I am looking into rooting my Nexus S so I can install an ICS ROM. This is my first time rooting so got a question.
How will OTA updates work for me? Will the ICS update just work or will I have to in root to get the official OTA update?
Sry if this has been asked before couldn't find a clear answer.
Sent from my Nexus S using XDA App
Don't do OTAs. Any update released by Google or your manufacturer will be released here, rooted, within hours.
If you take an OTA you will lose root and could even find your phone locked again (as unlikely as that is with the NS, better safe than sorry. Ask the EVO users who took the GB OTA )
Sent from my Nexus S 4G using Tapatalk
Rooting requires flashing custom recovery
OTA requires stock recovery to work properly
So if your phone has custom recovery the OTA will not work.
Alright, thanks alot for the quick responses guys.
Sent from my Nexus S using XDA App
Once the ota is downloaded.....
* Put the zip on sdcard
* Reboot into custom recovery
* Manually flash it
* Directly after that, in the same recovery session, flash latest superuser zip
* Wipe cache
* Reboot
I run stock, so i'll add my two cents into this conversations. A few key points:
OTA's will NOT lock the boot loader
OTA's will work with CWM installed (The OTA will however remove CWM and needs to be manually applied)
OTA's will remove root access (the permissions on the binary get changed)
I have never seen an OTA on XDA that was pre-rooted. i have seen ROM packages that incorporate the OTA that are pre-rooted (installing these usually means a wipe of the device is needed)
if you replace the ROM on the phone, you will not get OTA updated. you must remain mostly stock to obtain them.
Custom kernels or custom google apps on stock roms will cause the OTA update to fail, however you will notified that the update is available.
I hope this answers your questions.
Good points.
What i do in order to maintain the full software (removing system apps, any system changes) is change the permissions of whatever i dont want to "000"
This will allow the verifying of OTA to flash.
snandlal said:
Good points.
What i do in order to maintain the full software (removing system apps, any system changes) is change the permissions of whatever i dont want to "000"
This will allow the verifying of OTA to flash.
Click to expand...
Click to collapse
This does not always work, such as installing the "Black" version of gmail over top the original, the world-wide version of navigation or using market enabler to change the prop.build file. any of these changes will cause the OTA signature to fail.
Though if you are simply removing a system app, then yes, that would work well.
Also to be noted and this just occurred to me, if the OTA is a full ROM version, then the signature won't matter and it will just install. For ICS, this is what i'm expecting.
I'm on the fence about rooting. I know there are advantages like custom ROMs and added features, but I'm somewhat of a newb at this. While the instructions (for the Mac) seem simple enough, I always feel like something inevitably goes wrong or there's some variable I've either overlooked or don't understand that screws things up.
I definitely don't want to brick my phone.
I don't even know what I'm asking in my post, but I guess... what are some advantages of rooting? And if I root, is it fully reversible?
I'm also confused by some of the terminology. What is clockwork recovery? Is that a sort of ROM? I keep seeing that phrase every time I read instructions. Likewise, what's a bootloader? What's fastboot? Also, what's a kernel?
And after I root (as you can see, I am really tempted to), what happens next? How do I choose which ROM works for me? Is it a matter of flashing them and trying each of them out?
I'm afraid of entering the world of root, but I want to. Advice? Does it matter what baseband, or kernel or build number I have?
I'm on Android 2.3.6
Matridom said:
I run stock, so i'll add my two cents into this conversations. A few key points:
OTA's will NOT lock the boot loader
I hope this answers your questions.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1145056
I know it's not likely, particularly with this phone, but it can happen. I maintain that if you're going to go through the process of unlocking your phone and putting a rooted ROM on it that you might as well wait for a modified OTA ROM to get posted by a trusted dev before just installing what the carrier hands out to you.
I guess maybe I should have said "re-lock"?
onthecouchagain said:
I'm on the fence about rooting. I know there are advantages like custom ROMs and added features, but I'm somewhat of a newb at this. While the instructions (for the Mac) seem simple enough, I always feel like something inevitably goes wrong or there's some variable I've either overlooked or don't understand that screws things up.
I definitely don't want to brick my phone.
I don't even know what I'm asking in my post, but I guess... what are some advantages of rooting? And if I root, is it fully reversible?
I'm also confused by some of the terminology. What is clockwork recovery? Is that a sort of ROM? I keep seeing that phrase every time I read instructions. Likewise, what's a bootloader? What's fastboot? Also, what's a kernel?
And after I root (as you can see, I am really tempted to), what happens next? How do I choose which ROM works for me? Is it a matter of flashing them and trying each of them out?
I'm afraid of entering the world of root, but I want to. Advice? Does it matter what baseband, or kernel or build number I have?
I'm on Android 2.3.6
Click to expand...
