Related
HTC Quick Root - For ALL HTC Devices
Here is my One Click Root and UnRoot solution for ALL HTC Devices.
Note that the Insecure Boot.img method is for all devices but requires S-OFF and your Insecure Boot.img MUST have 'ro.secure' set to '0' and not use a patched adbd binary.
The Universal Exploit should work for all devices as long as you are running a FULL Stock ROM including recovery.
The Universal Exploit WILL however fail if it has been patched by HTC on the Stock ROM you are using.
Features:
Root Using Insecure 'Boot.img' (S-OFF Only) or Universal Exploit. (S-ON / S-OFF)
Option to Flash 'HBOOT' Image after Rooting, even if your device is 'S-ON'!
Verify MD5 Checksum of 'HBOOT' Image after backing up and after flashing.
Unroot Device by Patching 'adbd' binary as Insecure.
Root Tools to Clear Battery Stats and Dalvik Cache.
Reboot device to any mode after Rooting.
Execute Reboot commands independantly.
Thorough Error Checking and Stable ADB Framework implementation.
Includes BusyBox v1.20.2 and SuperSU v0.96
Note: Make sure you Enable USB Debugging and Disable 'Fastboot' under Power in Settings before using HTC Quick Root.
Click to expand...
Click to collapse
Enjoy!
Whats New in v1.1.13:
1. Added: Error detection in the Universal Exploit Method will now report an Error if the Exploit has been patched on the installed firmware.
2. Changed: Independent Reboot Options now support Fastboot aswell as ADB.
3. Fixed: A few other minor bugs and made a few alterations to the code in general.
Whats New in v1.1.12:
1. Fixed: A bug in Device Detection that caused Null Reference Exceptions in some situations.
2. Changed: Made some cosmetic changes in the 'Wait For Device' Dialog.
3. Fixed: The Power Pack 10.0 Error will no longer occur. Dependancy has now been removed.
4. Improved: Error handling changes have now been made.
5. Added: HTC Quick Root will now perform a clean up after 'Failed!' Errors as long as the device is still connected with ADB.
6. Fixed: A few other minor bugs.
Whats New in v1.1.10:
1. Initial Release.
frist,thank you!
GOOD JOB,but...Do U Know HTC Primo_U can't restore hboot.img ? i have try to restore it. dd if notice me success.but hboot is original....
SIM Unlock
Hi there!
There are any chances to SIM UNLOCK HTC Desire S?
Thanks!
helbet said:
Hi there!
There are any chances to SIM UNLOCK HTC Desire S?
Thanks!
Click to expand...
Click to collapse
Afraid not. Only way is to clear s58 data using xtc clip or an unlock code or other service equipment. I'll certainly look into it though.
Sent from my HTC Desire S using Tapatalk 2
Maybe add logcat funktion too. Aren't there different files needed for every device for this to work?
Sent from my HTC Incredible S using xda app-developers app
Silversniper said:
Maybe add logcat funktion too. Aren't there different files needed for every device for this to work?
Sent from my HTC Incredible S using xda app-developers app
Click to expand...
Click to collapse
Not unless you want to root via insecure boot image then in that case its device specific. Also HBOOT is also device specific but the Universal Exploit will work on any device that hasn't had the vulnerability patched.
Sent from my HTC Desire S using Tapatalk 2
lyriquidperfection said:
Afraid not. Only way is to clear s58 data using xtc clip or an unlock code or other service equipment. I'll certainly look into it though.
Click to expand...
Click to collapse
Thanks a lot! Maybe you will find a way.. It will be REVOLUTIONARY!
Hi,
This works in HTC Sensation Xe?
Regards
cosmicsnake said:
Hi,
This works in HTC Sensation Xe?
Regards
Click to expand...
Click to collapse
Try it and let us know!
Sent from my HTC Desire S using Tapatalk 2
lyriquidperfection said:
Try it and let us know!
Sent from my HTC Desire S using Tapatalk 2
Click to expand...
