You guys must be tired of people asking the same over and over, and to be honest that is because information is so scattered newcomers often get confused.
But Anyways.
I've got myself a motorila Droid 2 a few days ago, poking around internet i found about rooting and roms and all that stuff, however I've got a question that's yet to be answered!
I'm currently residing in Mexico, my Droid 2 is unlocked and activated on a mexican carrier, however on the guides I've red so far it says that one of the requirements for installing custom ROM's one must wipe all data from the phone and return to factory settings, this means i will have to pay AGAIN to get it unlocked and activated?
As i said before, information is scattered, and is not always accuarate.
Somewhere on the net i also found a post that states customs ROM's come unlocked... whats with that?
And one last question.
What will happen if i only root my phone, no custom rom added? will this be harmful in any way? could i be able to overclock and get rid of the annoying verizon apps or do i forcefully need to install a custom ROM?
Thanks for all answers in advance.
Rooting itself would not harm your device, however rooting allows you to do pretty much anything on the device. So, in other words, rooting wont hurt it, however what it allows you to do CAN hurt it.
As far as the roms being unlocked, as far as I have read, all roms are unlocked. However I could be mistaken. But there is an easy way to find out for sure: give it a try. What I would do first root the device and install the Clockwork Recovery Mod and then boot into recovery and make a backup. This way you can restore the phone back exactly as it was when you backed it up (using the restore option), as if you never made any changes. Then I would go ahead and install whatever rom you wanted to try out, and see if everything works as intended. If you dont like it, or it doesnt allow you to access the network, etc then all you need to do is boot back to recovery and restore your backup and when it's done you'll phone will be back to it's old self.
Links:
Root: http://forum.xda-developers.com/showthread.php?t=782556 (This is the process I used)
Clockwork: http://www.addictivetips.com/mobile/how-to-install-clockwork-recovery-to-your-android-phone/
Not sure how experienced you are - or aren't - so if you have any deeper questions about the process or need more detailed instructions just let me know.
EDIT: Oops, I completely skipped some of your questions. With just rooting you can uninstall SOME of the preloaded crap, however there is allot of the preloaded applications and such that you cant uninstall without crippling your phones functionality. My originally plan when I first rooted my device was just to remove the bloatware. However after I saw just how much there was I couldn't remove I decided to jump to a custom ROM. Just to give you an example, I have the Fission ROM installed on my device, and it's packaged filed were about 70ish mb, while the packaged files to restore it back to stock/factory was nearly 300mb. And yes, rooting alone would allow you to overclock your phone.
I know it was possible previously to root without unlocking the bootloader.
Is it still possible? something people are working on? or not possible and backup everything first.
Thanks in advance
Mark
mark1holland1 said:
I know it was possible previously to root without unlocking the bootloader.
Is it still possible? something people are working on? or not possible and backup everything first.
Thanks in advance
Mark
Click to expand...
Click to collapse
I didn't know that was ever possible on the Nexus 7. I bought one of the first available, and from the moment I got it I had to unlock the BL to root. Thought it was always like that. Nothing's changed as far as I can tell. On other devices, sure you can root with a locked BL, but for the N7, you've always had to unlock first, and with it being so easy, I don't think anyone's motivated enough to cook up a workaround.
absinthesummer said:
I didn't know that was ever possible on the Nexus 7. I bought one of the first available, and from the moment I got it I had to unlock the BL to root. Thought it was always like that. Nothing's changed as far as I can tell. On other devices, sure you can root with a locked BL, but for the N7, you've always had to unlock first, and with it being so easy, I don't think anyone's motivated enough to cook up a workaround.
Click to expand...
Click to collapse
Hi, absinthesummer...
Yes, there was (and still is, if you're still on JB 4.2.2) a method available of rooting without unlocking the bootloader. And it was ridiculously easy to do. Avoiding unlocking the bootloader also avoids the factory reset, and consequential wipe.
