Root OP3T without unlocking bootloader - Automated App - OnePlus 3T Guides, News, & Discussion

ROOT w/o UNLOCKING BOOTLOADER:
Few of Qualcomm Devices have been found to have engineering mode software preinstalled on the device, which has root access. Using the same exploit root can be achieved in OP3, OP3T, OP5 and others, without unlocking the bootloader. Here is a full story: OnePlus Accidentally Pre-Installed an App that acts as a Backdoor to Root Access
The exploit was found by the user Elliot Alderson. An application has been promised by the author soon, to gain root access.
I have tested the method in OnePlus 3T and it works perfectly and passes SafetyNet check, furthermore you do not get DM-Verity error either.
Please follow the guide from here: OnePlus 3T Root w/o unlocking bootloader
Note: Do not modify system files though it won't let you, doing so will trigger Dm Verity.
Magisk Modules do not work, i,e you won't be able to use any modules.
Root and hide root works.
You will get system update but updating might kick you out of the root and you won't be able to gain access to root again.
It works on latest Oreo Beta, as you see in the screenshot.
Disclaimer: Follow the guide at your own risk, it is working fine for me, that in no way means it will work the same for you. Neither me nor the people envolved in this takes any responsibility. You and only you are responsible if anything goes wrong.
Note: I am not the developer or the person who found this exploit or root method. All credits go to them.
SCREENSHOTS ATTACHED
Update 1:
An app has been realsed by Oğuzhan Yiğit here is the link, the full credit goes to him for the same. Here is the link to the post:
Oneplus 3T Root Via App, further it installs SuperSU

This step is required every time you reboot:
adb shell
cd /data/magisk/
./magisk --mountimg xbin.img /system/xbin
magisk --post-fs
magisk --post-fs-data
magisk --service

I haven't tried doing the same, but theoretically, it shouldn't work.

[deleted]

casual_kikoo said:
...OnePlus 2...
Click to expand...
Click to collapse
That phone does not have dm-verity. That's why it works.
DOING THIS ON A ONEPLUS 3 OR NEWER WILL NOT WORK AND YOU WILL BRICK UNTIL YOU QUALCOMM UN-BRICK THE PHONE
Edit: I suggest deleting that and posting it in the OnePlus 2 section since someone will likely try it and brick.

SpasilliumNexus said:
That phone does not have dm-verity. That's why it works.
DOING THIS ON A ONEPLUS 3 OR NEWER WILL NOT WORK AND YOU WILL BRICK UNTIL YOU QUALCOMM UN-BRICK THE PHONE
Edit: I suggest deleting that and posting it in the OnePlus 2 section since someone will likely try it and brick.
Click to expand...
Click to collapse
Ok, as I thougth something else enter into account.
Thanks a lot !

As a newbie can u plz provide me the steps how to gain root access.?
Thanks in advance.

anuajayan said:
As a newbie can u plz provide me the steps how to gain root access.?
Thanks in advance.
Click to expand...
Click to collapse
Please do the necessary steps, I will assist you wherever you get stuck, you can also reach me at telegram on @apurvak

coolstoneapurva said:
Please do the necessary steps, I will assist you wherever you get stuck, you can also reach me at telegram on @apurvak
Click to expand...
Click to collapse
I don't know from where or how to start with? Please guide me accordingly..

replace hosts file
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
Code:
@~/Downloads/oneplus[20:56:04]~: adb push hosts /system/etc/hosts
adb: error: failed to copy 'hosts' to '/system/etc/hosts': remote couldn't create file: Read-only file system
hosts: 0 files pushed. 73.3 MB/s (327680 bytes in 0.004s)
trying without success
Code:
@~/Downloads/oneplus[21:00:48]~: adb remount
remount failed
and from within
Code:
@~/Downloads/oneplus[21:00:51]~: adb shell
OnePlus3T:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:su:s0
OnePlus3T:/ # mount -o rw,remount /system
'/dev/block/dm-0' is read-only
What am I doing wrong or need to do to replace my hosts file, please?

mitkko said:
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
trying without success
and from within
What am I doing wrong or need to do to replace my hosts file, please?
Click to expand...
Click to collapse
It's a good thing something is stopping you, because you shouldn't be modifying any file on the partitions. Again, dm-verity is enabled. You modifying any file directly will result in getting a corrupt error after a reboot. Use Magisk for systemless modifications.

Please write in first post if OTA will still work on next update. And if possible specify if this woks also on oxygen os open beta with Android Oreo.
That said, anyone know if possible to unlock bootloader state, without trigger the factory reset??

SpasilliumNexus said:
It's a good thing something is stopping you, because you shouldn't be modifying any file on the partitions. Again, dm-verity is enabled. You modifying any file directly will result in getting a corrupt error after a reboot. Use Magisk for systemless modifications.
Click to expand...
Click to collapse
How do I do that? Assume I have already introduced magisk to my phone.

mitkko said:
How do I do that? Assume I have already introduce magisk to my phone.
Click to expand...
Click to collapse
Isn't there a systemless host option for adblock in Magisk's settings? If so, turn it on, install AdAway, turn on systemless hosts in that, apply the adblock.

