Related
I've been looking for an insecure stock boot.img for about two hours now and I can't find one. I also tried modifying the one included in the factory image by unpacking and setting the ro.secure value in default.prop to 0 but it doesn't seem to work.
So my question is really split in two:
1) Am I just bad at searching? If so, could you link me to a working insecure stock boot.img?
2) What am I missing? I found something about adbd binaries or so, saying that this method doesn't work since 4.2.2, but I didn't quite understand it to be honest... What more modifications do I need to make in order for it to work?
Basically, all I want to be able to do is use adb remount and adb push.
Huge thanks in advance! :good:
fritzhy said:
I've been looking for an insecure stock boot.img for about two hours now and I can't find one. I also tried modifying the one included in the factory image by unpacking and setting the ro.secure value in default.prop to 0 but it doesn't seem to work.
So my question is really split in two:
1) Am I just bad at searching? If so, could you link me to a working insecure stock boot.img?
2) What am I missing? I found something about adbd binaries or so, saying that this method doesn't work since 4.2.2, but I didn't quite understand it to be honest... What more modifications do I need to make in order for it to work?
Basically, all I want to be able to do is use adb remount and adb push.
Huge thanks in advance! :good:
Click to expand...
Click to collapse
as far i know to do adb remount / push u just need to unlock bootloader doing fastboot oem unlock(with phone in fastboot mode)those 2 command work here using that.
opssemnik said:
as far i know to do adb remount / push u just need to unlock bootloader doing fastboot oem unlock(with phone in fastboot mode)those 2 command work here using that.
Click to expand...
Click to collapse
My bootloader is unlocked alright, also I'm pretty sure that the only thing the bootloader has to do with it, is that it has to be unlocked if you want to be able to flash a new kernel (independent on if it's insecure or not).
fritzhy said:
My bootloader is unlocked alright, also I'm pretty sure that the only thing the bootloader has to do with it, is that it has to be unlocked if you want to be able to flash a new kernel (independent on if it's insecure or not).
Click to expand...
Click to collapse
weird, i have never seen security boot off even with custom, now im on stock 4.3 with google kernel and i can do those 2 commands, i just flashed ak now and still security boot on, franco is the same thing, so i guess there is not security boot off for n4.
disclaimer:
Code:
I take no responsibility for any devices that may be bricked,
or any bad things that will happen to you.
flash/boot twrp from here
either flash SuperSU by chainfire, or reboot system and accept installing supersu via TWRP.
we've experienced a bug on the first boot after flashing supersu, where there is no boot animation. instead the warning sign will stay up saying "you're unlocked".
Do not worry. It will still load, and supersu will prompt you to finish installing SU. do so, and everything will be back to normal.
A known issue happens, where root breaks the camera.
If this happens to you, then change SeLinux to permissive. I may look in to fixing it properly at a later point.
thank you to @fix-this for testing
previous post:
Please note this is a development thread. If something is said that is NOT constructive, I will have it deleted.
OK so this thread doesn't tell you how to root your device... yet.
in the process of rooting my device, I have essentially soft bricked it until I can get hold of either a boot/recovery image, or I find out the kernel base, ramdisk offset and tags offset.
long story short, I shouldn't have been messing about with the system while I was tired, so I forgot about dm-verity, and now it won't boot since the boot image contains a dm-verity key. hurrah for perma root prevention systems finally working.. sort of..
Motorola has implemented a nifty method in to their bootloaders. It essentially allows you to dump a partition. This is when I stumbled on yet another security measure. to allow you to do anything with the bootloader, you must flick a switch in the android dev settings to give full access... oh wait, I can't load the system I don't know if this switch is done by writing a value to memory, or is passed on with the reboot reason. I don't know Java that well, and I sure as hell don't know smali.
So far I have attempted:
Dump a modified system image (Failed because dm-verity).
Pull the boot image (Failed because SELinux)
Dump the boot image via moto fastboot (failed because either outdated mfastboot, or security from [read above])
Boot directly in to DLOAD mode. (Failed. seems with the msm8916, they've changed the method of accessing it, and having dload mode is now optional [which they disabled.. probably..]. I'm not going to risk wiping the bootloader to see if DLOAD mode will load as a fail safe).
so how can you help?
method failed. trying something else..
