Database Users

[Q] Rooting official 2.3.5 wirelessly

Hello!
How can one root official 2.3.5 rom without connecting to usb and adb?
The goal is to install custom ICS on U8800 that has no usb port - completely broken and even not charging phone. No warranty and repair cost is close to actual phone cost. So repairing is not an option.
Wireless adb app requires root first - so it is not an option for me also.
Any help is appreciated - I need ISC because I need ipsec vpn which is npt available in gingerbread.
I am ready to test any operation you suggest - I don't fear to brick the phone, need no backups.

It's impossible. I have one USB broken u8800 and that's why I use cm7 (.32) on it.
Sent from my U8800 using Tapatalk 2

Qqqxxxzzz said:
It's impossible. I have one USB broken u8800 and that's why I use cm7 (.32) on it.
Sent from my U8800 using Tapatalk 2
Click to expand...
Click to collapse
There is nothing impossible I believe
Maybe we could find the trick - gingerbreak works on some roms - another fine exploit maybe.
I don't know - worth a try I think.

tranced1 I might have 1 possible solution for you. I've rooted my 2.3.5 some time ago and I've done a backup of boot.img.
I remember with froyo we could root it with boot.img "rooted". I bet this won't work on 2.3.5, but who knows right?
If you want to give it a try, I upload that boot.img for you.
EDIT: darn! Totally forgot you can't access bootloader directory without root & damaged usb port
Can't remember another way out... sorry

tranced1 said:
There is nothing impossible I believe
Maybe we could find the trick - gingerbreak works on some roms - another fine exploit maybe.
I don't know - worth a try I think.
Click to expand...
Click to collapse
Gingerbreak and z4root doesn't work. Only solution is build your own exploit.
Sent from my U8800 using Tapatalk 2

Is there any way to flash zip from stock recovery? I saw this root method for some samsung phones.
Does anybody know how to compile such .zip file?

tranced1 said:
Is there any way to flash zip from stock recovery? I saw this root method for some samsung phones.
Does anybody know how to compile such .zip file?
Click to expand...
Click to collapse
compiling zip is easy. Your problem is that we don't know how to sign it correctly.
Sent from my GT-P1000 using Tapatalk 2

I believe that you can use terminal emulator and zergrush exploit to root the phone.
The automatic root methods basicaly push the needed files on /data/local change permissions etc... All can be done with linux commands which are available from a terminal emulator. So I don't think that you need the usb cable to root the device. You can try investigate the runme.bat file from doomlord's root method and give the commands manually after you have put the files from files directory on sdcard.

dancer_69 said:
I believe that you can use terminal emulator and zergrush exploit to root the phone.
The automatic root methods basicaly push the needed files on /data/local change permissions etc... All can be done with linux commands which are available from a terminal emulator. So I don't think that you need the usb cable to root the device. You can try investigate the runme.bat file from doomlord's root method and give the commands manually after you have put the files from files directory on sdcard.
Click to expand...
Click to collapse
adb can access the phone as root user - from terminal file system is read-only, so even first step permission denied

Yes, you have right about that.
But, check this thread:
http://forum.xda-developers.com/showthread.php?t=1716068
the last post.
EDIT:
After reading the discription on first post of gingerbreak, I had another Idea.
Seems that gingerbreak uses sd card to temporary store the necessary for root files. So, maybe you can replace these files(and especially the exploit) whith those of doomlord's root app, before you press the root button, so to use the working zergrush exploit.

This is the B528 root bat script:
http://pastebin.ca/raw/2163499
@adb wait-for-device
@echo --- DEVICE FOUND
@echo --- reboot to bootloader
@adb reboot-bootloader
@echo --- flash the rooted bootimage
@fastboot boot boot.img
@echo --- reboot to nomal mode
@fastboot reboot
@echo --- wait for adb connect
@adb wait-for-device
@echo --- DEVICE FOUND
@adb remount -t yaffs2 /dev/block/mtdblock3 /system
Click to expand...
Click to collapse
You're problem is in red... you have to flash the exploited boot image. The rest is just installing busybox, su and SuperUser.apk.
You have the stock recovery which allows you to flash .zip files, but they have to be signed correctly and I don't think that's possible.

VuDuCuRSe said:
This is the B528 root bat script:
http://pastebin.ca/raw/2163499
You're problem is in red... you have to flash the exploited boot image. The rest is just installing busybox, su and SuperUser.apk.
You have the stock recovery which allows you to flash .zip files, but they have to be signed correctly and I don't think that's possible.
Click to expand...
Click to collapse
To boot a different boot image, you have to use USB, atleast on fastboot.

dancer_69 said:
Yes, you have right about that.
But, check this thread:
http://forum.xda-developers.com/showthread.php?t=1716068
the last post.
EDIT:
After reading the discription on first post of gingerbreak, I had another Idea.
Seems that gingerbreak uses sd card to temporary store the necessary for root files. So, maybe you can replace these files(and especially the exploit) whith those of doomlord's root app, before you press the root button, so to use the working zergrush exploit.
Click to expand...
Click to collapse
Thanks for clues but seems there is no way - I cant execute exploit via ssh - permission denied I cant even chmod it.
Gingerbreak completely not working - no files created on sdcard.

