Hi everyone. While I haven't made huge progress on unlocking the Amazon G Play's bootloader, I do have a few leads.
First, there's Initroot. Initroot is a way to get root access on Moto phones that have locked bootloaders. In their GitHub repository, a community member confirmed this exploit to work on his G4 Play that has a locked bootloader. I'm still trying to figure out how to patch the init. I'm not good with IDA, so it's gonna be hard. I'd love some help. While yeah, root is awesome, it's not as awesome as unlocking your bootloader. That's where the next exploit below kicks in.
There's a Amazon Exclusive Blu R1 bootloader exploit that someone here on XDA made. It uses the dirtycow exploit to obtain root then overwrite. For a lot of us, dirtycow won't work because of security patches. But initroot will!
So, using knowledge from another XDA thread, we know that the third line of our get_unlock_data is a hash validated by Motorola to allow us to unlock our bootloader. Combining the initroot and the Blu R1 unlock exploit could allow us to unlock our device.
We need to first obtain root using Initroot, to do this we need to patch initramfs. After we obtain root, we need to replace either the frp or cid partition, sounds like cid, with another patched version. This is where community help is needed! I know y'all are smart, let's do this!
This looks very promising. My device is still at 6.0.1 so I will attempt the same process at that release version.
I don't know much about how the firmware on these devices work. But I would assume the frp partition would be for factory reset protection.
So far what I've got is a SCRATCH_ADDR of 0x80000000 and padding 0x01000000, ramdisk size 1010982.
Your fastboot command would be:
Code:
fastboot oem config fsg-id "a initrd=0x81000000, 10982"
I've tested it and it does survive reboot, no eternal bootloop with these values.
Here is the full information I got from the boot.img
Code:
kernel=kernel
ramdisk=ramdisk
dt=dt.img
page_size=2048
kernel_size=7220728
ramdisk_size=1010982
dtb_size=6492160
base_addr=0x80000000
kernel_offset=0x00008000
ramdisk_offset=0x01000000
tags_offset=0x00000100
cmd_line='console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 androidboot.hardware=qcom msm_rtb.filter=0x3F ehci-hcd.park=3 vmalloc=400M androidboot.bootdevice=7824900.sdhci movablecore=160M'
board=""
format=gzip
Now whoever wants to patch init can take over because I'm tired lol
Here are some notes I have for patching the init binary:
I took the Athene stock rom from the motorolla website and extracted the init binary.
I have taken the Athene image from the initroot github extracted the init binary.
Comparing the two binaries the only difference is highlighted in red below, stock on the left and the patched init on the right.
diff
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I am guessing that changing 0xf0102001 to 0xf0102000 is referencing the second line in the difference that has 0xf0102000.
Searching for the same listing of instructions in the harpia (Moto G4 play) init I found the following:
listing
Assuming changing 0xf00f2001 to 0xf0102000 (2nd line) in a hex editor would be enough.
I don't know enough about assembly to truly know what going on here, maybe someone on the forum does.
I'm down to try it if you wanna change it and send it to me. I have a couple of these phones just to play with so not too worried if I mess one up.
So, it seems to be a light at the end of the tunnel amz version without bootloader.
Keep it up guys \o/
Analysed aboot to find the SCRATCH_ADDRESS as described here: https://alephsecurity.com/2017/06/07/initroot-moto/#finding-the-scratch_addr-values
I can confirm the target_get_scratch_address is 0x9000000
I will try start my phone using the vanilla/unpatched copy of initramfs to see if I can boot.
ledothis said:
Analysed aboot to find the SCRATCH_ADDRESS as described here: https://alephsecurity.com/2017/06/07/initroot-moto/#finding-the-scratch_addr-values
I can confirm the target_get_scratch_address is 0x9000000
I will try start my phone using the vanilla/unpatched copy of initramfs to see if I can boot.
Click to expand...
Click to collapse
So that scratch_addr is 0x9000000 not 8x as a post above said? How about padding? And if you'd like I have the xt1607 initramfs already made to flash if you want it.
A.Fitz said:
So that scratch_addr is 0x9000000 not 8x as a post above said? How about padding? And if you'd like I have the xt1607 initramfs already made to flash if you want it.
Click to expand...
Click to collapse
I proved that it is possible to boot as described in the article by flashing a stock initrd.img (plus padding).
Code:
fastboot oem config fsg-id "c initrd=0x92000000,1010926"
fastboot flash aleph2 ./initroot-orig-harpia.cpio.gz
fastboot continue
I am failing when trying to boot off a custom initrd.img where I just unpack and repack it (using the steps on the github).
However when I compare my repacked initrd vs the original they are different which shouldn't be the case. I plan on figuring this issue next.
Also for the padding, I do not think that is explained well in the article. We can use any padding that we want, it is a precaution just to offset the image from the scratch address such that it doesn't get clobbered when the bootloader uses the scratch address for storing other data.
I have tried both 32MB (0x2000000) and 64MB (0x4000000) both of these work.
If you're on linux you can create the pad files using the following command, for e.g. 32MB
Code:
dd if=/dev/zero of=pad32 bs=1M count=32
Then for my stock image I have:
Code:
cp pad32 init-orig-harpia.cpio.gz
cat initrd.img >>init-orig-harpia.cpio.gz
Then I would use 0x92000000 instead of 0x90000000 as the initrd offset.
XT1622 Amazon version
The same thing with the XT1622 Amazon version.