SpasilliumNexus said:
Isn't there a systemless host option for adblock in Magisk's settings? If so, turn it on, install AdAway, turn on systemless hosts in that, apply the adblock.
Click to expand...
Click to collapse
Never used it before. Is that persistent? I mean after reboot and magisk root gone will it persist? I don't need persistent root, I just want to patch hosts one time only if possible.

mitkko said:
Never used it before. Is that persistent? I mean after reboot and magisk root gone will it persist? I don't need persistent root, I just want to patch hosts one time only if possible.
Click to expand...
Click to collapse
It's not persistent. The last steps for root access in that guide needs to be done after every reboot, which is also needed for AdAway to apply the block. Applying the adblock after root doesn't need a reboot.
You're better off just doing the traditional unlock and root instead.
Hope that makes sense.

Deodexed and Patched EngineeringMode.apk for restore default Privilege
I played a little with Angela`s Root and wanted to restore the previous level of privilege. In the application there is a special button rollback changes, but it is Invisible
Code:
this.mPrivilege = this.findViewById(2131493042);
this.mPrivilege.setOnClickListener(((View$OnClickListener)this));
this.mPrivilege.setVisibility(4); //this.mPrivilege.setVisibility(View.INVISIBLE);
So I did the application deodex and patched the application, changing it to
Code:
this.mPrivilege.setVisibility(0); //this.mPrivilege.setVisibility(View.VISIBLE);
After that I changed the original application to patched
Code:
adb remount
adb push EngineeringMode_SIGNED_ALIGNED.apk /system/app/EngineeringMode/EngineeringMode.apk
And start them
Code:
adb shell am start -n com.android.engineeringmode/.qualcomm.DiagEnabled --es "code" "angela"
Result Screenshort:
After click on the button, the phone restarts and all privileges are restored

mitkko said:
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
Code:
@~/Downloads/oneplus[20:56:04]~: adb push hosts /system/etc/hosts
adb: error: failed to copy 'hosts' to '/system/etc/hosts': remote couldn't create file: Read-only file system
hosts: 0 files pushed. 73.3 MB/s (327680 bytes in 0.004s)
trying without success
Code:
@~/Downloads/oneplus[21:00:48]~: adb remount
remount failed
and from within
Code:
@~/Downloads/oneplus[21:00:51]~: adb shell
OnePlus3T:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:su:s0
OnePlus3T:/ # mount -o rw,remount /system
'/dev/block/dm-0' is read-only
What am I doing wrong or need to do to replace my hosts file, please?
Click to expand...
Click to collapse
You shouldn't make any changes to system partion doing to will render you unable to boot, as dm verity is enabled.

andQlimax said:
Please write in first post if OTA will still work on next update. And if possible specify if this woks also on oxygen os open beta with Android Oreo.
That said, anyone know if possible to unlock bootloader state, without trigger the factory reset??
Click to expand...
Click to collapse
Yes it will work on next update as system files are intact, further it works on Beta Oreo as you can see the screenshot. I will further update the post with the same.