Click to collapse
OK, let's clear a few things up here.
CWM or ClockWorkMod is a custom recover that can be installed on the phones. This step is needed because the default recovery on the nexus does not allow for updates to be installed that are unsigned. CWM does, so it's a necessary step to installing the SU binary (aka root your phone) or installing custom ROMs
The bootloader is the basic system on your phone that reacts to the power on and hands over operations to Android. The equivalent in the PC world would be a BIOS.
fastboot is a utility that is provided by google that allows you to send commands to the bootloader and direct it's operations. It's needed to unlock the bootloader (so you can replace parts of it.. like recovery with CWM)
Interestingly enough, you can boot your phone to a custom recovery WITHOUT replacing your existing stock recovery by using fastboot.
Rooting your phone is simply installing and providing the proper rights to the SU binary to allow you to have full administrative rights to the phone, the superuser application is almost always bundled with it as it allows for a form of control as to what applications can use root access. Rooting your phone allows you to install some very interesting application, most popular are titanium backup (let's you back up app data and restore them after a reset) and removing advertising (adfree/adaway or it's like) Root can also be used by some applications that allow you to "cheat" at games.
rooting your phone is reversable, though not always the easiest to do. With the stock ROMS, it's fairly easy, you just re-apply the latest OTA and it will kill Root access on your device.
When it comes to custom ROMs the vast majority come pre-rooted to save you the hassel of doing it yourself.
On other phones where the bootloader remains locked, you have to use an exploit to gain root access, this then allows you to modify the OS and install custom roms and CWM while keeping the bootloader locked. Since the Nexus line can be unlocked, it's not needed.
Please note, root access is NOT required to install a custom ROM.
---------- Post added at 02:02 PM ---------- Previous post was at 01:56 PM ----------
MaxCarnage said:
http://forum.xda-developers.com/showthread.php?t=1145056
I know it's not likely, particularly with this phone, but it can happen. I maintain that if you're going to go through the process of unlocking your phone and putting a rooted ROM on it that you might as well wait for a modified OTA ROM to get posted by a trusted dev before just installing what the carrier hands out to you.
I guess maybe I should have said "re-lock"?
Click to expand...
Click to collapse
That's a link to a non-nexus phone. The question here is in regards to the nexus device and i believe my statement stands 100% true. Since it's a self proclaimed "newby" asking questions, i don't want to confuse the post with un-needed and non-relevant information.
Matridom, wow thanks. That clarifies a few things.
So, you say root access isn't required to flash custom ROMs? Let's say for example, I want to flash an ICS ROM, or even a ROM that allows me to have Backlight Notifications?
I don't need root? If I don't need root, how do I flash those ROMs?
Matridom said:
That's a link to a non-nexus phone. The question here is in regards to the nexus device and i believe my statement stands 100% true. Since it's a self proclaimed "newby" asking questions, i don't want to confuse the post with un-needed and non-relevant information.
Click to expand...
Click to collapse
I'm not sure why it's so invalid to advise that he wait for someone to post an OTA that has been vetted for those of us who have unlocked our phones; I respect your opinion (even if you clearly don't mine), but your statement that I am providing "un-needed" and "non-relevant" information is a bit harsh.
The fact of the matter is that Sprint has had at least one OTA released (for the EVO 4G) that re-locked bootloaders and caused a lot of consternation for people who took the OTA on their unlocked phones and found themselves waiting months for a new exploit to be found. Those who waited had a rooted version of the OTA available on the forums very quickly, so if those who took the OTA had just waited they wouldn't have been stuck.
tl;dr: If you went to the trouble of unlocking your phone in the first place I don't see why you would rush to take an un-vetted update OTA.
MaxCarnage said:
I'm not sure why it's so invalid to advise that he wait for someone to post an OTA that has been vetted for those of us who have unlocked our phones; I respect your opinion (even if you clearly don't mine), but your statement that I am providing "un-needed" and "non-relevant" information is a bit harsh.
The fact of the matter is that Sprint has had at least one OTA released (for the EVO 4G) that re-locked bootloaders and caused a lot of consternation for people who took the OTA on their unlocked phones and found themselves waiting months for a new exploit to be found. Those who waited had a rooted version of the OTA available on the forums very quickly, so if those who took the OTA had just waited they wouldn't have been stuck.
tl;dr: If you went to the trouble of unlocking your phone in the first place I don't see why you would rush to take an un-vetted update OTA.
Click to expand...
Click to collapse
The key here is that SPRINT released an OTA for a SPRINT branded device. This has zero relevance to updates provided by Google for Nexus devices.
