zmax pro root idea!!! - ZTE Zmax Pro Questions & Answers

Hey any developer willing to look at this find of mine?
http://androidforums.com/attachments/zte-updat-2-png.112624/
Is the mbn file something you can use to root? I googled it coz I saw this mbn test in the app manager after the update. IT is saying it contains files in what I believe is what you need to root. In this case I think they use it to put/boot all those update files.
ON my research odin can read mbn files. Just an idea.
http://forum.xda-developers.com/showthread.php?t=2799160
I don't know why you are ignoring this idea coz I know I am on the right track on all of you. LOL. Look what I found:
http://forum.xda-developers.com/showthread.php?t=2641245
IT works on those mbn files in the attachment come on now, I will post this on xda. Maybe someone will be interested there since you all are ignoring this gem of a find of mine.
I know how to search, I understand programming somewhat. I just am not 'fluent' in android platform. So go have at it. Those who know what they are doing. I am on the right track. AM I right? OR AM I right?!

LOL. This phone is either unpopular, officially unloved, or wow is locked tight even developers here and the other forum can't crack it. I am kinda happy about it. It means it's really secure this phone.

asianrocker said:
LOL. This phone is either unpopular, officially unloved, or wow is locked tight even developers here and the other forum can't crack it. I am kinda happy about it. It means it's really secure this phone.
Click to expand...
Click to collapse
Its mainly SElinux, also the best dev we have is studying for exams

asianrocker said:
Hey any developer willing to look at this find of mine?
http://androidforums.com/attachments/zte-updat-2-png.112624/
Is the mbn file something you can use to root? I googled it coz I saw this mbn test in the app manager after the update. IT is saying it contains files in what I believe is what you need to root. In this case I think they use it to put/boot all those update files.
ON my research odin can read mbn files. Just an idea.
http://forum.xda-developers.com/showthread.php?t=2799160
I don't know why you are ignoring this idea coz I know I am on the right track on all of you. LOL. Look what I found:
http://forum.xda-developers.com/showthread.php?t=2641245
IT works on those mbn files in the attachment come on now, I will post this on xda. Maybe someone will be interested there since you all are ignoring this gem of a find of mine.
I know how to search, I understand programming somewhat. I just am not 'fluent' in android platform. So go have at it. Those who know what they are doing. I am on the right track. AM I right? OR AM I right?!
Click to expand...
Click to collapse
I cant go into detail yet but there are some amazing people that hace been working on root for over a year that are currently very very close to a public release. I would advise anyone that wishes to finally root this phone DO NOT install any updates released by your carrier going forward as the vulnerability that has been exploited allowing the root devs to get farther than any other attempt before now was recently patched by google last month and will most likely be included in the next uodate released by the carriers. All variants and builds up to B21 are vulnerable to this exploit so when a stable root is achieved and released very soon it should work for everyone that does not update their phone past build B21. Standby for further updates...

Related

Here is the stock SBF for the xprt.

