I've come most recently from a Galaxy S4 with a locked bootloader using safestrap, and before that from an S3 with an unlocked bootloader.
On the S3, with it's unlocked bootloader I flashed roms without really worrying that much about kernals or rom "bases"
When I used safestrap I understood it was really important that the rom I was flashing was based on the "base" I was locked into by virtue of the particular OTA I was on.
Now that I have my verizon G2 i've rooted the 12b ota with ioroot and i'm about to install a recovery using freegee, but before I go forward I'd like to understand a little bit more how careful do I have to be to find out what "base" the rom i'm about to flash was built on/for? can install a rom or restore a backup that is based on a different verizon ota then my own? I understand tha Loki is a "bypass" and not a bootloader unlock, but I'm not really sure what that means.
Please enlighten me.
Unlike an actual bootloader unlock, Loki is dependent upon the kernel.
When you boot the phone, the bootloader loads the kernel into the memory and then verifies it. In that order. If the signature verification is successful, the bootloader proceeds with the boot process. If it does not, the boot process is aborted and a security error is displayed.
The key to the Loki exploit is actually at the step where the kernel is loaded into the memory. The flaw in the bootloader is that it relies upon the boot image header to determine the location at which to load the kernel and the ramdisk in the memory. The signature verification occurs after this. The exploit works by using an address in the boot image header that actually overwrites the part of the bootloader in the memory that does the signature verification. Shellcode added by the user is loaded to where the ramdisk is expected to reside and patches up boot image header and loads the kernel and ramdisk into the memory at the correct location, and then returns a value that would indicate that signature verification was successful, and thus the bootloader proceeds with the boot process with the custom kernel.
All in all it's pretty simple, and quite brilliant.
If you are installing a custom ROM or kernel, all of boot images have this exploit written into them, otherwise they will not boot. As an end user, all you need to really worry about is things like checking integrity, as if you flash a damaged image it will not run the exploit as it is supposed to and fail to boot, you'll get a security error, and basically have no option other than to flash completely back to stock (or if you end up in fastboot, flash a good boot image and recovery that properly exploit the bootloader and can boot the ROM you have installed or recovery). It's not much different from an actual bootloader unlock to the user, as if you get a bad download and flash it you're going to have problems no matter what. Check your md5s always!
Perhaps worth noting is that this exploit has been patched in the official kit-kat releases. I do not know too much about the new bootloader, but I am told that it includes steps that verify it's own integrity so it will not boot if it is overwritten. Since the old bootloader won't boot official 4.4.2, there is currently no way to get both official 4.4.2 and a custom recovery.
Sent from my Nexus 7 using Tapatalk
Thanks
Thanks, but I'm still confused about the practical ramifications.
When I choose a rom to install does it need to specifically be built on the 12b ota? when I'm on a particular ota can I restore a backup that was had a different base? both of those things were things I couldn't do with safestrap, but I could on my bootloader-unlocked phones
Edited my first post with a little more info. Loki had to be updated for 12B. Most ROMs and kernels have been updated but some won't work. I would read the ROMs thread to make sure. I am on 12B currently and I have not run into any problems with it yet, but it never hurts to read the thread for the things you are flashing and seeing if others are having a problem. This is not like safestrap where you are limited to the stock kernel (or one specific kernel if you have kexec). Any kernel that is properly Loki'd will be bootable as long as you don't do something like try to boot an AOSP ROM on a stock kernel. There are a few incompatibilities between ROMs and kernels that arise from various ROMs moving away from AOSP but this has nothing to do with this specific exploit and would happen regardless of bootloader unlocking/hacking methods
Sent from my Nexus 7 using Tapatalk
The information about rooting in recent weeks has gotten rather splintered on XDA. I've read what I can find here on the forums. I've searched and read this forum for several hours. Much of the information is spread out & difficult to fully understand for that reason.