MaxCarnage said:
I'm not sure why it's so invalid to advise that he wait for someone to post an OTA that has been vetted for those of us who have unlocked our phones; I respect your opinion (even if you clearly don't mine), but your statement that I am providing "un-needed" and "non-relevant" information is a bit harsh.
The fact of the matter is that Sprint has had at least OTA released (for the EVO 4G) that re-locked bootloaders and caused a lot of consternation for people who took the OTA on their unlocked phones and found themselves waiting months for a new exploit to be found. Those who waited had a rooted version of the OTA available on the forums very quickly, so if those who took the OTA had just waited they wouldn't have been stuck.
tl;dr: If you went to the trouble of unlocking your phone in the first place I don't see why you would rush to take an un-vetted update OTA.
Click to expand...
Click to collapse
The issue at heart here is that fact that the OTA for the nexus line of phones comes straight from google and are not "tweaked" in any way by the carriers. (exception nexus 4g has additional applications required for CDMA support)
One of the selling features of the nexus phones is the fact that unlocking the bootloader is officially supported.
In regards to other phones getting their bootloader locked, I've experienced first hand the pains of that, having a galaxy S and the 2.3 installing a new bootloader and really screwing things up for me. In those cases, i agree with you whole heartily and to wait for pre-cracked roms that can be installed.
My question to you would be to please show an example of a nexus S getting it's booloader locked due to an OTA update as that is the phone we are discussing.
---------- Post added at 02:49 PM ---------- Previous post was at 02:47 PM ----------
onthecouchagain said:
Matridom, wow thanks. That clarifies a few things.
So, you say root access isn't required to flash custom ROMs? Let's say for example, I want to flash an ICS ROM, or even a ROM that allows me to have Backlight Notifications?
I don't need root? If I don't need root, how do I flash those ROMs?
Click to expand...
Click to collapse
All you would need to do is to unlock the bootloader, install CWM, then apply the .zip associated with the ROM you wish to install. I would however carefully read the installation instructions for the rom as in some cases, it might be a multi-step process (such as going from a 2.2 rom to a 2.3).
Many ROMS also do not come with the google apps and secondary zip file needs to be applied to get those running (cyanogenMod does this)
I wanted to add, that the process of unlocking your bootloader will erase EVERYTHING on the phone, including the SDcard partition. So make sure you back up anything of importance.
Matridom said:
My question to you would be to please show an example of a nexus S getting it's booloader locked due to an OTA update as that is the phone we are discussing.
Click to expand...
Click to collapse
I can't provide an example because, as I have already stated, this was a precautionary suggestion only.
I'm not going to get into a debate with you over this; I've made my point and you've made yours. Thanks.
Matridom said:
This does not always work, such as installing the "Black" version of gmail over top the original, the world-wide version of navigation or using market enabler to change the prop.build file. any of these changes will cause the OTA signature to fail.
Though if you are simply removing a system app, then yes, that would work well.
Also to be noted and this just occurred to me, if the OTA is a full ROM version, then the signature won't matter and it will just install. For ICS, this is what i'm expecting.
Click to expand...
Click to collapse
Good point again but the trick is to put your apps in /system/framework
Along with framework-res.apk.
This will add a dex file to /data/dalvik-cache, which is needed for saving upon reboot
Does flashing another radio that's different from your original radio impact the ability to apply an OTA?
suksit said:
Rooting requires flashing custom recovery
OTA requires stock recovery to work properly
So if your phone has custom recovery the OTA will not work.
Click to expand...
Click to collapse
Rooting doesn't require flashing custom recovery.
iboj007 said:
Does flashing another radio that's different from your original radio impact the ability to apply an OTA?
Click to expand...
Click to collapse
No. It doesnt
Related
Does having my bootloader unlocked affect getting updates? I have no interest in installing custom roms(for now), and mainly just want root to block ads, install seeder to fix this damn lag, and possibly connect a ps3 controller to play games. Figured I'd just unlock and root. I didn't plan on installing cwm so I could still get updates straight from google. I know an update would just overwrite root, but not sure if the bootloader would affect it. My galaxy nexus I always installed custom roms so I don't know how the bootloader affected OTA's. thanks guys.
In principle it should not affect updates.
Have a look at a prior OTA update's installer script
./META-INF/com/Google/android/updater-script
The OTAs perform binary patching on individual files, one by one. (That is why OTAs can be so small.) Before they perform the patching, a checksum is performed on every file on the tab/phone targeted for patching. If even one of those checksums fail, the entire install is aborted.
In addition the version of the recovery is sometimes checked, too - so merely having a custom recovery can trip up an OTA if that type of assert() check is performed.
To put that in general terms, you could say that an OTA update will almost always succeed if you merely add things to a ROM and leave the stock recovery in place.