Okay, here is the stock SBF file for all those that have been waiting and digging around for it.
Please be careful using this and I am in no way responsible if you break or cripple your phone.
Enjoy.
http://www.mediafire.com/?ecadm7dxhrchb7z
thanks~
here it comes!
tcaudill01 said:
**** Since not one of the people who downloaded the file even had the decency to say "Thank you", I'm pulling the file. I have no tolerance or willingness to help ingrates. ****
Click to expand...
Click to collapse
A pity, but I understand. Thanks for posting it when you did though.
(I never had the chance to download it, but I'll thank you anyway.)
tcaudill01 said:
**** Since not one of the people who downloaded the file even had the decency to say "Thank you", I'm pulling the file. I have no tolerance or willingness to help ingrates. ****
Click to expand...
Click to collapse
I've downloaded it...
Now I give you my "thank you". But.... Can You understand my "But"?
tcaudill01 said:
Okay, here is the stock SBF file for all those that have been waiting and digging around for it.
Please be careful using this and I am in no way responsible if you break or cripple your phone.
Enjoy.
**** Since not one of the people who downloaded the file even had the decency to say "Thank you", I'm pulling the file. I have no tolerance or willingness to help ingrates. ****
Click to expand...
Click to collapse
aww :-(. 30 minutes of google and i find this thread two days too late? My phone is bricked and useless :-(. Please reconsider?
dcostalis said:
aww :-(. 30 minutes of google and i find this thread two days too late? My phone is bricked and useless :-(. Please reconsider?
Click to expand...
Click to collapse
I have to agree. My old man needs this desperately. If you won't post it, at least send the link to some via PM.
Again, thank you for uncovering this.
thanks to original uploader, I personally don't understand calling people names and pulling the file after 2 days...
For those still looking...
cdn.anonfiles.com/1333515773933.rar
Thanks for the sbf!
This is great news, thanks a ton to whom managed to share this with the community.
working or not working
do u try it? information is not clearly.
works, but not recommend
cutdaubac said:
do u try it? information is not clearly.
Click to expand...
Click to collapse
it works, but not recommend.
motorola has released the update.zip for 4.1.15, and after the update, the final sha1sum of every file doesn't equal to the sha1sum in the sbf.
take care of it...
Being that the SBF is version 4.1.110, I would assume that file checksum would not match those in version 4.1.15. Also, 4.1.110 is Sprint based while 4.1.15 is direct from Motorola and I'm unsure what changes (if any) sprint may have applied.
All I know is that I have used this several times without issue and over 400 downloads have been made and no one else has seen the issue you have so I am not sure what is going on.
Thanks for bringing it to everyone's attention and if anyone else is seeing this please share your experience.
i mean, after update to 4.1.110 from 4.1.15, the sha1sum of the system dont equal to the sha1sum of the files in the sbf. however, i didn't check it, and i flashed the sbf.
now, i dont think there are any chance for this sbf to upgrade to the coming gingerbread. as the version are 4.1.100, but the sha1sum are totally different.
tcaudill01 said:
Being that the SBF is version 4.1.110, I would assume that file checksum would not match those in version 4.1.15. Also, 4.1.110 is Sprint based while 4.1.15 is direct from Motorola and I'm unsure what changes (if any) sprint may have applied.
All I know is that I have used this several times without issue and over 400 downloads have been made and no one else has seen the issue you have so I am not sure what is going on.
Thanks for bringing it to everyone's attention and if anyone else is seeing this please share your experience.
Click to expand...
Click to collapse
for example,
the sha1sum of /system/app/AccountAndSyncSettings.apk:
4.1.15: d8c4844aaea053262817f7e3e48a2c70cab9c1b9
4.1.110: b8be65cc4224f5fd1bcb27404a94c463f57f8041
4.1.110sbf: b4957ae44524df9c8bd61d1f6842d47175092055
