All,
Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.
@beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This tool is based off the research of @ryanbg . This makes the process all the simpler for developers to understand/port functionality!
I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of, though, it still could work, I need a tester, PM me, or Telegram me @npjohnson), and many, many other devices form a variety of manufacturers..
How does this apply to you?
The Note 4 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.
How can you help this progress?
You can't.
Currently, the CID writes 'successfully', and persists across reboots, but one of the registers isn't fully flushed. I am working on a module that will flush the register and allow for the Developer Edition Aboot to be flashed via ODIN.
Now, you may ask "How could we load modules, I thought that was impossible?", the short answer is, it is. At least, without what we found (or, rather, stumbled across).
We have the device kicking into Developer Edition using the CID write, and a hardware modification, which we stumbled across (demo: here, credits to @PaulPizz for spending late nights testing the various things I would throw at him, and having the balls to do some dangerous stuff that I personally believed would permanently brick his device). This method is volatile, dangerous, and quite honestly, shouldn't work. When I am confidently able to prove how it works, I will release details on my blog: here. Until then (shouldn't be more than a month, but as always, this is a free time project, and could be put on hold for real life, as I am busy with Cyber Security competitions).
What will most likely be the course of action once I release:
- Change CID to a provided Developer Edition CID
- Use hardware mod to flash/boot the custom kernel I have build to enable module loading (or maybe I'll build the function into the kernel itself, haven't decided yet)
- Either load the module, or call the function (if the latter, I'll write a binary to do so)
- Revert the hardware mod
- Flash Developer Edition Aboot via ODIN
This should be bootloader version agnostic, but, as always, beware updates, and, I'd stay away from any incoming MM updates on all locked carrier variants if you want to retain the ability to use this. If Samsung can update the eMMC firmware using those vendor commands, they can sure as heck change them the same way. Then the ability to do this goes away entirely.
You may be asking, "Can I donate to progress?"
Well. Sort of. Beaups asked that all donations go to the Make a Wish Foundation, or @ryanbg (as he is getting hitched , may you forever 'make cooking' Ryan! Haha.).
If you'd like to donate to me, know that it is not for the CID write, but instead, the work and research put into getting this all worked out for this device. I will also be dividing any donations sent to me with my tester, as he has spent a fair bit of time on this, as have I.
@npjohnson I have two devices s4 and note 4 both from Verizon, I'm in Brazil right now so I don't know if it makes a difference but I'm able to use temporary root in my note 4 so if you want any help give me a shot, I'm not a developer but engineer so any you need from me to get this rooted count me
OMG Could it be?
npjohnson said:
All,
Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.
Beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This makes the process all teh simpler!
I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of), and many, many others.
How does this apply to you?
The Note 4 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.
How can I help this progress?
I need a few thing to make this work:
- A few testers with Production devices, and root (temp-root should work fine) -- I will contact these people individually, do not ask here to test.
- One person with a Developer Edition that has root (need an aboot dump, and them to run one command).
If any of you know of someone with a Developer Edition, please get them in contact with me. I can be reached on Hangouts, or on Telegram (@npjohnson).
PLEASE do not post your CID publicly.
Click to expand...
Click to collapse
So you are saying this might be a path to perm root?
kerfex said:
So you are saying this might be a path to perm root?
Click to expand...
Click to collapse
Not only root but unlock bootloader please encourage anyone to help
The android gods have sent us a miracle
---------- Post added at 12:30 PM ---------- Previous post was at 12:29 PM ----------
I have a locked Verizon note 4 I'm willing to help
@npjohnson Im willing to help. I have been around the block a few times testing for other developers. I am on 5.1.1 and can hold temp root with Kingroot for about 15 minutes.
Edit: I can role back to 5.0 if needed.
@npjohnson
I believe these are some note 4 developer files. Hope this helps
https://www.androidfilehost.com/?w=files&flid=28873
@Venom0642 - Awhile back I think you said you had a developer addition note 4. Do you still have one? Can you help?
howellcp said:
@Venom0642 - Awhile back I think you said you had a developer addition note 4. Do you still have one? Can you help?
Click to expand...
Click to collapse
Sorry mate look at my Sig i been on Note 5 since it came out, so i don't have any Note 4.
Running On Samsung Galaxy Note 5 N920A Wicked Deadly Venom Theme
also willing,
have a retail Verizon,
on LP but can roll back to kk
I have a dev ed Note Edge BUT I bought it used and the previous owner blew retail firmware into it, so aboot is destroyed. Strange thing, though, I'm able to get perm root with the latest kingroot on 5.1.1.
If that's useful to you, I'm down if you're down!
h00rj said:
I have a dev ed Note Edge BUT I bought it used and the previous owner blew retail firmware into it, so aboot is destroyed. Strange thing, though, I'm able to get perm root with the latest kingroot on 5.1.1.
If that's useful to you, I'm down if you're down!
Click to expand...
Click to collapse
If you have a backup of that old aboot, then yes. Feel free to jump in on the thread I added in the Note Edge XDA forum.
kerfex said:
So you are saying this might be a path to perm root?
Click to expand...
Click to collapse
Bootloader Unlock, so yeah, permanent root, though, I don't know if write protection will still be active, but we can hope.
PaulPizz said:
@npjohnson
I believe these are some note 4 developer files. Hope this helps
https://www.androidfilehost.com/?w=files&flid=28873
Click to expand...
Click to collapse
It would... if you knew whose aboot that was, and they were around to dump their CID. Track them down, then we'll talk.
@morgej, please see original post.
Just out of curiosity, correct me if this is lame thinking or not worth trying but would it be possible to change the cid to turn the device into lets say another variant in order to utilize something like CROM.apk or to odin another variants tar files to oem unlock a device?
elliwigy said:
Just out of curiosity, correct me if this is lame thinking or not worth trying but would it be possible to change the cid to turn the device into lets say another variant in order to utilize something like CROM.apk or to odin another variants tar files to oem unlock a device?
Click to expand...
Click to collapse
You could, but the device 99% wouldn't boot.
Plus, you do realize developer editions are unlocked? Why would you want to flash to another variant to oem unlock? Literally the same thing.
Rom-Addict said:
also willing,
have a retail Verizon,
on LP but can roll back to kk
Click to expand...
Click to collapse
Please Hangouts message me if you have adb set up, and can use it.
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Zues532 said:
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Click to expand...
Click to collapse
1. I believe this will work. I tired to help but suck at adb now apparently.
2. No need to post if you don't believe. Just ignore
Zues532 said:
Alright guys, a new exploit is great, but let's not get our hopes up just yet. How many times have we had our collective hearts broken over situations almost exactly like this one?
I really really hope this turns into something useful, but for now, I'm assuming it's just a flash in the pan.
Click to expand...
Click to collapse
Well. Why don't you read the paper?
All devices that:
1. Use a Samsung eMMC (allows CID write)
&
2. A Developer Edition (allows you to supply a developer CID, and use their aboot)
Are vulnerable.