seems not working on Android 8 /OOS 5

Related

[Q] Rooting official 2.3.5 wirelessly

Hello!
How can one root official 2.3.5 rom without connecting to usb and adb?
The goal is to install custom ICS on U8800 that has no usb port - completely broken and even not charging phone. No warranty and repair cost is close to actual phone cost. So repairing is not an option.
Wireless adb app requires root first - so it is not an option for me also.
Any help is appreciated - I need ISC because I need ipsec vpn which is npt available in gingerbread.
I am ready to test any operation you suggest - I don't fear to brick the phone, need no backups.
It's impossible. I have one USB broken u8800 and that's why I use cm7 (.32) on it.
Sent from my U8800 using Tapatalk 2
Qqqxxxzzz said:
It's impossible. I have one USB broken u8800 and that's why I use cm7 (.32) on it.
Sent from my U8800 using Tapatalk 2
Click to expand...
Click to collapse
There is nothing impossible I believe
Maybe we could find the trick - gingerbreak works on some roms - another fine exploit maybe.
I don't know - worth a try I think.
tranced1 I might have 1 possible solution for you. I've rooted my 2.3.5 some time ago and I've done a backup of boot.img.
I remember with froyo we could root it with boot.img "rooted". I bet this won't work on 2.3.5, but who knows right?
If you want to give it a try, I upload that boot.img for you.
EDIT: darn! Totally forgot you can't access bootloader directory without root & damaged usb port
Can't remember another way out... sorry
tranced1 said:
There is nothing impossible I believe
Maybe we could find the trick - gingerbreak works on some roms - another fine exploit maybe.
I don't know - worth a try I think.
Click to expand...
Click to collapse
Gingerbreak and z4root doesn't work. Only solution is build your own exploit.
Sent from my U8800 using Tapatalk 2
Is there any way to flash zip from stock recovery? I saw this root method for some samsung phones.
Does anybody know how to compile such .zip file?
tranced1 said:
Is there any way to flash zip from stock recovery? I saw this root method for some samsung phones.
Does anybody know how to compile such .zip file?
Click to expand...
Click to collapse
compiling zip is easy. Your problem is that we don't know how to sign it correctly.
Sent from my GT-P1000 using Tapatalk 2
I believe that you can use terminal emulator and zergrush exploit to root the phone.
The automatic root methods basicaly push the needed files on /data/local change permissions etc... All can be done with linux commands which are available from a terminal emulator. So I don't think that you need the usb cable to root the device. You can try investigate the runme.bat file from doomlord's root method and give the commands manually after you have put the files from files directory on sdcard.
dancer_69 said:
I believe that you can use terminal emulator and zergrush exploit to root the phone.
The automatic root methods basicaly push the needed files on /data/local change permissions etc... All can be done with linux commands which are available from a terminal emulator. So I don't think that you need the usb cable to root the device. You can try investigate the runme.bat file from doomlord's root method and give the commands manually after you have put the files from files directory on sdcard.
Click to expand...
Click to collapse
adb can access the phone as root user - from terminal file system is read-only, so even first step permission denied
Yes, you have right about that.
But, check this thread:
http://forum.xda-developers.com/showthread.php?t=1716068
the last post.
EDIT:
After reading the discription on first post of gingerbreak, I had another Idea.
Seems that gingerbreak uses sd card to temporary store the necessary for root files. So, maybe you can replace these files(and especially the exploit) whith those of doomlord's root app, before you press the root button, so to use the working zergrush exploit.
This is the B528 root bat script:
http://pastebin.ca/raw/2163499
@adb wait-for-device
@echo --- DEVICE FOUND
@echo --- reboot to bootloader
@adb reboot-bootloader
@echo --- flash the rooted bootimage
@fastboot boot boot.img
@echo --- reboot to nomal mode
@fastboot reboot
@echo --- wait for adb connect
@adb wait-for-device
@echo --- DEVICE FOUND
@adb remount -t yaffs2 /dev/block/mtdblock3 /system
Click to expand...
Click to collapse
You're problem is in red... you have to flash the exploited boot image. The rest is just installing busybox, su and SuperUser.apk.
You have the stock recovery which allows you to flash .zip files, but they have to be signed correctly and I don't think that's possible.
VuDuCuRSe said:
This is the B528 root bat script:
http://pastebin.ca/raw/2163499
You're problem is in red... you have to flash the exploited boot image. The rest is just installing busybox, su and SuperUser.apk.
You have the stock recovery which allows you to flash .zip files, but they have to be signed correctly and I don't think that's possible.
Click to expand...
Click to collapse
To boot a different boot image, you have to use USB, atleast on fastboot.
dancer_69 said:
Yes, you have right about that.
But, check this thread:
http://forum.xda-developers.com/showthread.php?t=1716068
the last post.
EDIT:
After reading the discription on first post of gingerbreak, I had another Idea.
Seems that gingerbreak uses sd card to temporary store the necessary for root files. So, maybe you can replace these files(and especially the exploit) whith those of doomlord's root app, before you press the root button, so to use the working zergrush exploit.
Click to expand...
Click to collapse
Thanks for clues but seems there is no way - I cant execute exploit via ssh - permission denied I cant even chmod it.
Gingerbreak completely not working - no files created on sdcard.
Ι didn't find any other way on net. There are several discussions for this problem but not a solution. I think that the only way is to do it for an app. You can contact with the creator of gingerbreak or z4root to ask for it. Also I'll try to make an app myself, but my android developing knowledge is very basic, so don't count too much on this. If I have some kind of success I'll contact you via PM.
EDIT:
Try this mod, and if you are lucky...
dancer_69 said:
Ι didn't find any other way on net. There are several discussions for this problem but not a solution. I think that the only way is to do it for an app. You can contact with the creator of gingerbreak or z4root to ask for it. Also I'll try to make an app myself, but my android developing knowledge is very basic, so don't count too much on this. If I have some kind of success I'll contact you via PM.
EDIT:
Try this mod, and if you are lucky...
Click to expand...
Click to collapse
No I am obviously not the lucky one
My android development knowledge is zero, so if you can run zergRush from executable area it will be a very good start.
And I want to thank everybody for your support.
So, it doesn't work?
I just updated the file, so give it another try.
Also, check if you have logcat and usb debuging enabled(is needed for other methods, so maybe needed here too)
dancer_69 said:
So, it doesn't work?
I just updated the file, so give it another try.
Also, check if you have logcat and usb debuging enabled(is needed for other methods, so maybe needed here too)
Click to expand...
Click to collapse
Logcat: Cannot copy boomsh. : Permission Denied
I will revert to first beta now - and will test if it will work
I suppose this logat message is for z4root fail. Unfortunately I don't know what boomsh is. I just decompiled the apk and replaced the exploit, busybox, superuser, and su files with these from doomlord's root files directory.
So, easy solution didn't work. If I have something else I'll let you know.
EDIT:
I get some info about "cannot copy boomsh"
The exploit creates this file when run. This message appears when this file already exists and needed to be deleted from /data/local/tmp.
I checked z4root-mod on my device(which is already rooted and with ICS custom rom), and I get this message too.
The problem is that this file doesn't exist on my device, so I cannot delete it.
---------- Post added at 04:16 PM ---------- Previous post was at 03:17 PM ----------
I read on a forum that these apps(as z4root) run better after a fresh boot. So, install the latest apk(has newer files), reboot the device and run z4root again.
z4root is a froyo root exploit (I think) and seems "dead" for a long time.
Check Chainfire's Gingerbreak: http://forum.xda-developers.com/showthread.php?t=1044765

