Related
http://www.androidpolice.com/2011/0...-proving-that-the-world-is-coming-to-its-end/
This was released earlier, could this be what Unrevoked and Alpharev needed to get root?
Is this in anyway helpful? ha
http://forum.xda-developers.com/showthread.php?t=1191582
source code
i have just read this too. should be within the coming week that they can get s-off and root....right?
Has anyone seen that movie Source Code? Pretty decent movie. I'd give it a solid 7.325462/10.
source code is a good flick .
I hope the EVO source code release will help me root this POS.
Sent from my PC36100 using the XDA mobile application powered by Tapatalk
Wouldn't they need the bootloader source code, not the kernal source code? since it's the bootloader that is locked?
I made excite? jajajja .... no, I have no way to unlock just open this topic to see if anyone knows how to unlock the devices that do not have developers edition
From what I understand you have an XT926 which can't be unlocked. Only the XT925 & XT926 dev edition can be unlocked through Motorola
Sent from my XT925 using xda app-developers app
saloums7 said:
From what I understand you have an XT926 which can't be unlocked. Only the XT925 & XT926 dev edition can be unlocked through Motorola
Sent from my XT925 using xda app-developers app
Click to expand...
Click to collapse
I have xt925 but i think is not the dev edition
juan272 said:
I have xt925 but i think is not the dev edition
Click to expand...
Click to collapse
There is only 1 version of the XT925 and it can be unlocked through Moto the steps are detailed on the moto page
Sent from my XT925 using xda app-developers app
saloums7 said:
There is only 1 version of the XT925 and it can be unlocked through Moto the steps are detailed on the moto page
Sent from my XT925 using xda app-developers app
Click to expand...
Click to collapse
I put the fastboot code into moto page but they say that my device not support bootloader unlock
Is that the only restriction? If a code is it, you could just use a fake code, or hex exit in a new code to the unlocking program.
Sent from my DROID RAZR HD using Tapatalk 2
juan272 said:
I put the fastboot code into moto page but they say that my device not support bootloader unlock
Click to expand...
Click to collapse
Double check to make sure you entered the correct code its pretty big might be a typo in there
Sent from my XT925 using xda app-developers app
saloums7 said:
Double check to make sure you entered the correct code its pretty big might be a typo in there
Sent from my XT925 using xda app-developers app
Click to expand...
Click to collapse
I try about 20 times!!!!!!
If you have any apps frozen, unfreeze them and reboot and maybe that will work. If you've removed anything from withing /system, put it back and put the correct permissions and if you don't have those files (if there was anything deleted) then perhaps someone can provide them for upload, then give that a try.
Lastly, if you flashed a ROM that isn't from you carrier or your country, then perhaps using the appropriate tools (I haven't used them so can't point out what they are, other than to say they exist) to put the stock ROM back will allow you to unlock.
Last resort, you can try to get it replaced under warranty stating that you're a developer and need this feature, however if you're rooted I would guess that they'd would be a lot more inclined to check for that replacing a handset as rooting voids the warranty and unrooting, sadly, doesn't remove the info stored on the device that checks to see if the phone had been rooted in the past. You can unroot and if your countries laws are protective enough, though, you might be able to ask them to show how rooting the device caused the failure. In my case, the contract was signed with my carrier who has to be certified as a reseller and they never showed me any warranty documentation, so I was locked into the purchase of the handset over 24 months and am covered by the verbal details of the warranty, which were "everything but physical damage" since they unboxed it and handed it to me activated after I signed. It wouldn't be hard to cancel my contract and hand back the handset if I was refused a warranty repair on these grounds. That they opened the box without me asking is probably enough. That said, consumer protection is top notch in world here.
Short version of the last part though, you can always try a warranty replacement. You'd have to look into if there's a fee in the case that you weren't covered by the warranty. As long as the bootloader is unlocked (and you aren't rooted), you still have you're warranty since the code didn't activate, and I haven't read the page thoroughly enough, but if the page says receiving the code voids the warranty then you can still argue that it was defective prior to receiving it by citing that the code didn't work. If you can unroot, and you live somewhere that the issue of the evidence of your root, or whatever, can be easily turned over to a consumer protection body, then it might be worth the trouble.
Also, you can probably call and ask for a new code. Any way you go about doing any of the above though though, be persistently polite. It goes a long way over trying to be forceful.
