I just had a quick questions about rooting.
I rooted my phone with motorchopper and things have been working great. Got rid of all the bloatware I didn't need as well as gave my device a quick clean. I've had little to no signs of lag(made in Korea). I'm new to the whole customization route. This is my first smartphone and I couldn't be happier with it
1. I rooted my phone successfully, however, I have heard somewhere else that the device needed to be bootloader unlocked before it is rooted. Now, motochopper, allowed it to find an exploit in the device. Is this, in any way, harmful for the phone if it finds an exploit? Most likely not, just curious. Dumb question
2. Does the device need to be bootloader unlocked before I am able to flash a custom recovery, ROM ect.? If the device turns out to be bootloader unlocked later on and released can I flash custom recoveries, make backups and use most tools successfully through ROM Manager? Or would it be best to do it through Odin and do things manually? Where would I be able to find essential files? Is odin specified for a specific device? Just curious
3.What ROM's would you recommend. Cynogenmod? I just want something that is lightweight, stable and functions well throughout the device. Where would be a good source to find good roms?
4. If the device is already rooted can I just start flashing custom recoveries, ROMs ect? Or would someone need to release an unlocked bootloader? How does unlocking the bootloader work? What are ways to do it? Flashing a file or doing something else. Idk..just curious I may be wrong.
I just want to know some good methods to make sure I don't brick this device. Of course backing up and recovering would do well. I've heard clockworkmod is one of the best custom recoveries you can use.
Thanks, in advance, for you help.
So basically turning a provider locked phone into the european open D802?
edit: another question:
If i do a nandroid backup of my stock LG rom, is it possible to just do a nandroid back up, install stock recovery and basically "lock" the phone without the hassle of having to go through the longer "unrooting" guide?
thanks in advance!
It should be enough to follow the "back to stock rom" thread http://forum.xda-developers.com/showthread.php?t=2432476 , this will change the current rom with a stock LG rom using LGs own tools.
Partially no, it flashes based on IMEI region. You want to flash a EUA KDZ. Then disable OTA.
I apologize for the lack of knowledge. Ive flashed all my phones so far sgs 1, nexus 4, galaxy nexus,htc one x and what confuses me about this phone the most is the kdz files.
My phone, for example, is a provider locked d802 - provider being www.a1.net
(Austria)
Now i followed the link you showed me but it only shows me open european d802 and some from germany files fir download. Would it be safe to flash those when reverting to stock considering i have a d802?
If i want to flash my provider's rom, how do i go on to acquiring those files ? Just incase of phone issues and i have to send my ohone in. Would it be as simple as flashing my stock nandroid backup, flashing stock recovery and typing fastboot oem lock in cmd ?
Im sorry for all those questions, while im quite confident i would get it done, i just like to acquire the basic understanding needed before i start anything.
Not to say i dont understand the effort put together by those who made the threads (how to flash/revert to stock etc.) But the threads to a certain degree are limited to just a simple how to when they could maybe use a little bit more detail.
Thanks in advance guys! Looking forward to rooting this thing
Sent from my LG-D802 using xda app-developers app
If by unlocked, you mean allow you to put any Sim card in it and it work, no I don't think there is a way to make that work. Roms deal with a totally different part of the phone than the carrier lock. If you mean boot loader unlock, that would specific to your phone model and flashing one from a different model could do nasty things to your phone. I would suggest finding the exact forum for your phone model (I.e. at lg g2, international g2 etc).
They should have all the info you need, and to carrier/Sim unlock your your phone to use on various providers- I would Google "Sim unlock *insert phone name here*) and read through til you find a site that will work out.
Edit* I just saw your provider, u "should" have an international version and you should be able to easily bootloader unlock, root and flash the phone. Be sure to read carefully before attempting anything though.
Sent from my Nexus 5 using Xparent Skyblue Tapatalk 2
Oh.. So although im provider locked and own a d802 i basically still have the international version and therefor should follow the d802 international guides/should be able to flash d802 roms?? I really apologize if my questions have been stupid so far. Just i am very cautious. Thanks a bunch though.
But can you answer thr nandroid part (in bold text) ? Basically reverting to stock with nandroid backup, flashing stock recovry und locking the phone in fast boot. Is this doable on the g2? Thanks a lot once again appreciate it
Sent from my LG-D802 using xda app-developers app
If you unlock your boot loader and install a custom recovery like clockwork mod or teamwin recovery you can then make a nandroid of the exact stock ROM to restore back to. Relocking the boot loader is separate but usually fairly easily done. More often than not, the steps to relock the boot loader are laid out in the same thread to unlock it.
