Hi guys,
I have a request: I am looking for param dumps from the following devices:
1) Verizon Galaxy S III (I need a dump from two different people)
2) Non-Verizon Unlocked Galaxy S III (I need a dump from two different people)
3) Non-Verizon Locked Galaxy S III (Same device as in #2 above, I need a dump from two different people)
If you have root, and are interested in helping me out, please dump your param partition by typing this in a command prompt:
adb shell
su
dd if=/dev/block/platform/msm_sdcc.1/by-name/param of=/sdcard/param.img
exit
exit
adb pull param.img
Then post it in this thread, and let me know which device you have, and if it is locked or not.
Much appreciated.
https://dl.dropbox.com/u/13047317/parm.img
By locked, I don't know what you mean.
T-Mobile
Rooted
CWM Installed.
Stock Touchwiz
Kernel built by me
Just curious, but what is this for and what are you working on?
brfield said:
https://dl.dropbox.com/u/13047317/parm.img
By locked, I don't know what you mean.
T-Mobile
Rooted
CWM Installed.
Stock Touchwiz
Kernel built by me
Just curious, but what is this for and what are you working on?
Click to expand...
Click to collapse
By locked, I mean locked bootloader.
I had an idea (based on some work done on the GNex) regarding unlocking the bootloader.
Sent from my Galaxy Nexus using Tapatalk 2
efrant said:
By locked, I mean locked bootloader.
I had an idea (based on some work done on the GNex) regarding unlocking the bootloader.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
Then no, I do not have a locked bootloader.
efrant said:
By locked, I mean locked bootloader.
I had an idea (based on some work done on the GNex) regarding unlocking the bootloader.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
The SGS3 param dump is quite different from the GNex param dump. brfield's param is a very large file, almost all nulls except at:
0x000000c
0x0000010
0x0900000 through 0x0900010
0x09ffc00 through 0x09ffc0f
We'll see what we learn when we get dumps from another non-VZW phone, and a VZW phone or two.
efrant said:
Hi guys,
I have a request: I am looking for param dumps from the following devices:
1) Verizon Galaxy S III (I need a dump from two different people)
2) Non-Verizon Unlocked Galaxy S III (I need a dump from two different people)
3) Non-Verizon Locked Galaxy S III (Same device as in #2 above, I need a dump from two different people)
If you have root, and are interested in helping me out, please dump your param partition by typing this in a command prompt:
adb shell
su
dd if=/dev/block/platform/msm_sdcc.1/by-name/param of=/sdcard/parm.img
exit
exit
adb pull param.img
Then post it in this thread, and let me know which device you have, and if it is locked or not.
Much appreciated.
Click to expand...
Click to collapse
Here is one from a Locked Verizon S3. Very small compressed, mostly 0's.
anoobdev said:
Here is one from a Locked Verizon S3. Very small compressed, mostly 0's.
Click to expand...
Click to collapse
Thank you. (Can't click thanks button, used up today's quota.)
Two differences between VZW and T-Mo versions:
At 0x0000014, VZW has a 1, T-Mo has a 0.
From 0x09ffc00 to 0x09ffc0f both have 16 strings of very different bytes. I wonder if these are flags, device-specific keys, and MD5 or SHA1 hash of something.
We'll know more when we get another VZW and another non-VZW device.
Anyone care to test what happens to a VZW device if that 1 at 0x0000014 is changed to a 0? Be careful though it might brick the device if this partition is being checked by crypto.
I ran the command in an elevated terminal on my device and directly uploaded the resulting image.
My device is a locked Verizon S3.
I hope this can be of help.
http://db.tt/mRR4ezU6
ExodusC said:
I ran the command in an elevated terminal on my device and directly uploaded the resulting image.
My device is a locked Verizon S3.
I hope this can be of help.
http://db.tt/mRR4ezU6
Click to expand...
Click to collapse
Thanks. (I've run out of thanks for the day.)
----
Like the other VZW image, this also has a 1 at 0x0000014. This looks like it might be a candidate.
What it has from 0x09ffc00 to 0x09ffc0f is different from both of the other images. This leads me to believe that this is some kind of device-specific key, hash, or serial number.
Keep the images rolling...
EDIT: An AT&T image was just posted to Adam's thread.
Location 0x0000014 looks very interesting. Anybody have a Sprint image?
EDIT: Anybody game for trying this out on your SGS3. It might unlock it, it might brick it, or it might do nothing...
It needs root and busybox.
Code:
echo -n '\x00' | dd obs=1 count=1 seek=20 of=/dev/block/platform/msm_sdcc.1/by-name/param
Should we be hunting down people with the US Cellular version and see if they'll dump theres as well? I'm not seeing many on this forum, but there are some around on the others.
They've tried the tweaked param over on AdamOutler's thread, and it does not seem to unlock the bootloader, but doesn't brick it either.
Thank you to everyone who provided param images, and thank you efrant for starting this thread. It would have been _awesome_ if this had worked.
Sent from my BANNED Unified-Search-enabled Galaxy Nexus.
segv11 said:
They've tried the tweaked param over on AdamOutler's thread, and it does not seem to unlock the bootloader, but doesn't brick it either.
