Related
Hello
I am aware that there isn't any warranty at all here that anything you do won't have negative effects on your phone. I've flashed quite a few roms on phones like the oneplus one, sony xperia sp, samsung galaxy core plus, nexus 5x, lg cookie, moto defy plus,... I've had tens of soft bricks, but never anything I couldn't recover from.
Anyways, I'm sick and tired of the laggy MiFavor UI on this phone, and would like to install CM13. I've an A2016G. I've seen some EU folk have issues with Tenfar's unlocking method, having hard bricked them since they can't get into a certain (EDL?) mode.
My question is this: if I read every thread and follow every step very carefully, is there a major risk my axon 2016G turns into a 450 euro paperweight? Is there perhaps another unlock method that's 99% secure?
Thank you
Jan
Hate to be that guy, but is there no-one with some knowledge around this?
Thanks.
Controllerboy said:
Hate to be that guy, but is there no-one with some knowledge around this?
Thanks.
Click to expand...
Click to collapse
Let me be the second guy, I'm amazed no one replied...
I'm in the same predicament; do I stay stock and use a great piece of hardware with crap software, or do I dare take the plunch and be able to make the phone as it ought to be at the risk of ending up with a very expensive paperweight...
What the hell did ZTE think when developing the A2017G model. And why is there after all these month no clear answer/procedure for this model. Is it that rarely used? How come there is no solution even though the firehose files are out there?
Hope someone finds a fullproof solutions soon....
Cheerz,
/Cacti
Verstuurd vanaf mijn ZTE A2017G met Tapatalk
I have the US model and I won't use tenfar's method on the phone for which it's intended. It's a questionable method
Unlocking your bootloader and Flashing CM13 is pretty easy and I don't really think there is much risk of permanently bricking your phone. However as of right now it really isn't worth the effort. I flashed CM 13 yesterday and it ran well, but the camera wasn't working so I decided to go back to the stock software. So unless you don't need the camera I'd skip flashing for now.
lag?
Controllerboy said:
Hello
I am aware that there isn't any warranty at all here that anything you do won't have negative effects on your phone. I've flashed quite a few roms on phones like the oneplus one, sony xperia sp, samsung galaxy core plus, nexus 5x, lg cookie, moto defy plus,... I've had tens of soft bricks, but never anything I couldn't recover from.
Anyways, I'm sick and tired of the laggy MiFavor UI on this phone, and would like to install CM13. I've an A2016G. I've seen some EU folk have issues with Tenfar's unlocking method, having hard bricked them since they can't get into a certain (EDL?) mode.
My question is this: if I read every thread and follow every step very carefully, is there a major risk my axon 2016G turns into a 450 euro paperweight? Is there perhaps another unlock method that's 99% secure?
Thank you
Jan
Click to expand...
Click to collapse
ok, where is this lag? I've been using it stock since I got it after the Note 7, which was very laggy, and have failed to notice any lag.
Zero lag here as well, buttery smooth at all times. Heads and shoulders above the Note 7 that I came from in terms of responsiveness and general performance.
Sent from my ZTE A2017 using Tapatalk
jawz101 said:
I have the US model and I won't use tenfar's method on the phone for which it's intended. It's a questionable method
Click to expand...
Click to collapse
On the US model, you can get an unlocked bootloader & all the trimmings without using tenfar's tool at all, although it's a bit more of a roundabout method.
Just unlocked mine working great.
Hi,
Just thought I'd add as I'm one of those who did end up in DFU mode permanently. I have a reasonable understanding of the issue at hand and I've been one of the few who have been vocal about not calling the current method safe of us.
My suggestion if you have a A2017G is not to bother using tenfar's tool unless you're willing to RMA or make use of your warranty. I'm not in a position where I can do that, but since most are there hasn't been much interest in a solution.
I don't have the firehose itself to begin working on fixing the issue, though I do have a rough idea of how do so using the partition table for TWRP but I don't think I have the time to learn how to put it all together myself. Particularly when I'm replacing my Axon 7 with a Mi Note 2.
What is needed is an unbrick tool, ZTE have made and released them for their own devices before, why they don't do that with Axon 7 is beyond me.
rendler said:
Zero lag here as well, buttery smooth at all times. Heads and shoulders above the Note 7 that I came from in terms of responsiveness and general performance.
Sent from my ZTE A2017 using Tapatalk
Click to expand...
Click to collapse
You must be using the US or CN model, because the EU model is laggy as hell. It's by far the laggiest ROM I used on a phone with high-end specs..
keessonnema said:
You must be using the US or CN model, because the EU model is laggy as hell. It's by far the laggiest ROM I used on a phone with high-end specs..
Click to expand...
Click to collapse
Yup, using Chinese model with 128GB of storage.
Sent from my ZTE A2017 using Tapatalk
Just my 2 cents having unlocked the bootloader on my A2017G. I used tenfar's tool to backup the boot and stock recovery images and flashed the TWRP recovery and didn't run into problems fortunately. I wouldn't recommend to flash the rooted boot.img by tenfar until (hopefully) we'll have a unbrick tool for the G version.
My recommendation ----- On the G version don't mess around with the bootloader! ----- My recommendation
I've been able to unlock the bootloader on B03, reflashed stock recovery with tenfar's tool and successfully updated to B05 from the SD card.
If you want root I recommend to go the unlock bootloader - flash SuperSU 3.65 route instead of flashing the pre-rooted boot.img from tenfar with a locked bootloader as chances of things going haywire seem to be greater with the second method on the G version.
In case you have any reservations I definitely recommend to wait for a unbrick method of the G version before you try any of this. If and when such a method will come is undetermined at this point in time.
@lag of G version: Can't confirm that on B05, everything running smooth so far. There are a few graphical glitches though (stock browser displaying left side first und has sometimes trouble to show the content fullscreen.
Pull down notification bar has double lined icon text slightly cut off on the bottom once you switch to landscape mode and pull down the notification bar.
jawz101 said:
I have the US model and I won't use tenfar's method on the phone for which it's intended. It's a questionable method
Click to expand...
Click to collapse
I've seen this said a couple of times (or maybe it's just you in different threads, I don't know), but I don't understand it. By its very nature, rooting your phone is "questionable". Why is tenfar's method/tool any worse than any other method or tool? Do you have some technical insight to provide (and if so, please do so) or is it just an opinion based on nothing? I certainly don't have any issue with the latter, but I find it odd that people without any technical expertise speak as if they're an authority of some kind.
rczrider said:
I've seen this said a couple of times (or maybe it's just you in different threads, I don't know), but I don't understand it. By its very nature, rooting your phone is "questionable". Why is tenfar's method/tool any worse than any other method or tool? Do you have some technical insight to provide (and if so, please do so) or is it just an opinion based on nothing? I certainly don't have any issue with the latter, but I find it odd that people without any technical expertise speak as if they're an authority of some kind.
Click to expand...
Click to collapse
It's probably me and a few others. Ok, answer me these questions:
What does the tool specifically modify on the phone?
What is a "firehose mbn" anyway? Tenfar mentioned it is how it gains access to the phone. I don't know if that is a tool to do so or if it's a file that gets put on the phone in a more permanent chipset-level storage only meant to be altered by Qualcomm or phone manufacturers. I'm find with replacing a recovery, kernel, ROM- the boot.img or anything lower than that is closed source for a reason. Probably because it's talking directly to the hardware and code at that lower level can circumvent anything in a kernel, recovery or ROM.
Would it affect Snapdragon SmartProtect?
https://www.qualcomm.com/products/snapdragon/security/smart-protect
Why do virus scanners call it a Windows trojan if it's an Android hack?
Yes, I call it questionable because I have questions. Since the file is encrypted you can't answer those questions for me. All I can gather is everyone who has used it has basically said "I used it and it did what I wanted it to do so it must be safe."
---------- Post added at 10:20 AM ---------- Previous post was at 09:46 AM ----------
@rczrider
Here are the posts in the thread by a security expert asking questions about the method.
http://forum.xda-developers.com/search.php?searchid=430010789
Here is tenfar's response to him
http://forum.xda-developers.com/axo...r-unlokced-t3441204/post68301899#post68301899
Here's a post from him on ZTEUSA
https://community.zteusa.com/message/50425
Here's a blog post he made about it
https://blog.onedefence.com/signed-firehose-images-and-why-theyre-dangerous/?pk_campaign=zte-forums
jawz101 said:
It's probably me and a few others. Ok, answer me these questions:
What does the tool specifically modify on the phone?
What is a "firehose mbn" anyway? Tenfar mentioned it is how it gains access to the phone. I don't know if that is a tool to do so or if it's a file that gets put on the phone in a more permanent chipset-level storage only meant to be altered by Qualcomm or phone manufacturers. I'm find with replacing a recovery, kernel, ROM- the boot.img or anything lower than that is closed source for a reason. Probably because it's talking directly to the hardware and code at that lower level can circumvent anything in a kernel, recovery or ROM.
Would it affect Snapdragon SmartProtect?
https://www.qualcomm.com/products/snapdragon/security/smart-protect
Why do virus scanners call it a Windows trojan if it's an Android hack?
Yes, I call it questionable because I have questions. Since the file is encrypted you can't answer those questions for me. All I can gather is everyone who has used it has basically said "I used it and it did what I wanted it to do so it must be safe."
---------- Post added at 10:20 AM ---------- Previous post was at 09:46 AM ----------
@rczrider
Here are the posts in the thread by a security expert asking questions about the method.
http://forum.xda-developers.com/search.php?searchid=430010789
Here is tenfar's response to him
http://forum.xda-developers.com/axo...r-unlokced-t3441204/post68301899#post68301899
Here's a post from him on ZTEUSA
https://community.zteusa.com/message/50425
Here's a blog post he made about it
https://blog.onedefence.com/signed-firehose-images-and-why-theyre-dangerous/?pk_campaign=zte-forums
Click to expand...
Click to collapse
OK, It would be nice if people would inform themselves about this but unfortunately this is the state of XDA now... so here we go
- Firehose is a protocol used to communicate to the qcom chipset directly at a level lower than OS. Since there are security measures in place, in order to talk to it you need a signed firehose withe a coresponding certificate that is burned into the SBL. This is what ZTE uses to directly flash the units at factory and can also be used at repair centers. Tenfar is in possession of such a file and his flasher utilizes it to write modified boot and recovery that would otherwise be discarded by SoC's security protocols. Since it's obfuscated code to hide the firehose plus in addition uses comm libs and code that probably reads and writes other files, it is no wonder it gets flagged by AV software. I had ODIN flagged by Avast once.
- The boot.img is not closed-source, it is actually kernel and ramdisk and can be unpacked so you can see what's inside. It can be compared to stock as well and in fact that is exactly what his are, patched stock boot images. The boot image has been patched in order to allow the modified boot img with root to boot since SecureBoot is still in place due to locked bootloader. In addition is modifies SE Linux to allow root to run. And that brings us to why this tool exists in the first place. It is to allow you to bypass SecureBoot and have root and was created in the period before unlock method was provided by ZTE. It is still the only method to use on non-US model. It is a hack tool by definition and has made development on this phone move ahead way further then it would.
- The security concerns raised were more along the line of how bad it is that the signed firehose is in the wild, not so much to what tenfars tool does or how it does it. The expert even wanted the firehose to be posted on the forum(SMH), which tenfar refused since he did not wanted it to spread and hence obfuscated the code. The signed firehose would present a security vulnerability if someone came in physical contact with your phone since they could dump data or load something on it without your knowledge, as pointed out on the sec blog and other posts, but it has nothing to do with whether you use tenfars tool or not.
- Smart Protect is an API feature that the an AV app would have to use, it exists in the SoC but does nothing on it's own so is irrelevant but i figured i'd clarify it (again)
Most either understand that or don't care. This is the XDA, where we break our warranties and bypass SafetyNet in order to have different emojis Thanks to tenfars tools i have noticed that ZTE has broken the FDE on their stock builds since TWRP was able to decode /data with default password even though it shouldn't. So in my book it's a net plus, at least i know how unsafe it is now.
xtermmin said:
On the US model, you can get an unlocked bootloader & all the trimmings without using tenfar's tool at all, although it's a bit more of a roundabout method.
Click to expand...
Click to collapse
Would that be this method?
http://forum.xda-developers.com/axon-7/how-to/bootloader-unlock-t3437778/page1
And thank you @peramikic for the answer. I've been googling forever on the mbn stuff but never found much on what it exactly is save that it's a manufacturer's tool. This clears up a lot for me. My biggest concern was if an mbn was something that actually rewrites code on the chip itself. Sounds like it's just an external tool a manufacturer uses to put their image onto the phone.
jawz101 said:
Would that be this method?
http://forum.xda-developers.com/axon-7/how-to/bootloader-unlock-t3437778/page1
And thank you @peramikic for the answer. I've been googling forever on the mbn stuff but never found much on what it exactly is save that it's a manufacturer's tool. This clears up a lot for me. My biggest concern was if an mbn was something that actually rewrites code on the chip itself. Sounds like it's just an external tool a manufacturer uses to put their image onto the phone.
Click to expand...
Click to collapse
No problem. The mbn itself is just a file format. In this case it has information about emmc partitions. It is also signed with proper certificate. That let's it talk to the chip and is pretty much just a low lever read/write interface.
As far as that method linked, it will work only if you are on the B20 release, US model only. The file looks for a particular build signature as well as partition signatures so it will not flash on anything else.
peramikic said:
No problem. The mbn itself is just a file format. In this case it has information about emmc partitions. It is also signed with proper certificate. That let's it talk to the chip and is pretty much just a low lever read/write interface.
As far as that method linked, it will work only if you are on the B20 release, US model only. The file looks for a particular build signature as well as partition signatures so it will not flash on anything else.
Click to expand...
Click to collapse
Yeah. At this point I think I'm too lazy to futz with downgrading, patching, then upgrading, and all that. Probably just go with the tenfar tool then 0_o
jawz101 said:
Would that be this method?
http://forum.xda-developers.com/axon-7/how-to/bootloader-unlock-t3437778/page1
Click to expand...
Click to collapse
Yeah, I used that method because I was already on B20, and my PC runs linux so :effort: to setup a Windows VM to use tenfar's tool. Using that (ZTE's official B20_Boot) and ZTE's official B20 image, you can have an unlocked BL and be on B29 without using tenfar's tool.
tl;dr: Whatever version you're on -> B20 -> B20_Boot -> unlock BL -> B20 -> OTA to B27 -> OTA to B29 (-> flash TWRP, SuperSU, whatever)
http://security.samsungmobile.com/smrupdate.html
SVE-2016-7930: Multiple Buffer Overflow in Qualcomm Bootloader
Severity: Critical
Affected versions: Galaxy S5 with Qualcomm AP chipset
Reported on: December 20, 2016
Disclosure status: Privately disclosed.
A buffer overflow vulnerability exist in Qualcomm bootloader.
The patch prevents buffer overflow by removing the problematic source code.
Click to expand...
Click to collapse
On the samsung security blog, one of the listed patches for the march update mentions a buffer overflow vulnerability in the bootloader. This is documented proof of a vulnerability that could potentially be used to unlock the bootloader for CID11 S5's. Now, it is possible for people to just dig around in the bootloader (if anyone with the expertise is interested), or, alternatively, it is possible that the person responsible for reporting the bug might release the information. The Samsung blog lists his name as Frédéric Basse, and his blog is here: http://www.fredericb.info/ Historically, he tends to publicly release information after the vulnerability has been patched.
EDIT:
Based on the timing of some commits to the Heimdall source code, it seems very likely that the exploit involves T-Flash mode (also available in ODIN), which permits flashing firmware to an SD-card instead of the internal storage. This is corroborated by the fact that the samsung blog mentions the removal of source code that leads to the exploit. I highly suspect the next released bootloader update will not have T-Flash included. It seems likely that the bootloader does a poor job of checking the size of data (or allocates memory poorly?) before it is loaded into a memory buffer before being written to the SD-card. See below the link to the commits made by Frédéric Basse.
https://github.com/Benjamin-Dobell/Heimdall/pull/389
Nice find! Would be a good thing if it could be used to gain an unlock for cid 11
Sent from my Nexus 6 using Tapatalk
klabit87 said:
Nice find! Would be a good thing if it could be used to gain an unlock for cid 11
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
I found some more information, this might even be enough to work with (for someone with far more expertise than I).
Let's do it! I plan on keeping this phone for a while. I would love to have my cid11 fully unlocked.
I'm not that experienced with this particular architecture but an old GS5 was given to me and I'm interested in assisting. Most of my experience with development is theoretical and PC. Perhaps we should make a discord on it for more efficient communication.
Deleted.
I have subscribed to this thread in hopes that someone will be able to figure this out. I don't have any expertice in this, but since I have that stupid locked bootloader, I'm extremely interested to see if someone can figure this out. I am willing to test, if you can come up with ways in which to test and try.
Will keep an eye on this.
I have been out of the loop since I got root on 6.0 w CID 11 through a race condition bug. The problem is persisting root and integrity after reboot.
With something like this maybe bootloader unlock will solve all the problems!
If bug hunter releases a report I will take a look.
Report has been released: https://www.sstic.org/media/SSTIC20...ticle-attacking_samsung_secure_boot-basse.pdf
AptLogic said:
Report has been released: https://www.sstic.org/media/SSTIC20...ticle-attacking_samsung_secure_boot-basse.pdf
Click to expand...
Click to collapse
So AptLogic (from what i understood by reading that mumbo jumbo) is that there is hope to unlock the bootloader by using twrp which will be installed on sd card beacuse there won't be any verification done, after that it is possible to dump the internal memory and reverse engineer the bootloader and whatever is needed to hopefully unlock the bootloader on cid11 devices? (I believe it was somewhat similar for the cid15)
Can swap_root -f edit on sd pivot_root or flash back? And does %s = root or "nice" command ?
Sorry to bother you @GeTex , but do you think these would help with CID-11 and AT&T?
https://www.sstic.org/media/SSTIC20...ticle-attacking_samsung_secure_boot-basse.pdf
https://seclab.cs.ucsb.edu/media/uploads/papers/bootstomp.pdf
https://github.com/ucsb-seclab/BootStomp
Hello so I tried to install a recent Rom and I get an error like this " This package supports bootloader(s) 0xA050, 0xA052; this device has bootloader 0xA048 " Any help pointing me in the right direction (tutorials/post) on this matter. BTW I did a search on the section in this site could not find anything.
Thanks in advance
A little more info would be helpful. What model, baseband, and/or stock system version were you on before trying to flash? What ROM were you trying to flash? Just based off what little you have given you need to "upgrade" but knowing specifics allows for pointing you in the right direction.
One thing to note is that there is a lot of discussion on XDA regarding bootloader issues during a flash. Most are involved with ROMs developed for the stock MM baseband vs stock nougat and their incompatibilities. There are some caveats and limitations you need to read up on before you proceed. A Google search for your error with the word XDA should net you quite a bit of what you need to know.
Sorry about that, I am out of town for the holidays. Once I get back in town I will provide that information for you guys...sorry again and Happy Holidays !!!
muelo1000 said:
Sorry about that, I am out of town for the holidays. Once I get back in town I will provide that information for you guys...sorry again and Happy Holidays !!!
Click to expand...
Click to collapse
No problems. Enjoy and Happy Holidays to everyone.
Before anyone calls me on it, I know the reply is late.
The ROM in question is likely Optimized Lineage OS, as it has a bootloader check in its install script to prevent installs on incompatible bootloaders, i.e. the Android 7.x bootloader. The OP could have found this out for himself however just by searching the development thread for the ROM he's trying to install. As to updating the bootloader itself, unless someone has extracted the bootloaders from the official ROM updates, taking an OTA is the only way to change the bootloader. Otherwise, flashing a new bootloader using fastboot using the command "fastboot flash bootloader bootloader.img", where bootloader.img is the name of the bootloader file, should work.
New to Samsung platforms, excuse any ignorance..
Tried to source the factory image for a new-out-of-box SM-T510 with the following details:
==
T510XXU3BTFN
samsung/gta3xlwifixx/gta3xlwifi
10/QP1A.190711.020/T510XXU3BTFN
build date jun302020
buildid QP1A.190711.020.T510XXU3BTFN
Secpatch 2020-07-01
Android 10
Bootloader U3
==
If there's anything I'm missing let me know.
The usual suspects seem to list packages *later* than that reported on the device (from recovery anyway).
It hasn't yet been fully booted yet - in case there's a way to pull the factory image from recovery/download as a clean image.
I'm looking for that factory image assuming it would be needed in case my modding and experiments (as per our kind of thing) causes breakage.
I wouldn't ask if my efforts had been successful - posting is a last resort
Ta
EDIT:
Is the device ID "T510XXU3BTFN" a constant regardless of software revision/build?
Insofar as; the designator describes the platform; and all software applicable for the platform is referred to by this ID - regardless of software version/revision.
Where software is referred to by a platform designator, I assume there's no proper case where it is applicable to a different platform ID.
If I can get confirmation on this assumption it would help me narrow down exactly what I can use from what I can find on the source sites I have located.
benryanau said:
New to Samsung platforms, excuse any ignorance..
Tried to source the factory image for a new-out-of-box SM-T510 with the following details:
==
T510XXU3BTFN
samsung/gta3xlwifixx/gta3xlwifi
10/QP1A.190711.020/T510XXU3BTFN
build date jun302020
buildid QP1A.190711.020.T510XXU3BTFN
Secpatch 2020-07-01
Android 10
Bootloader U3
==
If there's anything I'm missing let me know.
The usual suspects seem to list packages *later* than that reported on the device (from recovery anyway).
It hasn't yet been fully booted yet - in case there's a way to pull the factory image from recovery/download as a clean image.
I'm looking for that factory image assuming it would be needed in case my modding and experiments (as per our kind of thing) causes breakage.
I wouldn't ask if my efforts had been successful - posting is a last resort
Ta
EDIT:
Is the device ID "T510XXU3BTFN" a constant regardless of software revision/build?
Insofar as; the designator describes the platform; and all software applicable for the platform is referred to by this ID - regardless of software version/revision.
Where software is referred to by a platform designator, I assume there's no proper case where it is applicable to a different platform ID.
If I can get confirmation on this assumption it would help me narrow down exactly what I can use from what I can find on the source sites I have located.
Click to expand...
Click to collapse
That is not the latest by far. Use frija.exe to get the latest stock ROM.
lewmur said:
That is not the latest by far. Use frija.exe to get the latest stock ROM.
Click to expand...
Click to collapse
Thanks for the response
Yes it's the as-shipped build, but before I try to work out which of the newer builds is appropriate and won't lock-out what I'm palnning to do with Ithe device..
I need (I expect so) that factory ROM as a file - to roll back to or restore if(when) I stuff something up in my next steps (TWRP/CWM, bootloader, magisk/root, rom version upgrade and/custom rom etc)
The earliest I can find seems like the latest, which isn't what I'm seeking
benryanau said:
Thanks for the response
Yes it's the as-shipped build, but before I try to work out which of the newer builds is appropriate and won't lock-out what I'm palnning to do with Ithe device..
I need (I expect so) that factory ROM as a file - to roll back to or restore if(when) I stuff something up in my next steps (TWRP/CWM, bootloader, magisk/root, rom version upgrade and/custom rom etc)
The earliest I can find seems like the latest, which isn't what I'm seeking
Click to expand...
Click to collapse
The latest is what you need to do all of the things you want. Earlier versions won't work. The only time you need an earlier version is when a new one has just come out and the devs haven't caught up with it yet. When you do, you can often find them on Sammobile.
edit: Also, if you let it, your tablet should update itself to the latest version. So if something goes wrong, the latest is what you'd need to get it back working.
Ah cheers, my concern was a new(er) release would block the ability to do some things to the device.
I kind of expected it AFAIK it's not uncommon and mostly assumed there's be issues with rollback fuses etc and stuff you can no longer do beyond version x.xx release (BL AP etc)
I might have seen reference to this being the case in the various info's I've read - basically if you want to do XYZ (multiboot, PXE, TWRP I don't know) you have to do it before a certain release.
**lwmr** I take it unlike other mfg's platforms I've worked on it's not an issue here so I can crash on ahead and it won't bite me?
edit:: I also found it strange I guess that the FW release history seems incomplete, Sammobile doesn't IIRC even list versions from around 2019 on these tabs. Unless samsung's volume of products and releases are too much to track I wonder dunno
benryanau said:
Ah cheers, my concern was a new(er) release would block the ability to do some things to the device.
I kind of expected it AFAIK it's not uncommon and mostly assumed there's be issues with rollback fuses etc and stuff you can no longer do beyond version x.xx release (BL AP etc)
I might have seen reference to this being the case in the various info's I've read - basically if you want to do XYZ (multiboot, PXE, TWRP I don't know) you have to do it before a certain release.
**lwmr** I take it unlike other mfg's platforms I've worked on it's not an issue here so I can crash on ahead and it won't bite me?
edit:: I also found it strange I guess that the FW release history seems incomplete, Sammobile doesn't IIRC even list versions from around 2019 on these tabs. Unless samsung's volume of products and releases are too much to track I wonder dunno
Click to expand...
Click to collapse
LOL, yeah, Samsung isn't like Amazon where they are constantly trying to find ways to keep you from blocking their advertising. Trying to downgrade to previous versions can be a problem, but only because of security issues. With these ROMs and recoveries, the devs attempt to keep up with the latest stock releases and will normally specify in the OP which stock ROM they are based on. So long as you aren't attempting to install an older version of a custom ROM based on Android 9 or earlier, having the latest stock version shouldn't be a problem.
(sigh) yep it's not just Amazon
Righto I got ya thanks for the info's I'll roll with that
cheers
This is a Bug bounty thread to get root on ZTE Blade A5 2019.
Thanks to ZTE this model doesn't have bootloader unlockable, so root should be made through an exploit. I'm sick of their excuses, i personally believe they were instructed by the governement to do things this way and use eula and "security" as excuse, same happened to axon 7, they said, it's because of security, and i think this is a lie (and i would say i'm not the only). Is unacceptable that experienced people that want to mod their devices can't because to unlock the bootloader you need a signed image, is unacceptable, unlocking bootloader is to flash unsigned images and you tell me that to unlock it i need a signed image from zte or the signature itself? Well i call this "lock users out of their own devices".
But returning on the root topic: I would suggest or CVE-2020-0041:https://github.com/bluefrostsecurity/CVE-2020-0041 that allowed some xperia to get root or CVE-2019-2215:https://github.com/grant-h/qu1ckr00t that has a 32bit version available here:https://forum.xda-developers.com/t/root-with-cve-2019-2215.3979341/post-80748711 another thing that could be tried is this:https://research.nccgroup.com/2022/09/02/theres-another-hole-in-your-soc-unisoc-rom-vulnerabilities/ (note that if we use this maybe would be possible to make an universal root method for unisoc getting bootrom context, but i'm not sure about that.
I also extracted kallsyms so the dev doesn't have to:https://www.mediafire.com/folder/uvde49kcna40o/ZTE_A5_2019_Stuff
Kernel Sources included since zte mirror is really slow.
N.B. Is suggested to flash an old firmware, for example Claro one has 5 January 2019 patch and because of this is vulnerable to qu1ckr00t, also it has fastboot and no updates at all.
if some dev is interested please contact (i'm not a dev so i would need one), also if people want this root to go ahead donate (I will also obliviously), you can tell how much you want to donate and after you can donate to the developer directly (these rules can be changed if the dev is trusted i guess), nb i'm not responsible for any issues, i hope won't succeed nothing badly.
I say this because i also had bad experiences.
About donations i would suggest to do those after the root process is verified to work.
I would stay fine with only a temp root
Hello, I noticed your thread while I was using my fresh script to warp pages fast. I was a person who was involved into exploiting several devices, and You can get yourself a root on this device if I put in enough time into this, Please, provide contacts so I could get in touch with you. We will discuss prices and other stuff somewhere else privately.