If you want to flash stuff without altering the stock recovery just use a soft boot of a custom recovery, e.g. "fastboot boot custom-recovery-image-file.img"
If an OTA fails, don't get scared - you can simply unpack it, modify the updater-script file to remove the failing assert(), re-zip it and flash it. This would need to be done with a custom recovery, though as the modified OTA would no longer be correctly signed.
HTH
Yes but don't remove any of the Google apps that come preinstalled, don't edit the build prop, and that might be it.
Sent from my Nexus 7 using Tapatalk 2
BrianDigital said:
Yes but don't remove any of the Google apps that come preinstalled, don't edit the build prop, and that might be it.
Click to expand...
Click to collapse
yep.
The most recent OTA had the boot image file as one of its patching targets, so it was also subject to checksum verification during the initial assert() sequence of "updater-script".
I guess that means that if you hook anything into the boot sequence that needs to be in the ramdisk, that will trip up the OTA, as it is pretty typical for OTA updates to diddle the kernel or ramdisk. I guess that if you want to stay on a near-factory base distro including new ota updates, that puts the onus on you to either
(a) check the installers of the stuff you flash to make sure the boot image is not being re-packed -or-
(b) maintain a chain of pure stock backup sequences: then you can then restore them, run the OTA patch kit on them, make a new nandroid backup, and re-run your custom flashes. Probably use TiB to restore your apps on top of that, too. Almost like an OS re-install sequence, frankly.
cheers
thanks guys! Does an update from google relock the bootloader? I'm guessing not since its a nexus and they're okay with us unlocking it but just wondering. Just trying to decide if its worth it. I feel myself using my nexus 7 less cause of the latest update. It's smooth once its running but turning the screen on after its been sitting, it take some time to get together.
tu3218 said:
thanks guys! Does an update from google relock the bootloader? I'm guessing not since its a nexus and they're okay with us unlocking it but just wondering. Just trying to decide if its worth it. I feel myself using my nexus 7 less cause of the latest update. It's smooth once its running but turning the screen on after its been sitting, it take some time to get together.
Click to expand...
Click to collapse
Whoops (old timers disease) I said "bootloader" in that post above where I should have said "boot partition" or "boot image". (Now corrected.)
Updates typically don't touch the bootloaders. Interesting question though - if you replace a bootloader via fastboot, does it change the lock status? To that Q I don't know the answer from direct experience.
Maybe I'll give it a try. Ugh that's gonna be a lot of backup/restore ops.
In the meantime, have you seen a page with links to (older) *full* ROM install bundles that Google no longer has on their site? I only got a N7 in early Jan '13, so I don't have any of those older full-ROM+bootloader fastboot-based install bundles.
bftb0 said:
Whoops (old timers disease) I said "bootloader" in that post above where I should have said "boot partition" or "boot image". (Now corrected.)
Updates typically don't touch the bootloaders. Interesting question though - if you replace a bootloader via fastboot, does it change the lock status? To that Q I don't know the answer from direct experience.
Maybe I'll give it a try. Ugh that's gonna be a lot of backup/restore ops.
In the meantime, have you seen a page with links to (older) *full* ROM install bundles that Google no longer has on their site? I only got a N7 in early Jan '13, so I don't have any of those older full-ROM+bootloader fastboot-based install bundles.
Click to expand...
Click to collapse
Nah I haven't seen that. To be honest I've been so busy with flashing roms on my sgs3. I finally have settled down on a rom for my phone so I figured I'd give my nexus 7 a go. But I'd rather not be performing the whole backing up/flashing/modding on both. Its so much lol Plus my tablet I need to be dependable when I need it. That's why I hadn't planned on running roms, just basic root for blocking ads, etc. Before the last update this thing was so fast and enjoyable to use. It still is but its not to where it use to be. I was going to go back but I don't like knowing I'm not on the latest.
and mainly just want root to block ads, install seeder to fix this damn lag, and possibly connect a ps3 controller to play games.
Click to expand...
Click to collapse
Seeder doesn't fix lag. Doesn't work. If your n7 is lagging then there is another cause.
Sent from my Nexus 7 using Tapatalk HD
Is it a misconception that an OTA update received on your phone will not install if you have a custom recovery? I just read an article on how an update will fail if you are running a custom recovery. However, when I updated from 4.2.1 to 4.2.2.. All I did was accept the OTA update notification I got on my phone and it installed fine through the TWRP recovery I had flashed on my Nexus.
It won't install automatically, as you found out. It has been said many times over that you are easily able to install the downloaded OTA yourself in your custom recovery.
peedub said:
It won't install automatically, as you found out. It has been said many times over that you are easily able to install the downloaded OTA yourself in your custom recovery.
Click to expand...
Click to collapse
Sorry maybe I didnt word my post correctly but what I am trying to say that it does install automatically. I got the update notification on my phone and it installed fine.