I've read what I can understand from the "experimental" systemless root posts
I've read http://forum.xda-developers.com/moto-x-style/general/guides-how-to-guides-beginners-t3200808
I've read http://forum.xda-developers.com/mot...t-moto-x-style-xt1572-br-marshmallow-t3259380
I've read http://forum.xda-developers.com/showpost.php?p=63197935&postcount=2
I want to ask a really simple question: Can I boot (but NOT flash) from a custom recovery like TWRP or CM or whatever & then use the systemless install version of Super-SU? Can this be done without using Motorola's unlock system & thereby cancelling my warranty?
I want to end up with the regular Motorola-provided version of Android 6.0 that is installed right now, except with root access, preferably without wiping my system. The developments above interest me for that reason. From what I understand, I SHOULD, in theory, be able to boot from the custom recovery (so I shouldn't have to unlock because I don't want to overwrite the installed recovery) & then install via the systemless method the newest stable version of Super-SU.
Bear in mind:
I don't think I will ever want to install a custom ROM.
I really only want to make minor changes to my device
Can I boot (but NOT flash) from a custom recovery like TWRP or CM or whatever & then use the systemless install version of Super-SU? Can this be done without using Motorola's unlock system & thereby cancelling my warranty?
I've searched and read this forum for several hours.
Good luck. Honestly you should unlock if you are going to mess with system. Your warranty will be void for tampering with the phone anyway.
I was wondering if someone could give me a direct answer because i cant seem to find one sifting through the forums.
I originally rooted with root master back when i got the phone. it is still on mje/4.3 stock build. things look a little more complicated then i remember, since my phone hasn't seen an update in over 3 years. I originally froze the verizon ota updates with tibackup, along with all the other bloatware.
My main questions are:
1. I would like to get a 6.0 Rom that looks like the note 7 did, can i do it all with odin and just flash a bunch of files?
2. Do I need a custom recovery like twrp or cwm?
3. I've read about an activation lock but can't find it in my menus, did it not exist yet on 4.3?
If anyone can point me in the right direction I would appreciate it, I really dont wanna brick my phone.
I'm still on MJE firmware, but using an older CM13 (temasek) ROM. So it's marshmallow but no Touchwiz or other Samsung add-ons.
Here are the MJE-specific issues:
1) You can't boot N* or O* stock kernels because of differences in the way that DTB (device tree blobs) are packed into the boot image. I've played with re-packing the boot images, but the kernels seem to run off into the weeds after a few tens of seconds.
2) TowelRoot works on MI9 through NC2(leak) but I think not thereafter - if you wanted to avoid a bootloader firmware upgrade but re-flash via Odin the MJE firmware for "starting from scratch" purposes, you have a means to re-root that does not require a PC.
3) If you retain the MJE bootloader, use the TWRP (hltevzw) -4.3 recovery; the -4.4 recovery will not boot, presumably due to issues similar to (1) above.
4) Not specific to MJE - but important - is the fact that if you want to boot either a custom kernel or custom recovery, you need to unlock your bootloader first. You can unlock your bootloader from any rooted ROM, but be aware that flashing stock firmware with Odin thereafter will re-lock the bootloader.
If you were to "start from scratch" but upgrade to more recent stock software before rooting, be aware that there is no publicly available root for NC4 or NK1; you would need to install stock OB6 or OF1, and follow that by using those "yemen" rooting tools. (Are they safe to use? I don't know frankly)
I am assuming that the N* and O* series bootloaders are backwards compatible with regard to device tree booting issues (see #1 above), because the temasek CM13 roms (having a custom kernel) boot on both OF1- and (my) MJE- bootloader phone. I guess that means it uses a "4.3" DTB packing in the boot image.
You are probably going to want to use TiBu to make important backups, and also copy everything off the phone that is important to you. You should assume that if anything goes wrong, an Odin re-install and factory reset are in the device's future.
Having said all this, I'm not sure there is such a thing as a ROM which "looks like Note7" - this is an old phone with almost no ROM developers left. There might have been more, but the bootloader unlock was achieved 2+ years after the phone's release, and most of the active developers moved on to new phones before that happened.
good luck
Alright so I apologize in advance if this thread has been posted a million times and believe me, I've spent the last 4-5 days combing through to make sure I could get every detail of this process done correctly. So I'm not just blindly asking for instructions on how to root my phone. Apologies also if I posted this in the wrong place.
For starters, I'm using Moto G4 Plus XT1641 6.0.1 Build Number MPJ24.139-23.3. My carrier is Koodo in Canada (unsure if that's important but I'll need to being it up again for another point). The files I downloaded were from a youtube tutorial and this includes ADB program, TWRP img 3.0.2.0, supersu zip 2.46 and Motorola Drivers 2.5.4, SOME of which I think may have been outdated versions.
So Saturday night I tried to root my phone with those files. I followed some more guides, I unlocked my bootloader and I think I mostly did everything right except for getting the right supersu version as I've seen up to version 2.82. I think this may have been my first mistake but maybe someone correct me if I'm wrong? My other mistake was not making a backup in TWRP. I'd read about possible wifi problems after rooting so I grabbed the elemental package and possibly even flashed that wrong. I can't even remember the steps of what I did but I'm sure it was all wrong.
Main point, after all that I didn't have ccell service, wifi, etc. The common problems that arise when you do it wrong. I ended up just taking my phone in and getting a new phone. Exact same one, same model. And this brings me to where I am now. I've downloaded some new files and I want to make sure that I've got everything right as to avoid misunderstanding some key parts to the process.
Minimal ADB and Fastboot 1.4.2, twrp-3.1.1-0-athene.img, SuperSU-v2.82-201705271822, Motorola Drivers 2.5.4, and lastly XT1641_ATHENE-TELUS_MPJ24.139-23.3_cid50_subsidy-TELUS_CFC.xml. Notice how that last one says Telus? It's the parent company of Koodo so I'm hoping I can use that as a failsafe.
I think I've covered all the key points so to sum up:
1. Did I use the wrong supersu zip version and could that be a reason why I had no wifi/cell service? Is that also possible because I may have flashed the wrong carrier athene file?
2. Are the files I have downloaded now the correct ones I need and up to date?
3. I'm following this guide. With the files I have downloaded, is it still a correct step by step process? Are there other guides that work better?(thats not a knock on the original guide I'm refering to). https://forum.xda-developers.com/moto-g4-plus/how-to/root-systemless-rooting-supersu-2-74-2-t3405772
I think I've got the right know how and tools to root my phone but I'm just nervous of doing what I did before again and would like some reassurance that I'm doing it right. I've just come from jailbreaks, the world of root is much different. I appreciate any help or tips you guys can throw me!
Hmm, that's odd how you lost radio signal when you rooted, did you obtain radio signal back after you unrooted?
A few things I noted:
1)You may wish to update your device to a newer build, you might get an OTA inviting you to update to MPJ24-139-63 (or 139-64), which was the latest Marshmallow build. Once you've rooted, you will not be able to install OTA updates until you have unrooted and restored the stock recovery (from the same build as you currently have). If you get an OTA notification for any build beginning with NPJ, that's for Nougat.
2)If you plan to stay on Marshmallow, you don't need the ElementalX kernel - a custom kernel like ElementalX is compulsory on Nougat, whereas Marshmallow is not as strict with regards to rooting.
3) I hope the carrier ROM is okay, though from other reports, flashing the incorrect ROM can corrupt device partitions, leaving with no IMEI/no service/no FP. We have possible ways of repairing that though.
The tools you've downloaded seem to be okay and Bender's guide is still okay - even though the tools they've used are out of date - so the general procedure would be (up to you if you've updated MM at this point):
Install adb on your computer.
Boot your device to the bootloader.
Flash TWRP 3.1.1 athene (either the offficial TWRP or an unofficial build from shreps or oadam11) as directed.
Reboot to recovery (to make sure the recovery sticks).
Back up all partitions on your device, make the name descriptive.
Make another backup of the boot partition - this contains your stock kernel, useful for switching root manager.
Once the backups have been made, flash SuperSU v2.82.
Wipe cache/Dalvik
Reboot.
echo92 said:
Hmm, that's odd how you lost radio signal when you rooted, did you obtain radio signal back after you unrooted?
A few things I noted:
1)You may wish to update your device to a newer build, you might get an OTA inviting you to update to MPJ24-139-63 (or 139-64), which was the latest Marshmallow build. Once you've rooted, you will not be able to install OTA updates until you have unrooted and restored the stock recovery (from the same build as you currently have). If you get an OTA notification for any build beginning with NPJ, that's for Nougat.
2)If you plan to stay on Marshmallow, you don't need the ElementalX kernel - a custom kernel like ElementalX is compulsory on Nougat, whereas Marshmallow is not as strict with regards to rooting.
3) I hope the carrier ROM is okay, though from other reports, flashing the incorrect ROM can corrupt device partitions, leaving with no IMEI/no service/no FP. We have possible ways of repairing that though.
The tools you've downloaded seem to be okay and Bender's guide is still okay - even though the tools they've used are out of date - so the general procedure would be (up to you if you've updated MM at this point):
Install adb on your computer.
Boot your device to the bootloader.
Flash TWRP 3.1.1 athene (either the offficial TWRP or an unofficial build from shreps or oadam11) as directed.
Reboot to recovery (to make sure the recovery sticks).
Back up all partitions on your device, make the name descriptive.
Make another backup of the boot partition - this contains your stock kernel, useful for switching root manager.
Once the backups have been made, flash SuperSU v2.82.
Wipe cache/Dalvik
Reboot.
Click to expand...
Click to collapse
Thanks for the reply, it helps me feel a little more confident in what I'm doing. I didn't get my cell service back as I just took my phone into Koodo and they just gave me a new one. A few questions.
Are there some clear guides on how to recover from lost wifi and cell service? I've seen a few but it appears they all have different directions so as a newcomer to Android it does seems a bit confusing to what the right way to do it is. I'm also hoping someone can chime in on the Telus carrier IMG file as that seems to be my backup in case anything goes terribly wrong again. I'd hate to have to bring my phone back again a second time. Also, is it an easy process to make a backup of the kernel in TWRP? I've figured out how to make a backup of the normal partition, just hoping backing up the kernel is just as easy.
I think I'm near ready to take the root plunge in the coming days. It's good to see such a strong community here. Totally different from the jailbreak scene.
lemonlimejones said:
Thanks for the reply, it helps me feel a little more confident in what I'm doing. I didn't get my cell service back as I just took my phone into Koodo and they just gave me a new one. A few questions.
Are there some clear guides on how to recover from lost wifi and cell service? I've seen a few but it appears they all have different directions so as a newcomer to Android it does seems a bit confusing to what the right way to do it is. I'm also hoping someone can chime in on the Telus carrier IMG file as that seems to be my backup in case anything goes terribly wrong again. I'd hate to have to bring my phone back again a second time. Also, is it an easy process to make a backup of the kernel in TWRP? I've figured out how to make a backup of the normal partition, just hoping backing up the kernel is just as easy.
I think I'm near ready to take the root plunge in the coming days. It's good to see such a strong community here. Totally different from the jailbreak scene.
Click to expand...
Click to collapse
Hmm, I'm not aware of any guides specifically dealing with lost Wi-Fi and lost mobile signal. There are a few posts where we've had some success in getting radios back, but it involves either hex editing https://forum.xda-developers.com/showpost.php?p=72340548&postcount=98 or flashing hw, modem or fsg partitions from a working device (in this case, XT1641) The instances I've seen of lost Wi-Fi/mobile signal appear to have occurred during a stock ROM fastboot flash, but hoping someone can chime in as to whether it was just flashing the wrong region firmware or something else.
If you want to back up your kernel in TWRP:
Boot to TWRP
Tap 'Backup' on the main menu
Select only the 'boot' partition - this is the partition that contains your kernel (should be stock and clean if you've not rooted).
Rename the file to remind you it's your kernel.
Swipe to back up.
If you need to revert to this kernel, unroot first (depending on your root manager, you may have to boot and then unroot. I recall SuperSU unroots via the SuperSU app settings), then boot to TWRP.
Tap 'Restore' on the main menu
Navigate to your boot backup
Flash your boot backup
You should now have a clean stock kernel, so if you wish to switch root managers, you should be able to obtain root with your new root manager. We want a clean kernel (no modifications made) since uninstalling the old root may leave traces of root on your existing kernel, and thus may cause issues if you re-root with a different manager.
Good luck in rooting
echo92 said:
Hmm, I'm not aware of any guides specifically dealing with lost Wi-Fi and lost mobile signal. There are a few posts where we've had some success in getting radios back, but it involves either hex editing https://forum.xda-developers.com/showpost.php?p=72340548&postcount=98 or flashing hw, modem or fsg partitions from a working device (in this case, XT1641) The instances I've seen of lost Wi-Fi/mobile signal appear to have occurred during a stock ROM fastboot flash, but hoping someone can chime in as to whether it was just flashing the wrong region firmware or something else.
If you want to back up your kernel in TWRP:
Boot to TWRP
Tap 'Backup' on the main menu
Select only the 'boot' partition - this is the partition that contains your kernel (should be stock and clean if you've not rooted).
Rename the file to remind you it's your kernel.
Swipe to back up.
If you need to revert to this kernel, unroot first (depending on your root manager, you may have to boot and then unroot. I recall SuperSU unroots via the SuperSU app settings), then boot to TWRP.
Tap 'Restore' on the main menu
Navigate to your boot backup
Flash your boot backup
You should now have a clean stock kernel, so if you wish to switch root managers, you should be able to obtain root with your new root manager. We want a clean kernel (no modifications made) since uninstalling the old root may leave traces of root on your existing kernel, and thus may cause issues if you re-root with a different manager.
Good luck in rooting
Click to expand...
Click to collapse
That's perfect thank you so much. Am I right to assume that if I get into a jam then I can just restore/reflash my backups and I'll be back to normal?
To be safe, flash the ElementalX kernel before rooting.
reCoded said:
To be safe, flash the ElementalX kernel before rooting.
Click to expand...
Click to collapse
See this is where I get confused, the guy above you said ElementalX isn't needed on Marshmallow but you say i should use it anyway? I've seen a few differing opinions on what should and shouldn't be done, just not sure which one is the right answer.
lemonlimejones said:
See this is where I get confused, the guy above you said ElementalX isn't needed on Marshmallow but you say i should use it anyway? I've seen a few differing opinions on what should and shouldn't be done, just not sure which one is the right answer.
Click to expand...
Click to collapse
ElementalX v0.07 is not required on Marshmallow (provided you are planning on staying on 6.0.1), you can root the stock ROM kernel. You may wish to flash the ElementalX kernel anyway as this custom kernel gives you more control and tuning options compared to the stock kernel. On stock Nougat, because the anti-rooting kernel security is much stricter and enforced (whereas on Marshmallow I don't think it's enforced), then you need ElementalX or vegito or a custom kernel to bypass the security, by in effect replacing the stock secure kernel with a kernel that doesn't have those restrictions. Without replacing the stock kernel on stock Nougat systems, you can run into a bootloop.
As an MM kernel as mentioned before has weaker security regarding rooting, it's up to you if you choose to root the stock kernel or ElementalX.
I've rooted MM (MPJ24.139-63) in the past with SuperSU (v2.79) and only used TWRP and SuperSU.
In response to your other post, the backups should get you out of a jam, since what you're doing should only affect the partitions you've backed up previously (they in theory shouldn't go anywhere near your modem, bootloader or critical firmware). Bear in mind that the TWRP backup if restored in full will revert your messages and data to that backup. You may wish to use Titanium Backup or other tools to take occasional snapshots of your apps data that you can restore should you have to roll back.
lemonlimejones said:
See this is where I get confused, the guy above you said ElementalX isn't needed on Marshmallow but you say i should use it anyway? I've seen a few differing opinions on what should and shouldn't be done, just not sure which one is the right answer.
Click to expand...
Click to collapse
If you're on Nougat, then you should use ElementalX. If you're on Marshmallow, you don't need it.
echo92 said:
ElementalX v0.07 is not required on Marshmallow (provided you are planning on staying on 6.0.1), you can root the stock ROM kernel. You may wish to flash the ElementalX kernel anyway as this custom kernel gives you more control and tuning options compared to the stock kernel. On stock Nougat, because the anti-rooting kernel security is much stricter and enforced (whereas on Marshmallow I don't think it's enforced), then you need ElementalX or vegito or a custom kernel to bypass the security, by in effect replacing the stock secure kernel with a kernel that doesn't have those restrictions. Without replacing the stock kernel on stock Nougat systems, you can run into a bootloop.
As an MM kernel as mentioned before has weaker security regarding rooting, it's up to you if you choose to root the stock kernel or ElementalX.
I've rooted MM (MPJ24.139-63) in the past with SuperSU (v2.79) and only used TWRP and SuperSU.
In response to your other post, the backups should get you out of a jam, since what you're doing should only affect the partitions you've backed up previously (they in theory shouldn't go anywhere near your modem, bootloader or critical firmware). Bear in mind that the TWRP backup if restored in full will revert your messages and data to that backup. You may wish to use Titanium Backup or other tools to take occasional snapshots of your apps data that you can restore should you have to roll back.
Click to expand...
Click to collapse
Right on, I think I feel comfortable with this now! One more question though, with newer versions of SuperSU is it still necessary to make the command echo systemless=true or was that mostly for older versions? Also if that part is needed, should I run SuperSU from the data folder in TWRP?
lemonlimejones said:
Right on, I think I feel comfortable with this now! One more question though, with newer versions of SuperSU is it still necessary to make the command echo systemless=true or was that mostly for older versions? Also if that part is needed, should I run SuperSU from the data folder in TWRP?
Click to expand...
Click to collapse
The 'echo systemless=true', as I understand it, isn't required on SuperSU 2.79 or newer, so if you're flashing 2.82, you should be able to flash as is without having to run the command too Also makes uninstalling easier!
First of all, I want to tell you that I'm not very familiar with rooting but have just a bit experience flashing custom roms, so please go easy on me.
I have done some research and found a couple things that I couldn't find answers for:
1) First one is that apparently you need your bootloader unlocked/ OEM unlocking enabled in developer options, however since I upgraded to Oreo in last August, that option disappeared. I've tried two methods for making it appear that I've found online (keeping phone up for 7 days straight and reverting time back) but none worked. I've read somewhere that if you downgrade to Nougat, enable it then re update to Oreo your bootloader will remain unlocked. So, can someone confirm this? Can you downgrade with a locked bootloader? And if so, can someone guide me through it? (Additional question: will the downgrade reset user data?)
2) After unlocking bootloader you need to flash TWRP but I have so many questions on that. First: I couldn't find a TWRP for oreo. Does it work regardless of os version? Second: I found a guide from XDA that is written long ago, and it says "make a full backup of your system, including EFS before flashing". How do you backup without flashing it tho? All guides are about using either a custom recovery or rooted app.
3) Do you really need TWRP? I mean, can't you flash Magisk via Odin/ADB directly, perhaps without unlocking bootloader? What happens if I use install command from ADB?
4) So does tripping knox fuse achieve anything other than killing the nonexistent system updates and samsung guarantee? I want to make sure Samsung health is going to operate.