Thank you to everyone who provided param images, and thank you efrant for starting this thread. It would have been _awesome_ if this had worked.
Sent from my BANNED Unified-Search-enabled Galaxy Nexus.
Click to expand...
Click to collapse
Thanks to all who provided the partitions and those who flashed them. And a big thanks to segv11 for taking the time to look into it -- it was worth a shot... I still think that flag is somehow related...
P.S. I'm all out of thanks for today
Someone posted some code to Adam Outler's thread describing the structure of the param partition. The solution might be in param afterall, just not in the same simple way as the Galaxy Nexus.
Sent from my BANNED Unified-Search-enabled Galaxy Nexus.
bbeelzebub said:
Should we be hunting down people with the US Cellular version and see if they'll dump theres as well? I'm not seeing many on this forum, but there are some around on the others.
Click to expand...
Click to collapse
I have a US Cellular GSIII. I can post a dump if anyone needs it, but it does not have a locked bootloader. Although since the models should be the closest except for that it might help.
vexx00 said:
I have a US Cellular GSIII. I can post a dump if anyone needs it, but it does not have a locked bootloader. Although since the models should be the closest except for that it might help.
Click to expand...
Click to collapse
If you post it, I'll compare it to what we already have and make sure that it is also available on Adam's thread.
segv11 said:
If you post it, I'll compare it to what we already have and make sure that it is also available on Adam's thread.
Click to expand...
Click to collapse
Here you go.
https://www.dropbox.com/s/pnl9tsnsorag24b/d2usc-param.zip
vexx00 said:
Here you go.
https://www.dropbox.com/s/pnl9tsnsorag24b/d2usc-param.zip
Click to expand...
Click to collapse
The flag at 0x0000014 is set, like on the Verizon version. Device-specific key at 09ffc00.
I think this explains why 0x0000014 is not the unlock flag: both Verzion and US-Cellular have it set to 1, but only Verzion is locked. Maybe it is a GSM/CDMA related flag.
Related
I am willing to Develop & Create a Method for the Locked Bootloaders of our Devices to be able to use ROMs, Kernels, Recoveries & also SuperCID ( Needed For Network Unlocking )
My one is not applicable for unlocking the bootloader, therefore i need a few files from another unlocked device to work with...
Right now, I am using the Modded Firmware SU4-21 Multilingual provided by @CrashXXL on my Droid Ultra.
Users, Developers & Modders Please Respond as i need the files real quick!!
Here's what i need...
mmcblk0p5 ( aboot )
mmcblk0p18 ( modemst1 )
mmcblk0p19 ( modemst2 )
mmcblk0p29 ( cid )
These are the files needed for my work from an unlocked device
Now how do i get them??
Here's the command-line(s) you need to follow in order to get those files out of your device...
Open Ternimal or CMD on your Computer and do as the following..
Guide for SuperCID in-case if you don't have it in your system... ( Needed for my work )
Just follow this guide over here...
http://forum.xda-developers.com/showthread.php?t=2317536
Click to expand...
Click to collapse
Code:
adb shell
su
dd if=/dev/block/mmcblk0p5 of=/sdcard/mmcblk0p5
dd if=/dev/block/mmcblk0p18 of=/sdcard/mmcblk0p18
dd if=/dev/block/mmcblk0p19 of=/sdcard/mmcblk0p19
dd if=/dev/block/mmcblk0p29 of=/sdcard/mmcblk0p29
Now simply copy mmcblk0p5 , mmcblk0p18 , mmcblk0p19 & mmcblk0p29 from the root of your sdcard to your computer or just make a zip file including them, upload & give me the link
@Tanzior @Jaocagomez @Franzie3 @CrashXXL @CrazyRussianXDA @aviwdoowks @Al936 @Crossvxm @summer.cat @Topsnake
I've check all the works, roms, guides, mods and everything done by you people, see my thread and please respond asap
I might get you the files, I still have the droid maxx unlocked laying around, I'm not in home but I'll post it later
Enviado desde mi D6603 mediante Tapatalk
Thanks in Advance
Jaocagomez said:
I might get you the files, I still have the droid maxx unlocked laying around, I'm not in home but I'll post it later
Enviado desde mi D6603 mediante Tapatalk
Click to expand...
Click to collapse
1 The Motorola SuperCID is no concept, it is not HTC
2 unlock bootloader stored qFuse 428/00000001
3 Secure On be stored at a different address in the same qfuse
4 qfuse access can be obtained only through TZ that is very well protected
I feel as if everyone is ignoring this thread, it has been too quiet here
JH1108 said:
I feel as if everyone is ignoring this thread, it has been too quiet here
Click to expand...
Click to collapse
I think Crashxxl's comments crashed our hopes.
I for one appreciate the concept but, considering nobody has ever gone to this way of potentially doing it means it's basically not going to happen but who knows, small miracles happen from time to time.
Wish I could be of some help. The only idea other I can think of is to find a way to let the phone RSD flash SU4-21 so we can unlock it. Sorry I'm not a dev. It's something I want to get into. Just don't know how or where to start...