Sadly however, under Jellybean 4.3, this exploit no longer works, and it seems unlikely a similar root-without-unlocking-the-bootloader type exploit, will become available anytime soon. Which, from a security point of view, is actually (probably) a good thing.
mark1holland1 said:
I know it was possible previously to root without unlocking the bootloader.
Is it still possible? something people are working on? or not possible and backup everything first.
Thanks in advance
Mark
Click to expand...
Click to collapse
Hi, mark1holland1...
As, I've mentioned, the old 'motochopper exploit' no longer works under JB4.3, so if you want root, you're going to have to do it the old fashioned way...
------------------------------------------
Backup the stuff on your Nexus 7...
Unlock the bootloader...
Fastboot flash a Custom Recovery (CWM or TWRP)...
Using that Recovery, flash Chainfires SuperSU root updater zip...
Copy all your stuff back to the Nexus 7...
Not difficult to do... just tedious and time consuming.
------------------------------------------
...it's either the above, or wait around indefinitely for a genius developer to find another exploit, which, given the security enhancements of JB4.3 does seem hugely unlikely.
Rgrds,
Ged.
GedBlake said:
Hi, absinthesummer...
Yes, there was (and still is, if you're still on JB 4.2.2) a method available of rooting without unlocking the bootloader. And it was ridiculously easy to do. Avoiding unlocking the bootloader also avoids the factory reset, and consequential wipe.
Sadly however, under Jellybean 4.3, this exploit no longer works, and it seems unlikely a similar root-without-unlocking-the-bootloader type exploit, will become available anytime soon. Which, from a security point of view, is actually (probably) a good thing.
Hi, mark1holland1...
As, I've mentioned, the old 'motochopper exploit' no longer works under JB4.3, so if you want root, you're going to have to do it the old fashioned way...
------------------------------------------
Backup the stuff on your Nexus 7...
Unlock the bootloader...
Fastboot flash a Custom Recovery (CWM or TWRP)...
Using that Recovery, flash Chainfires SuperSU root updater zip...
Copy all your stuff back to the Nexus 7...
Not difficult to do... just tedious and time consuming.
------------------------------------------
...it's either the above, or wait around indefinitely for a genius developer to find another exploit, which, given the security enhancements of JB4.3 does seem hugely unlikely.
Rgrds,
Ged.
Click to expand...
Click to collapse
Many thanks for a recent concise and informative post!
I was mainly being lazy with regards to not wanting to wipe everything and start again! I have helium installed to back everything up, guess Ill try to get a clear day to do it all........
GedBlake said:
Hi, absinthesummer...
Yes, there was (and still is, if you're still on JB 4.2.2) a method available of rooting without unlocking the bootloader. And it was ridiculously easy to do. Avoiding unlocking the bootloader also avoids the factory reset, and consequential wipe.
Sadly however, under Jellybean 4.3, this exploit no longer works, and it seems unlikely a similar root-without-unlocking-the-bootloader type exploit, will become available anytime soon. Which, from a security point of view, is actually (probably) a good thing.
Hi, mark1holland1...
As, I've mentioned, the old 'motochopper exploit' no longer works under JB4.3, so if you want root, you're going to have to do it the old fashioned way...
------------------------------------------
Backup the stuff on your Nexus 7...
Unlock the bootloader...
Fastboot flash a Custom Recovery (CWM or TWRP)...
Using that Recovery, flash Chainfires SuperSU root updater zip...
Copy all your stuff back to the Nexus 7...
Not difficult to do... just tedious and time consuming.
------------------------------------------
...it's either the above, or wait around indefinitely for a genius developer to find another exploit, which, given the security enhancements of JB4.3 does seem hugely unlikely.
Rgrds,
Ged.
Click to expand...
Click to collapse
Hmm, wow thanks for the info. I never knew that! I just remember my first N7 every post said Step 1:Unlock your bootloader... lol had I known there was a way around it I might have tried it! But my first 16gb and my later 32gb were both unlocked and rooted within hours of buying them, so perhaps I just wasn't motivated enough to look for it.