Question it if you will, but I am packaging things up as I write.
have adb setup but it's been awhile
Related
HI @all,
now that we have a FW for the device - is root possible?
All known root methods are not working.
BR
UserX10
Edit:
Solved -> Thanks you DooMLoRD
http://forum.xda-developers.com/z3-...58xx-cwm-based-recovery-6-0-4-7-root-t2890231
Delete.
Jeez.
People haven't even got their hands on the phone yet...
Be patient
Anyone wanna try Framaroot?
http://framaroot.net/index.html
framaroot does not work ...
Ok because I saw it posted on this blog and thought it would work. Strange!
plisk3n said:
Ok because I saw it posted on this blog and thought it would work. Strange!
Click to expand...
Click to collapse
Well, it says "tested on device" and is from 9/4, before the device was even unavailable. I'd be careful that apk isn't something more.
CollinsJ said:
Well, it says "tested on device" and is from 9/4, before the device was even unavailable. I'd be careful that apk isn't something more.
Click to expand...
Click to collapse
Yeah that's also the reason why I decided not to download it, I'll just wait till someone @ XDA finds a way to root the device. It's not like we'll die because our device isn't rooted for x weeks/months.
Weeks/months?! I would die! It's been a day and the amount of things I can't do is driving me nuts!
If you have an unlocked boot loader see what I say at http://forum.xda-developers.com/showthread.php?p=55709585. If you don't I think you'll be waiting for a while - someone needs to find an exploit and write the app/code needed to exploit it. This has become increasingly hard as Android has become more secure - before Towelroot AFAIK the Z1/Z2 was not rootable for a long time. You'd probably be waiting a similar length of time for the next big root exploit.
tilal6991 said:
If you have an unlocked boot loader see what I say at http://forum.xda-developers.com/showthread.php?p=55709585. If you don't I think you'll be waiting for a while - someone needs to find an exploit and write the app/code needed to exploit it. This has become increasingly hard as Android has become more secure - before Towelroot AFAIK the Z1/Z2 was not rootable for a long time. You'd probably be waiting a similar length of time for the next big root exploit.
Click to expand...
Click to collapse
Would it not be helpful to contact Sony themselves? They're increasingly developer friendly, these days. Maybe they'd be willing to offer pointers to root app developers?
mudnightoil said:
Would it not be helpful to contact Sony themselves? They're increasingly developer friendly, these days. Maybe they'd be willing to offer pointers to root app developers?
Click to expand...
Click to collapse
Well I know people at Sony and long story short: if you want root unlock the boot loader. Its as simple as that. You have to understand that while a root exploit looks nice to tinkerers its also a serious security issue which must be fixed - that is why many root solutions also patch the exploit they use after using it.
Does unlocking the bootloader require wiping the phone? I know this is required on the nexus phones. If it requires wipe then its the very first thing I'm doing once I get the phone out of the box.
Sent from my Nexus 5 using Tapatalk
tilal6991 said:
Well I know people at Sony and long story short: if you want root unlock the boot loader. Its as simple as that. You have to understand that while a root exploit looks nice to tinkerers its also a serious security issue which must be fixed - that is why many root solutions also patch the exploit they use after using it.
Click to expand...
Click to collapse
I'm aware of this ... but on the one hand being one of the few if only manufacturers to provide official unlocking for the bootloaders (with the obvious intention of spurring development etc), but on the other actively closing non-simple (i.e. ones requiring a dedicated program) root 'exploits' would seem a little at odds. Is it really that black and white? You'd think it might be in their interests to provide an official complex / secure rooting method.
sublimnl said:
Does unlocking the bootloader require wiping the phone? I know this is required on the nexus phones. If it requires wipe then its the very first thing I'm doing once I get the phone out of the box.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Yes. It will wipe everything AFAIK - double check with the website.
mudnightoil said:
I'm aware of this ... but on the one hand being one of the few if only manufacturers to provide official unlocking for the bootloaders (with the obvious intention of spurring development etc), but on the other actively closing non-simple (i.e. ones requiring a dedicated program) root 'exploits' would seem a little at odds. Is it really that black and white? You'd think it might be in their interests to provide an official complex / secure rooting method.
Click to expand...
Click to collapse
Your statements contradict themselves. Rooting without unlocking the bootloader needs a security flaw. How can any method which leaves a security hole be secure?
Bootloader unlocking gets around this by letting you control the boot partition of the device so you can disable the "security barrier" that android provides. This is a choice you are explicitly making which is why it is the only "secure" way to root.
Does towelroot work?
MrOeyta said:
Does towelroot work?
Click to expand...
Click to collapse
Unfortunately Towelroot does not work.
I've read some people saying that unlocking the bootloader causes you to lose your DRM keys which apparently would affect software/ camera issues?
Can anyone verify this?
tacocats said:
I've read some people saying that unlocking the bootloader causes you to lose your DRM keys which apparently would affect software/ camera issues?
Can anyone verify this?
Click to expand...
Click to collapse
This is very true. On the z1c I neglected to back up the TA partition. And apparently lost native mirror cast and some camera features when I rolled the device back to stock.
Back up your TA partition before unlocking BL.
dillalade said:
This is very true. On the z1c I neglected to back up the TA partition. And apparently lost native mirror cast and some camera features when I rolled the device back to stock.
Back up your TA partition before unlocking BL.
Click to expand...
Click to collapse
Any idea how this could be done?
Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x here.
This is an article that talks about working with the new sahara protocol the Moto E uses. The qdloader used for the moto x is an older protocol.
Good luck!
jahrule said:
Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x here.
This is an article that talks about working with the new sahara protocol the Moto E uses. The qdloader used for the moto x is an older protocol.
Good luck!
Click to expand...
Click to collapse
This will be awesome.
Sent from my XT1528 using XDA Free mobile app
jahrule said:
Hi,
If people would like to figure out how to get the xt1528 out from QDL mode then I will provide a method for PERM root and xposed as we did for the moto x
Click to expand...
Click to collapse
How did you get it into the QDL mode?
fire3element said:
How did you get it into the QDL mode?
Click to expand...
Click to collapse
You get into it by soft bricking your phone. But you can't get out until someone can do the procedure above. I am sure it is trivial using qfil but I run Linux solely and am not in a rush just giving a helping hand to someone here if they want to put a little effort in.
jahrule said:
You get into it by soft bricking your phone. But you can't get out until someone can do the procedure above. I am sure it is trivial using qfil but I run Linux solely and am not in a rush just giving a helping hand to someone here if they want to put a little effort in.
Click to expand...
Click to collapse
I am ready to get the ball rolling on this. This phone needs root at the least, since the bootloader is locked (thanks to Verisucks). I will PM you.
fire3element said:
I am ready to get the ball rolling on this. This phone needs root at the least, since the bootloader is locked (thanks to Verisucks). I will PM you.
Click to expand...
Click to collapse
Pm responded
How's it going?
I can help with this as well. I have my XT1528 on standby. Don't have much dev experience with Android, but I can sure try.
