OK3: any modifications at all possible? - AT&T Samsung Galaxy S 4 Q&A, Help & Troubleshootin

Hello,
A few months ago, I was able to successfully root my AT&T S4 (SGH-I337, builld LRX22C.I337UCSGOK3) using KingRoot. The KNOX warranty bit was not set at the conclusion of the root process.
After wrestling with storage problems, including the "system memory" taking up 6.29 GB out of the meager 16 GB that is on this phone (preventing practically any Google Play updates from occurring, as the available space would always dip below 500 MB periodically), as well as performance problems (very long delays for some touch events and a general resentment of TouchWiz), I decided that enough was enough, and I decided to change my ROM/OS out for LineageOS.
LineageOS offers builds for jfltexx, which is reported to work for jflteatt since they are similar enough. I am not really willing to try "older" builds, as one of my goals is also to bring the security of the operating system up to date, so I am not exactly inclined to go for old CyanogenMod builds. The LineageOS install guide stipulates that I install TWRP to successfully install the OS via a supported recovery; however, the message SECURE MAGICCODE FAIL: recovery appears, as the upgrade process seems to be expecting something signed by Samsung (right?). Other guides warn that the stock recovery only allows stock OS installation and not custom operating systems, so I decided not to try that route. This effectively prevents me from installing LineageOS due to a problem that is inherent in OK3.
Why did I make the mistake to install OK3? More than a year ago, I decided to do the final update that AT&T pushed out for this phone. Thinking that it would be something significant, I went for it, only to find out months later that it was a minor update whose purpose was also to add an additional lock to the bootloader. As this phone is "fairly old" (is 2013 already considered ancient times?), I have not found many guides that cover OK3, and those that do pertain to either rooting the S4 (already done) or something about downgrading (but I can't really do that, seemingly due to the OK3 lock-in). Oops.
That said, is there any hope to bring more life out of my phone, or is it time to throw the phone out and buy a Pixel or related product like any typical consumerist would do? My goal is to move to another OS to end the storage problems and other quirks of this phone that I have grown to deplore; that is all I wish to attain.
The phone is relatively reliable: it had ~1200 hours of uptime before I had to reboot it a few days ago to fix a data connectivity problem. The battery is also very manageable and can last a day and a half in regular use, but it can last 2-3 days under maximum power-saving mode.
I have read the rules and done some research on this forum, among some others. Thank you for your assistance.

Upgrading the phone to 4.3 locked the boot loader which prevents the installation of TWRP.

audit13 said:
Upgrading the phone to 4.3 locked the boot loader which prevents the installation of TWRP.
Click to expand...
Click to collapse
I see; so I was already screwed when I had OK2?

oldmud0 said:
I see; so I was already screwed when I had OK2?
Click to expand...
Click to collapse
Yes, anything past MDL has the bootloader flaw patched. MDL firmware and below have a flaw in the bootloader that allows loki doki to be installed bypassing the bootloader lock so you can install TWRP recovery and custom AOSP ROMs.
Since you're on OK3, you're forced to use safe strap recovery and can only install custom touchwiz ROMs like golden eye and albe95.
If you want to read up on the MDL bootloader, I have written a guide here: https://forum.xda-developers.com/galaxy-s4-att/general/how-to-one-guide-to-mdl-bootloader-t3584122

My wish is to escape TouchWiz, so I suppose I have hit a dead end.
Thank you for your help anyway.

oldmud0 said:
My wish is to escape TouchWiz, so I suppose I have hit a dead end.
Thank you for your help anyway.
Click to expand...
Click to collapse
If you want away from touch wiz, I think there's a Google play edition ROM for the galaxy s4 that you can use with OK3, but I am not too sure. I would just check the galaxy s4 ROM section for it. I'm on the MDL bootloader which allows me to use TWRP, so I don't know too much about safe strap recovery.

Even if one wanted to do a TouchWiz-based ROM, I don't think we on OK2/OK3 even have the option to install SafeStrap, so far as I can gather
Hold the phone, I think I've found something. Evidently we can Odin back down to NB1 and go from there! Experiments, here we come.

Yes, NB1 is as far back you can go I believe without bricking your phone.

Related

Backing up the Atrix and OTA Bootloaders...

Hi Gent's, I have some holes in my Atrix knowledge, that with all the recent developments and new members/devs I'm sure would be helpful for all to discuss and clear up.
The problem is as follows.
How can I, and others, backup their Atrix in safe secure manner that allows us to take advantage of, and remain flexible, for both future updates, either XDA member created, or OTA(which could mess with things, for example blocking our bootloader unlock for those who OTA and haven't unlocked yet, thereby denying them further future flashing freed-up fun roms).
I know we need to backup and save the PDS partition if we want security in flashing the roms regarding touchscreen and device issues, but some things need to be spelled out. First things first, my understanding is a month ago we didn't have a fully functioning CWM, we had tenfar's CWM bootstrap, which was limited in function. I heard something about borked backup/recovery with it, so I played things safe, didn't touch it. Now a couple weeks ago tenfar put out a new version that supports the Atrix post-unlocked bootloader, which allows for greater functionality in CWM. What I need to figure out guys, is what's the protocol for backing up the PDS, making a safe backup of the ENTIRE phone, and then the safe way for wiping the cache's, (IDK which one's, I don't want to trash my touchscreen lower half like some people did?), followed by the currently established procedures for switching from rom to rom.
This is all compounded by the problem that either yesterday or today a new (bootstrap?) item was given Atrix compatibility by the almighty Koush, something called ROM Manager. Should I use this instead of CWM, or should I wait. I'm fine with TiBu for apps and data, but I need to be sure I have everything necessary to restore the phone if necessary because of a bootlooping new rom for example, because I've heard too many nightmare stories about people so far, granted some members have done some stupid stuff, but I think it would be helpful if some of the recent developments in Atrix Backup/Restore could be explained by someone omnipotent in this area.
I'm thinking the correct options are, get Tenfars latest CWM, which REQUIRES bootloader bashing, followed by a Nandroid(?) backup in CWM, then wipe data cache, and dalvik cache, and any other cache's?(IDK!) After the wiping, then install new rom zip from CWM as usual, correct?
The problem with the procedure above, is I think Tenfars latest CWM requires pudding, which presents me and probably others with the following dilemma. I'm assuming, because of Motorola's past history, that when the ATT GB update OTA's, they are going to try to f**k with our current implementation of pudding bootloader unlock, for those who aren't unlocked yet, just how they closed up root with every past update for example. These guys are security nuts, read a post of mine I made last month, they definitely read our forum, at least the Nvidia Tegra guys I've confirmed to. Now I may be wrong, and they may not able to implement this, but I don't want to confuse you guys, I know that those who are unlocked will stay unlocked, but what if they refuse you guys OTA GB official because they check for unlocked BL? That's why me, and I'm sure others haven't unlocked yet. I plan on waiting for the OTA to pop up, pressing install later for 3-4 days denying the update, and checking XDA feverishly to see if those who install the OTA can use CWM, root, Unlock bootloaders, etc. If they lock up the new official GB OTA, then I'll just hit install later one last time, unlock bootloader, and pop in one of the many roms raining down from the sky.
Also this isn't so much a question, as it's a discussion, because I feel like I can't be the only one with these information gaps. If someone can add to the collective knowledge, it will help all of us
/on an unrelated closing note, since it's raining roms, has anyone tried Cherryblur 1.1a, AND Quickrom V1 (7/18), AND Kpenn's GB Beta 4 AND Ninja V 0.4.2 Alpha, AND Dorains Redpill? I'm curious if anyone has been crazy enough or has had the chance to try all of the latest and greatest, I'm sure one of those is more stable than the others, they are all based off of a hodgepodge of unofficial development builds, ha, one's a French 2.3.4 even? Not mention we were goofing around with HKTW earlier, which is MT870 not even Olympus!!! That surely cannot run with much real stablity....
Hi,
Once there is an official OTA for GB, it can be captured and saved. It's a simple edit to remove references to any bootloader. Then it can be flashed using CWM.
Cheers!
Excellent!
Spoken from NF...HIMSELF! Thank you, I was waiting to bite the unlock bullet but I forgot we always steal stuff and repackage it for flashy-goodness.
However, I guess I should just use ROM manager and do a complete NANDROID backup? Does that capture the all important PDS? And by the way, it would seem, that if you stick to legit packages and ROMs and flash with CWM and deal with data the right way, its difficult to brick it would seem?
Dalvik and Clear User Data right, or is there more....
Once again thanks NF, since your such a talented dev for atrix, are you working on cooking a rom?