I'm likely about to unlike my phone by the way, assuming I can find a ROM that looks appealing enough to try out. I'll try it with the multitude of frozen system apps and the handful of additional ones still in place, first, and see how it goes.
Would it be possible to root the droid razr maxx hd if it is not a the developers edition?? Please help.
brian_199 said:
Would it be possible to root the droid razr maxx hd if it is not a the developers edition?? Please help.
Click to expand...
Click to collapse
If you're on JB then you need to downgrade to ICS using the appropriate ROM for your carrier, use a tool to root, download an app that will allow you to bakcup the root and unroot the device, then upgrade to ICS, then reinsert the root. The instructions are scattered because there's 2 differant models of the phone to deal with and there isn't any consolidated thread that involves all those steps. I haven't had to downgrade and have a differant model than what the maxx version is so that's really as much help as I can be, but the answer is supposedly "yes, you can do this" and its the prefered way for a lot of people from what I gather.
Be sure to backup any data on your sdcard before you begin. I didn't lose any since mine was just keeping root on an OTA upgrade from ICS to JB, but I don't know if you lose it or now when you downgrade.
Hopefully someone else can be more helpful that what I was. There are threads where various carrier versions for both ICS and Jellybean are hosted, as well, so you'lle need to find your carrier's ICS. If it isn't available in the thread then search my posts and someone linked me off to a download for a Telstra ROM and further back in the URL revelealed hosting a heap of ROMS though I wouldn't know which one you would need specifically.
The only issue I ran into, though my experience is possibly only covering half of what's involved for you, was that after I reinserted root, only apps that had permission prior to the upgrade had root permission; I couldn't add any. Other people have had a problem with superuser being inserted with wrong file permissions. The thing I did was to update the binary, this didn't work, then installed SuperSu and updated the binary which also didn't work, then I did a cleanup for installing another su app from the market from withing SuperSU... can't remember from this point, either installed another root app or uninstalled and reinstalled SuperSu (which scared the hell out of me I'd lose root at the time so I think this is what I did), then updated the binary and things were fine. Note that I never uninstalled the regular SU app that the injection tool for ICS put on the phone during this process though. At the end of it, I ended up with SuperSU and no normal su, which the injection tool installs. There hasn't been a huge issue with this though it has happened to some others.
I have Sharp AQUOS Crystal 306SH.
it's update by internet. cause i think, we make virtual update server, and updating Root binary.
I captured 'OTA Update' packet. but i don't know networking. cause can't analyze...
i just know a bit infomation... (capture file attached.)
First, Update server is "h ttp://dm-sharp2.redbend.com/dm".
using "Red Bend OMA-DM Client FOTA solution".
but i can't know other infomation...
cause write this thread.
help to root!
--150505 add
i'm upload new pcap file.
it's captured to updating aquos crystal. but it's not including some infomation maybe.
and i'm get some url at this pcap file.
h ttp://dl-sharp3.redbend.com:8080/VrmDLServerWEB/servlet/RequestDPServlet/DD/120318848_dp/DomainName/DEFAULT
h ttp://409f588200cd1dedd915-465d1c61f856116a191db7e16fb24e1c.r52.cf3.rackcdn.com/120318848_dp
file is 2015_04_27_195348.zip
this is not the way it will be very hard..
p.p it will be more easy if we have some one without updated phone
loonbg said:
this is not the way it will be very hard..
p.p it will be more easy if we have some one without updated phone
Click to expand...
Click to collapse
What is the sw version of the non updated phone?
acedamack said:
what is the sw version of the non updated phone?
Click to expand...
Click to collapse
s8216 10/05/2014
updated is SA300 12/11/2014
loonbg said:
s8216 10/05/2014
updated is SA300 12/11/2014
Click to expand...
Click to collapse
have a source code for 2 version, but this source code so different
WOW
That would take a while to do and that is the very hard way to do that. but thanks for trying
Source Code
I have a brand new crystal just bought it, and of course the first thing i wanna do is root. If you still need the source code mine is still original. S8216 I would love to help.
I have original to how could I help
richierich09 said:
I have a brand new crystal just bought it, and of course the first thing i wanna do is root. If you still need the source code mine is still original. S8216 I would love to help.
Click to expand...