Unless you are willing to stare endearingly at a shiny paperweight that once was your phone, I don't think anyone can do much to help.
To sum this up for new eyes wondering where this might be headed:
Motorola (along with many of the other major phone manufacturers) have removed the ability to load QDownload mode manually. Apparently, the XT1528 along with many newer devices, is now running a new protocol for the diagnostic port. (and there is more than one way the port can be present/active, to further complicate things)
Please do not ask me to explain. I am just barely beginning to understand this stuff myself.
As of right now, the only known method to get our Verizon 2nd gen Moto E into QDL is to actually BRICK the device. At which point the phone will resort to the next level down, since it can not boot properly.
So unless you are willing to intentionally brick your phone to advance this cause... I am afraid that you can not do much.
There is also the looming risk that the device can not be recovered if the new protocols are not figured out. I am treading in uncharted waters here.
Means you or I lost a phone and the $$$ spent on it. By another one and try again.
If you are adamant about wanting to help, click on the 2 links in the OP. @jahrule has posted information that tells us with direction to go.
And if you do not understand what is going on in either article........................................ maybe it is best left alone.
Not being harsh, just safer that way. I am having to figure this stuff out as I go too.
As for progress..? None. I am not intentionally bricking my phone until I gather enough info that will lead me to the conclusion that I can recover the device.
So goes without saying. BE NICE____DO NOT PESTER
@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
---------- Post added at 08:20 PM ---------- Previous post was at 08:15 PM ----------
neo4uo said:
@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
Click to expand...
Click to collapse
@jahrule
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?
jahrule said:
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?
Click to expand...
Click to collapse
No, we are not trying to mess with the bootloader. I do not think we even could. The ideal way to go about that would be to use the XT1526 Boost Mobile bootloader and modify it to fit the XT1528. Those 2 models are about the closest in hardware of all the variants. (and I have already tried working on this in the last few months with no progress)
I do not think that would work anyways.
What we are attempting to do here is inject root into the system partition after the kernel startup. After the OS is booted, and root is in place, it should become permanent from then on. At least until you delete, install over, or wipe the device.
The issue here is, there is no way to manually put the phone into QDL mode. (as I mentioned in my post above).
Once we are in QDL, there is no known way to get it out. If the flasher tool does not see/read the phone, there will be no way to recover since we can not flash files to fix what we had to break to get there in the first place.
See the paradox now? LoL
Personally, I can not afford to throw this phone to the gutter. Simply do not have that kind of money laying around. If you can stand to throw $50 into the wind, more power to you Bro
Give it a go, but don't be careless just for the sake of wanting to try something. (speaking from experience here)
UPDATE: I think I am going to hold off on this for now. Looks like the Stagefright vulnerability is going to lead to a new ROOT exploit.
This is bad news for android, but great news for those of us that have locked down devices. Please download the Zimperium StageFright Detector app from the play store to see if you device is vulnerable.
If it is, DO NOT TAKE ANY UPDATES till we get confirmation that a new exploit will benefit us or not.
My GoPhone moto e says it is vulnerable running 5.1 stock firmware
Sent from my MotoE2(4G-LTE) using XDA Free mobile app
fire3element said:
No, we are not trying to mess with the bootloader. I do not think we even could. The ideal way to go about that would be to use the XT1526 Boost Mobile bootloader and modify it to fit the XT1528. Those 2 models are about the closest in hardware of all the variants. (and I have already tried working on this in the last few months with no progress)
I do not think that would work anyways.
Click to expand...
Click to collapse
The bootloader is the same. This will help nothing.
fire3element said:
What we are attempting to do here is inject root into the system partition after the kernel startup. After the OS is booted, and root is in place, it should become permanent from then on. At least until you delete, install over, or wipe the device.
Click to expand...
Click to collapse
What we are trying to do is use qfil or blanflash qflash to recover from QDL mode and be able to write partitions from there.
fire3element said:
The issue here is, there is no way to manually put the phone into QDL mode. (as I mentioned in my post above).
Once we are in QDL, there is no known way to get it out. If the flasher tool does not see/read the phone, there will be no way to recover since we can not flash files to fix what we had to break to get there in the first place.
Click to expand...
Click to collapse
Issue is only recovering from QDL mode which is the goal see above. Getting the phone into QDL mode is very easy.
fire3element said:
See the paradox now? LoL
Personally, I can not afford to throw this phone to the gutter. Simply do not have that kind of money laying around. If you can stand to throw $50 into the wind, more power to you Bro
Give it a go, but don't be careless just for the sake of wanting to try something. (speaking from experience here)
UPDATE: I think I am going to hold off on this for now. Looks like the Stagefright vulnerability is going to lead to a new ROOT exploit.
This is bad news for android, but great news for those of us that have locked down devices. Please download the Zimperium StageFright Detector app from the play store to see if you device is vulnerable.
If it is, DO NOT TAKE ANY UPDATES till we get confirmation that a new exploit will benefit us or not.
Click to expand...
Click to collapse
Stagefright will get one system permissions not root permissions.
neo4uo said:
@fire3element
I got mine brand new off of Amazon for $48.00, if someone wants to sacrifice the 48 bucks? My note 4 just came in, so I might be willing to brick mine for the cause. I will do some reading where you posted earlier and see what I can do
---------- Post added at 08:20 PM ---------- Previous post was at 08:15 PM ----------
@jahrule
Are you proposing that we brick the phone and use an international boot loader with the Verizon modem to flash, since the boot loader would be corrupt it wouldn't be locked anymore?
Click to expand...
Click to collapse
I am proposing that you read the way CrashXXL achieved root on the moto x and we do the same
jahrule said:
Stagefright will get one system permissions not root permissions.
Click to expand...
Click to collapse
Surely I am not misinterpreting what I am seeing here.
https://www.youtube.com/watch?v=PxQc5gOHnKs
Looked for a video of Josh's DefCon presentation, but could not find one. So either he has not presented yet, or no one had uploaded the vid at this time.
Here is an excerpt from the Zimperium blog:
" 2. Zimperium Research Labs (zLABS) will release a video later this week with a Stagefright RCE demonstration. Several large carriers requested that we delay the release of our working exploit. We agreed, given the gravity of the situation. Unfortunately, because the patches are open-source [1, 2], many researchers are already working on creating an exploit. We are planning to release our exploit on August 24th, 2015. However, if an exploit is publicly released or attacks are detected in the wild before that date, we will release ours for testing purposes at that time. "
and
" 6. Josh will present the full details of his research at Black Hat on August 5th or DEFCON on August 7th. We invite you to join us! "
Hopefully this is the new exploit we have all been waiting for. I know that I need to move away from my current device because of hardware issues, however I can not do that until I root this device. More info is sure to come in the next few weeks
jahrule said:
The bootloader is the same. This will help nothing..
Click to expand...
Click to collapse
I should have clarified myself. My attempt was to replace the Verizon "locked" bootloader withe the Boost "un-locked" bootloader.