Great idea
this is a great idea of copying the unlocked bootloader to locked phone how much progress you have achieved ?
hey what if I just go into the mmcblk0p5 and change these lines "Device_isLocked.status code=0"
"Device_isUnlocked.status code=1" "Device_isLocked.status code=2" and "Device_isUnlocked.status code=3" knowing that 0 and 2 obviously are codes for bootloader being locked and 1 and 3 being code for bootloader unlocked what if I make all code values to 1 and 3 only to trick the device into thinking it is unlocked??? Probably not I'll probably end up in a brick or bootloop. I'm just so anxious to have my bootloader unlocked I'll try anything. If this doesn't work I will probably reflashed through Rsdlite and retry a different process. Owell wish me luck I guess
DROID_4_UsEr said:
hey what if I just go into the mmcblk0p5 and change these lines "Device_isLocked.status code=0"
"Device_isUnlocked.status code=1" "Device_isLocked.status code=2" and "Device_isUnlocked.status code=3" knowing that 0 and 2 obviously are codes for bootloader being locked and 1 and 3 being code for bootloader unlocked what if I make all code values to 1 and 3 only to trick the device into thinking it is unlocked??? Probably not I'll probably end up in a brick or bootloop. I'm just so anxious to have my bootloader unlocked I'll try anything. If this doesn't work I will probably reflashed through Rsdlite and retry a different process. Owell wish me luck I guess
Click to expand...
Click to collapse
Not sure if that will work but who knows, at this point it might be worth a try.
I too would love to have the bootloader unlocked on my Maxx but 4.4.4 is a hard nut to crack. The good thing about it is that Motorola/Lenovo phones are very hard to brick permanently. As long as you can get to fastboot, there is always a way to restore stock firmware. Wish you well. :good:
classic757 said:
Not sure if that will work but who knows, at this point it might be worth a try.
I too would love to have the bootloader unlocked on my Maxx but 4.4.4 is a hard nut to crack. The good thing about it is that Motorola/Lenovo phones are very hard to brick permanently. As long as you can get to fastboot, there is always a way to restore stock firmware. Wish you well. :good:
Click to expand...
Click to collapse
Would be strange that an android security expert like jcase would miss the fact that you could just change a few numbers to get the bootloader unlocked...
stealthllama said:
Would be strange that an android security expert like jcase would miss the fact that you could just change a few numbers to get the bootloader unlocked...
Click to expand...
Click to collapse
Also strange than an "android security expert" did not come up with the root method developed by @CrashXXL. Not knocking jcase at all, he does very fine work but there are lots of things that so called experts do not figure out otherwise they would be working for the major carriers to keep people like you and I from being able to root our phones or unlock our bootloaders.
Also, there are lots of things that I have accomplished with the different phones I have had that were the result of the efforts of developers and also non developers. And some things I just researched and learned how to do and some things with android I just figured out how to do through much trial and error. And that is my point. Some things concerning development are not learned except through trial and error. I won't knock @DROID_4_UsEr. At least he is trying, which is more than I can say for the carriers and the "experts", who have given up on KitKat 4.4.4.
Touche'
I stand corrected, the last thing I want to do is stop someone from trying something new and even maybe learning something! Sorry, maybe I was a bit cranky this morning because my bootloader i still locked
---------- Post added at 01:09 PM ---------- Previous post was at 01:04 PM ----------
stealthllama said:
Touche'
I stand corrected, the last thing I want to do is stop someone from trying something new and even maybe learning something! Sorry, maybe I was a bit cranky this morning because my bootloader i still locked
Click to expand...
Click to collapse
Backstory: I had an unlocked Maxx last week and I broke it.....the replacement is 4.4.4
I am feeling a little salty lol
stealthllama said:
Touche'
I stand corrected, the last thing I want to do is stop someone from trying something new and even maybe learning something! Sorry, maybe I was a bit cranky this morning because my bootloader i still locked
---------- Post added at 01:09 PM ---------- Previous post was at 01:04 PM ----------
Backstory: I had an unlocked Maxx last week and I broke it.....the replacement is 4.4.4
I am feeling a little salty lol
Click to expand...
Click to collapse
Thanks. I appreciate your humility. And I understand. I am ticked also that 4.4.4 is like Fort Knox. On serious lockdown.
4.4.2 was easily rootable and unlockable. And then came 4.4.4. So believe me, I feel your pain.
stealthllama said:
Would be strange that an android security expert like jcase would miss the fact that you could just change a few numbers to get the bootloader unlocked...
Click to expand...
Click to collapse
Well it turns out that there Qfuse and that is a hard security to break into. Hopefully somebody takes my idea into consideration and makes an exploit. Or I might just have to do it my self. Jcase has abandon the Droid Maxx bootloader. So anything you have questions about should be told to him about the bootloader project for the Maxx. I've asked him on the Network nodes about it and he told me they have paused the Maxx project. And focusing there attention to Htc devices for now ?
DROID_4_UsEr said:
Well it turns out that there Qfuse and that is a hard security to break into. Hopefully somebody takes my idea into consideration and makes an exploit. Or I might just have to do it my self. Jcase has abandon the Droid Maxx bootloader. So anything you have questions about should be told to him about the bootloader project for the Maxx. I've asked him on the Network nodes about it and he told me they have paused the Maxx project. And focusing there attention to Htc devices for now
Click to expand...