Ι didn't find any other way on net. There are several discussions for this problem but not a solution. I think that the only way is to do it for an app. You can contact with the creator of gingerbreak or z4root to ask for it. Also I'll try to make an app myself, but my android developing knowledge is very basic, so don't count too much on this. If I have some kind of success I'll contact you via PM.
EDIT:
Try this mod, and if you are lucky...

dancer_69 said:
Ι didn't find any other way on net. There are several discussions for this problem but not a solution. I think that the only way is to do it for an app. You can contact with the creator of gingerbreak or z4root to ask for it. Also I'll try to make an app myself, but my android developing knowledge is very basic, so don't count too much on this. If I have some kind of success I'll contact you via PM.
EDIT:
Try this mod, and if you are lucky...
Click to expand...
Click to collapse
No I am obviously not the lucky one
My android development knowledge is zero, so if you can run zergRush from executable area it will be a very good start.
And I want to thank everybody for your support.

So, it doesn't work?
I just updated the file, so give it another try.
Also, check if you have logcat and usb debuging enabled(is needed for other methods, so maybe needed here too)

dancer_69 said:
So, it doesn't work?
I just updated the file, so give it another try.
Also, check if you have logcat and usb debuging enabled(is needed for other methods, so maybe needed here too)
Click to expand...
Click to collapse
Logcat: Cannot copy boomsh. : Permission Denied

I will revert to first beta now - and will test if it will work

I suppose this logat message is for z4root fail. Unfortunately I don't know what boomsh is. I just decompiled the apk and replaced the exploit, busybox, superuser, and su files with these from doomlord's root files directory.
So, easy solution didn't work. If I have something else I'll let you know.
EDIT:
I get some info about "cannot copy boomsh"
The exploit creates this file when run. This message appears when this file already exists and needed to be deleted from /data/local/tmp.
I checked z4root-mod on my device(which is already rooted and with ICS custom rom), and I get this message too.
The problem is that this file doesn't exist on my device, so I cannot delete it.
---------- Post added at 04:16 PM ---------- Previous post was at 03:17 PM ----------
I read on a forum that these apps(as z4root) run better after a fresh boot. So, install the latest apk(has newer files), reboot the device and run z4root again.

z4root is a froyo root exploit (I think) and seems "dead" for a long time.
Check Chainfire's Gingerbreak: http://forum.xda-developers.com/showthread.php?t=1044765

[Root][Moto E][Guide HowTo]How to root Moto E [Condor][Noob Friendly]

I will update the method as and when newer methods are available!
So confirmed Root is here presented by @cybojenix
I am making the thread only for making it Noob friendly, and making the instructions bit more detailed!
All credit goes to @cybojenix
DISCLAIMER:
Code:
#include <std_disclaimer.h>
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research! YOU are choosing to make these modifications, and if
* you point the finger at me for messing up your device, I will laugh at you.
*
*/
Procedure
Download mfastboot-v2 extract its content and use that for unlocking Bootloader
Unlock your bootloader From Here
TIPs:
Unlocking bootloader will wipe your device, Backup your photos, music, contacts using applications in play store or whichvere method you prefer
The motorola site tells us to download the android SDK, You can skip that big download and use the fastboot in step 1
Follow the further steps given on motorola's site, After clicking on Request an Unlock Key, You will get an email which will consist guideline to proceed further!
Clicking on Request an Unlock Key is the point where you lose your warranty
Download The TWRP recovery from here(thread) or here(Goo.im) rename it recovery-twrp.img and move it in the same folder as of step 1
Download The SuperSU from here(thread) or here(chainfire.eu)() and copy it into the root of your internal memory!
Connect your phone to PC and Reboot to bootloader by pressing VolumeDown+Power button for about 6-7 seconds.
Go to the directory in step 1, Do Shift+RightClick in empty space in the folder without selecting anything, Select Open a command window here.
Run following command
Code:
fastboot boot recovery-twrp.img
If facing errors refer to TIP No. 2 and 3
[*]Now touch doesn't work in recovery straight away, so wait 60 seconds without touching the phone, The phone screen will go blank.
[*]Press power button and do swipe to unlock to get your touch working again!
As Motorola released source code for the kernel, @cybojenix has fixed the touch issue, you can skip to step 10 directly!
Select Install, scroll down and find the SuperSU Zip downloaded in step 4.
Swipe to confirm, wait untill the flash is complete and then select reboot, to boot into your phone which is rooted now
Check your app drawer, There should be SuperSU installed. Congratulations you are rooted!
TIPS:
Downloading things from the thread link is a better option as the hotlinks may get outdated, Thread links will not!
If you want to install twrp rather then just booting into it for once, you can use following command to flash it permanently
Code:
fastboot flash recovery recovery-twrp.img
If stuck on Boot Logo of Motorola (blue M), @JerryGoyal has provided a Thread Here to solve the problem using CWM instead of TWRP.
According to the method you can download CWM and Rename it to recovery-cwm.img in place of TWRP in step 3. Execute other steps the same
And in step 7 Replace the given code with
Code:
fastboot flash recovery recovery-cwm.img
In CWM Touch doesn't Work to scroll Use Volume Buttons and Use Power Button to select the choice
in Step 10 you would select Install from sdcard
If you do something wrong and stuck somewhere, The stock firmwares are available for restoring.
[Condor][Stock Firmware] Restore your Moto E to Stock[Lock Bootloader][Noob Friendly]
Reply if any issues! I'll try my best to help!