Again, I do not think it will work. However, if the flasher tool will actually work with this phone, then I suppose it would not hurt to try it. If it does not work, simply flash your backup of the original BL.
Is it possible to flash 5.0.1 back after you update? or remove any update..? Hahaha I updated mine for stagefright without thinking. Diddnt know untill i checked it & found it wasnt vunarable. I know it was before.. Ugh. Carelessness on me behalf.
Hey guys, I have this phone as well as the htc desire 526 pp and they are both just laying in a drawer. I bought them when I couldn't afford a real replacement for my broken nexus 6 and now that I don't need either I would be more then willing to sacrifice mine for the sake of helping out. Plus if it works then the phone is rooted, negative if I can't use it I can free up some drawer space. Not a big loss either way as the screen is too small for my liking. Very nice phone otherwise just not enough space or screen.
So just a quick little update on this.
I purposely bricked another Moto E and was able to get it to show up in the Device Manager as QCOM_BULK (not the exact wording, I forgot) . This required me to flash a bad Bootloader to get the device to fail to turn on, thus kicking it into the fall back mode. I tried flashing all other partitions to make the phone go into the BULK mode. None worked except for the bootloader.
Could not get anywhere with it. We need some specific files to flash in order to get the device rooted or bootloader unlocked. Its not just a few files either, and they have some weird extensions.
I ended up taking the device back and getting something else. Just don't have time to keep playing with it. Someone smarter than me could probably get it done with not a whole lot of effort.
Sorry guys. I tried with my limited knowledge and skills.
Since you have abandoned this project, do you think you could PM me any/all info you have? I would like to take a stab at this.
Steve_xposed said:
Since you have abandoned this project, do you think you could PM me any/all info you have? I would like to take a stab at this.
Click to expand...
Click to collapse
I too would like to see the process, in order to enter QDL mode, I LITERALLY have no use for this phone as it is damaged but still boots and can use screen
I am willing to Develop & Create a Method for the Locked Bootloaders of our Devices to be able to use ROMs, Kernels, Recoveries & also SuperCID ( Needed For Network Unlocking )
My one is not applicable for unlocking the bootloader, therefore i need a few files from another unlocked device to work with...
Right now, I am using the Modded Firmware SU4-21 Multilingual provided by @CrashXXL on my Droid Ultra.
Users, Developers & Modders Please Respond as i need the files real quick!!
Here's what i need...
mmcblk0p5 ( aboot )
mmcblk0p18 ( modemst1 )
mmcblk0p19 ( modemst2 )
mmcblk0p29 ( cid )
These are the files needed for my work from an unlocked device
Now how do i get them??
Here's the command-line(s) you need to follow in order to get those files out of your device...
Open Ternimal or CMD on your Computer and do as the following..
Guide for SuperCID in-case if you don't have it in your system... ( Needed for my work )
Just follow this guide over here...
http://forum.xda-developers.com/showthread.php?t=2317536
Click to expand...
Click to collapse
Code:
adb shell
su
dd if=/dev/block/mmcblk0p5 of=/sdcard/mmcblk0p5
dd if=/dev/block/mmcblk0p18 of=/sdcard/mmcblk0p18
dd if=/dev/block/mmcblk0p19 of=/sdcard/mmcblk0p19
dd if=/dev/block/mmcblk0p29 of=/sdcard/mmcblk0p29
Now simply copy mmcblk0p5 , mmcblk0p18 , mmcblk0p19 & mmcblk0p29 from the root of your sdcard to your computer or just make a zip file including them, upload & give me the link
@Tanzior @Jaocagomez @Franzie3 @CrashXXL @CrazyRussianXDA @aviwdoowks @Al936 @Crossvxm @summer.cat @Topsnake
I've check all the works, roms, guides, mods and everything done by you people, see my thread and please respond asap
I might get you the files, I still have the droid maxx unlocked laying around, I'm not in home but I'll post it later
Enviado desde mi D6603 mediante Tapatalk
Thanks in Advance
Jaocagomez said:
I might get you the files, I still have the droid maxx unlocked laying around, I'm not in home but I'll post it later
Enviado desde mi D6603 mediante Tapatalk
Click to expand...
Click to collapse
1 The Motorola SuperCID is no concept, it is not HTC
2 unlock bootloader stored qFuse 428/00000001
3 Secure On be stored at a different address in the same qfuse
4 qfuse access can be obtained only through TZ that is very well protected
I feel as if everyone is ignoring this thread, it has been too quiet here
JH1108 said:
I feel as if everyone is ignoring this thread, it has been too quiet here
Click to expand...
Click to collapse
I think Crashxxl's comments crashed our hopes.
I for one appreciate the concept but, considering nobody has ever gone to this way of potentially doing it means it's basically not going to happen but who knows, small miracles happen from time to time.
Wish I could be of some help. The only idea other I can think of is to find a way to let the phone RSD flash SU4-21 so we can unlock it. Sorry I'm not a dev. It's something I want to get into. Just don't know how or where to start...
Great idea
this is a great idea of copying the unlocked bootloader to locked phone how much progress you have achieved ?
hey what if I just go into the mmcblk0p5 and change these lines "Device_isLocked.status code=0"
"Device_isUnlocked.status code=1" "Device_isLocked.status code=2" and "Device_isUnlocked.status code=3" knowing that 0 and 2 obviously are codes for bootloader being locked and 1 and 3 being code for bootloader unlocked what if I make all code values to 1 and 3 only to trick the device into thinking it is unlocked??? Probably not I'll probably end up in a brick or bootloop. I'm just so anxious to have my bootloader unlocked I'll try anything. If this doesn't work I will probably reflashed through Rsdlite and retry a different process. Owell wish me luck I guess
DROID_4_UsEr said:
hey what if I just go into the mmcblk0p5 and change these lines "Device_isLocked.status code=0"
"Device_isUnlocked.status code=1" "Device_isLocked.status code=2" and "Device_isUnlocked.status code=3" knowing that 0 and 2 obviously are codes for bootloader being locked and 1 and 3 being code for bootloader unlocked what if I make all code values to 1 and 3 only to trick the device into thinking it is unlocked??? Probably not I'll probably end up in a brick or bootloop. I'm just so anxious to have my bootloader unlocked I'll try anything. If this doesn't work I will probably reflashed through Rsdlite and retry a different process. Owell wish me luck I guess
Click to expand...
Click to collapse
Not sure if that will work but who knows, at this point it might be worth a try.
I too would love to have the bootloader unlocked on my Maxx but 4.4.4 is a hard nut to crack. The good thing about it is that Motorola/Lenovo phones are very hard to brick permanently. As long as you can get to fastboot, there is always a way to restore stock firmware. Wish you well. :good:
classic757 said:
Not sure if that will work but who knows, at this point it might be worth a try.
I too would love to have the bootloader unlocked on my Maxx but 4.4.4 is a hard nut to crack. The good thing about it is that Motorola/Lenovo phones are very hard to brick permanently. As long as you can get to fastboot, there is always a way to restore stock firmware. Wish you well. :good:
Click to expand...