Click to collapse
I guess it makes sense that they are pausing work on the MAXX project. What I really need to do moving forward is do more research before I purchase my next phone. I used to never take these things into consideration when choosing and mostly looked at specs, price, etc..
stealthllama said:
I guess it makes sense that they are pausing work on the MAXX project. What I really need to do moving forward is do more research before I purchase my next phone. I used to never take these things into consideration when choosing and mostly looked at specs, price, etc..
Click to expand...
Click to collapse
I don't think the devs are going to give any more attention to the original droid maxx what with the droid maxx 2 making it's debut tomorrow. This is now a more than two year old phone and I think it has been given up on by the developers, who seem to be moving on to the newer phones, and understandably so.
With Marshmallow now here, 4.4.4 is considered a dinosaur and probably has been abandoned.
It is better to purchase an already unlocked phone, which is what I intend to do.
Then I don't have to wait ages at the mercy of the carrier for root/bootloader unlock.
classic757 said:
I don't think the devs are going to give any more attention to the original droid maxx what with the droid maxx 2 making it's debut tomorrow. This is now a more than two year old phone and I think it has been given up on by the developers, who seem to be moving on to the newer phones, and understandably so.
With Marshmallow now here, 4.4.4 is considered a dinosaur and probably has been abandoned.
It is better to purchase an already unlocked phone, which is what I intend to do.
Then I don't have to wait ages at the mercy of the carrier for root/bootloader unlock.
Click to expand...
Click to collapse
If only I could upgrade to a dev edition directly from Verizon for my next phone
I am not sure if that is possible. I have been thinking about getting off of Verizon, I would definitely have more options. There are a lot of new phones out there by smaller companies that would be great to play with, just not possible on Verizon. As an example, maybe one of those OnePlus 2's. I can't post the link but just do a search for it. Looks pretty snazzy.
All,
Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.
@beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This tool is based off the research of @ryanbg . This makes the process all the simpler for developers to understand/port functionality!
I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of, though, it still could work, I need a tester, PM me, or Telegram me @npjohnson), and many, many other devices form a variety of manufacturers..
How does this apply to you?
The Note 4 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.
How can you help this progress?
You can't.
Currently, the CID writes 'successfully', and persists across reboots, but one of the registers isn't fully flushed. I am working on a module that will flush the register and allow for the Developer Edition Aboot to be flashed via ODIN.
Now, you may ask "How could we load modules, I thought that was impossible?", the short answer is, it is. At least, without what we found (or, rather, stumbled across).
We have the device kicking into Developer Edition using the CID write, and a hardware modification, which we stumbled across (demo: here, credits to @PaulPizz for spending late nights testing the various things I would throw at him, and having the balls to do some dangerous stuff that I personally believed would permanently brick his device). This method is volatile, dangerous, and quite honestly, shouldn't work. When I am confidently able to prove how it works, I will release details on my blog: here. Until then (shouldn't be more than a month, but as always, this is a free time project, and could be put on hold for real life, as I am busy with Cyber Security competitions).
What will most likely be the course of action once I release:
- Change CID to a provided Developer Edition CID
- Use hardware mod to flash/boot the custom kernel I have build to enable module loading (or maybe I'll build the function into the kernel itself, haven't decided yet)
- Either load the module, or call the function (if the latter, I'll write a binary to do so)
- Revert the hardware mod
- Flash Developer Edition Aboot via ODIN
This should be bootloader version agnostic, but, as always, beware updates, and, I'd stay away from any incoming MM updates on all locked carrier variants if you want to retain the ability to use this. If Samsung can update the eMMC firmware using those vendor commands, they can sure as heck change them the same way. Then the ability to do this goes away entirely.
You may be asking, "Can I donate to progress?"
Well. Sort of. Beaups asked that all donations go to the Make a Wish Foundation, or @ryanbg (as he is getting hitched , may you forever 'make cooking' Ryan! Haha.).
If you'd like to donate to me, know that it is not for the CID write, but instead, the work and research put into getting this all worked out for this device. I will also be dividing any donations sent to me with my tester, as he has spent a fair bit of time on this, as have I.
@npjohnson I have two devices s4 and note 4 both from Verizon, I'm in Brazil right now so I don't know if it makes a difference but I'm able to use temporary root in my note 4 so if you want any help give me a shot, I'm not a developer but engineer so any you need from me to get this rooted count me
OMG Could it be?
npjohnson said:
All,
Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.
Beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This makes the process all teh simpler!
I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of), and many, many others.
How does this apply to you?
The Note 4 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.
How can I help this progress?
I need a few thing to make this work:
- A few testers with Production devices, and root (temp-root should work fine) -- I will contact these people individually, do not ask here to test.
- One person with a Developer Edition that has root (need an aboot dump, and them to run one command).
If any of you know of someone with a Developer Edition, please get them in contact with me. I can be reached on Hangouts, or on Telegram (@npjohnson).
PLEASE do not post your CID publicly.
Click to expand...
Click to collapse
So you are saying this might be a path to perm root?
kerfex said:
So you are saying this might be a path to perm root?
Click to expand...