I need someone who doesn't mind unlocking their bootloader (or already has done), and doesn't need their hand holding. (request for hand holding isn't development, it will be deleted).
unlock bootloader.
get mfastboot
go to settings, dev settings, and allow oem unlock
boot to fastboot/bootloader
run this command
Code:
mfastboot oem partition dump recovery
If this fails, then try this (with this fastboot) (Thank you @m1cha for this version of fastboot, sources here)
Code:
fastboot_dump dump recovery.img oem partition moto-dump recovery
send the results back to me
Hopefully, this will all go well. If not, I'll spend a few hours figuring out the values they've used for the kernel base and offsets.
If anyone else has any ideas (even if it's to get a temp root), then feel free to share them
Big thankyou to @PotatoJ who has donated a very generous $20
And it finally begins
Gave em both the commands, nothing. Both are restricted. Ugh...
C:\windows\system32>fastboot dump recovery.img oem partition moto-dump recovery
...
(bootloader) Command Restricted
FAILED (remote failure)
finished. total time: 0.002s
more updates. just been told that those commands are for internal use only.
had an idea though.. will get back to you
cybojenix said:
more updates. just been told that those commands are for internal use only.
had an idea though.. will get back to you
Click to expand...
Click to collapse
Whatever you need, let me know. I've got the phone waiting for commands.
if im correct i think the system images are now available. ill help with what i can to obtain root. id hope rooting this wont be too hard considering we can unlock the bootloader via moto.
i also messaged jcase to see if he might be able to help us.
fix-this! said:
if im correct i think the system images are now available. ill help with what i can to obtain root. id hope rooting this wont be too hard considering we can unlock the bootloader via moto.
i also messaged jcase to see if he might be able to help us.
Click to expand...
Click to collapse
No need for jcase now. the boot image is out. I can patch it, and talk with chainfire about how to best handle dm-verity
cybojenix said:
No need for jcase now. the boot image is out. I can patch it, and talk with chainfire about how to best handle dm-verity
Click to expand...
Click to collapse
Yeah jcase responded and said since we can unlock the bootloader all we needed was a custom recovery to flash superuser. Was just trying to help.
fix-this! said:
Yeah jcase responded and said since we can unlock the bootloader all we needed was a custom recovery to flash superuser. Was just trying to help.
Click to expand...
Click to collapse
it's kind of a pain to make a custom recovery without having a recovery/boot image
Do you plan on making the recovery work with the boost mobile Variant
903tex said:
Do you plan on making the recovery work with the boost mobile Variant
Click to expand...
Click to collapse
no. I don't have the device.
btw, got twrp on it, however the return of the "No touch till screen goes off" bug is back.
Xda seems to be glitching, and won't show there's a thread in original dev from the main forum, so here's a direct link.
http://forum.xda-developers.com/moto-e-2015/orig-development/twrp-moto-e-2015-recovery-t3049726
if you need me to test, pm me. otherwise ill wait until you say its ok to root.
Code:
$ adb shell
[email protected]_umts:/ $ su
[email protected]_umts:/ #
cybojenix said:
Code:
$ adb shell
[email protected]_umts:/ $ su
[email protected]_umts:/ #
Click to expand...
Click to collapse
congratulation to you to gaining root access. :good::good::good:
we want rooting all together:laugh::laugh:
cybojenix said:
Code:
$ adb shell
[email protected]_umts:/ $ su
[email protected]_umts:/ #
Click to expand...
Click to collapse
you hard work is much appreciated.
so some bad news. the GB and EU variants have different camera blobs it seems.
unless I get decent testers, I will not be supporting the different variants.
cybojenix said:
so some bad news. the GB and EU variants have different camera blobs it seems.
unless I get decent testers, I will not be supporting the different variants.
Click to expand...
Click to collapse
how would i know if i have a gb or eu variant? and yes that's sad indeed for users. ill test whatever you need. i have an unlocked lte gsm model from moto.
root is done, thanks @fix-this for doing the final testing
cybojenix said:
root is done, thanks @fix-this for doing the final testing
Click to expand...
Click to collapse
Whatever you need for the CDMA variant I'll be happy to provide!
YotaPhone 2 ROOT with modified stock recovery
NOTE:
Check out the more functional TWRP recovery for YotaPhone 2.