Rizy7 said:
Sorry maybe I didnt word my post correctly but what I am trying to say that it does install automatically. I got the update notification on my phone and it installed fine.
Click to expand...
Click to collapse
Yes its not new info as this has been discussed before in a number of threads back when the last OTA first came out.
Had a similar question, and in the spirit of not starting a new thread...
was this OTA just lucky in that regard?
ie. I want to root (for ads.. no other compelling reason for me.. I'm happy otherwise).. and would like to do so in a way that makes me as forward compatible for future OTA updates (ie. don't want to have to wipe data).
since I'm not looking for lots of typical custom recovery features, I'm wondering if I should even bother with a custom recovery.. and/or if any are likely to allow me to accept OTAs directly OTA.
thanks!
zim2dive said:
Had a similar question, and in the spirit of not starting a new thread...
was this OTA just lucky in that regard?
ie. I want to root (for ads.. no other compelling reason for me.. I'm happy otherwise).. and would like to do so in a way that makes me as forward compatible for future OTA updates (ie. don't want to have to wipe data).
since I'm not looking for lots of typical custom recovery features, I'm wondering if I should even bother with a custom recovery.. and/or if any are likely to allow me to accept OTAs directly OTA.
thanks!
Click to expand...
Click to collapse
Rooting your phone does not keep you from being able to update it. If all else fails you can always download the OTA and update it through your custom recovery. Which is what a lot of people did instead of waiting for Google to push it to their phone, myself included. Also you don't have to have a custom recovery installed if you don't want to after you root the phone. You could use one of the toolkit's to root it and it will install a temporary custom recovery used just for rooting then remove it when its done. Or just flash the stock recovery image after you root if you do it another way. If you go through the process of rooting I would recommend unlocking the bootloader too while you are at it but be warned this will erase all your memory so backup first.
I know that the Verizon bootloader is almost impenetrable as is, but would it be plausible to completely go over the head of the firmware and directly write an image with JTAG that would allow for custom software? If so, would it be possible to use the firmware from another carrier like USC or would it have to be a custom image?
EDIT: summary of the method and everything I have thusfar discovered
So, this method after a bit of evolution, got to the point it basically entailed the following: Using the SD Card debrick method (popularized by the galaxy s3 LTE variants) a modified firmware image would be written to an SD Card, and the phone would boot from that image. The main problem I ran into: it would not let me flash anything that could brick the phone, nor was I able to pull the usb cord at the right moment and try and manually brick it. I was able to flash firmware and stock tars from other variants of the phone (such as the one that runs on T-mobile), but what I found out through that is a couple things:
1. The stock tars seem mostly carrier independent, and I was without any modification able to flash a T-mobile bootloader, system image, and pit file, but within recovery and download mode it would show that because of integrated CSC, it would still change back to the original variant. This could have implications for a very simple method of removing bloat from the phone, but I'm not so sure
2. It must have a very low level method of injecting information and file verification that is not located anywhere on eMMC
The latter led me to research a TON, eventually finding that the most likely culprit is the use of Qualcomm Qfuses, non-volatile pre-set memory located directly on the SoC, to check how the bootloader is signed. They consist of a couple blocks of registers, and definitely aren't readily writable. The trusted base of the entire secure system, the same system that KNOX invokes on other systems, is within a series of Qfuses. From what I have deduced, however, they must be at some software level writable, as although the Knox counter is an e-fuse, the others (such as the warrantee bit) have been both changed upon their void and reverted when brought back to a service center. This must mean that the entire block is possible to modify in both directions, unlike a fuse or breaker; It seems to act more like flash memory than a "fuse." This is very good, mainly because if the service center can change it it means that jtag has not been disabled by those flags, and is enabled in at least some form. What this also means is that without another MAJOR exploit within unfortunately simple, clean code or a leak of several RSA keys from verizon, either current workarounds such as safestrap are the answer for the foreseeable future, or a method of manually changing a simgle Qfuse (the one that controls the "Qualcomm Secureboot" flag) could be used.
What I'm hopefully going to start at some point here is research into finding a way of accessing and changing that Qfuse via JTAG. I have no money for a JTAG box at the moment, so it'll have to wait, but if anyone who already has one wants to use it, hopefully this info helps
P.S. I figured out exactly what T-flash does in odin: it flashes the files that you input into odin to the currently inserted SD Card (or so it seems, I could be wrong but that's what it did for me)
P.P.S. Verizon, I respectfully request that...oh never mind, profanity is definitely frowned upon here
Also, I'm in ongoing discussion with the FCC as to block C violations by Verizon of aspects of the regulations that upon research have not really been argued to any substantial extent, so if that comes to fruition hopefully there'll be simple ODIN flashable patches for this stuff :fingers-crossed:
UPON REFLECTION: if the phone could be bricked, either by very subtly corrupted file or by interrupting a flash at the right moment, then could the debrick image from a tmobile galaxy s5 with an unlocked bootloader be used as not a method of flashing the on-board bootloader but as a kind of external boot, so a permenantly installed SD Card that would be permissive of modified kernels and such but still accepted as a boot device by the phone?
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
tr4nqui1i7y said:
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
Click to expand...
Click to collapse
what was done with the droix x? Did they use a direct JTAG patch?
I just realized something. From reading here: http://forum.gsmhosting.com/vbb/f200/how-fix-samsung-galaxy-s5-sm-g900f-dead-boot-1813266/
It seems to show that the S5 has a "alternative boot upon init fault" method similar to that that allows the galaxy s3 debrick to work (I have a guide I made with details) so would it be possible to somehow corrupt a very important part of the bootloader in an official update (would one or two bits still mess with the signature?), apply that, and have an insecure bootloader on a microsd card in the phone allowing it to boot into that, then use that with odin to flash an insecure bootloader to the s5 itself?
Now I have to ask an interesting question somewhere (since he: http://forum.xda-developers.com/verizon-galaxy-s5/help/g900v-hard-brick-t2914847 seems to have done it): "guys how do I brick my sm-g900v?"
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
tr4nqui1i7y said:
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
Click to expand...
Click to collapse
I think it might actually be easier
So long as a couple conditions are met for it:
1. The bootloader alone determines if an image is "signed" or not (like when flashed in odin)
2. The same UnBrick exploit from the S3 LTE variants works in some form (secondary storage, fault-triggered boot)
3. It is possible to get it to load a modified bootloader from that secondary boot (this is why number 1 is important)
4. KNOX is completely firmware based, and doesn't have any chip based verification
5. I or someone else actually knows how to modify the bootloader such that it will allow unsigned images (even if not removing it all together, then changing the key to one they publicize so people can sign their rom with it)
If all of these are met, then we might actually have free root! Basically all it would involve would be bricking the device badly enough it boots from secondary storage, have that secondary boot have a "back door" that allows a custom image to be flashed, that allows a bootloader image to be flashed that allows for a signed recovery (signed with that publicly available code) to be flashed without having to deal with safestrap or anything like that. Just full root like on any other phone. Anyone want to offer an opinion? Will this work? I would love to try this out, though I'm a bit unwilling to offer my s5 as a sacrifice just yet as I don't have a JTAG unit on site. I know the bounty is probs gone but I'm ok just getting my bootloader unlocked an' $#*+
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
tr4nqui1i7y said:
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Click to expand...
Click to collapse
Have you found anything yet?
dreamwave said:
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
Click to expand...
Click to collapse
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
dreamwave said:
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
Click to expand...
Click to collapse
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
that's why I'm hoping the debrick image method will work
tr4nqui1i7y said:
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
Click to expand...
Click to collapse
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom. Also, safestrap didn't do a thing with the bootloader, it was done during kernel init, right after firmware finishes. If a phone is hard bricked then adb won't work, and what I'm getting at is hard bricking it then using the debrick image thing
dreamwave said:
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom
Click to expand...
Click to collapse
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Click to expand...
Click to collapse
I don't know, I got it to go back to when root was still possible to get via an app. I don't see why there's a need to downgrade the bootloader if the debrick image thing works
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
Click to expand...
Click to collapse
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
dreamwave said:
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
Click to expand...
Click to collapse
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
tr4nqui1i7y said:
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
Click to expand...
Click to collapse
but that has already been done I think, root on a system with any bootloader so long as a root exploit exists for the OS
That's safestrap. It doesn't allow custom kernels or a full custom recovery though, that's why I'm trying to modify the bootloader
Dumb question, but I'll ask anyway if I root will I not be able to receive OTA updates? Because I know whenever I did that with my Note 4 that if I tried it would give a message saying operating system is modified or something in that nature.
joe1blue said:
Dumb question, but I'll ask anyway if I root will I not be able to receive OTA updates? Because I know whenever I did that with my Note 4 that if I tried it would give a message saying operating system is modified or something in that nature.
Click to expand...
Click to collapse
You will not be able to take the ota. You have two options when marshmallow comes out.
1) Use the return to stock tool and take the ota them reroot
2) Wait for a flash able zip to become available.
TrenchKato said:
2) Wait for a flash able zip to become available.
Click to expand...
Click to collapse
Which will most likely be faster available than waiting for the OTA.
I'm not sure that will be the case for the MXPE. Fastboot shows the OS as "original," leading me to believe that OTA updates may work. Remember that on the Note 4, et al, unlocking the bootloader wasn't supported by the OEM or carrier. Since Moto is supplying the unlock codes, I suspect that OTA updates will not be disabled on the MXPE as long as no other OS changes are made. I could be wrong, but we'll find out when the time comes.
Tanker Bob said:
I'm not sure that will be the case for the MXPE. Fastboot shows the OS as "original," leading me to believe that OTA updates may work. Remember that on the Note 4, et al, unlocking the bootloader wasn't supported by the OEM or carrier. Since Moto is supplying the unlock codes, I suspect that OTA updates will not be disabled on the MXPE as long as no other OS changes are made. I could be wrong, but we'll find out when the time comes.
Click to expand...
Click to collapse
Chances are, if you unlocked your bootloader, you flashed a custom recovery. You can't take an OTA through a custom recovery -- not because it's "blocked," but because the OTA tool is not written to work with that recovery.
Could be. Easy enough to fix if so. Just tell TWRP to allow the OS to overwrite it, the reflash TWRP after the update.
Can't you just flash the stock recovery to take the OTA? Sure, you'll lose root, but you could still take the OTA, then flash your custom recovery again. Is there anything, other than a stock recovery, that prevents OTA updates?
I wish we had a release date. Getting excited for the new features. Should have kept my Nexus 5!
jonathanbailie said:
Can't you just flash the stock recovery to take the OTA? Sure, you'll lose root, but you could still take the OTA, then flash your custom recovery again. Is there anything, other than a stock recovery, that prevents OTA updates?
I wish we had a release date. Getting excited for the new features. Should have kept my Nexus 5!
Click to expand...
Click to collapse
A modified system will prevent the install. You would need to flash the system image as well.
Sent from my XT1575 using Tapatalk
I know some owners rooted their device for different reasons other than roms, but imo better to wait for 6.0 for OTA first. This phone comes with pure Android rom. Not like you need to remove bloat apps. Just need custom roms and kernels which is slow developing. Maybe the devs don't want to waste time with lp and their also waiting for marshmallow. I'm surprised how slow this device is moving under development. Oneplus one didn't have mass sale but their development was quick. Being so similar with nexus 6, hopefully we can get some love with MXP.
Sent from my XT1575 using XDA Free mobile app
I have been holding out on unlocking for this reason. I'm lazy and don't want to set everything up again so I will use Marsh to back everything up first then I will go to town
Tanker Bob said:
I'm not sure that will be the case for the MXPE. Fastboot shows the OS as "original," leading me to believe that OTA updates may work.
Click to expand...
Click to collapse
OTA will not work for rooted MXPE's.
1) Rooting the MXPE requires you to load an alternative recovery (TWRP), which doesn't work with the OTA installation scripts.
2) Rooting the MXPE modified /system files. And OTA updates check /system integrity before it runs the update. Rooted phones will fail that integrity check, and will fail to OTA for that reason.
You could restore your MXPE to stock conditions (un-root, and load stock recovery) to have it accept an OTA. I'm sure that most people will do that, and then re-install TWRP and re-root after that is done. However, I'd recommend you wait a bit for other people to try this first, just in case there are any issues and to verify that root is still available in Android Marshmallow 6.0
Makes sense. Somebody has to be first. I will do a nandroid backup before attempting to update by any means.
Prior comments in this thread:
"You will not be able to take the ota. You have two options when marshmallow comes out.
1) Use the return to stock tool..."
and
"You could restore your MXPE to stock conditions (un-root, and load stock recovery) to have it accept an OTA..."
I just wanted to clarify that the Return to Stock tool does not currently remove TWRP...
Factory image will appear here once available: https://motorola-global-portal.custhelp.com/app/standalone/bootloader/recovery-images
(Must log in with Motorola registered ID or gmail address)
Keep in mind you will see a Moto X (2nd Gen) Pure Edition already there...that is not ours.
hijax2001 said:
Prior comments in this thread:
"You will not be able to take the ota. You have two options when marshmallow comes out.
1) Use the return to stock tool..."
and
"You could restore your MXPE to stock conditions (un-root, and load stock recovery) to have it accept an OTA..."
I just wanted to clarify that the Return to Stock tool does not currently remove TWRP...
Factory image will appear here once available: https://motorola-global-portal.custhelp.com/app/standalone/bootloader/recovery-images
(Must log in with Motorola registered ID or gmail address)
Keep in mind you will see a Moto X (2nd Gen) Pure Edition already there...that is not ours.
Click to expand...
Click to collapse
More clarification: Restore-To-Stock-Tool does replace TWRP. Have a gander inside the zip. I spy recovery.img within. What do you see?
PiousInquisitor said:
More clarification: Restore-To-Stock-Tool does replace TWRP. Have a gander inside the zip. I spy recovery.img within. What do you see?
Click to expand...
Click to collapse
Yup, you're correct ... I just used the tool earlier today and I do indeed have stock recovery.
Sent from my XT1575 using Tapatalk
Sharing my experience... good it's supposed to. Didn't for me, for some reason, until 2nd power cycle. It is stock recovery now though. Sorry for the confusion.
I wish to root my phone(XT1686) but intend to keep the stock ROM(no bootloader unlock).
Is there any advantage in doing so? And will OTA updates be affected?
yourSAS said:
I wish to root my phone(XT1686) but intend to keep the stock ROM(no bootloader unlock).
Is there any advantage in doing so? And will OTA updates be affected?
Click to expand...
Click to collapse
It is not possible to root without unlocking the bootloader on this device...
If you don't have a specific reason to root, don't do it.
And once rooted, you cannot accept any OTA... most likely case if you do it will just fail, worst possible case it bricks (which can happen but is extremely rare).
To answer the question in your title, about the advantages of rooting...
Rooting gives you near full access to your device, and thus the ability to customize it beyond the options provided to you via the default interface. Also, some apps provide additional features on rooted phones. For example, some security programs recommend rooting your device so that it can more forcefully integrate itself with the device to protect against malware, hacking, etc. I tend to install a security package that works better on a rooted device, as well as make use of features that tend to only work on a rooted device, such as folder mounting from the internal SD card to the external one. Also, allows me to access system files that are unavailable otherwise, allowing me to customize certain sounds (or copy them at least).
If you decide you want to root your device, make sure you understand the steps to take BEFORE trying it. That means when you come across a guide on how to do it, make sure you get all the files that will be required and reading through the instructions step by step. If any of the steps sound like it will leave you lost on what to do, then DO NOT do any of it. Also, make sure you read the comments for the guide as well, looking for any mention of issues encountered and consider if you might encounter those issues as well. For example, if it causes issues for devices that use a particular carrier and you use that same carrier, you might want to leave well enough alone. Compare your phone version numbers with what others report having issues with (kernel, baseband, build, etc). Anything that someone has an issue with where their phone somehow matches up with yours in some way, take that as a sign to investigate deeper, so as to avoid having any issues yourself.
For the most part, unless you have a need or desire for a feature/function that requires rooting your device, don't mess with it. I'm not kidding, as one mistake can leave you without a working phone and without any options for returning/replacing it.
Thanks for the replies & warnings.
I'm not a noob so I know the risks of rooting. So maybe I should have rephrased it-
What are the advantages of rooting Moto G5 plus specifically?
Say like in terms of mods and other stuff? Also, is it possible to unroot once rooted- I mean to ask if it's possible to revert the state to factory mode with bootloader locked and stock ROM so that device will be eligible for OTA updates again?
yourSAS said:
Thanks for the replies & warnings.
I'm not a noob so I know the risks of rooting. So maybe I should have rephrased it-
What are the advantages of rooting Moto G5 plus specifically?
Say like in terms of mods and other stuff? Also, is it possible to unroot once rooted- I mean to ask if it's possible to revert the state to factory mode with bootloader locked and stock ROM so that device will be eligible for OTA updates again?
Click to expand...
Click to collapse
Bootloader lock is not relevant to OTA's. You might be able to relock, but the fact it was once unlocked cannot be hidden, it will always be very clear that it was unlocked.
Unrooting is easy, the issue arises undoing what you did with root, undoing them all depends what you changed.
I don't know of any reasons specific to this device to root.
acejavelin said:
Bootloader lock is not relevant to OTA's. You might be able to relock, but the fact it was once unlocked cannot be hidden, it will always be very clear that it was unlocked.
Click to expand...
Click to collapse
If the OEM knows I've unlocked bootloader, why will it push OTAs to my phone even though I've locked bootloader on my end? So isn't bootloader lock status relevant for OTA?
yourSAS said:
If the OEM knows I've unlocked bootloader, why will it push OTAs to my phone even though I've locked bootloader on my end? So isn't bootloader lock status relevant for OTA?
Click to expand...
Click to collapse
No, the status of your bootloader is not relevant... Moto will notify you of an available update and happily attempt to apply it regardless if your bootloader is locked or not.
What matters is if the boot or system partitions is changed, if there is ANY change to those, among other things like if the radio version or recovery versions don't match or the partition table is changed, the update will fail. If you flash any custom recovery it will fail as well.
On this subject I mention a slight con which is that some banking or financial apps might complain to you if they detect root. I have maybe 10 different bank and credit apps installed and all work flawlessly except 1. The Huntington Bank app wont allow me to use fingerprint login but otherwise the app is fully functional like mobile deposits. Just wanted to mention to be aware.