Related
In this thread I intend to give some basic insight about these two concepts, which are closely entwined with our phone's experience. I'm not a tech guy, but I think this little summary might clear some doubts for people who are new to this kind of issues (people who come from other non-Android phones especially). All feedback is welcome, in particular the one of people who can expand the topic with their knowledge.
"Root" is the common way to refer to the fact to the user account which has superuser rights on the device. Superuser rights imply full control over your phone's capacities, which are determined by the software and the hardware of the device. Non-superuser accounts have limitations, usually established for the sake of software security (for example, not allowing a user to disable critical functions such as phone or GPS), hardware safety (not allowing to change the processor's frequency speed, aka overclocking the CPU) or, in some cases, for someone's profit (disabling wi-fi tethering is a typical one as users are forced to buy data plans in order to use their devices to tether). In Android's case, Superuser is composed of an app* and a set of instructions to give this app root rights.
The bootloader is a program which accesses the internal storage and, basically, controls the loading of the programs and data necessary to initiate the sequence of launching the OS (aka booting, thus the name bootloader). We say that a bootloader is locked when it is programmed in such a way that it won't allow to load the device if it detects data from third-party sources. Unlocked bootloaders do allow these data and will load what these data contain, which will be usually a modified version of the phone's firmware, known as "Custom ROM".
As we can see, there was the fear that one would need to have unlocked bootloaders (i.e the ability to load third-party data in the booting sequence) in order to gain root rights. This would have been terribly inconvenient because only a minority of users will have unlocked bootloaders, since the phones with unlocked bootloaders by default are the ones sold carrier-unlocked. Said carrier-free phones will be a minority as the phone is pretty expensive: most Xperia Plays will be sold using carrier subsidies.
However, our fellow member Chainfire found an exploit (a programming loophole) in Gingerbread which allows said app and instructions to be loaded without the need of touching the bootloaders. Basically, his Gingerbreak program allows the user to have root rights without loading any bootloader-sensitive data. This widens the possibilities for the majority of users who will buy this phone with a subsidy.
*edit 3* Later on, it has become possible to unlock the bootloader even for SIM-locked devices, thanks to different unlockers like Alejandrissimo and Jinx13. This means that, provided that you pay what they charge, you can have your device set up without the bothers of having to buy a SIM-free phone. What's better: their method of unlocking the bootloader SIM-unlocks the phone as well.
I think this is more or less a succint framework of ideas which allows us to define "root" and "unlocked bootloaders" properly. As they say, knowing is half the battle, so I hope this nugget of information allows users to deal with their phones with more confidence.
*edit* as of version 2.3.3, this information has changed. Gingerbreak doesn't work with 2.3.3 anymore, and it seems now that the only way to root with locked bootloaders is to flash a 2.3.2 rom with FlashTool and update through OTA.
*edit2* note that this explanations pertains mostly to the Xperia Play. Other devices are NAND-locked, which means for us that they need unlocked bootloaders to even get root access.
*Note that Android is built in such a way that every app is a user account with limited rights (the ones specified before you download it). Thus, Superuser is a user account as any other app and the set of instructions is meant to give this user account root rights.
Thank you! This was very helpful in clarifying some things.
"As we can see, there was the fear that one would need to have unlocked bootloaders (i.e the ability to load third-party data in the booting sequence) in order to gain root rights. This would have been terribly inconvenient because only a minority of users will have unlocked bootloaders, since the phones with unlocked bootloaders by default are the ones sold carrier-unlocked. Said carrier-free phones will be a minority as the phone is pretty expensive: most Xperia Plays will be sold using carrier subsidies"
by carrier unlocked do you mean sim unlocked? sorry 4 noob question
Indeed, that is what I mean.
Logseman said:
Indeed, that is what I mean.
Click to expand...
Click to collapse
Alright, I asked this question and it was answered, but I want to make sure before I try anything.
I just found out from SE that my phone is the Rogers version. It's obviously been unlocked because I'm using it on AT&T.
What I don't know, though, is whether the bootloader is unlocked. Another member recommended that I check TrackID to see if it worked because it depends on the manufacturer DRM's that are wiped in unlocking the bootloader. It did work, so I assume it's still locked, but I wanted to confirm because of being carrier unlocked.
Sent from my R800a using XDA App
If TrackID works, your bootloader is locked, regardless of simlock.
I have a Sim-Unlocked Xperia Play from Rogers that I am using on ATT's network. My phone is boot-locked. When powered off, if I hold the search key while plugging in the USB cable, I do not get a blue light.
I was able to flash the firmware by holding the back key while plugging in the usb cable (with the phone off). I get a green light when I do this. Using flashtool, I was able get 2.3.3 rooted by loading the 2.3.2 firmware, rooting, and then updating OTA.
I bricked my phone several times while loading the firmware and each time I was able to fix it with flashtool or Sony Ericsson's Upgrade Utility. I found that you need a good USB cable, and even then it failed sometimes. I just kept trying and eventually it worked.
We wanted to provide an update on HTC’s progress with bringing bootloader unlocking to our newest phones. We know how excited some of you are for this capability, and we’ve put significant resources behind making this change as soon as possible. While we wish we could flip a simple switch and unlock all bootloaders across our device portfolio, this is actually a complex challenge that requires a new software build and extensive testing to deliver the best possible customer experience.