Since not much dev work is happening on the YotaPhone 2, I though I'd kick off by publishing a recovery image that will hopefully allow you to root your YotaPhone 2 device with lollipop, and e.g. make partition backups.
First off: Disclaimer!
I am not responsible for damaged or bricked devices. If you follow instructions in this post, then YOU are making the choice to tinker with your device, and you are likely to void your warranty by doing so. You might even damage or brick your device, so ask yourself if the benefits outweigh the risks, because after proceeding you are pretty much on your own.
What is it?
It's a slightly modified stock recovery that allows to install packages signed with testkeys, plus adb root access and busybox for e.g. shell. That's it.
What can you do with it?
- adb root & shell access (e.g. to manually backup partitions or modify system files)
- install update zips signed with testkeys (e.g. SuperSU) in addition to original Yota Devices software
- root your device
What can it NOT do?
- probably can NOT install unsigned zips (must be signed by YD (like fota update zips), OR signed with standard testkeys)
- no fancy features, just boring AOSP stock recovery as included in stock firmware
- installing of apks/zips only through adb sideload, not from (emulated) SD card
What do you need?
- YotaPhone 2 (YD201) with Lollipop 5.0, I used firmware 1.39 YMMV with other versions
- Some technical confidence
- USB cable with a PC or laptop on one end
Steps overview:
1) First read the whole post to understand what's going to happen
2) backup (sync stuff, copy photos off, use a backup app etc, use search if unsure how to)
3) Unlock the bootloader
4) Install adb and fastboot if not yet installed. (For Windows look e.g. here, for linux the fastest is probably to install Android SDK with platform tools, see here If this is not enough info to get you started, please use xda search!)
5) Download recovery image: yd201_reco_139_testkeys_v01.img
6) boot the recovery image
7) root the device by sideloading SuperSU,
Unlocking bootloader:
Warning 1: It is currently not known how to re-lock the bootloader. (fastboot oem lock just hangs). This means you cannot completely undo the next step as of yet. This might have consequences for sending the device in for repairs, if they check for this, and deem it a (warranty) problem.
Warning 2: on some devices unlocking the bootloader wipes the device clean to factory defaults. I didn't see this happening on my YD201, but be warned, backup first!
On Linux:
Code:
sdk/platform-tools$ sudo ./fastboot oem unlock
...
OKAY [ 0.002s]
finished. total time: 0.002s
On Windows:
Code:
C:\android-sdk-windows\platform-tools>fastboot oem unlock
...
OKAY [ 0.002s]
finished. total time: 0.002s
Maybe Windows will install some extra drivers in the process.
BOOT the recovery image:
a) First: put the device in fastboot/download mode:
method 1: Power off with USB cable disconnected, then hold volume down key while inserting USB cable (which should already be in your PC on the other end).
method 2: do a
Code:
adb reboot bootloader
You should see a black screen with a tiny white: downloading...
b) boot the recovery image:
On linux:
Code:
sdk/platform-tools$ sudo ./fastboot devices
Should show a connected device in fastboot mode, then proceed:
Code:
sdk/platform-tools$ sudo ./fastboot boot <path>/<to>/yd201_reco_139_testkeys_v01.img
Where <path>/<to>/yd201_reco_139_testkeys_v01.img is the path you downloaded the image file to (e.g. ~/Download/yd201_reco_139_testkeys_v01.img)
On Windows:
copy the yd201_reco_139_testkeys_v01.img file to the folder with fastboot.exe (here assuming C:\android-sdk-windows\platform-tools, and D:\downloads as download location for the img)
* snippet below is fabricated, but you get the idea
Code:
D:\>C:
C:\>cd C:\android-sdk-windows\platform-tools
C:\android-sdk-windows\platform-tools>fastboot.exe devices
Should show a connected device in fastboot mode, then proceed:
Code:
C:\android-sdk-windows\platform-tools>copy D:\downloads\yd201_reco_139_testkeys_v01.img . [i]note the dot at the end[/i
C:\android-sdk-windows\platform-tools>fastboot.exe boot yd201_reco_139_testkeys_v01.img
Hopefully you see the screen go completely black after a few seconds, and recovery menu will appear. Like stock recovery, it will show an error (E:Cannot load volume /misc) but you can ignore that, along with the 'error' triangle icon that goes with it.