Click to collapse
Would be strange that an android security expert like jcase would miss the fact that you could just change a few numbers to get the bootloader unlocked...
stealthllama said:
Would be strange that an android security expert like jcase would miss the fact that you could just change a few numbers to get the bootloader unlocked...
Click to expand...
Click to collapse
Also strange than an "android security expert" did not come up with the root method developed by @CrashXXL. Not knocking jcase at all, he does very fine work but there are lots of things that so called experts do not figure out otherwise they would be working for the major carriers to keep people like you and I from being able to root our phones or unlock our bootloaders.
Also, there are lots of things that I have accomplished with the different phones I have had that were the result of the efforts of developers and also non developers. And some things I just researched and learned how to do and some things with android I just figured out how to do through much trial and error. And that is my point. Some things concerning development are not learned except through trial and error. I won't knock @DROID_4_UsEr. At least he is trying, which is more than I can say for the carriers and the "experts", who have given up on KitKat 4.4.4.
Touche'
I stand corrected, the last thing I want to do is stop someone from trying something new and even maybe learning something! Sorry, maybe I was a bit cranky this morning because my bootloader i still locked
---------- Post added at 01:09 PM ---------- Previous post was at 01:04 PM ----------
stealthllama said:
Touche'
I stand corrected, the last thing I want to do is stop someone from trying something new and even maybe learning something! Sorry, maybe I was a bit cranky this morning because my bootloader i still locked
Click to expand...
Click to collapse
Backstory: I had an unlocked Maxx last week and I broke it.....the replacement is 4.4.4
I am feeling a little salty lol
stealthllama said:
Touche'
I stand corrected, the last thing I want to do is stop someone from trying something new and even maybe learning something! Sorry, maybe I was a bit cranky this morning because my bootloader i still locked
---------- Post added at 01:09 PM ---------- Previous post was at 01:04 PM ----------
Backstory: I had an unlocked Maxx last week and I broke it.....the replacement is 4.4.4
I am feeling a little salty lol
Click to expand...
Click to collapse
Thanks. I appreciate your humility. And I understand. I am ticked also that 4.4.4 is like Fort Knox. On serious lockdown.
4.4.2 was easily rootable and unlockable. And then came 4.4.4. So believe me, I feel your pain.
stealthllama said:
Would be strange that an android security expert like jcase would miss the fact that you could just change a few numbers to get the bootloader unlocked...
Click to expand...
Click to collapse
Well it turns out that there Qfuse and that is a hard security to break into. Hopefully somebody takes my idea into consideration and makes an exploit. Or I might just have to do it my self. Jcase has abandon the Droid Maxx bootloader. So anything you have questions about should be told to him about the bootloader project for the Maxx. I've asked him on the Network nodes about it and he told me they have paused the Maxx project. And focusing there attention to Htc devices for now ?
DROID_4_UsEr said:
Well it turns out that there Qfuse and that is a hard security to break into. Hopefully somebody takes my idea into consideration and makes an exploit. Or I might just have to do it my self. Jcase has abandon the Droid Maxx bootloader. So anything you have questions about should be told to him about the bootloader project for the Maxx. I've asked him on the Network nodes about it and he told me they have paused the Maxx project. And focusing there attention to Htc devices for now
Click to expand...
Click to collapse
I guess it makes sense that they are pausing work on the MAXX project. What I really need to do moving forward is do more research before I purchase my next phone. I used to never take these things into consideration when choosing and mostly looked at specs, price, etc..
stealthllama said:
I guess it makes sense that they are pausing work on the MAXX project. What I really need to do moving forward is do more research before I purchase my next phone. I used to never take these things into consideration when choosing and mostly looked at specs, price, etc..
Click to expand...
Click to collapse
I don't think the devs are going to give any more attention to the original droid maxx what with the droid maxx 2 making it's debut tomorrow. This is now a more than two year old phone and I think it has been given up on by the developers, who seem to be moving on to the newer phones, and understandably so.
With Marshmallow now here, 4.4.4 is considered a dinosaur and probably has been abandoned.
It is better to purchase an already unlocked phone, which is what I intend to do.
Then I don't have to wait ages at the mercy of the carrier for root/bootloader unlock.
classic757 said:
I don't think the devs are going to give any more attention to the original droid maxx what with the droid maxx 2 making it's debut tomorrow. This is now a more than two year old phone and I think it has been given up on by the developers, who seem to be moving on to the newer phones, and understandably so.
With Marshmallow now here, 4.4.4 is considered a dinosaur and probably has been abandoned.
It is better to purchase an already unlocked phone, which is what I intend to do.
Then I don't have to wait ages at the mercy of the carrier for root/bootloader unlock.
Click to expand...
Click to collapse
If only I could upgrade to a dev edition directly from Verizon for my next phone
I am not sure if that is possible. I have been thinking about getting off of Verizon, I would definitely have more options. There are a lot of new phones out there by smaller companies that would be great to play with, just not possible on Verizon. As an example, maybe one of those OnePlus 2's. I can't post the link but just do a search for it. Looks pretty snazzy.
With the initial root thread being shut down, could someone with specific news or ideas start up a new thread?
There are lot of frustrated people with the locked bootloader like me that would really welcome some news or progress on this, and it is difficult to imagine this happening without a specific thread on the subject.
PM the forum moderator and request the original thread be cleaned and reopened. Duplicate threads are not permitted.
Get over it.. locked bootloader means no root, nobody has found a way around this on any of the recent locked loaders
Sent from my SM-G935T using Tapatalk
jgodfrey82 said:
Get over it.. locked bootloader means no root, nobody has found a way around this on any of the recent locked loaders
Sent from my SM-G935T using Tapatalk
Click to expand...
Click to collapse
I could tell you are talking without no knowledge no wonder you have no thanks for helping out this community at all, ROOT COULD STILL BE ACHIEVED with a locked bootloader
Let's be careful with the comments - that is one reason the other thread got closed - especially after it gets reopened.
My bad with the get over it post. I struggled through never having root on N4 on att and just have accepted no root on s7e.. I know I'm an xda noob so no offense meant, I do actually have 8 thanks tho! ?
Sent from my SM-G935T using Tapatalk
This thread is going to get locked just like the last two.
v8dreaming said:
This thread is going to get locked just like the last two.
Click to expand...
Click to collapse
While nothing happening here - did some searches and if you want to be even more frustrated about the bootloader and root, look at the below from an Asian forum (translated by Google - not perfectly lol):
RECOMMENDATION
- SAMSUNGVN liability risks unlucky to
- Only applies to version Snapdragon Galaxy S7 Edge SM-G9350 code
- Loss of warranty when Unlock Bootloader to Root.
- No guarantee of confidentiality issues, personal information
- Knox will jump into 0x1
Files needed
- Odin 3.10.7: Fshare - Odin3_v3.10.7.zip
- Driver Samsung: Technical Documentation | SAMSUNG Developers
Download and install.