so i dont think there is anyone can upgrade from 4.1.110sbf to the coming gingerbread.
of course, the apk content is same.
tcaudill01 said:
Being that the SBF is version 4.1.110, I would assume that file checksum would not match those in version 4.1.15. Also, 4.1.110 is Sprint based while 4.1.15 is direct from Motorola and I'm unsure what changes (if any) sprint may have applied.
All I know is that I have used this several times without issue and over 400 downloads have been made and no one else has seen the issue you have so I am not sure what is going on.
Thanks for bringing it to everyone's attention and if anyone else is seeing this please share your experience.
Click to expand...
Click to collapse
i think, i consider too much...
i wish the coming gingerbread use a total update, not patch..
if there are patch, then it will check the sha1sum of the origin system.
and if it just replace the whole system, then everything should be ok.
tcaudill01 said:
Being that the SBF is version 4.1.110, I would assume that file checksum would not match those in version 4.1.15. Also, 4.1.110 is Sprint based while 4.1.15 is direct from Motorola and I'm unsure what changes (if any) sprint may have applied.
All I know is that I have used this several times without issue and over 400 downloads have been made and no one else has seen the issue you have so I am not sure what is going on.
Thanks for bringing it to everyone's attention and if anyone else is seeing this please share your experience.
Click to expand...
Click to collapse
thank so much for the file...!! im sure this would have saved quite a lot of people!
The Cell Phone Biz is corrupt to the core thats why we have to,,, customize..
...
All I know is that I have used this several times without issue and over 400 downloads have been made and no one else has seen the issue you have so I am not sure what is going on.
Thanks for bringing it to everyone's attention and if anyone else is seeing this please share your experience.[/QUOTE]
I like the phones you mention...
Galaxy Prevail, Marquis XRPT... I know I am well on my way to becoming a fanatic about this...
And I am just saving up to buy the Galaxy Note from Korea for like $250 (unlocked)...
But can you clue me in on how to save this "original file onto my mac"..
I already downloaded this MDM installer for my mac...
I am dreading all this and have no clue if I can take the ..
Original Sprint Motorolla ,,, that someone in China put a cardboard boost mobile sleeve around and now... Not really knowing who's OS is on this phone... and now try to unlock it (from ..?? sprint or boost) to.... Virgin Mobile (and a special low end Virgin Mobile called Assurance Wireless which everyone says is JUST FOR PAYLO (read lousy phones without features).... so teach me how to ave whatever OS is there in case this does not work at least I can activate it for Boost... and i will share my files... if you need em..
Thanks
A still somewhat sane Newbie who has been tormented too many times but the "in humane" and uncaring cell phone business!
I want to restore my Sprint XPRT to stock Froyo using this SBF and then update to Gingerbread.
liudongmiao mentioned some checksums not matching up for files between this SBF and stock files originally on the phone. Now that GB has been out for a while, anybody run into any problems updating as a result of that or have your updates went smoothly?
My phone isn't bricked, but rongsang made the excellent suggestion in the main XPRT thread on here that I should use the SBF and then apply the Gingerbread update as the easiest way to get to GB. My XPRT currently is running Froyo, rooted, and works okay (other than missing a few Sprint bloatware apks that the GB update seems to want there).
Update: After finding positive reports on another forum I went ahead and applied the SBF followed by the OTA Gingerbread update and all appears to have succeeded.
will this work with thr boost version of XPRT ?
I clicked the download link, and the file was accessible and downloadable. I don't know if this means that the OP was having second thoughts, but thank you very much to the OP for the file!