If booting fails with a signature error, the bootloader is probably not properly unlocked, try again.
Note that this recovery image could be flashed too (I haven't actually tried to flash yet), but if you're cautious (as we are in this post) you can just boot it every time you need it.
SuperSU flashing:
1) download Chainfire's SuperSU flashable zip from this page, filename is:UPDATE-SuperSU-v2.46.zip
2) Assuming you're still in custom recovery, otherwise boot into custom recovery again as outlined above
3) choose "apply update from ADB" from the menu (choose with volume up/down keys, confirm with power key). Recovery now waits for a file.
4) on the connected PC:
on Linux:
Code:
sdk/platform-tools$ adb sideload <path>/<to>/UPDATE-SuperSU-v2.46.zip
on Windows:
Code:
D:\>C:
C:\>cd C:\android-sdk-windows\platform-tools
C:\android-sdk-windows\platform-tools>copy D:\downloads\UPDATE-SuperSU-v2.46.zip .
C:\android-sdk-windows\platform-tools>adb.exe sideload UPDATE-SuperSU-v2.46.zip
5) on the phone you should see SuperSU installing.
6) reboot when done
7) if SuperSU app is not visible in launcher, download & install SuperSU from playstore.
To verify if rooting worked, start SuperSU. If that looks OK, start an app that requires root (like e.g. betterbatterystats) or use a simple checkroot app from the store. Reboot and check again if it persisted.
NOTE: you could also FLASH this image, replacing the stock recovery on the recovery partition permanently (until you flash again). Above we're just BOOTing it once, next time entering recovery in the standard way will just load the stock recovery from the recovery partition). You would use fastboot flash instead of fastboot boot above. Flashing is UNTESTED.
Problems & FAQ
Q: It doesn't work!!1!
A: Please provide plenty of detail about error messages, which step, what versions etc. Without providing any detail you'll look silly.
Q: I don't know how to <backup/adb/download/reboot/flash>
A: Please use the search button, xda forums have lots of info
Q: How can I tell if I'm in stock recovery or modded stock recovery? They look the same!
A: The Droid error icon with the triangle in the centre of the modded recovery screen has some white text (yd201_cr0.1), the stock one doesn't.
Future development
I hope that there are some devs out there willing to work on the YotaPhone 2 in the near future. I'll try to tinker a bit every now and then, but I cannot promise anything as I'm no expert. To enable proper development of custom ROMs and better recoveries (e.g. TWRP) it would be great if Yota Devices released their Kernel sourcecode for the kernel they use in their YotaPhone 2 ROMs. I know they have been asked to release sources before (and they should in order to comply with the GPL license), but so far without response.
Good news is that You Can Help! Please stimulate Yota to publish Kernel sourcecode for YotaPhone 2 through their support page (hint: choose 'sales' as category, otherwise you'll have to enter lots of details. Be polite!).
Info::
Mod by: SteadyQuad
Version: 0.1 based on YD stock recovery 5.0 1.39 EU
Thanks to: Yota Devices for a great device, Jeopardy for testing and suggestions, Chainfire for SuperSU
Created: 2015-06-10
Last Updated: 2015-06-20 (added warning about current inability to re-lock bootloader)
As SteadyQuad already mentioned, I can confirm that this method works.
Bye bye Google Newsstand! Goodbye Google Books!
(When uninstalling system apps Lollipop handles a bit differently from Kitkat, and I had to always restart the device after deleting.)
Thank you very much for your effort SteadyQuad.
Allelujah!
Thanks SteadyQuad for this great job! It works like a charm!
:good:
Anybody tried to install xposed module on rooted Yotaphone2? (alpha 4 modules)?
I think it little bit risky that's why I'm asking...
Or maybe somebody know how to make a full backup Yotaphone (like in CWM)?
Thanks in advance again for a really great job!
zencooler said:
Allelujah!
Thanks SteadyQuad for this great job! It works like a charm!
:good:
Anybody tried to install xposed module on rooted Yotaphone2? (alpha 4 modules)?
I think it little bit risky that's why I'm asking...
Or maybe somebody know how to make a full backup Yotaphone (like in CWM)?
Thanks in advance again for a really great job!
Click to expand...