- CF-Root: Fshare - cf-root-g9350.zip
Proceed:
- In the Galaxy Apps -> Search software "CROM Service" -> Settings and proceed to unlock the bootloader.
- Shutdown. Boot into Download Mode by pressing hard (Vol Down + Home + Power)
- Check CROM Service line. If it can gauge lock, press Down + Home + Power Vol until the machine off completely and then unlock the normal boot as the first step. If it continues to unlock offline.
- Launch Odin 3.10.7, cable plug, extract the zip file is the file cf-root cf-root-g9350.zip-g9350.tar. Under PDA cf-root-file select g9350.tar
- Click Start -> PC reboot when done.
- Congratulations on your machine successfully root.
That is also a snapdragon model, Hope somehow we can get there with out 975T sometime.
I heard The lg g5 has a unlocked bootlader
Sent from my SM-G935T using XDA-Developers mobile app
will6316 said:
I heard The lg g5 has a unlocked bootlader
Sent from my SM-G935T using XDA-Developers mobile app
Click to expand...
Click to collapse
I have heard that too, but like many others, I have a 935T which we would like to make customizable.
Related to this - another casualty of the locked root thread is the activity of getting into TMo and Samsung's face through twitter and other avenues. Hopefully it is still going on, but without any means of communication on the matter in this forum - it may have just died.
Here are my two cents for those that have lost or are in the process of losing faith.
This is a very popular device. That goes without question.
This is a very popular forum. That too goes without question.
The T-Mobile forum is not the only forum with hopes of having an unlocked bootloader. Thus we can hope that there is someone out there (or perhaps even a team) that will stumble upon a solution. We all know that there are people experimenting with their own devices with known exploits and also using creativity and ingenuity in efforts of finding a new one. How many devices have been released with little hope of having root access? This is not the first. So many of you are doubtful and acting like you've been wronged by someone. I've been reading about members wanting to start class action lawsuits against Samsung for locking the bootloaders. But much of this is just talk until somebody does it. We have people stepping up to the plate constantly on trying to give you all what you want. Yet threads keep popping up which are no different from the ones that get closed for the same reasons yet all of which yield little to no results or even influence. The same tweets get sent, same calls get made, same e-mails sent, etc. Samsung, T-Mobile, Verizon, AT&T, etc all heard you! I heard you, you all have heard each other. For crap sake let it go already and just be patient! When somebody discovers a way then we can celebrate, look back on this day and remember at just how pathetic we were whining about not having root and some will even be kicking themselves in the butt for returning their phones. But then what? Oh... I know. The Galaxy S8 Edge will come out next year. Who wants to take bets that this all won't happen again? Honestly, I really don't care anymore. I just don't. I don't have root but I do have a damn good phone on a good network. Someday (hopefully soon) when I check this forum and see that root was discovered then I'll probably do it. No doubt that most of us will! But in the meanwhile, this isn't a forum for development anymore. This has turned into a group therapy session for those that feel victimized by Samsung (or whoever you want to point your fingers at.) Now... let me take my step off my soapbox and await all of the responses about how I'm wrong and a hypocrite or how I'm insensitive by hurting someone's feelings or even how my words are counterproductive to finding a resolution that you all seem to be losing sleep over. Guess what... I don't care about that either. I'm more frustrated about how everybody in this forum seem to be whining and crying about not having root than I am about having root access now. I can't log on without shaking my head at some of the comments that I read. Yet somehow, just like a horrible accident on the freeway, I can't help but gawk at the amazement of what I see which inevitably brings me back. I'll soon be at the point where when the time comes that I read "WE HAVE ROOT!!!" my first reaction will be cheerfully saying to myself, "Finally! People can stop whining and crying over it!" instead of the appropriate action of actually rooting.
I'll step down now. Thank you all for your time.
There is a lot of wining and complaining, but there were some hopeful pieces here and there.
I was hoping the Chinese 9350 Snapdragon was a path that might be followed. The specifics are beyond my skill set, but an am hoping if it is not a dead end that those for which it is not beyond theirs will be able to do something with it. I had tried the CROM system that had been posted over there but not surprisingly it would not work on this similar but different device.
So hoping the tread gets going again - and hopefully without the drama that get it shut down.
will6316 said:
I heard The lg g5 has a unlocked bootlader
Sent from my SM-G935T using XDA-Developers mobile app
Click to expand...
Click to collapse
Yeah. But the reviews are rolling in. Subpar seems to be the consensus so far.
Sent from my SM-G935T using XDA-Developers mobile app
gaww said:
- No guarantee of confidentiality issues, personal information
Click to expand...
Click to collapse
Wait a second. This implies there was a guarantee of personal information before. FU Samsung.
Quote:
Originally Posted by gaww View Post
- No guarantee of confidentiality issues, personal information
@rbiter said:
Wait a second. This implies there was a guarantee of personal information before. FU Samsung.
Click to expand...
Click to collapse
Funny - don't remember that quote above. - lol?
gaww said:
Quote:
Originally Posted by gaww View Post
- No guarantee of confidentiality issues, personal information
Funny - don't remember that quote above. - lol?
Click to expand...
Click to collapse
I think you misunderstood. I was being sarcastic. With unlocked bootloader was Samsung guaranteeing security? Doubt it.
s7 edge root
I have a hong kong g9350 and find it very difficult to find good info about root,,,,, i got some stuff from baidu forums but the barrier is its not english and even with translate,its hard work, i believe that they have rooted successfully i have the root file and apparently the bootloader is not locked..... presume is the word. but until i can find info after rooting i dont want to risk it yet... theres no follow up dont even know if theres a recovery included like twrp or cm one any one else know anything thanx
gaww said:
There is a lot of wining and complaining, but there were some hopeful pieces here and there.
I was hoping the Chinese 9350 Snapdragon was a path that might be followed. The specifics are beyond my skill set, but an am hoping if it is not a dead end that those for which it is not beyond theirs will be able to do something with it. I had tried the CROM system that had been posted over there but not surprisingly it would not work on this similar but different device.
So hoping the tread gets going again - and hopefully without the drama that get it shut down.
Click to expand...
Click to collapse
May be of help in Downloaded crom. Service off Chinese site. And it tells me I can install roms and bootloader unlocked I'll put it up on mega soon. Also have the CF auto root off same site but I'm apprehension because of language barrier and post root details
https://mega.nz/#!zYUWkTAA
Try that
Sent from my SM-G9350 using XDA-Developers mobile app
xmanz said:
May be of help in Downloaded crom. Service off Chinese site. And it tells me I can install roms and bootloader unlocked I'll put it up on mega soon. Also have the CF auto root off same site but I'm apprehension because of language barrier and post root details
https://mega.nz/#!zYUWkTAA
Try that
Sent from my SM-G9350 using XDA-Developers mobile app
Click to expand...