[GUIDE] |ROOT + Tethering + MORE| Moto X ver. 4.4.4 for XT1060 and XT1058 (VZW/AT&T)

[GUIDE] |ROOT + Tethering + MORE| Moto X ver. 4.4.4 for XT1060 and XT1058 (VZW/AT&T)
Moto X Root for AT&T/VZW [KXA21.12-L1.26]
This is a rewrite of instructions found HERE by CrashXXL. This will get you PERMANENT[meaning it will not disappear after reboot, but will die if you reflash or upgrade, etc] root on your 4.4.4 AT&T/VZW [KXA21.12-L1.26] Moto X. This will NOT disable system write protection or unlock your bootloader, etc.
The following steps were used by me on Ubuntu 15.04 to root my XT1060 from Verizon:
0. Reinstall your stock rom from HERE you will want the firmware that matches your current 4.4.4 KXA21.12-L1.26 firmware. If you are unsure how to do this HERE is a guide. [NOTE: If you skip this step and you are on 4.4.4 from an OTA then you will be stuck on the M Logo and will have to do this step and all the other steps over]
1. Make sure you have the necessary applications:
Code:
sudo apt-get install android-tools-fastboot python python-serial unrar
2. Download your _Root_<Your phone carrier>_KXA21.12-L1.26_Stock.rar from HERE
3.
-- a) Extract the files
-- b) From the terminal cd into the directory of the extracted files.
-- c) Put your phone into fastboot mode [reboot holding the power and volume down button]
4. Type [NOTE/WARNING: This will softbrick your phone. Which is completely fine if the steps are all followed]:
Code:
sudo fastboot flash sbl2 sbl2.mbn
sudo fastboot reboot
Your phone will have a black screen, but will be in QCOM Emergency mode. You can type in lsusb to confirm this.
5. Type:
Code:
python qdloadRoot.py MPRG8960.bin -ptf _root/partitions.txt
This will take a good 5-15mins. Make sure you are plugged into power and this step is not interrupted. Once this is done your phone will reboot and start up and you will see that SuperSu is installed.
Congrats you have root
NOTE: Read on to the next posts for more info and resources.
Xposed Install
The original post can be found HERE by Sabissimo.
Assuming the above steps were followed and you now have root. Do the following:
1. Download THIS for AT&T XT1058 or THIS for VZW XT1060
2. Extract the file as in step 3 above
3. Run the same commands from step 4 above.
5. Type:
Code:
python qdloadXposed.py MPRG8960.bin -ptf _root/partitions.txt
Be patient for a few minutes. Your phone will reboot.
6. Install 2.6.1 or 2.7.1 of Xposed from their SITE and install as normal.
Congrats you now have root and Xposed that will survive reboots
Thanks to @Nicene Nerd he put together a nice set of scripts to make custom packages to add/remove packages from system images. Check it out here!
Make a tutorial how to pack new applications onto the system AdAway etc.
-- Tutorial to bake in new apps. Thanks Sabissimo. I might rewrite this in the future to make it easier. If anyone follows that guide and would like to write please let me know and we can share files here.
Flash the same way you do the above.
This is for the xt1060.
Here are a list of addition flashables after you have root/xposed
Download:
This will change your /system/etc/hosts file to point to /data/data/hosts. Change this setting in AdAway and be ad free
Adaway_hosts_Root_4.4.4_VZW_KXA21.12-L1.26.zip
This has the buildprop edited for entitlement bypass (tether check) and has all stagefright options set to false. This also has the CF.lumen driver installed (look on playstore great app):
CF.lumenPLUS_Root_4.4.4_VZW_KXA21.12-L1.26.zip
jahrule said:
3. Go further and make our own system images.
Click to expand...
Click to collapse
If you are interested in MoFo, I first need someone to help me make the "pre-rooted" image. It must be in ext4 format. I have an XT1060 Dev Ed that is rooted. According to maiko1,
maiko1 said:
Simplest way is to make the system block device readable by everyone (chmod 644), and then adb pull the block device to your computer.
For example on the turbo via adb shell as root:
Code:
# ls -l /dev/block/bootdevice/by-name
lrwxrwxrwx root root 1970-01-09 20:49 system -> /dev/block/mmcblk0p39
# chmod 644 /dev/block/mmcblk0p39
Then pull it with adb:
Code:
$ adb pull /dev/block/mmcblk0p39 system.img
Click to expand...
Click to collapse
I tried that but I get the error
remote object '/dev/block/mmcblk0p39' not a file or directory
Now, I am not your most experienced adb user so I may have been doing something wrong. What I did was start an adb shell while my XT1060 was running in Android. Then I typed:
su # ls -l /dev/block/bootdevice/by-name
lrwxrwxrwx root root 1970-01-09 20:49 system -> /dev/block/mmcblk0p39
then