We’re thrilled to announce today that software updates to support bootloader unlocking will begin rolling out in August for the global HTC Sensation, followed by the HTC Sensation 4G on T-Mobile USA and the HTC EVO 3D on Sprint. We’re in the testing phase for the unlocking capability now, and we expect it to be fully operational by early September for devices that have received the software updates. We'll continue rolling out the unlocking capability over time to other devices as part of maintenance releases and new shipments.
HTC continues its commitment to unlocking bootloaders and supporting the developer community. Because of the importance of this community to us, please expect an update on this about every few weeks as we make progress toward launch. Thank you for your patience and continued support!
(they claim it will come to only two devices for starters the EVO 3D and the Sensation 4G and then it will slowly rollout to other devices that already have 2.3 or enough internal memory on them, this will all start in last August an early September for the first two droids listed... and others will soon follow suit, the only question is do you want you bootloader to come unlocked stock? Or will you buy it locked and be able to sit around and wait for your device to get an update to do so?? LOL
thats why my phone couldnt flash back to 2.3.2..(?)
I live in singapore.. phones are not carrier specific.. so does that mean my BL was unlocked even before I used gingerbreak?
I know this doesnt pertain to the play per se, but maybe you should add that, with nand locked devices, an unlocked bootloader is required to acheive full root, just incase someone with another device googles this question and ends up here
pros and cons of unlocked bootloader
Pros/Cons of rooting WITHOUT unlocking bootloader?
Since being interested in rooting my N1 I've been googling a lot but it's still somewhat confusing. One of the things that's making me hesitent is the idea of permanently (as of the date of this post) unlocking the phone and thus clearly/visibly voiding the warranty.
I've recently stumbled upon instructions for rooting without unlocking the bootloader? Am I correct in assuming this would make the phone appear (no unlock icon) to be unmodified? Also, does this mean one could fully reverse the rooting process and go back to fully stock google signed roms with OTA updates etc (essentially reverting it back as if it were never modified)?
It would seem this would be preferable to any method involving the unlocking of the bootloader. Are there any disadvantages of this? Any increased risks by NOT unlocking the bootloader? Is there a reason why most people have gone the rout of unlocking the bootloader?
My plan is simply to have root access to run setcpu on the stock FRF91 rom. As of now, I'm not interested in other ROMs (baby steps).
tommyinhi27 said:
Pros/Cons of rooting WITHOUT unlocking bootloader?
Since being interested in rooting my N1 I've been googling a lot but it's still somewhat confusing. One of the things that's making me hesitent is the idea of permanently (as of the date of this post) unlocking the phone and thus clearly/visibly voiding the warranty.
I've recently stumbled upon instructions for rooting without unlocking the bootloader? Am I correct in assuming this would make the phone appear (no unlock icon) to be unmodified? Also, does this mean one could fully reverse the rooting process and go back to fully stock google signed roms with OTA updates etc (essentially reverting it back as if it were never modified)?
It would seem this would be preferable to any method involving the unlocking of the bootloader. Are there any disadvantages of this? Any increased risks by NOT unlocking the bootloader? Is there a reason why most people have gone the rout of unlocking the bootloader?
My plan is simply to have root access to run setcpu on the stock FRF91 rom. As of now, I'm not interested in other ROMs (baby steps).
Click to expand...
Click to collapse
The N1 is made by HTC, generaly with htc devices, flashing a stock rom, will re-lock the bootloader, If you decide just to root, you will need a custom kernel before you can O/C All that unlocking the bootloader does is 2 things, It will security unlock the nand (on nand locked devices) allowing r/w access to read only partitions, and it allows you to issue fastboot commands to your device, the main reason alot of play owners went down the unlocking the bootloader path, is that atm it is the only way to flash custom roms other devices, have found sneaky ways to push a custom recovery without unlocking bootloaders, and thus do not need one to flash a custom rom
AndroHero said:
I know this doesnt pertain to the play per se, but maybe you should add that, with nand locked devices, an unlocked bootloader is required to acheive full root, just incase someone with another device googles this question and ends up here
Click to expand...
Click to collapse
I'm not too knowledgeable about the whole Nand thing, so I think you could give a much better explanation about it. I'll include it then
whoa whoa whoa!!!! i achieved root on 2.3.3 with no prob using superoneclick v2.3.3. it works beautifully!
Yes, but you're replying to a thread that's 8 months out of date too!
Sent from my R800x using XDA
Lol. I know, but I've been trolling the site, and I think it may need a bit of new info so someone doesn't follow the steps here now that a better method has been found.
Sent from my R800at using XDA
isavegas said:
Lol. I know, but I've been trolling the site, and I think it may need a bit of new info so someone doesn't follow the steps here now that a better method has been found.
Sent from my R800at using XDA
Click to expand...
Click to collapse
why not just stop bumping heavily old threads? then they can rest in piece
and nobody would care
the information thatit's outdated is alreada given in 1st post.
u also could ask a mod to close this as its outdated...
Hey, this thread may be outdated, but it's not my fault if someone necros old threads. Just let it die.
question
can i flash custom roms in a locked bootloader?
yes
big txmer said:
can i flash custom roms in a locked bootloader?
Click to expand...
Click to collapse
only stock gb ones nothing else
Hi, in an attempt to unlock Wifi Tethering capability on my phone, I installed [G900F]CyanogenMod 14.0-20161020-UNOFFICIAL-klte, and now I'm unable to make phone calls or use SMS/MMS.
Is there anything I can try to get service back?