Click to collapse
you can install https://play.google.com/store/apps/...e+box&pcampaignid=APPU_1_GCPtVKO_I4qvU_TKgOAG and show what vulnerability analysis report give you
Bluebox screencap
I also have held up on updating my Crystal in hopes of root, bought it very close to its release date because of its looks but dint bother to check if it was rooted. Would like to help as much as i can dispite the limited knowledge i have. Heres a screenshot of the bluebox results.
Mielmano said:
I also have held up on updating my Crystal in hopes of root, bought it very close to its release date because of its looks but dint bother to check if it was rooted. Would like to help as much as i can dispite the limited knowledge i have. Heres a screenshot of the bluebox results.
Click to expand...
Click to collapse
Don't Update !
s8216 10/05/2014 - have bug in Object Input Stream Serilization - CVE-2014-7911 and CVE-2014-4322 - giefroot and other is CVE-2015-1474 (but we don't have still root for this last)
updated is SA300 12/11/2014 - if some one have updated like me only hope is CVE-2015-1474 and CVE-2014-4322
hey i found somthing, i can get file from system/app or file in system without root
whynot4444 said:
hey i found somthing, i can get file from system/app or file in system without root
Click to expand...
Click to collapse
yes but you can't edit anything without root also you don't have access to data ..
loonbg said:
yes but you can't edit anything without root also you don't have access to data ..
Click to expand...
Click to collapse
no, just pull file into internal device, then copy to pc to edit, and push it again
loonbg said:
Don't Update !
s8216 10/05/2014 - have bug in Object Input Stream Serilization - CVE-2014-7911 and CVE-2014-4322 - giefroot and other is CVE-2015-1474 (but we don't have still root for this last)
updated is SA300 12/11/2014 - if some one have updated like me only hope is CVE-2015-1474 and CVE-2014-4322
Click to expand...
Click to collapse
I have tried giefroot, and posted my results, with both an un-updated and updated phone.
It fails either way.
whynot4444 said:
no, just pull file into internal device, then copy to pc to edit, and push it again
Click to expand...
Click to collapse
Not possible unless the given partition is set to RW. Without root or a custom recovery then it isn't happening.
With that said, I posted some questions over in a thread in the Q&A section. If anyone can assist let me know there or pm me.
Hes actually og t a point here, OTA is a huge flaw here even though its secured. The source file and everything should have the code to decode the OTA files correct? once we decode them we can basically recode them and use a man in the middle type deal and push the "update" to the phone and get root or maybe even custom roms.
jamer123 said:
Hes actually og t a point here, OTA is a huge flaw here even though its secured. The source file and everything should have the code to decode the OTA files correct? once we decode them we can basically recode them and use a man in the middle type deal and push the "update" to the phone and get root or maybe even custom roms.
Click to expand...
Click to collapse
The OTA isn't coded it is merely stored on to their server. This device updates itself using the download method. It first downloads a pcap file which contains all the needed info to run checks, connect to it's server, and download the required files to later patch to the system of the device while in download mode. That's why it takes so long when an update comes around for this device and the update is accepted by the end user. They won't release the actual OTA unless they have a change of heart and to be honest, they are not obligated to do so. They are obligated to release the kernel source which they already have but it won't help to grab the OTA. Having the device rooted would make it somewhat easy to redirect the download to another directory for keepings but since the device doesn't necessarily have a bootloader this is an issue. It also doesnt help that the kernel uses write protection either and that the ramdisk secures the system preventing any permanent changes. Downloading the pcap file and tampering with it may bring a solution to all of our problems but if that person has no valuable skills than it is a dead end.
---------- Post added at 12:38 AM ---------- Previous post was at 12:25 AM ----------
Personally, I despise any company that uses such methods. For the average user it's whatever, but for development purposes it's bad for business on their part when word gets out about how they operate. But since Sharp also does many other things such as building TV's then I seriously doubt it will hurt them.
It's why I stick with HTC products because they are big on supporting developer's and they typically do not make much of a fuss on the matter. Huawei is another one but the downfall with them is getting a response back since they are originally out of China.
If anyone is still focus on hacking this device I would suggest you focus on the aboot partition.
Modding.MyMind said:
If anyone is still focus on hacking this device I would suggest you focus on the aboot partition.
Click to expand...
Click to collapse
still wait to root :v, we cannot hack bootloader sharp
All,
Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.
@beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This tool is based off the research of @ryanbg . This makes the process all the simpler for developers to understand/port functionality!
I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of, though, it still could work, I need a tester, PM me, or Telegram me @npjohnson), and many, many other devices form a variety of manufacturers..