Click to collapse
I'm trying!
My device is with USB Debugging enable, but tell me that "Device not Connected"!
Any suggestions?
Regards
cosmicsnake said:
I'm trying!
My device is with USB Debugging enable, but tell me that "Device not Connected"!
Any suggestions?
Regards
Click to expand...
Click to collapse
Make sure fastboot is disabled under power settings also.
Sent from my HTC Desire S using Tapatalk 2
lyriquidperfection said:
Make sure fastboot is disabled under power settings also.
Sent from my HTC Desire S using Tapatalk 2
Click to expand...
Click to collapse
Is disable!
Need htc drivers in computer?
cosmicsnake said:
Is disable!
Need htc drivers in computer?
Click to expand...
Click to collapse
Well yes of course you do! Install them and it will work!
Sent from my HTC Desire S using Tapatalk 2
Thanks for this, I'm a noob, will your rooting exploit automatically make my Desire S S-off?
Park82 said:
Thanks for this, I'm a noob, will your rooting exploit automatically make my Desire S S-off?
Click to expand...
Click to collapse
Afraid not. Perm Roots only. S-OFF is a whole different ball game!
Sent from my HTC Desire S using Tapatalk 2
Thanks. Can anyone confirm that this works on the official ICS RUU? (desire s)
No list of supported devices? :/
my htc is s-off locked
hboot 1.27
its not working
Fatal1ty_18_RUS said:
No list of supported devices? :/
Click to expand...
Click to collapse
All devices are supported using insecure Boot Image and all devices that haven't had the Universal Exploit patched are also supported!
Sent from my HTC Desire S using Tapatalk 2
Massive props to @djrbliss for adding support in his Loki tool for our device! Loki bypasses the bootloader and enables patched recoveries to be flashed. Mainly a tool for developers.
Can be found here: https://github.com/djrbliss/loki
Instructions for use in the above link!
I have to return my device because of the blue line issue but when i get a (hopefully) working device i will see if i can get a recovery.img sorted!
the_crevis said:
Hi, any progress with unlocking/hacking our device's bootloader? Am I right in thinking that the g pads software is very similar to that of the g2? Could we not use the Loki method for that device? I just wanted to get some discussion going.
Here is the email I sent LG:
" Hi there,
I am enquiring on behalf of many other v500 (LG G Pad 8.3) users as to whether it would be possible for you to provide a way to unlock this device's bootloader. Many other manufacturers provide a way to do this (HTC, Sony etc) and I believe it would be positive for LG to likewise provide a tool. It certainly would please and greatly help users such as I, who like to contribute to open source Android and hence flash custom firmware.
Thank you in advance,
Ben."
Worth a try!
Update: We can use Loki to bypass the bootloader, we just need the dev to port the tool to our device! All that needs to be done is for someone to provide the build number and a copy of the aboot partition to him in this thread: http://forum.xda-developers.com/showthread.php?t=2358871 - will do this once my device has arrived (still in the post).
Click to expand...
Click to collapse
On behalf of all of us LG G Pad owners.... you are the man!
shampiaj said:
On behalf of all of us LG G Pad owners.... you are the man!
Click to expand...
Click to collapse
+1 :good:
New Update!Roustabout on android central has pulled the aboot.img from his device and submitted a request to the Loki dev on github, I added in the build information. So hopefully we should have a boot loader workaround soon! Then I can look at getting a custom recovery and cyanogenmod on this device! I am rather new at this stuff but I will give it a go!
Massive props to @djrbliss for adding support in his Loki tool for our device! Loki bypasses the bootloader and enables patched recoveries to be flashed. Mainly a tool for developers.
Can be found here: https://github.com/djrbliss/loki
I have to return my device because of the blue line issue but when i get a (hopefully) working device i will see if i can get a recovery.img sorted!
Any news about the tool guys?
pegox said:
Any news about the tool guys?
Click to expand...