Click to collapse
The CROM lock does not exist on non-Chinese bootloaders
Samsung's Chinese handsets bootloaders have in 3 types of bootloader locks, the carrier lock, the CROM lock (which is enabled if the Chinese bootloader does not find the "KIWIBIRD" string written in the STEADY partition), and the reactivation lock, they are not carrier locked.
U.S. variants only have the Carrier and reactivation locks, there is no CROM lock to unlock on these devices (or any international variants either), U.S. variants are however carrier locked, the lock is hardcoded in the bootloader code (there is just no execution path to load an unsigned kernel on the consumer carrier locked variant bootloaders, there is no "lock" Qfuse anymore, the bootloader itself just has no carrier unlocking/locking support, it is always locked by design) and the bootloader is tied to the device ID, for example SM-G935F (which is One Time Programmable) and will refuse to run on anything but the device id that is hardcoded within it, obviously the bootloader is signed so you can't modify it, there is also a revocation mechanism involving Qfuses to make sure you can't downgrade to a vulnerable version (should one exist).
There are presumably Engineering versions of the bootloader that allow running unsigned kernels but those have not been leaked and they probably won't run on devices for which the production mode Qfuse has been blown (the device is in Engineering mode when that Qfuse is not set).
mathieulh said:
The CROM lock does not exist on non-Chinese bootloaders
Samsung's Chinese handsets bootloaders have in 3 types of bootloader locks, the carrier lock, the CROM lock (which is enabled if the Chinese bootloader does not find the "KIWIBIRD" string written in the STEADY partition), and the reactivation lock, they are not carrier locked.
U.S. variants only have the Carrier and reactivation locks, there is no CROM lock to unlock on these devices (or any international variants either), U.S. variants are however carrier locked, the lock is hardcoded in the bootloader code (there is just no execution path to load an unsigned kernel on the consumer carrier locked variant bootloaders, there is no "lock" Qfuse anymore, the bootloader itself just has no carrier unlocking/locking support, it is always locked by design) and the bootloader is tied to the device ID, for example SM-G935F (which is One Time Programmable) and will refuse to run on anything but the device id that is hardcoded within it, obviously the bootloader is signed so you can't modify it, there is also a revocation mechanism involving Qfuses to make sure you can't downgrade to a vulnerable version (should one exist).
There are presumably Engineering versions of the bootloader that allow running unsigned kernels but those have not been leaked and they probably won't run on devices for which the production mode Qfuse has been blown (the device is in Engineering mode when that Qfuse is not set).
Click to expand...
Click to collapse
Thank you I don't understand too much of the tech stuff. But mine isn't carrier locked as I'm in New Zealand. Crom tool says not lockedā¦.. And the baidu website has supposedly CF autoroot for g9350.. As I said I'm apprehensive to flash till better data comes availableā¦. Shall I link the site and if you can be bothered have a look-see please. Cheers
Sent from my SM-G9350 using XDA-Developers mobile app
DroidModderX has just uploaded a video of a 1-click program called Dr.Fone that supposedly can root a bunch of devices. He shows it working on a Verizon HTC 10. The T-Mobile S7 Edge is on the list of supported devices on the Dr.Fone website. The program is $29.95. Has anybody tried the program on our phones or can a dev chime in and either confirm or deny it's "legit-ness"?
I know the fact that it costs money may sound like a scam, but that's what I thought of Sunshine on my HTC M9 at first. Even with the U firmware and root, these devices are still way slower and have crappy battery life. I won't be happy until a good root method is released.
Just updated the TEK thread... I just got it... Pictures are proof, as is the weeks of sleep I am missing..... I have been working on a full Developer Takeover.. Changed the build type, user, thumbprint, keys, props, no TIMA or KNOX, Permissive, Cut the stock rom down to 700 mb and the system apps are GONE... not disabled... And so much more....
Let me explain the pic of a windows screen. That is Mr.MobileHelper... A very honest 3rd party chinese app... On the main page you get stats on your device. As you can see, there is a spot for root.. Before with straight leaked kernel, it would show up as NO for ROOT... No exploits were done with that kernel. It was factory... This has exploits... I, however am going with about 5 hours of sleep in two weeks, and ****ing don't recall the exact steps... I have a potential gold-mine here, and forgot where I put my mine'n pan! FML!
And I have no clue what a Dr. Phone is... where is this link? ****EDIT Found
and it may be nothing... but doesn't look or feel like nothing.. .This rom is smooter than the U is stock... It is the U... But MY U
Exciting news!
anonymoustl said:
And I have no clue what a Dr. Phone is... where is this link? ****EDIT Found
and it may be nothing... but doesn't look or feel like nothing.. .This rom is smooter than the U is stock... It is the U... But MY U
Click to expand...
Click to collapse
Your second pic shows ENG BUILD, the same that comes up with the ENG kernel. I'm suspect that the program you used only rooted with the ENG kernel, and it leads me to believe, OP, that the Dr.Fone program likely must do the same :crying:
Edit: looks like you can download a free version of the program to root with, without having to pay the 30$ I would gladly guinea pig this, but I need my phone for work tomorrow. If none brave enough by weekend, I'll give it a shot.
CaptainMorgan said:
Your second pic shows ENG BUILD, the same that comes up with the ENG kernel. I'm suspect that the program you used only rooted with the ENG kernel, and it leads me to believe, OP, that the Dr.Fone program likely must do the same :crying:
Edit: looks like you can download a free version of the program to root with, without having to pay the 30$ I would gladly guinea pig this, but I need my phone for work tomorrow. If none brave enough by weekend, I'll give it a shot.
Click to expand...
Click to collapse
ill downgrade from nougat to mm and try it
---------- Post added at 01:28 AM ---------- Previous post was at 12:46 AM ----------
blane3298 said:
ill downgrade from nougat to mm and try it
Click to expand...
Click to collapse
didnt work
blane3298 said:
ill downgrade from nougat to mm and try it
---------- Post added at 01:28 AM ---------- Previous post was at 12:46 AM ----------
didnt work
Click to expand...
Click to collapse
Did you try the paid version or the free one? The free version says it can only detect but not root.
anonymoustl said:
Just updated the TEK thread... I just got it... Pictures are proof, as is the weeks of sleep I am missing..... I have been working on a full Developer Takeover.. Changed the build type, user, thumbprint, keys, props, no TIMA or KNOX, Permissive, Cut the stock rom down to 700 mb and the system apps are GONE... not disabled... And so much more....
Let me explain the pic of a windows screen. That is Mr.MobileHelper... A very honest 3rd party chinese app... On the main page you get stats on your device. As you can see, there is a spot for root.. Before with straight leaked kernel, it would show up as NO for ROOT... No exploits were done with that kernel. It was factory... This has exploits... I, however am going with about 5 hours of sleep in two weeks, and ****ing don't recall the exact steps... I have a potential gold-mine here, and forgot where I put my mine'n pan! FML!