Reserved!

Very good effort :thumbup:
Some newbies actually need it
Sent from my XT1022 using XDA Free mobile app

quick question.. is it possible to remove that annoying bootloader unlocked warning that shows up everytime you start up the device?

dpool94 said:
quick question.. is it possible to remove that annoying bootloader unlocked warning that shows up everytime you start up the device?
Click to expand...
Click to collapse
Right now it's not but in the coming days I will look into a method similar to this for our device to "remove" the warning.

shimp208 said:
Right now it's not but in the coming days I will look into a method similar to this for our device to "remove" the warning.
Click to expand...
Click to collapse
You don't need to do it bro.. Motorola updated their bootservice .. I mean the warning shows up but only for 2-3 secs and after that comes a new logo loading.. So I think It would be best not to waste time on such things

Just a suggestion.. Instead of flashing a custom recovery, you could also just boot into the recovery using "fastboot boot recovery.img".. This way the stock recovery won't get changed for people who would like to keep it.

I unlocked the bootloader,installed twrp and flashed the superuser.. and I can even see superuser in my app drawer but none of the apps that require root like titanium backup are working.. it says my device isn't rooted :/ help please

dpool94 said:
I unlocked the bootloader,installed twrp and flashed the superuser.. and I can even see superuser in my app drawer but none of the apps that require root like titanium backup are working.. it says my device isn't rooted :/ help please
Click to expand...
Click to collapse
Check your device by installing this device if you really rooted it or not. DOWNLOAD THIS APP

Mrtoxicgamer10 said:
Check your device by installing this device if you really rooted it or not. DOWNLOAD THIS APP
Click to expand...
Click to collapse
Root Access is not properly configured or was not granted.
Super User Applications Status:
Superuser application - is NOT installed!
SuperSU application - version 1.00 - is installed!
System File Properties for Root Access:
Standard Location
Check Command: ls -l /system/bin/su:
Result: /system/bin/su: No such file or directory
Analysis: File /system/bin/su does not exist.
Standard Location
Check Command: ls -l /system/xbin/su:
Result: -rwsr-sr-x root root 96144 2008-08-01 17:30 su
Analysis: Setuid attribute present and root user ownership present. Root access is correctly configured for this file! Executing this file can grant root access!
Alternative Location
Check Command: ls -l /sbin/su:
Result: /sbin/su: Permission denied
Analysis: File system permissions restricted and denied access.
Alternative Location
Check Command: ls -l /system/xbin/sudo:
Result: /system/xbin/sudo: No such file or directory
Analysis: File /system/xbin/sudo does not exist.
Root User ID and Group ID Status:
SU binary not found or not operating properly
System Environment PATH: /sbin /vendor/bin /system/sbin /system/bin /system/xbin
ADB Shell Default User:
ADB shell setting for standard access, stored in default.prop, is configured as: shell (non root) user - ro.secure=1
Results provided on your XT1022 device by Root Checker Pro version 1.3.0 from joeykrim in the Android Market - http://goo.gl/NcnHn

Guys check this too
We can flash this through stock recoveryhttp://forum.xda-developers.com/galaxy-s2/orig-development/30-10-2012-k-la-lp-t1103399
Sent from my XT1022 using XDA Free mobile app

dpool94 said:
I unlocked the bootloader,installed twrp and flashed the superuser.. and I can even see superuser in my app drawer but none of the apps that require root like titanium backup are working.. it says my device isn't rooted :/ help please
Click to expand...
Click to collapse
I am sorry, I by mistake provied the superSU 1.00 link
I changed and updated it superSU 1.64
Please Try again! using the new link from the description for step 4

vin4yak said:
Just a suggestion.. Instead of flashing a custom recovery, you could also just boot into the recovery using "fastboot boot recovery.img".. This way the stock recovery won't get changed for people who would like to keep it.
Click to expand...
Click to collapse
Could you confirm it?
I cannot test it till tuesday?

startracker said:
Guys check this too
We can flash this through stock recoveryhttp://forum.xda-developers.com/galaxy-s2/orig-development/30-10-2012-k-la-lp-t1103399
Sent from my XT1022 using XDA Free mobile app
Click to expand...
Click to collapse
Friendly warning about this Do NOT I repeat DO NOT flash this in recovery this is meant for the Galaxy S2 and is not only outdated by not compatible with our Motorola E. Only flash things intended for your device!

dpool94 said:
Root Access is not properly configured or was not granted.
Super User Applications Status:
Superuser application - is NOT installed!
SuperSU application - version 1.00 - is installed!
Results provided on your XT1022 device by Root Checker Pro version 1.3.0 from joeykrim in the Android Market - http://goo.gl/NcnHn
Click to expand...
Click to collapse
See ? Your device is not rooted. You must have missed something. Try again. Good luck.