Click to collapse
Not only root but unlock bootloader please encourage anyone to help
The android gods have sent us a miracle
---------- Post added at 12:30 PM ---------- Previous post was at 12:29 PM ----------
I have a locked Verizon note 4 I'm willing to help
@npjohnson Im willing to help. I have been around the block a few times testing for other developers. I am on 5.1.1 and can hold temp root with Kingroot for about 15 minutes.
Edit: I can role back to 5.0 if needed.
@npjohnson
I believe these are some note 4 developer files. Hope this helps
https://www.androidfilehost.com/?w=files&flid=28873
@Venom0642 - Awhile back I think you said you had a developer addition note 4. Do you still have one? Can you help?
howellcp said:
@Venom0642 - Awhile back I think you said you had a developer addition note 4. Do you still have one? Can you help?
Click to expand...
Click to collapse
Sorry mate look at my Sig i been on Note 5 since it came out, so i don't have any Note 4.
Running On Samsung Galaxy Note 5 N920A Wicked Deadly Venom Theme
also willing,
have a retail Verizon,
on LP but can roll back to kk
I have a dev ed Note Edge BUT I bought it used and the previous owner blew retail firmware into it, so aboot is destroyed. Strange thing, though, I'm able to get perm root with the latest kingroot on 5.1.1.
If that's useful to you, I'm down if you're down!
h00rj said:
I have a dev ed Note Edge BUT I bought it used and the previous owner blew retail firmware into it, so aboot is destroyed. Strange thing, though, I'm able to get perm root with the latest kingroot on 5.1.1.
If that's useful to you, I'm down if you're down!
Click to expand...
Click to collapse
If you have a backup of that old aboot, then yes. Feel free to jump in on the thread I added in the Note Edge XDA forum.
kerfex said:
So you are saying this might be a path to perm root?
Click to expand...
Click to collapse
Bootloader Unlock, so yeah, permanent root, though, I don't know if write protection will still be active, but we can hope.
PaulPizz said:
@npjohnson
I believe these are some note 4 developer files. Hope this helps
https://www.androidfilehost.com/?w=files&flid=28873
Click to expand...
Click to collapse
It would... if you knew whose aboot that was, and they were around to dump their CID. Track them down, then we'll talk.
@morgej, please see original post.
Just out of curiosity, correct me if this is lame thinking or not worth trying but would it be possible to change the cid to turn the device into lets say another variant in order to utilize something like CROM.apk or to odin another variants tar files to oem unlock a device?
elliwigy said:
Just out of curiosity, correct me if this is lame thinking or not worth trying but would it be possible to change the cid to turn the device into lets say another variant in order to utilize something like CROM.apk or to odin another variants tar files to oem unlock a device?
Click to expand...
Click to collapse
You could, but the device 99% wouldn't boot.
Plus, you do realize developer editions are unlocked? Why would you want to flash to another variant to oem unlock? Literally the same thing.
Rom-Addict said:
also willing,
have a retail Verizon,
on LP but can roll back to kk
Click to expand...
Click to collapse
Please Hangouts message me if you have adb set up, and can use it.
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Zues532 said:
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Click to expand...
Click to collapse
1. I believe this will work. I tired to help but suck at adb now apparently.
2. No need to post if you don't believe. Just ignore
Zues532 said:
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Click to expand...
Click to collapse
Well. Why don't you read the paper?
All devices that:
1. Use a Samsung eMMC (allows CID write)
&
2. A Developer Edition (allows you to supply a developer CID, and use their aboot)
Are vulnerable.
Question it if you will, but I am packaging things up as I write.
have adb setup but it's been awhile
Me, Honestly Annoying, and 4 others are working getting root, and fastboot working on our device. As far as where we are at (as of this post), fastboot pulls up on the phone and the computer recognizes it, most fastboot commands work, but the ones involving unlocking the bootloader don't work. On every file we have tried up to this point, except for the userdebug I posted a bit ago we get file "signature verification failed", but that is due to a locked bootloader. we have been working nonstop to get the fastboot to function in our device so we can unlock our bootloader. If, and I mean if, this works right, it will easily be applied to quite a few devices. so, in short, we are working on it. We will release the files we have once we are SURE that they work like they are supposed to.
Just don't ask how long it's gonna take to be completed, cuz we honestly don't know. But we are working almost night and day to get this done
For real... Been day and night on this one
If anyone has any ACTUAL questions (ie. not an ETA), please ask them. If you would like to offer ACTUAL help (ie. not "I will test your root method" because there is none to test) please tell us here! Also, @autoprime you have been strangely quiet about all of this, can you offer some insight about where we are? It would be much appreciated
Let me know if there's any help I can render!
solitarywarrior1 said:
Let me know if there's any help I can render!
Click to expand...
Click to collapse
what's the exact model number of your device (I.E. LGLS992)?
schizoidd said:
what's the exact model number of your device (I.E. LGLS992)?
Click to expand...
Click to collapse
LGLS992
solitarywarrior1 said:
LGLS992
Click to expand...
Click to collapse
check your inbox for a skype join link.
UPDATE: modified the aboot and it booted... stay tuned for more
Can I buy yall a pizza or beer or something while you work?