I've tried installing a new modem with no success, using Odin, FlashFire, Terminal Server. I'm not confident I was doing it correctly though, or even if I was using the correct modem files.
I was able to root the phone with Stock firmware, but Mobile Hotspot/Wifi Tether wasn't built-in, and I had no success with any of the apps... FoxFi, Wifi Tether Router, Barnacle Wifi.
Some more information on the phone:
It's the StraightTalk variant made for TotalWireless MVNO. The phone's Stock firmware said it was the S902L Samsung S5 variant, but under the battery FCC ID of the device is actually just a G900V. I took it to the Verizon MVNO PagePlus and they were able to activate the phone, and everything was working perfect, until installing CM14.0.
A roadblock I found out, that might be the root of some of the problems, is the phone may not have the ability to unlock the bootloader, possibly limiting some modding methods. When looking at /sys/block/mmcblk0/device/cid, it starts with 11, designating a Toshiba eMMC chip.
I'll take any suggestions, or alternatives... I don't mind using the stock firmware or any other Roms. The main feature I'd like to have is the ability to use Wifi Tether and the basics, make calls, send sms.
Thank you.
I know this is off topic, but how in the world did you get CM14 running on G900V-CID11?
leotakacs said:
I know this is off topic, but how in the world did you get CM14 running on G900V-CID11?
Click to expand...
Click to collapse
I'm not entirely sure, but someone had an idea they mentioned to me, that it might've been possible to get CM installed from a very outdated Android version, from before CID 11 was locked. The previous stock Android version the phone came installed with was 4.4.2. It was the StraightTalk variant made for TotalWireless MVNO. The phone's Stock firmware said it was the S902L Samsung S5 variant, but under the battery FCC ID of the device is actually just a G900V.
You will not be able to run any version of Cyanogen on your Toshiba S5 properly. Your best course would be to install FlashFire from the play store and use it to install a TouchWiz ROM such as Moar (5.0) or Phoenix (6.0).
TechFellow1 said:
I'm not entirely sure, but someone had an idea they mentioned to me, that it might've been possible to get CM installed from a very outdated Android version, from before CID 11 was locked. The previous stock Android version the phone came installed with was 4.4.2. It was the StraightTalk variant made for TotalWireless MVNO. The phone's Stock firmware said it was the S902L Samsung S5 variant, but under the battery FCC ID of the device is actually just a G900V.
Click to expand...
Click to collapse
no, no, no. don't listen to any of these other people. if your phone boots CM14 then your bootloader is unlocked. this has nothing to do with bootloaders. you installed the wrong ROM for your phone. CM14-kltevzw is the correct variant for your phone, not CM14-klte.
see here:
https://archive.org/download/cmarchive_nighlies/cm-14.1-20161225-NIGHTLY-kltevzw.zip
Hariiiii said:
no, no, no. don't listen to any of these other people. if your phone boots CM14 then your bootloader is unlocked. this has nothing to do with bootloaders. you installed the wrong ROM for your phone. CM14-kltevzw is the correct variant for your phone, not CM14-klte.
see here:
https://archive.org/download/cmarchive_nighlies/cm-14.1-20161225-NIGHTLY-kltevzw.zip
Click to expand...
Click to collapse
He said his phone has a CID11 Toshiba chip. @OP, are you positive you have a Toshiba chip (11)?
leotakacs said:
He said his phone has a CID11 Toshiba chip. @OP, are you positive you have a Toshiba chip (11)?
Click to expand...
Click to collapse
It doesn't matter. He is on a straight talk phone. The bootloader is unlocked by default. The firmware is different.
Hariiiii said:
It doesn't matter. He is on a straight talk phone. The bootloader is unlocked by default. The firmware is different.
Click to expand...
Click to collapse
generally correct. best way to know would be to take a cid 11 based device, and flash twrp same way you would cid 15.
as far as i know though, most straight talk phones i see at work that i've repaired software wise have had unlocked bootloaders... which makes recovering/backing up files a breeze lol
KaptinBoxxi said:
generally correct. best way to know would be to take a cid 11 based device, and flash twrp same way you would cid 15.
as far as i know though, most straight talk phones i see at work that i've repaired software wise have had unlocked bootloaders... which makes recovering/backing up files a breeze lol
Click to expand...
Click to collapse
I think that is correct. Here's the final solution I came up with and everything's working perfectly now.
I flashed the kltevzw 14 version with TWRP and had no luck getting service, then I tried flashing the kitkat factory ROM with ODIN to see if that would fix it, but ODIN failed after many attempts. Finally I flashed with the lower but stable release kltevzw CM13, instead of the nightly, and everything worked again. I'm thinking I must be extremely lucky to have gotten a Straight Talk S5 variant with an unlocked bootloader, but it's interesting that even though my CID definitely starts with 11, the bootloader is unlocked. Not all hope is lost on CID 11 S5's.
TechFellow1 said:
I think that is correct. Here's the final solution I came up with and everything's working perfectly now.
I flashed the kltevzw 14 version with TWRP and had no luck getting service, then I tried flashing the kitkat factory ROM with ODIN to see if that would fix it, but ODIN failed after many attempts. Finally I flashed with the lower but stable release kltevzw CM13, instead of the nightly, and everything worked again. I'm thinking I must be extremely lucky to have gotten a Straight Talk S5 variant with an unlocked bootloader, but it's interesting that even though my CID definitely starts with 11, the bootloader is unlocked. Not all hope is lost on CID 11 S5's.
Click to expand...