I could see how or why that would be desirable though I guess... before I bought my S3, I had an LG L9 that the only way you could unlock the BL was to root then flash/update (LG Update tool hack) the firmware meant for the international version of the phone, which mirrored(!!!) the entire display both horizontally and vertically. Then fastboot the oem unlock and unlock the best way you could with that kind of touch screen lol, THEN re-flash standard rooted firmware for the US back over it... Seriously NOT worth it! Because even if the mirroring went away with the right firmware, the boot logo would still be mirrored and it was possible your screen would not return to normal. So forget about any warranty at that point. But, I gotta hand it to the devs on that device- now they were some motivated folks. They went to a lot of trouble to unlock that BL. You could root and install CWM without unlocking, but if you flashed CM and it was buggy or something, there was no turning back to stock. We were left with mods only unless we wanted to do alll that work.
That just reminds me how thankful I am for my S3 and N7s.
Okay so I just have a few questions about rooting my phone before I do it, since I saw the root here that works for the most recent OTA update.
1) If someone happens with my phone (either bricking it from rooting or something inconsequential) will they not replace my phone due to it being rooted?
2) If they won't replace it due to being rooted (if it wasn't bricking), is there an easy way to unroot the phone?
3) I can't tell from the instructions, but I'm pretty sure some others have said that it might require you to restore factory settings, does this one require that?
4) The thread says that it is now impossible to unlock the bootloader, does this also mean that you can't use a custom ROM? How exactly do you add a ROM?
Sorry for all the questions, I've never rooted an android device before, and I don't have the time or energy to go running around Google/forums trying to find these answers.
Thanks in advance!
EDIT: yes I know i've already asked 2 of these questions, but I'm a stupid poop who needs validation.
wholocked10 said:
Okay so I just have a few questions about rooting my phone before I do it, since I saw the root here that works for the most recent OTA update.
1) If someone happens with my phone (either bricking it from rooting or something inconsequential) will they not replace my phone due to it being rooted?
2) If they won't replace it due to being rooted (if it wasn't bricking), is there an easy way to unroot the phone?
3) I can't tell from the instructions, but I'm pretty sure some others have said that it might require you to restore factory settings, does this one require that?
4) The thread says that it is now impossible to unlock the bootloader, does this also mean that you can't use a custom ROM? How exactly do you add a ROM?
Sorry for all the questions, I've never rooted an android device before, and I don't have the time or energy to go running around Google/forums trying to find these answers.
Thanks in advance!
EDIT: yes I know i've already asked 2 of these questions, but I'm a stupid poop who needs validation.
Click to expand...
Click to collapse
first, rooting your voids the warranty, so technically, they (either VZW or Motorola) are not obligated to replace it. that being said, you can always play dumb and say that you accepted some OTA install, and now the phone won't boot up. usually, VZW will try to restore the phone, and if not, they'll replace it - no worries.
2.) I believe there is an unroot method, but I have not explored this. try doing a search on this forum for "unroot razr m"
3.) restore factory settings could unroot - check the threads
4.) you can still install a custom ROM, but you'll need to install Safestrap first. however, the custom ROMs available for SS are out-dated, and I don't think that any devs will be providing any going forward. however, I would not be too discouraged by this, as the phone is very solid stock. so rooting is the key to remove the bloatware to help increase battery life, increase performance, and reduce excess data usage.
hope this helps.
Hello parallel universe of Android tweakers. I have done a good hour's worth of searching and reading and just want to make sure I know what I'm getting into here. I would just do it all without asking for what I'm sure will be redundant confirmations from you, but it's not my phone (see sig).. it's for a friend who thinks my custom ROM is the shiz.
So, I just wanted to make sure I understand what I'll need to do in order to root her phone, install a custom recovery, custom rom and possible restore to stock if needed.
My friend has the SGS4 with AT&T and has the MF3 update.