Be very careful, most of the time, once you start changing things you NEVER EVER want to accept an ota update from lg until you return EVERYTHING back to stock.
My recommendation would be unlock, install twrp and flash a custom ROM. That way you won't ever be asked to do an lg update, and most custom Roms end up being as stable or more so than the software that came on the device to begin with.
Or to return to total stock easier, most phones have a "factory" image that flashes in Odin or some other similar software meant for that device. It will erase everything, remove root and relock the phone all at once I believe. Just remember to read everything at least twice, and try to totally understand exactly what you are about to do.
Sent from my Nexus 5 using Xparent Skyblue Tapatalk 2
I was thinking of going ahead an ordering the Dev S5, but how easy is it to root a dev edition phone.
I've never owned a dev edition phone, so would it be as simple as downloading something from the app store or adb fastboot a custom recovery, then flash a root zip? Also is the bootloader already unlocked or do they just make it where you can unlock it, but it still comes locked at first? I'm just trying to figure out what the steps would be when the phone arrives to get it rooted.
Does the anyone know if Asurion would cover the phone? When you activate it, does it just show up as a Galaxy S5 or something different?
Also for anyone wanting to buy the Dev S5, you can just sell your normal S5 on ebay, and the get the Dev S5 for like $50 more, at least that's what I did.
clemson91 said:
I was thinking of going ahead an ordering the Dev S5, but how easy is it to root a dev edition phone.
I've never owned a dev edition phone, so would it be as simple as downloading something from the app store or adb fastboot a custom recovery, then flash a root zip? Also is the bootloader already unlocked or do they just make it where you can unlock it, but it still comes locked at first? I'm just trying to figure out what the steps would be when the phone arrives to get it rooted.
Does the anyone know if Asurion would cover the phone? When you activate it, does it just show up as a Galaxy S5 or something different?
Also for anyone wanting to buy the Dev S5, you can just sell your normal S5 on ebay, and the get the Dev S5 for like $50 more, at least that's what I did.
Click to expand...
Click to collapse
Root is easy as it comes already bootloader unlocked. It is unlocked at the factory. To root, basically flash Odin image of a supported custom recovery (you can try Philz Touch recovery - as long as it supports the S5) or download an app from the play store which can flash a custom recovery as long as the S5 is supported. Then reboot into your Custom recovery and flash this zip: http://download.chainfire.eu/396/SuperSU/UPDATE-SuperSU-v1.94.zip
Bingo, you are now rooted!!!
Once you accomplish root, the next step you should immediately take is dd all partitions!!! I mean all!! Make a back up of all partitions!!! There are no official ODIN images available for the DevS4 or DevS5 - all images have come from the community. We have rooted our devices and backed up the partitions in case something goes wrong and we need to recover. Again, back up system, cache, radio, modem, aboot, recovery, etc etc etc....all!
Request: Once the Developer Editions are in hand and rooted. Would someone be willing to dd all of the partitions and host them? I have a DevS4 and being that I will never see an update to KitKat, I would be interested in seeing if I can upgrade using the partitions from the DevS5 (all but ABOOT).
I know that the Verizon bootloader is almost impenetrable as is, but would it be plausible to completely go over the head of the firmware and directly write an image with JTAG that would allow for custom software? If so, would it be possible to use the firmware from another carrier like USC or would it have to be a custom image?
EDIT: summary of the method and everything I have thusfar discovered
So, this method after a bit of evolution, got to the point it basically entailed the following: Using the SD Card debrick method (popularized by the galaxy s3 LTE variants) a modified firmware image would be written to an SD Card, and the phone would boot from that image. The main problem I ran into: it would not let me flash anything that could brick the phone, nor was I able to pull the usb cord at the right moment and try and manually brick it. I was able to flash firmware and stock tars from other variants of the phone (such as the one that runs on T-mobile), but what I found out through that is a couple things:
1. The stock tars seem mostly carrier independent, and I was without any modification able to flash a T-mobile bootloader, system image, and pit file, but within recovery and download mode it would show that because of integrated CSC, it would still change back to the original variant. This could have implications for a very simple method of removing bloat from the phone, but I'm not so sure
2. It must have a very low level method of injecting information and file verification that is not located anywhere on eMMC
The latter led me to research a TON, eventually finding that the most likely culprit is the use of Qualcomm Qfuses, non-volatile pre-set memory located directly on the SoC, to check how the bootloader is signed. They consist of a couple blocks of registers, and definitely aren't readily writable. The trusted base of the entire secure system, the same system that KNOX invokes on other systems, is within a series of Qfuses. From what I have deduced, however, they must be at some software level writable, as although the Knox counter is an e-fuse, the others (such as the warrantee bit) have been both changed upon their void and reverted when brought back to a service center. This must mean that the entire block is possible to modify in both directions, unlike a fuse or breaker; It seems to act more like flash memory than a "fuse." This is very good, mainly because if the service center can change it it means that jtag has not been disabled by those flags, and is enabled in at least some form. What this also means is that without another MAJOR exploit within unfortunately simple, clean code or a leak of several RSA keys from verizon, either current workarounds such as safestrap are the answer for the foreseeable future, or a method of manually changing a simgle Qfuse (the one that controls the "Qualcomm Secureboot" flag) could be used.