Mrtoxicgamer10 said:
See ? Your device is not rooted. You must have missed something. Try again. Good luck.
Click to expand...
Click to collapse
Nah i fixed it. OP posted link of superSU v1.00 which is why my phone wasnt getting rooted. He fixed it. T

but not able to flash recovery.
it gives error -
target reported max download size of 299892736 bytes
error: cannot load 'recovery.img': No error
Click to expand...
Click to collapse

vivekbumb said:
but not able to flash recovery.
it gives error -
Click to expand...
Click to collapse
Did you flash this recovery image, TWRP 2.7.0.0 V1.2, using fastboot?:

vivekbumb said:
but not able to flash recovery.
it gives error -
Click to expand...
Click to collapse
You have copied the recovery.img file in some other folder, bring it to the same folder as of fastboot.exe
and it will work!

deej_roamer said:
You have copied the recovery.img file in some other folder, bring it to the same folder as of fastboot.exe
and it will work!
Click to expand...
Click to collapse
got it thanks.

[HOW TO] Unlock tethering on Marshmallow 6.0

Google made a change from Android 4.1.2 which allows operators to know when users are using tethering and conveniently block tethered devices from accessing internet.
This can be fixed permanently using the following procedure and no root required on all rom types (stock, mod):
1) Enable developer mode (Go to Settings -> About phone, and click on the build number until the developer mode is enabled).
2) Enable USB debugging under Settings -> Developer options
3) Connect the device with a USB cable to a computer with the Android SDK platform tools installed
4) Start an adb shell: adb shell
5) In the adb shell, run this command:
Code:
settings put global tether_dun_required 0
Tested on Nexus 5 & 6 with Marshmallow STOCK ROM

Just tried this on a freshly imaged Verizon Nexus 6 with Marshmallow, and I'm still getting the prompt for subscribing to tethering.

Can you do this with sqlite editor? If so, how?

net.tethering.noprovisioning=true
Pasted at end of build prop. Save. Reboot. Done.

Can this be tried even if the Nexus6 boot loader is locked, without unlocking it ?
Sent from my VS985 4G using Tapatalk

trent999 said:
Can this be tried even if the Nexus6 boot loader is locked, without unlocking it ?
Sent from my VS985 4G using Tapatalk
Click to expand...
Click to collapse
You need root to edit the build prop like this but you can also edit the build prop thru adb commands
Sent from my Nexus 6 using Tapatalk

Ocelot13 said:
net.tethering.noprovisioning=true
Pasted at end of build prop. Save. Reboot. Done.
Click to expand...
Click to collapse
I'm on Verizon and that's what I did also.
Sent from my Nexus 6 using Tapatalk

nexus6r3plicant01 said:
You need root to edit the build prop like this but you can also edit the build prop thru adb commands
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
You don't need root to do it, you can make the change via recovery and adb shell commands.

wishkah said:
Can you do this with sqlite editor? If so, how?
Click to expand...
Click to collapse
I'm not sure this can be done with sqlite editor anymore because when I go to the file path data>data>com.android.providers.settings>databases there is no longer a settings.db in that location to edit.
Maybe I'm missing something.... IDK???

didn't work on my stock Nexus 6 - still says to contact ATT.
---------- Post added at 10:41 AM ---------- Previous post was at 10:32 AM ----------
Durthquake said:
didn't work on my stock Nexus 6 - still says to contact ATT.
Click to expand...
Click to collapse
editing the build.prop worked for me! thanks guys/gals

nexus6r3plicant01 said:
You need root to edit the build prop like this but you can also edit the build prop thru adb commands
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
Is Rooot needed to do this through adb?

That is my question, too.
For right now, I want to wait to unlock and root. I have reasons...
Can I edit and replace build.prop somehow under those conditions ?
I have ADB and fastboot both working and have pulled a copy of the stock Lollipop build.prop onto my laptop. I can edit it, but can I push the revised copy back with the boot loader still locked and no root ?
I read somewhere about achieving temporary root via fastboot booting twrp, instead of flashing, but that fails for me and I cannot find the referencing thread.
Sent from my VS985 4G using Tapatalk

Same boat here. I'd love to enable this, but don't want to do too much as I'm switching to a 6P in two weeks.
Do you need root to mod this? i'm not able to R/W system without it I assume?

So, this link provides information on how to make the modifications to the build.prop without root which is what I needed to make things happen on Verizon. Note that this does make the scary This device is corrupt... message appear at bootup. Specific steps I followed (assuming you've got adb working and USB debugging enabled):
- Download TWRP 2.8.7.1 from here
- adb reboot bootloader
- fastboot boot twrp-2.8.7.1-shamu.img
- When TWRP finishes booting, click Mount and check the box for /system
- adb pull /system/build.prop
- Use your favorite text editor to add the line net.tethering.noprovisioning=true to the build.prop file you just downloaded off the phone. Save the file.
- adb push build.prop /system/
- adb shell chmod 644 /system/build.prop
- adb shell settings put global tether_dun_required 0
- adb reboot
And voila. When you reboot you'll be able to tether. At least I was.

