expand...
Click to collapse
Which is why I'm requesting it be uploaded to the developer portal
https://android.googleapis.com/pack.../1d2233d7c911a415cc3661dddebf59d76a89ea26.zip
Pulled this from a debug log. Stopped and started the update download.
Lol I better go plug in
Have not charged it since midday yesterday.
Sent from my Phone 2 using Tapatalk
Careful if trying to update this while rooted. I tried the uninstall magisk, then OTA (which failed), then for some reason did install to slot. Once I rebooted, my PIN lock no longer worked. I had to factory reset my phone. It downgraded me to O-MR2-RC009-RZR-181124.2009. For some reason, I am not seeing the Pie update now.
I'm sure once I flash the factory boot image, I will be able to update and start again. I'm at work right now on a locked down computer and have to wait until I get home to try this.
So, what specifically does this latest update do? I'm looking for an in depth explanation of what changed, not just what it tells you on the update screen. Thanks
Still not installing for me. This is why I'm asking for it to be uploaded on the developer portal
Okay, I had to reinstall the last Oreo uploaded to the developer portal via Fastboot then upgrade that way. Now to wait for someone to pull the boot image
Razer Hosting the Update File
It looks like the March 2019 Update (9.0 MR1) Is posted up on Razer's Factory Images site now:
https://developer.razer.com/razer-phone-dev-tools/factory-images/
photonmedia said:
It looks like the March 2019 Update (9.0 MR1) Is posted up on Razer's Factory Images site now:
https://developer.razer.com/razer-phone-dev-tools/factory-images/
If we are rooted, can we just dirty install this via TWRP?
Click to expand...
Click to collapse
twrp? for razer phone 2? where
photonmedia said:
It looks like the March 2019 Update (9.0 MR1) Is posted up on Razer's Factory Images site now:
https://developer.razer.com/razer-phone-dev-tools/factory-images/
If we are rooted, can we just dirty install this via TWRP?
Click to expand...
Click to collapse
Factory Images can't be flashed so you'll need the OTA (which @jonchance_84 kindly provided) if you have a working twrp.
Rox598 said:
Factory Images can't be flashed so you'll need the OTA (which @jonchance_84 kindly provided) if you have a working twrp.
Click to expand...
Click to collapse
You sure about that? In fastboot mode commands like fastboot flash will flash the images with a unlocked bootloader.
Hi, i succed to gain temp root acces in my device (bootloader allowed no) which running in latest oreo firmware. This exploit uses CVE-2019-2215 for 3.18 kernel. I also succed to setup magisk manager from this thread. I hope this exploit can help you to backup your TA.img before unlocking bootloader.
Btw, i need someone to be a tester for this exploit, i will send it if you want to be a tester.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
mufidmb38 said:
Hi, i succed to gain temp root acces in my device (bootloader allowed no) which running in latest oreo firmware. This exploit uses CVE-2019-2215 for 3.18 kernel. I also succed to setup magisk manager from this thread. I hope this exploit can help you to backup your TA.img before unlocking bootloader.
Btw, i need someone to be a tester for this exploit, i will send it if you want to be a tester.
Click to expand...
Click to collapse
Hello and congratulations for succeding with that!
I recently received a bootloader locked G8231 and I'd be willing to test your exploit on it. Now I have both an unlockable and a non-unlockable (Japanese Docomo release) units. I read through the link you posted and seems pretty interesting to say the least. I'd like to hear more about your version of the exploit, and I'd like to contribute by testing it on either model.
Feel free to reply or PM me.
Can i know and have the way to temporary root xperia xzs. I badly need it to improve the performance of my device. Thankyou so much
Hah, I just updated my thread from about a year ago on the subject of getting temp root. Though it seems like nothing has been publicly released on this thread here, so hopefully my post will still prove to be helpful (I found an already-built version of the exploit that just happens to work right out of the box on the XZs with stock Oreo!)
nlra said:
Hah, I just updated my thread from about a year ago on the subject of getting temp root. Though it seems like nothing has been publicly released on this thread here, so hopefully my post will still prove to be helpful (I found an already-built version of the exploit that just happens to work right out of the box on the XZs with stock Oreo!)
Click to expand...
Click to collapse
Wow it's great to hear something other than crickets here
After waiting over a month for a reply, I didn't have much hope for this thread.
Luckily, my XZs is still locked
I will definitely attempt your method and report back (as soon as I find a bit of time).
UPDATE:
Thanks a lot for the find @nlra !! The exploit works like a charm on latest Oreo. And YES, I just dumped the TA partition on my XZs.
Go ahead and read this comment in his post.
dinosaur99 said:
Wow it's great to hear something other than crickets here
After waiting over a month for a reply, I didn't have much hope for this thread.
Luckily, my XZs is still locked
I will definitely attempt your method and report back (as soon as I find a bit of time).
UPDATE:
Thanks a lot for the find @nlra !! The exploit works like a charm on latest Oreo. And YES, I just dumped the TA partition on my XZs.
Go ahead and read this comment in his post.
Click to expand...
Click to collapse
Hello, could you tell me the procedure for temproot my xzs SO-03J docomo device please? Thank you in advance.
AlexHunt099 said:
Hello, could you tell me the procedure for temproot my xzs SO-03J docomo device please? Thank you in advance.
Click to expand...
Click to collapse
As far as I remember, I copied the mentioned file su98-memory-kallsyms to /data/local/tmp and made it executable. I can't test it now but it's probably something like this:
adb push su98-memory-kallsyms /data/local/tmp
adb shell chmod 755 /data/local/tmp/su98-memory-kallsyms
adb shell /data/local/tmp/su98-memory-kallsyms
Afterwards I can just run /data/local/tmp/su98-memory-kallsyms from a terminal app.