What I'm hopefully going to start at some point here is research into finding a way of accessing and changing that Qfuse via JTAG. I have no money for a JTAG box at the moment, so it'll have to wait, but if anyone who already has one wants to use it, hopefully this info helps
P.S. I figured out exactly what T-flash does in odin: it flashes the files that you input into odin to the currently inserted SD Card (or so it seems, I could be wrong but that's what it did for me)
P.P.S. Verizon, I respectfully request that...oh never mind, profanity is definitely frowned upon here
Also, I'm in ongoing discussion with the FCC as to block C violations by Verizon of aspects of the regulations that upon research have not really been argued to any substantial extent, so if that comes to fruition hopefully there'll be simple ODIN flashable patches for this stuff :fingers-crossed:
UPON REFLECTION: if the phone could be bricked, either by very subtly corrupted file or by interrupting a flash at the right moment, then could the debrick image from a tmobile galaxy s5 with an unlocked bootloader be used as not a method of flashing the on-board bootloader but as a kind of external boot, so a permenantly installed SD Card that would be permissive of modified kernels and such but still accepted as a boot device by the phone?
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
tr4nqui1i7y said:
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
Click to expand...
Click to collapse
what was done with the droix x? Did they use a direct JTAG patch?
I just realized something. From reading here: http://forum.gsmhosting.com/vbb/f200/how-fix-samsung-galaxy-s5-sm-g900f-dead-boot-1813266/
It seems to show that the S5 has a "alternative boot upon init fault" method similar to that that allows the galaxy s3 debrick to work (I have a guide I made with details) so would it be possible to somehow corrupt a very important part of the bootloader in an official update (would one or two bits still mess with the signature?), apply that, and have an insecure bootloader on a microsd card in the phone allowing it to boot into that, then use that with odin to flash an insecure bootloader to the s5 itself?
Now I have to ask an interesting question somewhere (since he: http://forum.xda-developers.com/verizon-galaxy-s5/help/g900v-hard-brick-t2914847 seems to have done it): "guys how do I brick my sm-g900v?"
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
tr4nqui1i7y said:
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
Click to expand...
Click to collapse
I think it might actually be easier
So long as a couple conditions are met for it:
1. The bootloader alone determines if an image is "signed" or not (like when flashed in odin)
2. The same UnBrick exploit from the S3 LTE variants works in some form (secondary storage, fault-triggered boot)
3. It is possible to get it to load a modified bootloader from that secondary boot (this is why number 1 is important)
4. KNOX is completely firmware based, and doesn't have any chip based verification
5. I or someone else actually knows how to modify the bootloader such that it will allow unsigned images (even if not removing it all together, then changing the key to one they publicize so people can sign their rom with it)
If all of these are met, then we might actually have free root! Basically all it would involve would be bricking the device badly enough it boots from secondary storage, have that secondary boot have a "back door" that allows a custom image to be flashed, that allows a bootloader image to be flashed that allows for a signed recovery (signed with that publicly available code) to be flashed without having to deal with safestrap or anything like that. Just full root like on any other phone. Anyone want to offer an opinion? Will this work? I would love to try this out, though I'm a bit unwilling to offer my s5 as a sacrifice just yet as I don't have a JTAG unit on site. I know the bounty is probs gone but I'm ok just getting my bootloader unlocked an' $#*+
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
tr4nqui1i7y said:
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Click to expand...
Click to collapse
Have you found anything yet?
dreamwave said:
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
Click to expand...
Click to collapse
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
dreamwave said:
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
Click to expand...
Click to collapse
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
that's why I'm hoping the debrick image method will work
tr4nqui1i7y said:
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
Click to expand...
Click to collapse
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom. Also, safestrap didn't do a thing with the bootloader, it was done during kernel init, right after firmware finishes. If a phone is hard bricked then adb won't work, and what I'm getting at is hard bricking it then using the debrick image thing
dreamwave said:
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom
Click to expand...
Click to collapse
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Click to expand...
Click to collapse
I don't know, I got it to go back to when root was still possible to get via an app. I don't see why there's a need to downgrade the bootloader if the debrick image thing works
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
Click to expand...
Click to collapse
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
dreamwave said:
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
Click to expand...
Click to collapse
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
tr4nqui1i7y said:
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
Click to expand...
Click to collapse
but that has already been done I think, root on a system with any bootloader so long as a root exploit exists for the OS
That's safestrap. It doesn't allow custom kernels or a full custom recovery though, that's why I'm trying to modify the bootloader
The title is wrong. It should be "without s-off".
Hello. Is there any way to debrand the phone completley without s-off? I have done it before, by flashing the unlocked ruu on a s-off M8. But I really dont want to pay 25 dollars for each phone ( I have 2 htc 10's to do), especially since I only want to debrand, nothing else. All I want is stock, with unlocked version feel. Plus I keep getting an ID error (I guess a Sprint network ID from trying to connect) that I can not remove. I have looked at custom roms, but they seem to be only 2, and they are really modded. I dont want mods. I prefer stable, and original.
Thanks for any suggestions.
Find the stock unlocked system image file in the non-sprint HTC 10 forum. Flash that and mission accomplished. No S-off needed. Would be interested to know if carrier aggregation works for you after that - is it part of the rom or is it part of radio configuration.
bootlooper said:
Find the stock unlocked system image file in the non-sprint HTC 10 forum. Flash that and mission accomplished. No S-off needed. Would be interested to know if carrier aggregation works for you after that - is it part of the rom or is it part of radio configuration.
Click to expand...
Click to collapse
Thanks. I will look it up. By carrirer agregation I am guessing you think I am using it for sprint. I forgot to mention that I am using it on att, I just unlocked the sim-lock.
I see. I did as suggested above and went took my sprint 10 to T-Mobile. Carrier Aggregation, volte, and Wi-Fi calling do not work for me. I then did s-off, changed cid, flashed official T-Mobile RUU, flashed my backed up radio, modemst1, and modemst2 partitions to keep sim unlock intact but those features still wouldn't work. Flashed US unlocked RUU then the partitions above and still no dice. My only benefit I can tell from the S-off is that I can and have successfully taken an OTA and suspect I will always be able to unless a radio update is included. Then I will need to reflash my backed up partitions to be back in business.
bootlooper said:
I see. I did as suggested above and went took my sprint 10 to T-Mobile. Carrier Aggregation, volte, and Wi-Fi calling do not work for me. I then did s-off, changed cid, flashed official T-Mobile RUU, flashed my backed up radio, modemst1, and modemst2 partitions to keep sim unlock intact but those features still wouldn't work. Flashed US unlocked RUU then the partitions above and still no dice. My only benefit I can tell from the S-off is that I can and have successfully taken an OTA and suspect I will always be able to unless a radio update is included. Then I will need to reflash my backed up partitions to be back in business.
Click to expand...
Click to collapse
Thanks. I have been searching all morning while waiting for the htcdev.com email. I have not found an official unlocked image I can flash. What would it be called on forums? I have found some, but they say you need s-off to flash. And other roms I have found are outdated, or deodexed. I want just clean, no added apps, and original.
If I knew how to link a post I would. Look in the sprint 10 guides subforum. Look for the thread that starts with [stock]. The most recent RUU was on page 198 of the app thread posted by kisakuku on 5/3.
You will need the 2nd link in the post-the 2ps###.zip one. As it is posted it will not work because you are son. You need to unzip and then you will have a rom.img and a boot.img amongst others. Those are the 2 you need to flash to get to stock. You will flash them using twrp. Select the box for Flash image, not flash zip.
Saw your other thread about losing data. You should not lose data by flashing to a new rom.
I have assumed your sprint 10 was already on nougat prior to all this.
Alternatively, you could just enjoy Viper. I only left trying to do whatever I could think of for volte to work and never went back because I was tired of redownloading and setting up apps, etc.
Thanks. I found the post. I didnt know you could extract the images from the zip and manually flash them. I will test it, hopefully it will work without any issues. Right now I am on a stock deodexed US unlocked rom, and everything seems to work, but no OTAs, and what is worse is that for some reason it randomly crashes when just navigating the homescreen, and reboots.