# chmod 644 /dev/block/mmcblk0p39
But when I went to pull it I got that error above. I just noticed that SuperSu had silently denied root to the adb shell. Not sure how to stop that.
Also, if I can get this to work, then I could put AdAway, Busy Box, etc. on my XT1060 and pull the image and it should be flashable with mofo.
Finally
I will follow this guide and then post results! I wanna root in my XT058 from long time ago!
Alexdream said:
I will follow this guide and then post results! I wanna root in my XT058 from long time ago!
Click to expand...
Click to collapse
If you need help. Just ask, but it is quite simple.
Don't forget to hit thanks!
JulesJam said:
If you are interested in MoFo, I first need someone to help me make the "pre-rooted" image. It must be in ext4 format. I have an XT1060 Dev Ed that is rooted. According to maiko1,
I tried that but I get the error
remote object '/dev/block/mmcblk0p39' not a file or directory
Now, I am not your most experienced adb user so I may have been doing something wrong. What I did was start an adb shell while my XT1060 was running in Android. Then I typed:
su # ls -l /dev/block/bootdevice/by-name
lrwxrwxrwx root root 1970-01-09 20:49 system -> /dev/block/mmcblk0p39
then
# chmod 644 /dev/block/mmcblk0p39
But when I went to pull it I got that error above. I just noticed that SuperSu had silently denied root to the adb shell. Not sure how to stop that.
Also, if I can get this to work, then I could put AdAway, Busy Box, etc. on my XT1060 and pull the image and it should be flashable with mofo.
Click to expand...
Click to collapse
Looks like you are trying to dd from a partition that does not exist. We can take this offline as it is off topic from this thread.
jahrule said:
Looks like you are trying to dd from a partition that does not exist. We can take this offline as it is off topic from this thread.
Click to expand...
Click to collapse
/dev/block/mmcblk0p39 exists - I can see it in ES File Explorer.
Bottom line is this - I have an XT1060 Dev Ed unlocked and rooted and was trying to help those of you who have unlockable XT1060's to be able to use MoFo. I don't need it for my XT1060 and it looks like you all have another option, although I am not sure how good of an option it is.
If someone wants to enlist my help, I would be willing to help but the ball in your court.
Does anyone has succesfully rooted Moto X1060 (VZW) using this tutorial?
JoseLoarca97 said:
Does anyone has succesfully rooted Moto X1060 (VZW) using this tutorial?
Click to expand...
Click to collapse
Other than me? You can check the original thread. Many other people have done it there.
I can root successful my XT1058 following this guide. Thank you so much! Finally I have xposed and GravityBox.
Post 3 updated with guide to bake in new system applications!
Where should I get the files in step 1 of the root process?
abuttino said:
Where should I get the files in step 1 of the root process?
Click to expand...
Click to collapse
The links are all in post 1. The first step are the packages you need. In my case I was running Ubuntu. If you are running Windows. The you can check the linked original thread and try to do it like that.
I tried it the Windows way and everything went very smoothly. Thanks.
I just don't have the experience to run Ubuntu yet. Been running Windows since v3
Sent from my XT1060 using Tapatalk
Thx! @jahrule
Any chance we can modify it so it will work for the XT1052?
dagoban said:
Thx! @jahrule
Any chance we can modify it so it will work for the XT1052?
Click to expand...
Click to collapse
I think the xt1052 is Europe version and can have the bootloader unlocked. It is then trivia to root.
jahrule said:
I think the xt1052 is Europe version and can have the bootloader unlocked. It is then trivia to root.
Click to expand...
Click to collapse
Yep, 1052 is the Europe one. I have 2 lying around here, for one the BL is unlockable, but the other one has an error and the moto page says that device is not unlockable even thou its a xt1052.
So I would really appreciate something for the xt1052
Thx again!
And let me know if you need any files from the xt1052 partitions / sbfs
dagoban said:
Yep, 1052 is the Europe one. I have 2 lying around here, for one the BL is unlockable, but the other one has an error and the moto page says that device is not unlockable even thou its a xt1052.
So I would really appreciate something for the xt1052
Thx again!
And let me know if you need any files from the xt1052 partitions / sbfs
Click to expand...
Click to collapse
If it shows error try the US support site instead of the one in your country.. Worked for me

Newest KingRoot works on xt1028

I have just rooted my 4.4.4 Xt1028 using KingRoot v 4.5.0 it's not permanent and I can't get xposed to install because of the ro system, My main phone is an xt1028 that was unlocked with sunshine on 4.4.3. However sunshine doesn't support the 4.4.4 so Im at a loss on what to do next. Any suggestions?
Indeed, I've stumbled upon the same thing!
Root goes away after a reboot, but enough to run TitaniumBackup, or a few other apps that want root in order to read the file system.
This is identical to the prior PIE exploit that worked up to 4.4.2 I wonder if there is a way to package this stuff from KingRoot in order not to waste time running it so obviously after each reboot ...
http://forum.xda-developers.com/moto-x/orig-development/root-4-4-x-pie-motorola-devices-t2771623
i got a 2013 Moto G Vzw prepaid that i got back when they were $24.95
been waiting to see if it can be rooted or unlocked to get CM installed or something
i turned it on today, tried the activation bypass and i was able to get into the OS
( pressing next, pull down noticication, then multitask and swype away)
(this device is on KK 4.4.4)
i was able to install and run kingroot 4.5.0 and it gave me some error, BUT it worked successfully anyways....
i can confirm root with titanium and terminal etc...
i have yet to restart it, but my purpose of this is to use it as a gopro remote, or playing ingress or some type of home automation
this should get my by until something else is found
The root is temporary whether or not you reboot. After a while, root stops working and sometimes makes your phone unstable. Everything may start to crash and you'd have to reboot your phone.
Teet1 said:
The root is temporary whether or not you reboot. After a while, root stops working and sometimes makes your phone unstable. Everything may start to crash and you'd have to reboot your phone.
Click to expand...
Click to collapse
This is true, I've seen it too.
What is interesting is that root checker claims that there is /system/xbin/su present by Kingroot. But /system is always read only. ES explorer appears to create files in /system, but if you quit and re-launch, there are no files there.
From shell, I tried to quickly replace KingRoot with SuperSu :
http://forum.xda-developers.com/fire-phone/general/root-fire-phone-supersu-t3105546
This did not work since in shell it claims that the file system is read only.
I wonder how Kingroot manages to maintain the illusion of /system/xbin/su for a while.
There could be a way to authorize SuperSu with Kingroot, and keep the temporary root all the way until a reboot.
I would be so happy to have xposed frameworks at least maybe busybox. my main phone is an xt1028 unlocked but my brothers was already on 4.4.4 that's why I'm so excited about this progress
bibikalka said:
This is true, I've seen it too.
What is interesting is that root checker claims that there is /system/xbin/su present by Kingroot. But /system is always read only. ES explorer appears to create files in /system, but if you quit and re-launch, there are no files there.
From shell, I tried to quickly replace KingRoot with SuperSu :
http://forum.xda-developers.com/fire-phone/general/root-fire-phone-supersu-t3105546
This did not work since in shell it claims that the file system is read only.
I wonder how Kingroot manages to maintain the illusion of /system/xbin/su for a while.
There could be a way to authorize SuperSu with Kingroot, and keep the temporary root all the way until a reboot.
Click to expand...
Click to collapse
If it manages to write into /system, perhaps we can exploit KingRoot to do some more in depth stuff?
Teet1 said:
If it manages to write into /system, perhaps we can exploit KingRoot to do some more in depth stuff?
Click to expand...
Click to collapse
It does not write into /system, it just fools the OS for a short while that somehow "su" was placed into /system/xbin . That's the strange thing about it!
bibikalka said:
It does not write into /system, it just fools the OS for a short while that somehow "su" was placed into /system/xbin . That's the strange thing about it!
Click to expand...
Click to collapse
I read it uses an exploit on the system to gain root or temproot. Maybe we can do the same?

How to block ads without root

Since this is a vanilla android phone, the only real modification I wanted was to change the hosts file to block ads. Turns out you can do that without rooting your phone, but you DO need an unlocked bootloader.
After you're unlocked, you'll need the TWRP recovery image:
http://forum.xda-developers.com/nex...recovery-twrp-2-8-7-0-touch-recovery-t3230471
and the flashable hosts file:
http://forum.xda-developers.com/showthread.php?t=1916098
Reboot into the factory bootloader, then into TWRP:
Code:
fastboot boot twrp-2.8.7.0-bullhead.img
Start ADB Sideload in TWRP and push the flashable hosts file:
Code:
adb sideload MoaAB_ADBlocking_12October2015_R4.zip
Reboot, DON'T install superuser when prompted, and you're done! You'll still have the factory recovery, but you will get the device is corrupt message since this changes the system.
There may be an easier way to do this, but just wanted to put it out there if there's anyone else looking to do the same thing.
I seem to lose adb access when I am in TWRP, do I type "adb sideload MoaAB_ADBlocking_12October2015_R4.zip" in the command prompt on my computer or is there a way to type this within TWRP?
The command prompt. I've had driver issues with adb in recovery on some computers, check in device manager and see if it shows up. You may have to update the driver (right click on the phone in device manager) and manually select adb. Not at my computer, so I can't give specific steps, sorry.
Sent from my Nexus 5X using Tapatalk
Yup you were right, driver issues, fixing right now, thanks!
If you use the Amazon app, it will be broken with MoaAB, unless it was fixed.
Seems to work fine, so they must have updated the list.
Sent from my Nexus 5X using Tapatalk
thanks for posting this , will try it soon!
Can I load this if I am on unlocked bl, unencrypted, and rooted?
Yup, then you can just flash it in TWRP. Or use an app like AdAway.
Sent from my Nexus 5X using Tapatalk
Can anyone tell me if flashing this host file will prevent future OTA's from installing successfully?
If so, would saving the original host file as a backup and pushing that back via ADB allow the OTAs?
Thanks!
I can't tell you for sure, but it's certainly a possibility. Having a backup is always a good idea, but there is a flashable stock hosts file in the same thread as the ad blocking file.
Personally, I'll probably just flash the factory system.img when it's time for an update.
Sent from my Nexus 5X using Tapatalk
Rbrowser is a good alternative, if you'd prefer to keep everything stock for updates. Does an excellent job at blocking ads, and very Chrome like.
As an avid flasher and owner of all the Nexus this is the first time I'm trying to go non-root and I was able to find any alternative for ad blocking. I'd recommend you install AdGuard, it blocks websites and apps but it redirects the traffic through its vpn server so Google battery stats will determine it's eating all the juice. This however is simply not true, after extensive use I can still do 3-4hrs SOT, so give it a shot if you want ad blocking non-root.
Since AdAway always did a great job for me, I made a script that grabs all the same sources and builds a single hosts file to push to the phone. You'll need Linux or another UNIX to run it though.
http://www.jimsrandomcrap.com/2015/12/12/ad-blocking-without-root-on-the-nexus-5x/
wow you are the best
beavis9k said:
Since AdAway always did a great job for me, I made a script that grabs all the same sources and builds a single hosts file to push to the phone. You'll need Linux or another UNIX to run it though.
Click to expand...
Click to collapse
:good:
No problem; I'm glad other people find it useful. Maybe I should make a post for it in the development section.
@beavis9k: I followed your tutorial and I was able to push the hosts file to my phone but ads still do not get blocked.
Should there be some kind of a response after applying the "adb shell chmod 644 /system/etc/hosts" command?
If I open the hosts file the only entry is "127.0.0.1 localhost::1 localhost". I guess that isn't correct and the script is not able to grab the sources when I run it.
UPDATE: Solved it. There was a problem with cygwin running the script.
Norlam said:
@beavis9k: I followed your tutorial and I was able to push the hosts file to my phone but ads still do not get blocked.
Should there be some kind of a response after applying the "adb shell chmod 644 /system/etc/hosts" command?
If I open the hosts file the only entry is "127.0.0.1 localhost::1 localhost". I guess that isn't correct and the script is not able to grab the sources when I run it.
UPDATE: Solved it. There was a problem with cygwin running the script.
Click to expand...
Click to collapse
Ahhh... thanks for letting me know. I never did try it under cygwin. I figured it would just work. If the generated hosts file only has localhost in it, I would guess that wget isn't installed with cygwin.
Yeah that was the problem. I forgot the check the "wget" package during the installation of cygwin
After installing the package the hosts file was working as it should :good:

Xposed for Fire HD 8 (6th) 2016

Edit: confirmed method from post #4 worked
Now we have root, time for xposed.
I tried flash xposed framework zip with FireFlash, it stuck at blank screen.
I tried xposed installer, it said wrong platform.
Any other ideas?
2ig2ag said:
Now we have root, time for xposed.
I tried flash xposed framework zip with FireFlash, it stuck at blank screen.
I tried xposed installer, it said wrong platform.
Any other ideas?
Click to expand...
Click to collapse
I'm new to android, can't help
sit and wait
I have been trying to get xposed working since I acquired root. I believe there is a mismatch between the processor and installed os. The CPU identifies itself as a 64-bit (aarch64) but there is no app_process64 in this OS. I tried touching the file and running the installer but that just soft bricked my tablet. Looking at the spec sheet it seems this CPU does not support 64-bit. The normal 32-bit Arm installer gave me the same results. May be time to ask @rovo89 for some advice.
I have managed to get Xposed working on my Kindle. I will lay out the steps I followed. I used the installer from this thread: https://forum.xda-developers.com/xposed/material-design-xposed-installer-t3137758. I installed the "exposed-v87-sdk22-arm64" framework. At this point I received an error about /system/bin/app_process64 being missing. This will be important later. I restarted the tablet and ended up at the Fire boot screen. I plugged the tablet into my computer and tried to adb. I was able to adb and su. I went into /system/bin/ to see what was amiss based on the previous error. I noticed Xposed created a couple files ending with "_xposed" in this directory. I also noticed I had a file named "app_process64_xposed" in this directory. This is when the previous error clicked. I never had a file named "app_process64" on my tablet. The installer should not have created this file.
I fixed this error by running these commands in adb:
1. 'su'
2. 'mount -w -o remount /system'
3. 'rm /system/bin/app_process64_xposed'
4. 'reboot'
Crossed my fingers and waited for tablet to reboot. Got the typical updating system partition screen and waited 10 mins. Xposed was activated and working. Success.
Hope this helps some of you get this working. I would suggest deleting the "app_process64_xposed" file after you run the Xposed installer but before you reboot.
can someone tell what is xposed to me
從我的iPhone使用Tapatalk Pro 發送
How you guys rooted it ? on 5.3.2.1 - I yet to get the root. Please guide.
phpbb88 said:
can someone tell what is xposed to me
從我的iPhone使用Tapatalk Pro 發送
Click to expand...
Click to collapse
Its a framework that allows people to change their android rom to have features it normally wouldn't. Kinda like cydia on ios
phpbb88 said:
can someone tell what is xposed to me
從我的iPhone使用Tapatalk Pro 發送
Click to expand...
Click to collapse
It's when you walk up to a really cute girl and you flash/expose yourself to her and run away.
Exposed framework is like an underlying interface to tweak just about everything in the android UI. It's behavior. Things like the battery, or order in the status bar, etc etc.
* and a lot...LOT more
nbc12 said:
Its a framework that allows people to change their android rom to have features it normally wouldn't. Kinda like cydia on ios
Click to expand...
Click to collapse
smokejumper76 said:
It's when you walk up to a really cute girl and you flash/expose yourself to her and run away.
Exposed framework is like an underlying interface to tweak just about everything in the android UI. It's behavior. Things like the battery, or order in the status bar, etc etc.
* and a lot...LOT more
Click to expand...
Click to collapse
I understood immediately when @nbc12 said its like cydia on iOS. lol
Thanks!
phpbb88 said:
I understood immediately when @nbc12 said its like cydia on iOS. lol
Thanks!
Click to expand...
Click to collapse
right on, yeah you should def. install it and play with it. I haven't yet on this device, but it is very very cool.
smokejumper76 said:
right on, yeah you should def. install it and play with it. I haven't yet on this device, but it is very very cool.
Click to expand...
Click to collapse
will try when I have time to play with my device
but I expect Custom ROMs on fire hd the most important
coltxL2717 said:
I have managed to get Xposed working on my Kindle. I will lay out the steps I followed. I used the installer from this thread: https://forum.xda-developers.com/xposed/material-design-xposed-installer-t3137758. I installed the "exposed-v87-sdk22-arm64" framework. At this point I received an error about /system/bin/app_process64 being missing. This will be important later. I restarted the tablet and ended up at the Fire boot screen. I plugged the tablet into my computer and tried to adb. I was able to adb and su. I went into /system/bin/ to see what was amiss based on the previous error. I noticed Xposed created a couple files ending with "_xposed" in this directory. I also noticed I had a file named "app_process64_xposed" in this directory. This is when the previous error clicked. I never had a file named "app_process64" on my tablet. The installer should not have created this file.
I fixed this error by running these commands in adb:
1. 'su'
2. 'mount -w -o remount /system'
3. 'rm /system/bin/app_process64_xposed'
4. 'reboot'
Crossed my fingers and waited for tablet to reboot. Got the typical updating system partition screen and waited 10 mins. Xposed was activated and working. Success.
Hope this helps some of you get this working. I would suggest deleting the "app_process64_xposed" file after you run the Xposed installer but before you reboot.
Click to expand...
Click to collapse
i have the same problem but when i try to mount system i get permission denied, system is read only, although im rooted cant mount system?? any help appreciated
ahac85 said:
i have the same problem but when i try to mount system i get permission denied, system is read only, although im rooted cant mount system?? any help appreciated
Click to expand...
Click to collapse
did the shell change from $ to # after you typed 'su'?
if not, have you grant access to adb shell?
Code:
C:\adb>adb shell
[email protected]:/ $ su
[email protected]:/ # mount -w -o remount /system
[email protected]:/ #
phpbb88 said:
did the shell change from $ to # after you typed 'su'?
if not, have you grant access to adb shell?
Click to expand...
Click to collapse
Hi i had to use kingoroot pc for root access again then the above commands worked. Even though i was fully rooted and had SuperSu installed.
Edit: I think I may have changed SuperSu permissions to "prompt" instead of "grant", which is why it was being denied?
Anyway its all working... Sucess!!
ahac85 said:
Hi i had to use kingoroot pc for root access again then the above commands worked. Even though i was fully rooted and had SuperSu installed.
Edit: I think I may have changed SuperSu permissions to "prompt" instead of "grant", which is why it was being denied?
Anyway its all working... Sucess!!
Click to expand...
Click to collapse
Glad you got it worked out.
@coltxL2717 which version of the xposed installer did you use?
I downloaded the dvdandroid_26_11_1 and fail to install
@phpbb88, that is the installer I used. The script will error but the framework is still being installed.
coltxL2717 said:
@phpbb88, that is the installer I used. The script will error but the framework is still being installed.
Click to expand...
Click to collapse
I cannot install that apk by using file explorer, keep telling me installation failed....
edit: its working now, thanks!
I had the same issue as @ahac85. The kingoroot method he mentioned worked for me as well. You guys find any good/cool xposed modules that worked?
I was wondering if I changed my supersu gettings from grant to prompt would mess anything up? So far I haven't touched it, but would like the normal pop-up prompt that happens when su is requested. And if it doesn't work, that is just weird.

Categories

Resources