How does this apply to you?
The Note 4 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.
How can you help this progress?
You can't.
Currently, the CID writes 'successfully', and persists across reboots, but one of the registers isn't fully flushed. I am working on a module that will flush the register and allow for the Developer Edition Aboot to be flashed via ODIN.
Now, you may ask "How could we load modules, I thought that was impossible?", the short answer is, it is. At least, without what we found (or, rather, stumbled across).
We have the device kicking into Developer Edition using the CID write, and a hardware modification, which we stumbled across (demo: here, credits to @PaulPizz for spending late nights testing the various things I would throw at him, and having the balls to do some dangerous stuff that I personally believed would permanently brick his device). This method is volatile, dangerous, and quite honestly, shouldn't work. When I am confidently able to prove how it works, I will release details on my blog: here. Until then (shouldn't be more than a month, but as always, this is a free time project, and could be put on hold for real life, as I am busy with Cyber Security competitions).
What will most likely be the course of action once I release:
- Change CID to a provided Developer Edition CID
- Use hardware mod to flash/boot the custom kernel I have build to enable module loading (or maybe I'll build the function into the kernel itself, haven't decided yet)
- Either load the module, or call the function (if the latter, I'll write a binary to do so)
- Revert the hardware mod
- Flash Developer Edition Aboot via ODIN
This should be bootloader version agnostic, but, as always, beware updates, and, I'd stay away from any incoming MM updates on all locked carrier variants if you want to retain the ability to use this. If Samsung can update the eMMC firmware using those vendor commands, they can sure as heck change them the same way. Then the ability to do this goes away entirely.
You may be asking, "Can I donate to progress?"
Well. Sort of. Beaups asked that all donations go to the Make a Wish Foundation, or @ryanbg (as he is getting hitched , may you forever 'make cooking' Ryan! Haha.).
If you'd like to donate to me, know that it is not for the CID write, but instead, the work and research put into getting this all worked out for this device. I will also be dividing any donations sent to me with my tester, as he has spent a fair bit of time on this, as have I.
@npjohnson I have two devices s4 and note 4 both from Verizon, I'm in Brazil right now so I don't know if it makes a difference but I'm able to use temporary root in my note 4 so if you want any help give me a shot, I'm not a developer but engineer so any you need from me to get this rooted count me
OMG Could it be?
npjohnson said:
All,
Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.
Beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This makes the process all teh simpler!
I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of), and many, many others.
How does this apply to you?
The Note 4 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.
How can I help this progress?
I need a few thing to make this work:
- A few testers with Production devices, and root (temp-root should work fine) -- I will contact these people individually, do not ask here to test.
- One person with a Developer Edition that has root (need an aboot dump, and them to run one command).
If any of you know of someone with a Developer Edition, please get them in contact with me. I can be reached on Hangouts, or on Telegram (@npjohnson).
PLEASE do not post your CID publicly.
Click to expand...
Click to collapse
So you are saying this might be a path to perm root?
kerfex said:
So you are saying this might be a path to perm root?
Click to expand...
Click to collapse
Not only root but unlock bootloader please encourage anyone to help
The android gods have sent us a miracle
---------- Post added at 12:30 PM ---------- Previous post was at 12:29 PM ----------
I have a locked Verizon note 4 I'm willing to help
@npjohnson Im willing to help. I have been around the block a few times testing for other developers. I am on 5.1.1 and can hold temp root with Kingroot for about 15 minutes.
Edit: I can role back to 5.0 if needed.
@npjohnson
I believe these are some note 4 developer files. Hope this helps
https://www.androidfilehost.com/?w=files&flid=28873
@Venom0642 - Awhile back I think you said you had a developer addition note 4. Do you still have one? Can you help?
howellcp said:
@Venom0642 - Awhile back I think you said you had a developer addition note 4. Do you still have one? Can you help?
Click to expand...
Click to collapse
Sorry mate look at my Sig i been on Note 5 since it came out, so i don't have any Note 4.
Running On Samsung Galaxy Note 5 N920A Wicked Deadly Venom Theme
also willing,
have a retail Verizon,
on LP but can roll back to kk
I have a dev ed Note Edge BUT I bought it used and the previous owner blew retail firmware into it, so aboot is destroyed. Strange thing, though, I'm able to get perm root with the latest kingroot on 5.1.1.