root crystal... i think we will attack OTA! --update 150505

I have Sharp AQUOS Crystal 306SH.
it's update by internet. cause i think, we make virtual update server, and updating Root binary.
I captured 'OTA Update' packet. but i don't know networking. cause can't analyze...
i just know a bit infomation... (capture file attached.)
First, Update server is "h ttp://dm-sharp2.redbend.com/dm".
using "Red Bend OMA-DM Client FOTA solution".
but i can't know other infomation...
cause write this thread.
help to root!
--150505 add
i'm upload new pcap file.
it's captured to updating aquos crystal. but it's not including some infomation maybe.
and i'm get some url at this pcap file.
h ttp://dl-sharp3.redbend.com:8080/VrmDLServerWEB/servlet/RequestDPServlet/DD/120318848_dp/DomainName/DEFAULT
h ttp://409f588200cd1dedd915-465d1c61f856116a191db7e16fb24e1c.r52.cf3.rackcdn.com/120318848_dp
file is 2015_04_27_195348.zip
this is not the way it will be very hard..
p.p it will be more easy if we have some one without updated phone
loonbg said:
this is not the way it will be very hard..
p.p it will be more easy if we have some one without updated phone
Click to expand...
Click to collapse
What is the sw version of the non updated phone?
acedamack said:
what is the sw version of the non updated phone?
Click to expand...
Click to collapse
s8216 10/05/2014
updated is SA300 12/11/2014
loonbg said:
s8216 10/05/2014
updated is SA300 12/11/2014
Click to expand...
Click to collapse
have a source code for 2 version, but this source code so different
WOW
That would take a while to do and that is the very hard way to do that. but thanks for trying
Source Code
I have a brand new crystal just bought it, and of course the first thing i wanna do is root. If you still need the source code mine is still original. S8216 I would love to help.
I have original to how could I help
richierich09 said:
I have a brand new crystal just bought it, and of course the first thing i wanna do is root. If you still need the source code mine is still original. S8216 I would love to help.
Click to expand...
Click to collapse
you can install https://play.google.com/store/apps/...e+box&pcampaignid=APPU_1_GCPtVKO_I4qvU_TKgOAG and show what vulnerability analysis report give you
Bluebox screencap
I also have held up on updating my Crystal in hopes of root, bought it very close to its release date because of its looks but dint bother to check if it was rooted. Would like to help as much as i can dispite the limited knowledge i have. Heres a screenshot of the bluebox results.
Mielmano said:
I also have held up on updating my Crystal in hopes of root, bought it very close to its release date because of its looks but dint bother to check if it was rooted. Would like to help as much as i can dispite the limited knowledge i have. Heres a screenshot of the bluebox results.
Click to expand...
Click to collapse
Don't Update !
s8216 10/05/2014 - have bug in Object Input Stream Serilization - CVE-2014-7911 and CVE-2014-4322 - giefroot and other is CVE-2015-1474 (but we don't have still root for this last)
updated is SA300 12/11/2014 - if some one have updated like me only hope is CVE-2015-1474 and CVE-2014-4322
hey i found somthing, i can get file from system/app or file in system without root
whynot4444 said:
hey i found somthing, i can get file from system/app or file in system without root
Click to expand...
Click to collapse
yes but you can't edit anything without root also you don't have access to data ..
loonbg said:
yes but you can't edit anything without root also you don't have access to data ..
Click to expand...
Click to collapse
no, just pull file into internal device, then copy to pc to edit, and push it again
