I'm currently on 4.2.2 and I'm trying to figure out the quickest way to 5.0, or whatever is the most recent, to be able to get back up to speed. I'm also wanting to finally unlock my phone and get TWRP too after I get my phone updated to the most recent version. Thanks for any help!
4.4.2 not 4.2.2
Sent from my SM-N900V using XDA-Developers mobile app
Go back to factory 4.4.2 no root. Take new update to 5.0 OF1 from Verizon then root phone install Super SU make shure you have root. Then unlock bootloader install TWRP and you're ready to flash. Everything you'll need is in the General Forum
Sent from my SM-N900V using XDA Free mobile app
buckeyestilidie said:
4.4.2 not 4.2.2
Click to expand...
Click to collapse
Yeah I was sort of wondering about that - i think that would predate even MI9.
Is your phone already rooted, or not? The 'samsung_unlock_n3' thing can provide you with immediate access to a custom recovery (twrp-3.0.2-0-hltevzw-4.{x}.img with {x} = 3 or 4). Perform the retail-to-DevEd conversion with 'samsung_unlock_n3', and after you verified that it worked, just 'dd' the recovery image into the recovery partition with a root shell. No Odin, no incrementing your bootloaders, no re-rooting a stock device.
Then boot into the TWRP recovery with a 3-finger salute (Vol-Up+Home+Pwr), blow the Knox Warranty fuse by booting TWRP, take a TWRP backup, get it off onto some safe media, and you are ready to start doing what you want. Try the -4.3 image if the -4.4 wont boot.
Note: hltevzw, *not* hlte
bftb0 said:
Yeah I was sort of wondering about that - i think that would predate even MI9.
Is your phone already rooted, or not? The 'samsung_unlock_n3' thing can provide you with immediate access to a custom recovery (twrp-3.0.2-0-hltevzw-4.{x}.img with {x} = 3 or 4). Perform the retail-to-DevEd conversion with 'samsung_unlock_n3', and after you verified that it worked, just 'dd' the recovery image into the recovery partition with a root shell. No Odin, no incrementing your bootloaders, no re-rooting a stock device.
Then boot into the TWRP recovery with a 3-finger salute (Vol-Up+Home+Pwr), blow the Knox Warranty fuse by booting TWRP, take a TWRP backup, get it off onto some safe media, and you are ready to start doing what you want. Try the -4.3 image if the -4.4 wont boot.
Note: hltevzw, *not* hlte
Click to expand...
Click to collapse
Okay that was a lot of information I'm not too sure about lol yes I am rooted and I'm pretty sure I'm using safestrap as my recovery.
Sent from my SM-N900V using XDA-Developers mobile app
bftb0 said:
Yeah I was sort of wondering about that - i think that would predate even MI9.
Is your phone already rooted, or not? The 'samsung_unlock_n3' thing can provide you with immediate access to a custom recovery (twrp-3.0.2-0-hltevzw-4.{x}.img with {x} = 3 or 4). Perform the retail-to-DevEd conversion with 'samsung_unlock_n3', and after you verified that it worked, just 'dd' the recovery image into the recovery partition with a root shell. No Odin, no incrementing your bootloaders, no re-rooting a stock device.
Then boot into the TWRP recovery with a 3-finger salute (Vol-Up+Home+Pwr), blow the Knox Warranty fuse by booting TWRP, take a TWRP backup, get it off onto some safe media, and you are ready to start doing what you want. Try the -4.3 image if the -4.4 wont boot.
Note: hltevzw, *not* hlte
Click to expand...
Click to collapse
This seems like an easier way then mentioned above, but I'm vague on the terminology used. Could you elaborate on the ideas you explained?
Sent from my SM-N900V using XDA-Developers mobile app
buckeyestilidie said:
This seems like an easier way then mentioned above, but I'm vague on the terminology used. Could you elaborate on the ideas you explained?
Click to expand...
Click to collapse
I started writing a SBS (step by step), but as I took the time to make sure that nobody would shoot themselves in the foot with my instructions, I realized that it would take a huge amount of effort once all the caveats and "be careful here"s are included.
The only reason that I took the path I did is that I don't care much for dodgy/opaque rooting methods, so I just preferred to try a route that avoided losing root, even temporarily.
It basically boils down to writing the recovery image (e..g twrp-3.0.2-0-hltevzw-4.3.img or twrp-3.0.2-0-hltevzw-4.4.img) directly to the recovery partition (/dev/block/mmcblk0p15) from the rooted ROM using the "dd" program after you have unlocked the bootloader. You can find those recovery images here, and raw-writing looks like this (note root prompt '#' symbol) :
Code:
# dd if=twrp-3.0.2-0-hltevzw-4.4.img bs=2048 of=/dev/block/mmcblk0p15
***
(You need root for both this operation and to unlock the bootloader, so it makes most sense to unlock the bootloader first).
Note that the above says nothing at all about how to prepare for disasters before you travel down this path. All of that is your responsibility; if reading this makes you uncomfortable, then you shouldn't be doing it.
Among the things that I prepared beforehand: TiBu backups; full tar image of the "internal" /sdcard; full backup of external SDcard; Safestrap TWRP backups of all slots; raw dumps of all of the partitions p1-p22; debrick images (first 256 MB of /dev/block/mmcblk0) both before and after the CID-changing unlock method, another p6 (= aboot) partition raw copy *after* the unlock CID change, etc.
After I had a real recovery running on the phone, the first thing I did was to take TWRP backups of everything and got those backups off the phone as well.
Even after that, I think I forgot something: I think safestrap backs up the "loopback mount blobs" for the non-stock slots somewhere in /data/media - so they are not captured by backups of "real" TWRP (in the real recovery partition), nor in backups of the "internal" SDcard. They are captured by the psuedo-recovery that Safestrap uses, but the ability to use them may depend on having the stock slot be the active slot before you take the (real) TWRP backup. You will see similar instructions elsewhere: e.g. "get your rooted ROM running in the stock slot before you begin, and make sure the stock slot is the active slot"
*** The partitioning numbering scheme is not guaranteed to be identical on devices other than the SM-N900V Verizon Samsung Galaxy Note 3. If you have in mind using a command like this on another device, a better means for naming the destination (output file of=) target is "by-name", e.g.
dd ... of=/dev/block/platform/msm_sdcc.1/by-name/recovery ...
I didn't use that notation here because Safestrap plays games trying to protect the real boot partition by altering these symlinks, so you need to verify they really point where you think they do before you use them. (e.g. iirc, safestrap symlinks boot -> /dev/null and userdata -> mmcblk0p25 -> mount point of data blob for active slot)
Related
[GUIDE] Root & recovery WITHOUT oem unlock & wipe (2.3.2 & older, plus now 2.3)
UPDATE #2 - Fitchman has reported successful root and rom flash without unlocking the bootloader by using Ginger Break. Full details in this post: http://forum.xda-developers.com/showpost.php?p=13236136&postcount=135
UPDATE - IMPORTANT: This method does not work with Android 2.3.3. Search the forum or this post in this thread for a way to update to 2.3.3 and root without unlocking if you haven't updated yet.
Alternatively, use this method on 2.3.2 and lower, then use titanium to back up everything, store it on your laptop (along with all your sdcard's data), then do the oem unlock step first and then continue from there with the rest of the guide.
Not my original idea, but a consolidation of a discussion between inakipaz and shrivelfig and myself in another thread and being posted here for easier finding by future root-seekers.
Shrivelfig's tested the method to re-root a previously rooted pone with a re-locked bootloader, and inakipaz has done it on a phone that's never had the bootloader unlocked.
The advantage here is that those who chose not to root when they first got the phone won't lose any app data or sdcard data like the methods that have you unlock the bootloader do. The disadvantage is your bootloader remains locked, which may prevent you flashing certain things in the future.
edit: see ravidavi's posts below; he's shown you can even flash custom roms that are clockwork compatible while having a locked bootloader with this method.
Download these two files:
clockwork recovery v3.0.0.5 or clockwork recovery v3.0.0.5 mirror if above not working
su-2.3.6.1-ef-signed.zip
Koush's blog for the latest clockwork updates (find Nexus S in the list).
Also, if you don't already have the necessary android sdk and drivers on your computer, get them from here: http://developer.android.com/sdk/index.html and install them. Some Windows users report better luck just installing pdanet. There's a decent guide for Windows users on installing the sdk here.
Place the recovery file on your laptop where you can access it while using the sdk fastboot commands.
Place the su zip one in the top level folder of your sdcard.
Put your phone in fastboot mode (power off, then hold volume up and power key at the same time until the phone boots to a white screen).
Use fastboot to boot the phone into the clockwork recovery:
Code:
fastboot boot recovery-clockwork-3.0.0.5-crespo.img
If you're not sure how to get fastboot working on your computer, follow the excellent instructions that Allgamer gives in this GUIDE, but don't do the oem unlock command!
Once in clockwork, flash the su file to the phone by following these steps below.
To navigate in the clockwork recovery, you use the volume keys to scroll up/down through the menus, and the on/off button to select what's highlighted.
(note: some report success without these first 3 steps, others don't get a succesful root without, I recommend doing them)
select mounts and storage.
select mount /system
select go back
select install ZIP from sdcard
select choose zip from sdcard
select su-version#-signed.zip file you downloaded earlier
select yes - install su-version#-signed.zip
confirm it says "Install from sdcard complete"
select go back
select reboot
After the phone reboots, you should be rooted, with a locked bootloader, and none of your data erased.
That said, never hurts to have a backup of your precious data on the sdcard that you can copy over to the computer.
This method doesn't install busybox, so go to the Market and download/install busybox directly, or get Titanium Backup and check it's "problems?" button and let it install busybox for you. There's also an app called root checker that supposedly verifies you have a working root on your phone.
Once you have a successful root installed, I'd suggest getting back into clockwork recovery and running a nandroid back up from clockwork's backs and restore menu. Then copy that file from your sdcard (in the /clockwork/backups folder) to your laptop for safe-keeping and an easy full system restore to a known working config.
Usual disclaimers about I'm not responsible for damage to your phone or loss of data apply. Use any rooting method at your own risk.
Thanks and all the real credit go to inakipaz, shrivelfig and allgamer, and of course to koush, and ChainsDD for the superuser apk.
Worked perfectly. I used fastboot from my Mac (outlined in the stickied Mac Root thread). Root checker verifies that I have root.
And by the way, my phone and I are both root/ROM cherry. First android phone, first time rooter. Will work up the guts to flash a ROM soon, but of course there's no chance of doing THAT without unlocking the bootloader.
Thanks to all involved in this!
yeah! good work!
Srsly. Awsom.
Someone sticky this....
Question: When you do the fastboot boot command, does that overwrite the stock recovery with Clockwork? Or is it just booting into the recovery img without actually flashing it?
I would think this method also gives you a way to back up before unlocking the bootloader.
1) fastboot boot into Clockwork as described here
2) Full nandroid backup from Clockwork
3) Mount "SD" from Clockwork over USB, copy everything to computer (since it wipes everything)
4) Go back and unlock the bootloader as usual, resulting in a full wipe
5) Flash Clockwork Recovery again through whichever method
6) Mount "SD" from Clockwork over USB, copy the backup back to phone
7) Restore nandroid
And now you've unlocked the bootloader without amnesia =)
ravidavi said:
And by the way, my phone and I are both root/ROM cherry. First android phone, first time rooter. Will work up the guts to flash a ROM soon, but of course there's no chance of doing THAT without unlocking the bootloader.
Thanks to all involved in this!
Click to expand...
Click to collapse
Are you sure you need to unlock the bootloader to flash a ROM? Now that you have root, try installing ROM Manager from the Market, and see if it lets you flash custom recovery with bootloader still locked. If so, then yes you can install a ROM!
Also, the fact that you're able to boot into Clockwork using "fastboot boot" - that also means you can install a ROM .zip file right from there.
cmstlist said:
Question: When you do the fastboot boot command, does that overwrite the stock recovery with Clockwork? Or is it just booting into the recovery img without actually flashing it?
Click to expand...
Click to collapse
"fastboot boot" only launches the recovery no unlock needed. "fastboot flash" flash the recovery
cmstlist said:
Are you sure you need to unlock the bootloader to flash a ROM? Now that you have root, try installing ROM Manager from the Market, and see if it lets you flash custom recovery with bootloader still locked. If so, then yes you can install a ROM!.
Click to expand...
Click to collapse
It worked! Here's the process I used, starting from a completely unmodded Nexus S.
1: Use the method detailed here to gain root access without unlocking the bootloader.
2: Using a root-enabled file explorer (I used Super Manager), rename install-recovery.sh (in /etc) to install-recovery.sh.old . You'll need to remount as r/w to do this. NOTE: You don't *have* to do this step, but if you don't, then you can only use clockwork once after which it will be erased on reboot.
3: Using ROM Manager, install Clockwork Recovery.
4: Pleasure yourself, because your bootloader is still locked and nothing was erased.
I have yet to try actually flashing a custom ROM. Does this mean that it can also be done without unlocking bootloader?
Well damn, whaddaya know. I just flashed MoDaCo r10 without unlocking the bootloader, and without losing any personal data on /sdcard.
I figure someone at XDA should like this.
Pretty much followed distortedloop's advice. Starting from a fully stock Nexus S with Android 2.3.2 (GRH78C):
* Root using the method on this thread.
* Rename install-recovery.su to install-recovery-old.su. (in /bin)
* Install Clockwork Recovery from ROM Manager.
* Download whatever ROM you want (compatible with Clockwork), rename to update.zip, and copy to sdcard.
* Reboot into Clockwork.
* Wipe cache, reset to factory (IF REQUIRED BY NEW ROM). This was my first install of MoDaCo, and that requires it. This step does NOT erase your personal files on sdcard, just all android-related files.
* Install update.zip from Clockwork.
* Continue self-pleasuring ... you now have a custom rom without touching your bootloader or wiping your personal sdcard data.
Maybe it's just because I'm a noob here, but it seems to me that this is a BIG deal. All root/ROM installation methods that I've seen so far have required an unlocked bootloader. This seems to be the first time a Nexus S has been unlocked and custom-ROM'd without unlocking the bootloader and wiping the entire /sdcard.
Ravi
Yeah, it's pretty clear that the unlock the bootloader step isn't necessary for most of what we want to do. Just a habit from earlier devices, perhaps?
What's really odd is now we have to wonder what's the purpose of the oem unlock erasing your sdcard? Speculation was that it was a security feature to keep people from accessing your data if they stole your phone; they couldn't flash something on the phone to get access, but clearly they can. Fastboot into a custom recovery and you own the phone.
Perhaps this is a security hole Google will try to fix some day?
At any rate, I wish we'd discovered this sooner, it would have saved several people some grief in having to lose saved games (Angry Birds!) when they finally decided to root.
distortedloop said:
Yeah, it's pretty clear that the unlock the bootloader step isn't necessary for most of what we want to do. Just a habit from earlier devices, perhaps?
...
At any rate, I wish we'd discovered this sooner, it would have saved several people some grief in having to lose saved games (Angry Birds!) when they finally decided to root.
Click to expand...
Click to collapse
You say "for most of what we want to do." Could you think of a case where you would need to unlock it now? It's now shown to be unnecessary for rooting and installing custom recovery/ROM.
Is there any way to get the word out? This thread isn't stickied, and all the stickied threads on rooting & custom ROMs currently assert that you have to unlock the bootloader.
Ravi
ravidavi said:
You say "for most of what we want to do." Could you think of a case where you would need to unlock it now? It's now shown to be unnecessary for rooting and installing custom recovery/ROM.
Click to expand...
Click to collapse
I'm thinking that something like Superboot might need to have the bootloader unlocked, since it replaces the boot image, right? But I'm not sure.
ravidavi said:
Is there any way to get the word out? This thread isn't stickied, and all the stickied threads on rooting & custom ROMs currently assert that you have to unlock the bootloader.
Ravi
Click to expand...
Click to collapse
There's only a page and a half of posts in the development section right now, so it's not likely to disappear any time soon, but you could ask a mod (theimpaler747 is ours) via PM to sticky it. I thought about asking myself, but seemed a bit tacky to ask for my own thread.
Meanwhile, I'd been linking people to various posts I'd made in other threads suggesting this might work, but once inakipaz and shrivelfig confirmed it, I'm just now pointing people here. I just hope people see this before wiping their phones unnecessarily.
Really, the other guides should just be updated to skip the oem unlock step. That's really the only different thing we're doing here.
i'm just waiting for more people "newbies" to confirm this actually works for them, before making it a sticky
In theory if you really really screw up your phone, you might need fastboot flash in order to recover it. But if fastboot also lets you boot into an img recovery... then you still have a recovery route that doesn't require unlocking.
Sent from my Nexus One using XDA App
I know it's a noob question and all since all you're doing is flashing a custom recovery but will you still be able to get OTA updates after doing this as well?
Sent from my Nexus S using XDA App
qreffie said:
I know it's a noob question and all since all you're doing is flashing a custom recovery but will you still be able to get OTA updates after doing this as well?
Sent from my Nexus S using XDA App
Click to expand...
Click to collapse
yes because you still have the original recovery installed
distortedloop said:
Perhaps this is a security hole Google will try to fix some day?
Click to expand...
Click to collapse
This would be my guess.
But how? Is it possible to plug this with just a software update? Time will show, I guess.
This (security hole) should also make it possible to do perfect out-of-the-box OS backups. And restores. The problem is that nobody's going to do a backup without playing with their shiny new toy first.
shrivelfig said:
This would be my guess.
But how? Is it possible to plug this with just a software update? Time will show, I guess.
This (security hole) should also make it possible to do perfect out-of-the-box OS backups. And restores. The problem is that nobody's going to do a backup without playing with their shiny new toy first.
Click to expand...
Click to collapse
I can confirm that the Nexus One does not allow this "fastboot boot" on a locked bootloader. Maybe this was just an oversight?
It is entirely possible to plug this with a software update: Samsung/Google could issue a signed update that includes a bootloader upgrade. This has been done many times by HTC for example.
I can confirm that this method works, without unlocking the BL or erasing the SD part.
This is pretty cool. I wish I new about this before I unlocked the bootloader days after I received my phone. I too wonder if this was intentional or an oversite. Google did want this phone to be for developers, but like other's said, this is also a bit of a security hole. The wiping of the sd card on unlock would protect the person if the phone was stolen, like if there was confidential corporate stuff on there. Even if you password protect your phone, someone could fastboot clockwork, mount the sd card and retrieve all the information that was on there.
cmstlist said:
It is entirely possible to plug this with a software update: Samsung/Google could issue a signed update that includes a bootloader upgrade. This has been done many times by HTC for example.
Click to expand...
Click to collapse
It's also been done by Samsung with some versions of the Galaxy S line (some of the "leaked" roms, and even one official kies push (IIRC) changed the bootloader, causing people the ability to use 3 button mode for Odin access, and causing others to lose it.
I'll start by saying here that I fully understand that what I'm saying may not apply to the international (non-GED) Xoom devices.
Maybe someone can shed some light on this. Why is it that every rooting method I see here seems to involve flashing some ZIP file that has a modified kernel or boot image? Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?
No. Before when I first bought my xoom I just rooted it, no custom kernel or rom. Now I've used both and benefits alot. As for example some games people complain laggs, with custom kernel ya can over clock and fix some of this. Then custom roms allow ya to use features not enabled by Google on default. For example the wifi xoom can not connect ad-hoc networks like mobile hotspots. Roms include this unless you wanna do it the hard way. Another nifty feature is the USB OTG to attach hard drives which Google allows ya to do like mice and keyboards but not external drives.
oldblue910 said:
Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?
Click to expand...
Click to collapse
I think you ARE missing something. The process you outlined with other GED devices is identical to the Motorola XOOM root process as well.
1. You use "fastboot oem unlock" to unlock the bootloader. (This only unlocks the bootloader so you can flash custom ones, recoveries, etc. but does NOT modify the current bootloader in any way.)
2. Flash clockwork with fastboot as well.
3. Install the Universal XOOM rooting ZIP through clockwork.
4. Done.
How is this any different?
The Universal XOOM root ZIP can be found @ http://forum.xda-developers.com/showthread.php?t=1242241 and does NOT contain any sort of modified Kernel or Boot image.
I don't know where you got your information from.
Sure it does. Take a look at the zip file (all those files in the kernel folder). Plus once it's done, stock recovery no longer auto flashes because something was changed in the boot image and the checksums don't match anymore.
Sent from my Xoom using Tapatalk
Well, I stand corrected! Yeah, I don't know why it modifies the boot image either then. I'd have just thought flashing clockwork and installing the binary should be fine.
I guess you need to talk to solarnz or one of the other more experienced XOOM devs...
sodaboy581 said:
Well, I stand corrected! Yeah, I don't know why it modifies the boot image either then. I'd have just thought flashing clockwork and installing the binary should be fine.
I guess you need to talk to solarnz or one of the other more experienced XOOM devs...
Click to expand...
Click to collapse
And that's the thing...flashing just the binaries DOES work fine, at least on my Xoom. I wonder if it has something to do with the international non-GED Xooms...
Sent from my Xoom using Tapatalk
You do need a modified initramfs to root properly.
an insecure boot.img is the most useful part of being rooted.
And with one of those you don't even need clockworkmod.
flash it with fastboot / reboot / adb remount and then just push su and superuser set suid on su (10 seconds total - far less hassle than messing with clockworkmod).
I am a little surprised no one figured out how to root before unlocking. Would sure be handy to do a titanium backup before unlocking ( which wipes everything !! ) That said, it is just a minor inconvenience. Copy some stuff to the PC and I am good to go.
oldblue910 said:
I'll start by saying here that I fully understand that what I'm saying may not apply to the international (non-GED) Xoom devices.
Maybe someone can shed some light on this. Why is it that every rooting method I see here seems to involve flashing some ZIP file that has a modified kernel or boot image? Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?
Click to expand...
Click to collapse
You don't _need_ to flash an insecure kernel image; there's multiple paths to root. If you don't have a version of CWM for the device, then running the system insecure may be the only way to do it. Running the system in insecure mode does give you the ability to run adb as root amongst other things, however (so you can do things like adb remount).
Yeah I can see needing the insecure image in the case of not having ClockworkMod or if you need those extra commands in ADB. I was more just curious if running an insecure image was somehow a better practice than just flashing the androidsu.com zip. I guess it's 6 of one or a half dozen of the other in the end.
Thanks for the explanation!
Sent from my Xoom using Tapatalk
unrandomsam said:
an insecure boot.img is the most useful part of being rooted.
Click to expand...
Click to collapse
I suppose that depends on what you use root for, really. For instance, the ability to run adb as root means nothing to me really. I can count the number of times I've used adb on one hand. I more use root so I can take screenshots without hooking up to USB, and I also like having root access to the filesystem.
Plus, it seems that the insecure image is the reason why everyone says not to accept OTAs if you're running a rooted stock ROM. I've read horror stories of people accepting OTAs on a rooted stock ROM and ending up with bootloops and all kinds of other craptastic stuff. If you root with the boot image secure, you can accept OTAs and just re-root when it's done flashing.
Different strokes for different folks, right?
Sent from my Xoom using Tapatalk
mobileweasel said:
I am a little surprised no one figured out how to root before unlocking. Would sure be handy to do a titanium backup before unlocking ( which wipes everything !! ) That said, it is just a minor inconvenience. Copy some stuff to the PC and I am good to go.
Click to expand...
Click to collapse
This.
Most devices have temp root so you're able to run rooted app to fully backup before unlocking it. I've been holding off rooting on my wife's xoom because I don't want to wipe her saved data, but im really itching to mess with it, hehe. I heard with ICS you can do a full backup with adb, I believe you use the " adb backup" method.
The insecure boot image is need for two reasons.
1) without it you would not be able to adb mount the partitions while inside the Android os.
2) every time you boot into Android, a script it's ran to check for stock recovery and overwrite it, insecure boot images disable this (you can also disable by deleting the script files)
Sent from my Nexus S 4G
Hi everyone!
i want to root my nexus 7, if i'm not wrong to root it i have to unlock the bootloader, and i will lose all my data (i'll use the Wug's Toolkit)
if i root it now with 4.2.2, when i update it with the new 4.3, i'll lose root? if yes to root again my nexus, i'll lose again my data?
i hope my english is not that ugly :silly:
thanks for the help!
Zambo27 said:
Hi everyone!
i want to root my nexus 7, if i'm not wrong to root it i have to unlock the bootloader, and i will lose all my data (i'll use the Wug's Toolkit)
if i root it now with 4.2.2, when i update it with the new 4.3, i'll lose root? if yes to root again my nexus, i'll lose again my data?
i hope my english is not that ugly :silly:
thanks for the help!
Click to expand...
Click to collapse
Hi, Zambo27...
Your English is fine... don't worry about it.
You don't necessarily have to unlock the BOOTLOADER to root STOCK JellyBean 4.2.2.
An 'exploit' has become available which obviates this need...
http://forum.xda-developers.com/showthread.php?t=2233852
I have tested this myself, and I can confirm that it works... it's actually really easy; takes about a minute or so. The only 'downside' is because the BOOTLOADER is still locked, you won't be able to flash any custom ROMs or kernels.
But if all you care about is running ROOTED stock, then this is by far the easiest way to go.
(And the the 'upside' of course is... it doesn't wipe the tablet.)
------
For any future OTA updates from Google, you should be able to backup your ROOT (su binary), and restore it again after the OTA, using Voodoo OTA RootKeeper - http://play.google.com/store/apps/details?id=org.projectvoodoo.otarootkeeper&hl=en.
Rgrds,
Ged.
GedBlake said:
Hi, Zambo27...
Your English is fine... don't worry about it.
You don't necessarily have to unlock the BOOTLOADER to root STOCK JellyBean 4.2.2.
An 'exploit' has become available which obviates this need...
http://forum.xda-developers.com/showthread.php?t=2233852
I have tested this myself, and I can confirm that it works... it's actually really easy; takes about a minute or so. The only 'downside' is because the BOOTLOADER is still locked, you won't be able to flash any custom ROMs or kernels.
But if all you care about is running ROOTED stock, then this is by far the easiest way to go.
(And the the 'upside' of course is... it doesn't wipe the tablet.)
------
For any future OTA updates from Google, you should be able to backup your ROOT (su binary), and restore it again after the OTA, using Voodoo OTA RootKeeper - http://play.google.com/store/apps/details?id=org.projectvoodoo.otarootkeeper&hl=en.
Rgrds,
Ged.
Click to expand...
Click to collapse
2 try to get root... it almost killed me xD
on the first try SuperSU was installed but it told me that "su command" wasn't
then i tried again and now it's rooted and it work fine
one last question, i read a thing
if i modifies "too much" i'll lose the possibility to update to android's next version, i want to fix the issue with the xbox wireless controller (http://forum.xda-developers.com/showthread.php?t=1792531) it will make me some problems?
GedBlake said:
The only 'downside' is because the BOOTLOADER is still locked, you won't be able to flash any custom ROMs or kernels.
Click to expand...
Click to collapse
Ged,
That is a mis-statement. Using a single "dd" command from a root shell - for example either adb or a terminal emulator, you can write a custom recovery image file to the SOS (recovery) partition.
$ su
# dd if=/sdcard/recovery-image-file.img of=/dev/block/platform/sdhci-tegra.3/by-name/SOS
That produces a tablet with a locked boot loader, a rooted stock ROM, and a custom recovery.
The very first thing to do at that point in time is to take a Nandroid backup - and get a copy of it off the tablet for safe keeping.
Jeez I wish the thread owners for toolkits and rooting methods would stress the importance of backups. There sure would be far fewer "omg help me please" requests in this (Q&A) forum if people would simply make backups of their nearly-stock ROMs.
bftb0 said:
Ged,
That is a mis-statement. Using a single "dd" command from a root shell - for example either adb or a terminal emulator, you can write a custom recovery image file to the SOS (recovery) partition.
$ su
# dd if=/sdcard/recovery-image-file.img of=/dev/block/platform/sdhci-tegra.3/by-name/SOS
That produces a tablet with a locked boot loader, a rooted stock ROM, and a custom recovery.
The very first thing to do at that point in time is to take a Nandroid backup - and get a copy of it off the tablet for safe keeping.
Jeez I wish the thread owners for toolkits and rooting methods would stress the importance of backups. There sure would be far fewer "omg help me please" requests in this (Q&A) forum if people would simply make backups of their nearly-stock ROMs.
Click to expand...
Click to collapse
Thanks for the info, bfb0... I had some suspicions about the 'dd' command, but I wasn't confident/certain about whether it would work with a locked bootloader.
But if I understand you correctly, there would be nothing to stop somebody from gaining root by the 'exploit' method I alluded to earlier, and then flashing a custom recovery using 'dd'...
...and then by extension flashing a custom ROM or kernel...
If my understanding is correct, then does this not make unlocking the bootloader somewhat redundant (with the consequential wipe)... or am I missing something here?
Definitely going to have to experiment with this... when I have the time.
----
Incidentally, I'm with you on the Nandroid backup issue... it is vaguely puzzling why this step isn't as ingrained in peoples flashing habits as perhaps it should be.
It's so easy to do... takes less than 5 minutes... and is a potential lifeline back to a working tablet.
Rgrds,
Ged.
GedBlake said:
But if I understand you correctly, there would be nothing to stop somebody from gaining root by the 'exploit' method I alluded to earlier, and then flashing a custom recovery using 'dd'...
...and then by extension flashing a custom ROM or kernel...
Click to expand...
Click to collapse
You understand correctly. Unlocking the bootloader only allows you extra functionality of the bootloader itself (via fastboot flashing/boot commands). It doesn't "unlock" data in partitions - that security is normally provided by the Linux kernel permission system. Once you have root in ANY booted Linux kernel which properly reads the eMMC (flash chip) partitioning and plumbs /dev/block/ entries into the device tree corresponding to those partitions, any root-privileged process can write whatever it wants into those partitions.*
GedBlake said:
If my understanding is correct, then does this not make unlocking the bootloader somewhat redundant (with the consequential wipe)... or am I missing something here?
Click to expand...
Click to collapse
More or less, except that the bootloader will still fire up even if /cache, /data, and/or /system are completely bolluxed up. TWRP (and maybe CWM?) try to immediately mount /data and /cache so they are not quite as robust in the face of user screw-ups. But yeah - if you are careful, you could do everything you want without unlocking the bootloader... so long as the custom recovery stays healthy.
Mark my words: there will be people who root without unlocking their bootloader or installing a custom recovery (and thus fail to make a Nandroid backup), and then wedge their OS... and then come in here whining that they can't rescue their tablet without unlocking their bootloader (and thus wiping their entire tablet).
* there have been android devices which used hardware locking to restrict even kernel access to certain flash memory partitions, but there is no evidence that the N7 bootloader lock state affects any of the typical partitions involved in ROM flashing (recovery, boot, system, cache, use data).
bftb0 said:
You understand correctly. Unlocking the bootloader only allows you extra functionality of the bootloader itself (via fastboot flashing/boot commands). It doesn't "unlock" data in partitions - that security is normally provided by the Linux kernel permission system. Once you have root in ANY booted Linux kernel which properly reads the eMMC (flash chip) partitioning and plumbs /dev/block/ entries into the device tree corresponding to those partitions, any root-privileged process can write whatever it wants into those partitions.*
More or less, except that the bootloader will still fire up even if /cache, /data, and/or /system are completely bolluxed up. TWRP (and maybe CWM?) try to immediately mount /data and /cache so they are not quite as robust in the face of user screw-ups. But yeah - if you are careful, you could do everything you want without unlocking the bootloader... so long as the custom recovery stays healthy.
Mark my words: there will be people who root without unlocking their bootloader or installing a custom recovery (and thus fail to make a Nandroid backup), and then wedge their OS... and then come in here whining that they can't rescue their tablet without unlocking their bootloader (and thus wiping their entire tablet).
* there have been android devices which used hardware locking to restrict even kernel access to certain flash memory partitions, but there is no evidence that the N7 bootloader lock state affects any of the typical partitions involved in ROM flashing (recovery, boot, system, cache, use data).
Click to expand...
Click to collapse
Hi, again bfb0...
Much of this is is beyond me, I'm afraid...(actually, a lot of your posts are a bit beyond me, to be honest)...
...but I pick up bits and pieces here and there...
And I can confirm the 'dd' command does indeed work as you suggest.
-------------
A few hours ago, I fully backed up my N7 to my laptop (latest TWRP Nandroids, Titanium, etc)...
Fastboot flashed back to stock (JDQ39).
Relocked the bootloader.
Ran the 'exploit' - and acquired root.
Copied everything back over to my N7 from my laptop.
Flashed TWRP in Terminal Emulator via the 'dd' command - this took a few tries, 'cos it's a long command and there's plenty of scope for typos.
Booted into the Bootloader again, then TWRP...
First off was to flash Franco's kernel... which occurred without problem. (This was more of a test, than anything - just to see if it would work).
Next was to restore my last Nandroid backup... which also occurred without probems.
--------
So... as I write this, my Nexus 7 is more or less back to how it was... but with one significant difference... Custom Recovery, Custom ROM and Custom Kernel are all sitting behind a LOCKED BOOTLOADER.... no UNLOCKED PADLOCK symbol on boot. Oh... and it's also Rooted as well!.
I'm not sure why, but I find myself slightly amazed by this - I wouldn't have believed it possible...
Guess you learn something new everyday.
Cheers, bfb0!
(...and apologies to Zambo27 for ever-so-slightly hijacking your thread).
Rgrds,
Ged.
Can i install CWM on locked bootloader?
Ben Ling said:
Can i install CWM on locked bootloader?
Click to expand...
Click to collapse
Yes.
An 'exploit' has recently become available for ROOTING the Nexus 7 without unlocking the BOOTLOADER.
This 'exploit' works... I have tested it myself.
Until recently, I believed that because FASTBOOT wasn't an option (as a result of a LOCKED BOOTLOADER), there was no way of FLASHING anything.
Happily, I was disabused of this notion by bftb0... and I can confirm, you can indeed install CWM (or TWRP) with a locked BOOTLOADER.
-----------------------------
Here's how...
First, you need to run this 'exploit' to acquire ROOT.
Upon reboot, you should now be rooted, with Chainfires SuperSU package and associated SU binary installed.
It's important that you are ROOTED before you proceed.
Next, get Android Terminal Emulator from PlayStore.
Download a CUSTOM RECOVERY .img of your choice... either CWM (Both 'Grouper' and 'Tilapia' variants are available)...
...or TWRP for 'Grouper' (N7 WiFi) or TWRP for 'Tilapia' (N7 3G).
Rename it to recovery.img... and copy it to the root of the Nexus 7's internal storage (emulated SD card).
In Terminal Emulator, run the following command...
Code:
su
dd if=/sdcard/recovery.img of=/dev/block/platform/sdhci-tegra.3/by-name/SOS
Upon completion of this command, shutdown and reboot your device into the BOOTLOADER, and from there, boot into your CUSTOM RECOVERY... in pretty much the same way had you FASTBOOT FLASHED it.
-----------------------------
You are now free to flash whatever ROMs or kernels you like.
However, a word of caution... because the BOOTLOADER remains locked, FASTBOOT is strictly off limits; it simply won't work.
So the first thing you should do after flashing TWRP or CWM is...
*** MAKE A NANDROID BACKUP ***
If the device becomes 'wedged/bootlooped' as a result of some ROM flash gone wrong, then you will have no choice but to unlock the BOOTLOADER (with full wipe) in order to fix it.
But if you have a NANDROID backup... piece of cake... just restore.
-----------------------------
Credits and kudos must go to XDA members, nhshah7, who made this 'exploit' available and bftb0, whose post pointed me in the right direction, with regard to the 'dd' command.
-----------------------------
I can confirm all of this works... my Nexus 7 is currently rooted, running a custom recovery (TWRP), with a custom ROM and Kernel (see sig) installed - all sitting behind a LOCKED BOOTLOADER.
...no Factory Reset (wipe) required...
...and no Unlocked Padlock Symbol upon boot.
Rgrds,
Ged.
Previously I installed cwm and can boot,just 1 time.
I tried to boot into but nothing.
What to do?
Sent from my Sony Xperia™ sola using XDA Premium App
@GedBlake well it works for the first time for me as well,.,., used the TWRP latest..,.,.
afterwards it says "no command"
SSyar said:
@GedBlake well it works for the first time for me as well,.,., used the TWRP latest..,.,.
afterwards it says "no command"
Click to expand...
Click to collapse
This is really peculiar... I had a few problems myself, initially... but I just assumed I made a typo mistake in TE - but I never had a "no command" message. It took me two or three goes before I got it to work.
And it works fine now, without problems.
I recall reading, a while ago, you had to delete a file from /system called recovery-from-boot.p after flashing a custom recovery in order to get the custom recovery to stick. I never had to do this myself, maybe 'cos I'm running a custom ROM.
Are you on stock, or running a custom ROM?
Rgrds,
Ged.
GedBlake said:
This is really peculiar... I had a few problems myself, initially... but I just assumed I made a typo mistake in TE - but I never had a "no command" message. It took me two or three goes before I got it to work.
And it works fine now, without problems.
I recall reading, a while ago, you had to delete a file from /system called recovery-from-boot.p after flashing a custom recovery in order to get the custom recovery to stick. I never had to do this myself, maybe 'cos I'm running a custom ROM.
Are you on stock, or running a custom ROM?
Rgrds,
Ged.
Click to expand...
Click to collapse
I'm on stock JB 4.2.2 JDQ39 Wi-Fi & 3G version,so what to do now?
Sent from my Asus Google Nexus 7 using XDA Premium
Ben Ling said:
I'm on stock JB 4.2.2 JDQ39 Wi-Fi & 3G version,so what to do now?
Sent from my Asus Google Nexus 7 using XDA Premium
Click to expand...
Click to collapse
Have you tried running the dd command again?... As I previously mentioned, it took two or three attempts, before it 'stuck' on my N7.
Now I have no problem booting into TWRP... similarly, I have tested this procedure with CWM - and again no problems.
With a root capable file manager, you could try deleting (or renaming) the file recovery-from-boot.p which can be found in /system, and then try again.
Rgrds,
Ged.
GedBlake said:
Have you tried running the dd command again?... As I previously mentioned, it took two or three attempts, before it 'stuck' on my N7.
Now I have no problem booting into TWRP... similarly, I have tested this procedure with CWM - and again no problems.
With a root capable file manager, you could try deleting (or renaming) the file recovery-from-boot.p which can be found in /system, and then try again.
Rgrds,
Ged.
Click to expand...
Click to collapse
How to boot into cwm?press volume button?
Sent from my Google Nexus 7 using XDA Premium App
Ben Ling said:
How to boot into cwm?press volume button?
Sent from my Google Nexus 7 using XDA Premium App
Click to expand...
Click to collapse
Shut down the tablet completely.
Press and hold the VOL DOWN button... whilst holding, press the POWER button.
This will boot you into the BOOTLOADER.
Using the VOL buttons, navigate to RECOVERY.
Press the POWER button to select.
Rgrds,
Ged.
Just tested this method... again... (using dd to install a Custom Recovery)... with both CWM and TWRP... and in both instances, the installations survived a reboot. So I'm puzzled why there seems to be a problem here.
---------------------------------
I have semi-automated the process in order to avoid typing long complicated commands into Android Terminal Emulator. A process, which, by it's nature, is subject to typographical error.
Here's how...
Download the Custom Recovery of your choice to your Nexus 7.
Rename it to recovery.img
Copy it to the root of the emulated SD card (internal storage).
---------------------------------
Download this script file...
writerecovery.zip
Unzip and copy it to the root of the emulated SD card (internal storage).
(Alongside the recovery.img).
---------------------------------
Install Script Manager from Google Playstore.
Open Script Manager and locate the script file writerecovery.sh on the root of the emulated SD card.
Press ENTER on it...
Select OPEN AS... Script/Executable...
Select SU (root) from the toolbar...
Select Run...
The script will now execute the following command...
Code:
dd if=/sdcard/recovery.img of=/dev/block/platform/sdhci-tegra.3/by-name/SOS
...writing the recovery.img to the recovery partition.
See attached thumbnails for the sort of thing you should expect to see.
---------------------------------
I have tested this method several times... switching between CWM and TWRP. And performing multiple reboots, to ensure that the Custom Recovery 'stuck' in each instance.
---------------------------------
Hope this works... if it doesn't... then I'm at a loss to explain why.
Maybe somebody with more technical knowledge can assist.
All I know, is it works for me... on my Nexus 7.
Rgrds,
Ged.
well i installed recovery using goo manager ,.,. got this response from other thread and is working for me ,.,., goo manager also has the option to restart in recovery so really good for me
Help with my Condition
OK, I need help with the following Scenario with Nexus 7 2012 Wifi
My USB Port is damaged. Managed to charge batter with external wires. After that I was able to:
> Root my Nexus7 with KingRoot app (several tries does the trick)
> Install CWM (non-touch) with ROM Manager
> Boot into CWM and do a dummy Flash of Update-SuperSU.zip file just to see if it works on Locked Bootloader. It was successful.
Now I came across your thread, What I need help with is:
WILL I BE ABLE TO FLASH A CUSTOM ROM + GAPPS on a Locked Bootloader via CWM ?
This is going to be a one way ride for me, if I brick I have a paperweight.
(I have however a Backup from CWM, which I can restore if the tablet manages to boot into CWM after bricking)
Need assistance, opinions, strategy with this. Response Awaited.
junisheikh said:
OK, I need help with the following Scenario with Nexus 7 2012 Wifi
My USB Port is damaged. Managed to charge batter with external wires. After that I was able to:
> Root my Nexus7 with KingRoot app (several tries does the trick)
> Install CWM (non-touch) with ROM Manager
> Boot into CWM and do a dummy Flash of Update-SuperSU.zip file just to see if it works on Locked Bootloader. It was successful.
Now I came across your thread, What I need help with is:
WILL I BE ABLE TO FLASH A CUSTOM ROM + GAPPS on a Locked Bootloader via CWM ?
This is going to be a one way ride for me, if I brick I have a paperweight.
(I have however a Backup from CWM, which I can restore if the tablet manages to boot into CWM after bricking)
Need assistance, opinions, strategy with this. Response Awaited.
Click to expand...
Click to collapse
Hi, junisheikh...
To answer your question...
junisheikh said:
"WILL I BE ABLE TO FLASH A CUSTOM ROM + GAPPS on a Locked Bootloader via CWM ?"
Click to expand...
Click to collapse
Yes, you should be able to.
---
The bootloader lock state is irrelevant when it comes to flashing stuff via a Custom Recovery (such as CWM or TWRP).
All an unlocked bootloader does, is it allows the device to accept fastboot flash commands from a connected PC or Mac, and which is the usual way of flashing a Custom Recovery, and then subsequently rooting it.
I would, however, advise against using CWM. ClockWorkMod Recovery is old and hasn't been updated for quite some time, and may cause problems.
Instead, you should take a look at TWRP (TeamWin Recovery Project). This Custom Recovery has a better user interface, and is less likely to cause you problems.
---
Although your bootloader is locked, you have managed to acquire root via KingRoot... which means you can flash a Custom Recovery with the Flashify app...
https://play.google.com/store/apps/details?id=com.cgollner.flashify
This app allows you to flash Recoveries and Boot images (stock and custom) directly from the device itself, providing the device is rooted. The free version of Flashify has a limit of 3 flashes per day. This shouldn't be a problem though... Custom Recoveries aren't something you generally flash on a regular basis.
(See my attached screenshots for a flavour of how Flashify works.)
---
You can find the latest version of TWRP for the Nexus 7 WiFi model here...
http://techerrata.com/browse/twrp2/grouper
Download to your Nexus 7, and use the Flashify app to flash.
And then download whatever Custom ROM+GAPPS you like, and flash via TWRP.
Incidentally, the NANDROID backup you've already created with CWM is NOT compatible with TWRP. So you'll need to create a new NANDROID backup, should you choose to flash TWRP.
---
junisheikh said:
This is going to be a one way ride for me, if I brick I have a paperweight.
Click to expand...
Click to collapse
This is possible, because you don't have access to fastboot (due to your broken USB port) you won't be able to fastboot flash back to Google Factory stock should you not be able to boot Android (for whatever reason) after flashing some Custom ROM. But providing you have a NANDROID backup and a Custom Recovery (CWM or TWRP) installed, you **should** be able to recover from softbricks such as bootloops. But having said that, I would tread carefully.
Hope this helps, and good luck.
Rgrds,
Ged.
How to root nexus 7 with out install custom recovery...? which is the easy and safe method..?
Just download wugfresh' Nexus root toolkit. You can uncheck the custom recovery method under the root button.
But without a custom recovery you can't make backups, restore one or flash a custom without a PC. I don't recommend rooting without a custom recovery.
If you want a custom recovery after rooting without one, just get goo manager from the play store!
Sent from my Nexus 7 using xda premium
Try this: http://forum.xda-developers.com/showthread.php?t=2233852
sdelange99 said:
But without a custom recovery you can't make backups, restore one or flash a custom without a PC. I don't recommend rooting without a custom recovery.
Click to expand...
Click to collapse
x1000
If you take the time to understand the motochopper (no bootloader unlock) root process, you will easily realize that a backup can be taken of the pre-existing recovery even (safely) when the (rooted) OS is running. You can do this just before installing a custom recovery.
Code:
dd if=/dev/block/platform/sdhci-tegra.3/by-name/SOS of=/sdcard/stock-recovery-ver.Xxx.img
Once you have a safe (read: not the copy stored on the tablet) backup of the stock-recovery-ver.Xxxx.img file, you can flash a custom recovery and then restore back the saved copy at any time by reversing the roles of the input file (if=) and output file (of=) in the above "dd" command.
If you assume that "all I really need is this little root thingy and a few tweaks here and there, but no backups." you will end up regretting that decision. It is a better plan to assume that something will go wrong, and plan for that as if it were a certainty.
The more certain you are about not needing such protection, the more likely the chances are that you actually will need it.
good luck
gijokmr said:
How to root nexus 7 with out install custom recovery...? which is the easy and safe method..?
Click to expand...
Click to collapse
Wug's will currently install 2.4.1.0 TWRP I think, but if you want to at a later time you can flash 2.5.0.0 via fastboot later. And as others said above, you'll want a custom recovery to be even 'safer', and it's a Nexus 7, it would be very hard for you to hard-brick it.
PS: Is your signature big enough?