Click to collapse
I haven't tried testing xposed yet, but am planning to sooner or later.
Running that custom recovery we do have root level access to everything, so it should be possible to create a backup from there with the help of a computer. Have to look into this.
the recovery download doesn't work.
EDIT : it worked on laptop
How about somebody can compile a TWRP recovery because Yotaphone has posted there SDK ?
So we can make Nandroid backup.
a question : if you can modify stock recovery,
can't you compile from TWRP source and yotaphone SDK a TWRP recovery for the yotaphone 2 users ?
just my 2 cents, i evenly willing to pay for it
Gojira-r32 said:
a question : if you can modify stock recovery,
can't you compile from TWRP source and yotaphone SDK a TWRP recovery for the yotaphone 2 users ?
just my 2 cents, i evenly willing to pay for it
Click to expand...
Click to collapse
I think if we all contribute to twrp and request them they might make us one
Sent from my YD201 using Tapatalk
Can the bootloader be re locked And can the root be removed for warranty purposes
Sent from my YD201 using Tapatalk
Yes
Fastboot oem lock
Gojira-r32 said:
Yes
Fastboot oem lock
Click to expand...
Click to collapse
If the recovery image is modified don't we flash back to stock before oem lock
Sent from my YD201 using Tapatalk
Good work. A pity Xposed framework isn't compatible yet.
Sent from my YD201 using XDA Free mobile app
dai75 said:
Good work. A pity Xposed framework isn't compatible yet.
Sent from my YD201 using XDA Free mobile app
Click to expand...
Click to collapse
Xposed framework isn't FULLY compatible, but many features already work. See SteadyQuad's thread here
adamo86 said:
Can the bootloader be re locked And can the root be removed for warranty purposes
Sent from my YD201 using Tapatalk
Click to expand...
Click to collapse
I haven't been able to re-lock it when I last tried (fastboot oem lock just hung). If anyone did succeed to lock, let us know! (Gojira-r32: did you actually execute the fastboot oem lock?)
I also failed to lock it back . I wanted to install the new update 1.44 that arrive in France but it failed at the recovery stage. E:Error in cache/update/yota....zip (status 7)
I did a wipe cache partition but not a wipe data as I don't want to lose all my settings. Anyone achieved to install the new Yota update version? And then root?
I just updated to latest update in UK. But I tried Kingo no success still.
Sent from my YD201 using Tapatalk
and the first post with flashing S%U tru modified recovery ?
is this firmware somewhere to download?
still not yet on yota FTP
Has anyone the stock recovery image? Maybe I'll achieve to get the OTA update after unrooting my YD201 with the original stock recovery firmware.
i am doing that right now, unroot, flash stock recovery, i have the OTA 1.1.44 pulled out of phone after download and will try to flash it
stock recovery, boot, sustem img, unrooted, everything tried
also got other build, fixed that.
now yotaphone is completly stock and get :
error in update zip "status 7"
so i think this update is no good, some faults in it, that's why we can't flash it yet, also chaged some things in OTA and resigned it etc... no good
Gojira-r32 said:
stock recovery, boot, sustem img, unrooted, everything tried
also got other build, fixed that.
now yotaphone is completly stock and get :
error in update zip "status 7"
so i think this update is no good, some faults in it, that's why we can't flash it yet, also chaged some things in OTA and resigned it etc... no good
Click to expand...
Click to collapse
Did you try to flash the OTA update via adb sideload in the modified recovery? I'm having the same problem.
Edit: I just tried to flash the update via adb sideload - no joy. I got the following error:
Package expects build fingerprint of YotaPhone/yotaphone2/yotaphone2:5.0/LRX21M/5.0.0-EU1.1.39:user/release-keys or Yotaphone/yotaphone2/yotaphone2:5.0/LRX21M/5.0.0-EU1.1.44:user/release-keys; this device has Yotaphone/yotaphone2/yotaphone:5.0/LRX21M/5.0
E:Error in /sideload/package.zip
(Status 7)
I also tried resigning the package with testkeys, but that didn't work either. Same error. So something has changed in the rooting process, because some people in the forum have managed to update normally, presumably on their nonrooted devices.
