I wanted to help develop root for my and anybody else's LG Stylo 2. I'm ready to help in almost any way possible. Attached is my info. Let me know if anything can be done or if development has started.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Cant wait for permanent root. things i have learned about this phone is it can be temporary rooted with kingroot 4.9.6 things i have been able to do with temp root are remove bloat, install busybox and I use Lspeed tweeks. You can softboot without losing root also if you power down you phone then hold power + volume down it will boot into recovery mode there is a option to apply a update through adb or any basic adb commands and if you go to the option in recovery to to boot to bootloader that will put your phone in fastboot mode. Also if you power your phone down and hold volume up while plugging in your phone to the power cord via wall plug or computer it will boot into download mode i believe that is for flashing our .kdz firmware files thru lg flasher program for pc but have yet to find a firmware file for the LGLS775. those are the only things i have found and contribute thus far. good luck and god speed. Oh also i believe if you can find a way to switch kingroot with supersu without having to reboot and lose root then we should be able to use (Root) Flash Fire to possibly flash a updated supersu binary and hopefully keep root I know that flash fire needs supersu binaries or it wont work it wont even recognize root with kingroot.
DirtyPISTOLA said:
Cant wait for permanent root. things i have learned about this phone is it can be temporary rooted with kingroot 4.9.6 things i have been able to do with temp root are remove bloat, install busybox and I use Lspeed tweeks. You can softboot without losing root also if you power down you phone then hold power + volume down it will boot into recovery mode there is a option to apply a update through adb or any basic adb commands and if you go to the option in recovery to to boot to bootloader that will put your phone in fastboot mode. Also if you power your phone down and hold volume up while plugging in your phone to the power cord via wall plug or computer it will boot into download mode i believe that is for flashing our .kdz firmware files thru lg flasher program for pc but have yet to find a firmware file for the LGLS775. those are the only things i have found and contribute thus far. good luck and god speed. Oh also i believe if you can find a way to switch kingroot with supersu without having to reboot and lose root then we should be able to use (Root) Flash Fire to possibly flash a updated supersu binary and hopefully keep root I know that flash fire needs supersu binaries or it wont work it wont even recognize root with kingroot.
Click to expand...
Click to collapse
I tried another method for fastboot. But nothing.....is there anything that you can recommend?
JOKERx2 said:
I tried another method for fastboot. But nothing.....is there anything that you can recommend?
Click to expand...
Click to collapse
unfortunately not as of now I actually gave this phone to my sister in law and went to the ZTE Warp Elite 4G and the screen on that phone cracked in my pocket like the 2nd day I bought it and now on the Samsung Galaxy J7 but my wife is still using the ver4 of the stylo 2 Ill mess around with it here or there and if i find something ill let you guys know for sure.
please need stock filmware ls775zv5
ltindi32 said:
please need stock filmware ls775zv5
Click to expand...
Click to collapse
me too idk whats up with my phone im getting no notifications and my home and recent apps not working
temp 2 perm
JOKERx2 said:
I tried another method for fastboot. But nothing.....is there anything that you can recommend?
Click to expand...
Click to collapse
I believe there are couple threads on XDA, one was even by a "Joker" username on switching cfChainfiresSuperSU out for Kingoroots temp root............
Once even temp root is obtained, Chainfires su can be pushed.........
Just thought 2 comment, looking at switching from my Samsung Galaxy J3 (2016) back to an LG. Had this one before but it had lollipop 5.1.1 and only 1gb of ram..........
zach
got something maybe
JOKERx2 said:
I wanted to help develop root for my and anybody else's LG Stylo 2. I'm ready to help in almost any way possible. Attached is my info. Let me know if anything can be done or if development has started.
Click to expand...
Click to collapse
I just bought this same exact phone yesterday at BestBuy because it was such a good price ($119), plus I thought a thread I was looking at on XDA was for it with twrp & root..........
Reason I'm writing you right now, is out of the box this phone has an update waiting to install that is 454.4mb, I'm pretty sure its the complete KDZ file.
Any idea how to get it off this phone??? Since this could be the break were looking for recovering from trying stuff out!!!!!!
I'll leave the phone like it is, for awhile...........
Hoping to get a response back soon
zach
You might need to PM the OP for options. But I do believe there is a way to get the file now
sent from Joker Stylos2
smile
DirtyPISTOLA said:
Cant wait for permanent root. things i have learned about this phone is it can be temporary rooted with kingroot 4.9.6 things i have been able to do with temp root are remove bloat, install busybox and I use Lspeed tweeks. You can softboot without losing root also if you power down you phone then hold power + volume down it will boot into recovery mode there is a option to apply a update through adb or any basic adb commands and if you go to the option in recovery to to boot to bootloader that will put your phone in fastboot mode. Also if you power your phone down and hold volume up while plugging in your phone to the power cord via wall plug or computer it will boot into download mode i believe that is for flashing our .kdz firmware files thru lg flasher program for pc but have yet to find a firmware file for the LGLS775. those are the only things i have found and contribute thus far. good luck and god speed. Oh also i believe if you can find a way to switch kingroot with supersu without having to reboot and lose root then we should be able to use (Root) Flash Fire to possibly flash a updated supersu binary and hopefully keep root I know that flash fire needs supersu binaries or it wont work it wont even recognize root with kingroot.
Click to expand...
Click to collapse
Would a kdz file help?
https://mega.nz/#!6BMlmIZB!CBKqxLvGl3c2EfYXj6_hIbdUKxPtbfWzgoglQb0d5aA
When I purchased my BOOST Stylo 2 two days ago, it had an update popped up not long after powering on.......
logcatted it, went through a bunch of URL's until one gave me a username/password popup, admin by itself with no password got the 454.4mb .zip downloaded!
http://imgur.com/q2dvC13
what it looks like unzipped.........
Hope this helps!!!!!!!
zach
---------- Post added at 07:10 PM ---------- Previous post was at 07:06 PM ----------
ltindi32 said:
please need stock filmware ls775zv5
Click to expand...
Click to collapse
I just purchased my LGLS775, 6.0.1, update out of box popped up and I captured it. Phone says software version is ZV4 but with the update????
I'm no expert on this, why I'm in this forum with the kdz...............
heres the link in case it will help:
https://mega.nz/#!6BMlmIZB!CBKqxLvGl3c2EfYXj6_hIbdUKxPtbfWzgoglQb0d5aA
let me know........
zach
O'tay, if anyones interested. BOOST Stylo 2, same specs that Joker put up. I have 1.02gb kdz, LGUP recognizes it in download mode, still says it can't open it...........
Got Terminal script to replace Kingroot's temp root with SuperSU but I issz not gonna go a step further until I know I can flash this bad boy when the going gets rough................
Any ideas, hello????
Did everyone toss their Stylo 2's on the heap?
jeez
zach
Ok, so the update was ZV5, but in theory now that I have the LG OTA cert, I might be able to possibly package SuperSU in it. It depends on LG's update checking, some manufacturers just check the cert, others check the sum of the package, so I'll see what the case is with LG.
---------- Post added at 06:52 AM ---------- Previous post was at 06:44 AM ----------
Ok, so apparently, they are checking some footer that doesn't match, so a no go there.
---------- Post added at 06:53 AM ---------- Previous post was at 06:52 AM ----------
I wonder if I replace their aboot with a modified kernel and update the signatures if it would install.
https://mega.nz/#!LFlBRAhS!rDl7PJMkFq7HqUDDgbKV6ddv-C3qkQIJl_CJkhkx2sc
Dirtycow exploit, ADB folder with the adb/fastboot, .bat & .dll's, either replace whats in your folder with the included or for those without refer how to setup and just place this under your OS C: directory and cd c:\adb in command screen to get there! control+shift keys before, as you click on cmd screen will open as admin. Includes Drammer.apk, if your ZV4 or ZV5.... Rock & Roll!!!... I'm ZV6 but I believe running this along with Drammer taxing the processor allowed my Kingroot (included in dwnld, BETA ver.) to achieve root, even if only temporarily, it lost it by the time I picked phone up @ 1:33am this morning but still allowing me to attempt to fix "root auth" over & over.........