INCREDIBLE WORK YOU GUYS
Sent from my LGLS992 using XDA-Developers mobile app
Honestly Annoying said:
UPDATE: modified the aboot and it booted... stay tuned for more
Click to expand...
Click to collapse
Nice!!! Are you sure it actually didn't just rewrite aboot during boot to the stock aboot? And what was modified on your aboot?
fiddy619 said:
Nice!!! Are you sure it actually didn't just rewrite aboot during boot to the stock aboot? And what was modified on your aboot?
Click to expand...
Click to collapse
We don't think so, though we will have to do some testing on that...
And schizoid cross edited the T-Mobile aboot with our aboot to see if the fastboot commands will work, we're still testing that
---------- Post added at 05:10 PM ---------- Previous post was at 04:42 PM ----------
Calling @thecubed @IllegalArgument @autoprime... we could really use your guys help on this. We're actually making some progress with this device and would love for you to be involved
Here to help
Also willing to help the cause via pizza ? or anything for that matter
fiddy619 said:
Nice!!! Are you sure it actually didn't just rewrite aboot during boot to the stock aboot? And what was modified on your aboot?
Click to expand...
Click to collapse
We checked, it definitely isn't writing the aboot back when it boots. Still won't recognize unlock commands though...
you haven't explained what's being done so there's not much to comment on.
good luck to you guys tho. :good:
autoprime said:
you haven't explained what's being done so there's not much to comment on.
good luck to you guys tho. :good:
Click to expand...
Click to collapse
Can I add you to our Skype chat? I think it would be easier to explain that way
Honestly Annoying said:
Can I add you to our Skype chat? I think it would be easier to explain that way
Click to expand...
Click to collapse
sorry, never have and never will use Skype.
I'll chat on any public XDA thread or #LG-IRC on Freenode IRC.
How are you getting fasboot, wiping recovery or laf? flashed another devices aboot?
you mention changing aboot... you have directly edited the stock Sprint LS992 aboot.img? Or flashed another devices aboot?
autoprime said:
sorry, never have and never will use Skype.
I'll chat on any public XDA thread or #LG-IRC on Freenode IRC.
How are you getting fasboot, wiping recovery or laf? flashed another devices aboot?
you mention changing aboot... you have directly edited the stock Sprint LS992 aboot.img? Or flashed another devices aboot?
Click to expand...
Click to collapse
No worries... this is OK
A while back Tungkick made me a TOT that booted into fastboot. Don't know what she did to edit it, but it works. However it did not recognize ANY fastboot commands, but once I enabled userdebug by editing the build.prop it started to recognize some of them. As far as aboot goes, that's all @schizoidd and I'll let him explain
ok so what has been edited and done. i looked at our aboot and compared it to tmobile's and noticed a few things were missing like the "welcome to fastboot" and a few other things. and on ours, there was some random characters that were in ours but not in t-mobile's nor on the verizon one, so on the stock edited, i just deleted that code. and like Honestly Annoying said, it booted without an issue. i also created another file with tmobile and sprint's aboot merged together and it also booted.
the things done on the merged aboot, sprint encryption, keysand a few other things, tmobile everything else. i have the files but will not upload to here until i know what's all going on
@autoprime ^^^ last post explains what we're doing
Hello Everyone!
I have a Verizon Galaxy S7 and I am wanting to root it! But when I tried it did not work so I just put stock rom file back on it. I read online that my boot loader is blocking the root? I did update to 6.0.1 and my version is G930VVRS4APH1
If anyone has achieved root on this device will you please share instructions on how you did it? Thank you
http://forum.xda-developers.com/ver...-to-notes-root-install-xposed-unroot-t3411039
Sir_Eagle said:
http://forum.xda-developers.com/ver...-to-notes-root-install-xposed-unroot-t3411039
Click to expand...
Click to collapse
I tried this method, and then my phone got stuck in bootloop. I had to flash stock rom through ODIN.
try these
noman.rasheed said:
I tried this method, and then my phone got stuck in bootloop. I had to flash stock rom through ODIN.
Click to expand...
Click to collapse
https://forum.xda-developers.com/tm...eres-how-rooted-nougat-s7-edge-g935t-t3567502
https://forum.xda-developers.com/verizon-s7-edge/how-to/root-method-nougat-t3566978
first one is full of info ,,, took me a bit to digest everything, remember this has info for both flat and edge, also good links to more up to date info. good luck, enjoy.
kevinchristopherson said:
https://forum.xda-developers.com/tm...eres-how-rooted-nougat-s7-edge-g935t-t3567502
https://forum.xda-developers.com/verizon-s7-edge/how-to/root-method-nougat-t3566978
first one is full of info ,,, took me a bit to digest everything, remember this has info for both flat and edge, also good links to more up to date info. good luck, enjoy.
Click to expand...
Click to collapse
will try them today. Thank you!
CAD512 said:
Hello Everyone!
I have a Verizon Galaxy S7 and I am wanting to root it! But when I tried it did not work so I just put stock rom file back on it. I read online that my boot loader is blocking the root? I did update to 6.0.1 and my version is G930VVRS4APH1
If anyone has achieved root on this device will you please share instructions on how you did it? Thank you
Click to expand...