Moderators could not provide any evidence
I believe this is why the bootloader is locked is my phone. The cid says it's a Verizon but it's also a project fi and carrier unlocked Google Pixel XL. Is there anyway to modify the boot image so it's RO.BOOT.FLASH.LOCKED=0 I believe that will unlock the bootloader if there was just a way to modify it so you could sideload the modified boot through stock kinda like how you could modify the boot images of Samsung devices and flash them in Odin through the stock bootloader. Any thoughts.
Who would be interested in trying this I modified the boot image in the ramdisk so you can turn oem unlock on and unlock the bootloader.. I didn't want to jump to link posting I wanna see who is interested. You have to sideload the boot image through the bootloader but it installs like it's official.. 32 gb pixel XL only this is the 8.1 dev preview boot image so you need to have 8.1 installed.
Links removed due to suspicious moderator activity and possible tampering with the links while they had them removed.
I really think a modified stock boot image which can be side loaded through the stock bootloader will solve the problem about the Verizon Google Pixel XL having a locked bootloader cause even if the bootloader is locked like it is now once you unlock it via a modified boot image it opens it up for flashing you wouldn't need some fancy tool which you'd have to run on a computer to unlock it or a oem unlock code you could modify the locked boot image to be the key into the bootloader.
What you thinking? You thinking support could be added for the Verizon Pixels once again I know there was development at one time but due to them patching the tool used to unlock the bootloader it stopped after a while well with this you could bring back development for it
We also wanted to make sure there was no central point of failure, where one industry player could restrict or control the innovations of any other. The result is a full, production-quality operating system for consumer products with source code open for customization and porting.
Google stated that on it's Android open source project right now with the locked bootloaders Verizon is basically restricting and controlling the innovations of how the device could be used and Google doesn't go with that that is why the Google store edition pixels are unlocked so I think setting the example that there's a permanent way to keep the Verizon bootloaders unlocked by modifying the boot images will show Verizon that they need to remove some policy's they have in place cause in the end as customers the old saying is the customer is always right.
Actually now that I think about it I can modify the ramdisk by unpacking the boot image and taking a text editer and going in then you can edit it to say 0 then repack it and flash it via side load i believe that's how you do it. I'm pretty sure I can do that. Doesn't seem too hard to do.
I am also seeing in the cid that there's RO.BOOT.OEM_UNLOCK_SUPPORT=0 it needs to be kept at RO.BOOT.OEM_UNLOCK_SUPPORT_0 I believe and the boot hardware is samsungs
This all started out as a question but I answered my own question. Plus it's nice to have a unlocked bootloader. Cheers.
Did anyone tried to unlock it ?
If you wanna see this cid information for yourself get the app called cid getter from the play store it doesn't have the best reviews but it at least gives you the right cid information and shows you how the bootloader was locked
user-67 said:
If you wanna see this cid information for yourself get the app called cid getter from the play store it doesn't have the best reviews but it at least gives you the right cid information and shows you how the bootloader was locked
Click to expand...
Click to collapse
did you start with an unlocked bootloader and were you also able to sideload the modified boot.img and then able to unlock the bootloader? also, is this on a VZW Pixel or XL?
user-67 said:
I really think a modified stock boot image which can be side loaded through the stock bootloader.....
Click to expand...
Click to collapse
You can't do that if the bootloader is locked.
Mod Message: OP could NOT provide photo/video evidence on it. Proceed at your own risk!
Click to expand...
Click to collapse
Who would be interested in trying this I modified the boot image in the ramdisk so you can turn oem unlock on and unlock the bootloader.. I didn't want to jump to link posting I wanna see who is interested. You have to sideload the boot image through the bootloader but it installs like it's official.. 32 gb pixel XL only this is the 8.1 dev preview boot image so you need to have 8.1 installed.
Never mind here's the link for pixel XL 8.1 dev preview https://drive.google.com/file/d/1ehXD2LVOBoRbs1EDh33nLyw7I0aRyOqH/view?usp=drivesdk
Here's the link for pixel 8.1 dev preview
https://drive.google.com/file/d/19xvVkadK79p6OLx5LePZSRA7V201ortd/view?usp=drivesdk
Here is the link for the pixel 2... 8.1 Dev preview
https://drive.google.com/file/d/1M-sgp33NTrrlS12SY0xLQxrec44ZejJl/view?usp=drivesdk
Bump
If you didn't know the part that controls oem unlocking is in the boot image. You can go crazy trying to break into the actual bootloader partition but you don't need all that.
