Related
I know that the Verizon bootloader is almost impenetrable as is, but would it be plausible to completely go over the head of the firmware and directly write an image with JTAG that would allow for custom software? If so, would it be possible to use the firmware from another carrier like USC or would it have to be a custom image?
EDIT: summary of the method and everything I have thusfar discovered
So, this method after a bit of evolution, got to the point it basically entailed the following: Using the SD Card debrick method (popularized by the galaxy s3 LTE variants) a modified firmware image would be written to an SD Card, and the phone would boot from that image. The main problem I ran into: it would not let me flash anything that could brick the phone, nor was I able to pull the usb cord at the right moment and try and manually brick it. I was able to flash firmware and stock tars from other variants of the phone (such as the one that runs on T-mobile), but what I found out through that is a couple things:
1. The stock tars seem mostly carrier independent, and I was without any modification able to flash a T-mobile bootloader, system image, and pit file, but within recovery and download mode it would show that because of integrated CSC, it would still change back to the original variant. This could have implications for a very simple method of removing bloat from the phone, but I'm not so sure
2. It must have a very low level method of injecting information and file verification that is not located anywhere on eMMC
The latter led me to research a TON, eventually finding that the most likely culprit is the use of Qualcomm Qfuses, non-volatile pre-set memory located directly on the SoC, to check how the bootloader is signed. They consist of a couple blocks of registers, and definitely aren't readily writable. The trusted base of the entire secure system, the same system that KNOX invokes on other systems, is within a series of Qfuses. From what I have deduced, however, they must be at some software level writable, as although the Knox counter is an e-fuse, the others (such as the warrantee bit) have been both changed upon their void and reverted when brought back to a service center. This must mean that the entire block is possible to modify in both directions, unlike a fuse or breaker; It seems to act more like flash memory than a "fuse." This is very good, mainly because if the service center can change it it means that jtag has not been disabled by those flags, and is enabled in at least some form. What this also means is that without another MAJOR exploit within unfortunately simple, clean code or a leak of several RSA keys from verizon, either current workarounds such as safestrap are the answer for the foreseeable future, or a method of manually changing a simgle Qfuse (the one that controls the "Qualcomm Secureboot" flag) could be used.
What I'm hopefully going to start at some point here is research into finding a way of accessing and changing that Qfuse via JTAG. I have no money for a JTAG box at the moment, so it'll have to wait, but if anyone who already has one wants to use it, hopefully this info helps
P.S. I figured out exactly what T-flash does in odin: it flashes the files that you input into odin to the currently inserted SD Card (or so it seems, I could be wrong but that's what it did for me)
P.P.S. Verizon, I respectfully request that...oh never mind, profanity is definitely frowned upon here
Also, I'm in ongoing discussion with the FCC as to block C violations by Verizon of aspects of the regulations that upon research have not really been argued to any substantial extent, so if that comes to fruition hopefully there'll be simple ODIN flashable patches for this stuff :fingers-crossed:
UPON REFLECTION: if the phone could be bricked, either by very subtly corrupted file or by interrupting a flash at the right moment, then could the debrick image from a tmobile galaxy s5 with an unlocked bootloader be used as not a method of flashing the on-board bootloader but as a kind of external boot, so a permenantly installed SD Card that would be permissive of modified kernels and such but still accepted as a boot device by the phone?
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
tr4nqui1i7y said:
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
Click to expand...
Click to collapse
what was done with the droix x? Did they use a direct JTAG patch?
I just realized something. From reading here: http://forum.gsmhosting.com/vbb/f200/how-fix-samsung-galaxy-s5-sm-g900f-dead-boot-1813266/
It seems to show that the S5 has a "alternative boot upon init fault" method similar to that that allows the galaxy s3 debrick to work (I have a guide I made with details) so would it be possible to somehow corrupt a very important part of the bootloader in an official update (would one or two bits still mess with the signature?), apply that, and have an insecure bootloader on a microsd card in the phone allowing it to boot into that, then use that with odin to flash an insecure bootloader to the s5 itself?
Now I have to ask an interesting question somewhere (since he: http://forum.xda-developers.com/verizon-galaxy-s5/help/g900v-hard-brick-t2914847 seems to have done it): "guys how do I brick my sm-g900v?"
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
tr4nqui1i7y said:
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
Click to expand...
Click to collapse
I think it might actually be easier
So long as a couple conditions are met for it:
1. The bootloader alone determines if an image is "signed" or not (like when flashed in odin)
2. The same UnBrick exploit from the S3 LTE variants works in some form (secondary storage, fault-triggered boot)
3. It is possible to get it to load a modified bootloader from that secondary boot (this is why number 1 is important)
4. KNOX is completely firmware based, and doesn't have any chip based verification
5. I or someone else actually knows how to modify the bootloader such that it will allow unsigned images (even if not removing it all together, then changing the key to one they publicize so people can sign their rom with it)
If all of these are met, then we might actually have free root! Basically all it would involve would be bricking the device badly enough it boots from secondary storage, have that secondary boot have a "back door" that allows a custom image to be flashed, that allows a bootloader image to be flashed that allows for a signed recovery (signed with that publicly available code) to be flashed without having to deal with safestrap or anything like that. Just full root like on any other phone. Anyone want to offer an opinion? Will this work? I would love to try this out, though I'm a bit unwilling to offer my s5 as a sacrifice just yet as I don't have a JTAG unit on site. I know the bounty is probs gone but I'm ok just getting my bootloader unlocked an' $#*+
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
tr4nqui1i7y said:
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Click to expand...
Click to collapse
Have you found anything yet?
dreamwave said:
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
Click to expand...
Click to collapse
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
dreamwave said:
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
Click to expand...
Click to collapse
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
that's why I'm hoping the debrick image method will work
tr4nqui1i7y said:
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
Click to expand...
Click to collapse
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom. Also, safestrap didn't do a thing with the bootloader, it was done during kernel init, right after firmware finishes. If a phone is hard bricked then adb won't work, and what I'm getting at is hard bricking it then using the debrick image thing
dreamwave said:
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom
Click to expand...
Click to collapse
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Click to expand...
Click to collapse
I don't know, I got it to go back to when root was still possible to get via an app. I don't see why there's a need to downgrade the bootloader if the debrick image thing works
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
Click to expand...
Click to collapse
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
dreamwave said:
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
Click to expand...
Click to collapse
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
tr4nqui1i7y said:
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
Click to expand...
Click to collapse
but that has already been done I think, root on a system with any bootloader so long as a root exploit exists for the OS
That's safestrap. It doesn't allow custom kernels or a full custom recovery though, that's why I'm trying to modify the bootloader
LTE band 66 service and OTA updating is disabled through the DirtySanta root exploit on the stock build when rooted. I was hoping that there would be a ROM or two for the Canadian version of this device. Need something relatively stable, with nightly updates, and with support for AWS 3/Band 66 connectivity
Any leads are are appreciated. Thanks!
Considering the 915 isn't even a supported device no. If someone has gotten the 915 please let me know.
Until FREEDOM Mobile allows the LG V20 LOCKED bootloader to be UNlocked, there will be no FREEDOM to have a custom ROM anytime soon
That is what I got the T-mobile version with the unlockable bootloader which works great on NON-freedom.
lumberguy1028 said:
LTE band 66 service and OTA updating is disabled through the DirtySanta root exploit on the stock build when rooted. I was hoping that there would be a ROM or two for the Canadian version of this device. Need something relatively stable, with nightly updates, and with support for AWS 3/Band 66 connectivity
Any leads are are appreciated. Thanks!
Click to expand...
Click to collapse
Well i have a theory about getting root and signal on the 915 but it involves losing recovery afterwards. If anyone wants to discuss it let me know
markbencze said:
Well i have a theory about getting root and signal on the 915 but it involves losing recovery afterwards. If anyone wants to discuss it let me know
Click to expand...
Click to collapse
Actually very interested. I have the LGUP tool on Windows with Uppercut drivers installed, so I can unbrick my device even without recovery. Living without a rooted device is causing me extreme stress and trauma.
lumberguy1028 said:
Actually very interested. I have the LGUP tool on Windows with Uppercut drivers installed, so I can unbrick my device even without recovery. Living without a rooted device is causing me extreme stress and trauma.
Click to expand...
Click to collapse
Ok so here's my theory.
Basically we can root and have twrp but the problem is that signal ceases to exist afterwards which we assume is caused by the bootloader. Someone posted that they fixed their signal issues using the hidden menu features. But they didn't elaborate if they were rooted at the time and that was the direct reason for losing it in the first place. Nor have they replied. So that part is unknown. It may or may not be an option. The other question I had was is it just wind users who lose signals or does it affect wind devices that are unlocked but being used on other networks like bell, etc.
Anyway those are the unknown things that I'd like some clarification on. But in the meantime here's a theory I have that may or may not work if the above signal fix doesn't work.
So if the above fixing signal doesn't work via that hidden menu then we should be able to confirm the bootloader is the issue. What that means is that we need to have stock bootloader in order for everything to work.
But you cannot have stock bootloader with twrp unless you've "bumped" your recovery which we cannot do.
So my theory was to follow the whole root method and once your phone is booted up with root and twrp you would extract the stock recovery and stock bootloader from the restore file. Then you would flash them via flashfire which I'm told can be done. I'm told that flashing the bootloader does wipe your device which would eliminate root since it's the systemless method. So in theory you'd be back to pure stock again. That's not what we want to have. So we would have to use an alternative root like phh's root method flashed instead of supersu from twrp during the initial root process here. My theory is that you would be restored to stock again but you would have root at least.
So you would at least be able to tinker just not flash stuff. But I believe you can flash a few things from flashfire and still have root for general tinkering or ad block etc.
Of course there is also the possibility that with the locked bootloader (stock) that your phone may not even boot due to new security features in 7.0
But like I said this is just a theory that may or may not work. I haven't had time to try it because I'm constantly busy working and testing themes but if I do ever get time I would consider trying it if we can confirm that we are able to 100% restore to stock. At least with that confirmation we know that if it doesn't work we can get back to how things were.
Hopefully that makes sense.
markbencze said:
Ok so here's my theory.
Basically we can root and have twrp but the problem is that signal ceases to exist afterwards which we assume is caused by the bootloader. Someone posted that they fixed their signal issues using the hidden menu features. But they didn't elaborate if they were rooted at the time and that was the direct reason for losing it in the first place. Nor have they replied. So that part is unknown. It may or may not be an option. The other question I had was is it just wind users who lose signals or does it affect wind devices that are unlocked but being used on other networks like bell, etc.
Anyway those are the unknown things that I'd like some clarification on. But in the meantime here's a theory I have that may or may not work if the above signal fix doesn't work.
So if the above fixing signal doesn't work via that hidden menu then we should be able to confirm the bootloader is the issue. What that means is that we need to have stock bootloader in order for everything to work.
But you cannot have stock bootloader with twrp unless you've "bumped" your recovery which we cannot do.
So my theory was to follow the whole root method and once your phone is booted up with root and twrp you would extract the stock recovery and stock bootloader from the restore file. Then you would flash them via flashfire which I'm told can be done. I'm told that flashing the bootloader does wipe your device which would eliminate root since it's the systemless method. So in theory you'd be back to pure stock again. That's not what we want to have. So we would have to use an alternative root like phh's root method flashed instead of supersu from twrp during the initial root process here. My theory is that you would be restored to stock again but you would have root at least.
So you would at least be able to tinker just not flash stuff. But I believe you can flash a few things from flashfire and still have root for general tinkering or ad block etc.
Of course there is also the possibility that with the locked bootloader (stock) that your phone may not even boot due to new security features in 7.0
But like I said this is just a theory that may or may not work. I haven't had time to try it because I'm constantly busy working and testing themes but if I do ever get time I would consider trying it if we can confirm that we are able to 100% restore to stock. At least with that confirmation we know that if it doesn't work we can get back to how things were.
Hopefully that makes sense.
Click to expand...
Click to collapse
Im not sure how much you followed with me but... In my attempts to find a return to stock method i reflashed my stock aboot(bootloader). This bricked me. There is no way to use the stock bootloader once its been replaced that i have found.
me2151 said:
Im not sure how much you followed with me but... In my attempts to find a return to stock method i reflashed my stock aboot(bootloader). This bricked me. There is no way to use the stock bootloader once its been replaced that i have found.
Click to expand...
Click to collapse
Thanks for clearing that up. So then my next question was did you attempt that signal fix method and were you using yours on wind or was it an unlocked wind used on another network?
here's the link to this signal fix https://forum.xda-developers.com/showpost.php?p=70328080&postcount=3
and here is a post about someone saying they used it to fix their signal but they wouldn't elaborate on anything else.
https://forum.xda-developers.com/showpost.php?p=70571563&postcount=12
markbencze said:
Thanks for clearing that up. So then my next question was did you attempt that signal fix method and were you using yours on wind or was it an unlocked wind used on another network?
here's the link to this signal fix https://forum.xda-developers.com/showpost.php?p=70328080&postcount=3
and here is a post about someone saying they used it to fix their signal but they wouldn't elaborate on anything else.
https://forum.xda-developers.com/showpost.php?p=70571563&postcount=12
Click to expand...
Click to collapse
Lol Im the dirtysanta dev. I have a LS997. Not a 915.
me2151 said:
Lol Im the dirtysanta dev. I have a LS997. Not a 915.
Click to expand...
Click to collapse
Well I knew you had worked on ds. I wasn't sure however if you had a 915 or not. So then at this point it seems that if that signal fix is in fact valid that it is the only method to get things operational and I would presume it's a stretch given the user who posted about it doesn't seem to have any credibility to go by.
markbencze said:
Well I knew you had worked on ds. I wasn't sure however if you had a 915 or not. So then at this point it seems that if that signal fix is in fact valid that it is the only method to get things operational and I would presume it's a stretch given the user who posted about it doesn't seem to have any credibility to go by.
Click to expand...
Click to collapse
Thanks for this. Yeah DirtySanta may have been developed for LS997, but it seems to work on H915 minus the modem issue.
lumberguy1028 said:
Thanks for this. Yeah DirtySanta may have been developed for LS997, but it seems to work on H915 minus the modem issue.
Click to expand...
Click to collapse
Correct but it's useless to use since the phone doesn't function properly afterwards. If there was a confirmed way to have data and signal working then that would be great but there is nothing confirmed to work yet.
I've just moved to a V20 from a Note 4. All my Note4 ROMS were T-Mobile versions. I believe Rogers/Fido phones are basically the same as T-Mobile, which uses freq. channel 66 as well.
Has anyone tried a T-Mobile (918) ROM on the 915 yet? Might just work...
no root yet for freedom????/
whats the method
whats the method to root the lg h915
diehard2013 said:
no root yet for freedom????/
Click to expand...
Click to collapse
The 'Freedom' name becomes a bit ironic for the LG V20 H915 variant it seems. Not a lot of freedom when one can't unlock and root it. Just got one the other day as somehow my Note 4 stopped functioning as a phone, after a couple of months of fun running through loads of Lineage and other nightlies. Loved that phone, but I'll come to love the V20 I'm sure. Already like it a lot. But root seems essential. I haven't had an unrooted phone for more than a few hours in years. Adaway and just general user control of the file system seems essential. Getting rid of bloatware and such. I mean... I disabled a lot of that nonsense, but it's still there, existing in MY phone, which makes me mad. I want to dump a few custom notification sounds into root directories but can't. It's frustrating. So yeah, commenting to subscribe, and hoping a developer with a V20 in Canada decides to get excited enough to remedy the situation, whenever that becomes possible. Otherwise it seems I'll just have to get used to the odd ad and the other limitations.
GerardSamija said:
The 'Freedom' name becomes a bit ironic for the LG V20 H915 variant it seems. Not a lot of freedom when one can't unlock and root it. Just got one the other day as somehow my Note 4 stopped functioning as a phone, after a couple of months of fun running through loads of Lineage and other nightlies. Loved that phone, but I'll come to love the V20 I'm sure. Already like it a lot. But root seems essential. I haven't had an unrooted phone for more than a few hours in years. Adaway and just general user control of the file system seems essential. Getting rid of bloatware and such. I mean... I disabled a lot of that nonsense, but it's still there, existing in MY phone, which makes me mad. I want to dump a few custom notification sounds into root directories but can't. It's frustrating. So yeah, commenting to subscribe, and hoping a developer with a V20 in Canada decides to get excited enough to remedy the situation, whenever that becomes possible. Otherwise it seems I'll just have to get used to the odd ad and the other limitations.
Click to expand...
Click to collapse
Why Wouldent you just use the secret # in the hidden menu to change bands to get signial. Also you could try searching for exsisting bands that are near by, this dont require the hidden menu.
Sent from my [device_name] using XDA-Developers Legacy app
Not understanding what you are suggesting. I tried lots of hidden menu options to get the SIM recognized in the Note 4, but it appears the slot died on that phone. It just won't be a phone any more, no matter which ROM i flash.
If you mean the LG V20 I'm even more puzzled. How would changing hands help with rooting the phone?
GerardSamija said:
Not understanding what you are suggesting. I tried lots of hidden menu options to get the SIM recognized in the Note 4, but it appears the slot died on that phone. It just won't be a phone any more, no matter which ROM i flash.
If you mean the LG V20 I'm even more puzzled. How would changing hands help with rooting the phone?
Click to expand...
Click to collapse
Oops my bad i was sleeping while i read that. You can fix your sim card reader just use a soder tool. Also there maybe a root for this phone but i don't think it is safe enough yet.
Sent from my [device_name] using XDA-Developers Legacy app
Hi, first, I am pretty new to rooting, yet I have done similar things on other devices. Second, here is the info on my android phone:
Samsung galaxy S5 model SM-G900V
Android Version 6.0.1
EMMC: 11xx...
it is a verizon phone so I'm pretty sure the bootloader is locked, and the latest towelroot throws the "this phone isn't currently supported" error on any of the modstrings I use, as well.
I am looking for some more direction on how to root this phone, and would like some help.
TimX24968B said:
Hi, first, I am pretty new to rooting, yet I have done similar things on other devices. Second, here is the info on my android phone:
Samsung galaxy S5 model SM-G900V
Android Version 6.0.1
EMMC: 11xx...
it is a verizon phone so I'm pretty sure the bootloader is locked, and the latest towelroot throws the "this phone isn't currently supported" error on any of the modstrings I use, as well.
I am looking for some more direction on how to root this phone, and would like some help.
Click to expand...
Click to collapse
You can't. Root is not available for 6.0.1. At this late in the game, it's unlikely to ever be rootable.
painiac said:
You can't. Root is not available for 6.0.1. At this late in the game, it's unlikely to ever be rootable.
Click to expand...
Click to collapse
hmm, wondering if any other new verizon android phones will be rootable since I am available for an upgrade
painiac said:
You can't. Root is not available for 6.0.1. At this late in the game, it's unlikely to ever be rootable.
Click to expand...
Click to collapse
I got mine into a 4.4.2 rom and it was successfully rooted w busybox, but I can't install the SU binary or activate safestrap since it seems like I need one to get the other. is there a way around that?
painiac said:
You can't. Root is not available for 6.0.1. At this late in the game, it's unlikely to ever be rootable.
Click to expand...
Click to collapse
Also, I have seen sites claim things like you can root it, such as the one below:
androidinfotech.com/2016/07/root-samsung-galaxy-s5-sm-g900v-verizon.html
(had to edit out the www. part of the link)
however, they all require doing stuff with odin, and I am still concerned about files being lost.
Trying to get more info on this, I would appreciate any and all help.
TimX24968B said:
Also, I have seen sites claim things like you can root it, such as the one below:
androidinfotech.com/2016/07/root-samsung-galaxy-s5-sm-g900v-verizon.html
(had to edit out the www. part of the link)
however, they all require doing stuff with odin, and I am still concerned about files being lost.
Trying to get more info on this, I would appreciate any and all help.
Click to expand...
Click to collapse
I find it highly suspicious that this method hasn't been trumpeted here on xda. The broken english doesn't ease my suspicion, either. Personally, I would want to have a disposable phone on hand to try it out, since it hasn't been vetted here first.
Before you do anything, read through the guide linked in my sig to get yourself familiar with the process. If you decide to tackle it, let us know how it turns out.
painiac said:
I find it highly suspicious that this method hasn't been trumpeted here on xda. The broken english doesn't ease my suspicion, either. Personally, I would want to have a disposable phone on hand to try it out, since it hasn't been vetted here first.
Before you do anything, read through the guide linked in my sig to get yourself familiar with the process. If you decide to tackle it, let us know how it turns out.
Click to expand...
Click to collapse
yea I know it seemed suspicious, so I didn't want to try it. However, would you happen to know of any newer androids that can be rooted, particularly verizon ones? I saw the guide but I don't think I can downgrade since I'm on verizon and 6.0.1, and I'm still afraid of losing my data if I do. Thanks for the help.
You can root that phone, there is a guide in the general section: [GUIDE] Root, Bootloader Unlocks, and More!
Look at the cid 11 section. It will erase all of your data though and downgrade you to lolipop. I used that guide on a marshmellow cid 11 Verizon S5 recently and it worked just fine.
Sadly, the bootloader of cid 11 Verizon S5s are still locked. I dont think there is a way yet to root Verizon S5s with cid 11 without losing your data.
Thanks for letting me know! How would I go about backing up my data for this kind of task, in that case? I am pretty sure I do not use verizons cloud services, but i do use their app for messaging.
As long as I can get root access so i can free up some space on my phone and possibly do other stuff in the future as well, it would be great if theres a way to back everything up aside from just copying the whole sd card, particularly things like contacts and text messages in that verizon app. Im fine being on lolipop, and if i can back up my data, i do have my escape method of just ditching this phone and using my upgrade.
Second question: what would be a newer verizon phone that would be rootable on the latest android?
I didn't need the data when I rooted the S5 I had, so I didnt back anything up.
There should be various apps on google play you can use to backup your text messages and contacts. You can manually backup any pictures and other media to a pc or something. I dont think there is much you can do to save your app data without root already. You can probably look up the save loactions of some of your apps and manually backup those.
I dont keep up with phone releases, so I cant reccomend anything.
Sorry I can't be of more help.
Ammalin said:
You can root that phone, there is a guide in the general section: [GUIDE] Root, Bootloader Unlocks, and More!
Look at the cid 11 section. It will erase all of your data though and downgrade you to lolipop. I used that guide on a marshmellow cid 11 Verizon S5 recently and it worked just fine.
Sadly, the bootloader of cid 11 Verizon S5s are still locked. I dont think there is a way yet to root Verizon S5s with cid 11 without losing your data.
Click to expand...
Click to collapse
The problem here is the understanding of the word ROOT, those instructions allow you to do stuff to you cid11 s5's yes, however, if you install the LL stuff then yes you can achive root, or even flash an LL rom that already has root, if you install the MM stuff YOU CANNOT and WILL NOT achieve ROOT. There is NO root exploit or method for 6.0.1 What you will be able to do after puting the MM stuff in there is be able to flash a small file and access safestrap to flash whatever zips or things (within context) that you might need, but this will be needed everytime you want to access safestrap. You will also need to flash another file once in safestrap to correctly exit. It Will NOT EVER give you root in MM. But with this you can flash a debloat script and even an add block to make your phone more usable to you. (All of which is explained in detail in the MM section of that thread).
tong6998 said:
The problem here is the understanding of the word ROOT, those instructions allow you to do stuff to you cid11 s5's yes, however, if you install the LL stuff then yes you can achive root, or even flash an LL rom that already has root, if you install the MM stuff YOU CANNOT and WILL NOT achieve ROOT. There is NO root exploit or method for 6.0.1 What you will be able to do after puting the MM stuff in there is be able to flash a small file and access safestrap to flash whatever zips or things (within context) that you might need, but this will be needed everytime you want to access safestrap. You will also need to flash another file once in safestrap to correctly exit. It Will NOT EVER give you root in MM. But with this you can flash a debloat script and even an add block to make your phone more usable to you. (All of which is explained in detail in the MM section of that thread).
Click to expand...
Click to collapse
I never said he could have root on marshmellow. Sorry if that was confusing as I never said it exactly. The linked guide says no root on marshmellow in bold near the top. Just wanted to let the OP know he could get root on the phone in some way at least.
To all:
I'm perfectly fine with downgrading. It was just the issue with backing up data which was holding me back there. However, I am still looking into doing this and appreciate the help. I think all I would need now is to know if anyone knows if there is any relatively new verizon phone that could be rooted out of box. Thanks.
If you know little about rooting, I will advice you to read more information about sm-g900v marshmallow root, like rooting with one click rooting software, just try their free trail and see if you can accept. Android Root from RenewAndroid has help me to solve this similar issue before, my device is Samsung S6.
tong6998 said:
The problem here is the understanding of the word ROOT, those instructions allow you to do stuff to you cid11 s5's yes, however, if you install the LL stuff then yes you can achive root, or even flash an LL rom that already has root, if you install the MM stuff YOU CANNOT and WILL NOT achieve ROOT. There is NO root exploit or method for 6.0.1 What you will be able to do after puting the MM stuff in there is be able to flash a small file and access safestrap to flash whatever zips or things (within context) that you might need, but this will be needed everytime you want to access safestrap. You will also need to flash another file once in safestrap to correctly exit. It Will NOT EVER give you root in MM. But with this you can flash a debloat script and even an add block to make your phone more usable to you. (All of which is explained in detail in the MM section of that thread).
Click to expand...
Click to collapse
If you compile the Greyhat Root Console for the S5 Device and use a 6.0.1 ROM still exploitable by dirtycow, there is a chance you may be able to adjust the sepolicy on your device enough, or setup supersu manually. I have yet to try this on my MM G900V. But the code is there. It is just down to the device specific commands to run.
People say dirtycow is a tethered/temporal root that only lasts until you reboot the device, but that isn't always the case if you run the right commands in the right order, or have an APP that sets up the temporal root after boot has completed automatically.
Delgoth said:
If you compile the Greyhat Root Console for the S5 Device and use a 6.0.1 ROM still exploitable by dirtycow, there is a chance you may be able to adjust the sepolicy on your device enough, or setup supersu manually. I have yet to try this on my MM G900V. But the code is there. It is just down to the device specific commands to run.
People say dirtycow is a tethered/temporal root that only lasts until you reboot the device, but that isn't always the case if you run the right commands in the right order, or have an APP that sets up the temporal root after boot has completed automatically.
Click to expand...
Click to collapse
My biggest gripe is the native emulated disk-space....I have had LL PB1 rooted on 900V S5 (CID 11) for sometime. But even with de-bloat, tons of lockups, freezing, constantly wiping cache, was hoping a move to MM (with root, hadn't checked in a while hoping bootloader was solved...) would be the savior....
Alas, it seems PB1 rooted is still the way to go as I have an additional "APPS" EXT FORMATTED partition mounted for apps that behave on it...and use APPS2SD and soft-links to keep storage balanced...but it's still a pain...
Now I have that same question, what is panacea?
If I have to get a new phone (pay exorbitant retail price or some "bargain" on ebay) which is the best root-able/boot-load-able or allows for miniSD expansion (hate the finite XXGB storage ever dictates) with space that can all be recognized for Apps+....
Replies bc or otherwise welcome
Col. P.
Adopting MM...
c0lp4nik said:
My biggest gripe is the native emulated disk-space....I have had LL PB1 rooted on 900V S5 (CID 11) for sometime. But even with de-bloat, tons of lockups, freezing, constantly wiping cache, was hoping a move to MM (with root, hadn't checked in a while hoping bootloader was solved...) would be the savior....
Alas, it seems PB1 rooted is still the way to go as I have an additional "APPS" EXT FORMATTED partition mounted for apps that behave on it...and use APPS2SD and soft-links to keep storage balanced...but it's still a pain...
Now I have that same question, what is panacea?
If I have to get a new phone (pay exorbitant retail price or some "bargain" on ebay) which is the best root-able/boot-load-able or allows for miniSD expansion (hate the finite XXGB storage ever dictates) with space that can all be recognized for Apps+....
Replies bc or otherwise welcome
Col. P.
Click to expand...
Click to collapse
I stand corrected... I now see *Storage Adoption* as part of MM, that could be the ticket for me! Obviously it formats the whole SD as EXT format...which is no big deal for me...at that point, since MM is un-rootable....do I take the leap? Will it really improve the S5?
Thanks for listening!
C0l. P.
painiac said:
You can't. Root is not available for 6.0.1. At this late in the game, it's unlikely to ever be rootable.
Click to expand...
Click to collapse
Is it possible to go back to Lollypop version from 6.1
Billy7891 said:
Is it possible to go back to Lollypop version from 6.1
Click to expand...
Click to collapse
Yes
how can you that be done .It is my understanding that downgrades would be blocked. Is there another way?
Hi. Couple years back, I used Towelroot to mindlessly root my SM-G900V on version 4.4.2 (no CWM, stock bootloader, locked, thanks Verizon!). Google Now crashes the minute I open it and I figure it's time to update from 4.4.2 to 5 or whatever is stable these days. I'm paranoid to do this without running it by you gurus here, because I don't want to lose root, brick my phone, or turn it into a flaming fireball of doom. Can someone point me to a thread I overlooked or just type a few easy-to-follow steps with link to ROM so I can upgrade my Galaxy S5?
Is a downgrade back to 4.4.2 possible if I don't like the upgrade?
Thanks in advance!
androidman807 said:
Can someone point me to a thread I overlooked
Click to expand...
Click to collapse
https://forum.xda-developers.com/ve.../testers-required-easier-root-method-t3561529
Thanks. I've spent a couple of hours and am on post 171 of the thread. I'm a CID 11 that needs to follow those steps on post 3. Regardless, this seems to be designed to take me from Kitkat to Marshmallow, skipping me right past the land of Lollipop. I haven't tried it yet, but 2 questions:
1) once in Marshmallow, can I get back to Lollipop or Kitkat?
2) the intro to the steps say that CID=11 needs SafeStrap or Flashfire, but the actual steps never mention Flashfire (only safestrap). Is it truly either/or, or is there an advantage to SS?
Thanks!
bbsc said:
https://forum.xda-developers.com/ve.../testers-required-easier-root-method-t3561529
Click to expand...
Click to collapse
1. Lollipop - yes, Kitkat - no.
2. You still can use SS on MM. It's a little tricky but still possible.
Flashfire requires root so it will not work on MM for CID 11.
This thread may also be useful for understanding the things: https://forum.xda-developers.com/ve...al/guide-painiacs-essential-guide-to-t3319848
I'll check out that thread (thank you for that), but I'm confused by something you wrote: "Flashfire requires root so it will not work on MM for CID 11." My Kitkat currently has root. Are you suggesting that when I throw Marshmallow on it I'll lose it?
And if you all will allow me to hijack my own thread, is Marshmallow really worth the upgrade from Lollipop? Heck, is Lollipop that much better than Kitkat? I've got a (mostly) working rooted system now, and it sounds like I can go up to 6 and back down to 5, but never again back to 4, hopefully keeping root the whole journey.
Thanks for reading and helping a new guy out. I figure others will find this information helpful down the road, as 4.4.2 was easy to root.... but where (if anywhere) from here?
bbsc said:
1. Lollipop - yes, Kitkat - no.
2. You still can use SS on MM. It's a little tricky but still possible.
Flashfire requires root so it will not work on MM for CID 11.
This thread may also be useful for understanding the things: https://forum.xda-developers.com/ve...al/guide-painiacs-essential-guide-to-t3319848
Click to expand...
Click to collapse
androidman807 said:
My Kitkat currently has root. Are you suggesting that when I throw Marshmallow on it I'll lose it?
Click to expand...
Click to collapse
Yes.
You say your phone has CID11. For SM-G900V it means it has a locked bootloader that cannot be unlocked (currently, but most likely - never).
Locked bootloader is called so because it's locked to boot only certain digitally signed kernel (aka boot.img)
Root on MM requires a modified kernel which cannot be booted by a locked bootloader.
That's why you cannot have root on MM and will lose it when upgrading.
androidman807 said:
is Marshmallow really worth the upgrade from Lollipop?
Click to expand...
Click to collapse
Only you can answer for yourself.
What are you using root for?
I have 4 or 5 S5s (G900V) here running MM and only one (mine) is rooted. No claims so far They just work.
BTW, all of them are running Devbase-4.2 from Alexndr.
If you're on Verizon you may like one of stock debloated ROMs which can be found in this section.
Thanks for all your help.
Reading the first few posts here really helped a lot to get a background. Then I attempted the steps here you provided on post 3 for my 11.
I thought I could pick my build after reading painiac's post, and was shy about going all the way up to PB1, but all the ones I chose wouldn't TowelRoot. I really did have to follow the instructions as written and use the COMBINATION EMMC ROM provided there. It freaked me out at first that it ended me up in Kitkat, but the final step brought up Lollipop and completed the process well.
The one scary point is after I ran Titanium getting ready to put some apps back on and used the "restore previous ID" it gave a panic, took me back to recovery and froze... required removing the battery, where normally that just causes a reboot. I did read the part in Painiac's post where he says don't restore system app (I had to export and import my contacts using the phone app to SD card and not Titanium - that worked). I hope my "restore previous ID" didn't go against his advice.
Other than that, things seem to be working smoothly now. I'm on Lollipop PB1 and not sure I even need Marshmallow. Thanks for all your help.
bbsc said:
Yes.
You say your phone has CID11. For SM-G900V it means it has a locked bootloader that cannot be unlocked (currently, but most likely - never).
Locked bootloader is called so because it's locked to boot only certain digitally signed kernel (aka boot.img)
Root on MM requires a modified kernel which cannot be booted by a locked bootloader.
That's why you cannot have root on MM and will lose it when upgrading.
Only you can answer for yourself.
What are you using root for?
I have 4 or 5 S5s (G900V) here running MM and only one (mine) is rooted. No claims so far They just work.
BTW, all of them are running Devbase-4.2 from Alexndr.
If you're on Verizon you may like one of stock debloated ROMs which can be found in this section.
Click to expand...
Click to collapse
A couple of months back, I updated from Kitkat to Lollipop using the instructions below, and ever since, I've had two persistent problems, and I'm wondering if anyone else has:
1) Wi-fi cuts out every few days requiring a reboot fix. This seems to be related to DNS.
2) Receiving picture texts (MMS) show up as "Message size: 2KB Expires: (date)" with no way to download or view. I see no workaround other to tell friends to email me pictures instead of texting them.
I've tried a factory reset, but haven't gone back to Odin yet to try to put PB1 on again (or a different ROM?). The good news is SafeStrap recovery is on the phone now. What can I try next to resolve these two problems? I can live with them with the reboot and avoiding MMS, but they are not trivial.
Thanks for any guidance or advice. Please help.
androidman807 said:
Thanks for all your help.
Reading the first few posts here really helped a lot to get a background. Then I attempted the steps here you provided on post 3 for my 11.
I thought I could pick my build after reading painiac's post, and was shy about going all the way up to PB1, but all the ones I chose wouldn't TowelRoot. I really did have to follow the instructions as written and use the COMBINATION EMMC ROM provided there. It freaked me out at first that it ended me up in Kitkat, but the final step brought up Lollipop and completed the process well.
The one scary point is after I ran Titanium getting ready to put some apps back on and used the "restore previous ID" it gave a panic, took me back to recovery and froze... required removing the battery, where normally that just causes a reboot. I did read the part in Painiac's post where he says don't restore system app (I had to export and import my contacts using the phone app to SD card and not Titanium - that worked). I hope my "restore previous ID" didn't go against his advice.
Other than that, things seem to be working smoothly now. I'm on Lollipop PB1 and not sure I even need Marshmallow. Thanks for all your help.
Click to expand...
Click to collapse
Here's my Cheat Sheet ! This is the same procedure I used a while back with N910VVRU2CPD1 . I just updated the thread to work with the newer package.
1. Odin SamMobile N910VVRU2BPA1
reboot and factory reset a few times if needed to remove custom icon
2. Odin hsbadr's N910VVRU2BPA1_N910VVRU2CPD1_FullFirmware.tar HERE
3. Unlock with the samsung_unlock_n4-fix PROCESS use SIM card for data. Wi-Fi will not work at this point.
4. Odin twrp-3.0.2-0-trltevzw.tar Uncheck Auto Reboot, Manually boot into TWRP
5. Odin hsbadr's N910VVRU2CPD1_StockRestore.tar HERE
6. TWRP BETA-SuperSU-v2.71-20160331103524, Factory Reset, boot system
7. Use FlashFire to Flash firmware package SamMobile N910VVRU2CQI2
( ! System and Cache only ! )
Your mileage may vary.
Before I install my personal apps I remove as much Verizon, Samsung and Google spyware as possible.
-------------------------------------------------------------------------------------------------
EDIT: I was able to skip the recommended rooting and unlocking of 5.1.1 and make the jump I described.
I did not do the unlock using Kingroot until step 3 and I did not permanent root with Super Su until step 6.
No matter how you get there the phone has to be on [Firmware] [MM] [6.0.1] [RetEd/DevEd] Safe Upgrade to Marshmallow [N910VVRU2CPD1] then you can use FlashFire.
Hyperlinks are in the text to most of what's needed.
Credit AstonsAndroid I found it HERE
I keep seeing people saying there is a way to just flash TWRP and Magisk and you're done. I'd like to avoid SuperSU and the other root methods if possible. How would that work with your updated guide? Thanks
My main concern is the spyware the guys on Reddit bring up. Not to use kingroot and the like. Was there any resolution to this thread you posted Dr cool? Want to unlock my bootloader and flash the MODest ROM but I want to be able to avoid spyware too. Thanks for your work.
https://forum.xda-developers.com/no...spyware-fix-fixed-lag-wi-fi-problems-t3433839
RootMyNote4Please said:
My main concern is the spyware the guys on Reddit bring up. Not to use kingroot and the like. Was there any resolution to this thread you posted Dr cool? Want to unlock my bootloader and flash the MODest ROM but I want to be able to avoid spyware too. Thanks for your work.
https://forum.xda-developers.com/no...spyware-fix-fixed-lag-wi-fi-problems-t3433839
Click to expand...
Click to collapse
I'm not sure if it was spyware or what. but my phone performance better after cleaning out that folder.
Thanks doc. Is that a folder that gets overwritten when you flash a new room?
This says "Continue with sim card data because wifi wont work at this point."
What if we don't have any data right now? Will it still work?
lodilovesmuffins said:
This says "Continue with sim card data because wifi wont work at this point."
What if we don't have any data right now? Will it still work?
Click to expand...
Click to collapse
Kingroot needs to connected to root. I never seen it work without a connection. N910VVRU2BPA1_N910VVRU2CPD1_FullFirmware.tar brakes wifi but you get it back with N910VVRU2CPD1_StockRestore.tar, I dont know why. It just works
RootMyNote4Please said:
Thanks doc. Is that a folder that gets overwritten when you flash a new room?
Click to expand...
Click to collapse
My best guess now is it's some kind of provisioning issue that is cleaned up. Some of the files deleted you may actually need some day.
does this require the developer version? btw how do i backup
I seem to lose root after I flash CPD1. Still have TWRP though and says developer mode. What could be causing this?
Edit - When I flash stock restore I mean. I get rooted on BPA/CPD and then when I go to the next step I'm losing root and Kingroot says it has no solutions. I must be doing something wrong.
RootMyNote4Please said:
I seem to lose root after I flash CPD1. Still have TWRP though and says developer mode. What could be causing this?
Edit - When I flash stock restore I mean. I get rooted on BPA/CPD and then when I go to the next step I'm losing root and Kingroot says it has no solutions. I must be doing something wrong.
Click to expand...
Click to collapse
As long as you have TWRP installed still you are in good shape. At that point, you could either flash (through TWRP) SuperSu or magisk (on certain kernels magisk install errors out in twrp). The main objective is to get the custom recovery (twrp) installed on the 6.0.1 bootloader and once that's done it's just a matter of flashing your preferred rooting method or flashing a rom that has root included.
You can use an app like this to check your bootloader to make sure it's the right one.
kevintm78 said:
As long as you have TWRP installed still you are in good shape. At that point, you could either flash (through TWRP) SuperSu or magisk (on certain kernels magisk install errors out in twrp). The main objective is to get the custom recovery (twrp) installed on the 6.0.1 bootloader and once that's done it's just a matter of flashing your preferred rooting method or flashing a rom that has root included.
You can use an app like this to check your bootloader to make sure it's the right one.
Click to expand...
Click to collapse
That's weird. I flashed SuperSU but it didn't show up in the apps and when I tried to use Flashfire it said I didn't have root.
Got there. SuperSU had an error message when I tried to install it the 1st time after flashing full system. So I rebooted and installed again. Now Flashfire crashes and won't open. Switched to Flashify and it seems to work ok.
Edit - Stuck here for now. Flashify can't seem to find the CQI2 file and I still haven't been able to get Flashfire to work. Tried an older version and still crashes when it checks to see if I have the pro version or not.
In case someone else has the same problem with Flashfire, it's because the program expired April 1st, 2018. Turn the date back on your phone and it will load.
Finally completed it!!!
Ok, so the things I learned from my trials and errors.
1) DON'T flash the kernal and SU after you root with the N4 fix. I did this the 1st 15 times and could never get Flashfire to work later on. So skip all of the stuff in that post after you flash TWRP. Then flash the next firmware step.
2) Uncheck auto time and date on your phone and roll it back to before 4/1/18 to get Flashfire to work.
I'm sure there are some more things and I'll add whatever else I think can help the next guy along. Good luck! And thanks for the guide doc!
Note: Did the phone icon on your lock screen disappear as well when you were done? The camera is there on the bottom right like normal, but the phone is gone on the bottom left and it displays the charging info there now.
Thanks for this - it was helpful to make clear that in my mind that despite what other guides say, there is no need to unlock a Lollipop bootloader with a Lollipop kernel + ROM first, and that we can boot a Lollipop kernel + ROM with a Marshmallow bootchain and unlock the Marshmallow bootloader from the get-go.
I tracked down the CQI2 full Odin and I made hybrid Odins that get you "rooted on N910VVRU2CQI2" in fewer steps, following hsbadr's file naming scheme:
N910VVRU2BPA1_N910VVRU2CQI2_FullFirmware.tar.md5: MM CQI2 bootchain/firmware/modem, LL BPA1 ROM/kernel/recovery
N910VVRU2CQI2_StockRestore.tar: MM CQI2 ROM/kernel (no recovery - TWRP isn't overwritten)
These should be fine as drop-in replacements for the files mentioned in steps 2 and 5 of your guide.
Using these obviously means that you are unlocking the CQI2 aboot instead of the CPD1 aboot in step 3 while temprooted, and - importantly - step 7 is unnecessary to get to a CQI2 ROM, which is good because Flashfire is now expired :3
I doubt there's much of a real benefit to being on the newer aboot, but hey, why not.
Hey, no one answered my question from a while ago. So I'll ask again, does this require the developer version of the Note 4?
lodilovesmuffins said:
Hey, no one answered my question from a while ago. So I'll ask again, does this require the developer version of the Note 4?
Click to expand...
Click to collapse
No, this will work with both versions of the verizon note 4.
kevintm78 said:
No, this will work with both versions of the verizon note 4.
Click to expand...
Click to collapse
Ok, thank you very much. I'll try and root my phone with this tutorial now.
Please help!!!!
I followed this link because its supposed to be a way to downgrade from 6.1.0 to 5.1.1 so I can unlock boot loader. However, these instructions make no sense to me. Can someone PLEASE help me. I've been searching and searching for a way to root my note 4 (N910VVRS2CQA1) and can't seem to find a way. I've never done this before so I'm pretty clueless. When I read these instructions, I just don't understand what I'm supposed to be doing. A lot of this tech lingo means nothing to me unfortunately. I'm starting to thing I should just give up the idea of rooting this Note 4 that's getting slower and slower and just get a new one. I don't really want to though bc I love the fact that you can replace the battery. It'd be much easier to just root and upgrade.....well, easier if I actually knew how.