Click to collapse
Loki has been out and working on this device for a while now. It is the only way we can have custom recoveries and roms
Sent from my LG-V500 using Tapatalk
joshuadjohnson22 said:
Loki has been out and working on this device for a while now. It is the only way we can have custom recoveries and roms
Sent from my LG-V500 using Tapatalk
Click to expand...
Click to collapse
Thank you sir
Inviato dal mio Galaxy Nexus utilizzando Tapatalk
v500 requires loki, which is a bootloader bypass achieved by patching various things, to load custom recoveries, kernels, roms. the v510 (GPE) does not require loki as you can simply unlock the BL via fastboot oem unlock... loki patched roms/kernels will not work on a v510 GPE. In order for these to work on the GPE, the loki patched portion of the rom, usually the kernel must not be loki patched...the hardware is similar enough between the two variants that it shouldnt be hard to make universal roms/kernels.
djkinetic said:
v500 requires loki, which is a bootloader bypass achieved by patching various things, to load custom recoveries, kernels, roms. the v510 (GPE) does not require loki as you can simply unlock the BL via fastboot oem unlock... loki patched roms/kernels will not work on a v510 GPE. In order for these to work on the GPE, the loki patched portion of the rom, usually the kernel must not be loki patched...the hardware is similar enough between the two variants that it shouldnt be hard to make universal roms/kernels.
Click to expand...
Click to collapse
Theoretically, wouldn't it be possible to flash the V510 bootloader on V500. Sorry if this is stupid question, but mostly nexus user here, so limited exposure to locked bootloader. Got my helmet on so go ahead with the bash if necessary.
Sent from my Nexus 5 using XDA Premium 4 mobile app
jonup said:
Theoretically, wouldn't it be possible to flash the V510 bootloader on V500. Sorry if this is stupid question, but mostly nexus user here, so limited exposure to locked bootloader. Got my helmet on so go ahead with the bash if necessary.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
It would be possible, but not sure how successful it would be, as theres more to the Bootloader than just a single partition, you would manually have to DD sbl1/sbl2/sbl3 along with aboot.img, mentioned here: http://forum.xda-developers.com/showthread.php?t=2564149
Someone with a normal G Pad would have to give it a go as I decided to skip all that and just get a GPE.
jonup said:
Theoretically, wouldn't it be possible to flash the V510 bootloader on V500. Sorry if this is stupid question, but mostly nexus user here, so limited exposure to locked bootloader. Got my helmet on so go ahead with the bash if necessary.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Same question here.. just like in Optimus G, we have the unlock bootlader, aboot, sbls of nexus 4. Wonder if it works with the G pad
How to use Loki?
Ok, I've never used Loki before, and the instructions on Git Hub are more confusing than anything else. If someone could please provide an explanation, that would be great. Like a detailed explanation of how to use Loki to unlock this device's bootloader, that would be great. Thanks.
TenderloinShadow said:
Ok, I've never used Loki before, and the instructions on Git Hub are more confusing than anything else. If someone could please provide an explanation, that would be great. Like a detailed explanation of how to use Loki to unlock this device's bootloader, that would be great. Thanks.
Click to expand...
Click to collapse
loki doesn't unlock bootloader, only bypasses the signing checks (i.e. you can force bootloader to load unsigned kernels)
http://forum.xda-developers.com/showthread.php?t=2292157
http://blog.azimuthsecurity.com/2013/05/exploiting-samsung-galaxy-s4-secure-boot.html
you need a device whose bootloader/aboot still contains the exploit (for loki to work), and a kernel/recovery with the loki code built-in
a pure end-user doesn't need to care, only a ROM/kernel builder/developer
Sorry if this has been aswered before, but I can't seem to find it...
Did anyone tested if the GPE (v510) bootloader works in GPAD v500? Right now we use 4.2 aboot.img + loki, but maybe there is a better solution.
Forget about the 510. It's too different for things to work on the v500.
i found this app with a promisse this root all devices with 4.4.2 anyone want test it ?