I have a pixel (not xl) and i curious, if the bootloader is locked how can i sideload the boot.img?
Sideload is the install of a custom image what you have here is a modified custom boot image which install like it's stock so in terms sideload is what it is through the bootloader
When it comes to boot images I'm good at tweaking them here's a old project it was just a test build to see if it would actually work.
Custom adb root boot image with chainfires adbd kernel from adbd insecure as the phones adbd.. it has a few other tweaks and a custom permissive kernel and systemless root from chainfires supersu... the rsa fingerprint doesn't pop up when you connect a computer but it can be bypassed with adb in a custom recovery and found out if you use adbd insecure and let it patch chainfires adbd kernel it makes the phone as attached device in for adb devices instead of the plain unauthorized device and vendor keys not set. ... if you use it now you get adb root access and regular root access with the su binary but due to the rsa fingerprint not popping up you have to use adbd insecure until a recovery comes out cause it bypasses rsa fingerprint.. credits to come... to use adb root access you need a custom recovery with adb... adbd insecure app... adb on you're computer.... android sdk/android studio... java... boost mobile j7 running build f3 but you can just run systemless root until a recovery comes through. You can grab systemless root from here http://forum.xda-developers.com/gala...j700p-t3430185
And use it with the boot image.. but i just added systemless root patches to the boot image so all you have to do is flash the boot image.
user-67 said:
Who would be interested in trying this I modified the boot image in the ramdisk so you can turn oem unlock on and unlock the bootloader.. I didn't want to jump to link posting I wanna see who is interested. You have to sideload the boot image through the bootloader but it installs like it's official.. 32 gb pixel XL only this is the 8.1 dev preview boot image so you need to have 8.1 installed.
Nevermind here's the link https://drive.google.com/file/d/1ehXD2LVOBoRbs1EDh33nLyw7I0aRyOqH/view?usp=drivesdk
Click to expand...
Click to collapse
Will you be able to provide the boot image for Verizon pixel on 8.1? I would be interested in trying it. Thank you.
i definitely want to try this, i have the VZW Pixel, not upgraded to 8.1 yet, but will if this is made available for the pixel!
If you all give me a copy of your boot.img in Img format I'll do the ramdisk changes.. you can get a copy by downloading the factory image you want then on your phone go to the play store and get the app zarchiver then go in and open the factory image and copy the boot image into internal storage then hit the Google drive and post a link and I'll get right on it.
Hi,
I'd like to root my zenfone 2 laser (ze550kl z00ld). I've been trying to unlock the bootloader with the Asus app (version 9.0.0.3) for a few days but it fails every time as for many other users (can't post urls but several threads on asus zentalk forums). I can't find version 9.1.0.0 of the tool unfortunately. However, it looks like I could root the phone without unlocking the bootloader because I can use adb to reboot to fastboot mode (adb reboot bootloader from pc command line) as I have enabled developer mode with usb debugging and the computer is allowed on the phone.
Am I right to do this?
- download latest twrp recovery image for phone model (twrp-3.3.1-0-Z00L.img from dl.twrp.me) on computer
- connect phone to computer (linux OS) & reboot to fastboot mode
- flash twrp image via
Code:
flashboot flash recovery twrp-3.3.1-0-Z00L.img
from computer
- simultaneously reboot the phone from computer via
Code:
fastboot reboot
while simultaneously holding down the volume down key on the phone
- this should allow me to reboot into twrp recovery from which I can flash the supersu app zip dowloaded from supersu.com and copied from the computer onto the phone's sd card root
Does this seem correct to you? Is this likely to succeed or should I continue trying to unlock the bootloader?
Thank you very much!
DrWaste said:
Hi,
Does this seem correct to you? Is this likely to succeed or should I continue trying to unlock the bootloader?
Thank you very much!
Click to expand...
Click to collapse
Hello
You won't be able to install TWRP without unlocking the bootloader.
The official unlocking tool is very buggy, and pretty much useless since it never works.
I recommend you follow this unofficial method.
https://forum.xda-developers.com/ze...de-unlock-bootloader-asus-unlock-app-t3405850
You should be able to unlock the bootloader in less than 5minutes. Just enable adb, boot into fastboot and run the code available in that thread, and it should do the trick.