And I have no clue what a Dr. Phone is... where is this link? ****EDIT Found
and it may be nothing... but doesn't look or feel like nothing.. .This rom is smooter than the U is stock... It is the U... But MY U
Click to expand...
Click to collapse
I'm guessing Dr.Fone is similar to Mr.MobileHelper. But it looks like your program is using the ENGBOOT to gain root. If this is the case then these programs aren't any better than the manual root method. But try to get some sleep and get that ROM built and look into these programs some more!
CosMiiK said:
Did you try the paid version or the free one? The free version says it can only detect but not root.
Click to expand...
Click to collapse
Free. Not wanting to waste money if it's just the eng kernel
30 dollars for some free eng kernel..yay
blane3298 said:
Free. Not wanting to waste money if it's just the eng kernel
Click to expand...
Click to collapse
I don't want to pay either if it's just engboot. But this is why we need somebody to test it to confirm its just the eng kernel. If their claim of "over 7000 supported devices" is true, they might be using an exploit somebody on their team discovered. Or maybe they use dirtycow. I just can't give up until we have stable root. Stock kernel and root would make this the perfect phone.
CosMiiK said:
I don't want to pay either if it's just engboot. But this is why we need somebody to test it to confirm its just the eng kernel. If their claim of "over 7000 supported devices" is true, they might be using an exploit somebody on their team discovered. Or maybe they use dirtycow. I just can't give up until we have stable root. Stock kernel and root would make this the perfect phone.
Click to expand...
Click to collapse
If they gave a refund sure I'd try it
CosMiiK;69995103b said:
I don't want to pay either if it's just engboot. But this is why we need somebody to test it to confirm its just the eng kernel. If their claim of "over 7000 supported devices" is true, they might be using an exploit somebody on their team discovered. Or maybe they use dirtycow. I just can't give up until we have stable root. Stock kernel and root would make this the perfect phone.
Click to expand...
Click to collapse
I just got nougat redownloaded and set back up. Really don't want to go thru the hassle again -__-
There's no reason to even try to spend the 30$. I was going to act all high and mighty with some comment about "everyone wants root, but noone wants to pay to try" and then pay myself, but just read their FAQ for refunds, it says they will not provide a refund if you don't test the free version....so test the free version and get the answer:
It seems pretty clear cut to me. If you do it on EngBoot, perhaps it'll root it for you so you don't need the manual SuperSU method....but not for 30$.
Ran it on both Stock 935T and also on the stock 935U with the same results.
With products featuring up to a 30-day Money Back Guarantee, Wondershare generally does not refund or exchange products in the following situations:
Non-technical Circumstances
1) Failure to read the product description before purchasing and thus resulting in dissatisfaction with the product's functioned and/or results. It is highly recommended that every customer read the product description and try the free trial version before making their final purchase decision.
Wondershare does not refund software if products fail to meet customer's needs due to a lack of understanding by the customer, of the products functions and capabilities.
Click to expand...
Click to collapse
Seems pretty cut and dry that the 30$ wouldn't be worth it and this topic is now a null issue/question.
With that said, the product itself also has only 4 reviews posted on its website. 3 of them created within a 3minute period by "Jane, Jerry, Alex" who were extremely happy to state how amazing DrFone worked on their Note (3's?).
Can we agree that the OP's question has been answered?
At least for the gs7, it's funny how it lists our gs7 variants in the list of supported devices.
Blade22222 said:
At least for the gs7, it's funny how it lists our gs7 variants in the list of supported devices.
Click to expand...
Click to collapse
Only root going on here is them rooting 30 dollars from our wallet
nitroevo said:
Only root going on here is them rooting 30 dollars from our wallet
Click to expand...
Click to collapse
Agreed.
CosMiiK said:
I'm guessing Dr.Fone is similar to Mr.MobileHelper. But it looks like your program is using the ENGBOOT to gain root. If this is the case then these programs aren't any better than the manual root method. But try to get some sleep and get that ROM built and look into these programs some more!
Click to expand...
Click to collapse
That is where you are wrong, my friend... I forced that.. All part of a takeover.. And remember, the ENG kernel was NOT build on PI3, which this is clearly displaying Least you forget(or maybe you don't know) that there are MANY steps to finding and/or CREATING a vulnerability within a kernel or an OS... ESPECIALLY with the freaking types of encryption algo'z this thing can play with..
This isn't just downloading an app, pressing a button, and calling ones self an ub3r1337h4x0r.... This is reverse engineering... And as many people whom deconstruct/reconstruct better, I fu(*ing HATE documentating a DAMN thing.. So I have that to contend with as well..
See.. Download MrPhone if you want to test yourself... It's all free and blah blah... not gunna f*&k ya over... Now with your eng kernel on your phone, plug into mrPhone(which is only a device admin app.. does NOT root) and look at the kernel and root status... It will show just as I say.
I am uploading a current BOOTING BUILD PROP complete with TEST-KEYS and more.. Also totally broken encryption and verity... Hoping to break this ***** down to an exploitable level... At this point I am too far in.. Now it's 4tLulZ
Full Postulation:
Not going to put it until I get complete because that is like posting a 0-day as you are exploiting it..... EDIT******
Cliff Note Version: Get bootloader unlocked to make rooting a snap...or... wait for it........
A FLASH!!!!!! @Chainfire ?!?!
What would help the MOST from someone, is if they could point in the direction of the homes of the files that deal with the bootloader...
****EDIT 2*****
Rolled back the security patch to August 1, 2016 >
Has anyone tried to fake the chinese device and then use it's solutions to gain BL Unlock or root? Just saying... THAT is the same hardware.. I think someone was giving one of these devices away to a tester for testing... I am using my production phone which is causing relationship issues that I could totally do without.. So I mean... Someone else is going to have to grow a pair and start hacking at this thing too... Or I need that test phone.. because I am ready for some major testing, yet sphincter too tight to pull the cord of a full device fake....
---------- Post added at 08:29 AM ---------- Previous post was at 08:27 AM ----------
I also tried the Dr Phone solution.. The program was....donated to me. And after about 30 minutes of it rebooting my phone, it didn't work... So for the normal s7e user you pay a dollar a minute for the hopes of having something happen that was promised, ending up not just like..... trying to find a goddamn curved tempered glass screen cover that isn't udder garbage!
---------- Post added at 09:07 AM ---------- Previous post was at 08:29 AM ----------
Found exploit that should be able to help out. Reaching out to indiv. for possible help/co-creating.....
What I do not get is that this device has the OEM unlock switch in developer mode.. .but it doesn't do what it is supposed to do..
anonymoustl said:
What I do not get is that this device has the OEM unlock switch in developer mode.. .but it doesn't do what it is supposed to do..
Click to expand...
Click to collapse
All these posts make it sound like you're getting somewhere. That OEM Unlock switch threw everybody off the first few days after the phone came out. A lot of us assumed that the T-Mobile version would be unlocked like all their other phones have been and pre-ordered it. And if I remember correctly, not everybody with T-Mobile phones had that switch in dev options. Not that it did anything for the people that did have it