Click to collapse
Yes. and after 2 bricked S7's and a 100 rabbit holes leading me to who knows where, I finally got it.. give me a day or so and ill post the link and how to
The thread Sir_Eagle posted is the correct one for anything root. If something looped, then you either did not meet the prerequisites of the guide or did not follow every step of the guide. The bootloader on this variant requires every image to be signed, this is why the only root we currently have is via a SIGNED AND LEAKED engineer bootloader. Without this, there is no root on this variant. If you DO want to root, follow the link Sir_Eagle provided (but realize it comes with an outdated hacky kernel that has known issues), or go with stock. Up to you
The S7 I should have bought.
Sam Sung said:
The S7 I should have bought.
Click to expand...
Click to collapse
That's still a U snapdragon variant (note Snapdragon 820 in specs).. Would be equally unlockable for the bootloader... "UNLOCKED" in retail sense means SIM unlocked, not bootloader unlocked.
djh816 said:
That's still a U snapdragon variant (note Snapdragon 820 in specs).. Would be equally unlockable for the bootloader... "UNLOCKED" in retail sense means SIM unlocked, not bootloader unlocked.
Click to expand...
Click to collapse
I stand corrected. How would one obtain a phone (preferably Samsung) with bootloader unlocked?
Sam Sung said:
I stand corrected. How would one obtain a phone (preferably Samsung) with bootloader unlocked?
Click to expand...
Click to collapse
Buy the European version of the phone with the Exynos processor instead of the US version with the Qualcomm one. Problem is that phone likely won't work with any of the carriers here in the USA. Or you could move to Europe.
Sam Sung said:
I stand corrected. How would one obtain a phone (preferably Samsung) with bootloader unlocked?
Click to expand...
Click to collapse
Snapdragon variants aren't unlockable (exception being one hardware different model than ours). You can get an international samsung chipset variant with unlocked bootloader but not a US snapdragon one.
djh816 said:
Snapdragon variants aren't unlockable (exception being one hardware different model than ours). You can get an international samsung chipset variant with unlocked bootloader but not a US snapdragon one.
Click to expand...
Click to collapse
Thanks. I don't have to worry about that for a while, since I just upgraded. I don't like the idea of no root, but it is what it is. Guess I'll check the device recommendation threads next time.
A few other questions that occur (in case I add more devices to my account or pick up an additional service):
1. Aside from an international there a (quality) phone/brand that will allow rooting in the U.S.?
2. What caveats can be expected when using an international device (presumably, I can get one compatible with whatever carrier I choose)
I guess it's conceivable that I could buy one of these 'rootable' phones and either add it to my Verizon acct or replace one of my current lines.
I miss root, particularly the ability to create nandroids and Titanium backups. Oh, and accessing the entire file system.
Sam Sung said:
A few other questions that occur (in case I add more devices to my account or pick up an additional service):
1. Aside from an international there a (quality) phone/brand that will allow rooting in the U.S.?
2. What caveats can be expected when using an international device (presumably, I can get one compatible with whatever carrier I choose)
I guess it's conceivable that I could buy one of these 'rootable' phones and either add it to my Verizon acct or replace one of my current lines.
I miss root, particularly the ability to create nandroids and Titanium backups. Oh, and accessing the entire file system.
Click to expand...
Click to collapse
I really hope that you just didn't do it right cause I just got a G930V and if I can't root it will be immediately RETURNED
No root is an absolute DEAL BREAKER.
I see rooting threads so I hope it works.
I need to flash (from bootloader, which is locked) the original xt1609 Verizon rom. The only place that has a copy that I have found is FileFactory, and that download currently says that it will take over 7 hours for a 1.2gb file.
Does anyone else have a copy of it? Thanks!
Edit: 7 hours indeed, but I have the files. If anyone is interested in it post a comment and I'll upload.
YuiChan said:
I need to flash (from bootloader, which is locked) the original xt1609 Verizon rom. The only place that has a copy that I have found is FileFactory, and that download currently says that it will take over 7 hours for a 1.2gb file.
Does anyone else have a copy of it? Thanks!
Edit: 7 hours indeed, but I have the files. If anyone is interested in it post a comment and I'll upload.
Click to expand...
Click to collapse
Just saw your post.
Wish I had seen it earlier.
If you ever need to download the firmware for the xt1609 you can use the following link. They have all the moto firmwares. I just downloaded the stock xt1609 firmware from my phone in less than 10 minutes.
https://firmware.center/firmware/Motorola/Moto G Play/Stock/
classic757 said:
Just saw your post.
Wish I had seen it earlier.
If you ever need to download the firmware for the xt1609 you can use the following link. They have all the moto firmwares. I just downloaded the stock xt1609 firmware from my phone in less than 10 minutes.
https://firmware.center/firmware/Motorola/Moto G Play/Stock/
Click to expand...
Click to collapse
RIP me I guess. Thanks for this. Covers more than just Moto as well which is nice. I'll probably be using this more often.
YuiChan said:
RIP me I guess. Thanks for this. Covers more than just Moto as well which is nice. I'll probably be using this more often.
Click to expand...
Click to collapse
No problem.