1. Root via this method: http://forum.xda-developers.com/showthread.php?t=2387577
2. Install recovery via the Safestrap method: http://forum.xda-developers.com/showthread.php?t=2448925
3. Install custom ROMs via TWRP after using Safestrap method to install it
Coming from the Nexus 4 side, I'm finding I have it much easier than you guys, or though it seems. If you wouldn't mind, may I ask a few questions about the differences between the N4 and this, in regards to rooting/recoveries, custom roms and kernels, etc?
A. I think I understand, from my readings so far, that there is some importance of showing the bootloader as 'official' or something? Can someone explain?
B. As of now, there is no way to return to stock once a custom recovery is installed?
C. What is the kernel module zip that has to be flashed after a custom ROM? Does it mean I can't flash a custom kernel on her device?
D. Once the steps outlined in 1-3 above are done, should she ignore all OTA updates, and if she doesn't, what may happen to her phone, or the state of it (root access/recovery, etc.)?
Thanks for any help. If you guys have gotten these questions a hundred times, I'll apologize ahead of time. I'm only asking because I've actually done a lot of reading and am about to proceed. Hopefully what I've posted above is evidence of that.
I know that the Verizon bootloader is almost impenetrable as is, but would it be plausible to completely go over the head of the firmware and directly write an image with JTAG that would allow for custom software? If so, would it be possible to use the firmware from another carrier like USC or would it have to be a custom image?
EDIT: summary of the method and everything I have thusfar discovered
So, this method after a bit of evolution, got to the point it basically entailed the following: Using the SD Card debrick method (popularized by the galaxy s3 LTE variants) a modified firmware image would be written to an SD Card, and the phone would boot from that image. The main problem I ran into: it would not let me flash anything that could brick the phone, nor was I able to pull the usb cord at the right moment and try and manually brick it. I was able to flash firmware and stock tars from other variants of the phone (such as the one that runs on T-mobile), but what I found out through that is a couple things:
1. The stock tars seem mostly carrier independent, and I was without any modification able to flash a T-mobile bootloader, system image, and pit file, but within recovery and download mode it would show that because of integrated CSC, it would still change back to the original variant. This could have implications for a very simple method of removing bloat from the phone, but I'm not so sure
2. It must have a very low level method of injecting information and file verification that is not located anywhere on eMMC
The latter led me to research a TON, eventually finding that the most likely culprit is the use of Qualcomm Qfuses, non-volatile pre-set memory located directly on the SoC, to check how the bootloader is signed. They consist of a couple blocks of registers, and definitely aren't readily writable. The trusted base of the entire secure system, the same system that KNOX invokes on other systems, is within a series of Qfuses. From what I have deduced, however, they must be at some software level writable, as although the Knox counter is an e-fuse, the others (such as the warrantee bit) have been both changed upon their void and reverted when brought back to a service center. This must mean that the entire block is possible to modify in both directions, unlike a fuse or breaker; It seems to act more like flash memory than a "fuse." This is very good, mainly because if the service center can change it it means that jtag has not been disabled by those flags, and is enabled in at least some form. What this also means is that without another MAJOR exploit within unfortunately simple, clean code or a leak of several RSA keys from verizon, either current workarounds such as safestrap are the answer for the foreseeable future, or a method of manually changing a simgle Qfuse (the one that controls the "Qualcomm Secureboot" flag) could be used.
What I'm hopefully going to start at some point here is research into finding a way of accessing and changing that Qfuse via JTAG. I have no money for a JTAG box at the moment, so it'll have to wait, but if anyone who already has one wants to use it, hopefully this info helps
P.S. I figured out exactly what T-flash does in odin: it flashes the files that you input into odin to the currently inserted SD Card (or so it seems, I could be wrong but that's what it did for me)
P.P.S. Verizon, I respectfully request that...oh never mind, profanity is definitely frowned upon here
Also, I'm in ongoing discussion with the FCC as to block C violations by Verizon of aspects of the regulations that upon research have not really been argued to any substantial extent, so if that comes to fruition hopefully there'll be simple ODIN flashable patches for this stuff :fingers-crossed:
UPON REFLECTION: if the phone could be bricked, either by very subtly corrupted file or by interrupting a flash at the right moment, then could the debrick image from a tmobile galaxy s5 with an unlocked bootloader be used as not a method of flashing the on-board bootloader but as a kind of external boot, so a permenantly installed SD Card that would be permissive of modified kernels and such but still accepted as a boot device by the phone?