Link > https://www.dropbox.com/s/rauhzq0ovzv97aw/tr.apk
Click in “make it ra1n”
DarkSideTT said:
i found this app with a promisse this root all devices with 4.4.2 anyone want test it ?
Link > https://www.dropbox.com/s/rauhzq0ovzv97aw/tr.apk
Click in “make it ra1n”
Click to expand...
Click to collapse
If have you found it, you should include the source where you have found it.
Anyway, this app is called towelroot which exploits a linux kernel vulnerability. Theoretically it should work with all kernels which was compiled before June 3rd. However the tool doesn't work in all devices as certain memory address need to be known before applying the hack.
Orginal thread - http://forum.xda-developers.com/showthread.php?t=2783157
xda portal link - http://www.xda-developers.com/android/breaking-geohot-roots-the-verizon-galaxy-s5-with-towelroot/
See this, its been already confirmed as not working
http://forum.xda-developers.com/showthread.php?p=53428054
Sent from my XT1022 using Tapatalk
Has anybody managed to root the Asus Zenfone 2 Laser ? ZE00D variant. Thank you
hekermeker said:
Has anybody managed to root the Asus Zenfone 2 Laser ? ZE00D variant. Thank you
Click to expand...
Click to collapse
None yet i think. Can you access our bootloader by pressing power + volume up button?
Unfortunately no. Tried different methods but had no success.
hekermeker said:
Unfortunately no. Tried different methods but had no success.
Click to expand...
Click to collapse
I don't get why ze550kl can access their bootloader but ze500kl can't. This will really make it hard for devs to tinker around our phone. I hope ASUS will release some kind of bootloader unlock tool.
cLeAv0 said:
None yet i think. Can you access our bootloader by pressing power + volume up button?
Click to expand...
Click to collapse
I can access bootloader when presing volume up and power, what i will do to root my phone
kurukoi said:
I can access bootloader when presing volume up and power, what i will do to root my phone
Click to expand...
Click to collapse
Can you give me a picture on what it looks like? I can't access the bootloader on my device.
cLeAv0 said:
I don't get why ze550kl can access their bootloader but ze500kl can't. This will really make it hard for devs to tinker around our phone. I hope ASUS will release some kind of bootloader unlock tool.
Click to expand...
Click to collapse
ze550kl can not access their bootloader .
Root method?
I just read about the stagefright bug on the wiki. It says that it allows
an attacker to perform arbitrary operations on the victim device through remote code execution and privilege escalation.
Click to expand...
Click to collapse
Note that it says privilege escalation. Does that mean it is possible to have a root method by using the stagefright bug?
rajlko said:
ze550kl can not access their bootloader .
Click to expand...
Click to collapse
I have gained access to my bootloader by pressing power button + volume up. The asus splash screen is already the bootloader. (on ze500kl)
wiiliamchung said:
I just read about the stagefright bug on the wiki. It says that it allows
Note that it says privilege escalation. Does that mean it is possible to have a root method by using the stagefright bug?
Click to expand...
Click to collapse
Maybe we can achieve root in this exploit but the problem is I think this exploit is not yet disclosed publicly.
did anyone tried this tutorial? http://guideroot.net/how-to-root-asus-zenfone-2-lazer-ze500kl-16gb/
nobody00 said:
did anyone tried this tutorial? http://guideroot.net/how-to-root-asus-zenfone-2-lazer-ze500kl-16gb/
Click to expand...
Click to collapse
does not work
Guys, see this thread, please support and/or help them
http://forum.xda-developers.com/showthread.php?t=3223797
Hello to everybody!
::::: A FEW WORDS BEFORE YOU ASK 100 TIMES THE SAME ;-P :::::
It has been told widely in these forums that permanent root on LB is impossible due to Verified Boot process implemented by Sony (and now by other vendors. Future for LB devices seems to be "Live root" approach). What we would like to achieve is temporary root privileges using some exploit in order to backup the TA partion, for warranty purposes and for complete stock DRM restore.