Happy Holidays
Not responsible for bricks or burnt turkeys!
zach
thanks to slickrick for putting the binaries and commands together off github, and to messi2050 who has TWRP built and waiting for the LG Stylo 2 (not the plus the LGLS775ABB)
coolbeans2016 said:
https://mega.nz/#!LFlBRAhS!rDl7PJMkFq7HqUDDgbKV6ddv-C3qkQIJl_CJkhkx2sc
Dirtycow exploit, ADB folder with the adb/fastboot, .bat & .dll's, either replace whats in your folder with the included or for those without refer how to setup and just place this under your OS C: directory and cd c:\adb in command screen to get there! control+shift keys before, as you click on cmd screen will open as admin. Includes Drammer.apk, if your ZV4 or ZV5.... Rock & Roll!!!... I'm ZV6 but I believe running this along with Drammer taxing the processor allowed my Kingroot (included in dwnld, BETA ver.) to achieve root, even if only temporarily, it lost it by the time I picked phone up @ 1:33am this morning but still allowing me to attempt to fix "root auth" over & over.........
Happy Holidays
Not responsible for bricks or burnt turkeys!
zach
thanks to slickrick for putting the binaries and commands together off github, and to messi2050 who has TWRP built and waiting for the LG Stylo 2 (not the plus the LGLS775ABB)
Click to expand...
Click to collapse
[email protected]:/ $ run-as -exec id
run-as -exec id
Current uid: 2000
Setting capabilities
Attempting to escalate to root
Current uid: 0
Executing: 'id' with 0 arguments
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:runas:s0
[email protected]:/ $ run-as -exec sh
run-as -exec sh
Current uid: 2000
Setting capabilities
Attempting to escalate to root
Current uid: 0
Executing: 'sh' with 0 arguments
Failed to execute 'sh'!
1|[email protected]:/ $ chmod 0777 /system/bin/sh
chmod 0777 /system/bin/sh
chmod: chmod '/system/bin/sh' to 100777: Read-only file system
1|[email protected]:/ $
im LS775ZV5 trying to get root so I can hopefully use shortcut master lite to access hidden menu to bring up unlock menu to enter the unlock code I brought...
patched
mrw187 said:
[email protected]:/ $ run-as -exec id
run-as -exec id
Current uid: 2000
Setting capabilities
Attempting to escalate to root
Current uid: 0
Executing: 'id' with 0 arguments
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:runas:s0
[email protected]:/ $ run-as -exec sh
run-as -exec sh
Current uid: 2000
Setting capabilities
Attempting to escalate to root
Current uid: 0
Executing: 'sh' with 0 arguments
Failed to execute 'sh'!
1|[email protected]:/ $ chmod 0777 /system/bin/sh
chmod 0777 /system/bin/sh
chmod: chmod '/system/bin/sh' to 100777: Read-only file system
1|[email protected]:/ $
im LS775ZV5 trying to get root so I can hopefully use shortcut master lite to access hidden menu to bring up unlock menu to enter the unlock code I brought...
Click to expand...
Click to collapse
not sure what versions after ZV3 are for which xploit patches...... but if you are ZV5 & getting this return (read-only) when executing the dirtycow xploit, it means ZV5 has that xploit patched....
& at this time, it was the last available xploit to get root.........
so........
waiting game
A little late to the party, but I just got this phone as a replacement and so far am loving it. I always had root, so I hope we can find a way soon. I'm on v4, are you guys saying temp root is possible via king root v4.96?
Ouch, never mind I'm on v5 no exploits?
Sent from my LGLS775 using Tapatalk
coolbeans2016 said:
not sure what versions after ZV3 are for which xploit patches...... but if you are ZV5 & getting this return (read-only) when executing the dirtycow xploit, it means ZV5 has that xploit patched....
& at this time, it was the last available xploit to get root.........
so........
waiting game
Click to expand...
Click to collapse
Hey guys, happy new to all. I just got this phone but bought a BOOST version instead of a VIrgin mobile version by mistake. I have had it SIM GSM unlocked yet cannot enable APN settings. I am on V3 of software. Any one have full V4 KDZ or at least how to enable APN configuration? Thanks!
keep ZV3!!!!!
luisitox22 said:
Hey guys, happy new to all. I just got this phone but bought a BOOST version instead of a VIrgin mobile version by mistake. I have had it SIM GSM unlocked yet cannot enable APN settings. I am on V3 of software. Any one have full V4 KDZ or at least how to enable APN configuration? Thanks!
Click to expand...
Click to collapse
If you want root & TWRP DON'T TAKE THE UPDATES
ALSO DO NOT USE KINGROOT VER. 4.6, USE 5.0 BETA (or 4.9)
zach
coolbeans2016 said:
If you want root & TWRP DON'T TAKE THE UPDATES
ALSO DO NOT USE KINGROOT VER. 4.6, USE 5.0 BETA (or 4.9)
zach
Click to expand...
Click to collapse
Thanks for the reply bro. Unfortunately, I miss read instructions in another thread and took a small update that took me to v6. Is it possible to downgrade?
Thanks?
nope
luisitox22 said:
Thanks for the reply bro. Unfortunately, I miss read instructions in another thread and took a small update that took me to v6. Is it possible to downgrade?
Thanks?
Click to expand...
Click to collapse
Your now the proud owner of the MOST undevelopable device known to man....
Related
Hi all,
In few days i will get s4 dual sim I9502 from china,i've asked friend to buy it for me .
Please i need to be prepared in advance ,
need the root and cooked rom with google apps if possile.
Thanks
copysat said:
Hi all,
In few days i will get s4 dual sim I9502 from china,i've asked friend to buy it for me .
Please i need to be prepared in advance ,
need the root and cooked rom with google apps if possile.
Thanks
Click to expand...
Click to collapse
I don't think it'll be easy to find roms for that model, since it's far from being common worldwide, and the roms for the i9500 probably won't work on it (who knows though).
I hope I'm wrong though.
Your best bet will probably be to check chinese forums for roms working on that device, I guess you can set them in english too.
EDIT : I did find this thread, but I think it's a stock rom : http://forum.xda-developers.com/showthread.php?t=2251357 .
The problem seems to be that you can't root it yet, and you can't install any Google apps (including Google Play).
Root is here: http://bbs.25pp.com/thread-129613-1-1.html
Mindbeats said:
Root is here: http://bbs.25pp.com/thread-129613-1-1.html
Click to expand...
Click to collapse
You're the man. Really looking forward to use this method when my SGS4 I9502 arrives.
rooted my i9502 and installed play store and when i opened the play store it closed it right away!!!!!
is there a mothed to install the play store?!!!!
by the way theres no error's when closing the play store its like theres a program that shut it down.
This is because China doesn't have an agreement with google to allow google apps. You will have to make the device think it is something else. You may lose dual sim in doing so.
Wayne Tech Nexus
r_theboss said:
rooted my i9502 and installed play store and when i opened the play store it closed it right away!!!!!
is there a mothed to install the play store?!!!!
by the way theres no error's when closing the play store its like theres a program that shut it down.
Click to expand...
Click to collapse
I had the seame problem, in a nutshell :
Google for GoogleLoginService.apk and GoogleServicesFramework.apk
With adb you can install the 2 files if your device is rooted
adb root
adb shell mount -o rw,remount /system
adb push GoogleLoginService.apk /system/app
adb shell chmod 644 /system/app/GoogleLoginService.apk
adb push GoogleServicesFramework.apk /system/app
adb shell chmod 644 /system/app/ GoogleServicesFramework.apk
Now the play store should work
jo139 said:
I had the seame problem, in a nutshell :
Google for GoogleLoginService.apk and GoogleServicesFramework.apk
With adb you can install the 2 files if your device is rooted
adb root
adb shell mount -o rw,remount /system
adb push GoogleLoginService.apk /system/app
adb shell chmod 644 /system/app/GoogleLoginService.apk
adb push GoogleServicesFramework.apk /system/app
adb shell chmod 644 /system/app/ GoogleServicesFramework.apk
Now the play store should work
Click to expand...
Click to collapse
Thanks for the fast reply
but is it possable to explane a bit more.
is there a program for the adb?
r_theboss said:
Thanks for the fast reply
but is it possable to explane a bit more.
is there a program for the adb?
Click to expand...
Click to collapse
adb comes with the android sdk, is a bit much to explain, but there are many howto's written already
One of them : http://www.howtogeek.com/125769/how-to-install-and-use-abd-the-android-debug-bridge-utility/
Or a shorter way, your chinese phone is probably a clone with mtk chipset, you can install mtkdroidtools, adb is included. Don't forget the mtk 65XX (probably mtk6577) drivers
jo139 said:
adb comes with the android sdk, is a bit much to explain, but there are many howto's written already
One of them : http://www.howtogeek.com/125769/how-to-install-and-use-abd-the-android-debug-bridge-utility/
Or a shorter way, your chinese phone is probably a clone with mtk chipset, you can install mtkdroidtools, adb is included. Don't forget the mtk 65XX (probably mtk6577) drivers
Click to expand...
Click to collapse
Thanks for your help, i'll try to do it and keep you posted.
tried this after the root by mistake and it worked loooool
http://forum.xda-developers.com/showthread.php?t=1997547
r_theboss said:
tried this after the root by mistake and it worked loooool
http://forum.xda-developers.com/showthread.php?t=1997547
Click to expand...
Click to collapse
Hi r_theboss
You really succeeded ?
Could you do me and the forum a favour?
Can you discripe First how you rooted (step by step ala cookingbook) ? The Chinese page through the Translationen is me too insecure.
And the Second step you made via adb is easy doing or do i have to be professional ? Some hints would be helpfull too !
Thanks and hoping that you reply,
Goes like hell
Still there's some force close but i'm going to put the steps right here so we could all work on it
first you must do root for your device and these are the steps from the same http://bbs.25pp.com/thread-129613-1-1.html website and you do it on your own responsibility!
Samsung Orion eight-core CPU ROOT tutorial is
suitable for i9500, i9502/i959 Asia-Pacific, Europe and other models
, download Odin: Odin3_v3.04.zip (456.59 KB Downloads: 1)
ROOT file I959 I9502 i9500 root file the ROOT file attachments Download:
Click here
2 Download driver installation : : http://pan.baidu.com/share/link?shareid=430360&uk=3439566523
phone volume down + home + power button, and then click on the volume up
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Do as shown in the picture,
Click start to start rooting phone and it will automatically restart, now you got ROOT access
This is for the root part
Now download this file and put it in you device
http://www.mediafire.com/?enbo8wix7114i36
******** You will get some force close for this part i think because these files for Nexus and there's some duplicate in some app's like Gallery and Camera and Email and if you restarted you device it keep on upgrading the App's don't know why but it work just fine ********
After that get in the recovery mode: shut down your device and press phone volume up + home + power button for 5 sec and then let go
you will enter the recovery mode
Go to "install zip from sdcard"
then "choose zip from sdcard" now choose the file that you have downloaded it in your device
go back and reboot your device
and thats what i have done.
"do it on your own responsibility!" Thats for sure !!!
But let me first say thanks for your doing !! :fingers-crossed:
I am longing for my 9502 but it will come earliest at the end of june.
Maybe we can before that discuss whats the Reading for the "Force close". Here are a lot of specialists on the run.
Somebody else an idea for r_theboss and me ?
"i think because these files for Nexus and......", but are the gapps Not belonging to jellybean-Versions instead of hardware(Nexus,Samsung,etc ?
Thanks for the Forum, thanks for r_theboss
Goes like hell
Root
Please help, I want to root but how? Thanks
Horeb7 said:
Please help, I want to root but how? Thanks
Click to expand...
Click to collapse
???
One post before !
the issue is when we use this method supersu complains "SuperSU is not installed and cannot be installed. There is a problem." We can boot into CMW... but after rooting this method we cannot install or run apks...
r_theboss
can you run supersu?
Dear all,
I would suggest not to try the above method as I beleive it is either a fake or a half baked method. I went to the Chinese forums and there are others with the same problem with no solution. I would say this is a broken method. I tried to use the CMW recovery to flash the latest SuperSUv1.25 and SuperSU does not install and the apk also is deleted.
I would wait for a method from xda developers...
Horeb7 said:
Please help, I want to root but how? Thanks
Click to expand...
Click to collapse
goes_like_hell said:
???
One post before !
Click to expand...
Click to collapse
:laugh::laugh:
Hok said:
the issue is when we use this method supersu complains "SuperSU is not installed and cannot be installed. There is a problem." We can boot into CMW... but after rooting this method we cannot install or run apks...
r_theboss
can you run supersu?
Click to expand...
Click to collapse
Hok said:
Dear all,
I would suggest not to try the above method as I beleive it is either a fake or a half baked method. I went to the Chinese forums and there are others with the same problem with no solution. I would say this is a broken method. I tried to use the CMW recovery to flash the latest SuperSUv1.25 and SuperSU does not install and the apk also is deleted.
I would wait for a method from xda developers...
Click to expand...
Click to collapse
what i have done isn't fake and you could try it for your self, and the Play Store, Gmail, Gallery, Camera, Email for the Nexus all work just fine.
now i'm having problem with the storage its all most full don't know why but still working on it, and i have tried the root explorer to delete some apps but no luck for it to work.
and about the SuperSU it didn't work even after the root and i have tried many method's but none work, i think the rooting files are not complete or some thing is missing because the CWM is working just fine but the SuperSU is not.
Hi r_theboss,
I'm not saying your method is fake, I am saying the Chinese page one maybe. I have also followed that method and installed GAPPs and it crashes and freezes consistently and is virtually not usable as a phone. I just don't want others to think this is a viable method at the moment. Alsoo everytime on reboot it says android is optimizing X apps
Also I have downloaded a root checker for my phone and the results are just freezing and constant crashing when I run it. I don't think it is rooted.
Verizon
I am not responsible for anything that happens to your device by doing this! If you break it, brick it or just plain blow it up. it is your phone and your responsibility for what happens to it.
Here it is. Full Verizon With Root - since this is Verizon based all bands should work as well
This is Based on the Verizon PH1 Firmware and is Completely Stock and Unmodified
To Avoid Repeat Questons. READ! READ IT AGAIN! and then READ it once more! if you do not Understand any part of this. Do Not Continue!!!
This Guide assumes you have some basic knowledge and can at least copy and paste for the most part! It is Intended for advanced users!!!!!!!!
This Guide also Assumes you have an sdcard inserted in your phone(however some of you may not and this will not work.)
This Does NOT Trip Knox.
Read this entire post before doing anything to avoid issues and FOLLOW Directions - if you don't things will not work right.
Note! if at anytime during the following steps you see the samsung boot animation before step 11. start over cause you screwed up!
Step 1. Initial PreSetup Requirements and Downloads
Make Sure your ExtSDCard(the one you put in your sim tray) is formated exfat(backup your card before you do this in windows or linux(whichever you use))
https://www.androidfilehost.com/?fid=24651430732237653 bbx.rar
https://www.androidfilehost.com/?fid=24723785898787028 Verizon_System.rar
https://www.androidfilehost.com/?fid=24713784966775399 Verizon Bootloader
https://www.androidfilehost.com/?fid=24713784966775400 Verizon Modem
Step 2. extract system.rar and bbx.rar and then copy system.img and bbx to your extsdcard(the sdcard you inserted into your phone)
Step 3. odin sprint userdebug firmware available here. http://forum.xda-developers.com/sprint-note-7/how-to/root-super-leaky-bros-sprint-galaxy-t3447202
Step 4. Directly after odin is done with the sprint file you will immidiatly be presented with an update screen
Step 4a when this process of erasing your phone is finished it will reboot(this is the point you want to do the next step)
Step 4b. press and hold power, home and vol up to enter recovery
Step 4c If you see the samsung boot animation. you did NOT do this right and i would suggest you start over
Step 5. open a command prompt in your adb folder and do the following steps 1 at a time(these are case sensative)
Step 5a. adb shell
Step 5b. su
Step 5c. setenforce 0
Step 5d. export PATH=$PATH:/sbin
Step 5e. mount -o remount,rw /
Step 5f. on your phone, go to apply update from sdcard(this will mount your extsdcard as /sdcard and you should see the system.img file and the bbx file) do not select anything, go back to adb and continue(it is not a big deal if those files don't show. we just needed the extsdcard mounted as sdcard - the files exist, just continue to the next step)
Step 5g. cp /sdcard/bbx /sbin/bbx
Step 5h. chmod 777 /sbin/bbx
Step 5i. cd /sbin
Step 5j. ./bbx --install /sbin
Step 5k. umount -l /system
Step 5l. /sbin/dd if=/sdcard/Verizon_System.img of=/dev/block/platform/soc/624000.ufshc/by-name/system
Note. you will see a blinking cursor. just be patient
Step 7. when it is done you will see something similar to this
11161600+0 records in
11161600+0 records out
5714739200 bytes (5.3GB) copied, 268.668086 seconds, 20.3MB/s
Step 8. if all went well you should be at your prompt and not in adb anymore
Step 9. from your command prompt simply type
Step 9a. adb reboot bootloader
Step 10. open odin and click the bl button and select this file - BL_N930VVRS1APH1_CL8720001_QB10528330_REV00_user_low_ship_MULTI_CERT.tar.md5
Step 10b. now click the cp button and select this file - CP_N930VVRS1APH1_CL8720001_QB10528330_REV00_user_low_ship_MULTI_CERT.tar.md5
Step 10c. now click start. it will reboot when done let it fully boot this time.
Step 11. once booted and you have setup your phone, first we need to enable usb debugging
Step 11a. to do this go to settings>about device or device information and tap the build number repeatedly until it says dev options enabled, now backout of about and go into dev options and enable usb debugging
Step 11b. Now we need to add the root files or supersu as most of you know it
Note! pertaining to Step 12. these instructions were taken Explicitly from @freeza thread which is listed in step 3
Step 12. Now we need to add supersu and the needed files for it to work
Step 12a. download this file - https://www.androidfilehost.com/?fid=24651430732236679
Step 12b. Extract the sun7 file to your adb folder making sure the files are in a folder called sun7(mine looks like this - c:/adb/sun7 and contains 4 files)
Step 12c. Open a command prompt where your ADB executable and sun7 folder are.
Step 12d. adb shell
Step 12e. su - Note! if your adb prompot changes from a $ to #(you are good and have root access)
Step 12f. type exit twice to get back to the command prompt. - Your Phone should be fully booted when you do this
Step 12g. adb push sun7 /data/local/tmp/su
Step 12h. adb shell chmod 0777 /data/local/tmp/su/*
Step 12i. adb shell
Step 12j. cd data/local/tmp/su
Step 12k. su
Step 12l. ./root.sh - Note. this command begins with a . do not leave it out
Step 12m. Your Phone will now reboot
Step 13. when booted back up go to playstore and install busybox on rails or a similar app and install busybox to /system/xbin(if your given an option of where to install it)
Step 14. Thats Pretty Much it. most of all enjoy it
Additional Notes!
If for any reason you do a factory reset. you will break root and need to redo this method to get it back
If you use shealth do not update it or allow playstore or galaxy appstore to auto update it or it will break it
Enjoy and FOLLOW Directions - if you don't things will not work right.
thank you to the following:
@freeza - for posting the original userdebug file
@ted77usa - for testing
@bajasur - for the initial idea which ultimately led to this
@Surge1223 - for the busybox installer and the adb help and android commands that make this work
@galaxyuser88 - for testing this and pointing out some flaws
@Hashcode - for inspiration
and anyone i missed
this was a complete collaboration and is only available because of those mentioned so be sure to give them thanks
ScreenShots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
screenshots provided by @ohblindone
This Method Completely replaces the Sprint files with verizons. with exception to the kernel, recovery and the su binary. so everything once complete is now verizon and not sprint with verizon touchs thrown in to make it work.
as we don't have an unlocked bootloader, there is no twrp recovery. but flashfire takes it place. so any changes you want to make are basically done the same way as they would be for twrp except they are now flashed through flashfire.
to get rid of the security notice you will get(because the system is now rooted) simply install root explorer(or any root browser) and go to /system/app and delete securitylogagent or go into the folder and rename it adding .bkp to the end of the file name and reboot.
If you don't see the Verizon_System.img and bbx files after doing the apply update from sdcard on your phone. try this as it has worked for some on t-mobile
create 3 folders on your sdcard
create "files" inside of that, create one called "image" and then inside of that crate one called "file" so on your sdcard you would have /files/image/file and place the 2 files into it, you have to do this with the phone in recovery so just pop out your sim tray. plug the sdcard into your pc and create the folders and move the files into it, then force your phone into recovery(basically reboot your phone and instantly go into recovery) and start step 5 again. hopefully the files now appear and you can continue
now when you get to step 5g step 5l, you will need to modify them to reflect the new path to the files so it would now look like this
step 5g. cp /sdcard/files/image/file/bbx /sbin/bbx
step 5l. /sbin/dd if=/sdcard/files/image/file/Verizon_System.img of=/dev/block/platform/soc/624000.ufshc/by-name/system
and continue on with the guide
Here's a video Tutorial done by @TechBSwift to help if you have any questions on how this works.
https://m.youtube.com/watch?v=Oi-tuA_EIxA
Tested and working on my VZW Note 7 w/PH1 Firmware.
When you get to step 13, if you decide to go the route of using Busybox on Rails (free app) to install busybox then do the following (also see screenshot):
> Step 13a. If you're installing busybox on rails, it will ask you what you want to do and how you want to do it. Select "Cleanup & Install" and "Normal Method", then click "Next."
If you see "Custom" on screen while booting, don't worry, it doesn't indicate a tripped knox. It should go away after next reboot (after ./root.sh step).
You will probably get an annoying "Security notice" type notification after root (this is triggered by the root itself), if you want to gt rid of this download a root explorer (e.g. root explorer, root browser, etc.) and navigate to /system/app and delete the folder securitylogagent. Reboot and you should be good to go!
?
Sent from my SM-N930T using XDA-Developers mobile app
Xposed install instruction has been moved to :
http://forum.xda-developers.com/showthread.php?t=3461305
If you have any questions or comments about my instructions for xposed, please leave them in the link above.
Want to keep this thread here on topic with @OvrDriVE's new root method.
Thanks
Here we go again..... nice work guys.[emoji106]
Sent from my SM-N920T using Tapatalk
nice ..just have to wait for my replacemant and it's a GO GO GO
Sent from my SM-N930V using XDA-Developers mobile app
How long should you see a blinking curser at step 5L?
Been sitting there blinking for 5 minutes or so.
Wait another 10
Sent from my SM-N930T using XDA-Developers mobile app
nu2droid said:
How long should you see a blinking curser at step 5L?
Been sitting there blinking for 5 minutes or so.
Click to expand...
Click to collapse
It depends, but you should be looking at a roughly 10 minute wait time. Just be patient.
Don't do anything until the blinking cursor goes away.
gotcha, waiting....
just seemed long. thank you.
nu2droid said:
How long should you see a blinking curser at step 5L?
Been sitting there blinking for 5 minutes or so.
Click to expand...
Click to collapse
just wait. when it's done you will see something similar to what i have in instructions
sdcard speed can slow down or speed up that step
Hmmmm... root, fully functionality and doesn't trip Knox. I see myself trading my S7 Duos for a Samsung refurbished Note 7 in the near future!
OvrDriVE said:
just wait. when it's done you will see something similar to what i have in instructions
sdcard speed can slow down or speed up that step
Click to expand...
Click to collapse
Got it... I am good to go..
Setting up and trying everything..
thank you and all the others who helped bringing this to us...
nu2droid said:
Got it... I am good to go..
Setting up and trying everything..
thank you and all the others who helped bringing this to us...
Click to expand...
Click to collapse
Glad you got it working!
Have fun!
bajasur said:
Wait another 10
Sent from my SM-N930T using XDA-Developers mobile app
Click to expand...
Click to collapse
yea i would say like 10-12 mins also for everyone if you cant get past the very first part with adb and the files on the sd card and you know your sd card is formatted and did everything right its simply your sd card is carpped out in the sense of it shows in a computer but a phone wont notice it so throw that pos out and use diff one lmao other then that issue i had this **** is the easiest thing to do
---------- Post added 14th September 2016 at 12:09 AM ---------- Previous post was 13th September 2016 at 11:55 PM ----------
o also if the files dont show up on your phone when you hit apply update from sdcard dont worry their there just glitches out for some reason and doesnt show then only issue was the faulty sdcard i had which didnt show them either and then the new sdcard didnt as well so they may or may not pop up just continue
Once rooted, is it possible to implement the apps/features that Verizon removed and/or replaced when they decided to neuter our phone (Smart Manager, Force Touch, Samsung Cloud, Smart Caller ID, System Settings, etc.)? Personally, that's greatest impetus for me to root.
raneym305 said:
Once rooted, is it possible to implement the apps/features that Verizon removed and/or replaced when they decided to neuter our phone (Smart Manager, Force Touch, Samsung Cloud, Smart Caller ID, System Settings, etc.)? Personally, that's greatest impetus for me to root.
Click to expand...
Click to collapse
@OvrDriVE made Debloater.zip that you can flash using flashfire after you rooted for TMO .... he might be able to make for Verizon but might need to adjust the script little bit to compatible with Verizon device..... No more TMO bloatwares, less Samsung apps and knox free and still 0×00.[emoji4]
TWIST3D_N930T
Just to confirm.. its says doesnt trip knox.. does samsung pay still work?
Sent from my SM-N930V using Tapatalk
Sprint
Note! the reason i did not just do a flashfire update to ph9 from pgc was i have no idea what was changed filewise. i was given the full on firmware so i literally remodded the new system.img, and updated the links for it and for the BL and CP files. This Will put you on the newest sprint firmware with root and everything working
I am not responsible for anything that happens to your device by doing this! If you break it, brick it or just plain blow it up. it is your phone and your responsibility for what happens to it.
Here it is. Full Sprint With Root - since this is Sprint based all bands should work as well
This is Based on the Sprint PH9 Firmware and is Completely Stock and Unmodified
To Avoid Repeat Questons. READ! READ IT AGAIN! and then READ it once more! if you do not Understand any part of this. Do Not Continue!!!
This Guide assumes you have some basic knowledge and can at least copy and paste for the most part! It is Intended for advanced users!!!!!!!!
This Guide also Assumes you have an sdcard inserted in your phone(however some of you may not and this will not work.)
This Does NOT Trip Knox.
Read this entire post before doing anything to avoid issues and FOLLOW Directions - if you don't things will not work right.
Note! if at anytime during the following steps you see the samsung boot animation before step 11. start over cause you screwed up!
Step 1. Initial PreSetup Requirements and Downloads
Make Sure your ExtSDCard(the one you put in your sim tray) is formated exfat(backup your card before you do this in windows or linux(whichever you use))
https://www.androidfilehost.com/?fid=24651430732237653 bbx.rar
https://www.androidfilehost.com/?fid=24723785898787307 Sprint_System.rar - link updated
https://www.androidfilehost.com/?fid=24723785898787308 Sprint Bootloader - link updated
https://www.androidfilehost.com/?fid=24723785898787306 Sprint Modem - link updated
Step 2. extract system.rar and bbx.rar and then copy system.img and bbx to your extsdcard(the sdcard you inserted into your phone)
Step 3. odin sprint userdebug firmware available here. http://forum.xda-developers.com/sprint-note-7/how-to/root-super-leaky-bros-sprint-galaxy-t3447202
Step 4. Directly after odin is done with the sprint file you will immidiatly be presented with an update screen
Step 4a when this process of erasing your phone is finished it will reboot(this is the point you want to do the next step)
Step 4b. press and hold power, home and vol up to enter recovery
Step 4c If you see the samsung boot animation. you did NOT do this right and i would suggest you start over
Step 5. open a command prompt in your adb folder and do the following steps 1 at a time(these are case sensative)
Step 5a. adb shell
Step 5b. su
Step 5c. setenforce 0
Step 5d. export PATH=$PATH:/sbin
Step 5e. mount -o remount,rw /
Step 5f. on your phone, go to apply update from sdcard(this will mount your extsdcard as /sdcard and you should see the system.img file and the bbx file) do not select anything, go back to adb and continue(it is not a big deal if those files don't show. we just needed the extsdcard mounted as sdcard - the files exist, just continue to the next step)
Step 5g. cp /sdcard/bbx /sbin/bbx
Step 5h. chmod 777 /sbin/bbx
Step 5i. cd /sbin
Step 5j. ./bbx --install /sbin
Step 5k. umount -l /system
Step 5l. /sbin/dd if=/sdcard/Sprint_System.img of=/dev/block/platform/soc/624000.ufshc/by-name/system
Note. you will see a blinking cursor. just be patient
Step 7. when it is done you will see something similar to this
11161600+0 records in
11161600+0 records out
5714739200 bytes (5.3GB) copied, 268.668086 seconds, 20.3MB/s
Step 8. if all went well you should be at your prompt and not in adb anymore
Step 9. from your command prompt simply type
Step 9a. adb reboot bootloader
Step 10. open odin and click the bl button and select this file - BL_N930PVPU1APH9_CL8706608_QB10711091_REV00_user_low_ship_MULTI_CERT.tar.md5
Step 10b. now click the cp button and select this file - CP_N930PVPU1APH9_CL8706608_QB10711091_REV00_user_low_ship_MULTI_CERT.tar.md5
Step 10c. now click start. it will reboot when done let it fully boot this time.
Step 11. once booted and you have setup your phone, first we need to enable usb debugging
Step 11a. to do this go to settings>about device or device information and tap the build number repeatedly until it says dev options enabled, now backout of about and go into dev options and enable usb debugging
Step 11b. Now we need to add the root files or supersu as most of you know it
Note! pertaining to Step 12. these instructions were taken Explicitly from @freeza thread which is listed in step 3
Step 12. Now we need to add supersu and the needed files for it to work
Step 12a. download this file - https://www.androidfilehost.com/?fid=24651430732236679
Step 12b. Extract the sun7 file to your adb folder making sure the files are in a folder called sun7(mine looks like this - c:/adb/sun7 and contains 4 files)
Step 12c. Open a command prompt where your ADB executable and sun7 folder are.
Step 12d. adb shell
Step 12e. su - Note! if your adb prompot changes from a $ to #(you are good and have root access)
Step 12f. type exit twice to get back to the command prompt. - Your Phone should be fully booted when you do this
Step 12g. adb push sun7 /data/local/tmp/su
Step 12h. adb shell chmod 0777 /data/local/tmp/su/*
Step 12i. adb shell
Step 12j. cd data/local/tmp/su
Step 12k. su
Step 12l. ./root.sh - Note. this command begins with a . do not leave it out
Step 12m. Your Phone will now reboot
Step 13. when booted back up go to playstore and install busybox on rails or a similar app and install busybox to /system/xbin(if your given an option of where to install it)
Step 14. Thats Pretty Much it. most of all enjoy it
Note! now since your are rooted on stock, you are going to see security warnings. to get rid of these simply freeze securitylogagent or delete it from /system/app
Note! 2 atm you cannot update via ota to PH9, someone needs to get a hold of the update and fix it so it can be flashed via flashfire and make sure it does not replace the kernel
Additional Notes!
If for any reason you do a factory reset. you will break root and need to redo this method to get it back
If you use shealth do not update it or allow playstore or galaxy appstore to auto update it or it will break it
Enjoy and FOLLOW Directions - if you don't things will not work right.
thank you to the following:
@freeza - for posting the original userdebug file
@ted77usa - for testing
@bajasur - for the initial idea which ultimately led to this
@Surge1223 - for the busybox installer and the adb help and android commands that make this work
@galaxyuser88 - for testing this and pointing out some flaws
@Hashcode - for inspiration
@lightning413 - for the PH9 Firmware
and anyone i missed
this was a complete collaboration and is only available because of those mentioned so be sure to give them thanks
testing was done by @jamice4u - ty for confirming it works
ScreenShots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This Method Completely replaces the Sprint PH3 files with the stock PGC. with exception to the kernel, recovery and the su binary which are still PH3 userdebug.
as we don't have an unlocked bootloader, there is no twrp recovery. but flashfire takes it place. so any changes you want to make are basically done the same way as they would be for twrp except they are now flashed through flashfire.
to get rid of the security notice you will get(because the system is now rooted) simply install root explorer(or any root browser) and go to /system/app and delete securitylogagent or go into the folder and rename it adding .bkp to the end of the file name and reboot.
If you don't see the Sprint_System.img and bbx files after doing the apply update from sdcard on your phone. try this as it has worked for some on t-mobile
create 3 folders on your sdcard
create "files" inside of that, create one called "image" and then inside of that crate one called "file" so on your sdcard you would have /files/image/file and place the 2 files into it, you have to do this with the phone in recovery so just pop out your sim tray. plug the sdcard into your pc and create the folders and move the files into it, then force your phone into recovery(basically reboot your phone and instantly go into recovery) and start step 5 again. hopefully the files now appear and you can continue
now when you get to step 5g step 5l, you will need to modify them to reflect the new path to the files so it would now look like this
step 5g. cp /sdcard/files/image/file/bbx /sbin/bbx
step 5l. /sbin/dd if=/sdcard/files/image/file/Verizon_System.img of=/dev/block/platform/soc/624000.ufshc/by-name/system
and continue on with the guide
post 3 just in case
First!
This is exciting. Thanks
Sent from my SM-N930P using XDA-Developers mobile app
Amazing work as always bud....[emoji106]
Sent from my SM-N920T using Tapatalk
Very nice work @OvrDriVE. Your work here is much appreciated sir!
Does Samsung Pay work after rooting? Can other Galaxy Apps be updated?
ALooneyGuy said:
Does Samsung Pay work after rooting? Can other Galaxy Apps be updated?
Click to expand...
Click to collapse
@ALooneyGuy
All galaxy apps updated
TWIST3D_N930T
Samsung Pay
Does any one know is Samsung Pay work with this method.
Thanks
Victor
vbadillopr said:
Does any one know is Samsung Pay work with this method.
Thanks
Victor
Click to expand...
Click to collapse
Samsung pay would not work with any kinda root method.... until we find the way to bypass Samsung knox security or something.
Sent from my SM-N920T using Tapatalk
ted77usa said:
Samsung pay would not work with any kinda root method.... until we find the way to bypass Samsung knox security or something.
Sent from my SM-N920T using Tapatalk
Click to expand...
Click to collapse
Still exciting, but I've kind of gotten used to not having to take my wallet to the grocery store
Everything in life is a trade off...
vbadillopr said:
Does any one know is Samsung Pay work with this method.
Thanks
Victor
Click to expand...
Click to collapse
T-mobile root is the same way and samsung pay does not work.
Josephigloe said:
T-mobile root is the same way and samsung pay does not work.
Click to expand...
Click to collapse
@Josephigloe
U got sprint note 7 too right or still on note 5?
TWIST3D_N930T
ted77usa said:
@Josephigloe
U got sprint note 7 too right or still on note 5?
TWIST3D_N930T
Click to expand...
Click to collapse
Yes i have note 7 and note 5 on Sprint
ALooneyGuy said:
Still exciting, but I've kind of gotten used to not having to take my wallet to the grocery store
Everything in life is a trade off...
Click to expand...
Click to collapse
Grabbed the Samsung pay logcat after rooting and permission denied...... maybe @OvrDriVE @Surge1223 can figure it out or some others devs[emoji4]
https://www.dropbox.com/s/ptdoe4dt7jct7b6/alogcat.2016-09-14-09-37-12-0700.txt?dl=0
Swyped From TWIST3D_N930T
How is this method better/different from other one?
SptMogul said:
How is this method better/different from other one?
Click to expand...
Click to collapse
Same method for root this is not deodexed or debloated its stock. And Bluetooth doesn't forget after a reboot.
Sent from my SM-N930P using XDA-Developers mobile app
sml2004 said:
Same method for root this is not deodexed or debloated its stock. And Bluetooth doesn't forget after a reboot.
Click to expand...
Click to collapse
Does WiFi calling work?
kirschdog1 said:
Does WiFi calling work?
Click to expand...
Click to collapse
No, PH9 update is needed
Sent from my SM-N930P using XDA-Developers mobile app
Hello good peoples of Xda ,
I just purchased a Note 3 verizon I believe 900v on swappa It will arive in the next few day's and I want to get all my ducks in a row by that I mean aquire all the root and unlocking tools nessary for a best practices root and if nessary unlocking of my boot loader.
Goals for root are mostly to debloat the phone and hotspot mod's for no hassle teathering.
I may dip my toes into custom rom for this phone but mostly I am just looking for a clean lean experiance for my note 3. I have been pouring over the many many pages of the various rooting guids and I am just not sure witch method to use is the safest / most reliable .
thank you for your time and helpful suggestions.
This is what I have found so far.
ArabicToolApp : Root for lolipop
Odin3 v3.12.3 : flash tool is this latest ? best to use ?
Samsung usb drivers v1.5.45.0 : are these the proper drivers to install ?
You should start by figuring out which firmware release it has on it.
If it has PL1 (the newest security release, circa 2017/01/15), there will be no rooting for you... unless you manage to create a new exploit.
OB6 and OF1 - (one of) the yemen tool(s)**
NK1 - no root available ( and can't be rolled backwards w/ Odin, only NK1 or higher )
NJ6 - no root available? ( Try towelroot, or you can downgrade to NC4 using Odin )
MI9/MJ7/MJE/NC2(leak)/NC4 - Towelroot v3
For which bootloader unlock binary to use, see here.
Can't help you out with USB drivers, I don't remember what I used. afaik, they will either work 100% or not work at all, so you just need to get something working.
I've never used anything but Odin 3.0.9. Can't tell you if the version you mention is "better".
good luck
** i've never rooted OB6 or OF1, so can't give you any advice about which to use. Feel free to read the related threads. In my (casual) reading of those threads, it is nearly impossible to intuit out why some people have problems and others do not. Mostly because the reporting is not sufficiently detailed.
bftb0 said:
You should start by figuring out which firmware release it has on it.
Click to expand...
Click to collapse
Your right, after thinking about my post I realized there were 2 many variables that I need to know before I ask for help. So once I recieve the phone and if it's fully functional I will find out what firmware it has and what the cid it has and will post a follow up if I need help.
P.S thank you for the concise jist of what is and is not possible with the various firmware's.
Recieved my phone.
I got my note 3 and boy is it just a wonderful device. SM-900v running OF1 firmware, and My Cid is 15 so is all good.
procedurs completed.
I got root from useing the yemem tool.
and have tryed some debloating removed the NFL apk as a test with Tit.backup.
dissabled ota updates, I made a copy of the update.zip (that was downloaded with out me asking it too. I assume that this update.zip is the new PL4 firmware )and deleted it. renamed the fota.apk's with a .bak
not really sure if I should unlock the the bootloader I would love to have twerp.
Could anyone point me at a good debloating script ?
LOVE LOVE LOVE my note 3.
I also have a zero lemon battery/case combo on the way.
PL1 not PL4
See here. Might be dated - stuff tends to move around from release to release.
You should probably also freeze SDM.* and SysScope.* (in addition to LocalFOTA)**
There is a small permanent downside to unlocking - the blowing of the Knox Warranty Flag means that you will never be able to use Knox Secure containers, even if you did a full stock flash with Odin. Not sure how important this is to folks using the phone as a personal device (as opposed to a corporate device).
Operating with a rooted-stock device with a locked bootloader usually progresses through a customary arc - especially with new rooters, but also with experienced folks - where the user one day does some incremental mod that boot-loops the Android UI. At that point there is no means to reverse the small change. (You can't get in via "adb" as it's daemon isn't started yet, and even if it were, the fact that it is in secure mode means that you would have to have a stable UI in order to confirm the connection.) As there is no rooted secondary boot available (i.e., a custom recovery), there is no way to perform repairs, and a trip back to Odin is in store for the owner. Worse yet, a backup has never been made... so all customizations are all lost and must be re-created completely from scratch.
** this is a good idea if you unlock and install a custom recovery: (although TWRP may detect it and emasculate it automatically)
Code:
su
chmod 0000 /system/bin/install-recovery.sh
bftb0 said:
PL1 not PL4
Click to expand...
Click to collapse
Right PL1 ok.
Well I decided in for a penney in for a pound and have sucessfully unlocked my boot loader, had no issues.
my question now is how do I install twerp I have downloaded
twerp-3.0.2-0-hltevzw-4.4
and twerp 3.0.2-1-hlte.img.tar
I think I need to install the tar file.
but I don't know how. I have odin but not sure if that is the right program to use. I think I read where somone installed twerp with flashify or somthing like that.
What should I do ?
Truck'nfool said:
Right PL1 ok.
Well I decided in for a penney in for a pound and have sucessfully unlocked my boot loader, had no issues.
my question now is how do I install twerp I have downloaded
twerp-3.0.2-0-hltevzw-4.4
and twerp 3.0.2-1-hlte.img.tar
I think I need to install the tar file.
but I don't know how. I have odin but not sure if that is the right program to use. I think I read where somone installed twerp with flashify or somthing like that.
What should I do ?
Click to expand...
Click to collapse
man up and use a root prompt command line. It's a single command.
Code:
dd of=/dev/block/mmcblk0p15 if=/sdcard/twrp-3.0.2-0-hltevzw-4.4.img bs=2048
( assuming that you put the twrp .img file in the /sdcard folder. If it was in the download folder, then if=/sdcard/Download/twrp-3.0.2-0-hltevzw-4.4.img )
Note there are absolutely, positively no spaces anywhere in "mmcblk0p15". Critically important.
The above command writes a raw binary data (the .img file) to the 15th partition of the mmcblk0 device - the flash memory chip. You can do this with boot images (such as custom recoveries) or a few other binary images, but typically not with ext4 or other filesystems.
Note this command could be extremely dangerous if you made a mistake. If you were to write data someplace else it could be a permanent disaster. So cut-n-paste to be safest (without a new-line), and then double- and triple- check the command for typos before you hit the enter key.
FYI, you can see what the partition mapping is by doing a folder listing
Code:
ls -ld /dev/block/platform/*1/by-name/*
The partitioning scheme varies from android device to android device; but on the SM-N900V the recovery partition is the 15th partition. (On other devices it might be something different).
bftb0 said:
man up and use a root prompt command line. It's a single command.
dd of=/dev/block/mmcblk0p15 if=/sdcard/twrp-3.0.2-0-hltevzw-4.4.img bs=2048
Click to expand...
Click to collapse
are you talking about adb ?
So somthing like
adb shell
su
dd of=/dev/block/mmcblk0p15 if=/sdcard/twrp-3.0.2-0-hltevzw-4.4.img bs=2048
???
Truck'nfool said:
are you talking about adb ?
So somthing like
adb shell
su
dd of=/dev/block/mmcblk0p15 if=/sdcard/twrp-3.0.2-0-hltevzw-4.4.img bs=2048
???
Click to expand...
Click to collapse
That works.
Or a terminal emulator.
All you need is to put the file on your (internal, pseudo-) /sdcard, "su", and "dd".
For extra credit, make sure to compute a file checksum (e.g. "md5sum") every time you copy the original .img file to a new location and especially prior to flashing. That safeguards against a bad copy operation, crappy flash memory, etc.
Stock ROMs might not have a "md5sum" binary in /system/bin, but since you are rooted you could install a private busybox in someplace like /data/local/bin. I prefer to use a busybox which is SELinux-cognizant, e.g. v1.23.1 here as busybox_full_selinux_1.23.1.zip Note that I don't "install" this .zip so that stuff in /system/bin or /system/xbin get overwritten, but instead just keep it in a private area all on it's own.
Steps.
0) extract the "busybox" binary from the .zip file and get a copy to your SD card. Then
Code:
su
mkdir -p /data/local/bin
chmod 755 /data/local/bin
cp /sdcard/busybox /data/local/bin/
chmod 755 /data/local/bin/busybox
cd /data/local/bin
./busybox --install -s /data/local/bin
This allows it to be used as needed in a terminal/console shell.
e.g. using ls
1) Explicitly: /data/local/bin/ls -lZ *
2) Implicitly "as a last resort":
export PATH="${PATH}"':/data/local/bin'
ls -lZ *
3) Implicitly "as preferred":
export PATH='/data/local/bin:'"${PATH}"
ls -lZ *
I am now have root, unlocked bootloader and twrp Whoot!!
Well I now have twrp installed thank you vary much for all your help and direction I sincerly appreciate your assistance.
I installed termux and after updating the packages sucessfully used dd to install twrp.
1st thing I am going to do a full system backup.
No developer love for N900V not good
Hi everyone. While I haven't made huge progress on unlocking the Amazon G Play's bootloader, I do have a few leads.
First, there's Initroot. Initroot is a way to get root access on Moto phones that have locked bootloaders. In their GitHub repository, a community member confirmed this exploit to work on his G4 Play that has a locked bootloader. I'm still trying to figure out how to patch the init. I'm not good with IDA, so it's gonna be hard. I'd love some help. While yeah, root is awesome, it's not as awesome as unlocking your bootloader. That's where the next exploit below kicks in.
There's a Amazon Exclusive Blu R1 bootloader exploit that someone here on XDA made. It uses the dirtycow exploit to obtain root then overwrite. For a lot of us, dirtycow won't work because of security patches. But initroot will!
So, using knowledge from another XDA thread, we know that the third line of our get_unlock_data is a hash validated by Motorola to allow us to unlock our bootloader. Combining the initroot and the Blu R1 unlock exploit could allow us to unlock our device.
We need to first obtain root using Initroot, to do this we need to patch initramfs. After we obtain root, we need to replace either the frp or cid partition, sounds like cid, with another patched version. This is where community help is needed! I know y'all are smart, let's do this!
This looks very promising. My device is still at 6.0.1 so I will attempt the same process at that release version.
I don't know much about how the firmware on these devices work. But I would assume the frp partition would be for factory reset protection.
So far what I've got is a SCRATCH_ADDR of 0x80000000 and padding 0x01000000, ramdisk size 1010982.
Your fastboot command would be:
Code:
fastboot oem config fsg-id "a initrd=0x81000000, 10982"
I've tested it and it does survive reboot, no eternal bootloop with these values.
Here is the full information I got from the boot.img
Code:
kernel=kernel
ramdisk=ramdisk
dt=dt.img
page_size=2048
kernel_size=7220728
ramdisk_size=1010982
dtb_size=6492160
base_addr=0x80000000
kernel_offset=0x00008000
ramdisk_offset=0x01000000
tags_offset=0x00000100
cmd_line='console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 androidboot.hardware=qcom msm_rtb.filter=0x3F ehci-hcd.park=3 vmalloc=400M androidboot.bootdevice=7824900.sdhci movablecore=160M'
board=""
format=gzip
Now whoever wants to patch init can take over because I'm tired lol
Here are some notes I have for patching the init binary:
I took the Athene stock rom from the motorolla website and extracted the init binary.
I have taken the Athene image from the initroot github extracted the init binary.
Comparing the two binaries the only difference is highlighted in red below, stock on the left and the patched init on the right.
diff
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I am guessing that changing 0xf0102001 to 0xf0102000 is referencing the second line in the difference that has 0xf0102000.
Searching for the same listing of instructions in the harpia (Moto G4 play) init I found the following:
listing
Assuming changing 0xf00f2001 to 0xf0102000 (2nd line) in a hex editor would be enough.
I don't know enough about assembly to truly know what going on here, maybe someone on the forum does.
I'm down to try it if you wanna change it and send it to me. I have a couple of these phones just to play with so not too worried if I mess one up.
So, it seems to be a light at the end of the tunnel amz version without bootloader.
Keep it up guys \o/
Analysed aboot to find the SCRATCH_ADDRESS as described here: https://alephsecurity.com/2017/06/07/initroot-moto/#finding-the-scratch_addr-values
I can confirm the target_get_scratch_address is 0x9000000
I will try start my phone using the vanilla/unpatched copy of initramfs to see if I can boot.
ledothis said:
Analysed aboot to find the SCRATCH_ADDRESS as described here: https://alephsecurity.com/2017/06/07/initroot-moto/#finding-the-scratch_addr-values
I can confirm the target_get_scratch_address is 0x9000000
I will try start my phone using the vanilla/unpatched copy of initramfs to see if I can boot.
Click to expand...
Click to collapse
So that scratch_addr is 0x9000000 not 8x as a post above said? How about padding? And if you'd like I have the xt1607 initramfs already made to flash if you want it.
A.Fitz said:
So that scratch_addr is 0x9000000 not 8x as a post above said? How about padding? And if you'd like I have the xt1607 initramfs already made to flash if you want it.
Click to expand...
Click to collapse
I proved that it is possible to boot as described in the article by flashing a stock initrd.img (plus padding).
Code:
fastboot oem config fsg-id "c initrd=0x92000000,1010926"
fastboot flash aleph2 ./initroot-orig-harpia.cpio.gz
fastboot continue
I am failing when trying to boot off a custom initrd.img where I just unpack and repack it (using the steps on the github).
However when I compare my repacked initrd vs the original they are different which shouldn't be the case. I plan on figuring this issue next.
Also for the padding, I do not think that is explained well in the article. We can use any padding that we want, it is a precaution just to offset the image from the scratch address such that it doesn't get clobbered when the bootloader uses the scratch address for storing other data.
I have tried both 32MB (0x2000000) and 64MB (0x4000000) both of these work.
If you're on linux you can create the pad files using the following command, for e.g. 32MB
Code:
dd if=/dev/zero of=pad32 bs=1M count=32
Then for my stock image I have:
Code:
cp pad32 init-orig-harpia.cpio.gz
cat initrd.img >>init-orig-harpia.cpio.gz
Then I would use 0x92000000 instead of 0x90000000 as the initrd offset.
XT1622 Amazon version
The same thing with the XT1622 Amazon version.
- Tried booting with the original initroot image everything loads fine.
- When trying with the adjusted image I get boot loops.
The patch for init is wrong..
The exampe had 0xf0102001 changed to 0xf0102000. Assuming the patch is just dropping the last bit.
For my harpia initrd image I have the data 0xf00f2001 so I changed that to 0xf00f2000 and this worked.
Running
Code:
adb shell getenforce
Permissive
Note: I was super wrong about the packing and unpacking being the issue.
ledothis said:
The patch for init is wrong..
The exampe had 0xf0102001 changed to 0xf0102000. Assuming the patch is just dropping the last bit.
For my harpia initrd image I have the data 0xf00f2001 so I changed that to 0xf00f2000 and this worked.
Running
Code:
adb shell getenforce
Permissive
Note: I was super wrong about the packing and unpacking being the issue.
Click to expand...
Click to collapse
So, good news for XT1607 owners?
Im stuck now as I have never setup su before.
I copied su (version from android emulator) to /sbin/su in the image, but when i run:
Code:
$ adb shell su
su: setgid failed: Operation not permitted
Assuming thats why sepolicy and adb needs to be patched.
I tried using my sepolicy from the emulator and it still failed.
Maybe I should copy the adb from the github or the emulator.
I mean, he could be right; I never claimed to know what the hell I was doing I just like to tweak out on phones, definitely nowhere near a professional.
Root works now.
Code:
$ adb shell
[email protected]:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
/init patched as described above
/sepolicy taken from the athene-m image on the github
/xbin/su taken from the android arm emulator
/sbin/adbd taken from the athene-m image on github
/init.mmi.usb.rc changed "echo 1" to "echo 0" in two places
ledothis said:
Root works now.
Code:
$ adb shell
[email protected]:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
/init patched as described above
/sepolicy taken from the athene-m image on the github
/xbin/su taken from the android arm emulator
/sbin/adbd taken from the athene-m image on github
/init.mmi.usb.rc changed "echo 1" to "echo 0" in two places
Click to expand...
Click to collapse
Woohoo. Is this permanent? Can it be used then to permanently enable the tethering? Does this wipe anything on the phone?
I wonder what will happen if we finally get nougat.
Sent from my Moto G Play using Tapatalk
So, can we say now that's official to have root on amz version? o/
Technically yes. You would have to flash the fake initrdimg before booting each time though. Furthermore, you still can't change much of the device because the boot sequence is still secure.
Looking at the original suggestion for unlocking the bootloader it is unfortunately for a BLU device not a motorolla device (even though it is Amazon controlled).
I originally though that was Motorola variant. The bootloader unlock for the BLU device won't work for a motorolla device.
We just need to hope someone figures out a way to hack the bootloader.
I remember reading way back that there are some guys on this forum that know how to get Motorlla bootloader unlock codes, but I think they charge money. (Seems dodgy).
With root access I have pulled the bootloader image, so I'll dig around for fun but doubt I will find anything.
ledothis said:
Technically yes. You would have to flash the fake initrdimg before booting each time though. Furthermore, you still can't change much of the device because the boot sequence is still secure.
Looking at the original suggestion for unlocking the bootloader it is unfortunately for a BLU device not a motorolla device (even though it is Amazon controlled).
I originally though that was Motorola variant. The bootloader unlock for the BLU device won't work for a motorolla device.
We just need to hope someone figures out a way to hack the bootloader.
I remember reading way back that there are some guys on this forum that know how to get Motorlla bootloader unlock codes, but I think they charge money. (Seems dodgy).
With root access I have pulled the bootloader image, so I'll dig around for fun but doubt I will find anything.
Click to expand...
Click to collapse
So would a change to the build.prop survive a reboot?
Sent from my Moto G Play using Tapatalk