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
tr4nqui1i7y said:
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
Click to expand...
Click to collapse
what was done with the droix x? Did they use a direct JTAG patch?
I just realized something. From reading here: http://forum.gsmhosting.com/vbb/f200/how-fix-samsung-galaxy-s5-sm-g900f-dead-boot-1813266/
It seems to show that the S5 has a "alternative boot upon init fault" method similar to that that allows the galaxy s3 debrick to work (I have a guide I made with details) so would it be possible to somehow corrupt a very important part of the bootloader in an official update (would one or two bits still mess with the signature?), apply that, and have an insecure bootloader on a microsd card in the phone allowing it to boot into that, then use that with odin to flash an insecure bootloader to the s5 itself?
Now I have to ask an interesting question somewhere (since he: http://forum.xda-developers.com/verizon-galaxy-s5/help/g900v-hard-brick-t2914847 seems to have done it): "guys how do I brick my sm-g900v?"
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
tr4nqui1i7y said:
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
Click to expand...
Click to collapse
I think it might actually be easier
So long as a couple conditions are met for it:
1. The bootloader alone determines if an image is "signed" or not (like when flashed in odin)
2. The same UnBrick exploit from the S3 LTE variants works in some form (secondary storage, fault-triggered boot)
3. It is possible to get it to load a modified bootloader from that secondary boot (this is why number 1 is important)
4. KNOX is completely firmware based, and doesn't have any chip based verification
5. I or someone else actually knows how to modify the bootloader such that it will allow unsigned images (even if not removing it all together, then changing the key to one they publicize so people can sign their rom with it)
If all of these are met, then we might actually have free root! Basically all it would involve would be bricking the device badly enough it boots from secondary storage, have that secondary boot have a "back door" that allows a custom image to be flashed, that allows a bootloader image to be flashed that allows for a signed recovery (signed with that publicly available code) to be flashed without having to deal with safestrap or anything like that. Just full root like on any other phone. Anyone want to offer an opinion? Will this work? I would love to try this out, though I'm a bit unwilling to offer my s5 as a sacrifice just yet as I don't have a JTAG unit on site. I know the bounty is probs gone but I'm ok just getting my bootloader unlocked an' $#*+
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
tr4nqui1i7y said:
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Click to expand...
Click to collapse
Have you found anything yet?
dreamwave said:
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
Click to expand...
Click to collapse
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
dreamwave said:
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
Click to expand...
Click to collapse
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
that's why I'm hoping the debrick image method will work
tr4nqui1i7y said:
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
Click to expand...
Click to collapse
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom. Also, safestrap didn't do a thing with the bootloader, it was done during kernel init, right after firmware finishes. If a phone is hard bricked then adb won't work, and what I'm getting at is hard bricking it then using the debrick image thing
dreamwave said:
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom
Click to expand...
Click to collapse
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Click to expand...
Click to collapse
I don't know, I got it to go back to when root was still possible to get via an app. I don't see why there's a need to downgrade the bootloader if the debrick image thing works
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
Click to expand...
Click to collapse
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
dreamwave said:
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
Click to expand...
Click to collapse
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
tr4nqui1i7y said:
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
Click to expand...
Click to collapse
but that has already been done I think, root on a system with any bootloader so long as a root exploit exists for the OS
That's safestrap. It doesn't allow custom kernels or a full custom recovery though, that's why I'm trying to modify the bootloader