If that's useful to you, I'm down if you're down!
h00rj said:
I have a dev ed Note Edge BUT I bought it used and the previous owner blew retail firmware into it, so aboot is destroyed. Strange thing, though, I'm able to get perm root with the latest kingroot on 5.1.1.
If that's useful to you, I'm down if you're down!
Click to expand...
Click to collapse
If you have a backup of that old aboot, then yes. Feel free to jump in on the thread I added in the Note Edge XDA forum.
kerfex said:
So you are saying this might be a path to perm root?
Click to expand...
Click to collapse
Bootloader Unlock, so yeah, permanent root, though, I don't know if write protection will still be active, but we can hope.
PaulPizz said:
@npjohnson
I believe these are some note 4 developer files. Hope this helps
https://www.androidfilehost.com/?w=files&flid=28873
Click to expand...
Click to collapse
It would... if you knew whose aboot that was, and they were around to dump their CID. Track them down, then we'll talk.
@morgej, please see original post.
Just out of curiosity, correct me if this is lame thinking or not worth trying but would it be possible to change the cid to turn the device into lets say another variant in order to utilize something like CROM.apk or to odin another variants tar files to oem unlock a device?
elliwigy said:
Just out of curiosity, correct me if this is lame thinking or not worth trying but would it be possible to change the cid to turn the device into lets say another variant in order to utilize something like CROM.apk or to odin another variants tar files to oem unlock a device?
Click to expand...
Click to collapse
You could, but the device 99% wouldn't boot.
Plus, you do realize developer editions are unlocked? Why would you want to flash to another variant to oem unlock? Literally the same thing.
Rom-Addict said:
also willing,
have a retail Verizon,
on LP but can roll back to kk
Click to expand...
Click to collapse
Please Hangouts message me if you have adb set up, and can use it.
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Zues532 said:
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Click to expand...
Click to collapse
1. I believe this will work. I tired to help but suck at adb now apparently.
2. No need to post if you don't believe. Just ignore
Zues532 said:
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Click to expand...
Click to collapse
Well. Why don't you read the paper?
All devices that:
1. Use a Samsung eMMC (allows CID write)
&
2. A Developer Edition (allows you to supply a developer CID, and use their aboot)
Are vulnerable.
Question it if you will, but I am packaging things up as I write.
have adb setup but it's been awhile
So i have a note 4. Stock (no root) and i used the msl code to have the ability of use the hotspot option since sorint likes to charge. Everything was fine until my phone was having a powering issue and they had to replace it. I asked them not to upgrade it to marshmellow but of course they did. Now when i got the new phone i went to unlock the hotspot with the msl code and the apn settings were greyed out and blocked wasnt allow to edit it. I was wondering if anyoe knew a work around without rooting to use the hotspot or if there was a way to root without having a pc? Any advice and options would be helpful.
Use odin & flash back to lolli. Y can find the stock file on here somewhere
Sent from my SM-N910P using XDA-Developers mobile app
you need the XAS product code active, it allows APN edit
Sterist said:
you need the XAS product code active, it allows APN edit
Click to expand...
Click to collapse
Can you explain that a bit more? Are you saying there is a way to modify APN settings without rooting? I don't know what an XAS product code is, and doing research there are only just a couple of pages that mention it but doesn't say much about it.
Sent from my SM-N910P using Tapatalk
slickdaddy96 said:
Can you explain that a bit more? Are you saying there is a way to modify APN settings without rooting? I don't know what an XAS product code is, and doing research there are only just a couple of pages that mention it but doesn't say much about it.
Click to expand...
Click to collapse
there are different Odin packages for a same device with different product codes. I think the N910PVP one is XAS, key being the first 3 letters after the 910. the first P is actually part of the N910 -- indicating N910P which is the model number for the Sprint note 4
the VP I think is the relevant part for XAS product code... again, I could be wrong, but this is what I believe as of the moment. XAS product code firmwares don't always have the VP for other devices... hence not a good indicator.
if you can find a way to root without tripping knox, you could install GalaxyTools and change the product code with that app without having to flash anything, then unroot and still have knox 0x0 but changing product code involves wiping all user data (might include internalsd)
there might also be a way to change it from the hidden dialer menu's through the service menu but that is well beyond me and I don't think you'll find much if any documentation on it.
if you go in About Phone, you can see in Baseband and Build Number if your version contains the PVP or not