Related
Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x here.
This is an article that talks about working with the new sahara protocol the Moto E uses. The qdloader used for the moto x is an older protocol.
Good luck!
jahrule said:
Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x here.
This is an article that talks about working with the new sahara protocol the Moto E uses. The qdloader used for the moto x is an older protocol.
Good luck!
Click to expand...
Click to collapse
This will be awesome.
Sent from my XT1528 using XDA Free mobile app
jahrule said:
Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x
Click to expand...
Click to collapse
How did you get it into the QDL mode?
fire3element said:
How did you get it into the QDL mode?
Click to expand...
Click to collapse
You get into it by soft bricking your phone. But you can't get out until someone can do the procedure above. I am sure it is trivial using qfil but I run Linux solely and am not in a rush just giving a helping hand to someone here if they want to put a little effort in.
jahrule said:
You get into it by soft bricking your phone. But you can't get out until someone can do the procedure above. I am sure it is trivial using qfil but I run Linux solely and am not in a rush just giving a helping hand to someone here if they want to put a little effort in.
Click to expand...
Click to collapse
I am ready to get the ball rolling on this. This phone needs root at the least, since the bootloader is locked (thanks to Verisucks). I will PM you.
fire3element said:
I am ready to get the ball rolling on this. This phone needs root at the least, since the bootloader is locked (thanks to Verisucks). I will PM you.
Click to expand...
Click to collapse
Pm responded
How's it going?
I can help with this as well. I have my XT1528 on standby. Don't have much dev experience with Android, but I can sure try.
Unless you are willing to stare endearingly at a shiny paperweight that once was your phone, I don't think anyone can do much to help.
To sum this up for new eyes wondering where this might be headed:
Motorola (along with many of the other major phone manufacturers) have removed the ability to load QDownload mode manually. Apparently, the XT1528 along with many newer devices, is now running a new protocol for the diagnostic port. (and there is more than one way the port can be present/active, to further complicate things)
Please do not ask me to explain. I am just barely beginning to understand this stuff myself.
As of right now, the only known method to get our Verizon 2nd gen Moto E into QDL is to actually BRICK the device. At which point the phone will resort to the next level down, since it can not boot properly.
So unless you are willing to intentionally brick your phone to advance this cause... I am afraid that you can not do much.
There is also the looming risk that the device can not be recovered if the new protocols are not figured out. I am treading in uncharted waters here.
Means you or I lost a phone and the $$$ spent on it. By another one and try again.
If you are adamant about wanting to help, click on the 2 links in the OP. @jahrule has posted information that tells us with direction to go.
And if you do not understand what is going on in either article........................................ maybe it is best left alone.
Not being harsh, just safer that way. I am having to figure this stuff out as I go too.
As for progress..? None. I am not intentionally bricking my phone until I gather enough info that will lead me to the conclusion that I can recover the device.
So goes without saying. BE NICE____DO NOT PESTER
@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
---------- Post added at 08:20 PM ---------- Previous post was at 08:15 PM ----------
neo4uo said:
@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
Click to expand...
Click to collapse
@jahrule
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?
jahrule said:
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?
Click to expand...
Click to collapse
No, we are not trying to mess with the bootloader. I do not think we even could. The ideal way to go about that would be to use the XT1526 Boost Mobile bootloader and modify it to fit the XT1528. Those 2 models are about the closest in hardware of all the variants. (and I have already tried working on this in the last few months with no progress)
I do not think that would work anyways.
What we are attempting to do here is inject root into the system partition after the kernel startup. After the OS is booted, and root is in place, it should become permanent from then on. At least until you delete, install over, or wipe the device.
The issue here is, there is no way to manually put the phone into QDL mode. (as I mentioned in my post above).
Once we are in QDL, there is no known way to get it out. If the flasher tool does not see/read the phone, there will be no way to recover since we can not flash files to fix what we had to break to get there in the first place.
See the paradox now? LoL
Personally, I can not afford to throw this phone to the gutter. Simply do not have that kind of money laying around. If you can stand to throw $50 into the wind, more power to you Bro
Give it a go, but don't be careless just for the sake of wanting to try something. (speaking from experience here)
UPDATE: I think I am going to hold off on this for now. Looks like the Stagefright vulnerability is going to lead to a new ROOT exploit.
This is bad news for android, but great news for those of us that have locked down devices. Please download the Zimperium StageFright Detector app from the play store to see if you device is vulnerable.
If it is, DO NOT TAKE ANY UPDATES till we get confirmation that a new exploit will benefit us or not.
