Related
Most of us were talking about Towelroot over in Jcase's PIE thread or over in collinjames' thread, but I think it's time it deserves it's own thread.
UPDATE:
@iKrYpToNiTe made the awesome TowelPieRoot which makes this method easier to use. You can still use this thread to root your phone, but I will be using his method from now on. Happy rooting!
Important Links:
Geohot's original post.
Towelroot's Homepage
Mod Strings
What is Towelroot?
Towelroot is a rooting method for most android phones, and it uses an apk to obtain root (dead simple too, push one button, no need for other tools and workarounds). (source)
Why do we use Towelroot in conjunction with PIE?
PIE nor Towelroot disables write protection. Both of them offer a temporary root that has to be applied after a reboot. The advantage to Towelroot is that it is an APK that sits on device, so unlike PIE, Towelroot can be run later, non-tethered to a PC, should you have to power off/on. So you use PIE first while tethered and initially rooting, then Towelroot allows you to continue rooting "on the go" in the future without needing a PC.
How does it work with the Moto X?
It works the same as PIE. It gives root access but the device is still write protected. It is also temporary and must be reapplied after a reboot. However, a soft/hot reboot can keep the root access, due to soft/hot reboots only rebooting the graphical Android shell.
What does it work on?
XT1049 - Republic Wireless, not confirmed, should work.
XT1052 - European
XT1053 -T-Mobile US, not confirmed, should work.
XT1055 - US Cellular, not confirmed, should work.
XT1056 - Sprint, not confirmed, should work.
XT1058 - AT&T, Rogers, Claro, Movistar, Vivo, Oi, TIM
XT1060 - Verizon
How do I use this tool?
Remember to apply PIE first!
1. On your device, go to here.It will start to download the .apk
3. On your device, go to Settings>Security>Unknown Sources and tick the box.
4. Run the downloaded apk, tr3.apk
5. Press "welcome to towelroot" 3 times.
6. Replace the last 0 with a 1, due to modstrings.
7. make it ra1n
Your device should now be rooted and you should be able to use apps such as Greenify and Titanium Backup.
Some applications that should work with root, might not work with this method.
Some people have experimented with using Superuser apps, but I have not seen a consistent method to use one.
How are we keeping root after reboots?
We aren't rebooting! Seriously, we soft/hot reboot which allows us to keep root after a graphical reboot. And even if you do reboot, you can always reapply the root with Towelroot. You just need to make sure you have applied jcase's PIE before hand.
Xposed:
jpond83 posted up some instructions in the PIE thread about how to get Xposed to work:
Make sure you have installed PIE before you try to use Xposed or it will NOT work. View jcase's PIE thread for more details.
jpond83 said:
1) install towelroot. Xposed installer, Busybox installer, power menu
2)run towelroot, click "welcome to towelroot", replace 0 with 1, make it rain.
3) run xposed and click install
4) run busybox installer and click install
5) run power menu and click "hot reboot"
6) enjoy root without using a PC.
Click to expand...
Click to collapse
Current problems/bugs
Some users have problems with soft/hot rebooting. Reapply PIE.
Random reboots.
Warning about using this exploit
Myself or anyone that has helped develop this are not responsible for anything that occurs to your phone by using this method.
As for this thread, feel free to post your experiences with this tool or any supplements to add.
I'm glad this finally has a dedicated thread. Good job OP
I finally got it working. When I installed SuperSU it was lagging. But I kept it off. I even have hkthememanager running with KitKat all white settings from the nexus forum.
Sent from my XT1058 using XDA Free mobile app
The softboot/hot boot issue comes from not having busybox installed.
jpond83 said:
The softboot/hot boot issue comes from not having busybox installed.
Click to expand...
Click to collapse
I've installed 3 different Busybox installers:
Busybox by Stephen (Stericson)
Busybox Installer by JRummy Apps Inc.
Busybox X by Robert Nediyakalaparambil [root]
The first and the third one said they installed successfully, but the second one did not.
Even after 2 installations succeeding, I was still unable to soft/hot reboot.
Any ideas?
I use busybox installer with the blue icon. Never had a issue with softboot as long as I install everything in the order I stated in the other thread.
jpond83 said:
I use busybox installer with the blue icon. Never had a issue with softboot as long as I install everything in the order I stated in the other thread.
Click to expand...
Click to collapse
Guessing that is the Busybox Installer , I just get this when I try to install it. I have root access, but Busybox is not installing.
But when I use Busybox by Stephen, it says it installs correctly, and my Busybox checker says it does too, but Power Menu still won't Hot Reboot.
Have you ran pie root before? It needs to be ran on the device once before for it to work.
jpond83 said:
Have you ran pie root before? It needs to be ran on the device once before for it to work.
Click to expand...
Click to collapse
Replying the PIE exploit has seemed to fix it. Thank you.
Should I add to the original post that you need to install PIE?
dier325 said:
Replying the PIE exploit has seemed to fix it. Thank you.
Should I add to the original post that you need to install PIE?
Click to expand...
Click to collapse
Yes, its a must. It should only need to be ran once. After that you should never need it again unless you factory reset.
jpond83 said:
Have you ran pie root before? It needs to be ran on the device once before for it to work.
Click to expand...
Click to collapse
Wait, so you need to use PIE to make stuff work under towelroot work on the X?
If so, why not just stick with PIE? Why add towelroot?
KidJoe said:
Wait, so you need to use PIE to make stuff work under towelroot work on the X?
If so, why not just stick with PIE? Why add towelroot?
Click to expand...
Click to collapse
Did you read??? You only need to use pie once. After that you can reboot your phone as much as you want and just root with towelroot.
KidJoe said:
Wait, so you need to use PIE to make stuff work under towelroot work on the X?
If so, why not just stick with PIE? Why add towelroot?
Click to expand...
Click to collapse
Towelroot can work just by itself, but PIE adds some functionality that allows for easier softbooting.
jpond83 said:
Did you read??? You only need to use pie once. After that you can reboot your phone as much as you want and just root with towelroot.
Click to expand...
Click to collapse
I'm sorry that it bothers you so much that I have a question I'm asking. But if you must know, YES I READ. I've read this thread, the PIE thread, and Does Towel Root have any potential in the Motorola field?
And if you can read, you would know that you didn't even answer my question of "why use both?". Instead you just sort of flaming me for asking something and said pie only needs to be run once which is already stated very clearly in what I quoted.
What I'm getting at with my question is something that is implied, but not stated.....
It is understood that since neither PIE nor Towelroot disables write protection on locked bootloaders, if you root with either PIE or Towelroot, you need to re-root after power off/on (or "hard" reboot as some are calling it). It appears the advantage to Towelroot is that it is an APK that sits on device, so unlike PIE, Towelroot can be run later, non-tethered to a PC, should you have to power off/on. So you use PIE first while tethered and initially rooting, then whatever it does allows Towelroot APK to continue working properly when "on the go" in the future without needing a PC.
If that is truly the case, then I think that should be highlighted better, and @dier325 should add it to the OP as many are missing that bit of information. It would also cut out some of the frustration by those encountering issues when running PIE again, after they had to power off/on. (as they could use PIE when first setting up, then towelroot if they lose root while away from their PC).
But it does beg a few more questions (at least by someone who is READING all of this, but not using either PIE or TowelRoot)...