Click to collapse
Are you able to dump your boot and bootloader partitions somehow? The "dd" command from adb shell somehow?
Couldnt we just use a diff program to compare yours with one of the Locked 11's?
TechFellow1 said:
I think that is correct. Here's the final solution I came up with and everything's working perfectly now.
I flashed the kltevzw 14 version with TWRP and had no luck getting service, then I tried flashing the kitkat factory ROM with ODIN to see if that would fix it, but ODIN failed after many attempts. Finally I flashed with the lower but stable release kltevzw CM13, instead of the nightly, and everything worked again. I'm thinking I must be extremely lucky to have gotten a Straight Talk S5 variant with an unlocked bootloader, but it's interesting that even though my CID definitely starts with 11, the bootloader is unlocked. Not all hope is lost on CID 11 S5's.
Click to expand...
Click to collapse
Delgoth said:
Are you able to dump your boot and bootloader partitions somehow? The "dd" command from adb shell somehow?
Couldnt we just use a diff program to compare yours with one of the Locked 11's?
Click to expand...
Click to collapse
No, all hope IS lost on CID 11's. You have a different phone provided by a different company. It is loaded with a different software and hardware configuration. There is no bootloader signature verification. Yes, the configuration is very similar to that of a G900V, but the bootloader comes unlocked. This is phone specific. This has no value for an actual G900V.
Hariiiii said:
No, all hope IS lost on CID 11's. You have a different phone provided by a different company. It is loaded with a different software and hardware configuration. There is no bootloader signature verification. Yes, the configuration is very similar to that of a G900V, but the bootloader comes unlocked. This is phone specific. This has no value for an actual G900V.
Click to expand...
Click to collapse
well if that's correct, then why does the dev edition bootloader work on the non-dev edition? Sure, its still a g900v, but never hurts to find a way and try
a little optimism can go a long way in life. don't think so negatively
KaptinBoxxi said:
well if that's correct, then why does the dev edition bootloader work on the non-dev edition? Sure, its still a g900v, but never hurts to find a way and try
a little optimism can go a long way in life. don't think so negatively
Click to expand...
Click to collapse
I say this because I have tried it and I know how it works. A bootloader needs to have the right signature that is recognized by the hardware. The reason the dev edition bootloader works on non dev edition is because they are the same phone, but with different bootloaders installed. The signature of the straight talk bootloader will not be recognized by the G900V hardware. Again, I have confirmed this personally. The straight talk is almost the same hardware as the verizon G900V, but it does not have bootloader signature verification enabled (and the bootloader that comes installed is unsecured).
Hariiiii said:
I say this because I have tried it and I know how it works. A bootloader needs to have the right signature that is recognized by the hardware. The reason the dev edition bootloader works on non dev edition is because they are the same phone, but with different bootloaders installed. The signature of the straight talk bootloader will not be recognized by the G900V hardware. Again, I have confirmed this personally. The straight talk is almost the same hardware as the verizon G900V, but it does not have bootloader signature verification enabled (and the bootloader that comes installed is unsecured).
Click to expand...
Click to collapse
alright, that makes sense. Thanks for explaining. Always interested in these things since i don't QUITE understand exploits at that level. I do mainly apk modifications and software dev
KaptinBoxxi said:
well if that's correct, then why does the dev edition bootloader work on the non-dev edition? Sure, its still a g900v, but never hurts to find a way and try
a little optimism can go a long way in life. don't think so negatively
Click to expand...
Click to collapse
because you don't have a clue about how the CID exploit works
the reason you can flash the dev aboot on a CID15 is because you can change the CID to match that of a dev edtion aboot checks the CID to see if a device as a dev edtion or not
the CID is a sort of serial number for the flash-chip and normally its write once and then read only value ,but because samsung was sloppy we can use some custom Samsung NAND vendor commands to change it so secure-boot thinks you have a dev editon and permits the flashing of a unsigned image
this is flat not possible on CID11 devices(toshiba NAND) there is no hope for cid11 devices with this method the commands needed simply do not exist PERIOD
Legitsu said:
because you don't have a clue about how the CID exploit works
the reason you can flash the dev aboot on a CID15 is because you can change the CID to match that of a dev edtion aboot checks the CID to see if a device as a dev edtion or not
the CID is a sort of serial number for the flash-chip and normally its write once and then read only value ,but because samsung was sloppy we can use some custom Samsung NAND vendor commands to change it so secure-boot thinks you have a dev editon and permits the flashing of a unsigned image
this is flat not possible on CID11 devices(toshiba NAND) there is no hope for cid11 devices with this method the commands needed simply do not exist PERIOD
Click to expand...
Click to collapse
I understand plenty enough to know the difference in the flash chips cid's with such like that... The fact of the matter i was trying to get at is that most Straight Talk phones are unlocked entirely without a care in the world, regardless of their CID/branding. Without the proper commands and 3rd party support, I get that there won't be a way. That's why I check my CID's first before buying S5's or Note 4's
Is it even remotely possible to unlock the bootloader? I would love to install a custom recovery and a custom ROM.
Thanks.
Not possible currently, probably never will.
Until someone at Samsung decides to give the keys to the bootloader, it will remain locked.
(Pssst, hey Samsung Developer, there is a fame and fortune for your leak. :angel: )
I vouch 400$ for unlocked bootloader and emotion/lineage os
If S6 is anything to judge by, the chances for an unlocked bootloader are slim at best.
The only reason I would love an unlocked bootloader is to be able to root the stock OS and not have to use an engineering kernel. Otherwise, I tend to run rooted stock on my devices until they get too out of date.
Unfortunately, that means when this S7 Edge becomes obsolete, that will be the end of the line.
No one is even attempting it. With most phones now root / unlocked bootloader is a thing of the past. If you want those feature it'd be best to get a Pixel or a 1+. The rest of the phone will kill all of that in the next year.
The last good for rooting phone from Samsung was the Note 4 and even that was only the Tmobile variant. As Samsung and Android pay roll out internationally it will get killed off over seas too.
Unless a new crop of Android hackers pop-up to replace all the devs who used to roit/unlock the phones rooting and flashing is dying
ShrekOpher said:
No one is even attempting it. With most phones now root / unlocked bootloader is a thing of the past. If you want those feature it'd be best to get a Pixel or a 1+. The rest of the phone will kill all of that in the next year.
The last good for rooting phone from Samsung was the Note 4 and even that was only the Tmobile variant. As Samsung and Android pay roll out internationally it will get killed off over seas too.
Unless a new crop of Android hackers pop-up to replace all the devs who used to roit/unlock the phones rooting and flashing is dying
Click to expand...
Click to collapse
I'm not sure I would go that far. Sure, Samsung has locked their phones down like nuts, but there are still plenty of developments on other devices. The Sunshine team has managed to S-off every HTC flagship from the M8 on, along with a reasonably sold list of Moto devices. If you aren't on Verizon/AT&T you can skip the hack by going to HTCDev. Too bad HTC has gone absolutely bonkers on their own devices...
The LG V20 folks got "lucky" with Dirty Santa (though I wouldn't touch that mess with a 10 foot pole since your warranty is going to be void at the same time LG is getting sued over boot looping phones). Still, if you manage to get lucky, you can load custom ROMs on that device, and it's a true flagship.
Other devices seem to either have unlockable (through a web-site) bootloaders or have proven relatively easy to mod/root.
One day root may be a thing of the past unless you can find a dev phone, but I don't think we are quite there yet. That, and there will always likely be leaked dev kernels.
Few things:
-Is there any work still being done to get the bootloader unlocked? This dev thread no longer seems to be only devs, rather a bunch of "+1s", "thanks", and "tweet posts". All great posts, but not dev related.
- All devs on this thread are without a doubt better than I regarding android roms, unlocking, etc, but thought id throw a few ideas it here. (Im new to this type of dev). Maybe i can provide new hope? I just recently got the s7 and found out the hard way the current status woth no way to get custom roms. I know the chain of trust, verity, etc are a major buzzkill, but parts have all been hacked before so we can't Judy throw in the towel, can we?!
- http://newandroidbook.com this has a lot of good material, this guy is a genius, too bag he isn't working on this! (Download the book there & supplements).
Couple of actual ideas:
-He mentions in the book, with root you should be able to modify parts of partitions. Add long as you don't modify the entire partition it wont check for integrity on startup. Now that root exists, is Amy of this possible, to modify three partitions and unlock the bootloader?
- He also talks about how the chain of trust works using signed keys, and where to find these keys in the actual image file; since we know exactly where the keys are, and what's expected, can't we fake it with a custom image using a binary editor? He (in that link) also refers to his free tools to inspect, etc.
Remember when wet push via odin the phone isn't online so had no way to verify via internet if something is in fact legit. Hacks happen all the time with fake digital signatures and keys, certs, etc.
- In other words, now that root exists in the engineering kernel, Im thinking new doors have opened.
Thoughts? Hope?!
It's not happening.
diligent7771 said:
Few things:
-Is there any work still being done to get the bootloader unlocked? This dev thread no longer seems to be only devs, rather a bunch of "+1s", "thanks", and "tweet posts". All great posts, but not dev related.
- All devs on this thread are without a doubt better than I regarding android roms, unlocking, etc, but thought id throw a few ideas it here. (Im new to this type of dev). Maybe i can provide new hope? I just recently got the s7 and found out the hard way the current status woth no way to get custom roms. I know the chain of trust, verity, etc are a major buzzkill, but parts have all been hacked before so we can't Judy throw in the towel, can we?!
- http://newandroidbook.com this has a lot of good material, this guy is a genius, too bag he isn't working on this! (Download the book there & supplements).
Couple of actual ideas:
-He mentions in the book, with root you should be able to modify parts of partitions. Add long as you don't modify the entire partition it wont check for integrity on startup. Now that root exists, is Amy of this possible, to modify three partitions and unlock the bootloader?
- He also talks about how the chain of trust works using signed keys, and where to find these keys in the actual image file; since we know exactly where the keys are, and what's expected, can't we fake it with a custom image using a binary editor? He (in that link) also refers to his free tools to inspect, etc.
Remember when wet push via odin the phone isn't online so had no way to verify via internet if something is in fact legit. Hacks happen all the time with fake digital signatures and keys, certs, etc.
- In other words, now that root exists in the engineering kernel, Im thinking new doors have opened.
Thoughts? Hope?!
Click to expand...
Click to collapse
I have to agree with Kcodya. With the S8 coming out very soon, I am sure the Devs are not really that concerned with the S7 and unlocking the bootloader. I have read a lot of posts about the very issue and anyone and everyone that has been working on this has dropped it or no longer working on it. Look at the S6. It is still without an unlocked bootloader.
I agree with you about the EngImg and I guess at the present time, that is about all we have to work with. I have settled with it and am happy at least to have root privileges.
But we can still hope...
If Samsung ever gets off their hindquarters and updates the unlocked version of the S7/S7 Edge to Nougat, rooted stock will probably be optimal anyway. I know this is XDA, and people love to mod with whole ROMs, but OEM ROMs have improved dramatically over the years. This isn't the era of requiring CM (or LineageOS now) just to have a functional device like it was during the Gingerbread era.
Unfortunately, Samsung isn't likely to ever sell developer friendly phones again, so if you are a developer or like beta testing ROMs, this isn't your device. There are too many options that are trivial to unlock and develop on for anyone to spend too much effort bucking Samsung on their lockdown strategy.
diligent7771 said:
Few things:
-Is there any work still being done to get the bootloader unlocked? This dev thread no longer seems to be only devs, rather a bunch of "+1s", "thanks", and "tweet posts". All great posts, but not dev related.
- All devs on this thread are without a doubt better than I regarding android roms, unlocking, etc, but thought id throw a few ideas it here. (Im new to this type of dev). Maybe i can provide new hope? I just recently got the s7 and found out the hard way the current status woth no way to get custom roms. I know the chain of trust, verity, etc are a major buzzkill, but parts have all been hacked before so we can't Judy throw in the towel, can we?!
- http://newandroidbook.com this has a lot of good material, this guy is a genius, too bag he isn't working on this! (Download the book there & supplements).
Couple of actual ideas:
-He mentions in the book, with root you should be able to modify parts of partitions. Add long as you don't modify the entire partition it wont check for integrity on startup. Now that root exists, is Amy of this possible, to modify three partitions and unlock the bootloader?
- He also talks about how the chain of trust works using signed keys, and where to find these keys in the actual image file; since we know exactly where the keys are, and what's expected, can't we fake it with a custom image using a binary editor? He (in that link) also refers to his free tools to inspect, etc.
Remember when wet push via odin the phone isn't online so had no way to verify via internet if something is in fact legit. Hacks happen all the time with fake digital signatures and keys, certs, etc.
- In other words, now that root exists in the engineering kernel, Im thinking new doors have opened.
Thoughts? Hope?!
Click to expand...
Click to collapse
WTF? Did you literally copy and paste my post from another thread?! https://forum.xda-developers.com/showpost.php?p=71604183 lol I know your intentions are great, but you should probably indicate this is a quote from the original author (me), otherwise it appears you were the one that wrote this post. Carry on...
locked bootloader
jshamlet said:
The only reason I would love an unlocked bootloader is to be able to root the stock OS and not have to use an engineering kernel. Otherwise, I tend to run rooted stock on my devices until they get too out of date.
Unfortunately, that means when this S7 Edge becomes obsolete, that will be the end of the line.
Click to expand...
Click to collapse
Hey man,i saw you online and i need help with something.
Is locked bootloader affects radio gsm,on unlocked phone by at&t if i upgraded fw and changed version of bootloader from v2 to v4?
Thank you in advance!
Man, this stinks
TomatoesOnBluRay said:
Is it even remotely possible to unlock the bootloader? I would love to install a custom recovery and a custom ROM.
Thanks.
Click to expand...
Click to collapse
It's strange that this device never got a stable root. The type of root I was looking for 7 months ago is never going to exist. Development on the root of this phone was forgotten when the S8 came out. I wish I could say the opposite, but unfortunately we couldn't develop a proper root fast enough for the inevitable growth of interest in the newest device.
TomatoesOnBluRay said:
It's strange that this device never got a stable root. The type of root I was looking for 7 months ago is never going to exist. Development on the root of this phone was forgotten when the S8 came out. I wish I could say the opposite, but unfortunately we couldn't develop a proper root fast enough for the inevitable growth of interest in the newest device.
Click to expand...
Click to collapse
It's not just that, Samsung also offers some fairly nice bonuses for not rooting and root just isn't what it used to be. The days of "this phone is completely unusable without root to fix all the broken crap" are gone.
I found that simply switching to the unlocked firmware solved 90% of the things I wanted root for in the first place, and probably another 8% were solved by judicious use of ADB and NetGuard. What little was left just wasn't enticing enough to put up with the irritations and work-arounds required for the eng-boot root. I already run Nova launcher exclusively, but even at that, the stock launcher isn't total crap anymore. On the plus side, the eng-boot root doesn't trip Knox, so you can always go back if you want.
Yeah, it's going to suck when updates for the S7 stop due to age, and it would be nice if Samsung would offer a bootloader unlock when that happens, but I suspect it will live the rest of its life with nothing more than the engineering root method.
jshamlet said:
It's not just that, Samsung also offers some fairly nice bonuses for not rooting and root just isn't what it used to be. The days of "this phone is completely unusable without root to fix all the broken crap" are gone.
I found that simply switching to the unlocked firmware solved 90% of the things I wanted root for in the first place, and probably another 8% were solved by judicious use of ADB and NetGuard. What little was left just wasn't enticing enough to put up with the irritations and work-arounds required for the eng-boot root. I already run Nova launcher exclusively, but even at that, the stock launcher isn't total crap anymore. On the plus side, the eng-boot root doesn't trip Knox, so you can always go back if you want.
Yeah, it's going to suck when updates for the S7 stop due to age, and it would be nice if Samsung would offer a bootloader unlock when that happens, but I suspect it will live the rest of its life with nothing more than the engineering root method.
Click to expand...
Click to collapse
I entirely agree with you. I haven't rooted my S7 since I tried the engineer boot, and it has been completely and totally usable. I also agree with you about installing the unlocked firmware as it removes most of the bloat that comes with the stock firmware. Root is nice, but not entirely necessary on this device.
TomatoesOnBluRay said:
I entirely agree with you. I haven't rooted my S7 since I tried the engineer boot, and it has been completely and totally usable. I also agree with you about installing the unlocked firmware as it removes most of the bloat that comes with the stock firmware. Root is nice, but not entirely necessary on this device.
Click to expand...
Click to collapse
So, where might one obtain an unlocked firmware for a G930A? I've searched high and low and have found several different f/w but they all seem to be for other versions of the G930, not the A. Tried to flash mine with one of those and got caught in an endless boot cycle, so had to go back to stock - still locked - and AT&T says the IMEI doesn't belong to them even though it plays their little tune and shows their logo and flashes their name on startup. Pretty useless to me without being able to unlock it. Thoughts or ideas?
Many thanks in advance.
Havdaddy said:
So, where might one obtain an unlocked firmware for a G930A? I've searched high and low and have found several different f/w but they all seem to be for other versions of the G930, not the A. Tried to flash mine with one of those and got caught in an endless boot cycle, so had to go back to stock - still locked - and AT&T says the IMEI doesn't belong to them even though it plays their little tune and shows their logo and flashes their name on startup. Pretty useless to me without being able to unlock it. Thoughts or ideas?
Many thanks in advance.
Click to expand...
Click to collapse
All US/Snapdragon S7s and S7 Edges are hardware identical. You can run any of the 5 variants on them with zero issue (even going between V/S and A/T). This means you can run the unbranded/unlocked firmware on any US/Snapdragon based device as long as the model number matches.
Now, SIM locks are a separate issue. You still have to go to the carrier that locked it (or one of the paid services) to get the unlock code even if you are running the U firmware because the modem firmware is entirely separate.
Havdaddy said:
So, where might one obtain an unlocked firmware for a G930A? I've searched high and low and have found several different f/w but they all seem to be for other versions of the G930, not the A. Tried to flash mine with one of those and got caught in an endless boot cycle, so had to go back to stock - still locked - and AT&T says the IMEI doesn't belong to them even though it plays their little tune and shows their logo and flashes their name on startup. Pretty useless to me without being able to unlock it. Thoughts or ideas?
Many thanks in advance.
Click to expand...
Click to collapse
The firmware for all G930 and G935 variants are interchangeable. When I refer to the unlocked firmware, I'm referring to G930U and G935U. This version can be found on the AT&T Samsung Galaxy S7 and S7 Edge forums on this site. When you install the unlocked firmware, you are not unlocking the device, just the firmware associated with the unlocked version of the phone. This means less bloatware, faster speeds, and no AT&T boot logo. Sorry for the confusion my previous comment may have caused!
Hello! I have a project that I am working on that involves a handful of Galaxy S4 devices. They were all purchased on ebay, so they are all different models with different versions of android. The goal is to get them running as close to the same software as possible.
The models that i have - as shown in the about phone settings - are
GT-I9505
GT-I9500
SGH-I337
SGH-M9194N
SGH-M919N
SGH-M919
From my understanding, all of these other than I9500 are qualcomm based and should therefore be able to run the unified jfltexx build from lineageOS. IF this is the case - and i am not ENTIRELY sure i understood all of that correctly - I am still out a build for the I9500. Are there any CM or lineageOS builds that will run on this hardware?
The i337 cannot run lineage if the bootloader is locked. I believe att locked the bootloader with the ota update for android 4.3.
The question about the I9500 and LineageOS has been seemingly asked at least once a week for the last several weeks. Unless you can provide an I9500 to a developer to develop upon, you will not see a properly functioning LineageOS build on the device.
Strephon Alkhalikoi said:
The question about the I9500 and LineageOS has been seemingly asked at least once a week for the last several weeks. Unless you can provide an I9500 to a developer to develop upon, you will not see a properly functioning LineageOS build on the device.
Click to expand...
Click to collapse
I do not have access to the devices, I just have a client who asked me some questions about the devices, and I admit that these Samsung devices confuse the hell out of me. This wasnt a "Damnit, gimme lineage now!" post, but more just me trying to get a handle on all the different models and their differences.
audit13 said:
The i337 cannot run lineage if the bootloader is locked. I believe att locked the bootloader with the ota update for android 4.3.
Click to expand...
Click to collapse
Samsung still has not provided an OEM bootloader unlock? I havent dealt with a non unlocked phone for years, so im actually asking. Is there no bootloader hacks, even a third party exploit that allows the bootloader to be reflashed?
As for the other models, if they all run a unified lineage build, how does that work with all the various carriers supported? do you have to reflash the correct radio after, or does lineage just not touch that when flashing?
I believe AT&T requested the bootloader lock as they have with the note 3, G2, etc. and there is no hack or way to unlock the AT&T s4 bootloader.
audit13 said:
I believe AT&T requested the bootloader lock as they have with the note 3, G2, etc. and there is no hack or way to unlock the AT&T s4 bootloader.
Click to expand...
Click to collapse
Great, thank you.
hi so i have a few things id like to talk about. i was wondering why it is not possible to port aosp roms to s8 snapdragon? givin its the same android version. also when i was messing around when rooting my s8 i saw that the software i had installed in the steps i went into settings and saw that i could enable oem unlock it worked and whenever i go back to that software its still enabled however i could not use any fastboot commands still. also i flashed twrp (not safe strap already have that) and now my base recovery does not show up....
kadenball said:
hi so i have a few things id like to talk about. i was wondering why it is not possible to port aosp roms to s8 snapdragon? givin its the same android version. also when i was messing around when rooting my s8 i saw that the software i had installed in the steps i went into settings and saw that i could enable oem unlock it worked and whenever i go back to that software its still enabled however i could not use any fastboot commands still. also i flashed twrp (not safe strap already have that) and now my base recovery does not show up....
Click to expand...
Click to collapse
Aosp roms requires a custom kernel to work, this requires:
1, unlocked bootloader(not possible on the snapdragon variant)
2, a custom recovery (not possible due to locked bootloader)
Just using the oem unlock option does not unlock the bootloader, more steps are required for most phones in order to unlock the bootloader, if it was that easy it would have been exploited by now, most of the guides on the snapdragon version mention that the bootloader is not unlockable.
You more than likely will need to restore the recovery through odin or something,
sofir786 said:
Aosp roms requires a custom kernel to work, this requires:
1, unlocked bootloader(not possible on the snapdragon variant)
2, a custom recovery (not possible due to locked bootloader)
Just using the oem unlock option does not unlock the bootloader, more steps are required for most phones in order to unlock the bootloader, if it was that easy it would have been exploited by now, most of the guides on the snapdragon version mention that the bootloader is not unlockable.
You more than likely will need to restore the recovery through odin or something,
Click to expand...
Click to collapse
Thanks ya I fixed it! And ya I understand there are additional steps to doing this that's why I mentioned fastboot. If you could guide me in a direction to potentially learn more about the kernals and how they work or what I would need to be good at to exploit download mode or knox whatever is required to potentially exploit the bootloader I would not give up on it im fine with wasting my time. I had recently talked to Sam help chat and they told me someone could unlock the bootloader for me (a phone company near me) I talked to a guy over the phone that said it could be possible bc they have the Samsung tools to do so but he told me to call the next day because the other tech knew more then him, so I called the next day and he said they could do it but they would get in trouble for doing so. My plan is to go in when the guy that doesn't know much is working ? and get him to unlock it. Hopefully then I could upload the software here and free the snapdragon slaves!!! If your interested in the conversations I had with Samsung and this other company I could upload the screen shots thank you for your reply!
kadenball said:
Thanks ya I fixed it! And ya I understand there are additional steps to doing this that's why I mentioned fastboot. If you could guide me in a direction to potentially learn more about the kernals and how they work or what I would need to be good at to exploit download mode or knox whatever is required to potentially exploit the bootloader I would not give up on it im fine with wasting my time. I had recently talked to Sam help chat and they told me someone could unlock the bootloader for me (a phone company near me) I talked to a guy over the phone that said it could be possible bc they have the Samsung tools to do so but he told me to call the next day because the other tech knew more then him, so I called the next day and he said they could do it but they would get in trouble for doing so. My plan is to go in when the guy that doesn't know much is working ? and get him to unlock it. Hopefully then I could upload the software here and free the snapdragon slaves!!! If your interested in the conversations I had with Samsung and this other company I could upload the screen shots thank you for your reply!
Click to expand...
Click to collapse
I've never dabbled in making kernels or anything so I'm pretty useless with that. The phone has been out for over 3 years now and as of yet there is no software method to unlock the bootloader, android devs would have figured that one out by now if it was possible, if it is possible then maybe there some extra hardware thats required to unlock the bootloader, I honestly don't know enough, I'm experienced enough to know to do certain things but I don't know the ins and out of how bootloader are coded, how the instructions are carried out. But it would defo be interesting to see if they do this for you.
sofir786 said:
I've never dabbled in making kernels or anything so I'm pretty useless with that. The phone has been out for over 3 years now and as of yet there is no software method to unlock the bootloader, android devs would have figured that one out by now if it was possible, if it is possible then maybe there some extra hardware thats required to unlock the bootloader, I honestly don't know enough, I'm experienced enough to know to do certain things but I don't know the ins and out of how bootloader are coded, how the instructions are carried out. But it would defo be interesting to see if they do this for you.
Click to expand...
Click to collapse
Ya thanks man when I talked to the inexperienced tech guy he said I could come in and we could try but I didn't want to drive there and waste my time ? but the experienced dude said I could probably find another repair place that would do it (figured it's another one of their shops he was hinting at as there are a few around me) so I will attempt to do this and hopefully some how it works and I can upload the software here not sure if flashing it would unlock anyone elses bootloaders as I expect it to be some sort of key like the HTC phones used to require and is unique to each device. When I got that oem to appear I was trying anything and everything in adb and fastboot as I suspected if we could glitch the phone in fastboot mode we could unlock it lol at least that's what I hoped for, tried upload mode kernal panic the 3 different download modes and tried to replace the Samsung download mode driver and flash the fastboot Android driver on top of it but my lack of knowledge on these things hindered me from making any progress but I believe there's a exploit in this root software that was copyed from the s9 and simply devs don't want to waste there time because they believe it is impossible. I've seen much hard thing accomplished in this dev sight hopefully the right person can figure it out and Is motivated by this post or point me in the right direction ? thanks if you read all this if I get it unlocked you will def see another post lengthy post ?