loonbg said:
Don't Update !
s8216 10/05/2014 - have bug in Object Input Stream Serilization - CVE-2014-7911 and CVE-2014-4322 - giefroot and other is CVE-2015-1474 (but we don't have still root for this last)
updated is SA300 12/11/2014 - if some one have updated like me only hope is CVE-2015-1474 and CVE-2014-4322
Click to expand...
Click to collapse
I have tried giefroot, and posted my results, with both an un-updated and updated phone.
It fails either way.
whynot4444 said:
no, just pull file into internal device, then copy to pc to edit, and push it again
Click to expand...
Click to collapse
Not possible unless the given partition is set to RW. Without root or a custom recovery then it isn't happening.
With that said, I posted some questions over in a thread in the Q&A section. If anyone can assist let me know there or pm me.
Hes actually og t a point here, OTA is a huge flaw here even though its secured. The source file and everything should have the code to decode the OTA files correct? once we decode them we can basically recode them and use a man in the middle type deal and push the "update" to the phone and get root or maybe even custom roms.
jamer123 said:
Hes actually og t a point here, OTA is a huge flaw here even though its secured. The source file and everything should have the code to decode the OTA files correct? once we decode them we can basically recode them and use a man in the middle type deal and push the "update" to the phone and get root or maybe even custom roms.
Click to expand...
Click to collapse
The OTA isn't coded it is merely stored on to their server. This device updates itself using the download method. It first downloads a pcap file which contains all the needed info to run checks, connect to it's server, and download the required files to later patch to the system of the device while in download mode. That's why it takes so long when an update comes around for this device and the update is accepted by the end user. They won't release the actual OTA unless they have a change of heart and to be honest, they are not obligated to do so. They are obligated to release the kernel source which they already have but it won't help to grab the OTA. Having the device rooted would make it somewhat easy to redirect the download to another directory for keepings but since the device doesn't necessarily have a bootloader this is an issue. It also doesnt help that the kernel uses write protection either and that the ramdisk secures the system preventing any permanent changes. Downloading the pcap file and tampering with it may bring a solution to all of our problems but if that person has no valuable skills than it is a dead end.
---------- Post added at 12:38 AM ---------- Previous post was at 12:25 AM ----------
Personally, I despise any company that uses such methods. For the average user it's whatever, but for development purposes it's bad for business on their part when word gets out about how they operate. But since Sharp also does many other things such as building TV's then I seriously doubt it will hurt them.
It's why I stick with HTC products because they are big on supporting developer's and they typically do not make much of a fuss on the matter. Huawei is another one but the downfall with them is getting a response back since they are originally out of China.
If anyone is still focus on hacking this device I would suggest you focus on the aboot partition.
Modding.MyMind said:
If anyone is still focus on hacking this device I would suggest you focus on the aboot partition.
Click to expand...
Click to collapse
still wait to root :v, we cannot hack bootloader sharp