My GoPhone moto e says it is vulnerable running 5.1 stock firmware
Sent from my MotoE2(4G-LTE) using XDA Free mobile app
fire3element said:
No, we are not trying to mess with the bootloader. I do not think we even could. The ideal way to go about that would be to use the XT1526 Boost Mobile bootloader and modify it to fit the XT1528. Those 2 models are about the closest in hardware of all the variants. (and I have already tried working on this in the last few months with no progress)
I do not think that would work anyways.
Click to expand...
Click to collapse
The bootloader is the same. This will help nothing.
fire3element said:
What we are attempting to do here is inject root into the system partition after the kernel startup. After the OS is booted, and root is in place, it should become permanent from then on. At least until you delete, install over, or wipe the device.
Click to expand...
Click to collapse
What we are trying to do is use qfil or blanflash qflash to recover from QDL mode and be able to write partitions from there.
fire3element said:
The issue here is, there is no way to manually put the phone into QDL mode. (as I mentioned in my post above).
Once we are in QDL, there is no known way to get it out. If the flasher tool does not see/read the phone, there will be no way to recover since we can not flash files to fix what we had to break to get there in the first place.
Click to expand...
Click to collapse
Issue is only recovering from QDL mode which is the goal see above. Getting the phone into QDL mode is very easy.
fire3element said:
See the paradox now? LoL
Personally, I can not afford to throw this phone to the gutter. Simply do not have that kind of money laying around. If you can stand to throw $50 into the wind, more power to you Bro
Give it a go, but don't be careless just for the sake of wanting to try something. (speaking from experience here)
UPDATE: I think I am going to hold off on this for now. Looks like the Stagefright vulnerability is going to lead to a new ROOT exploit.
This is bad news for android, but great news for those of us that have locked down devices. Please download the Zimperium StageFright Detector app from the play store to see if you device is vulnerable.
If it is, DO NOT TAKE ANY UPDATES till we get confirmation that a new exploit will benefit us or not.
Click to expand...
Click to collapse
Stagefright will get one system permissions not root permissions.
neo4uo said:
@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
---------- Post added at 08:20 PM ---------- Previous post was at 08:15 PM ----------
@jahrule
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?
Click to expand...
Click to collapse
I am proposing that you read the way CrashXXL achieved root on the moto x and we do the same
jahrule said:
Stagefright will get one system permissions not root permissions.
Click to expand...
Click to collapse
Surely I am not misinterpreting what I am seeing here.
https://www.youtube.com/watch?v=PxQc5gOHnKs
Looked for a video of Josh's DefCon presentation, but could not find one. So either he has not presented yet, or no one had uploaded the vid at this time.
Here is an excerpt from the Zimperium blog:
" 2. Zimperium Research Labs (zLABS) will release a video later this week with a Stagefright RCE demonstration. Several large carriers requested that we delay the release of our working exploit. We agreed, given the gravity of the situation. Unfortunately, because the patches are open-source [1, 2], many researchers are already working on creating an exploit. We are planning to release our exploit on August 24th, 2015. However, if an exploit is publicly released or attacks are detected in the wild before that date, we will release ours for testing purposes at that time. "
and
" 6. Josh will present the full details of his research at Black Hat on August 5th or DEFCON on August 7th. We invite you to join us! "
Hopefully this is the new exploit we have all been waiting for. I know that I need to move away from my current device because of hardware issues, however I can not do that until I root this device. More info is sure to come in the next few weeks
jahrule said:
The bootloader is the same. This will help nothing..
Click to expand...
Click to collapse
I should have clarified myself. My attempt was to replace the Verizon "locked" bootloader withe the Boost "un-locked" bootloader.
Again, I do not think it will work. However, if the flasher tool will actually work with this phone, then I suppose it would not hurt to try it. If it does not work, simply flash your backup of the original BL.
Is it possible to flash 5.0.1 back after you update? or remove any update..? Hahaha I updated mine for stagefright without thinking. Diddnt know untill i checked it & found it wasnt vunarable. I know it was before.. Ugh. Carelessness on me behalf.
Hey guys, I have this phone as well as the htc desire 526 pp and they are both just laying in a drawer. I bought them when I couldn't afford a real replacement for my broken nexus 6 and now that I don't need either I would be more then willing to sacrifice mine for the sake of helping out. Plus if it works then the phone is rooted, negative if I can't use it I can free up some drawer space. Not a big loss either way as the screen is too small for my liking. Very nice phone otherwise just not enough space or screen.
So just a quick little update on this.
I purposely bricked another Moto E and was able to get it to show up in the Device Manager as QCOM_BULK (not the exact wording, I forgot) . This required me to flash a bad Bootloader to get the device to fail to turn on, thus kicking it into the fall back mode. I tried flashing all other partitions to make the phone go into the BULK mode. None worked except for the bootloader.
Could not get anywhere with it. We need some specific files to flash in order to get the device rooted or bootloader unlocked. Its not just a few files either, and they have some weird extensions.
I ended up taking the device back and getting something else. Just don't have time to keep playing with it. Someone smarter than me could probably get it done with not a whole lot of effort.
Sorry guys. I tried with my limited knowledge and skills.
Since you have abandoned this project, do you think you could PM me any/all info you have? I would like to take a stab at this.
Steve_xposed said:
Since you have abandoned this project, do you think you could PM me any/all info you have? I would like to take a stab at this.
Click to expand...
Click to collapse
I too would like to see the process, in order to enter QDL mode, I LITERALLY have no use for this phone as it is damaged but still boots and can use screen
All,
Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.
@beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This tool is based off the research of @ryanbg . This makes the process all the simpler for developers to understand/port functionality!
I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of, though, it still could work, I need a tester, PM me, or Telegram me @npjohnson), and many, many other devices form a variety of manufacturers..
How does this apply to you?
The Note 4 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.
How can you help this progress?
You can't.
Currently, the CID writes 'successfully', and persists across reboots, but one of the registers isn't fully flushed. I am working on a module that will flush the register and allow for the Developer Edition Aboot to be flashed via ODIN.
Now, you may ask "How could we load modules, I thought that was impossible?", the short answer is, it is. At least, without what we found (or, rather, stumbled across).
We have the device kicking into Developer Edition using the CID write, and a hardware modification, which we stumbled across (demo: here, credits to @PaulPizz for spending late nights testing the various things I would throw at him, and having the balls to do some dangerous stuff that I personally believed would permanently brick his device). This method is volatile, dangerous, and quite honestly, shouldn't work. When I am confidently able to prove how it works, I will release details on my blog: here. Until then (shouldn't be more than a month, but as always, this is a free time project, and could be put on hold for real life, as I am busy with Cyber Security competitions).
What will most likely be the course of action once I release:
- Change CID to a provided Developer Edition CID
- Use hardware mod to flash/boot the custom kernel I have build to enable module loading (or maybe I'll build the function into the kernel itself, haven't decided yet)
- Either load the module, or call the function (if the latter, I'll write a binary to do so)
- Revert the hardware mod
- Flash Developer Edition Aboot via ODIN
This should be bootloader version agnostic, but, as always, beware updates, and, I'd stay away from any incoming MM updates on all locked carrier variants if you want to retain the ability to use this. If Samsung can update the eMMC firmware using those vendor commands, they can sure as heck change them the same way. Then the ability to do this goes away entirely.
You may be asking, "Can I donate to progress?"
Well. Sort of. Beaups asked that all donations go to the Make a Wish Foundation, or @ryanbg (as he is getting hitched , may you forever 'make cooking' Ryan! Haha.).
If you'd like to donate to me, know that it is not for the CID write, but instead, the work and research put into getting this all worked out for this device. I will also be dividing any donations sent to me with my tester, as he has spent a fair bit of time on this, as have I.
@npjohnson I have two devices s4 and note 4 both from Verizon, I'm in Brazil right now so I don't know if it makes a difference but I'm able to use temporary root in my note 4 so if you want any help give me a shot, I'm not a developer but engineer so any you need from me to get this rooted count me
OMG Could it be?
npjohnson said:
All,
Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.
Beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This makes the process all teh simpler!
I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of), and many, many others.
How does this apply to you?
The Note 4 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.
How can I help this progress?
I need a few thing to make this work:
- A few testers with Production devices, and root (temp-root should work fine) -- I will contact these people individually, do not ask here to test.
- One person with a Developer Edition that has root (need an aboot dump, and them to run one command).
If any of you know of someone with a Developer Edition, please get them in contact with me. I can be reached on Hangouts, or on Telegram (@npjohnson).
PLEASE do not post your CID publicly.
Click to expand...
Click to collapse
So you are saying this might be a path to perm root?
kerfex said:
So you are saying this might be a path to perm root?
Click to expand...
Click to collapse
Not only root but unlock bootloader please encourage anyone to help
The android gods have sent us a miracle
---------- Post added at 12:30 PM ---------- Previous post was at 12:29 PM ----------
I have a locked Verizon note 4 I'm willing to help
@npjohnson Im willing to help. I have been around the block a few times testing for other developers. I am on 5.1.1 and can hold temp root with Kingroot for about 15 minutes.
Edit: I can role back to 5.0 if needed.
@npjohnson
I believe these are some note 4 developer files. Hope this helps
https://www.androidfilehost.com/?w=files&flid=28873
@Venom0642 - Awhile back I think you said you had a developer addition note 4. Do you still have one? Can you help?
howellcp said:
@Venom0642 - Awhile back I think you said you had a developer addition note 4. Do you still have one? Can you help?
Click to expand...
Click to collapse
Sorry mate look at my Sig i been on Note 5 since it came out, so i don't have any Note 4.
Running On Samsung Galaxy Note 5 N920A Wicked Deadly Venom Theme
also willing,
have a retail Verizon,
on LP but can roll back to kk
I have a dev ed Note Edge BUT I bought it used and the previous owner blew retail firmware into it, so aboot is destroyed. Strange thing, though, I'm able to get perm root with the latest kingroot on 5.1.1.
If that's useful to you, I'm down if you're down!
h00rj said:
I have a dev ed Note Edge BUT I bought it used and the previous owner blew retail firmware into it, so aboot is destroyed. Strange thing, though, I'm able to get perm root with the latest kingroot on 5.1.1.
If that's useful to you, I'm down if you're down!
Click to expand...
Click to collapse
If you have a backup of that old aboot, then yes. Feel free to jump in on the thread I added in the Note Edge XDA forum.
kerfex said:
So you are saying this might be a path to perm root?
Click to expand...
Click to collapse
Bootloader Unlock, so yeah, permanent root, though, I don't know if write protection will still be active, but we can hope.
PaulPizz said:
@npjohnson
I believe these are some note 4 developer files. Hope this helps
https://www.androidfilehost.com/?w=files&flid=28873
Click to expand...
Click to collapse
It would... if you knew whose aboot that was, and they were around to dump their CID. Track them down, then we'll talk.
@morgej, please see original post.
Just out of curiosity, correct me if this is lame thinking or not worth trying but would it be possible to change the cid to turn the device into lets say another variant in order to utilize something like CROM.apk or to odin another variants tar files to oem unlock a device?
elliwigy said:
Just out of curiosity, correct me if this is lame thinking or not worth trying but would it be possible to change the cid to turn the device into lets say another variant in order to utilize something like CROM.apk or to odin another variants tar files to oem unlock a device?
Click to expand...
Click to collapse
You could, but the device 99% wouldn't boot.
Plus, you do realize developer editions are unlocked? Why would you want to flash to another variant to oem unlock? Literally the same thing.
Rom-Addict said:
also willing,
have a retail Verizon,
on LP but can roll back to kk
Click to expand...
Click to collapse
Please Hangouts message me if you have adb set up, and can use it.
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Zues532 said:
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Click to expand...
Click to collapse
1. I believe this will work. I tired to help but suck at adb now apparently.
2. No need to post if you don't believe. Just ignore
Zues532 said:
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Click to expand...
Click to collapse
Well. Why don't you read the paper?
All devices that:
1. Use a Samsung eMMC (allows CID write)
&
2. A Developer Edition (allows you to supply a developer CID, and use their aboot)
Are vulnerable.
Question it if you will, but I am packaging things up as I write.
have adb setup but it's been awhile
I'm not a Dev. (I wish i was one) but what to we need to build or port TWRP to our devices?
I manage to capture this screen while trying to figure out why i wasn't able to flash the boot_OTA from @jkuczera thread and i don't know if this can help. It has the " RECOVERY FileSystem Table ".
How to compile / Port TWRP
DrakenFX said:
I'm not a Dev. (I wish i was one) but what to we need to build or port TWRP to our devices?
I manage to capture this screen while trying to figure out why i wasn't able to flash the boot_OTA from @jkuczera thread and i don't know if this can help. It has the " RECOVERY FileSystem Table ".
Click to expand...
Click to collapse
The TWRP team cannot afford to buy every device made. However, TWRP is fully open source, so you may begin the porting process by using the compile guide at: http://forum.xda-developers.com/showthread.php?p=32965365
Although you may be able to compile it, testing is another matter. You will need a stock recovery image to revert to when your TWRP doesn't work properly.
I have received a request and will begin porting it today, I'll need someone with an unlocked bootloader to join #twrp between 1 pm and 2 am EST for testing.
I'm still having trouble finding stock firmware, however. I may be able to get around this, I'll also see about making a full factory firmware fastboot flashable.
jcadduono said:
I have received a request and will begin porting it today, I'll need someone with an unlocked bootloader to join #twrp between 1 pm and 2 am EST for testing.
I'm still having trouble finding stock firmware, however. I may be able to get around this, I'll also see about making a full factory firmware fastboot flashable.
Click to expand...
Click to collapse
Thank you!!!!
jcadduono said:
I have received a request and will begin porting it today, I'll need someone with an unlocked bootloader to join #twrp between 1 pm and 2 am EST for testing.
I'm still having trouble finding stock firmware, however. I may be able to get around this, I'll also see about making a full factory firmware fastboot flashable.
Click to expand...
Click to collapse
Thank you!
Hopefully someone with an unlocked bootloader can be available; some of us (myself included) won't receive our phones until this week.
Thank you
jcadduono said:
I have received a request and will begin porting it today, I'll need someone with an unlocked bootloader to join #twrp between 1 pm and 2 am EST for testing..
Click to expand...
Click to collapse
If it helps, the kernel source is available.
http://download.ztedevice.com/device/global/support/opensource/2/20160801_1/P996A01_B18_kernel.tar.gz
And just in case that link doesn't work for some reason, it's at: http://opensource.ztedevice.com/ under Smart Phones -> ZTE A2017U Marshmallow Kernel(3.18.x)
Also, the Chinese stock rom is available, this thread has more info: http://forum.xda-developers.com/axon-7/development/axon-7-chinese-stock-roms-t3436817
Be warned, takes forever to download... Took me almost 2 hours to complete it.
I have an unlocked Axon 7. Let me know if there's anything I can do to help, so long as it won't ruin the phone. I'm reasonably comfortable flashing software and such.
daneoleary said:
I have an unlocked Axon 7. Let me know if there's anything I can do to help, so long as it won't ruin the phone. I'm reasonably comfortable flashing software and such.
Click to expand...
Click to collapse
Thanks to a friend/old pal @Unjustified Dev we are going to have a early xmas. check link below
http://forum.xda-developers.com/showpost.php?p=68191213&postcount=122
jcadduono said:
I have received a request and will begin porting it today, I'll need someone with an unlocked bootloader to join #twrp between 1 pm and 2 am EST for testing.
I'm still having trouble finding stock firmware, however. I may be able to get around this, I'll also see about making a full factory firmware fastboot flashable.
Click to expand...
Click to collapse
If you still need a tester I can set my alarm
daneoleary said:
I have an unlocked Axon 7. Let me know if there's anything I can do to help, so long as it won't ruin the phone. I'm reasonably comfortable flashing software and such.
Click to expand...
Click to collapse
jkuczera said:
If you still need a tester I can set my alarm
Click to expand...
Click to collapse
Well, if no one joins #twrp it's effectively not volunteering - so far no one has.
(it could go weeks without anyone joining, so please, step up if you can)
goalkeepr said:
If it helps, the kernel source is available.
http://download.ztedevice.com/device/global/support/opensource/2/20160801_1/P996A01_B18_kernel.tar.gz
And just in case that link doesn't work for some reason, it's at: http://opensource.ztedevice.com/ under Smart Phones -> ZTE A2017U Marshmallow Kernel(3.18.x)
Click to expand...
Click to collapse
Already got that, merged it into the CAF branch and updated it as well!
https://github.com/jcadduono/android_kernel_zte_msm8996/commits/stock-6.0
I think ZTE deserves an award here, as they used almost pure CAF and very up to date! (I only had to merge like 8 commits to be current)
DrakenFX said:
Thanks to a friend/old pal @Unjustified Dev we are going to have a early xmas. check link below
http://forum.xda-developers.com/showpost.php?p=68191213&postcount=122
Click to expand...
Click to collapse
Nice can't wait.
How do I join #TWRP? The hashtag doesn't really tell me much.
Axon 7 sub-reddit has a guy with a pic of TWRP on his Axon 7
daneoleary said:
I have an unlocked Axon 7. Let me know if there's anything I can do to help, so long as it won't ruin the phone. I'm reasonably comfortable flashing software and such.
Click to expand...
Click to collapse
budderocks said:
Axon 7 sub-reddit has a guy with a pic of TWRP on his Axon 7
Click to expand...
Click to collapse
that's me holding it,
http://forum.xda-developers.com/showpost.php?p=68191213&postcount=122
here go play with this for a while <link removed until further testing is done, yes i still need someone to join #twrp>
USE WITH CAUTION
probably got a few bugs, been trying to figure out the crypto so you guys can have working encrypted data, but ahhhhhhh well
mr. jkuczera was nice enough to swing by and flash it and let me know it boots, as well as provide me with some dd's so...
heres some STOCK fastboot flashables 4 funsies: https://idlekernel.com/flash-tools/firmware/ailsa_ii_A2017U/B20/
have fun
sources: https://github.com/jcadduono/android_device_zte_ailsa_ii
kernel: https://github.com/jcadduono/android_kernel_zte_msm8996/commits/twrp-6.0
I salute all the brave soul beta testing without a USA stock image available.
jcadduono said:
here go play with this for a while https://idlekernel.com/twrp/a2017/twrp-3.0.2-0-b3-ailsa_ii.img
USE WITH CAUTION
probably got a few bugs, been trying to figure out the crypto so you guys can have working encrypted data, but ahhhhhhh well
mr. jkuczera was nice enough to swing by and flash it and let me know it boots, as well as provide me with some dd's so...
heres some STOCK fastboot flashables 4 funsies: https://idlekernel.com/flash-tools/firmware/ailsa_ii_A2017U/B20/
have fun
sources: https://github.com/jcadduono/android_device_zte_ailsa_ii
kernel: https://github.com/jcadduono/android_kernel_zte_msm8996/commits/twrp-6.0
Click to expand...
Click to collapse
Thank you for all of your help!
anks329 said:
Also, the Chinese stock rom is available, this thread has more info: http://forum.xda-developers.com/axon-7/development/axon-7-chinese-stock-roms-t3436817
Be warned, takes forever to download... Took me almost 2 hours to complete it.
Click to expand...
Click to collapse
I uploaded all of them to MEGA now so that people don't have to endure the horror that is Baidu.
Hey y'all thanks for taking a peek at this thread.
We, the people over at the forum for the Moto G4 Play, have had a lot of trouble figuring out how to remove the Amazon ads from our XT1607. You guys have found that simply flashing your gpt.bin and oem.img from a non-amazon XT1625 to an amazon XT1625 works simply enough.
Problem is with our device the amazon oem.img is sparsed into two different chunks, but the non-amazon device has a single oem.img. We have tried many different routes to remove the Amazon Ads from our device but haven't been successful at all. Now we've hit a roadblock and can't figure out how to get around it; and we'd love for the developers of this subforum to help us out.
Check out our progress in this post I made.
Thanks!
be aware that Amazon G4 owners (me included) who used RootJunky's Amazon debloating method cannot receive updates. attempts to flash the stock Amazon ROM (to get updates) results in bricked phones. so de-Amazon'd G4 owners with locked bootloader are stuck. we may not be able to install the Nougat update.
HKSpeed said:
be aware that Amazon G4 owners (me included) who used RootJunky's Amazon debloating method cannot receive updates. attempts to flash the stock Amazon ROM (to get updates) results in bricked phones. so de-Amazon'd G4 owners with locked bootloader are stuck. we may not be able to install the Nougat update.
Click to expand...
Click to collapse
Damn. We really need to figure out a way to root this device without unlocking the bootloader.
Ditto on this thread! ... Love my G4 play but not the AMAZON bloatware, want to delete it! ... Please help us get rid of this waste of space...
A.Fitz said:
Damn. We really need to figure out a way to root this device without unlocking the bootloader.
Click to expand...
Click to collapse
That won't happen no matter how hard you figure. It was done on the older Qualcomm chipsets and since then the RSA key has been beefed up to the point that if someone could break what they call the Qfuse and unlock the phone, they would be doing a lot more than just unlocking phones. There have been lame attempts in the near past that didn't go well for those trying so don't count on unlocking the bootloader without Amazon's or Lenovo's blessings.
This is now working (ended up not having to affect the systemui files, it was even simpler).
I am thinking about rolling up the solution into an apk so you guys can run it easily.
This thread seems pretty dead though. Anyone interested in an apk?
Still Interest
Hey...like me, I'm sure there is a lot of interest if there is a workable method to unlock the boot loader.
tnx...
ledothis said:
This is now working (ended up not having to affect the systemui files, it was even simpler).
I am thinking about rolling up the solution into an apk so you guys can run it easily.
This thread seems pretty dead though. Anyone interested in an apk?
Click to expand...
Click to collapse
ksdst1 said:
Hey...like me, I'm sure there is a lot of interest if there is a workable method to unlock the boot loader.
tnx...
Click to expand...
Click to collapse
Removing ads and unlocking the bootloader are two completely different things. The bootloader on the Amazon phone will never be unlocked until Amazon allows it.
YEs! Show me how....
ledothis said:
This is now working (ended up not having to affect the systemui files, it was even simpler).
I am thinking about rolling up the solution into an apk so you guys can run it easily.
This thread seems pretty dead though. Anyone interested in an apk?
Click to expand...
Click to collapse
I"M INTERESTED IN UNDERSTANDING HOW YOU DID IT, yes!
graboz said:
I"M INTERESTED IN UNDERSTANDING HOW YOU DID IT, yes!
Click to expand...
Click to collapse
check out the link in the original post. He works through it over there.
As the title states, my friend who has the new 2019 SHIELD TV Pro at his home wants to dump the OS so that developers can take a peek and figure out how the new AI Upscaling works, and if it is portable to the older shields. Thanks for any help.
Developers are already trying to figure this out.
SkOrPn said:
As the title states, my friend who has the new 2019 SHIELD TV Pro at his home wants to dump the OS so that developers can take a peek and figure out how the new AI Upscaling works, and if it is portable to the older shields. Thanks for any help.
Click to expand...
Click to collapse
Hi, is he able to unlock bootloader with fastboot? There is a twrp he could use to dump it. Thanks for offering, will be useful.
EDIT: What exactly do you have? He is currently ready to try adb and fastboot commands, but he is currently in the middle of looking for a cable and to position a PC close enough to his shield, lol
No, he hasn't done anything like that yet. He has been waiting for me to get proper instructions on the entire process. I will walk him through the adb setup and see if he can get into the bootloader soon.
Thanks for the offer, I will let him know asap. He lives in the UK and I in the US so we're 7 hours apart. But at least it's a Saturday, lol.
SkOrPn said:
EDIT: What exactly do you have? He is currently ready to try adb and fastboot commands, but he is currently in the middle of looking for a cable and to position a PC close enough to his shield, lol
No, he hasn't done anything like that yet. He has been waiting for me to get proper instructions on the entire process. I will walk him through the adb setup and see if he can get into the bootloader soon.
Thanks for the offer, I will let him know asap. He lives in the UK and I in the US so we're 7 hours apart. But at least it's a Saturday, lol.
Click to expand...
Click to collapse
Enable adb in developer settings and run `adb reboot-bootloader`.
A fastboot menu should show, use the power button to navigate and select unlock bootloader.
The device will be wiped and the bl will be unlocked.
Then boot into fastboot again and run `fastboot boot <twrp img I pm you>`
OK, I forgot about the wiping part. Good chance he might bail now, but we''ll see. Lol
EDIT: OK, he has no plan to bail on this process, but he can't find his A to A cable. So he just ordered it from Amazon. Will come back when he receives it. He ordered the UGREEN USB 3.0 cable below, so I hope that will work.
https://www.amazon.co.uk/dp/B00P0E39CM
SkOrPn said:
OK, I forgot about the wiping part. Good chance he might bail now, but we''ll see. Lol
EDIT: OK, he has no plan to bail on this process, but he can't find his A to A cable. So he just ordered it from Amazon. Will come back when he receives it. He ordered the UGREEN USB 3.0 cable below, so I hope that will work.
https://www.amazon.co.uk/dp/B00P0E39CM
Click to expand...
Click to collapse
i dont see why it wouldnt work lol.. its a to a..
elliwigy said:
i dont see why it wouldnt work lol.. its a to a..
Click to expand...
Click to collapse
We were questioning if it being 3.0 was an issue or not. Most if not all people I know of used 2.0 cables for adb. But he wanted to buy the 3.0 version for several valid reasons.
Hope this goes well
bylaws said:
Enable adb in developer settings and run `adb reboot-bootloader`.
A fastboot menu should show, use the power button to navigate and select unlock bootloader.
The device will be wiped and the bl will be unlocked.
Then boot into fastboot again and run `fastboot boot <twrp img I pm you>`
Click to expand...
Click to collapse
I never received that special TWRP that you have. I have the official one and the one from the 2017/2015 models in the older shield forums. Are you speaking about one of those?
EDIT: Never mind, as soon as he unlocked it, it disabled Dolby Vision which is the reason he purchased it in the first place. As soon as he re-locked the bootloader Dolby Vision came back. VERY interesting find. This means that the Dolby Vision license that NVIDIA purchased had a stipulation that it could not be enabled on unlocked devices. Makes sense. He is doing a TWRP backup at the moment, but we still don't know how to dump the OS proper. He is trying my twrp image that I use for my 2015 shield TV.
https://forum.xda-developers.com/showpost.php?p=80769929&postcount=312
Is that the one that booted?