Yes, the above is what I have been looking at, but it is important to realize it requires an unlocked bootloader, which requires a total phone wipe.
Plus I am concerned that this will prevent any future OTA, like to Marshmallow for mine, and also make it impossible to use Android Pay on that device, if those issues matter to you.
Yes, I know it is self-limiting to have a stock, locked N6.
Sent from my Nexus 6 using Tapatalk

pmhesse said:
Note that this does make the scary This device is corrupt... message appear at bootup.
Click to expand...
Click to collapse
Also note that this will also make you unable to apply any future OTAs (neither pushed to you by Google, nor sideloaded via ADB).
18 months ago, before /system validation became a thing, I would have recommended this method to a lot of "casual" modders - booting to TWRP to fix a couple things, and then going on their merry way with an unrooted "stock" (or close enough to it as to not matter) device.
Now that /system validation is a thing (breaks OTA applicability, dm-verity), I wonder if it's actually more advisable that people keep TWRP installed, and take the time to fully educate themselves about what they're doing, so that in the future they can fix things themselves more easily (and manually apply the monthly security patches, etc.).
I'm honestly not sure about the right answer - what do folks think?

pmhesse said:
So, this link provides information on how to make the modifications to the build.prop without root which is what I needed to make things happen on Verizon. Note that this does make the scary This device is corrupt... message appear at bootup. Specific steps I followed (assuming you've got adb working and USB debugging enabled):
- Download TWRP 2.8.7.1 from here
- adb reboot bootloader
- fastboot boot twrp-2.8.7.1-shamu.img
- When TWRP finishes booting, click Mount and check the box for /system
- adb pull /system/build.prop
- Use your favorite text editor to add the line net.tethering.noprovisioning=true to the build.prop file you just downloaded off the phone. Save the file.
- adb push build.prop /system/
- adb shell chmod 644 /system/build.prop
- adb shell settings put global tether_dun_required 0
- adb reboot
And voila. When you reboot you'll be able to tether. At least I was.
Click to expand...
Click to collapse
Ah. I don't have TWRP installed. Thats what I was missing. I went full stock besides my unlocked bootloader with Marshmallow. Not being able to Android Pay also sucks as I do use that. Wonder if I set it up first, then do this if it will let me still use the cards I load.

Durthquake said:
didn't work on my stock Nexus 6 - still says to contact ATT.
---------- Post added at 10:41 AM ---------- Previous post was at 10:32 AM ----------
editing the build.prop worked for me! thanks guys/gals
Click to expand...
Click to collapse
So the command did not work but adding the net..etc to build prop worked anyone in T-Mobile done this yet? Thanks

Correct, the command didn't work, but the line at end of build.prop did. Should work for any carrier.

Ocelot13 said:
net.tethering.noprovisioning=true
Pasted at end of build prop. Save. Reboot. Done.
Click to expand...
Click to collapse
Thank you!

Just purchaced a Note 3 verizon, Pls suggest best practices to Root & unlock

Hello good peoples of Xda ,
I just purchased a Note 3 verizon I believe 900v on swappa It will arive in the next few day's and I want to get all my ducks in a row by that I mean aquire all the root and unlocking tools nessary for a best practices root and if nessary unlocking of my boot loader.
Goals for root are mostly to debloat the phone and hotspot mod's for no hassle teathering.
I may dip my toes into custom rom for this phone but mostly I am just looking for a clean lean experiance for my note 3. I have been pouring over the many many pages of the various rooting guids and I am just not sure witch method to use is the safest / most reliable .
thank you for your time and helpful suggestions.
This is what I have found so far.
ArabicToolApp : Root for lolipop
Odin3 v3.12.3 : flash tool is this latest ? best to use ?
Samsung usb drivers v1.5.45.0 : are these the proper drivers to install ?

You should start by figuring out which firmware release it has on it.
If it has PL1 (the newest security release, circa 2017/01/15), there will be no rooting for you... unless you manage to create a new exploit.
OB6 and OF1 - (one of) the yemen tool(s)**
NK1 - no root available ( and can't be rolled backwards w/ Odin, only NK1 or higher )
NJ6 - no root available? ( Try towelroot, or you can downgrade to NC4 using Odin )
MI9/MJ7/MJE/NC2(leak)/NC4 - Towelroot v3
For which bootloader unlock binary to use, see here.
Can't help you out with USB drivers, I don't remember what I used. afaik, they will either work 100% or not work at all, so you just need to get something working.
I've never used anything but Odin 3.0.9. Can't tell you if the version you mention is "better".
good luck
** i've never rooted OB6 or OF1, so can't give you any advice about which to use. Feel free to read the related threads. In my (casual) reading of those threads, it is nearly impossible to intuit out why some people have problems and others do not. Mostly because the reporting is not sufficiently detailed.

bftb0 said:
You should start by figuring out which firmware release it has on it.
Click to expand...
Click to collapse
Your right, after thinking about my post I realized there were 2 many variables that I need to know before I ask for help. So once I recieve the phone and if it's fully functional I will find out what firmware it has and what the cid it has and will post a follow up if I need help.
P.S thank you for the concise jist of what is and is not possible with the various firmware's.

Recieved my phone.
I got my note 3 and boy is it just a wonderful device. SM-900v running OF1 firmware, and My Cid is 15 so is all good.
procedurs completed.
I got root from useing the yemem tool.
and have tryed some debloating removed the NFL apk as a test with Tit.backup.
dissabled ota updates, I made a copy of the update.zip (that was downloaded with out me asking it too. I assume that this update.zip is the new PL4 firmware )and deleted it. renamed the fota.apk's with a .bak
not really sure if I should unlock the the bootloader I would love to have twerp.
Could anyone point me at a good debloating script ?
LOVE LOVE LOVE my note 3.
I also have a zero lemon battery/case combo on the way.

PL1 not PL4
See here. Might be dated - stuff tends to move around from release to release.
You should probably also freeze SDM.* and SysScope.* (in addition to LocalFOTA)**
There is a small permanent downside to unlocking - the blowing of the Knox Warranty Flag means that you will never be able to use Knox Secure containers, even if you did a full stock flash with Odin. Not sure how important this is to folks using the phone as a personal device (as opposed to a corporate device).
Operating with a rooted-stock device with a locked bootloader usually progresses through a customary arc - especially with new rooters, but also with experienced folks - where the user one day does some incremental mod that boot-loops the Android UI. At that point there is no means to reverse the small change. (You can't get in via "adb" as it's daemon isn't started yet, and even if it were, the fact that it is in secure mode means that you would have to have a stable UI in order to confirm the connection.) As there is no rooted secondary boot available (i.e., a custom recovery), there is no way to perform repairs, and a trip back to Odin is in store for the owner. Worse yet, a backup has never been made... so all customizations are all lost and must be re-created completely from scratch.
** this is a good idea if you unlock and install a custom recovery: (although TWRP may detect it and emasculate it automatically)
Code:
su
chmod 0000 /system/bin/install-recovery.sh

bftb0 said:
PL1 not PL4
Click to expand...
Click to collapse
Right PL1 ok.
Well I decided in for a penney in for a pound and have sucessfully unlocked my boot loader, had no issues.
my question now is how do I install twerp I have downloaded
twerp-3.0.2-0-hltevzw-4.4
and twerp 3.0.2-1-hlte.img.tar
I think I need to install the tar file.
but I don't know how. I have odin but not sure if that is the right program to use. I think I read where somone installed twerp with flashify or somthing like that.
What should I do ?

Truck'nfool said:
Right PL1 ok.
Well I decided in for a penney in for a pound and have sucessfully unlocked my boot loader, had no issues.
my question now is how do I install twerp I have downloaded
twerp-3.0.2-0-hltevzw-4.4
and twerp 3.0.2-1-hlte.img.tar
I think I need to install the tar file.
but I don't know how. I have odin but not sure if that is the right program to use. I think I read where somone installed twerp with flashify or somthing like that.
What should I do ?
Click to expand...
Click to collapse
man up and use a root prompt command line. It's a single command.
Code:
dd of=/dev/block/mmcblk0p15 if=/sdcard/twrp-3.0.2-0-hltevzw-4.4.img bs=2048
( assuming that you put the twrp .img file in the /sdcard folder. If it was in the download folder, then if=/sdcard/Download/twrp-3.0.2-0-hltevzw-4.4.img )
Note there are absolutely, positively no spaces anywhere in "mmcblk0p15". Critically important.
The above command writes a raw binary data (the .img file) to the 15th partition of the mmcblk0 device - the flash memory chip. You can do this with boot images (such as custom recoveries) or a few other binary images, but typically not with ext4 or other filesystems.
Note this command could be extremely dangerous if you made a mistake. If you were to write data someplace else it could be a permanent disaster. So cut-n-paste to be safest (without a new-line), and then double- and triple- check the command for typos before you hit the enter key.
FYI, you can see what the partition mapping is by doing a folder listing
Code:
ls -ld /dev/block/platform/*1/by-name/*
The partitioning scheme varies from android device to android device; but on the SM-N900V the recovery partition is the 15th partition. (On other devices it might be something different).

bftb0 said:
man up and use a root prompt command line. It's a single command.
dd of=/dev/block/mmcblk0p15 if=/sdcard/twrp-3.0.2-0-hltevzw-4.4.img bs=2048
Click to expand...
Click to collapse
are you talking about adb ?
So somthing like
adb shell
su
dd of=/dev/block/mmcblk0p15 if=/sdcard/twrp-3.0.2-0-hltevzw-4.4.img bs=2048
???

Truck'nfool said:
are you talking about adb ?
So somthing like
adb shell
su
dd of=/dev/block/mmcblk0p15 if=/sdcard/twrp-3.0.2-0-hltevzw-4.4.img bs=2048
???
Click to expand...
Click to collapse
That works.
Or a terminal emulator.
All you need is to put the file on your (internal, pseudo-) /sdcard, "su", and "dd".
For extra credit, make sure to compute a file checksum (e.g. "md5sum") every time you copy the original .img file to a new location and especially prior to flashing. That safeguards against a bad copy operation, crappy flash memory, etc.
Stock ROMs might not have a "md5sum" binary in /system/bin, but since you are rooted you could install a private busybox in someplace like /data/local/bin. I prefer to use a busybox which is SELinux-cognizant, e.g. v1.23.1 here as busybox_full_selinux_1.23.1.zip Note that I don't "install" this .zip so that stuff in /system/bin or /system/xbin get overwritten, but instead just keep it in a private area all on it's own.
Steps.
0) extract the "busybox" binary from the .zip file and get a copy to your SD card. Then
Code:
su
mkdir -p /data/local/bin
chmod 755 /data/local/bin
cp /sdcard/busybox /data/local/bin/
chmod 755 /data/local/bin/busybox
cd /data/local/bin
./busybox --install -s /data/local/bin
This allows it to be used as needed in a terminal/console shell.
e.g. using ls
1) Explicitly: /data/local/bin/ls -lZ *
2) Implicitly "as a last resort":
export PATH="${PATH}"':/data/local/bin'
ls -lZ *
3) Implicitly "as preferred":
export PATH='/data/local/bin:'"${PATH}"
ls -lZ *

I am now have root, unlocked bootloader and twrp Whoot!!
Well I now have twrp installed thank you vary much for all your help and direction I sincerly appreciate your assistance.
I installed termux and after updating the packages sucessfully used dd to install twrp.
1st thing I am going to do a full system backup.

No developer love for N900V not good

Root OP3T without unlocking bootloader - Automated App

ROOT w/o UNLOCKING BOOTLOADER:
Few of Qualcomm Devices have been found to have engineering mode software preinstalled on the device, which has root access. Using the same exploit root can be achieved in OP3, OP3T, OP5 and others, without unlocking the bootloader. Here is a full story: OnePlus Accidentally Pre-Installed an App that acts as a Backdoor to Root Access
The exploit was found by the user Elliot Alderson. An application has been promised by the author soon, to gain root access.
I have tested the method in OnePlus 3T and it works perfectly and passes SafetyNet check, furthermore you do not get DM-Verity error either.
Please follow the guide from here: OnePlus 3T Root w/o unlocking bootloader
Note: Do not modify system files though it won't let you, doing so will trigger Dm Verity.
Magisk Modules do not work, i,e you won't be able to use any modules.
Root and hide root works.
You will get system update but updating might kick you out of the root and you won't be able to gain access to root again.
It works on latest Oreo Beta, as you see in the screenshot.
Disclaimer: Follow the guide at your own risk, it is working fine for me, that in no way means it will work the same for you. Neither me nor the people envolved in this takes any responsibility. You and only you are responsible if anything goes wrong.
Note: I am not the developer or the person who found this exploit or root method. All credits go to them.
SCREENSHOTS ATTACHED
Update 1:
An app has been realsed by Oğuzhan Yiğit here is the link, the full credit goes to him for the same. Here is the link to the post:
Oneplus 3T Root Via App, further it installs SuperSU

This step is required every time you reboot:
adb shell
cd /data/magisk/
./magisk --mountimg xbin.img /system/xbin
magisk --post-fs
magisk --post-fs-data
magisk --service

I haven't tried doing the same, but theoretically, it shouldn't work.

[deleted]

casual_kikoo said:
...OnePlus 2...
Click to expand...
Click to collapse
That phone does not have dm-verity. That's why it works.
DOING THIS ON A ONEPLUS 3 OR NEWER WILL NOT WORK AND YOU WILL BRICK UNTIL YOU QUALCOMM UN-BRICK THE PHONE
Edit: I suggest deleting that and posting it in the OnePlus 2 section since someone will likely try it and brick.

SpasilliumNexus said:
That phone does not have dm-verity. That's why it works.
DOING THIS ON A ONEPLUS 3 OR NEWER WILL NOT WORK AND YOU WILL BRICK UNTIL YOU QUALCOMM UN-BRICK THE PHONE
Edit: I suggest deleting that and posting it in the OnePlus 2 section since someone will likely try it and brick.
Click to expand...
Click to collapse
Ok, as I thougth something else enter into account.
Thanks a lot !

As a newbie can u plz provide me the steps how to gain root access.?
Thanks in advance.

anuajayan said:
As a newbie can u plz provide me the steps how to gain root access.?
Thanks in advance.
Click to expand...
Click to collapse
Please do the necessary steps, I will assist you wherever you get stuck, you can also reach me at telegram on @apurvak

coolstoneapurva said:
Please do the necessary steps, I will assist you wherever you get stuck, you can also reach me at telegram on @apurvak
Click to expand...
Click to collapse
I don't know from where or how to start with? Please guide me accordingly..

replace hosts file
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
Code:
@~/Downloads/oneplus[20:56:04]~: adb push hosts /system/etc/hosts
adb: error: failed to copy 'hosts' to '/system/etc/hosts': remote couldn't create file: Read-only file system
hosts: 0 files pushed. 73.3 MB/s (327680 bytes in 0.004s)
trying without success
Code:
@~/Downloads/oneplus[21:00:48]~: adb remount
remount failed
and from within
Code:
@~/Downloads/oneplus[21:00:51]~: adb shell
OnePlus3T:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:su:s0
OnePlus3T:/ # mount -o rw,remount /system
'/dev/block/dm-0' is read-only
What am I doing wrong or need to do to replace my hosts file, please?

mitkko said:
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
trying without success
and from within
What am I doing wrong or need to do to replace my hosts file, please?
Click to expand...
Click to collapse
It's a good thing something is stopping you, because you shouldn't be modifying any file on the partitions. Again, dm-verity is enabled. You modifying any file directly will result in getting a corrupt error after a reboot. Use Magisk for systemless modifications.

Please write in first post if OTA will still work on next update. And if possible specify if this woks also on oxygen os open beta with Android Oreo.
That said, anyone know if possible to unlock bootloader state, without trigger the factory reset??

SpasilliumNexus said:
It's a good thing something is stopping you, because you shouldn't be modifying any file on the partitions. Again, dm-verity is enabled. You modifying any file directly will result in getting a corrupt error after a reboot. Use Magisk for systemless modifications.
Click to expand...
Click to collapse
How do I do that? Assume I have already introduced magisk to my phone.

mitkko said:
How do I do that? Assume I have already introduce magisk to my phone.
Click to expand...
Click to collapse
Isn't there a systemless host option for adblock in Magisk's settings? If so, turn it on, install AdAway, turn on systemless hosts in that, apply the adblock.

SpasilliumNexus said:
Isn't there a systemless host option for adblock in Magisk's settings? If so, turn it on, install AdAway, turn on systemless hosts in that, apply the adblock.
Click to expand...
Click to collapse
Never used it before. Is that persistent? I mean after reboot and magisk root gone will it persist? I don't need persistent root, I just want to patch hosts one time only if possible.

mitkko said:
Never used it before. Is that persistent? I mean after reboot and magisk root gone will it persist? I don't need persistent root, I just want to patch hosts one time only if possible.
Click to expand...
Click to collapse
It's not persistent. The last steps for root access in that guide needs to be done after every reboot, which is also needed for AdAway to apply the block. Applying the adblock after root doesn't need a reboot.
You're better off just doing the traditional unlock and root instead.
Hope that makes sense.

Deodexed and Patched EngineeringMode.apk for restore default Privilege
I played a little with Angela`s Root and wanted to restore the previous level of privilege. In the application there is a special button rollback changes, but it is Invisible
Code:
this.mPrivilege = this.findViewById(2131493042);
this.mPrivilege.setOnClickListener(((View$OnClickListener)this));
this.mPrivilege.setVisibility(4); //this.mPrivilege.setVisibility(View.INVISIBLE);
So I did the application deodex and patched the application, changing it to
Code:
this.mPrivilege.setVisibility(0); //this.mPrivilege.setVisibility(View.VISIBLE);
After that I changed the original application to patched
Code:
adb remount
adb push EngineeringMode_SIGNED_ALIGNED.apk /system/app/EngineeringMode/EngineeringMode.apk
And start them
Code:
adb shell am start -n com.android.engineeringmode/.qualcomm.DiagEnabled --es "code" "angela"
Result Screenshort:
After click on the button, the phone restarts and all privileges are restored

mitkko said:
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
Code:
@~/Downloads/oneplus[20:56:04]~: adb push hosts /system/etc/hosts
adb: error: failed to copy 'hosts' to '/system/etc/hosts': remote couldn't create file: Read-only file system
hosts: 0 files pushed. 73.3 MB/s (327680 bytes in 0.004s)
trying without success
Code:
@~/Downloads/oneplus[21:00:48]~: adb remount
remount failed
and from within
Code:
@~/Downloads/oneplus[21:00:51]~: adb shell
OnePlus3T:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:su:s0
OnePlus3T:/ # mount -o rw,remount /system
'/dev/block/dm-0' is read-only
What am I doing wrong or need to do to replace my hosts file, please?
Click to expand...
Click to collapse
You shouldn't make any changes to system partion doing to will render you unable to boot, as dm verity is enabled.

andQlimax said:
Please write in first post if OTA will still work on next update. And if possible specify if this woks also on oxygen os open beta with Android Oreo.
That said, anyone know if possible to unlock bootloader state, without trigger the factory reset??
Click to expand...
Click to collapse
Yes it will work on next update as system files are intact, further it works on Beta Oreo as you can see the screenshot. I will further update the post with the same.

seems not working on Android 8 /OOS 5