Rooting and OTA updates

I am looking into rooting my Nexus S so I can install an ICS ROM. This is my first time rooting so got a question.
How will OTA updates work for me? Will the ICS update just work or will I have to in root to get the official OTA update?
Sry if this has been asked before couldn't find a clear answer.
Sent from my Nexus S using XDA App
Don't do OTAs. Any update released by Google or your manufacturer will be released here, rooted, within hours.
If you take an OTA you will lose root and could even find your phone locked again (as unlikely as that is with the NS, better safe than sorry. Ask the EVO users who took the GB OTA )
Sent from my Nexus S 4G using Tapatalk
Rooting requires flashing custom recovery
OTA requires stock recovery to work properly
So if your phone has custom recovery the OTA will not work.
Alright, thanks alot for the quick responses guys.
Sent from my Nexus S using XDA App
Once the ota is downloaded.....
* Put the zip on sdcard
* Reboot into custom recovery
* Manually flash it
* Directly after that, in the same recovery session, flash latest superuser zip
* Wipe cache
* Reboot
I run stock, so i'll add my two cents into this conversations. A few key points:
OTA's will NOT lock the boot loader
OTA's will work with CWM installed (The OTA will however remove CWM and needs to be manually applied)
OTA's will remove root access (the permissions on the binary get changed)
I have never seen an OTA on XDA that was pre-rooted. i have seen ROM packages that incorporate the OTA that are pre-rooted (installing these usually means a wipe of the device is needed)
if you replace the ROM on the phone, you will not get OTA updated. you must remain mostly stock to obtain them.
Custom kernels or custom google apps on stock roms will cause the OTA update to fail, however you will notified that the update is available.
I hope this answers your questions.
Good points.
What i do in order to maintain the full software (removing system apps, any system changes) is change the permissions of whatever i dont want to "000"
This will allow the verifying of OTA to flash.
snandlal said:
Good points.
What i do in order to maintain the full software (removing system apps, any system changes) is change the permissions of whatever i dont want to "000"
This will allow the verifying of OTA to flash.
Click to expand...
Click to collapse
This does not always work, such as installing the "Black" version of gmail over top the original, the world-wide version of navigation or using market enabler to change the prop.build file. any of these changes will cause the OTA signature to fail.
Though if you are simply removing a system app, then yes, that would work well.
Also to be noted and this just occurred to me, if the OTA is a full ROM version, then the signature won't matter and it will just install. For ICS, this is what i'm expecting.
I'm on the fence about rooting. I know there are advantages like custom ROMs and added features, but I'm somewhat of a newb at this. While the instructions (for the Mac) seem simple enough, I always feel like something inevitably goes wrong or there's some variable I've either overlooked or don't understand that screws things up.
I definitely don't want to brick my phone.
I don't even know what I'm asking in my post, but I guess... what are some advantages of rooting? And if I root, is it fully reversible?
I'm also confused by some of the terminology. What is clockwork recovery? Is that a sort of ROM? I keep seeing that phrase every time I read instructions. Likewise, what's a bootloader? What's fastboot? Also, what's a kernel?
And after I root (as you can see, I am really tempted to), what happens next? How do I choose which ROM works for me? Is it a matter of flashing them and trying each of them out?
I'm afraid of entering the world of root, but I want to. Advice? Does it matter what baseband, or kernel or build number I have?
I'm on Android 2.3.6
Matridom said:
I run stock, so i'll add my two cents into this conversations. A few key points:
OTA's will NOT lock the boot loader
I hope this answers your questions.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1145056
I know it's not likely, particularly with this phone, but it can happen. I maintain that if you're going to go through the process of unlocking your phone and putting a rooted ROM on it that you might as well wait for a modified OTA ROM to get posted by a trusted dev before just installing what the carrier hands out to you.
I guess maybe I should have said "re-lock"?
onthecouchagain said:
I'm on the fence about rooting. I know there are advantages like custom ROMs and added features, but I'm somewhat of a newb at this. While the instructions (for the Mac) seem simple enough, I always feel like something inevitably goes wrong or there's some variable I've either overlooked or don't understand that screws things up.
I definitely don't want to brick my phone.
I don't even know what I'm asking in my post, but I guess... what are some advantages of rooting? And if I root, is it fully reversible?
I'm also confused by some of the terminology. What is clockwork recovery? Is that a sort of ROM? I keep seeing that phrase every time I read instructions. Likewise, what's a bootloader? What's fastboot? Also, what's a kernel?
And after I root (as you can see, I am really tempted to), what happens next? How do I choose which ROM works for me? Is it a matter of flashing them and trying each of them out?
I'm afraid of entering the world of root, but I want to. Advice? Does it matter what baseband, or kernel or build number I have?
I'm on Android 2.3.6
Click to expand...
Click to collapse
OK, let's clear a few things up here.
CWM or ClockWorkMod is a custom recover that can be installed on the phones. This step is needed because the default recovery on the nexus does not allow for updates to be installed that are unsigned. CWM does, so it's a necessary step to installing the SU binary (aka root your phone) or installing custom ROMs
The bootloader is the basic system on your phone that reacts to the power on and hands over operations to Android. The equivalent in the PC world would be a BIOS.
fastboot is a utility that is provided by google that allows you to send commands to the bootloader and direct it's operations. It's needed to unlock the bootloader (so you can replace parts of it.. like recovery with CWM)
Interestingly enough, you can boot your phone to a custom recovery WITHOUT replacing your existing stock recovery by using fastboot.
Rooting your phone is simply installing and providing the proper rights to the SU binary to allow you to have full administrative rights to the phone, the superuser application is almost always bundled with it as it allows for a form of control as to what applications can use root access. Rooting your phone allows you to install some very interesting application, most popular are titanium backup (let's you back up app data and restore them after a reset) and removing advertising (adfree/adaway or it's like) Root can also be used by some applications that allow you to "cheat" at games.
rooting your phone is reversable, though not always the easiest to do. With the stock ROMS, it's fairly easy, you just re-apply the latest OTA and it will kill Root access on your device.
When it comes to custom ROMs the vast majority come pre-rooted to save you the hassel of doing it yourself.
On other phones where the bootloader remains locked, you have to use an exploit to gain root access, this then allows you to modify the OS and install custom roms and CWM while keeping the bootloader locked. Since the Nexus line can be unlocked, it's not needed.
Please note, root access is NOT required to install a custom ROM.
---------- Post added at 02:02 PM ---------- Previous post was at 01:56 PM ----------
MaxCarnage said:
http://forum.xda-developers.com/showthread.php?t=1145056
I know it's not likely, particularly with this phone, but it can happen. I maintain that if you're going to go through the process of unlocking your phone and putting a rooted ROM on it that you might as well wait for a modified OTA ROM to get posted by a trusted dev before just installing what the carrier hands out to you.
I guess maybe I should have said "re-lock"?
Click to expand...
Click to collapse
That's a link to a non-nexus phone. The question here is in regards to the nexus device and i believe my statement stands 100% true. Since it's a self proclaimed "newby" asking questions, i don't want to confuse the post with un-needed and non-relevant information.
Matridom, wow thanks. That clarifies a few things.
So, you say root access isn't required to flash custom ROMs? Let's say for example, I want to flash an ICS ROM, or even a ROM that allows me to have Backlight Notifications?
I don't need root? If I don't need root, how do I flash those ROMs?
Matridom said:
That's a link to a non-nexus phone. The question here is in regards to the nexus device and i believe my statement stands 100% true. Since it's a self proclaimed "newby" asking questions, i don't want to confuse the post with un-needed and non-relevant information.
Click to expand...
Click to collapse
I'm not sure why it's so invalid to advise that he wait for someone to post an OTA that has been vetted for those of us who have unlocked our phones; I respect your opinion (even if you clearly don't mine), but your statement that I am providing "un-needed" and "non-relevant" information is a bit harsh.
The fact of the matter is that Sprint has had at least one OTA released (for the EVO 4G) that re-locked bootloaders and caused a lot of consternation for people who took the OTA on their unlocked phones and found themselves waiting months for a new exploit to be found. Those who waited had a rooted version of the OTA available on the forums very quickly, so if those who took the OTA had just waited they wouldn't have been stuck.
tl;dr: If you went to the trouble of unlocking your phone in the first place I don't see why you would rush to take an un-vetted update OTA.
MaxCarnage said:
I'm not sure why it's so invalid to advise that he wait for someone to post an OTA that has been vetted for those of us who have unlocked our phones; I respect your opinion (even if you clearly don't mine), but your statement that I am providing "un-needed" and "non-relevant" information is a bit harsh.
The fact of the matter is that Sprint has had at least one OTA released (for the EVO 4G) that re-locked bootloaders and caused a lot of consternation for people who took the OTA on their unlocked phones and found themselves waiting months for a new exploit to be found. Those who waited had a rooted version of the OTA available on the forums very quickly, so if those who took the OTA had just waited they wouldn't have been stuck.
tl;dr: If you went to the trouble of unlocking your phone in the first place I don't see why you would rush to take an un-vetted update OTA.
Click to expand...
Click to collapse
The key here is that SPRINT released an OTA for a SPRINT branded device. This has zero relevance to updates provided by Google for Nexus devices.
MaxCarnage said:
I'm not sure why it's so invalid to advise that he wait for someone to post an OTA that has been vetted for those of us who have unlocked our phones; I respect your opinion (even if you clearly don't mine), but your statement that I am providing "un-needed" and "non-relevant" information is a bit harsh.
The fact of the matter is that Sprint has had at least OTA released (for the EVO 4G) that re-locked bootloaders and caused a lot of consternation for people who took the OTA on their unlocked phones and found themselves waiting months for a new exploit to be found. Those who waited had a rooted version of the OTA available on the forums very quickly, so if those who took the OTA had just waited they wouldn't have been stuck.
tl;dr: If you went to the trouble of unlocking your phone in the first place I don't see why you would rush to take an un-vetted update OTA.
Click to expand...
Click to collapse
The issue at heart here is that fact that the OTA for the nexus line of phones comes straight from google and are not "tweaked" in any way by the carriers. (exception nexus 4g has additional applications required for CDMA support)
One of the selling features of the nexus phones is the fact that unlocking the bootloader is officially supported.
In regards to other phones getting their bootloader locked, I've experienced first hand the pains of that, having a galaxy S and the 2.3 installing a new bootloader and really screwing things up for me. In those cases, i agree with you whole heartily and to wait for pre-cracked roms that can be installed.
My question to you would be to please show an example of a nexus S getting it's booloader locked due to an OTA update as that is the phone we are discussing.
---------- Post added at 02:49 PM ---------- Previous post was at 02:47 PM ----------
onthecouchagain said:
Matridom, wow thanks. That clarifies a few things.
So, you say root access isn't required to flash custom ROMs? Let's say for example, I want to flash an ICS ROM, or even a ROM that allows me to have Backlight Notifications?
I don't need root? If I don't need root, how do I flash those ROMs?
Click to expand...
Click to collapse
All you would need to do is to unlock the bootloader, install CWM, then apply the .zip associated with the ROM you wish to install. I would however carefully read the installation instructions for the rom as in some cases, it might be a multi-step process (such as going from a 2.2 rom to a 2.3).
Many ROMS also do not come with the google apps and secondary zip file needs to be applied to get those running (cyanogenMod does this)
I wanted to add, that the process of unlocking your bootloader will erase EVERYTHING on the phone, including the SDcard partition. So make sure you back up anything of importance.
Matridom said:
My question to you would be to please show an example of a nexus S getting it's booloader locked due to an OTA update as that is the phone we are discussing.
Click to expand...
Click to collapse
I can't provide an example because, as I have already stated, this was a precautionary suggestion only.
I'm not going to get into a debate with you over this; I've made my point and you've made yours. Thanks.
Matridom said:
This does not always work, such as installing the "Black" version of gmail over top the original, the world-wide version of navigation or using market enabler to change the prop.build file. any of these changes will cause the OTA signature to fail.
Though if you are simply removing a system app, then yes, that would work well.
Also to be noted and this just occurred to me, if the OTA is a full ROM version, then the signature won't matter and it will just install. For ICS, this is what i'm expecting.
Click to expand...
Click to collapse
Good point again but the trick is to put your apps in /system/framework
Along with framework-res.apk.
This will add a dex file to /data/dalvik-cache, which is needed for saving upon reboot
Does flashing another radio that's different from your original radio impact the ability to apply an OTA?
suksit said:
Rooting requires flashing custom recovery
OTA requires stock recovery to work properly
So if your phone has custom recovery the OTA will not work.
Click to expand...
Click to collapse
Rooting doesn't require flashing custom recovery.
iboj007 said:
Does flashing another radio that's different from your original radio impact the ability to apply an OTA?
Click to expand...
Click to collapse
No. It doesnt

Would it be plausible to use JTAG to rewrite an unlocked firmware?

I know that the Verizon bootloader is almost impenetrable as is, but would it be plausible to completely go over the head of the firmware and directly write an image with JTAG that would allow for custom software? If so, would it be possible to use the firmware from another carrier like USC or would it have to be a custom image?
EDIT: summary of the method and everything I have thusfar discovered
So, this method after a bit of evolution, got to the point it basically entailed the following: Using the SD Card debrick method (popularized by the galaxy s3 LTE variants) a modified firmware image would be written to an SD Card, and the phone would boot from that image. The main problem I ran into: it would not let me flash anything that could brick the phone, nor was I able to pull the usb cord at the right moment and try and manually brick it. I was able to flash firmware and stock tars from other variants of the phone (such as the one that runs on T-mobile), but what I found out through that is a couple things:
1. The stock tars seem mostly carrier independent, and I was without any modification able to flash a T-mobile bootloader, system image, and pit file, but within recovery and download mode it would show that because of integrated CSC, it would still change back to the original variant. This could have implications for a very simple method of removing bloat from the phone, but I'm not so sure
2. It must have a very low level method of injecting information and file verification that is not located anywhere on eMMC
The latter led me to research a TON, eventually finding that the most likely culprit is the use of Qualcomm Qfuses, non-volatile pre-set memory located directly on the SoC, to check how the bootloader is signed. They consist of a couple blocks of registers, and definitely aren't readily writable. The trusted base of the entire secure system, the same system that KNOX invokes on other systems, is within a series of Qfuses. From what I have deduced, however, they must be at some software level writable, as although the Knox counter is an e-fuse, the others (such as the warrantee bit) have been both changed upon their void and reverted when brought back to a service center. This must mean that the entire block is possible to modify in both directions, unlike a fuse or breaker; It seems to act more like flash memory than a "fuse." This is very good, mainly because if the service center can change it it means that jtag has not been disabled by those flags, and is enabled in at least some form. What this also means is that without another MAJOR exploit within unfortunately simple, clean code or a leak of several RSA keys from verizon, either current workarounds such as safestrap are the answer for the foreseeable future, or a method of manually changing a simgle Qfuse (the one that controls the "Qualcomm Secureboot" flag) could be used.
What I'm hopefully going to start at some point here is research into finding a way of accessing and changing that Qfuse via JTAG. I have no money for a JTAG box at the moment, so it'll have to wait, but if anyone who already has one wants to use it, hopefully this info helps
P.S. I figured out exactly what T-flash does in odin: it flashes the files that you input into odin to the currently inserted SD Card (or so it seems, I could be wrong but that's what it did for me)
P.P.S. Verizon, I respectfully request that...oh never mind, profanity is definitely frowned upon here
Also, I'm in ongoing discussion with the FCC as to block C violations by Verizon of aspects of the regulations that upon research have not really been argued to any substantial extent, so if that comes to fruition hopefully there'll be simple ODIN flashable patches for this stuff :fingers-crossed:
UPON REFLECTION: if the phone could be bricked, either by very subtly corrupted file or by interrupting a flash at the right moment, then could the debrick image from a tmobile galaxy s5 with an unlocked bootloader be used as not a method of flashing the on-board bootloader but as a kind of external boot, so a permenantly installed SD Card that would be permissive of modified kernels and such but still accepted as a boot device by the phone?
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
tr4nqui1i7y said:
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
Click to expand...
Click to collapse
what was done with the droix x? Did they use a direct JTAG patch?
I just realized something. From reading here: http://forum.gsmhosting.com/vbb/f200/how-fix-samsung-galaxy-s5-sm-g900f-dead-boot-1813266/
It seems to show that the S5 has a "alternative boot upon init fault" method similar to that that allows the galaxy s3 debrick to work (I have a guide I made with details) so would it be possible to somehow corrupt a very important part of the bootloader in an official update (would one or two bits still mess with the signature?), apply that, and have an insecure bootloader on a microsd card in the phone allowing it to boot into that, then use that with odin to flash an insecure bootloader to the s5 itself?
Now I have to ask an interesting question somewhere (since he: http://forum.xda-developers.com/verizon-galaxy-s5/help/g900v-hard-brick-t2914847 seems to have done it): "guys how do I brick my sm-g900v?"
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
tr4nqui1i7y said:
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
Click to expand...
Click to collapse
I think it might actually be easier
So long as a couple conditions are met for it:
1. The bootloader alone determines if an image is "signed" or not (like when flashed in odin)
2. The same UnBrick exploit from the S3 LTE variants works in some form (secondary storage, fault-triggered boot)
3. It is possible to get it to load a modified bootloader from that secondary boot (this is why number 1 is important)
4. KNOX is completely firmware based, and doesn't have any chip based verification
5. I or someone else actually knows how to modify the bootloader such that it will allow unsigned images (even if not removing it all together, then changing the key to one they publicize so people can sign their rom with it)
If all of these are met, then we might actually have free root! Basically all it would involve would be bricking the device badly enough it boots from secondary storage, have that secondary boot have a "back door" that allows a custom image to be flashed, that allows a bootloader image to be flashed that allows for a signed recovery (signed with that publicly available code) to be flashed without having to deal with safestrap or anything like that. Just full root like on any other phone. Anyone want to offer an opinion? Will this work? I would love to try this out, though I'm a bit unwilling to offer my s5 as a sacrifice just yet as I don't have a JTAG unit on site. I know the bounty is probs gone but I'm ok just getting my bootloader unlocked an' $#*+
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
tr4nqui1i7y said:
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Click to expand...
Click to collapse
Have you found anything yet?
dreamwave said:
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
Click to expand...
Click to collapse
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
dreamwave said:
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
Click to expand...
Click to collapse
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
that's why I'm hoping the debrick image method will work
tr4nqui1i7y said:
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
Click to expand...
Click to collapse
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom. Also, safestrap didn't do a thing with the bootloader, it was done during kernel init, right after firmware finishes. If a phone is hard bricked then adb won't work, and what I'm getting at is hard bricking it then using the debrick image thing
dreamwave said:
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom
Click to expand...
Click to collapse
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Click to expand...
Click to collapse
I don't know, I got it to go back to when root was still possible to get via an app. I don't see why there's a need to downgrade the bootloader if the debrick image thing works
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
Click to expand...
Click to collapse
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
dreamwave said:
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
Click to expand...
Click to collapse
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
tr4nqui1i7y said:
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
Click to expand...
Click to collapse
but that has already been done I think, root on a system with any bootloader so long as a root exploit exists for the OS
That's safestrap. It doesn't allow custom kernels or a full custom recovery though, that's why I'm trying to modify the bootloader

Need a little confirmation....

Hi all,
It's been a few yrs since I've flashed a phone (the last being my SGS1 variant) and I'm very out of practice. That being said, I just need a little help in understanding how to flash my SGS4. So far, I've had this phone for yrs and I would've jumped to custom roms as I did normally but there was the whole KNOX debacle and I didn't want to do anything to damage my phone - while within warranty. I've been out of the loop for awhile, so I need a little help in my choices here.
My phone is still running on it's original software (that's right, I completely haven't updated in yrs), so it's a 4.2.2 and the build is I9505XXUBM4 (pre-KNOX). If I am going to root, I was thinking that I should use the method from this thread: [GT-I9505 + GT-I9505G] CF-Auto-Root. Would I be right in using this method or is there something better?
Secondly, I've only ever used CWM. I'm assuming the recovery to use currently is TWRP since I've seen it brought up in a good number of threads. Can I make a nandroid with TWRP the same way it was done with CWM or do I need to find another way to backup my data?
Lastly, this is the rom I'm leaning towards; [JDCTeam][6.0.1][9 July] The Android Open Source Project MOB30M. Could I just flash this on top of my stock or do I have to update first and then flash this?
TIA for your responses.
Oniyuri said:
Hi all,
It's been a few yrs since I've flashed a phone (the last being my SGS1 variant) and I'm very out of practice. That being said, I just need a little help in understanding how to flash my SGS4. So far, I've had this phone for yrs and I would've jumped to custom roms as I did normally but there was the whole KNOX debacle and I didn't want to do anything to damage my phone - while within warranty. I've been out of the loop for awhile, so I need a little help in my choices here.
My phone is still running on it's original software (that's right, I completely haven't updated in yrs), so it's a 4.2.2 and the build is I9505XXUBM4 (pre-KNOX). If I am going to root, I was thinking that I should use the method from this thread: [GT-I9505 + GT-I9505G] CF-Auto-Root. Would I be right in using this method or is there something better?
Secondly, I've only ever used CWM. I'm assuming the recovery to use currently is TWRP since I've seen it brought up in a good number of threads. Can I make a nandroid with TWRP the same way it was done with CWM or do I need to find another way to backup my data?
Lastly, this is the rom I'm leaning towards; [JDCTeam][6.0.1][9 July] The Android Open Source Project MOB30M. Could I just flash this on top of my stock or do I have to update first and then flash this?
TIA for your responses.
Click to expand...
Click to collapse
For first you MUST update your phone, if you have root, update with odin on the latest firmware version and then flash flash recovery(cwm, twrp, philz) and flash the rom, because firmware request of the rom is android lollipop stock. Try cyanogenmod 13 nighty for this smartphone
Alessandro's said:
For first you MUST update your phone, if you have root, update with odin on the latest firmware version and then flash flash recovery(cwm, twrp, philz) and flash the rom, because firmware request of the rom is android lollipop stock. Try cyanogenmod 13 nighty for this smartphone
Click to expand...
Click to collapse
Ok, so after I root the phone, can I go straight onto CM13 or do I still have to get lollipop first and then flash CM?
I'm still trying to avoid getting KNOX on the phone.
Oniyuri said:
Ok, so after I root the phone, can I go straight onto CM13 or do I still have to get lollipop first and then flash CM?
I'm still trying to avoid getting KNOX on the phone.
Click to expand...
Click to collapse
Then you install lollipop stock, make root , flash recovery and then flash cm13
Oniyuri said:
Ok, so after I root the phone, can I go straight onto CM13 or do I still have to get lollipop first and then flash CM?
I'm still trying to avoid getting KNOX on the phone.
Click to expand...
Click to collapse
Knox does matter once you're on a custom ROM.
Most content creators recommend to use the latest modem and bootloader in order to avoid problems.
You don't necessarily have to update the whole ROM to have the newest modem and bootloader, there are Odin flashable packages.
I don't know if CF-Auto-Root works with 4.2. I know it works for 4.4 and above.
As long as you do your wipes (this means system, data, cache, dalvik) you can flash anything over anything.
Yes, you can do nandroid backups, but TWRP and CWM backups are not compatible with each other. Also, TWRP has a problem with TouchWiz backups, meaning you can make and restore a TouchWiz backup, but it either won't boot or will give you lots of errors.
GDReaper said:
Knox does matter once you're on a custom ROM.
Most content creators recommend to use the latest modem and bootloader in order to avoid problems.
You don't necessarily have to update the whole ROM to have the newest modem and bootloader, there are Odin flashable packages.
I don't know if CF-Auto-Root works with 4.2. I know it works for 4.4 and above.
As long as you do your wipes (this means system, data, cache, dalvik) you can flash anything over anything.
Yes, you can do nandroid backups, but TWRP and CWM backups are not compatible with each other. Also, TWRP has a problem with TouchWiz backups, meaning you can make and restore a TouchWiz backup, but it either won't boot or will give you lots of errors.
Click to expand...
Click to collapse
Ok, so is there a way that I could at least get to lollipop w/o getting KNOX and have a nandroid that would work or should I just OTA all the way up to current and then root and flash?
Oniyuri said:
Ok, so is there a way that I could at least get to lollipop w/o getting KNOX and have a nandroid that would work or should I just OTA all the way up to current and then root and flash?
Click to expand...
Click to collapse
Why are you so obsessed with Knox? I just told you that it won't be an issue on custom ROMs. There is no knox on custom ROMs. Knox is a Samsung thing. So, unless you plan on staying stock, there is no reason to be concerned about it. Even if you stay stock, there still is no reason to be afraid of it, it's just some security crap, and it won't affect you in any way. Why are you so afraid of it?
My device came with Knox pre-installed and it didn't do jack.
Just update if you want to update or flash a recovery (flashing custom ROMs doesn't require root, just a custom recovery) and flash your desired ROM.
GDReaper said:
Why are you so obsessed with Knox? I just told you that it won't be an issue on custom ROMs. There is no knox on custom ROMs. Knox is a Samsung thing. So, unless you plan on staying stock, there is no reason to be concerned about it. Even if you stay stock, there still is no reason to be afraid of it, it's just some security crap, and it won't affect you in any way. Why are you so afraid of it?
My device came with Knox pre-installed and it didn't do jack.
Just update if you want to update or flash a recovery (flashing custom ROMs doesn't require root, just a custom recovery) and flash your desired ROM.
Click to expand...
Click to collapse
Well, I've been out of the loop for a while (the last time I was active was circa late 2013/ early 2014), but I do remember there was a lot of concern regarding warranty and the flags. I do admit that there was a lot of speculation from losing a section of memory from tripping the flag to actually burning the motherboard. I originally decided to wait until the dust settled but life took over and I ended up only sporadically checking the forums before disappearing for long periods of time. I actually don't know what the end of the story is to be honest.
Oniyuri said:
Well, I've been out of the loop for a while (the last time I was active was circa late 2013/ early 2014), but I do remember there was a lot of concern regarding warranty and the flags. I do admit that there was a lot of speculation from losing a section of memory from tripping the flag to actually burning the motherboard. I originally decided to wait until the dust settled but life took over and I ended up only sporadically checking the forums before disappearing for long periods of time. I actually don't know what the end of the story is to be honest.
Click to expand...
Click to collapse
The only concern is about the warranty. Since your phone is some years old, I doubt that is an issue for you anymore.
By losing memory you mean losing data or actually losing storage space?
Either way, I haven't heard of anyone with such a problem around here.
Nor about somebody with a fried motherboard.
There might have been some unfortunate cases, but this is to be expected when you modify your device. There always is a risk of damage, it doesn't matter if it's by rooting or by flashing a ROM.
I meant lose storage. As I understood it, KNOX worked like a container and once the flag was tripped, you'd lose whatever it contained - as in never being able to access that bit ever again.
Oniyuri said:
I meant lose storage. As I understood it, KNOX worked like a container and once the flag was tripped, you'd lose whatever it contained - as in never being able to access that bit ever again.
Click to expand...
Click to collapse
You have to use the knox app first for that to even be considered a risk.
Knox will not put anything in that container without user input.
GDReaper said:
You have to use the knox app first for that to even be considered a risk.
Knox will not put anything in that container without user input.
Click to expand...
Click to collapse
Ok, so to get the steps straight:
1. I'd need to get a lollipop bootloader & modem
2. root + nandroid (CWM) + titanium for app data (non-system app data)
3. change recovery to TWRP
4. flash rom + gapps
....and then I should be ready to go, correct?
Oniyuri said:
Ok, so to get the steps straight:
1. I'd need to get a lollipop bootloader & modem
2. root + nandroid (CWM) + titanium for app data (non-system app data)
3. change recovery to TWRP
4. flash rom + gapps
....and then I should be ready to go, correct?
Click to expand...
Click to collapse
1) Is not mandatory, it's just recommended. The only exception is if your device is a Verizon or AT&T phone, then don't - and I repeat - don't update or you risk losing the possibility of any custom ROM flashing or rooting due to the locked bootloaders.
2) and 3) CWM and TWRP backups do not have cross-compatibility. If you backup with CWM you have to restore with CWM.
Please tell me you haven't flashed anything yet. I can help with the entirety of the procedure.
robcore said:
Please tell me you haven't flashed anything yet. I can help with the entirety of the procedure.
Click to expand...
Click to collapse
No I haven't done anything yet. I found something else to occupy me for the last few nights - a chromecast that seems to hate me.
Oniyuri said:
No I haven't done anything yet. I found something else to occupy me for the last few nights - a chromecast that seems to hate me.
Click to expand...
Click to collapse
Haha I hear ya. I've been building a kernel for about a year now and finally (knock on wood) arrived at something I'm happy with. Lesson learned, electronics are definitely conspiring against us.
That said, please feel free to pm me when you're ready for the flashing process. Though it's a silly skill, it's become second nature to me and something about your situation flipped a helpful switch in me : P what's the Chromecast like?
robcore said:
Haha I hear ya. I've been building a kernel for about a year now and finally (knock on wood) arrived at something I'm happy with. Lesson learned, electronics are definitely conspiring against us.
That said, please feel free to pm me when you're ready for the flashing process. Though it's a silly skill, it's become second nature to me and something about your situation flipped a helpful switch in me : P what's the Chromecast like?
Click to expand...
Click to collapse
Well, so far, the chromecast is only plugged into my tv and basically did the setup by itself only for the google cast app on my phone to not recognize it when it said that it's ready to cast. I've ran out of things to do aside from going to the google forums (which I've already done). I'm starting to wonder if it's my phone that's causing all the issues.

Relocking bootloader

Hey guys.
Really sorry for having to post this again :/
Tried posting my issue in this thread but I think that thread's gone cold.
----
I have a Moto G5 Plus US, Model XT1687
Current ROM Info:
Software channel: retus
Build #: NPN 25.137-33
Security patch: Jan, 1 2017
Baseband: M8953_02.03.07.06R POTTER_NA_CUST
On a whim, unlocked the bootloader. Now id like to lock it back.
I haven't updated my phone / installed any OTA's, phone keeps asking to update to NPNS25.137-33-5, haven't done it.
Does this procedure work for me?
Which ROM should I use?
Id like to relock the bootloader and receive OTA updates as normal on my US variant phone!
Many thanks!
I'm pretty sure Motorola hasn't released stock firmware for the retus version.
Cats_PJs said:
I'm pretty sure Motorola hasn't released stock firmware for the retus version.
Click to expand...
Click to collapse
So, there's no way for me to relock my bootloader unless motorola releases it?
Can't I use another firmware that's available here at XDA?
What would you do?
Not update OTA and wait for motorola to release the firmware, or should just leave it unlocked?
Thanks
seed_87 said:
So, there's no way for me to relock my bootloader unless motorola releases it?
Can't I use another firmware that's available here at XDA?
What would you do?
Not update OTA and wait for motorola to release the firmware, or should just leave it unlocked?
Thanks
Click to expand...
Click to collapse
I don't think there's a way to relock the retus version, but maybe I'm wrong.
As far as what I would do. I always run a custom ROM, so I'd flash twrp, make a backup and try a few roms..
seed_87 said:
So, there's no way for me to relock my bootloader unless motorola releases it?
Can't I use another firmware that's available here at XDA?
What would you do?
Not update OTA and wait for motorola to release the firmware, or should just leave it unlocked?
Thanks
Click to expand...
Click to collapse
To relock the phone, you must flash a complete factory image that is the same or newer than what you have installed... Only way, not that it gains much except the ability to pass SafetyNet checks on pure stock, which you can do with some root magic anyway, but the bootloader will change to a state of 2 (Relocked), your warranty will still be void, and you will still get the bootloader unlocked warning screen (unless you flash a custom logo).
Cats_PJs said:
I don't think there's a way to relock the retus version, but maybe I'm wrong.
As far as what I would do. I always run a custom ROM, so I'd flash twrp, make a backup and try a few roms..
Click to expand...
Click to collapse
Well, I originally wanted to just root the stock ROM and install a couple of things like: Adaway, some Xposed modules (Like the Youtube ad remover one), WiFi ADB (which requires root, allows one to wirelessly debug apks)
acejavelin said:
To relock the phone, you must flash a complete factory image that is the same or newer than what you have installed... Only way, not that it gains much except the ability to pass SafetyNet checks on pure stock, which you can do with some root magic anyway, but the bootloader will change to a state of 2 (Relocked), your warranty will still be void, and you will still get the bootloader unlocked warning screen (unless you flash a custom logo).
Click to expand...
Click to collapse
Wow relocking the BL sounds really useless once you realize what you're getting from it. I really don't care much for SafetyNet as (this model has no NFC). I don't use Android Pay either.
Honestly, I unlocked the BL but finally didn't root mainly because I read some issues when rooting. Please see this post
Thanks for the enlightenment!
seed_87 said:
Well, I originally wanted to just root the stock ROM and install a couple of things like: Adaway, some Xposed modules (Like the Youtube ad remover one), WiFi ADB (which requires root, allows one to wirelessly debug apks)
Wow relocking the BL sounds really useless once you realize what you're getting from it. I really don't care much for SafetyNet as (this model has no NFC). I don't use Android Pay either.
Honestly, I unlocked the BL but finally didn't root mainly because I read some issues when rooting. Please see this post
Thanks for the enlightenment!
Click to expand...
Click to collapse
If you do decide to root, I would suggest using magisk instead of SuperSU. I switched a few months ago, and it works perfectly
Safetynet isn't just for nfc, other companies and apps have used it in their software as well ie: Snapchat, and Pokemon go are 2 I can think off the bat.
Installing and/or rooting with magisk is fairly easy and painless, and it will have superSU which will give you root.
How to:
Must have twrp recovery, or some other custom recovery, although these days I would recommend twrp, as it works and is more widely used than say cm recovery is, since cm project was taken over by lineage now. Anyways, flash a custom recovery and use it. (note: I haven't used cm recovery or any other recovery in years, so I do not know it this works with antyhing else, aside from twrp, which I know it works fine with). There are also tutorials all over xda on how to install/flash twrp, as well as youtube videos if you prefer that better.
Go grab magisk.zip, (do a google search or look on xda, it's all over the place just do a search for like magisk zip, you'll find it).
The latest as of right now I think is 14.0 and you will also (if I recall correctly) need magisk manager, (and just like the zip file you can do a quick search it's also all over the place).
Once you have that, reboot into recovery, then flash the magisk.zip file, and reboot, it should give you magisk manager app in your app drawer and you should be rooted. (Note: You may need to update magisk manager.)
To check root grab an app called root checker on the plays store. (it's free)
It's that easy.
Short summary:
1: Install custom recovery (if you haven't already)
2: Boot to recovery, flash magisk.zip
3: reboot to system, and profit from root + safetynet hide.
Quick and painless root method.
I do all my rooting now this way, in fact I recently re-flashed my nexus 5x rom and instead of flashing superSU I flashed the magisk way instead, and it cover 2 things,
1: gives you root
2: it hides root from safetynet and lets you use nfc, pokemon go, snapchat, and other apps that use safetynet as well.
Cats_PJs said:
If you do decide to root, I would suggest using magisk instead of SuperSU. I switched a few months ago, and it works perfectly
Click to expand...
Click to collapse
Oh, wow, I had the (wrong) idea that the SuperSU method was the better one and superseeded magisk. If that works great then awesome I will root using magisk, thanks @Cats_PJs !
easyrider77 said:
Safetynet isn't just for nfc, other companies and apps have used it in their software as well ie: Snapchat, and Pokemon go are 2 I can think off the bat.
Installing and/or rooting with magisk is fairly easy and painless, and it will have superSU which will give you root.
How to:
Must have twrp recovery, or some other custom recovery, although these days I would recommend twrp, as it works and is more widely used than say cm recovery is, since cm project was taken over by lineage now. Anyways, flash a custom recovery and use it. (note: I haven't used cm recovery or any other recovery in years, so I do not know it this works with antyhing else, aside from twrp, which I know it works fine with). There are also tutorials all over xda on how to install/flash twrp, as well as youtube videos if you prefer that better.
Go grab magisk.zip, (do a google search or look on xda, it's all over the place just do a search for like magisk zip, you'll find it).
The latest as of right now I think is 14.0 and you will also (if I recall correctly) need magisk manager, (and just like the zip file you can do a quick search it's also all over the place).
Once you have that, reboot into recovery, then flash the magisk.zip file, and reboot, it should give you magisk manager app in your app drawer and you should be rooted. (Note: You may need to update magisk manager.)
To check root grab an app called root checker on the plays store. (it's free)
It's that easy.
Short summary:
1: Install custom recovery (if you haven't already)
2: Boot to recovery, flash magisk.zip
3: reboot to system, and profit from root + safetynet hide.
Quick and painless root method.
I do all my rooting now this way, in fact I recently re-flashed my nexus 5x rom and instead of flashing superSU I flashed the magisk way instead, and it cover 2 things,
1: gives you root
2: it hides root from safetynet and lets you use nfc, pokemon go, snapchat, and other apps that use safetynet as well.
Click to expand...
Click to collapse
Awesome explanation @easyrider77 I will definitely try to root using magisk. Thanks for the warning, don't play Pokemon go and haven't used Snapchat in years so i'm good! I'll try flashing the latest Magisk (v14.0)
One thing tho:
I think I want to (for now anyways) stay stock-ish (stock rom + stock kernel + twrp + magisk).
If I understand it correctly, flashing a custom recovery renders the phone unable to get OTA's (Not that I'd want to apply an OTA update on a modified rooted phone and risk a brick anyways) So, how would one eventually update Android? (Keeping in mind that Motorola hasn't released any retus firmware) Can I flash other non-retus firmwares? (Which wouldn't flash over twrp I think, I would then just loose root and have to flash magisk again, right?)
Thanks a ton guys :good::good::good:
EDIT:
Short xda search pointed me to this official TWRP link, will follow fastboot method to install TWRP.
I'm not sure what exactly stops ota from coming in. I've heard unlocking the bootloader is what causes it, and I've also heard that flashing a custom recovery is what causes it, and I've also heard a custom rom is what does it.
There are options as far as ota goes though, and work the same way, but you'd jsut have to wait. People release flashable ota files all the time, and can be flashed via twrp.
If you want to keep stock, and root that's fine too, but I personally wouldn't worry much about the ota issue at all, because eventually every phone will not get ota as it will lose support, but you can still get the latest and greatest up to date rom with it's features.
Prime examples would be:
Oneplus One,
Oneplus 3
some of the samsung devices like s4
These are just a few, and although they don't receive support officially, they are sporting the brand new android 8 oreo.
Even the samsung s4 has N for it and it came out in 2013 (that's near 5 yrs ago now) and started on Android 4.2.2 (Jelly Bean) and said it was upgradable to 5.0.1 (Lollipop), and now here we are running android 7.1.x.
https://forum.xda-developers.com/galaxy-s4-tmobile/development
(not sure if there were any unlocked variants of that phone at the time as it wasn't a common thing like it is now, that's why I chose the tmobile thread but there are other variants that get it as well)
So when it comes to ota, I personally would not an do not worry about that when I root, that's the last of my worries.
I prefer functionality and customization over ota myself, because most times someone comes out with either an official link to an ota or makes an flashable ota you can flash via twrp, although my semi-educated guess would be if you decide to install the official/stock ota, then it will erase everything you have anyways which can be a pain.
DO keep in mind once you unlock the bootloader, it "officially" voids any warranty and moto does have the option to refuse service if anything goes wrong with the phone, but I have heard some people had no issues and moto took the phone back even when rooted, but that is something you would have to make a choice and live with IF you decided to unlock the bootloader, as there is no way to undo that process.
I have re-locked the bootloader on a moto phone so yes it CAN be re-locked, but........it still gets triggered and moto will know that it's been unlocked even if you re-lock it, because that part is irreversible and cannot be undone, aside from you locking and unlocking it on your side.
As for flashing firmware and all that, make DOUBLY sure you know your phones model number and/or codename, this is key in flashing most anything you do with your phone, because even though a phone may have multiple variants, ie: tmobile, sprint, at&t versions, and even European versions, and the phones are identical in EVERY way hardware wise, you can't just simply pick a rom of choice and use it, it's a matter of knowing what your phones info is.
Example: you cannot take a t-mobile phone rom and flash it's official firmware or it's roms, and updates on a at&t variant, or a metroPCS on a tmobile variant, even though they use the same network, and are the exact same phone and hardware, there are subtle differences and can most likely brick the phone, either hard or soft.
So if I had the US variant of the g5 plus that would be codenamed the same "potter" like the rest, but, the number is different which is XT1687, so I would use that number as my reference, as apposed to the potter name, because there are 3 other variants of that phone which are Amazon Edition and the consumer cellular and of corse the European variants as well, I'm not exactly sure what numbers go with what phones other than the US unlocked variant, but on a quick look the other numbers are XT1684 and XT1685, perhaps someone else with more experience than I have can tell you what those number match up with said phone.
As far as the US variant goes though, I do not want to take a rom or firmware meant for the XT1684 XT1685 and use it on the XT1687 US variant, as it will most likely have bad results, ie: brick of some sort.
That's the main thing you have to worry about, other than that, there isn't much worry. Just do some major research and goggling and read and re-read and read again the directions on the threads at xda as most generally all of them are pretty simple to follow, if you do it step by step.
I recently bought an lg k20 plus phone from metroPCS, have never rooted that phone before and came to xda and followed the rooting thread and rooted it the first time. In a matter of 30 mins I had full root with stock rom (since there are no roms for that phone as of yet) but it is a metroPCS variant, (mp260) and in the case above, this phone is also sold by tmobile, is the exact same phones specs hardware, etc....I could not use the tmobile rom or firmware on this phone.
Hope this helps clear it up some.
Update:
I just bought a 64gb storage/4gb ram US variant of the g5 plus. It brought back some older memories of when I had my other moto, X I think it was, not sure anymore, but I DO remember you can unlock the bootloader as well as re-lock it, but, do keep in mind it still triggers something internally that can't be reveresed, so if moto did decide to check into things, they can tell if it's been bootloader unlocked.
So while you can unlock and lock the bootloader on our side, moto can still tell it's been unlocked, even when re-locked. Just hope if you send it back in they just don't check it and even if they do, hope they don't bother sending it back saying your warranty is void sorry.
Thanks @easyrider77
I used to install custom ROMs on my older phones. Recently though, stock android has gotten pretty good so maybe when this phone loses support I'll try some ROMs. Out of curiosity, what ROM/hacks/kernel do you use?
So, how does this sound:
- Install the OTA my phone's been prompting me to update to (upgrading from NPN25.137-33 to NPNS25.137-33-5 and I think it will then try to update to NPN25.137-83 with an August 1 security patch)
- Install TWRP via fastboot, make a nandroid backup!
- Root with Magisk v14.0
- Looking into maybe changing the boot.img "Your device is not trustworthy" thing
- Adaway! Xposed! Other goodies yay!
- Any other recommendations?
PS: Can Magisk root every firmware released by Motorola for the Moto G5+?
I've used it on my nexus 5x, and a lg k20 plus phone to root. I'm not sure if it has any limits when it comes to phones, but to my knowledge it should work fine.
Be careful with the boot.img file, if its not the correct size it will brick the phone too.
easyrider77 said:
I've used it on my nexus 5x, and a lg k20 plus phone to root. I'm not sure if it has any limits when it comes to phones, but to my knowledge it should work fine.
Be careful with the boot.img file, if its not the correct size it will brick the phone too.
Click to expand...
Click to collapse
WIll do, many thanks for all your help guys!
@easyrider77 @Cats_PJs @acejavelin
:good::good::good:
Every rom I've tried on this phone works well, with only minor bugs. Right now I'm using the Pixel ROM. Elemental x is my kernel of choice because it's stable and has a sound option to increase volume. I use Kernel Adiutor for settings. The viper magisk module by ahrion works great, and ad away is a must. Good luck
Cats_PJs said:
Every rom I've tried on this phone works well, with only minor bugs. Right now I'm using the Pixel ROM. Elemental x is my kernel of choice because it's stable and has a sound option to increase volume. I use Kernel Adiutor for settings. The viper magisk module by ahrion works great, and ad away is a must. Good luck
Click to expand...
Click to collapse
Nice to hear cat.
I'm holding off on rooting just yet, although the temptation is really really great and pulling at me right now ina bad way . I just want to make doubly sure the phone isn't going to have issues, and hardware glitches. Anytime you mass produce a product, inevitably there will always be a bad batch(s) so I am just watching and waiting patiently on stock non-root (yes I said non-root LOL) but it's not as bad of an experience as I thought it would be.
I have to give this phone props, this phone is simply great. I bought the 64gb storage/4gb ram US variant, and have been nothing but happy with it, even on stock.
Camera isn't exactly your top tier phone camera but it certainly stands out as one of the not bad at all cameras. I see many saying the camera sucks, well if your zooming in and expect to get a good picture, good luck with that, simply put as I read in an article, two things 1: just don't use zoom, it's a digital zoom as apposed to an optical zoom, and simply will give you fuzzy and blurry pics a alot 2: if your after a good picture taking experience, for crimeny sake, buy a dang camera, these are phones people, NOT cameras. If they were meant for that, photographers around the world would be using phones, but guess what, news flash, they are using things called "cameras" wow what a concept LOL.
Anyways, if you just use very little zoom (I'd say 1.5 - 2.0x at most) but mostly just get closer to the subject or item you are takeing pics of, you'll have a much more pleasant experience with picture taking, trust me.
Ok of my soap box and tangent, sorry .
I will eventually root this bad boy, as I cannot resist the urge. For now I am just making sure the phone has no hiccups or glitches hardware wise, so glad to know roms are working well.
I did have a question about the sound though. I see people saying low sound volume with this phone, and I personally do not see (or hear in this case) the problems. I watched a few youtube videos last night and honestly I had to turn it down some because it was plenty loud, at least from this side.
Does the sound get lower with roms? (in wich case I can use viper) but I'm just curious.
easyrider77 said:
Nice to hear cat.
I'm holding off on rooting just yet, although the temptation is really really great and pulling at me right now ina bad way . I just want to make doubly sure the phone isn't going to have issues, and hardware glitches. Anytime you mass produce a product, inevitably there will always be a bad batch(s) so I am just watching and waiting patiently on stock non-root (yes I said non-root LOL) but it's not as bad of an experience as I thought it would be.
I have to give this phone props, this phone is simply great. I bought the 64gb storage/4gb ram US variant, and have been nothing but happy with it, even on stock.
Camera isn't exactly your top tier phone camera but it certainly stands out as one of the not bad at all cameras. I see many saying the camera sucks, well if your zooming in and expect to get a good picture, good luck with that, simply put as I read in an article, two things 1: just don't use zoom, it's a digital zoom as apposed to an optical zoom, and simply will give you fuzzy and blurry pics a alot 2: if your after a good picture taking experience, for crimeny sake, buy a dang camera, these are phones people, NOT cameras. If they were meant for that, photographers around the world would be using phones, but guess what, news flash, they are using things called "cameras" wow what a concept LOL.
Anyways, if you just use very little zoom (I'd say 1.5 - 2.0x at most) but mostly just get closer to the subject or item you are takeing pics of, you'll have a much more pleasant experience with picture taking, trust me.
Ok of my soap box and tangent, sorry .
I will eventually root this bad boy, as I cannot resist the urge. For now I am just making sure the phone has no hiccups or glitches hardware wise, so glad to know roms are working well.
I did have a question about the sound though. I see people saying low sound volume with this phone, and I personally do not see (or hear in this case) the problems. I watched a few youtube videos last night and honestly I had to turn it down some because it was plenty loud, at least from this side.
Does the sound get lower with roms? (in wich case I can use viper) but I'm just curious.
Click to expand...
Click to collapse
I really don't have a problem with the sound volume, except when I plug it into my truck. If there's a good song on, and I really want to crank it up, I run out of volume, so I usually turn up the headphone gain in the kernel settings by 3.
I haven't noticed variance between ROM volumes on this phone, but I know on my old note 3 there was definitely fairly large variance between ROMs.

Categories

Resources