Is PIE needed once before Towelroot only if you want Xposed? Or is it always needed once if you ever plan on using Towelroot? (i.e. Are there any cases where Towelroot alone works? like if you only want to block ads or tether. Or must you have used PIE once already, if you want to make use of Towelroot to root at all?)
Must it be done in a certain order? I.e. if you've used towelroot and realized you forgot PIE, can you just run PIE and be good? or must you reboot, use PIE, then use Towelroot again?
What changes are made by PIE that survive power off/on and enable Towelroot to work when trying to use Xposed?
If this information is accurate, can Geohot and Jcase work together on a single solution, and possibly single on device solution for the X?
KidJoe said:
It is understood that since neither PIE nor Towelroot disables write protection on locked bootloaders, if you root with either PIE or Towelroot, you need to re-root after power off/on (or "hard" reboot as some are calling it). It appears the advantage to Towelroot is that it is an APK that sits on device, so unlike PIE, Towelroot can be run later, non-tethered to a PC, should you have to power off/on. So you use PIE first while tethered and initially rooting, then whatever it does allows Towelroot APK to continue working properly when "on the go" in the future without needing a PC.
If that is truly the case, then I think that should be highlighted better, and @dier325 should add it to the OP as many are missing that bit of information. It would also cut out some of the frustration by those encountering issues when running PIE again, after they had to power off/on. (as they could use PIE when first setting up, then towelroot if they lose root while away from their PC).
Click to expand...
Click to collapse
This is a great explanation of why we are using both. I will add a paragraph to the OP that paraphrases what you just said.
KidJoe said:
Is PIE needed once before Towelroot only if you want Xposed? Or is it always needed once if you ever plan on using Towelroot? (i.e. Are there any cases where Towelroot alone works? like if you only want to block ads or tether. Or must you have used PIE once already, if you want to make use of Towelroot to root at all?)
Click to expand...
Click to collapse
Towelroot alone works, but we've found that some applications (i.e. Xposed, Busybox) don't work unless you have PIE. Using them together allows us to use them.
KidJoe said:
[*]Must it be done in a certain order? I.e. if you've used towelroot and realized you forgot PIE, can you just run PIE and be good? or must you reboot, use PIE, then use Towelroot again?
Click to expand...
Click to collapse
The method of each one must be done in order but it does not matter which one you apply first to the device. In fact I just had Towelroot running on my device and then applied PIE allowing for Xposed to work.
KidJoe said:
[*]What changes are made by PIE that survive power off/on and enable Towelroot to work when trying to use Xposed?
Click to expand...
Click to collapse
PIE allows us to keep Busybox installed on the device which allows us to Soft/hot reboot.
KidJoe said:
[*]If this information is accurate, can Geohot and Jcase work together on a single solution, and possibly single on device solution for the X?
Click to expand...
Click to collapse
I want to remind everyone that there are very few of us who are using both of these methods together currently. It is fine for these questions to be brought up for the uninitiated. As for them working together, I think Jcase stated that he wants to move away from the X, as well as I think he is on holiday due to his current signature. I don't know about Geohot but some people have created a thread over in the Moto G forum raising some money to buy the device for him after he said he would try to work on it if he had one.
I have jcases pie root on my x and g and i either always soft boot in xposed framework and keep phone on airplane mode when not in use and charge when necessary
KidJoe said:
If that is truly the case, then I think that should be highlighted better, and @dier325 should add it to the OP as many are missing that bit of information. It would also cut out some of the frustration by those encountering issues when running PIE again, after they had to power off/on. (as they could use PIE when first setting up, then towelroot if they lose root while away from their PC).
Click to expand...
Click to collapse
I have added another section to the OP explaining the situation.
cell2011 said:
I have jcases pie root on my x and g and i either always soft boot in xposed framework and keep phone on airplane mode when not in use and charge when necessary
Click to expand...
Click to collapse
Adding them together allows you to root without having to use a PC if you do reboot your device, say it dies.
Thanks guys for clearing this up. I think Towel root should be renamed to something less middle east reference and it would be welcomed more.
So basically if we want more functionality with our root, we should do PIE first? I clicked over onto the PIE page but didn't really how it's done. I have towelroot down, but it seems PIE is a good idea to use in combo with towel root. I could be missing something though cause I'm in the XDA app at work.
I do understand though that PIE is a one time thing and we should just use towel root thereafter when we reboot and need to reroot again.
Sent from my XT1060 using XDA Free mobile app
Using PIE in conjunction with Towelroot allows you to use apps such as Xposed.
Sent from my XT1060 using XDA-FORUM, powered by appyet.com
I found this post on a blog about a vulnerability with the Qualcomm boot. I can't even begin to explain it but could this help us find a way to root?
LINK: https://bits-please.blogspot.com/20...howComment=1462371232579#c7966216604060424834
Fredo2000 said:
I found this post on a blog about a vulnerability with the Qualcomm boot. I can't even begin to explain it but could this help us find a way to root?
LINK: https://bits-please.blogspot.com/20...howComment=1462371232579#c7966216604060424834
Click to expand...
Click to collapse
This is a trustzone vulnerability that requires root to exploit it. No way to gain root through it
jcase said:
This is a trustzone vulnerability that requires root to exploit it. No way to gain root through it
Click to expand...
Click to collapse
Ah damn. Thanks for letting me know anyways
Not so - this vulnerability requires "mediaserver" permissions to execute and can be used to achieve root (see latest blog post).
Also, I'm releasing another exploit which allows escalation from zero permissions to "mediaserver" which works on all Android versions and phones.
Wow that's an impressive exploit. Congrats for finding it and explaining it in your write up. Have you been able to use it on an unrooted device like ours to gain root? What about the S7 edge that is chained down at the moment? Sounds like you might have an opportunity to cash in on the large bounties for both devices! Once again great work!!
Sent from my LG-H830 using XDA-Developers mobile app
Thanks. I've used the exploit to gain kernel code execution (better than root, since you can disable SELinux, etc.). The QSEE payload I provided should work as-in, since it's symbol-less (finds all the symbols directly in memory). As for the QSEE exploit; you'll need to change the symbols (under symbols.h) to match the Widevine application on your phone. As for the S7 edge - I know nothing about it (have never checked), but I can take a look in a couple of days when I'm at home.
How long did it take to discover and work on this exploit? I'm just a lay person that likes to root phones but I imagine this takes a ton of time to work on. I hope you submit your work and publish a root method and cash in on ~$5000 worth of bounties for all your hard work. And I hope Google implements your fixes soon to patch the holes you have discovered.
Sent from my LG-H830 using XDA-Developers mobile app
laginimaineb said:
Thanks. I've used the exploit to gain kernel code execution (better than root, since you can disable SELinux, etc.). The QSEE payload I provided should work as-in, since it's symbol-less (finds all the symbols directly in memory). As for the QSEE exploit; you'll need to change the symbols (under symbols.h) to match the Widevine application on your phone. As for the S7 edge - I know nothing about it (have never checked), but I can take a look in a couple of days when I'm at home.
Click to expand...
Click to collapse
Wow... This is all some seriously great stuff! If you have some time I would love to talk with you about how to get this working on the Sprint G5
laginimaineb said:
Thanks. I've used the exploit to gain kernel code execution (better than root, since you can disable SELinux, etc.). The QSEE payload I provided should work as-in, since it's symbol-less (finds all the symbols directly in memory). As for the QSEE exploit; you'll need to change the symbols (under symbols.h) to match the Widevine application on your phone. As for the S7 edge - I know nothing about it (have never checked), but I can take a look in a couple of days when I'm at home.
Click to expand...
Click to collapse
If you can modify the kernel, can you disable dm-verity?
If so, I think you might have just found root for our device...
I suggest that you first check if the G5 is even vulnerable to the QSEE vulnerability I disclosed... (extract the "system_" files from the KDZ and the DZ and search for the string "PRDiag"). Since I disclosed the vulnerability a few months ago, it could be patched on the latest version, but might still be vulnerable on previous ones.
Also, as for dm-verity - the QSEE exploit allows full system memory RW (which allows you to patch a running kernel and basically inject arbitrary code). But (!) you probably want to disable dm-verity at boot, which would require a bootloader unlock.
...Which brings me to my last point - If the LG G5 is vulnerable to the QSEE exploit I disclosed, I'm also releasing a QSEE to TZBSP (TrustZone kernel) exploit, which means you can blow any QFuse you like (which is the standard way to disable secure boot).
laginimaineb said:
I suggest that you first check if the G5 is even vulnerable to the QSEE vulnerability I disclosed... (extract the "system_" files from the KDZ and the DZ and search for the string "PRDiag"). Since I disclosed the vulnerability a few months ago, it could be patched on the latest version, but might still be vulnerable on previous ones.
Also, as for dm-verity - the QSEE exploit allows full system memory RW (which allows you to patch a running kernel and basically inject arbitrary code). But (!) you probably want to disable dm-verity at boot, which would require a bootloader unlock.
...Which brings me to my last point - If the LG G5 is vulnerable to the QSEE exploit I disclosed, I'm also releasing a QSEE to TZBSP (TrustZone kernel) exploit, which means you can blow any QFuse you like (which is the standard way to disable secure boot).
Click to expand...
Click to collapse
My god... you are the MAN!!! I'll check for the files ASAP (currently doing mother's day stuff) and report back.
Also, how can I donate to you?
jcase said:
This is a trustzone vulnerability that requires root to exploit it. No way to gain root through it
Click to expand...
Click to collapse
so you are wrong then? this CAN be used to get root?
laginimaineb said:
Not so - this vulnerability requires "mediaserver" permissions to execute and can be used to achieve root (see latest blog post).
Also, I'm releasing another exploit which allows escalation from zero permissions to "mediaserver" which works on all Android versions and phones.
Click to expand...
Click to collapse
Correct, bad wording on my part. However on this phone it really makes no difference, it is actually easier to gain execution as root than it is on mediaserver. This phone is /BAD/ as far as security is concerned. Multiple bootchain backdoors, beyond broke backup system, known kernel vulns left unpatched, heavily (and poorly) modified stagefright as well. We already have root on the phone, root was never the issue, issue was code signing (which was being worked on until someone shared my root knowing i didnt want it shared). LG is enforcing signature validation and dm-verity on this device, just a heads up.
If you release anything compatible with this phone, make sure the users know not to alter laf/recovery/boot/system. They will anyways, and blame you, but at least you warn them.
I sold my G5 after the drama here, so I am no longer working on it.
Syndicate0315 said:
so you are wrong then? this CAN be used to get root?
Click to expand...
Click to collapse
I was technically be wrong, but really makes little difference if the starting point is media server or root. It is honestly easier to get exec as root on this phone than media server. I have already demonstrated that root is not an issue on this device, issue is code signing. This vulnerability does not give you what you guys want, similar to the one of mine that everyone is passing around and emailing me daily about after I put in the read me that it will not do what you want. No one listens.
laginimaineb said:
I suggest that you first check if the G5 is even vulnerable to the QSEE vulnerability I disclosed... (extract the "system_" files from the KDZ and the DZ and search for the string "PRDiag"). Since I disclosed the vulnerability a few months ago, it could be patched on the latest version, but might still be vulnerable on previous ones.
Also, as for dm-verity - the QSEE exploit allows full system memory RW (which allows you to patch a running kernel and basically inject arbitrary code). But (!) you probably want to disable dm-verity at boot, which would require a bootloader unlock.
...Which brings me to my last point - If the LG G5 is vulnerable to the QSEE exploit I disclosed, I'm also releasing a QSEE to TZBSP (TrustZone kernel) exploit, which means you can blow any QFuse you like (which is the standard way to disable secure boot).
Click to expand...
Click to collapse
Blowing fuses is the standard way of enabling secure boot, not disabling. These phones already have that fuse blown. The more recent LG phones have used a signed blob to "unlock" (as far as the ones I've looked at), they are not following the motorola method of blowing a fuse.
The TMobile LG G5 is actually unlocked, all these guys need to do is pack twrp into a TOT (pretty much a raw image with a header) and flash it in download mode.
Fredo2000 said:
If you can modify the kernel, can you disable dm-verity?
If so, I think you might have just found root for our device...
Click to expand...
Click to collapse
He can modify the kernel at run time with this exploit, but not the binary image of it, nor the ram disk that has the settings to enforce dm-verity. It would still need an exploit to get exec in the proper user/context as well as a codesigning exploit
jcase said:
Correct, bad wording on my part. However on this phone it really makes no difference, it is actually easier to gain execution as root than it is on mediaserver. This phone is /BAD/ as far as security is concerned. Multiple bootchain backdoors, beyond broke backup system, known kernel vulns left unpatched, heavily (and poorly) modified stagefright as well. We already have root on the phone, root was never the issue, issue was code signing (which was being worked on until someone shared my root knowing i didnt want it shared). LG is enforcing signature validation and dm-verity on this device, just a heads up.
If you release anything compatible with this phone, make sure the users know not to alter laf/recovery/boot/system. They will anyways, and blame you, but at least you warn them.
I sold my G5 after the drama here, so I am no longer working on it.
I was technically be wrong, but really makes little difference if the starting point is media server or root. It is honestly easier to get exec as root on this phone than media server. I have already demonstrated that root is not an issue on this device, issue is code signing. This vulnerability does not give you what you guys want, similar to the one of mine that everyone is passing around and emailing me daily about.
Click to expand...
Click to collapse
sorry if this is me just being ignorant, but if we gain root on a device with an unlocked bootloader (t mobile), can't we flash root from an app on the phone, boot into recovery, and then flash the disable-dm-verity zip provided on the other thread?
And also, how is gaining root not a problem? Is it through the LAF backdoor?
Syndicate0315 said:
sorry if this is me just being ignorant, but if we gain root on a device with an unlocked bootloader (t mobile), can't we flash root from an app on the phone, boot into recovery, and then flash the disable-dm-verity zip provided on the other thread?
And also, how is gaining root not a problem? Is it through the LAF backdoor?
Click to expand...
Click to collapse
Pack TWRP in tot, flash in download mode. I've said this since day one, you dont need an exploit to root the tmobile variant. Writing an exploit for tmobile lg g5 is a waste of time and resources. Pack TWRP in TOT, flash tot, be done.
Root isn't a problem because the device has multiple publicly known vulnerabilities (and at least one written exploit) that work on it.
jcase said:
Pack TWRP in tot, flash in download mode. I've said this since day one, you dont need an exploit to root the tmobile variant. Writing an exploit for tmobile lg g5 is a waste of time and resources. Pack TWRP in TOT, flash tot, be done.
Root isn't a problem because the device has multiple publicly known vulnerabilities (and at least one written exploit) that work on it.
Click to expand...
Click to collapse
ahhhh OK that makes MUCH sense...
i have the Sprint variant, what would be the best way for me to go about finding a permanent root? would any of these methods work?
Syndicate0315 said:
ahhhh OK that makes MUCH sense...
i have the Sprint variant, what would be the best way for me to go about finding a permanent root? would any of these methods work?
Click to expand...
Click to collapse
Dig through the bootchain, looking for a vulnerability you can use to bypass the secureboot (or otherwise bypass signing requirement of boot.img), or look at LG's code in regards to unlock, i wouldnt be surprised if a route existed there, LG is notoriously bad at "security" features.
jcase said:
Pack TWRP in tot, flash in download mode. I've said this since day one, you dont need an exploit to root the tmobile variant. Writing an exploit for tmobile lg g5 is a waste of time and resources. Pack TWRP in TOT, flash tot, be done.
Root isn't a problem because the device has multiple publicly known vulnerabilities (and at least one written exploit) that work on it.
Click to expand...
Click to collapse
hate to see you've sold your G5. unfortunately, there is no tot for h830. however, sprint has one. I am unsure as to how one can create a tot.
Hello everyone,
My Moto X Pure edition is on the way on the mail. I'm already excited to root it and get twrp on it. However, I believe the phone will come with android lollipop installed, and I should get an option for an OTA update for android 6.0.
My question is: Should I root my phone and install twrp BEFORE receiving the update, or after? I plan to use WinDroid Toolkit to root my phone and install twrp (seems to be the easiest way) so have any of you done it while having 6.0 already installed?
Your phone will most likely arrive with 6.0 pre-installed on it. You can't take an OTA with TWRP installed. I can't answer the WinDroid question.
Edit: It will most likely come with 6.0 already assuming you purchased it from Motorola.
quakeaz said:
Your phone will most likely arrive with 6.0 pre-installed on it. You can't take an OTA with TWRP installed. I can't answer the WinDroid question.
Edit: It will most likely come with 6.0 already assuming you purchased it from Motorola.
Click to expand...
Click to collapse
Thanks a lot for your help! It's good that the phone will most likely come with MM. Does Motorola also offer an OTA update to 6.0.1?
I wanted to flash a pre-rooted stock-based ROM because I thought it would be easier to get root. Although, my preference really would be to get the stock update, then just root that. The only reason I wanted to flash an already rooted ROM was because it seems kind of tricky to root it haha. Is the systemless root by ivcarlos the easiest way to root MM? Or have you perhaps found another way to root it on MM?
Additionally, just to make sure before I go on with anything: I should first let the clean phone upgrade to android 6.0.1, AFTER that I should unlock the bootloader, followed by installing TWRP and root, correct? @vertigo_2_20
Thank you for any help you can give me!
Henryy97 said:
Thanks a lot for your help! It's good that the phone will most likely come with MM. Does Motorola also offer an OTA update to 6.0.1?
I wanted to flash a pre-rooted stock-based ROM because I thought it would be easier to get root. Although, my preference really would be to get the stock update, then just root that. The only reason I wanted to flash an already rooted ROM was because it seems kind of tricky to root it haha. Is the systemless root by ivcarlos the easiest way to root MM? Or have you perhaps found another way to root it on MM?
Additionally, just to make sure before I go on with anything: I should first let the clean phone upgrade to android 6.0.1, AFTER that I should unlock the bootloader, followed by installing TWRP and root, correct? @vertigo_2_20
Thank you for any help you can give me!
Click to expand...
Click to collapse
IIRC, that's how I did it (OTA 6.0.1 > unlock bootloader > flash TWRP > root), though I did miss some things along the way that I only found out about after the fact, so I've included warnings about those thing here. Before I rooted, I read the following (and a LOT more, but these are the primary ones I based how I did it on):
ivcarlos' method, which you mentioned
And this, which is what I followed for rooting, though I don't remember why. I also had to use 2.62-3 as mentioned in the instructions vs 2.65 which is mentioned at the end as verified working, since it didn't work for me.
I ran across this as well, probably when 2.65 didn't work, and there's some good tidbits in there, worth reading through.
I also found this, but only after I finished rooting with the other method, and I didn't have the time to mess with it. I don't know enough to say whether it's really a better method or not, but something worth checking out if you have the time.
Just make sure you backup anything you want to keep (phone log, texts, pictures, etc) before unlocking the bootloader. I recommend SMS Backup & Restore with Titanium Backup as a secondary backup. Then, use fastboot to back up your recovery before flashing TWRP (I didn't know to do this until too late). Also, make sure you back up your /system and /boot partitions (don't need /data, since you're dealing with a freshly wiped phone from unlocking the bootloader, so nothing there to back up) with TWRP (and store the backups on the external SD card and/or your computer) as soon as you get TWRP flashed, before you do anything else.
Remember, anything you do that modifies /system can potentially break the "systemless" aspect of this root, thereby breaking Android Pay as well as the ability to receive OTA updates. Examples of things that might do this are AdAway (there's apparently a systemless file that needs to be flashed before installing it, which I didn't realize until too late, so mine may be broken already) and battery apps like GSam and BetterBatteryStats. I've yet to get an answer on if these really do break it, though. One that definitely will is Xposed, but I just found there's a systemless version, so when I get time I plan on trying that out. I think even if you do break it you can just a) reflash your backup (/recovery, /boot, & /system) then take an OTA and reflash TWRP and re-root, or b) flash the updated partitions from the OTA then reflash recovery and re-root. Of course, any of those things that changed /system (AdAway, Xposed, battery apps, etc), will probably be broken by this, and I believe they're supposed to be uninstalled first and reinstalled after.
I wouldn't doubt if I've screwed something up, so hopefully somebody can correct me on anything I did, as well as provide more information regarding the breaking of systemless.
vertigo_2_20 said:
IIRC, that's how I did it (OTA 6.0.1 > unlock bootloader > flash TWRP > root), though I did miss some things along the way that I only found out about after the fact, so I've included warnings about those thing here. Before I rooted, I read the following (and a LOT more, but these are the primary ones I based how I did it on):
ivcarlos' method, which you mentioned
And this, which is what I followed for rooting, though I don't remember why. I also had to use 2.62-3 as mentioned in the instructions vs 2.65 which is mentioned at the end as verified working, since it didn't work for me.
I ran across this as well, probably when 2.65 didn't work, and there's some good tidbits in there, worth reading through.
I also found this, but only after I finished rooting with the other method, and I didn't have the time to mess with it. I don't know enough to say whether it's really a better method or not, but something worth checking out if you have the time.
Just make sure you backup anything you want to keep (phone log, texts, pictures, etc) before unlocking the bootloader. I recommend SMS Backup & Restore with Titanium Backup as a secondary backup. Then, use fastboot to back up your recovery before flashing TWRP (I didn't know to do this until too late). Also, make sure you back up your /system and /boot partitions (don't need /data, since you're dealing with a freshly wiped phone from unlocking the bootloader, so nothing there to back up) with TWRP (and store the backups on the external SD card and/or your computer) as soon as you get TWRP flashed, before you do anything else.
Remember, anything you do that modifies /system can potentially break the "systemless" aspect of this root, thereby breaking Android Pay as well as the ability to receive OTA updates. Examples of things that might do this are AdAway (there's apparently a systemless file that needs to be flashed before installing it, which I didn't realize until too late, so mine may be broken already) and battery apps like GSam and BetterBatteryStats. I've yet to get an answer on if these really do break it, though. One that definitely will is Xposed, but I just found there's a systemless version, so when I get time I plan on trying that out. I think even if you do break it you can just a) reflash your backup (/recovery, /boot, & /system) then take an OTA and reflash TWRP and re-root, or b) flash the updated partitions from the OTA then reflash recovery and re-root. Of course, any of those things that changed /system (AdAway, Xposed, battery apps, etc), will probably be broken by this, and I believe they're supposed to be uninstalled first and reinstalled after.
I wouldn't doubt if I've screwed something up, so hopefully somebody can correct me on anything I did, as well as provide more information regarding the breaking of systemless.
Click to expand...
Click to collapse
Thank you for your reply! I'll read the links you sent me, although from what I can see the "root done right" is for the nexus 6, and if it works for the moto x pure it doesn't seem to be overall that much beneficial over the systemless root.
What exactly is the effect of breaking the "systemless" aspect of the root? For example, if I install AdAway, what will happen? I didn't really get that from your post.
Perhaps after all this process, I'll write a how-to guide, heh
So according to your experience, SUPERSU 2.62-3 is the adequate version to use for android 6.0.1?
Thanks again!
Henryy97 said:
Thank you for your reply! I'll read the links you sent me, although from what I can see the "root done right" is for the nexus 6, and if it works for the moto x pure it doesn't seem to be overall that much beneficial over the systemless root.
What exactly is the effect of breaking the "systemless" aspect of the root? For example, if I install AdAway, what will happen? I didn't really get that from your post.
Perhaps after all this process, I'll write a how-to guide, heh
So according to your experience, SUPERSU 2.62-3 is the adequate version to use for android 6.0.1?
Thanks again!
Click to expand...
Click to collapse
My understanding is that breaking it will render Android Pay inoperable and will make it so you can't take an OTA, though as I mentioned, it seems you still can by reverting back, it's just a LOT more work. But again, as I said, I'm not completely sure and I haven't been able to get an answer.
As for the supersu version, it doesn't really matter, because you'll just update it once you're rooted and booted into the OS. I just found that, despite what that post said, 2.65 did not work for me, so I had to flash 2.62-3 which did. Not a big deal, was just a little frustrating and scary when 2.65 didn't work because I was worried that I broke something and that the method wasn't going to work.
Edit: Good catch BTW on the link having to do with the Nexus. I didn't even look at what sub-forum it was in. At least it's one less thing to worry about for now, though I do hope it spreads to more devices, because we could always use more, not to mention better (assuming it is) ways of doing things.
vertigo_2_20 said:
My understanding is that breaking it will render Android Pay inoperable and will make it so you can't take an OTA, though as I mentioned, it seems you still can by reverting back, it's just a LOT more work. But again, as I said, I'm not completely sure and I haven't been able to get an answer.
As for the supersu version, it doesn't really matter, because you'll just update it once you're rooted and booted into the OS. I just found that, despite what that post said, 2.65 did not work for me, so I had to flash 2.62-3 which did. Not a big deal, was just a little frustrating and scary when 2.65 didn't work because I was worried that I broke something and that the method wasn't going to work.
Edit: Good catch BTW on the link having to do with the Nexus. I didn't even look at what sub-forum it was in. At least it's one less thing to worry about for now, though I do hope it spreads to more devices, because we could always use more, not to mention better (assuming it is) ways of doing things.
Click to expand...
Click to collapse
Thanks. I am aware that you can revert back to lollipop, and do the update from there whenever you want to update to a newer OTA MM update. However, my real question is, what does it mean to break the systemless aspect? I know that it will prevent further OTA updates, but will xposed work as it should, etc? If I am rooting my device, it's really to get xposed. So, if it means that I must revert to an unrooted stock rom everytime I wanna update, then so be it. I just want to make sure that breaking the systemless root aspect will not make the ROM unstable. Will it?
Henryy97 said:
Thanks. I am aware that you can revert back to lollipop, and do the update from there whenever you want to update to a newer OTA MM update. However, my real question is, what does it mean to break the systemless aspect? I know that it will prevent further OTA updates, but will xposed work as it should, etc? If I am rooting my device, it's really to get xposed. So, if it means that I must revert to an unrooted stock rom everytime I wanna update, then so be it. I just want to make sure that breaking the systemless root aspect will not make the ROM unstable. Will it?
Click to expand...
Click to collapse
I think you'll find all the info you're looking for and more in those links. But in summary, as I said, AFAIK the only consequence is breaking OTAs. It does not prevent you from using xposed, rather xposed is one of the things that breaks it. Systemless is so called because it roots without affecting the /system partition, therefore preventing the breaking of Android Pay and allowing OTAs. Once /system is modified (unclear if at all or just beyond a point), these two will no longer function. So if you "break" the systemless root by doing stuff that modifies /system (i.e. xposed, etc), you basically now have a standard (non-systemless) root, which simply negates the benefits it provides. But as far as I could tell, systemless is the only option anyway, so you just do it since it works and it's easy, then you either are careful not to break it if Pay/OTAs are important to you, or if you don't care about those then you just do whatever you want just as if you were rooted in the traditional way. But as I said, once I get the time, I plan to try out the systemless xposed, though it may not matter since I might have already broken it, but may as well, and maybe it'll mean not having to uninstall it when it comes time to take an OTA. If you play with it and figure it out, let me know.
vertigo_2_20 said:
I think you'll find all the info you're looking for and more in those links. But in summary, as I said, AFAIK the only consequence is breaking OTAs. It does not prevent you from using xposed, rather xposed is one of the things that breaks it. Systemless is so called because it roots without affecting the /system partition, therefore preventing the breaking of Android Pay and allowing OTAs. Once /system is modified (unclear if at all or just beyond a point), these two will no longer function. So if you "break" the systemless root by doing stuff that modifies /system (i.e. xposed, etc), you basically now have a standard (non-systemless) root, which simply negates the benefits it provides. But as far as I could tell, systemless is the only option anyway, so you just do it since it works and it's easy, then you either are careful not to break it if Pay/OTAs are important to you, or if you don't care about those then you just do whatever you want just as if you were rooted in the traditional way. But as I said, once I get the time, I plan to try out the systemless xposed, though it may not matter since I might have already broken it, but may as well, and maybe it'll mean not having to uninstall it when it comes time to take an OTA. If you play with it and figure it out, let me know.
Click to expand...
Click to collapse
Once again, thanks. I reached the limit of thanks I can give for today, haha. I'm reading up much more on the process, etc. Just one final question, how often do the OTA updates come on average? I always like having the latest software installed, so MAYBE I can consider having an unrooted phone.. although that will be very difficult. I love my xposed. Anyway, I guess if updates only come about once a month, then rooting is fine. Not too much of a loss. I will definitely be making a how-to guide once I'm done with all of this! (and once my device arrives)
Henryy97 said:
Once again, thanks. I reached the limit of thanks I can give for today, haha. I'm reading up much more on the process, etc. Just one final question, how often do the OTA updates come on average? I always like having the latest software installed, so MAYBE I can consider having an unrooted phone.. although that will be very difficult. I love my xposed. Anyway, I guess if updates only come about once a month, then rooting is fine. Not too much of a loss. I will definitely be making a how-to guide once I'm done with all of this! (and once my device arrives)
Click to expand...
Click to collapse
I bought my phone ~5-6 months ago. When I got it, the MM update was waiting (released late last year). Probably ~2 months later, another update came through. Since then, nothing. So it looks like probably 3 maybe 4 a year. I'd rather be rooted with all the benefits than get a small update, though I'd really rather have both.
6.0.1 is not out yet although there is a reteu version posted which works great. Rooting is as simple flashing su 2.62-3 with twrp.
lafester said:
6.0.1 is not out yet although there is a reteu version posted which works great. Rooting is as simple flashing su 2.62-3 with twrp.
Click to expand...
Click to collapse
I'll check it out. Do you mind sharing the link to that version just in case? I am very confused now though, because @vertigo_2_20 says he has 6.0.1, and you say you didn't get it. Perhaps location matters? Can you elaborate a little bit more?
And actually, I've just realized: I think I was looking at too many outdated posts perhaps with all the complicated root procedures such as the one by ivcarlos. The guide that amit.lohar made is very simple which is the one vertigo kindly shared in this OP. One final question @vertigo_2_20 (sorry for so many questions). Does the method by amit.lohar work for 6.0 anddd 6.0.1? I would assume so since they're pretty much very similar. What is your take on this?
I assumed I was on 6.0.1 because I received a system update after being on MM, so I don't know what else it could be. Though it does just say 6.0 in settings. Regardless, I only did it a few weeks ago, so if you're fully updated, you'll be the same as what I was. Even if not, I would think it wouldn't matter. As long as you do a back up before messing with things, worse case scenario is you screw something up and restore the backup.
Henryy97 said:
I'll check it out. Do you mind sharing the link to that version just in case? I am very confused now though, because @vertigo_2_20 says he has 6.0.1, and you say you didn't get it. Perhaps location matters? Can you elaborate a little bit more?
And actually, I've just realized: I think I was looking at too many outdated posts perhaps with all the complicated root procedures such as the one by ivcarlos. The guide that amit.lohar made is very simple which is the one vertigo kindly shared in this OP. One final question @vertigo_2_20 (sorry for so many questions). Does the method by amit.lohar work for 6.0 anddd 6.0.1? I would assume so since they're pretty much very similar. What is your take on this?
Click to expand...
Click to collapse
No I don't get links for people... this forum is small and easy to read. Dev section has one pre loaded with franken and there are two threads in general.
Henryy97 said:
Once again, thanks. I reached the limit of thanks I can give for today, haha. I'm reading up much more on the process, etc. Just one final question, how often do the OTA updates come on average? I always like having the latest software installed, so MAYBE I can consider having an unrooted phone.. although that will be very difficult. I love my xposed. Anyway, I guess if updates only come about once a month, then rooting is fine. Not too much of a loss. I will definitely be making a how-to guide once I'm done with all of this! (and once my device arrives)
Click to expand...
Click to collapse
If receiving the OTA updates is something you really want, systemless root will allow you to get them with a lot less effort. The trick is knowing which of the apps that require root privileges will end up modifying your system. Avoid the ones that will and you can enjoy root with less work to get updates. If the only root required apps you are interested in modifies the system, then it will be a matter of what you value more.
Sent from my awesome phone!
That reminds me of another thing I haven't yet figured out. If /system is modified, I'm assuming the OTA will still show up and just won't install, but I wonder if it won't even show up anymore. Anyone know?
aybarrap1 said:
If receiving the OTA updates is something you really want, systemless root will allow you to get them with a lot less effort. The trick is knowing which of the apps that require root privileges will end up modifying your system. Avoid the ones that will and you can enjoy root with less work to get updates. If the only root required apps you are interested in modifies the system, then it will be a matter of what you value more.
Sent from my awesome phone!
Click to expand...
Click to collapse
Ahhh! I guess I'll just flash ROMS to update my phone then because I need my xposed Besides, after 6.0, if we want root, we can only get the systemless one anyway, right?
Also, I did not quite understand something about systemless root. If the root is 'systemless', then how can apps still edit the system? I've read up that after a memory wipe, the root will actually go away but what happens if I have apps that already modified the system? I just don't quite get how the apps can get into the system and modify it, if the root itself cannot do that because it is systemless. Am I getting the wrong idea here? I've read, and read, and read. I can't find an answer to that :/ According to what you have said though, if I were to get an app that modifies the system, then it would essentially *break* the systemless aspect of it, right? Therefore, it just becomes a normal root?
I feel like I'm going in circles now so I hope someone will be able to explain this for me or just point me in the right direction!
Systemless root does not mean root doesn't have access to /system, it simply means a way of gaining root access without modifying the /system partition, because if you gain root with the old methods, which DO modify /system, it breaks Android Pay and OTAs. Root still has access to modify system, hence why you have to be careful in installing apps, xposed, etc, because if they have root access, they can modify it, and if they do, your systemless root just became useless. The whole point is to NOT modify it so as to keep those certain functions intact, but it doesn't prevent you from doing so after gaining root.
vertigo_2_20 said:
Systemless root does not mean root doesn't have access to /system, it simply means a way of gaining root access without modifying the /system partition, because if you gain root with the old methods, which DO modify /system, it breaks Android Pay and OTAs. Root still has access to modify system, hence why you have to be careful in installing apps, xposed, etc, because if they have root access, they can modify it, and if they do, your systemless root just became useless. The whole point is to NOT modify it so as to keep those certain functions intact, but it doesn't prevent you from doing so after gaining root.
Click to expand...
Click to collapse
My experience was rooting 5.1.1 on the new phone. I backed up at every stage. I tried a few roms, no big deal. I liked 5.1.1 better due to micro sd card usage. I stupidly allowed the OTA to attempt to install. I knew it would fail but hoped it would stop nagging. The result I did not expect was phone continually rebooting on its own, trying to complete the update. After it completed the reboot it would start to shut down and begin the reboot process again. I restored a backup and froze the Motorola Update app with Titanium Backup. Problem solved. Don't do what I did!
Why would you want to stay on L? M is so much better. Between Doze and permission control, you'll have better battery life and more privacy and security. Not to mention the increased security from having more up-to-date software. I'd recommend just taking the update.
On the other threads, I saw people who used the method lost wifi, etc.
Are there any working methods to root without losing anything?
jdugery said:
On the other threads, I saw people who used the method lost wifi, etc.
Are there any working methods to root without losing anything?
Click to expand...
Click to collapse
Yes... Use the latest TWRP and SuperSU 2.62-3 or latest and the manual systemless method. I have rooted at least 6 or 7 Moto devices on MM with ZERO issues. I don't know how people are losing WiFi or other connectivity when they do this.
There are a few rooting threads for Moto devices in my sig, rooting the MXPE is identical except the TWRP needs to be for this device... TWRP is available directly from https://twrp.me look for device "clark"
Download TWRP v3.0.2-0 and SuperSU v2.78 SR3, flash twrp recovery into device via fastboot, reboot into recovery, in twrp go to advanced and open terminal, input this command (without the quotes) into terminal and press enter:
"echo SYSTEMLESS=true»/data/.supersu"
flash supersu, it will flash systemless supersu, otherwise the device would bootloop, reboot, the device may reoboot once or twice, its normal, profit!
kadopt said:
Download TWRP v3.0.2-0 and SuperSU v2.78 SR3, flash twrp recovery into device via fastboot, Start TWRP and allow changes to system, reboot into recovery, in twrp go to advanced and open terminal, input this command (without the quotes) into terminal and press enter:
"echo SYSTEMLESS=true>>/data/.supersu"
flash supersu, it will flash systemless supersu, otherwise the device would bootloop, reboot, the device may reoboot once or twice, its normal, profit!
Click to expand...
Click to collapse
This... exactly this... if done properly will work without messing with WiFi, mobile data, or anything else, and TWRP will stick.
acejavelin said:
This... exactly this... if done properly will work without messing with WiFi, mobile data, or anything else, and TWRP will stick.
Click to expand...
Click to collapse
I have no idea how to flash stuff. Any noob guide with step by step instructions?
jdugery said:
I have no idea how to flash stuff. Any noob guide with step by step instructions?
Click to expand...
Click to collapse
Did you look at the tutorials in my sig?
acejavelin said:
Did you look at the tutorials in my sig?
Click to expand...
Click to collapse
That seems to be for Moto G.
Any guide for the Moto X running 6.1.
jdugery said:
That seems to be for Moto G.
Any guide for the Moto X running 6.1.
Click to expand...
Click to collapse
I hinted at it in an earlier post in this thread, but I will get more blunt... Every 3rd and 4th Generation Moto device on Marshmallow is identical from a rooting perspective, the only difference is you must use the proper TWRP for your device, every thing else is the same, the commands, the unlocking, the SuperSU, etc. It doesn't matter if it's a Moto E, G, Z, or X, the process is identical.
acejavelin said:
I don't know how people are losing WiFi or other connectivity when they do this.
Click to expand...
Click to collapse
I think the folks who are losing wifi are flashing patched boot images instead of just plain old systemless supersu and letting the installer automation do the boot image patching. They get an XT1572 boot image on an XT1575, or even on an XT1572 running a different system version and radios break.
That level of hackery hasn't been necessary since M and systemless root were in their infancy, but there are still how-to threads on here than push people in that direction.
The number of people who lose wifi or get stuck booting system after botching rooting this phone is surprising. At least this phone is pretty forgiving and you can fastboot your way out of trouble. I have another phone where mismatched firmware has been known to require jtag or even motherboard replacement to recover from.
jason2678 said:
I think the folks who are losing wifi are flashing patched boot images instead of just plain old systemless supersu and letting the installer automation do the boot image patching. They get an XT1572 boot image on an XT1575, or even on an XT1572 running a different system version and radios break.
That level of hackery hasn't been necessary since M and systemless root were in their infancy, but there are still how-to threads on here than push people in that direction.
The number of people who lose wifi or get stuck booting system after botching rooting this phone is surprising. At least this phone is pretty forgiving and you can fastboot your way out of trouble. I have another phone where mismatched firmware has been known to require jtag or even motherboard replacement to recover from.
Click to expand...
Click to collapse
Hmm... that makes sense. I half-jokingly said in another thread I should write a "new" how to root guide for this device similar to my existing ones for the Moto G 3/4 devices, maybe I should actually do that, but getting ANOTHER guide might just add to the confusion of users.
acejavelin said:
Hmm... that makes sense. I half-jokingly said in another thread I should write a "new" how to root guide for this device similar to my existing ones for the Moto G 3/4 devices, maybe I should actually do that, but getting ANOTHER guide might just add to the confusion of users.
Click to expand...
Click to collapse
Might help if you could get it stickied.
If the OP of the Heisenberg thread were updated, and the ivcarlos thread got pulled down I think we'd see a lot less soft bricks. The users who started all the guide and resource threads seem to have all moved on.
The Q&A is full of "help I borked my MXP rooting it" threads. Can't be good for the confidence of a new user. At least they're easy to fix.
jason2678 said:
Might help if you could get it stickied.
If the OP of the Heisenberg thread were updated, and the ivcarlos thread got pulled down I think we'd see a lot less soft bricks. The users who started all the guide and resource threads seem to have all moved on.
The Q&A is full of "help I borked my MXP rooting it" threads. Can't be good for the confidence of a new user. At least they're easy to fix.
Click to expand...
Click to collapse
Yeah... I'll work on it over the next day or so. It's frustrating, I think I've helped recover and root at least a dozen devices in the last week alone.
A contributor is reporting success rooting 5.3.2.1 with Kingroot. No immediate confirmation...simply reposting for visability and comment. Report your results here for community benefit.
https://forum.xda-developers.com/am...-5th-gen-supertool-root-t3272695/post70784402
Reminder: Do not attempt to rollback FireOS 5.3.2.1; you will likely be rewarded with a brick.
No success for me. I have assumed "Gave both king root and purify full access via setting" as enabling these apps in accessibility under services?
I have tried KR 4.9.2, 4.9.6, 4.9.7, 5.0.0 and 5.0.3 numerous times. Also done a factory reset and followed the steps stated to no avail.
Maybe I am just unlucky.
stonedpsycho said:
No success for me. I have assumed "Gave both king root and purify full access via setting" as enabling these apps in accessibility under services?
I have tried KR 4.9.2, 4.9.6, 4.9.7, 5.0.0 and 5.0.3 numerous times. Also done a factory reset and followed the steps stated to no avail.
Maybe I am just unlucky.
Click to expand...
Click to collapse
Not having any luck with it either.
This is just a quick overview for testing purposes. As always, there is an extreme chance of the undesired "Bricked Device". You are warned...
1. Make sure adb and fastboot drivers are enabled and working to the 5th gen Fire. Extremely important.
2. Once connection is working follow the "Super Tool" setup directions.
3. Disable ota, disable ads and install GPlay. Somethings can only be done after root.
4. Once you have Gplay setup, use Super Tool to install KingRoot.
5. When you first run KingRoot, it will advertise "Purify Battery Saver" install it.
6. Afterwards run KingRoot. It will reboot 3-5 times before applying root. This process of rooting consumed over an hour and may need to be restarted if KingRoot fails.
7. Please keep in mind it is just an overview in order to determine the steps correctly.
If necessary I will start from square one and document all my steps. After rooting, I downgraded to 5.3.1 and verified 2 roms worked (Fire Nexus and CM Fire.)
My apologies for not providing more accurate details, its just an overview.
TechDad378 said:
This is just a quick overview for testing purposes. As always, there is an extreme chance of the undesired "Bricked Device". You are warned...
1. Make sure adb and fastboot drivers are enabled and working to the 5th gen Fire. Extremely important.
2. Once connection is working follow the "Super Tool" setup directions.
3. Disable ota, disable ads and install GPlay. Somethings can only be done after root.
4. Once you have Gplay setup, use Super Tool to install KingRoot.
5. When you first run KingRoot, it will advertise "Purify Battery Saver" install it.
6. Afterwards run KingRoot. It will reboot 3-5 times before applying root. This process of rooting consumed over an hour and may need to be restarted if KingRoot fails.
7. Please keep in mind it is just an overview in order to determine the steps correctly.
If necessary I will start from square one and document all my steps. After rooting, I downgraded to 5.3.1 and verified 2 roms worked (Fire Nexus and CM Fire.)
My apologies for not providing more accurate details, its just an overview.
Click to expand...
Click to collapse
Are you sure it was 5.3.2.1 you where on ? I only ask because downgrading to 5.3.1 from 5.3.2.1 should result in a brick as the boot loader used in 5.3.1 and 5.3.2 changed from on 5.3.2.1 and the anti-roll back measure amazon have should have kicked in to give you a brick.
How did you roll back ? Through ADB or placing the update file in the internal SD ?
Correct it was 5.3.2.1. While playing around with it I hit a black screen while booting. Upon reading some posts, I thought there was no return because of the version. Since the device responded via usb on pc, adb sideload worked causing downgrade to work.
Don't get me wrong this may have been just pure random luck. But hopefully my results my lead to "Fire Lineage OS".
No luck with this method. Will keep trying.
Zero Luck yet as well. Will try again. Hopefully something more reliable will come about soon.
Sorry to hear you have had no success. Will revert everything back and document each step. Once the method has been identified as successful, the information will be provided.
You still need to provide us with one of the most important tips, what version of kingroot you are using.
Thank you
TechDad378 said:
... But hopefully my results my lead to "Fire Lineage OS".
Click to expand...
Click to collapse
Quick side note: No LineageOS for this pup while the bootloader remains locked. LineageOS begins with Android 6 (Marshmallow); the current suite of Android 5 (Lollipop) ROMs is all we'll see due to FireOS 5 kernel restrictions. Unless Amazon releases and back ports FireOS 6 to older devices. Highly unlikely IMHO ... economics don't square.
If someone succeeds, could they try to post the kmPlugins.zip from their downloads folder? If we can get that from a successful root, then we could probably skip all the repeated failures and just get KingRoot to use that method immediately.
What ever happened to the guy that had rooted it? I knew he was bs.
Geek Surfer said:
What ever happened to the guy that had rooted it? I knew he was bs.
Click to expand...
Click to collapse
Hmm...
Interesting response.
With a full time job and a family, this is a hobby I do for fun in my spare time. Most mods are done with patience and diligence.
Recommending following command,
C:/yourself/ adb sideload patience.zip
---------- Post added at 03:20 AM ---------- Previous post was at 03:09 AM ----------
Davey126 said:
Quick side note: No LineageOS for this pup while the bootloader remains locked. LineageOS begins with Android 6 (Marshmallow); the current suite of Android 5 (Lollipop) ROMs is all we'll see due to FireOS 5 kernel restrictions. Unless Amazon releases and back ports FireOS 6 to older devices. Highly unlikely IMHO ... economics don't square.
Click to expand...
Click to collapse
Point taken. Just hoping LineageOS will be as widespread.
As for the root, I reverted back to original. Trying to recreate the environment which allowed success.
Geek Surfer said:
What ever happened to the guy that had rooted it? I knew he was bs.
Click to expand...
Click to collapse
Nice. If you bothered to read his post history you might think differently. Well presented/documented with all the appropriate caveats.
Geek Surfer said:
What ever happened to the guy that had rooted it? I knew he was bs.
Click to expand...
Click to collapse
What a shame that people can't be considerate online anymore.
@TechDad378 Could you verify what supertool version you are using . I'm trying to figure what version of gapps got installed, and can you recall if you installed any apps from playstore like chrome ?
I don't have a tablet with 5.3.2.1 but it occoured to me that kingroot may have found a backdoor to root in playstore or another installed app. I've tested on a tablet with previously unrootable 5.1.4 and the difference in root behaviour pre/post play store installion is very noticable. The tablet reboots several time during root with playstore installed , it only rebooted once without it installed.
Ive not managed to root it yet but kingroot now stuck on verifing root status, it previouly detected it as unrooted, something has changed
My router is blocking OTA so going keep playing with this
5.1.4 Rooted !!!!!
Mr McBoatface said:
@TechDad378 Could you verify what supertool version you are using . I'm trying to figure what version of gapps got installed, and can you recall if you installed any apps from playstore like chrome ?
I don't have a tablet with 5.3.2.1 but it occoured to me that kingroot may have found a backdoor to root in playstore or another installed app. I've tested on a tablet with previously unrootable 5.1.4 and the difference in root behaviour pre/post play store installion is very noticable. The tablet reboots several time during root with playstore installed , it only rebooted once without it installed.
Ive not managed to root it yet but kingroot now stuck on verifing root status, it previouly detected it as unrooted, something has changed
My router is blocking OTA so going keep playing with this
Click to expand...
Click to collapse
Well it may not be the news most visiting this thread are looking for but I've rooted the previously unrootable 5.1.4 !!!!
I played around with various play store installations as suggested in my post above looking for a back door to root. 3 hours and got no where. Decided to downgrade to 5.1.2 and use supertools to root it the tablet. For the life of my I couldn't root this rootable OS..... six attempts failed each with multipul reboots. Then I read up a bit more and use kingroot 4.8.2 as suggested in this thread - https://forum.xda-developers.com/amazon-fire/general/flashing-kindle-5-1-2-using-kingroot-t3346300. This time 5.1.2 Rooted first time one reboot using Kingroot. I had always thought the Kingroot edition used didn't really matter that the files it used came from the online database. This result put that assumption into doubt.
Decided to go back to 5.1.4 and retry using the kingroot as above....... Didn't work. Not being someone who gives up easy i tried the impressively long-named "NewKingrootV5.0.1_C165_B377_xda_release_protected_2016_12_22_20161222120332_105243_signed.apk" from here https://forum.xda-developers.com/devdb/project/?id=9793#downloads
Rooted first time !!! It did reboot a few times, I had to manually restart the root process each time it rebooted but it picked off at the % point where it rebooted.
Moral of the story never give up and try some kingroot versions from the xda links above
Going to reset the device and confirm it's repeatable.
Mr McBoatface said:
Well it may not be the news most visiting this thread are looking for but I've rooted the previously unrootable 5.1.4 !!!!
I played around with various play store installations as suggested in my post above looking for a back door to root. 3 hours and got no where. Decided to downgrade to 5.1.2 and use supertools to root it the tablet. For the life of my I couldn't root this rootable OS..... six attempts failed each with multipul reboots. Then I read up a bit more and use kingroot 4.8.2 as suggested in this thread - https://forum.xda-developers.com/amazon-fire/general/flashing-kindle-5-1-2-using-kingroot-t3346300. This time 5.1.2 Rooted first time one reboot using Kingroot. I had always thought the Kingroot edition used didn't really matter that the files it used came from the online database. This result put that assumption into doubt.
Decided to go back to 5.1.4 and retry using the kingroot as above....... Didn't work. Not being someone who gives up easy i tried the impressively long-named "NewKingrootV5.0.1_C165_B377_xda_release_protected_2016_12_22_20161222120332_105243_signed.apk" from here https://forum.xda-developers.com/devdb/project/?id=9793#downloads
Rooted first time !!! It did reboot a few times, I had to manually restart the root process each time it rebooted but it picked off at the % point where it rebooted.
Moral of the story never give up and try some kingroot versions from the xda links above
Going to reset the device and confirm it's repeatable.
Click to expand...
Click to collapse
Nice! While you can downgrade 5.1.4, this mean it may be possible to root without using a PC to downgrade first. I'm going to try on 5.3.2.1, and see how it works.
Sent from my Amazon Fire using XDA Labs
Repeated root on 5.1.4, replace the kingroot in supertools with the "NewKingrootV5.0.1_C165_B377_xda_release_protected _2016_12_22_20161222120332_105243_signed.apk" version and ran the script.
It needed 2 attempts this time but it rooted. The supertools script removed it and replaced with supersu.
See attached video in zip to confirm