Worst case, should be able to dd the images from /dev/block/platform. But the twrp backup is just a tar file, so should be able to extract stuff from there too.
Fwiw, I'm going to continue doing twrp and such support for these newer device in the same thread as the older devices.
SkOrPn said:
I never received that special TWRP that you have. I have the official one and the one from the 2017/2015 models in the older shield forums. Are you speaking about one of those?
EDIT: Never mind, as soon as he unlocked it, it disabled Dolby Vision which is the reason he purchased it in the first place. As soon as he re-locked the bootloader Dolby Vision came back. VERY interesting find. This means that the Dolby Vision license that NVIDIA purchased had a stipulation that it could not be enabled on unlocked devices. Makes sense. He is doing a TWRP backup at the moment, but we still don't know how to dump the OS proper. He is trying my twrp image that I use for my 2015 shield TV.
Click to expand...
Click to collapse
Thx for that valuable information! ....This sucks big time...no unlocked bootloader means no magisk thus no root.
I had small hopes that dolby vision passtrough would be possible on my 2017 model by porting the new 2019 firmware to it (theoretically dolby vision is possible on 2017 model from a hardware perspective) but until now I thought I could sell my 2017 model, get a 2019 one, root it through magisk and have dolby vision.
No dolby vision on a magisk rooted 2019 model is an absolute dealbreaker for me
I'm not happy how nvidia handeled this....I'd even pay a small amount to enable/unlock dolby vision somehow on my 2017 model..
I mean there had to be a better way. Like, get the amount of wanted dolby vision licenses, order x dolby vision licenses and then sell them for x$ to 2017 and 2015 owners.
Yeah agreed. The 2019 now looks like the worst of all the shield TV models to me, except for Dolby Vision. Sheer unadulterated 100% pure money grab by Nvidia. I won't be downgrading my shield hardware just for Dolby vision. Instead I'm going to hold out hope that these 2019 features somehow makes their way to the earlier models.
SkOrPn said:
Yeah agreed. The 2019 now looks like the worst of all the shield TV models to me, except for Dolby Vision. Sheer unadulterated 100% pure money grab by Nvidia. I won't be downgrading my shield hardware just for Dolby vision. Instead I'm going to hold out hope that these 2019 features somehow makes their way to the earlier models.
Click to expand...
Click to collapse
It is potentially possible to restore Dolby vision as it seems to be done in software (as it comes back when bl relock). A dump would be really helpful (see what steel01 said above)
bylaws said:
It is potentially possible to restore Dolby vision as it seems to be done in software (as it comes back when bl relock). A dump would be really helpful (see what steel01 said above)
Click to expand...
Click to collapse
Would be really good to see a full dump of the 2019 non PRO model too, being that it's 32-bit
The Shield Tablet needs some love...
Stickman89 said:
Would be really good to see a full dump of the 2019 non PRO model too, being that it's 32-bit
The Shield Tablet needs some love...
Click to expand...
Click to collapse
we have managed that, steel01 is working on porting it with the new blobs
a 64 bit one would still be useful though
bylaws said:
we have managed that, steel01 is working on porting it with the new blobs
a 64 bit one would still be useful though
Click to expand...
Click to collapse
Yeah I knew he intended on working on it; I spoke with him 2 weeks back. Well that's great news, he's got the new 32-bit blobs! That wasn't a thing when we spoke, he was still looking to acquire them.
Looks like I have to play catch up, admittedly I've been busy. Thanks for the update.
Best Regards,
bylaws said:
we have managed that, steel01 is working on porting it with the new blobs
a 64 bit one would still be useful though
Click to expand...
Click to collapse
Assuming root was needed, how the hell do we flash firmware in fastboot now on SIF model!? I been going crazy all weekend lol
elliwigy said:
Assuming root was needed, how the hell do we flash firmware in fastboot now on SIF model!? I been going crazy all weekend lol
Click to expand...
Click to collapse
By soldering a usb port to the internal usb header, hopefully there will be an alternative in the future though
If still needed I have a dump(DD) of recovery, boot, system and vendor if someone needs it. I also have the OTA zip file from last hotfix 8.1.1 which was pushed a few days ago.
I'm still having trouble with rooting the shield 2019 pro I'm able to get twrp working with the twrp experimental version but ones started it can not find system. Since it's nod defined in /proc/mounts.
Tried pachting the boot.img from the Ota zip file but keeps hanging on the Nvidia logo.
Will upload a file to Google drive.