After unlocking, then you can install TWRP and then Magisk, if all you want is to have root.
Hello,
FHC1998 said:
I recommend you follow this unofficial method.
https://forum.xda-developers.com/ze...de-unlock-bootloader-asus-unlock-app-t3405850
Click to expand...
Click to collapse
There's something I don't understand. On the first message of that thread it says:
You MUST be rooted to use this method.
Click to expand...
Click to collapse
That can't work for me as my phone isn't rooted.
It says to follow other methods given in another thread to try to root the phone beforehand. I'd read all these threads before. There are three which give a guide to root the zenfone 2 laser ze550kl. One requires to first unlock the bootloader (feels like I'm going round in circles here...) and the other two link to a firmware patch which used to be hosted on mega.nz but aren't available anymore.
I'd love to go the easy way and unlock the bootloader first before flashing twrp recovery and then rooting, but it seems like that's just not possible because all the guides are obsolete, or am I missing something more subtle?
Thanks!
DrWaste said:
Hello,
There's something I don't understand. On the first message of that thread it says:
That can't work for me as my phone isn't rooted.
It says to follow other methods given in another thread to try to root the phone beforehand. I'd read all these threads before. There are three which give a guide to root the zenfone 2 laser ze550kl. One requires to first unlock the bootloader (feels like I'm going round in circles here...) and the other two link to a firmware patch which used to be hosted on mega.nz but aren't available anymore.
I'd love to go the easy way and unlock the bootloader first before flashing twrp recovery and then rooting, but it seems like that's just not possible because all the guides are obsolete, or am I missing something more subtle?
Thanks!
Click to expand...
Click to collapse
If I recall correctly, the root part is only used to make the partitions backup with adb shell.
The bootloader unlocking part (the two line code that goes "echo ....") doesn't need it.
I used this tutorial a long time ago, so take this info with a grain of salt.
The problem is that this phone is almost 4 years old now, so most links are not being updated or dead.
So it might be worth a shot trying to run that code without root. (By my understanding, root does not alter the fastboot binaries, so it should not be necessary).
In any case, I might have a backup of a patched system IMG somewhere on my computer. I'll try searching for it and if I find I'll upload it to you.
Hello,
FHC1998 said:
If I recall correctly, the root part is only used to make the partitions backup with adb shell.
The bootloader unlocking part (the two line code that goes "echo ....") doesn't need it.
I used this tutorial a long time ago, so take this info with a grain of salt.
The problem is that this phone is almost 4 years old now, so most links are not being updated or dead.
So it might be worth a shot trying to run that code without root. (By my understanding, root does not alter the fastboot binaries, so it should not be necessary).
In any case, I might have a backup of a patched system IMG somewhere on my computer. I'll try searching for it and if I find I'll upload it to you.
Click to expand...
Click to collapse
OK, I'll give a shot that way. If you do find the system image that would be cool.
Thanks.
Hello,
FHC1998 said:
If I recall correctly, the root part is only used to make the partitions backup with adb shell.
The bootloader unlocking part (the two line code that goes "echo ....") doesn't need it.
I used this tutorial a long time ago, so take this info with a grain of salt.
The problem is that this phone is almost 4 years old now, so most links are not being updated or dead.
So it might be worth a shot trying to run that code without root. (By my understanding, root does not alter the fastboot binaries, so it should not be necessary).
In any case, I might have a backup of a patched system IMG somewhere on my computer. I'll try searching for it and if I find I'll upload it to you.
Click to expand...
Click to collapse
Nope, seems to require root to modify the hex value of byte 16 on the boot device (I presume that's what the command does, there's no man accessible via adb shell but that's what that dd command does on unix machines). I can't even, as normal user, list /dev/block or even /dev:
Code:
1|[email protected]_Z00L_63:/ $
count=1 seek=16 of=/dev/block/bootdevice/by-name/devinfo <
dd: /dev/block/bootdevice/by-name/devinfo: Permission denied
1|[email protected]_Z00L_63:/ $ ls /dev
/dev: Permission denied
Bummer, really hoped it would work. Back to unlocking the bootloader via the buggy Asus app it seems, or chucking the phone out of the window maybe...
Thanks for your help anyway :good: