Root method for xt1528 once we can recover from QDL mode - E 2015 General

Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x here.
This is an article that talks about working with the new sahara protocol the Moto E uses. The qdloader used for the moto x is an older protocol.
Good luck!

jahrule said:
Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x here.
This is an article that talks about working with the new sahara protocol the Moto E uses. The qdloader used for the moto x is an older protocol.
Good luck!
Click to expand...
Click to collapse
This will be awesome.
Sent from my XT1528 using XDA Free mobile app

jahrule said:
Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x
Click to expand...
Click to collapse
How did you get it into the QDL mode?

fire3element said:
How did you get it into the QDL mode?
Click to expand...
Click to collapse
You get into it by soft bricking your phone. But you can't get out until someone can do the procedure above. I am sure it is trivial using qfil but I run Linux solely and am not in a rush just giving a helping hand to someone here if they want to put a little effort in.

jahrule said:
You get into it by soft bricking your phone. But you can't get out until someone can do the procedure above. I am sure it is trivial using qfil but I run Linux solely and am not in a rush just giving a helping hand to someone here if they want to put a little effort in.
Click to expand...
Click to collapse
I am ready to get the ball rolling on this. This phone needs root at the least, since the bootloader is locked (thanks to Verisucks). I will PM you.

fire3element said:
I am ready to get the ball rolling on this. This phone needs root at the least, since the bootloader is locked (thanks to Verisucks). I will PM you.
Click to expand...
Click to collapse
Pm responded

How's it going?

I can help with this as well. I have my XT1528 on standby. Don't have much dev experience with Android, but I can sure try.

Unless you are willing to stare endearingly at a shiny paperweight that once was your phone, I don't think anyone can do much to help.
To sum this up for new eyes wondering where this might be headed:
Motorola (along with many of the other major phone manufacturers) have removed the ability to load QDownload mode manually. Apparently, the XT1528 along with many newer devices, is now running a new protocol for the diagnostic port. (and there is more than one way the port can be present/active, to further complicate things)
Please do not ask me to explain. I am just barely beginning to understand this stuff myself.
As of right now, the only known method to get our Verizon 2nd gen Moto E into QDL is to actually BRICK the device. At which point the phone will resort to the next level down, since it can not boot properly.
So unless you are willing to intentionally brick your phone to advance this cause... I am afraid that you can not do much.
There is also the looming risk that the device can not be recovered if the new protocols are not figured out. I am treading in uncharted waters here.
Means you or I lost a phone and the $$$ spent on it. By another one and try again.
If you are adamant about wanting to help, click on the 2 links in the OP. @jahrule has posted information that tells us with direction to go.
And if you do not understand what is going on in either article........................................ maybe it is best left alone.
Not being harsh, just safer that way. I am having to figure this stuff out as I go too.
As for progress..? None. I am not intentionally bricking my phone until I gather enough info that will lead me to the conclusion that I can recover the device.
So goes without saying. BE NICE____DO NOT PESTER

@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
---------- Post added at 08:20 PM ---------- Previous post was at 08:15 PM ----------
neo4uo said:
@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
Click to expand...
Click to collapse
@jahrule
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?

jahrule said:
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?
Click to expand...
Click to collapse
No, we are not trying to mess with the bootloader. I do not think we even could. The ideal way to go about that would be to use the XT1526 Boost Mobile bootloader and modify it to fit the XT1528. Those 2 models are about the closest in hardware of all the variants. (and I have already tried working on this in the last few months with no progress)
I do not think that would work anyways.
What we are attempting to do here is inject root into the system partition after the kernel startup. After the OS is booted, and root is in place, it should become permanent from then on. At least until you delete, install over, or wipe the device.
The issue here is, there is no way to manually put the phone into QDL mode. (as I mentioned in my post above).
Once we are in QDL, there is no known way to get it out. If the flasher tool does not see/read the phone, there will be no way to recover since we can not flash files to fix what we had to break to get there in the first place.
See the paradox now? LoL
Personally, I can not afford to throw this phone to the gutter. Simply do not have that kind of money laying around. If you can stand to throw $50 into the wind, more power to you Bro
Give it a go, but don't be careless just for the sake of wanting to try something. (speaking from experience here)
UPDATE: I think I am going to hold off on this for now. Looks like the Stagefright vulnerability is going to lead to a new ROOT exploit.
This is bad news for android, but great news for those of us that have locked down devices. Please download the Zimperium StageFright Detector app from the play store to see if you device is vulnerable.
If it is, DO NOT TAKE ANY UPDATES till we get confirmation that a new exploit will benefit us or not.

My GoPhone moto e says it is vulnerable running 5.1 stock firmware
Sent from my MotoE2(4G-LTE) using XDA Free mobile app

fire3element said:
No, we are not trying to mess with the bootloader. I do not think we even could. The ideal way to go about that would be to use the XT1526 Boost Mobile bootloader and modify it to fit the XT1528. Those 2 models are about the closest in hardware of all the variants. (and I have already tried working on this in the last few months with no progress)
I do not think that would work anyways.
Click to expand...
Click to collapse
The bootloader is the same. This will help nothing.
fire3element said:
What we are attempting to do here is inject root into the system partition after the kernel startup. After the OS is booted, and root is in place, it should become permanent from then on. At least until you delete, install over, or wipe the device.
Click to expand...
Click to collapse
What we are trying to do is use qfil or blanflash qflash to recover from QDL mode and be able to write partitions from there.
fire3element said:
The issue here is, there is no way to manually put the phone into QDL mode. (as I mentioned in my post above).
Once we are in QDL, there is no known way to get it out. If the flasher tool does not see/read the phone, there will be no way to recover since we can not flash files to fix what we had to break to get there in the first place.
Click to expand...
Click to collapse
Issue is only recovering from QDL mode which is the goal see above. Getting the phone into QDL mode is very easy.
fire3element said:
See the paradox now? LoL
Personally, I can not afford to throw this phone to the gutter. Simply do not have that kind of money laying around. If you can stand to throw $50 into the wind, more power to you Bro
Give it a go, but don't be careless just for the sake of wanting to try something. (speaking from experience here)
UPDATE: I think I am going to hold off on this for now. Looks like the Stagefright vulnerability is going to lead to a new ROOT exploit.
This is bad news for android, but great news for those of us that have locked down devices. Please download the Zimperium StageFright Detector app from the play store to see if you device is vulnerable.
If it is, DO NOT TAKE ANY UPDATES till we get confirmation that a new exploit will benefit us or not.
Click to expand...
Click to collapse
Stagefright will get one system permissions not root permissions.

neo4uo said:
@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
---------- Post added at 08:20 PM ---------- Previous post was at 08:15 PM ----------
@jahrule
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?
Click to expand...
Click to collapse
I am proposing that you read the way CrashXXL achieved root on the moto x and we do the same

jahrule said:
Stagefright will get one system permissions not root permissions.
Click to expand...
Click to collapse
Surely I am not misinterpreting what I am seeing here.
https://www.youtube.com/watch?v=PxQc5gOHnKs
Looked for a video of Josh's DefCon presentation, but could not find one. So either he has not presented yet, or no one had uploaded the vid at this time.
Here is an excerpt from the Zimperium blog:
" 2. Zimperium Research Labs (zLABS) will release a video later this week with a Stagefright RCE demonstration. Several large carriers requested that we delay the release of our working exploit. We agreed, given the gravity of the situation. Unfortunately, because the patches are open-source [1, 2], many researchers are already working on creating an exploit. We are planning to release our exploit on August 24th, 2015. However, if an exploit is publicly released or attacks are detected in the wild before that date, we will release ours for testing purposes at that time. "
and
" 6. Josh will present the full details of his research at Black Hat on August 5th or DEFCON on August 7th. We invite you to join us! "
Hopefully this is the new exploit we have all been waiting for. I know that I need to move away from my current device because of hardware issues, however I can not do that until I root this device. More info is sure to come in the next few weeks
jahrule said:
The bootloader is the same. This will help nothing..
Click to expand...
Click to collapse
I should have clarified myself. My attempt was to replace the Verizon "locked" bootloader withe the Boost "un-locked" bootloader.
Again, I do not think it will work. However, if the flasher tool will actually work with this phone, then I suppose it would not hurt to try it. If it does not work, simply flash your backup of the original BL.

Is it possible to flash 5.0.1 back after you update? or remove any update..? Hahaha I updated mine for stagefright without thinking. Diddnt know untill i checked it & found it wasnt vunarable. I know it was before.. Ugh. Carelessness on me behalf.

Hey guys, I have this phone as well as the htc desire 526 pp and they are both just laying in a drawer. I bought them when I couldn't afford a real replacement for my broken nexus 6 and now that I don't need either I would be more then willing to sacrifice mine for the sake of helping out. Plus if it works then the phone is rooted, negative if I can't use it I can free up some drawer space. Not a big loss either way as the screen is too small for my liking. Very nice phone otherwise just not enough space or screen.

So just a quick little update on this.
I purposely bricked another Moto E and was able to get it to show up in the Device Manager as QCOM_BULK (not the exact wording, I forgot) . This required me to flash a bad Bootloader to get the device to fail to turn on, thus kicking it into the fall back mode. I tried flashing all other partitions to make the phone go into the BULK mode. None worked except for the bootloader.
Could not get anywhere with it. We need some specific files to flash in order to get the device rooted or bootloader unlocked. Its not just a few files either, and they have some weird extensions.
I ended up taking the device back and getting something else. Just don't have time to keep playing with it. Someone smarter than me could probably get it done with not a whole lot of effort.
Sorry guys. I tried with my limited knowledge and skills.

Since you have abandoned this project, do you think you could PM me any/all info you have? I would like to take a stab at this.

Steve_xposed said:
Since you have abandoned this project, do you think you could PM me any/all info you have? I would like to take a stab at this.
Click to expand...
Click to collapse
I too would like to see the process, in order to enter QDL mode, I LITERALLY have no use for this phone as it is damaged but still boots and can use screen

Related

Root

I have a Droid Maxx, and Razr Maxx HD and perhaps some beer cash for the answer to root...
I was thinking flashing twrp, then let it root, or am i way off or require an unlocked bootloader? I tried sunshine, but no go as it requires root.
So if i understand, you can get root without an unlocked bootloader, or is an unlocked bootloader a prerequisite of root? I am thinking not, but i am a Windows/SharePoint guy and pretty dumb to linux...
wrecklesswun said:
I have a Droid Maxx, and Razr Maxx HD and perhaps some beer cash for the answer to root...
I was thinking flashing twrp, then let it root, or am i way off or require an unlocked bootloader? I tried sunshine, but no go as it requires root.
So if i understand, you can get root without an unlocked bootloader, or is an unlocked bootloader a prerequisite of root? I am thinking not, but i am a Windows/SharePoint guy and pretty dumb to linux...
Click to expand...
Click to collapse
You need an unlocked bootloader to flash TWRP (which flashes SuperSU). There is no known root method available yet because the phone has only been out for about 8 hours.
The Sunshine team has apparently said they will not be supporting Motorola devices for 4.4.4 in their 3.0 release, only HTC, so unlikely it will work there.
Has anyone tried Towelroot?
amebiasis said:
Has anyone tried Towelroot?
Click to expand...
Click to collapse
"this phone is not currently supported"
fury683 said:
(...)The Sunshine team has apparently said they will not be supporting Motorola devices for 4.4.4 in their 3.0 release, only HTC, so unlikely it will work there.
Click to expand...
Click to collapse
I think they said the opposite: "Verizon users on 4.4.4 you will have to wait for the 3.0 release."
timeToy said:
I think they said the opposite: "Verizon users on 4.4.4 you will have to wait for the 3.0 release."
Click to expand...
Click to collapse
Yes, that is in the website. Someone posted this in another thread here. There's no link to the OP so I'm not sure beyond what it says.
http://forum.xda-developers.com/showpost.php?p=56389152&postcount=83
fury683 said:
Yes, that is in the website. Someone posted this in another thread here. There's no link to the OP so I'm not sure beyond what it says.
http://forum.xda-developers.com/showpost.php?p=56389152&postcount=83
Click to expand...
Click to collapse
Yeah, I found it in the meantime...
AndyMan386 said:
Quote:
Originally Posted by jcase
3.0 is ONLY addressing HTC devices at this time, we have no plans, at this time, to include Motorola for technical reasons
Click to expand...
Click to collapse
timeToy said:
I think they said the opposite: "Verizon users on 4.4.4 you will have to wait for the 3.0 release."
Click to expand...
Click to collapse
Edit: here's the post from today. No dice.
http://forum.xda-developers.com/showpost.php?p=56383217&postcount=1445
Yeah, I didn't think I'd need root but the dpi on this thing is just way too high. For being such a great display it's hindered by the scaling. Easily fixed with root though!!
Found this on some Chinese site. If I had a backup phone I'd try it. But I don't. So can't risk bricking. Anyone else want to take a leap of faith? Ummm... Won't let me post the link because I'm still a noob apparently... So gonna try breaking it up. Just remove the line returns and spaces.
H t t p : //
m. romjd. com/
jiaocheng/
content/
10837
Sent from my XT1254 using XDA Free mobile app
cmchance said:
Found this on some Chinese site. If I had a backup phone I'd try it. But I don't. So can't risk bricking. Anyone else want to take a leap of faith? Ummm... Won't let me post the link because I'm still a noob apparently... So gonna try breaking it up. Just remove the line returns and spaces.
H t t p : //
m. romjd. com/
jiaocheng/
content/
10837
Sent from my XT1254 using XDA Free mobile app
Click to expand...
Click to collapse
Don't know if I'm brave enough since I just picked mine up earlier today
Just got mine today so im hesitant to try it. Itching to get root and get a free wifi tether though. Ill think it over.
Here's the un-broken-up link just to make it easier.
http://m.romjd.com/jiaocheng/content/10837
Tempting.... Only issue I have is if it works, I have no way to unroot lol
man waiting for someone to try this and I will be first in line at my store to pick this phone up
Who will be the first brave soul?
Phone comes in tomorrow. I will try it then.
chriskader said:
Phone comes in tomorrow. I will try it then.
Click to expand...
Click to collapse
Didn't work for me. Too be safe I used a virtual machine with a snap shot taken before installing so I can revert back without the risk of spyware. Also tried Kingo but no luck with either.
---------- Post added at 06:39 AM ---------- Previous post was at 06:20 AM ----------
Also vroot during the root attempt installs 2 apps on your phone and who knows what it installs on Windows without running a regmon, if you do decide to try it make sure you uninstall the 2 chinese apps when your done trying. Also like I mentioned above I would highly not to install vroot or Kingo on your daily driver windows machine. Leave the testing to people who have virtual machines they can install these apps on.
I have used vroot and kingo in the past to successfully root so I know they do/can work, they just haven't been updated yet to work on the Droid Turbo. Hopefully they will.
kremer4 said:
Didn't work for me. Too be safe I used a virtual machine with a snap shot taken before installing so I can revert back without the risk of spyware. Also tried Kingo but no luck with either.
---------- Post added at 06:39 AM ---------- Previous post was at 06:20 AM ----------
Also vroot during the root attempt installs 2 apps on your phone and who knows what it installs on Windows without running a regmon, if you do decide to try it make sure you uninstall the 2 chinese apps when your done trying. Also like I mentioned above I would highly not to install vroot or Kingo on your daily driver windows machine. Leave the testing to people who have virtual machines they can install these apps on.
I have used vroot and kingo in the past to successfully root so I know they do/can work, they just haven't been updated yet to work on the Droid Turbo. Hopefully they will.
Click to expand...
Click to collapse
Thanks for saving me the effort. I was just about to try it on a VM....
coreywallen said:
Just got mine today so im hesitant to try it. Itching to get root and get a free wifi tether though. Ill think it over.
Here's the un-broken-up link just to make it easier.
http://m.romjd.com/jiaocheng/content/10837
Click to expand...
Click to collapse
Thanks for posting the unbroken link for me
Dang, you guys got my hopes up reading through this.
I keep checking the other Moto forums for root options. I'm banking on anything that will root a Moto 4.4.4 phone will work on ours. The Moto G 4.4.4 update has a later build date than our version.

[DEV] [BOOTLOADER] [PATCH] [UNLOCK] New Method for Motorola's Bootloader Unlocking

I am willing to Develop & Create a Method for the Locked Bootloaders of our Devices to be able to use ROMs, Kernels, Recoveries & also SuperCID ( Needed For Network Unlocking )
My one is not applicable for unlocking the bootloader, therefore i need a few files from another unlocked device to work with...
Right now, I am using the Modded Firmware SU4-21 Multilingual provided by @CrashXXL on my Droid Ultra.
Users, Developers & Modders Please Respond as i need the files real quick!!
Here's what i need...
mmcblk0p5 ( aboot )
mmcblk0p18 ( modemst1 )
mmcblk0p19 ( modemst2 )
mmcblk0p29 ( cid )
These are the files needed for my work from an unlocked device
Now how do i get them??
Here's the command-line(s) you need to follow in order to get those files out of your device...
Open Ternimal or CMD on your Computer and do as the following..
Guide for SuperCID in-case if you don't have it in your system... ( Needed for my work )
Just follow this guide over here...
http://forum.xda-developers.com/showthread.php?t=2317536
Click to expand...
Click to collapse
Code:
adb shell
su
dd if=/dev/block/mmcblk0p5 of=/sdcard/mmcblk0p5
dd if=/dev/block/mmcblk0p18 of=/sdcard/mmcblk0p18
dd if=/dev/block/mmcblk0p19 of=/sdcard/mmcblk0p19
dd if=/dev/block/mmcblk0p29 of=/sdcard/mmcblk0p29
Now simply copy mmcblk0p5 , mmcblk0p18 , mmcblk0p19 & mmcblk0p29 from the root of your sdcard to your computer or just make a zip file including them, upload & give me the link
@Tanzior @Jaocagomez @Franzie3 @CrashXXL @CrazyRussianXDA @aviwdoowks @Al936 @Crossvxm @summer.cat @Topsnake
I've check all the works, roms, guides, mods and everything done by you people, see my thread and please respond asap
I might get you the files, I still have the droid maxx unlocked laying around, I'm not in home but I'll post it later
Enviado desde mi D6603 mediante Tapatalk
Thanks in Advance
Jaocagomez said:
I might get you the files, I still have the droid maxx unlocked laying around, I'm not in home but I'll post it later
Enviado desde mi D6603 mediante Tapatalk
Click to expand...
Click to collapse
1 The Motorola SuperCID is no concept, it is not HTC
2 unlock bootloader stored qFuse 428/00000001
3 Secure On be stored at a different address in the same qfuse
4 qfuse access can be obtained only through TZ that is very well protected
I feel as if everyone is ignoring this thread, it has been too quiet here
JH1108 said:
I feel as if everyone is ignoring this thread, it has been too quiet here
Click to expand...
Click to collapse
I think Crashxxl's comments crashed our hopes.
I for one appreciate the concept but, considering nobody has ever gone to this way of potentially doing it means it's basically not going to happen but who knows, small miracles happen from time to time.
Wish I could be of some help. The only idea other I can think of is to find a way to let the phone RSD flash SU4-21 so we can unlock it. Sorry I'm not a dev. It's something I want to get into. Just don't know how or where to start...
Great idea
this is a great idea of copying the unlocked bootloader to locked phone how much progress you have achieved ?
hey what if I just go into the mmcblk0p5 and change these lines "Device_isLocked.status code=0"
"Device_isUnlocked.status code=1" "Device_isLocked.status code=2" and "Device_isUnlocked.status code=3" knowing that 0 and 2 obviously are codes for bootloader being locked and 1 and 3 being code for bootloader unlocked what if I make all code values to 1 and 3 only to trick the device into thinking it is unlocked??? Probably not I'll probably end up in a brick or bootloop. I'm just so anxious to have my bootloader unlocked I'll try anything. If this doesn't work I will probably reflashed through Rsdlite and retry a different process. Owell wish me luck I guess
DROID_4_UsEr said:
hey what if I just go into the mmcblk0p5 and change these lines "Device_isLocked.status code=0"
"Device_isUnlocked.status code=1" "Device_isLocked.status code=2" and "Device_isUnlocked.status code=3" knowing that 0 and 2 obviously are codes for bootloader being locked and 1 and 3 being code for bootloader unlocked what if I make all code values to 1 and 3 only to trick the device into thinking it is unlocked??? Probably not I'll probably end up in a brick or bootloop. I'm just so anxious to have my bootloader unlocked I'll try anything. If this doesn't work I will probably reflashed through Rsdlite and retry a different process. Owell wish me luck I guess
Click to expand...
Click to collapse
Not sure if that will work but who knows, at this point it might be worth a try.
I too would love to have the bootloader unlocked on my Maxx but 4.4.4 is a hard nut to crack. The good thing about it is that Motorola/Lenovo phones are very hard to brick permanently. As long as you can get to fastboot, there is always a way to restore stock firmware. Wish you well. :good:
classic757 said:
Not sure if that will work but who knows, at this point it might be worth a try.
I too would love to have the bootloader unlocked on my Maxx but 4.4.4 is a hard nut to crack. The good thing about it is that Motorola/Lenovo phones are very hard to brick permanently. As long as you can get to fastboot, there is always a way to restore stock firmware. Wish you well. :good:
Click to expand...
Click to collapse
Would be strange that an android security expert like jcase would miss the fact that you could just change a few numbers to get the bootloader unlocked...
stealthllama said:
Would be strange that an android security expert like jcase would miss the fact that you could just change a few numbers to get the bootloader unlocked...
Click to expand...
Click to collapse
Also strange than an "android security expert" did not come up with the root method developed by @CrashXXL. Not knocking jcase at all, he does very fine work but there are lots of things that so called experts do not figure out otherwise they would be working for the major carriers to keep people like you and I from being able to root our phones or unlock our bootloaders.
Also, there are lots of things that I have accomplished with the different phones I have had that were the result of the efforts of developers and also non developers. And some things I just researched and learned how to do and some things with android I just figured out how to do through much trial and error. And that is my point. Some things concerning development are not learned except through trial and error. I won't knock @DROID_4_UsEr. At least he is trying, which is more than I can say for the carriers and the "experts", who have given up on KitKat 4.4.4.
Touche'
I stand corrected, the last thing I want to do is stop someone from trying something new and even maybe learning something! Sorry, maybe I was a bit cranky this morning because my bootloader i still locked
---------- Post added at 01:09 PM ---------- Previous post was at 01:04 PM ----------
stealthllama said:
Touche'
I stand corrected, the last thing I want to do is stop someone from trying something new and even maybe learning something! Sorry, maybe I was a bit cranky this morning because my bootloader i still locked
Click to expand...
Click to collapse
Backstory: I had an unlocked Maxx last week and I broke it.....the replacement is 4.4.4
I am feeling a little salty lol
stealthllama said:
Touche'
I stand corrected, the last thing I want to do is stop someone from trying something new and even maybe learning something! Sorry, maybe I was a bit cranky this morning because my bootloader i still locked
---------- Post added at 01:09 PM ---------- Previous post was at 01:04 PM ----------
Backstory: I had an unlocked Maxx last week and I broke it.....the replacement is 4.4.4
I am feeling a little salty lol
Click to expand...
Click to collapse
Thanks. I appreciate your humility. And I understand. I am ticked also that 4.4.4 is like Fort Knox. On serious lockdown.
4.4.2 was easily rootable and unlockable. And then came 4.4.4. So believe me, I feel your pain.
stealthllama said:
Would be strange that an android security expert like jcase would miss the fact that you could just change a few numbers to get the bootloader unlocked...
Click to expand...
Click to collapse
Well it turns out that there Qfuse and that is a hard security to break into. Hopefully somebody takes my idea into consideration and makes an exploit. Or I might just have to do it my self. Jcase has abandon the Droid Maxx bootloader. So anything you have questions about should be told to him about the bootloader project for the Maxx. I've asked him on the Network nodes about it and he told me they have paused the Maxx project. And focusing there attention to Htc devices for now ?
DROID_4_UsEr said:
Well it turns out that there Qfuse and that is a hard security to break into. Hopefully somebody takes my idea into consideration and makes an exploit. Or I might just have to do it my self. Jcase has abandon the Droid Maxx bootloader. So anything you have questions about should be told to him about the bootloader project for the Maxx. I've asked him on the Network nodes about it and he told me they have paused the Maxx project. And focusing there attention to Htc devices for now
Click to expand...
Click to collapse
I guess it makes sense that they are pausing work on the MAXX project. What I really need to do moving forward is do more research before I purchase my next phone. I used to never take these things into consideration when choosing and mostly looked at specs, price, etc..
stealthllama said:
I guess it makes sense that they are pausing work on the MAXX project. What I really need to do moving forward is do more research before I purchase my next phone. I used to never take these things into consideration when choosing and mostly looked at specs, price, etc..
Click to expand...
Click to collapse
I don't think the devs are going to give any more attention to the original droid maxx what with the droid maxx 2 making it's debut tomorrow. This is now a more than two year old phone and I think it has been given up on by the developers, who seem to be moving on to the newer phones, and understandably so.
With Marshmallow now here, 4.4.4 is considered a dinosaur and probably has been abandoned.
It is better to purchase an already unlocked phone, which is what I intend to do.
Then I don't have to wait ages at the mercy of the carrier for root/bootloader unlock.
classic757 said:
I don't think the devs are going to give any more attention to the original droid maxx what with the droid maxx 2 making it's debut tomorrow. This is now a more than two year old phone and I think it has been given up on by the developers, who seem to be moving on to the newer phones, and understandably so.
With Marshmallow now here, 4.4.4 is considered a dinosaur and probably has been abandoned.
It is better to purchase an already unlocked phone, which is what I intend to do.
Then I don't have to wait ages at the mercy of the carrier for root/bootloader unlock.
Click to expand...
Click to collapse
If only I could upgrade to a dev edition directly from Verizon for my next phone
I am not sure if that is possible. I have been thinking about getting off of Verizon, I would definitely have more options. There are a lot of new phones out there by smaller companies that would be great to play with, just not possible on Verizon. As an example, maybe one of those OnePlus 2's. I can't post the link but just do a search for it. Looks pretty snazzy.

[WIP] Note Series Developer Edition Coversion

All,
Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.
@beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This tool is based off the research of @ryanbg . This makes the process all the simpler for developers to understand/port functionality!
I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of, though, it still could work, I need a tester, PM me, or Telegram me @npjohnson), and many, many other devices form a variety of manufacturers..
How does this apply to you?
The Note 4 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.
How can you help this progress?
You can't.
Currently, the CID writes 'successfully', and persists across reboots, but one of the registers isn't fully flushed. I am working on a module that will flush the register and allow for the Developer Edition Aboot to be flashed via ODIN.
Now, you may ask "How could we load modules, I thought that was impossible?", the short answer is, it is. At least, without what we found (or, rather, stumbled across).
We have the device kicking into Developer Edition using the CID write, and a hardware modification, which we stumbled across (demo: here, credits to @PaulPizz for spending late nights testing the various things I would throw at him, and having the balls to do some dangerous stuff that I personally believed would permanently brick his device). This method is volatile, dangerous, and quite honestly, shouldn't work. When I am confidently able to prove how it works, I will release details on my blog: here. Until then (shouldn't be more than a month, but as always, this is a free time project, and could be put on hold for real life, as I am busy with Cyber Security competitions).
What will most likely be the course of action once I release:
- Change CID to a provided Developer Edition CID
- Use hardware mod to flash/boot the custom kernel I have build to enable module loading (or maybe I'll build the function into the kernel itself, haven't decided yet)
- Either load the module, or call the function (if the latter, I'll write a binary to do so)
- Revert the hardware mod
- Flash Developer Edition Aboot via ODIN
This should be bootloader version agnostic, but, as always, beware updates, and, I'd stay away from any incoming MM updates on all locked carrier variants if you want to retain the ability to use this. If Samsung can update the eMMC firmware using those vendor commands, they can sure as heck change them the same way. Then the ability to do this goes away entirely.
You may be asking, "Can I donate to progress?"
Well. Sort of. Beaups asked that all donations go to the Make a Wish Foundation, or @ryanbg (as he is getting hitched , may you forever 'make cooking' Ryan! Haha.).
If you'd like to donate to me, know that it is not for the CID write, but instead, the work and research put into getting this all worked out for this device. I will also be dividing any donations sent to me with my tester, as he has spent a fair bit of time on this, as have I.
@npjohnson I have two devices s4 and note 4 both from Verizon, I'm in Brazil right now so I don't know if it makes a difference but I'm able to use temporary root in my note 4 so if you want any help give me a shot, I'm not a developer but engineer so any you need from me to get this rooted count me
OMG Could it be?
npjohnson said:
All,
Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.
Beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This makes the process all teh simpler!
I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of), and many, many others.
How does this apply to you?
The Note 4 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.
How can I help this progress?
I need a few thing to make this work:
- A few testers with Production devices, and root (temp-root should work fine) -- I will contact these people individually, do not ask here to test.
- One person with a Developer Edition that has root (need an aboot dump, and them to run one command).
If any of you know of someone with a Developer Edition, please get them in contact with me. I can be reached on Hangouts, or on Telegram (@npjohnson).
PLEASE do not post your CID publicly.
Click to expand...
Click to collapse
So you are saying this might be a path to perm root?
kerfex said:
So you are saying this might be a path to perm root?
Click to expand...
Click to collapse
Not only root but unlock bootloader please encourage anyone to help
The android gods have sent us a miracle
---------- Post added at 12:30 PM ---------- Previous post was at 12:29 PM ----------
I have a locked Verizon note 4 I'm willing to help
@npjohnson Im willing to help. I have been around the block a few times testing for other developers. I am on 5.1.1 and can hold temp root with Kingroot for about 15 minutes.
Edit: I can role back to 5.0 if needed.
@npjohnson
I believe these are some note 4 developer files. Hope this helps
https://www.androidfilehost.com/?w=files&flid=28873
@Venom0642 - Awhile back I think you said you had a developer addition note 4. Do you still have one? Can you help?
howellcp said:
@Venom0642 - Awhile back I think you said you had a developer addition note 4. Do you still have one? Can you help?
Click to expand...
Click to collapse
Sorry mate look at my Sig i been on Note 5 since it came out, so i don't have any Note 4.
Running On Samsung Galaxy Note 5 N920A Wicked Deadly Venom Theme
also willing,
have a retail Verizon,
on LP but can roll back to kk
I have a dev ed Note Edge BUT I bought it used and the previous owner blew retail firmware into it, so aboot is destroyed. Strange thing, though, I'm able to get perm root with the latest kingroot on 5.1.1.
If that's useful to you, I'm down if you're down!
h00rj said:
I have a dev ed Note Edge BUT I bought it used and the previous owner blew retail firmware into it, so aboot is destroyed. Strange thing, though, I'm able to get perm root with the latest kingroot on 5.1.1.
If that's useful to you, I'm down if you're down!
Click to expand...
Click to collapse
If you have a backup of that old aboot, then yes. Feel free to jump in on the thread I added in the Note Edge XDA forum.
kerfex said:
So you are saying this might be a path to perm root?
Click to expand...
Click to collapse
Bootloader Unlock, so yeah, permanent root, though, I don't know if write protection will still be active, but we can hope.
PaulPizz said:
@npjohnson
I believe these are some note 4 developer files. Hope this helps
https://www.androidfilehost.com/?w=files&flid=28873
Click to expand...
Click to collapse
It would... if you knew whose aboot that was, and they were around to dump their CID. Track them down, then we'll talk.
@morgej, please see original post.
Just out of curiosity, correct me if this is lame thinking or not worth trying but would it be possible to change the cid to turn the device into lets say another variant in order to utilize something like CROM.apk or to odin another variants tar files to oem unlock a device?
elliwigy said:
Just out of curiosity, correct me if this is lame thinking or not worth trying but would it be possible to change the cid to turn the device into lets say another variant in order to utilize something like CROM.apk or to odin another variants tar files to oem unlock a device?
Click to expand...
Click to collapse
You could, but the device 99% wouldn't boot.
Plus, you do realize developer editions are unlocked? Why would you want to flash to another variant to oem unlock? Literally the same thing.
Rom-Addict said:
also willing,
have a retail Verizon,
on LP but can roll back to kk
Click to expand...
Click to collapse
Please Hangouts message me if you have adb set up, and can use it.
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Zues532 said:
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Click to expand...
Click to collapse
1. I believe this will work. I tired to help but suck at adb now apparently.
2. No need to post if you don't believe. Just ignore
Zues532 said:
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Click to expand...
Click to collapse
Well. Why don't you read the paper?
All devices that:
1. Use a Samsung eMMC (allows CID write)
&
2. A Developer Edition (allows you to supply a developer CID, and use their aboot)
Are vulnerable.
Question it if you will, but I am packaging things up as I write.
have adb setup but it's been awhile

Possible root without ENGBOOT?

DroidModderX has just uploaded a video of a 1-click program called Dr.Fone that supposedly can root a bunch of devices. He shows it working on a Verizon HTC 10. The T-Mobile S7 Edge is on the list of supported devices on the Dr.Fone website. The program is $29.95. Has anybody tried the program on our phones or can a dev chime in and either confirm or deny it's "legit-ness"?
I know the fact that it costs money may sound like a scam, but that's what I thought of Sunshine on my HTC M9 at first. Even with the U firmware and root, these devices are still way slower and have crappy battery life. I won't be happy until a good root method is released.
Just updated the TEK thread... I just got it... Pictures are proof, as is the weeks of sleep I am missing..... I have been working on a full Developer Takeover.. Changed the build type, user, thumbprint, keys, props, no TIMA or KNOX, Permissive, Cut the stock rom down to 700 mb and the system apps are GONE... not disabled... And so much more....
Let me explain the pic of a windows screen. That is Mr.MobileHelper... A very honest 3rd party chinese app... On the main page you get stats on your device. As you can see, there is a spot for root.. Before with straight leaked kernel, it would show up as NO for ROOT... No exploits were done with that kernel. It was factory... This has exploits... I, however am going with about 5 hours of sleep in two weeks, and ****ing don't recall the exact steps... I have a potential gold-mine here, and forgot where I put my mine'n pan! FML!
And I have no clue what a Dr. Phone is... where is this link? ****EDIT Found
and it may be nothing... but doesn't look or feel like nothing.. .This rom is smooter than the U is stock... It is the U... But MY U
Exciting news!
anonymoustl said:
And I have no clue what a Dr. Phone is... where is this link? ****EDIT Found
and it may be nothing... but doesn't look or feel like nothing.. .This rom is smooter than the U is stock... It is the U... But MY U
Click to expand...
Click to collapse
Your second pic shows ENG BUILD, the same that comes up with the ENG kernel. I'm suspect that the program you used only rooted with the ENG kernel, and it leads me to believe, OP, that the Dr.Fone program likely must do the same :crying:
Edit: looks like you can download a free version of the program to root with, without having to pay the 30$ I would gladly guinea pig this, but I need my phone for work tomorrow. If none brave enough by weekend, I'll give it a shot.
CaptainMorgan said:
Your second pic shows ENG BUILD, the same that comes up with the ENG kernel. I'm suspect that the program you used only rooted with the ENG kernel, and it leads me to believe, OP, that the Dr.Fone program likely must do the same :crying:
Edit: looks like you can download a free version of the program to root with, without having to pay the 30$ I would gladly guinea pig this, but I need my phone for work tomorrow. If none brave enough by weekend, I'll give it a shot.
Click to expand...
Click to collapse
ill downgrade from nougat to mm and try it
---------- Post added at 01:28 AM ---------- Previous post was at 12:46 AM ----------
blane3298 said:
ill downgrade from nougat to mm and try it
Click to expand...
Click to collapse
didnt work
blane3298 said:
ill downgrade from nougat to mm and try it
---------- Post added at 01:28 AM ---------- Previous post was at 12:46 AM ----------
didnt work
Click to expand...
Click to collapse
Did you try the paid version or the free one? The free version says it can only detect but not root.
anonymoustl said:
Just updated the TEK thread... I just got it... Pictures are proof, as is the weeks of sleep I am missing..... I have been working on a full Developer Takeover.. Changed the build type, user, thumbprint, keys, props, no TIMA or KNOX, Permissive, Cut the stock rom down to 700 mb and the system apps are GONE... not disabled... And so much more....
Let me explain the pic of a windows screen. That is Mr.MobileHelper... A very honest 3rd party chinese app... On the main page you get stats on your device. As you can see, there is a spot for root.. Before with straight leaked kernel, it would show up as NO for ROOT... No exploits were done with that kernel. It was factory... This has exploits... I, however am going with about 5 hours of sleep in two weeks, and ****ing don't recall the exact steps... I have a potential gold-mine here, and forgot where I put my mine'n pan! FML!
And I have no clue what a Dr. Phone is... where is this link? ****EDIT Found
and it may be nothing... but doesn't look or feel like nothing.. .This rom is smooter than the U is stock... It is the U... But MY U
Click to expand...
Click to collapse
I'm guessing Dr.Fone is similar to Mr.MobileHelper. But it looks like your program is using the ENGBOOT to gain root. If this is the case then these programs aren't any better than the manual root method. But try to get some sleep and get that ROM built and look into these programs some more!
CosMiiK said:
Did you try the paid version or the free one? The free version says it can only detect but not root.
Click to expand...
Click to collapse
Free. Not wanting to waste money if it's just the eng kernel
30 dollars for some free eng kernel..yay
blane3298 said:
Free. Not wanting to waste money if it's just the eng kernel
Click to expand...
Click to collapse
I don't want to pay either if it's just engboot. But this is why we need somebody to test it to confirm its just the eng kernel. If their claim of "over 7000 supported devices" is true, they might be using an exploit somebody on their team discovered. Or maybe they use dirtycow. I just can't give up until we have stable root. Stock kernel and root would make this the perfect phone.
CosMiiK said:
I don't want to pay either if it's just engboot. But this is why we need somebody to test it to confirm its just the eng kernel. If their claim of "over 7000 supported devices" is true, they might be using an exploit somebody on their team discovered. Or maybe they use dirtycow. I just can't give up until we have stable root. Stock kernel and root would make this the perfect phone.
Click to expand...
Click to collapse
If they gave a refund sure I'd try it
CosMiiK;69995103b said:
I don't want to pay either if it's just engboot. But this is why we need somebody to test it to confirm its just the eng kernel. If their claim of "over 7000 supported devices" is true, they might be using an exploit somebody on their team discovered. Or maybe they use dirtycow. I just can't give up until we have stable root. Stock kernel and root would make this the perfect phone.
Click to expand...
Click to collapse
I just got nougat redownloaded and set back up. Really don't want to go thru the hassle again -__-
There's no reason to even try to spend the 30$. I was going to act all high and mighty with some comment about "everyone wants root, but noone wants to pay to try" and then pay myself, but just read their FAQ for refunds, it says they will not provide a refund if you don't test the free version....so test the free version and get the answer:
It seems pretty clear cut to me. If you do it on EngBoot, perhaps it'll root it for you so you don't need the manual SuperSU method....but not for 30$.
Ran it on both Stock 935T and also on the stock 935U with the same results.
With products featuring up to a 30-day Money Back Guarantee, Wondershare generally does not refund or exchange products in the following situations:
Non-technical Circumstances
1) Failure to read the product description before purchasing and thus resulting in dissatisfaction with the product's functioned and/or results. It is highly recommended that every customer read the product description and try the free trial version before making their final purchase decision.
Wondershare does not refund software if products fail to meet customer's needs due to a lack of understanding by the customer, of the products functions and capabilities.
Click to expand...
Click to collapse
Seems pretty cut and dry that the 30$ wouldn't be worth it and this topic is now a null issue/question.
With that said, the product itself also has only 4 reviews posted on its website. 3 of them created within a 3minute period by "Jane, Jerry, Alex" who were extremely happy to state how amazing DrFone worked on their Note (3's?).
Can we agree that the OP's question has been answered?
At least for the gs7, it's funny how it lists our gs7 variants in the list of supported devices.
Blade22222 said:
At least for the gs7, it's funny how it lists our gs7 variants in the list of supported devices.
Click to expand...
Click to collapse
Only root going on here is them rooting 30 dollars from our wallet
nitroevo said:
Only root going on here is them rooting 30 dollars from our wallet
Click to expand...
Click to collapse
Agreed.
CosMiiK said:
I'm guessing Dr.Fone is similar to Mr.MobileHelper. But it looks like your program is using the ENGBOOT to gain root. If this is the case then these programs aren't any better than the manual root method. But try to get some sleep and get that ROM built and look into these programs some more!
Click to expand...
Click to collapse
That is where you are wrong, my friend... I forced that.. All part of a takeover.. And remember, the ENG kernel was NOT build on PI3, which this is clearly displaying Least you forget(or maybe you don't know) that there are MANY steps to finding and/or CREATING a vulnerability within a kernel or an OS... ESPECIALLY with the freaking types of encryption algo'z this thing can play with..
This isn't just downloading an app, pressing a button, and calling ones self an ub3r1337h4x0r.... This is reverse engineering... And as many people whom deconstruct/reconstruct better, I fu(*ing HATE documentating a DAMN thing.. So I have that to contend with as well..
See.. Download MrPhone if you want to test yourself... It's all free and blah blah... not gunna f*&k ya over... Now with your eng kernel on your phone, plug into mrPhone(which is only a device admin app.. does NOT root) and look at the kernel and root status... It will show just as I say.
I am uploading a current BOOTING BUILD PROP complete with TEST-KEYS and more.. Also totally broken encryption and verity... Hoping to break this ***** down to an exploitable level... At this point I am too far in.. Now it's 4tLulZ
Full Postulation:
Not going to put it until I get complete because that is like posting a 0-day as you are exploiting it..... EDIT******
Cliff Note Version: Get bootloader unlocked to make rooting a snap...or... wait for it........
A FLASH!!!!!! @Chainfire ?!?!
What would help the MOST from someone, is if they could point in the direction of the homes of the files that deal with the bootloader...
****EDIT 2*****
Rolled back the security patch to August 1, 2016 >
Has anyone tried to fake the chinese device and then use it's solutions to gain BL Unlock or root? Just saying... THAT is the same hardware.. I think someone was giving one of these devices away to a tester for testing... I am using my production phone which is causing relationship issues that I could totally do without.. So I mean... Someone else is going to have to grow a pair and start hacking at this thing too... Or I need that test phone.. because I am ready for some major testing, yet sphincter too tight to pull the cord of a full device fake....
---------- Post added at 08:29 AM ---------- Previous post was at 08:27 AM ----------
I also tried the Dr Phone solution.. The program was....donated to me. And after about 30 minutes of it rebooting my phone, it didn't work... So for the normal s7e user you pay a dollar a minute for the hopes of having something happen that was promised, ending up not just like..... trying to find a goddamn curved tempered glass screen cover that isn't udder garbage!
---------- Post added at 09:07 AM ---------- Previous post was at 08:29 AM ----------
Found exploit that should be able to help out. Reaching out to indiv. for possible help/co-creating.....
What I do not get is that this device has the OEM unlock switch in developer mode.. .but it doesn't do what it is supposed to do..
anonymoustl said:
What I do not get is that this device has the OEM unlock switch in developer mode.. .but it doesn't do what it is supposed to do..
Click to expand...
Click to collapse
All these posts make it sound like you're getting somewhere. That OEM Unlock switch threw everybody off the first few days after the phone came out. A lot of us assumed that the T-Mobile version would be unlocked like all their other phones have been and pre-ordered it. And if I remember correctly, not everybody with T-Mobile phones had that switch in dev options. Not that it did anything for the people that did have it

Rooting the ls997 (oreo) - request

Is there any progress or hopes on rooting the ls997 running Oreo?
My device was unlocked for any carrier but after the Oreo update it has been relocked and I can't seem to find a way around it.
Rooting seems to be my best bet now. Plus I need to delete some super annoying Sprint apps.
Samted69 said:
Is there any progress or hopes on rooting the ls997 running Oreo?
My device was unlocked for any carrier but after the Oreo update it has been relocked and I can't seem to find a way around it.
Rooting seems to be my best bet now. Plus I need to delete some super annoying Sprint apps.
Click to expand...
Click to collapse
I would say if you mean official Oreo, than no.
Anything after ZV7 atm is not rootable. Especially Oreo. Nougat might still have a chance. But Oreo is the nail in the coffin, if not the final nail. I personally am rooted on ZV7 and I can't even find an Oreo based ROM to run and try for LS997. Sprint's Kdz lockdown is my guess.
Carrier unlocked is sadly not going to allow root either unless somehow able to fully swap internal thoughts and memories of phone with another carrier. Even if able, it a slim chance if any.
Mysticblaze347 said:
I would say if you mean official Oreo, than no.
Anything after ZV7 atm is not rootable. Especially Oreo. Nougat might still have a chance. But Oreo is the nail in the coffin, if not the final nail. I personally am rooted on ZV7 and I can't even find an Oreo based ROM to run and try for LS997. Sprint's Kdz lockdown is my guess.
Carrier unlocked is sadly not going to allow root either unless somehow able to fully swap internal thoughts and memories of phone with another carrier. Even if able, it a slim chance if any.
Click to expand...
Click to collapse
You ever find anywhere else with a zv7? The one you linked got snatched up...?. I gotta make a dump for i95swervin and maybe he'll make a version of Alpha Oreo for LS997. I might be responsible for your lack of an Oreo ROM ?
---------- Post added at 12:03 PM ---------- Previous post was at 11:52 AM ----------
Mysticblaze347 said:
I would say if you mean official Oreo, than no.
Anything after ZV7 atm is not rootable. Especially Oreo. Nougat might still have a chance. But Oreo is the nail in the coffin, if not the final nail. I personally am rooted on ZV7 and I can't even find an Oreo based ROM to run and try for LS997. Sprint's Kdz lockdown is my guess.
Carrier unlocked is sadly not going to allow root either unless somehow able to fully swap internal thoughts and memories of phone with another carrier. Even if able, it a slim chance if any.
Click to expand...
Click to collapse
We should start a bounty thread???
zeusofyork said:
You ever find anywhere else with a zv7? The one you linked got snatched up...?. I gotta make a dump for i95swervin and maybe he'll make a version of Alpha Oreo for LS997. I might be responsible for your lack of an Oreo ROM ?
---------- Post added at 12:03 PM ---------- Previous post was at 11:52 AM ----------
We should start a bounty thread???
Click to expand...
Click to collapse
A bounty thread would be useless, most of the devs have moved on and runningnak3d has already stated root for 997 is a lost cause. If root is very important to you, then you should move onto another device
Sent from my LG-H910 using XDA Labs
zeusofyork said:
You ever find anywhere else with a zv7? The one you linked got snatched up.... I gotta make a dump for i95swervin and maybe he'll make a version of Alpha Oreo for LS997. I might be responsible for your lack of an Oreo ROM ?
---------- Post added at 12:03 PM ---------- Previous post was at 11:52 AM ----------
We should start a bounty thread???
Click to expand...
Click to collapse
I would be down for a bounty thread, but I think it would be pointless as well.
As for the ZV7... That sucks. I wish I had another link but I do not atm and can't say when. If I see something I will let you know asap. Very rare now adays.
I also have a ZV7 dump I think on my laptop if need be from before I rooted.
ZVD rootable would be absolutely epic, I still have hope for someday as for my backup phones.
zeusofyork said:
You ever find anywhere else with a zv7? The one you linked got snatched up.... I gotta make a dump for i95swervin and maybe he'll make a version of Alpha Oreo for LS997. I might be responsible for your lack of an Oreo ROM
Click to expand...
Click to collapse
The eBay store of the seller who previously sold several LS997 ZV7's can be found here. He periodically relisted the Sprint LG V20 on there over the last couple of months (I bought two ZV7's on two separate occasions), so there's a slim chance that he could still have another ZV7 left among those that he sells. You could contact the seller to check.
As I have stated in another thread, I have a procedure that I am confident will work, but it will require significant development time to get kexec working.
The procedure would not be easy (if you think lafsploit is hard to do .. you haven't seen anything yet). Also, it would be a tethered root .. meaning you would need a PC every time your phone is powered off. If you just needed to restart the OS, that could be done without a PC, but a cold boot would need a PC to enter some commands via a shell.
If all of that sounds like something you are willing to deal with, then start a bounty thread and I will try to get an exact estimate on the amount of dev hours I would have to put into writing the code.
If you Google "kexec loading a kernel from a kernel" you will get an idea of the amount of work I would have to put in.
By using kexec, we would use a validated kernel (one that passes dm-verity) to load another kernel with dm-verity disabled. Since the first kernel already passed the checks .. the second kernel would be loaded without the full boot process, and therefore aboot wouldn't verify it.
EDIT: Oh yeah, you would also need an SD card in your phone with a partition to hold kexec, the kernels, and TWRP. You could use the rest of the SD card for the OS, and the partition wouldn't need to be very big .. but just throwing that out there.
-- Brian
runningnak3d said:
As I have stated in another thread, I have a procedure that I am confident will work, but it will require significant development time to get kexec working.
The procedure would not be easy (if you think lafsploit is hard to do .. you haven't seen anything yet). Also, it would be a tethered root .. meaning you would need a PC every time your phone is powered off. If you just needed to restart the OS, that could be done without a PC, but a cold boot would need a PC to enter some commands via a shell.
If all of that sounds like something you are willing to deal with, then start a bounty thread and I will try to get an exact estimate on the amount of dev hours I would have to put into writing the code.
If you Google "kexec loading a kernel from a kernel" you will get an idea of the amount of work I would have to put in.
By using kexec, we would use a validated kernel (one that passes dm-verity) to load another kernel with dm-verity disabled. Since the first kernel already passed the checks .. the second kernel would be loaded without the full boot process, and therefore aboot wouldn't verify it.
EDIT: Oh yeah, you would also need an SD card in your phone with a partition to hold kexec, the kernels, and TWRP. You could use the rest of the SD card for the OS, and the partition wouldn't need to be very big .. but just throwing that out there.
-- Brian
Click to expand...
Click to collapse
I never looked into lafsploit because I don't have an H918. Just ls997..one rooted ZV7, and two ZVD's (backups). However...that method would seem a lil tedious, but doable. If only way...
I was wondering if it is even possible or easier to do and full on 100% phone clone. Turn one of the ZVD's into the rooted ZV7. That would be a true game changer and way faster.
If this was not intended at me I apologise. However, just a thought.
Once ARB has been incremented you can't roll back to any version that has a lower ARB. Even if you replaced the NAND, you would still only be able to use ZV8 or later since ARB is incremented inside the CPU. So, you can always replace the CPU AND the NAND
-- Brian
runningnak3d said:
Once ARB has been incremented you can't roll back to any version that has a lower ARB. Even if you replaced the NAND, you would still only be able to use ZV8 or later since ARB is incremented inside the CPU. So, you can always replace the CPU AND the NAND
-- Brian
Click to expand...
Click to collapse
Oh yeah, I forgot about it being baked in the CPU..damn it.
Reminds me of PS3 and nand flasher crap. Damn all the lock down. Oh well. At least I have a replacable battery .
Sad year so far
My beloved fully rooted ls997 died with a sudden rpm crash that was unfixable ?. Cant find a different one for the life of me. Anyway, I am now on ls997 oreo with temp root. Its nice, but very limited. I miss my full root.
I noticed that I have oem unlocked which is supposed to unlock bootloader or allow. But this supposed arb screws it up. How I have no idea. Its all rom related so it absolutely makes no damn sense. Why have oem unlocked if we cant do anything?
So oreo full root with arb?...
Would a stock Oreo dump allow for kdz extraction to make a rooted/ rootable rom?
Just a question and be cool if so. Long shot I know.
Especially with a not yet known arb bootloader
cnjax said:
A bounty thread would be useless, most of the devs have moved on and runningnak3d has already stated root for 997 is a lost cause. If root is very important to you, then you should move onto another device
Sent from my LG-H910 using XDA Labs
Click to expand...
Click to collapse
i needed to hear this now i can relax,i have so many ways but they don't work for my v20 ls997 running oreo

Categories

Resources