Root method for xt1528 once we can recover from QDL mode

Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x here.
This is an article that talks about working with the new sahara protocol the Moto E uses. The qdloader used for the moto x is an older protocol.
Good luck!
jahrule said:
Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x here.
This is an article that talks about working with the new sahara protocol the Moto E uses. The qdloader used for the moto x is an older protocol.
Good luck!
Click to expand...
Click to collapse
This will be awesome.
Sent from my XT1528 using XDA Free mobile app
jahrule said:
Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x
Click to expand...
Click to collapse
How did you get it into the QDL mode?
fire3element said:
How did you get it into the QDL mode?
Click to expand...
Click to collapse
You get into it by soft bricking your phone. But you can't get out until someone can do the procedure above. I am sure it is trivial using qfil but I run Linux solely and am not in a rush just giving a helping hand to someone here if they want to put a little effort in.
jahrule said:
You get into it by soft bricking your phone. But you can't get out until someone can do the procedure above. I am sure it is trivial using qfil but I run Linux solely and am not in a rush just giving a helping hand to someone here if they want to put a little effort in.
Click to expand...
Click to collapse
I am ready to get the ball rolling on this. This phone needs root at the least, since the bootloader is locked (thanks to Verisucks). I will PM you.
fire3element said:
I am ready to get the ball rolling on this. This phone needs root at the least, since the bootloader is locked (thanks to Verisucks). I will PM you.
Click to expand...
Click to collapse
Pm responded
How's it going?
I can help with this as well. I have my XT1528 on standby. Don't have much dev experience with Android, but I can sure try.
Unless you are willing to stare endearingly at a shiny paperweight that once was your phone, I don't think anyone can do much to help.
To sum this up for new eyes wondering where this might be headed:
Motorola (along with many of the other major phone manufacturers) have removed the ability to load QDownload mode manually. Apparently, the XT1528 along with many newer devices, is now running a new protocol for the diagnostic port. (and there is more than one way the port can be present/active, to further complicate things)
Please do not ask me to explain. I am just barely beginning to understand this stuff myself.
As of right now, the only known method to get our Verizon 2nd gen Moto E into QDL is to actually BRICK the device. At which point the phone will resort to the next level down, since it can not boot properly.
So unless you are willing to intentionally brick your phone to advance this cause... I am afraid that you can not do much.
There is also the looming risk that the device can not be recovered if the new protocols are not figured out. I am treading in uncharted waters here.
Means you or I lost a phone and the $$$ spent on it. By another one and try again.
If you are adamant about wanting to help, click on the 2 links in the OP. @jahrule has posted information that tells us with direction to go.
And if you do not understand what is going on in either article........................................ maybe it is best left alone.
Not being harsh, just safer that way. I am having to figure this stuff out as I go too.
As for progress..? None. I am not intentionally bricking my phone until I gather enough info that will lead me to the conclusion that I can recover the device.
So goes without saying. BE NICE____DO NOT PESTER
@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
---------- Post added at 08:20 PM ---------- Previous post was at 08:15 PM ----------
neo4uo said:
@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
Click to expand...
Click to collapse
@jahrule
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?
jahrule said:
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?
Click to expand...
Click to collapse
No, we are not trying to mess with the bootloader. I do not think we even could. The ideal way to go about that would be to use the XT1526 Boost Mobile bootloader and modify it to fit the XT1528. Those 2 models are about the closest in hardware of all the variants. (and I have already tried working on this in the last few months with no progress)
I do not think that would work anyways.
What we are attempting to do here is inject root into the system partition after the kernel startup. After the OS is booted, and root is in place, it should become permanent from then on. At least until you delete, install over, or wipe the device.
The issue here is, there is no way to manually put the phone into QDL mode. (as I mentioned in my post above).
Once we are in QDL, there is no known way to get it out. If the flasher tool does not see/read the phone, there will be no way to recover since we can not flash files to fix what we had to break to get there in the first place.
See the paradox now? LoL
Personally, I can not afford to throw this phone to the gutter. Simply do not have that kind of money laying around. If you can stand to throw $50 into the wind, more power to you Bro
Give it a go, but don't be careless just for the sake of wanting to try something. (speaking from experience here)
UPDATE: I think I am going to hold off on this for now. Looks like the Stagefright vulnerability is going to lead to a new ROOT exploit.
This is bad news for android, but great news for those of us that have locked down devices. Please download the Zimperium StageFright Detector app from the play store to see if you device is vulnerable.
If it is, DO NOT TAKE ANY UPDATES till we get confirmation that a new exploit will benefit us or not.
My GoPhone moto e says it is vulnerable running 5.1 stock firmware
Sent from my MotoE2(4G-LTE) using XDA Free mobile app
fire3element said:
No, we are not trying to mess with the bootloader. I do not think we even could. The ideal way to go about that would be to use the XT1526 Boost Mobile bootloader and modify it to fit the XT1528. Those 2 models are about the closest in hardware of all the variants. (and I have already tried working on this in the last few months with no progress)
I do not think that would work anyways.
Click to expand...
Click to collapse
The bootloader is the same. This will help nothing.
fire3element said:
What we are attempting to do here is inject root into the system partition after the kernel startup. After the OS is booted, and root is in place, it should become permanent from then on. At least until you delete, install over, or wipe the device.
Click to expand...
Click to collapse
What we are trying to do is use qfil or blanflash qflash to recover from QDL mode and be able to write partitions from there.
fire3element said:
The issue here is, there is no way to manually put the phone into QDL mode. (as I mentioned in my post above).
Once we are in QDL, there is no known way to get it out. If the flasher tool does not see/read the phone, there will be no way to recover since we can not flash files to fix what we had to break to get there in the first place.
Click to expand...
Click to collapse
Issue is only recovering from QDL mode which is the goal see above. Getting the phone into QDL mode is very easy.
fire3element said:
See the paradox now? LoL
Personally, I can not afford to throw this phone to the gutter. Simply do not have that kind of money laying around. If you can stand to throw $50 into the wind, more power to you Bro
Give it a go, but don't be careless just for the sake of wanting to try something. (speaking from experience here)
UPDATE: I think I am going to hold off on this for now. Looks like the Stagefright vulnerability is going to lead to a new ROOT exploit.
This is bad news for android, but great news for those of us that have locked down devices. Please download the Zimperium StageFright Detector app from the play store to see if you device is vulnerable.
If it is, DO NOT TAKE ANY UPDATES till we get confirmation that a new exploit will benefit us or not.
Click to expand...
Click to collapse
Stagefright will get one system permissions not root permissions.
neo4uo said:
@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
---------- Post added at 08:20 PM ---------- Previous post was at 08:15 PM ----------
@jahrule
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?
Click to expand...
Click to collapse
I am proposing that you read the way CrashXXL achieved root on the moto x and we do the same
jahrule said:
Stagefright will get one system permissions not root permissions.
Click to expand...
Click to collapse
Surely I am not misinterpreting what I am seeing here.
https://www.youtube.com/watch?v=PxQc5gOHnKs
Looked for a video of Josh's DefCon presentation, but could not find one. So either he has not presented yet, or no one had uploaded the vid at this time.
Here is an excerpt from the Zimperium blog:
" 2. Zimperium Research Labs (zLABS) will release a video later this week with a Stagefright RCE demonstration. Several large carriers requested that we delay the release of our working exploit. We agreed, given the gravity of the situation. Unfortunately, because the patches are open-source [1, 2], many researchers are already working on creating an exploit. We are planning to release our exploit on August 24th, 2015. However, if an exploit is publicly released or attacks are detected in the wild before that date, we will release ours for testing purposes at that time. "
and
" 6. Josh will present the full details of his research at Black Hat on August 5th or DEFCON on August 7th. We invite you to join us! "
Hopefully this is the new exploit we have all been waiting for. I know that I need to move away from my current device because of hardware issues, however I can not do that until I root this device. More info is sure to come in the next few weeks
jahrule said:
The bootloader is the same. This will help nothing..
Click to expand...
Click to collapse
I should have clarified myself. My attempt was to replace the Verizon "locked" bootloader withe the Boost "un-locked" bootloader.
Again, I do not think it will work. However, if the flasher tool will actually work with this phone, then I suppose it would not hurt to try it. If it does not work, simply flash your backup of the original BL.
Is it possible to flash 5.0.1 back after you update? or remove any update..? Hahaha I updated mine for stagefright without thinking. Diddnt know untill i checked it & found it wasnt vunarable. I know it was before.. Ugh. Carelessness on me behalf.
Hey guys, I have this phone as well as the htc desire 526 pp and they are both just laying in a drawer. I bought them when I couldn't afford a real replacement for my broken nexus 6 and now that I don't need either I would be more then willing to sacrifice mine for the sake of helping out. Plus if it works then the phone is rooted, negative if I can't use it I can free up some drawer space. Not a big loss either way as the screen is too small for my liking. Very nice phone otherwise just not enough space or screen.
So just a quick little update on this.
I purposely bricked another Moto E and was able to get it to show up in the Device Manager as QCOM_BULK (not the exact wording, I forgot) . This required me to flash a bad Bootloader to get the device to fail to turn on, thus kicking it into the fall back mode. I tried flashing all other partitions to make the phone go into the BULK mode. None worked except for the bootloader.
Could not get anywhere with it. We need some specific files to flash in order to get the device rooted or bootloader unlocked. Its not just a few files either, and they have some weird extensions.
I ended up taking the device back and getting something else. Just don't have time to keep playing with it. Someone smarter than me could probably get it done with not a whole lot of effort.
Sorry guys. I tried with my limited knowledge and skills.
Since you have abandoned this project, do you think you could PM me any/all info you have? I would like to take a stab at this.
Steve_xposed said:
Since you have abandoned this project, do you think you could PM me any/all info you have? I would like to take a stab at this.
Click to expand...
Click to collapse
I too would like to see the process, in order to enter QDL mode, I LITERALLY have no use for this phone as it is damaged but still boots and can use screen