Glad to be able to help.
Xt1609 unlocked
Hey Guys i unlocked the moto g4 play xt1609 by purchasing unlock code and when i entered the code it worked but i need to know can i use GSM sim in that or not . thanks in advance
Guri1998 said:
Hey Guys i unlocked the moto g4 play xt1609 by purchasing unlock code and when i entered the code it worked but i need to know can i use GSM sim in that or not . thanks in advance
Click to expand...
Click to collapse
You can put a GSM SIM in but it will only get LTE bands 2, 4 and 5. You won't be able to get bands 12 or 17 (primary T-Mobile and AT&T LTE bands). You also won't get any 2G or 3G GSM signals so cellular talk and text won't work.
unlock LTE bands
bw 1 said:
it will only get LTE bands 2, 4 and 5.
Click to expand...
Click to collapse
Is it possible to unlock AT&T and TMOBILE bands?
ra1dn said:
Is it possible to unlock AT&T and TMOBILE bands?
Click to expand...
Click to collapse
Yes, just get the XT1607.
bw 1 said:
just get the XT1607.
Click to expand...
Click to collapse
rgr dat! :laugh:
classic757 said:
Just saw your post.
Wish I had seen it earlier.
If you ever need to download the firmware for the xt1609 you can use the following link. They have all the moto firmwares. I just downloaded the stock xt1609 firmware from my phone in less than 10 minutes.
https://firmware.center/firmware/Motorola/Moto G Play/Stock/
Click to expand...
Click to collapse
Unfortunately, the file is moved. Any other link?!!
alshanu said:
Unfortunately, the file is moved. Any other link?!!
Click to expand...
Click to collapse
Here you go:
https://androidfilehost.com/?fid=529152257862676953
Hope this helps.
classic757 said:
Here you go:
https://androidfilehost.com/?fid=529152257862676953
Hope this helps.
Click to expand...
Click to collapse
thank you. Could you provide me with the adb command to flash xt1609. there are tutorials for flashing non-Verizon variants but not for xt1609
alshanu said:
thank you. Could you provide me with the adb command to flash xt1609. there are tutorials for flashing non-Verizon variants but not for xt1609
Click to expand...
Click to collapse
Not sure if there is a Verizon-variant tutorial for theG4 play but you should be able to use any generic G4 play tutorial for flashing firmware. I would assume that if any adb command did not pertain to your specific variant, that particular command would return a fail error but would not stop the rest of the adb commands from being successfully performed so you should be able to flash the firmware successfully.
Or you could just simply use only the adb commands that pertain to your firmware file and leave the rest out.
classic757 said:
Not sure if there is a Verizon-variant tutorial for theG4 play but you should be able to use any generic G4 play tutorial for flashing firmware. I would assume that if any adb command did not pertain to your specific variant, that particular command would return a fail error but would not stop the rest of the adb commands from being successfully performed so you should be able to flash the firmware successfully.
Or you could just simply use only the adb commands that pertain to your firmware file and leave the rest out.
Click to expand...
Click to collapse
There are some more files to flash on xt1609, unfortunately they are not mentioned in any of the available tutorials.
alshanu said:
There are some more files to flash on xt1609, unfortunately they are not mentioned in any of the available tutorials.
Click to expand...
Click to collapse
Then you just use the command "fastboot flash" and flash each file in the xt1609 firmware by name separately.
classic757 said:
Then you just use the command "fastboot flash" and flash each file in the xt1609 firmware by name separately.
Click to expand...
Click to collapse
Is there any problem if I entered the command in the wrong sequence?
alshanu said:
Is there any problem if I entered the command in the wrong sequence?
Click to expand...
Click to collapse
To avoid any potential problems, I would flash the firmware files in the sequence they are listed in.
If you have already started flashing and did not flash in the sequential order the files are listed in, you can start over from the beginning (DO NOT reboot your phone) while still in fastboot mode and just flash the first file listed, then the second file, and so on. This will correct any mistake you may have made.
Once you have successfully flashed all the firmware files
just fastboot command "fastboot reboot" and you should be good to go.
classic757 said:
To avoid any potential problems, I would flash the firmware files in the sequence they are listed in.
If you have already started flashing and did not flash in the sequential order the files are listed in, you can start over from the beginning (DO NOT reboot your phone) while still in fastboot mode and just flash the first file listed, then the second file, and so on. This will correct any mistake you may have made.
Once you have successfully flashed all the firmware files
just fastboot command "fastboot reboot" and you should be good to go.
Click to expand...
Click to collapse
Okay, I'll do as you recommend. Do you think it's possible to get the radio of xt1907? I saw someone had flashed the radio from xt1907 on xt1609 and managed to get both voice and data.
alshanu said:
Okay, I'll do as you recommend. Do you think it's possible to get the radio of xt1907? I saw someone had flashed the radio from xt1907 on xt1609 and managed to get both voice and data.
Click to expand...
Click to collapse
Not sure about that one.
Why would you want to do that?
classic757 said:
Not sure about that one.
Why would you want to do that?
Click to expand...
Click to collapse
I'm not from the US, in order to activate voice call, the phone need to be used in Verizon network for at least 30days. that's why I'm doing all these things.