THIS ARTICLE IS A WONDERFUL ENTRY POINT IF YOU WANT MORE INFORMATION[/B]
Guys, i am very proud that we could win user zxz0O0 for trying out abilities to use the CVE-2015-1805 security vulnerability to get temporary privileges for i. e. backup of TA Partition of our Xperia Z5/Z5C/Z5P.....
For those who want to know a little bit more of what about we are discussing/ testing here:
Android Security Advisory — 2016-03-18: https://source.android.com/security/advisory/2016-03-18.html
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805
German article from t3n.de: http://t3n.de/news/google-android-sicherheitsluecke-691418/
CURRENT STATUS:
- ZXZ0O0 HAS FINISHED HIS WORK +++ Release for Z5/ Z5C/ Z5P coming soon!
You will need to flash build 32.0.A.6.200 kernel or lower!
LET US THANK:
- ZXZ0O0 FOR HIS AMAZING EFFORTS AND HIS PASSION INTO THIS
- IDLER1984 FOR HIS TESTCODE
- FOR TESTING ZXZ0O0's BUILDS: NINESTARKOKO, RIMMEDA, NILEZON AND ALL OTHERS IF I FORGOT SOMEONE
Greets and Cheers, Your Flummi.FFM
Well, we got Linux Kernel 3.10, which is affected by this exploit. This could make root possible, but we have to know how the root app is called ?
i will look as soon as i have time here
Lurking
old news mate.
http://forum.xda-developers.com/xperia-z5/general/root-using-vulnerabilities-snapdragon-t3338173
another forummer already pinted this out.
unless you know how to roll back old linux kernel and over come SElinux
Flummi.FFM said:
Good morning to everyone!
Just a few minutes ago on the way to my workplace i just found an article about the CVE-2015-1805 security issue.
Sources:
Android Security Advisory — 2016-03-18: https://source.android.com/security/advisory/2016-03-18.html
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805
German article from t3n.de: http://t3n.de/news/google-android-sicherheitsluecke-691418/
Is THIS what we all waited for to get root on Locked Bootloader? Is here maybe someone who is able to say something about these articles?
Or maybe it is even worth to be evaluated in other device's threads to get people in knowledge of this "security issue"?
Full of hope that someone here is able to workout something on this base, Greets and cheers....
Click to expand...
Click to collapse
Sony released MM firmware with this CVE already being fixed.
frostmore said:
old news mate.
http://forum.xda-developers.com/xperia-z5/general/root-using-vulnerabilities-snapdragon-t3338173
another forummer already pinted this out.
unless you know how to roll back old linux kernel and over come SElinux
Click to expand...
Click to collapse
In the other thread they Talk about CVE-2016-0819 and CVE-2016-0805 which affects specially snapdragon soc's......
The articles which i found are talking about CVE-2015-1805......
I dont think that we are talking about the same. CVE-2015-1805 affects possibly every Kernel Version 3.4, 3.10 and 3.14.....
If Sony already has fixed the 2015-1805 even while Google itself "forgot", could you tell me where i can find Information about a fix By Sony?
Tommy-Geenexus said:
Sony released MM firmware with this CVE already being fixed.
Click to expand...
Click to collapse
Flummi.FFM said:
If Sony already has fixed the 2015-1805 even while Google itself "forgot", could you tell me where i can find Information about a fix By Sony?
Click to expand...
Click to collapse
Simple: I just tried to patch the kernel, and found it has already included the fix.
The patch exists since mid-2015, it's just that devices were recently exploitet using this regression, and Google reacted.
Thx then for your reply......
Tommy-Geenexus said:
Simple: I just tried to patch the kernel, and found it has already included the fix.
The patch exists since mid-2015, it's just that devices were recently exploitet using this regression, and Google reacted.
Click to expand...
Click to collapse
I found out that in the source of Release 32.0.a.4.11 the issue IS NOT fixed.......
Maybe a Base for a root solution after downgrade?
Flummi.FFM said:
I found out that in the source of Release 32.0.a.4.11 the issue IS NOT fixed.......