Interesting find Possible Eng bootloader firmware?

So I have not been able to obtain this firmware but figured I'd share to see what you ladies/gents could figure out.
http://www.romup.com/search?version=G950USQU1AQCF
Also there is a thread in general discussion and questions section regarding an All_OYN_G950USQU1AQC8 firmware.
idk, seems pretty fishy to me, every I link I see is to pay to download sites for this file. You would think that there would be somewhere online where its free. Probably a bogus download.
lots of scams out there
Sent from my SM-N930F using XDA-Developers Legacy app
I actually paid for a damn firmware this morning All_OYN_G950USQU1AQC8 and received the download from sams-eng.com . Later however I found it for free. Oh well. Haha.
ait1071 said:
I actually paid for a damn firmware this morning All_OYN_G950USQU1AQC8 and received the download from sams-eng.com . Later however I found it for free. Oh well. Haha.
Click to expand...
Click to collapse
Can you link it please! Where did you find the free one?
I found the free one for the 955 and 950 i was able to find the unlock bootloader option through it not sure if it will work. Was more interested in the boot.img
Not saying it isn't a scam, but romup is actually a fairly reputable site. People posting leaked firmware all the time straight from the factory. A few other Asian sites like this one have some juicy stuff, not just for Exynos/other unlocked loader models. So don't discourage it, translate it and see what they have to say and maybe even test it. I personally don't want to take the risk with my phone but someone kinda has to. Anyways, done with my little rant.
Would this Engboot be good for snapdragon variants? I remember the S7 Edge had a locked bootloader, but you could still atleast root it
Akumai said:
Would this Engboot be good for snapdragon variants? I remember the S7 Edge had a locked bootloader, but you could still atleast root it
Click to expand...
Click to collapse
I was the one who rooted it looking into this now
br3w3r said:
I was the one who rooted it looking into this now
Click to expand...
Click to collapse
I knew I recognized that name. Couldn't remember where, it's late and my brain is toast. Good to see you in the scene here. Looking forward to what you have in store and what you find out! Good luck
br3w3r said:
I was the one who rooted it looking into this now
Click to expand...
Click to collapse
Think maybe you'll make a root thread soon? The S8 is great, and the included earphones are actually good, and I could use Viper xD
Akumai said:
Think maybe you'll make a root thread soon? The S8 is great, and the included earphones are actually good, and I could use Viper xD
Click to expand...
Click to collapse
Im working on this right now. Give me a little bit had a kid last year so im trying my best to get this done right now while i have time.
Wait so do you have a copy of that firmware? I can't obtain that one bc I have no way of paying in yuan.
Also is there a way to flash a firmware where root is natively in the firmware? I always thought we had to unlock the bootloader and root and then flash recovery. Unless it was the recovery that always tripped knox.
Hi Br3w3r,
I just wanted to say thanks and ask you a little about how you coerce these engineering firmwares to allow root mode. Do you reverse engineer it? Just curious.
Found a newer version of ODIN and enabled the grayed out buttons. Maybe it could help?
ODIN 3.12.7 with UMS and USERDATA already enabled: https://mega.nz/#F!8WxRwDwa!seZLQVSoWTrz2CJkbdxTkQ
Interesting... so if I am reading this right. Someone is trying to work on snapdragon now?
I have purchased a copy of the firmware posted by the OP, although it was bought off of a different website. This is a factory binary, that has SElinux as permissive, OEM unlock says it unlocks bootloader, etc
More Pics
STF_TimelessGoD said:
More Pics
Click to expand...
Click to collapse
Good god share this please

G955u factory binary and eng_boot (bootloader v2)--ERASED THE LINK!!

erased link sorry
What benefits does flashing this provide?
ktimque said:
What benefits does flashing this provide?
Click to expand...
Click to collapse
None yet, it's the base for getting root, once we find a way to get it to stay rooted. It's mainly for those who upgraded to the 2nd iteration of the bootloader and can't downgrade to a rootable firmware (It's been confirmed by a few to work with the new Cyborg rom, albeit without root).
As of right now, unless you know why you need it, it's best to leave it alone.
podagee said:
IF ANYONE GETS ROOT COULD YOU BE SO KIND AND POST IT HERE THANK YOU.
Click to expand...
Click to collapse
ktimque said:
What benefits does flashing this provide?
Click to expand...
Click to collapse
Well, I may have spoke too soon, you guys might want to take a look here in the Cyborg rom thread, seems they have a modified U2 bootloader they're flashing and retaining root. One member has volunteered to do a factory reset to see if it survives, but if so, v2 bootloader may now be rootable, or at least on the right track for public use.
IJoxer said:
None yet, it's the base for getting root, once we find a way to get it to stay rooted. It's mainly for those who upgraded to the 2nd iteration of the bootloader and can't downgrade to a rootable firmware (It's been confirmed by a few to work with the new Cyborg rom, albeit without root).
As of right now, unless you know why you need it, it's best to leave it alone.
Click to expand...
Click to collapse
Thanks for answering that man. Haha. That's awesome that the guys got stuff moving that quickly. I knew that they had the files also,but, held off as long as they could until I came along.
But another useful feature I've noticed in this combo firmware is that there is an open unlock option now and mine sticks after reboot. I tried build roms, kernels,etc.. in the past that ended in ultimate failure. I'd like to start again. At the moment I just cruise the foreign forums grabbing whatever software I can find. I kinda have building only the tree down, not so much, as it's been years. I used to build Linux OS's a long time ago but forgot. I'll do my own research here if it, anybody wants to teach, I'm all ears, all eyes. Aloha

Categories

Resources