Maybe a Base for a root solution after downgrade?
Click to expand...
Click to collapse
Hi man!!
How did you see it?
I asked about it. Maybe zxz0o0 a dev of z3 will help us. I hope he see it
Crossfingers
Enviado desde mi E6653 mediante Tapatalk
uripiruli said:
Hi man!!
How did you see it?
I asked about it. Maybe zxz0o0 a dev of z3 will help us. I hope he see it
Crossfingers
Enviado desde mi E6653 mediante Tapatalk
Click to expand...
Click to collapse
I downloaded the source Code of the 32.0.a.4.11 build and compared the pipe.c File with the fix commit and the fixed version in the 32.1.a.1.163 build.
The result was that the older Version is Not fixed.
I also thought one hour ago of asking zxz000 Team.....
If we can win them it would be great!!!
I asked few minutes ago in two z3 threads for help.....
I hope so much that someone will be able to make something finally.....
How about dm-verity? How can you pass this?
You can probably get "root" using this exploit but it will only be temporarily and you can't write /system because of dm-verity. So the only usecase I see is to backup TA partition.
anno2070 said:
How about dm-verity? How can you pass this?
Click to expand...
Click to collapse
zxz0O0 said:
You can probably get "root" using this exploit but it will only be temporarily and you can't write /system because of dm-verity. So the only usecase I see is to backup TA partition.
Click to expand...
Click to collapse
Unfortunally i dont have the knowledge to make something by myself.....
In my opinion ta Backup is more than nothing for the Moment.....
Maybe if all of you professionals like Tobias.waldvogel and monx and you of the z3 community are working and thinking together about it then it will happen one Day?
You see i spend all my free time on searching for abilities and holes to use......
But due to my very basically knowledge of programming i am not able to implement something on my own.
Edit: my idea was to achieve root By this hole, then get a prerooted and DM verity disabled kernel before Reboot..... Isnt that possible?
Flummi.FFM said:
Unfortunally i dont have the knowledge to make something by myself.....
In my opinion ta Backup is more than nothing for the Moment.....
Maybe if all of you professionals like Tobias.waldvogel and monx and you of the z3 community are working and thinking together about it then it will happen one Day?
You see i spend all my free time on searching for abilities and holes to use......
But due to my very basically knowledge of programming i am not able to implement something on my own.
Edit: my idea was to achieve root By this hole, then get a prerooted and DM verity disabled kernel before Reboot..... Isnt that possible?
Click to expand...
Click to collapse
You cant flash any other Kernel beside Sony Original Kernel on Locked Bootloader and with dm-verity enabled its nothing you can do to root LB Z5. The only possible way is to unlock your Bootloader but with locked Bootloader you have no Chance as you cant flash any modified Kernel. We only archieved Root on Z3 because it has dm-verity disabled in Original Sony Kernel.
zxz0O0 said:
You can probably get "root" using this exploit but it will only be temporarily and you can't write /system because of dm-verity. So the only usecase I see is to backup TA partition.
Click to expand...
Click to collapse
Thanks for your answer.
If we rooted our Phone with a temporaly root with this xploit, then we do ta backup. Finally unlock de bootloader, root with the actually tools that we have... And then restore our ta backup with our Sony features. Is this possible??? Or i am dreamming????[emoji16]
Enviado desde mi E6653 mediante Tapatalk
uripiruli said:
Thanks for your answer.
If we rooted our Phone with a temporaly root with this xploit, then we do ta backup. Finally unlock de bootloader, root with the actually tools that we have... And then restore our ta backup with our Sony features. Is this possible??? Or i am dreamming????[emoji16]
Enviado desde mi E6653 mediante Tapatalk
Click to expand...
Click to collapse
you cant restore your ta backup on unlocked bootloader. So you are in the start point. Unless you get something to disable dm-verity you can not get root on lock bootloader
You can "restore" drm keys on unlocked bootloader now. I dont get it why do you want to backup them so much? You can have all drm features working on UB.