- Tried booting with the original initroot image everything loads fine.
- When trying with the adjusted image I get boot loops.
The patch for init is wrong..
The exampe had 0xf0102001 changed to 0xf0102000. Assuming the patch is just dropping the last bit.
For my harpia initrd image I have the data 0xf00f2001 so I changed that to 0xf00f2000 and this worked.
Running
Code:
adb shell getenforce
Permissive
Note: I was super wrong about the packing and unpacking being the issue.
ledothis said:
The patch for init is wrong..
The exampe had 0xf0102001 changed to 0xf0102000. Assuming the patch is just dropping the last bit.
For my harpia initrd image I have the data 0xf00f2001 so I changed that to 0xf00f2000 and this worked.
Running
Code:
adb shell getenforce
Permissive
Note: I was super wrong about the packing and unpacking being the issue.
Click to expand...
Click to collapse
So, good news for XT1607 owners?
Im stuck now as I have never setup su before.
I copied su (version from android emulator) to /sbin/su in the image, but when i run:
Code:
$ adb shell su
su: setgid failed: Operation not permitted
Assuming thats why sepolicy and adb needs to be patched.
I tried using my sepolicy from the emulator and it still failed.
Maybe I should copy the adb from the github or the emulator.
I mean, he could be right; I never claimed to know what the hell I was doing I just like to tweak out on phones, definitely nowhere near a professional.
Root works now.
Code:
$ adb shell
[email protected]:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
/init patched as described above
/sepolicy taken from the athene-m image on the github
/xbin/su taken from the android arm emulator
/sbin/adbd taken from the athene-m image on github
/init.mmi.usb.rc changed "echo 1" to "echo 0" in two places
ledothis said:
Root works now.
Code:
$ adb shell
[email protected]:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
/init patched as described above
/sepolicy taken from the athene-m image on the github
/xbin/su taken from the android arm emulator
/sbin/adbd taken from the athene-m image on github
/init.mmi.usb.rc changed "echo 1" to "echo 0" in two places
Click to expand...
Click to collapse
Woohoo. Is this permanent? Can it be used then to permanently enable the tethering? Does this wipe anything on the phone?
I wonder what will happen if we finally get nougat.
Sent from my Moto G Play using Tapatalk
So, can we say now that's official to have root on amz version? o/
Technically yes. You would have to flash the fake initrdimg before booting each time though. Furthermore, you still can't change much of the device because the boot sequence is still secure.
Looking at the original suggestion for unlocking the bootloader it is unfortunately for a BLU device not a motorolla device (even though it is Amazon controlled).
I originally though that was Motorola variant. The bootloader unlock for the BLU device won't work for a motorolla device.
We just need to hope someone figures out a way to hack the bootloader.
I remember reading way back that there are some guys on this forum that know how to get Motorlla bootloader unlock codes, but I think they charge money. (Seems dodgy).
With root access I have pulled the bootloader image, so I'll dig around for fun but doubt I will find anything.
ledothis said:
Technically yes. You would have to flash the fake initrdimg before booting each time though. Furthermore, you still can't change much of the device because the boot sequence is still secure.
Looking at the original suggestion for unlocking the bootloader it is unfortunately for a BLU device not a motorolla device (even though it is Amazon controlled).
I originally though that was Motorola variant. The bootloader unlock for the BLU device won't work for a motorolla device.
We just need to hope someone figures out a way to hack the bootloader.
I remember reading way back that there are some guys on this forum that know how to get Motorlla bootloader unlock codes, but I think they charge money. (Seems dodgy).
With root access I have pulled the bootloader image, so I'll dig around for fun but doubt I will find anything.
Click to expand...
Click to collapse
So would a change to the build.prop survive a reboot?
Sent from my Moto G Play using Tapatalk
Related
This method is not mine. Original thread is HERE. I am simply making it work for our Verizon LG x8.3 VK815.
With the introduction to the newer OTA update, rooting ability using the old method has been broken. This means we have to follow the new method for achieving root similar to the LG G4. This requires pulling the system image, injecting root, pushing the system image back to the device.
Here are the steps to Root your Verizon LG x8.3 VK815
Follow JUST the first step here to get setup with the Download Mode and send_command:
http://forum.xda-developers.com/g4/general/lg-g4-100-root-success-directives-root-t3180586
It has links to the VERIZON drivers and the resources to get this done.
Here is the specifics for the LG VK815 to backup SYSTEM image:
STEP 1: BACKUP SYSTEM IMAGE said:
From Download Mode, using the send_command.exe
Code:
dd if=/dev/block/mmcblk0 bs=8192 skip=44992 count=458752 of=/data/media/0/system.img
Once that is done, we have to change permissions
Code:
mv /data/media/0/system.img /data/media/0/Download
Code:
chown media_rw:media_rw /data/media/0/Download/system.img
Code:
chmod 664 /data/media/0/Download/system.img
Code:
chcon "u:object_r:media_rw_data_file:s0" /data/media/0/Download/system.img
Type LEAVE to reboot back into Android. Open a ADB terminal and copy the System.img to your PC
Code:
adb pull /storage/sdcard0/Download/system.img .
Click to expand...
Click to collapse
STEP 2: INJECT ROOT (SKIP STEP IF VERSION ISN'T LISTED BELOW) said:
You need a Linux environment for this.
I used VirtualBox and this Ubuntu 12.10 Image:
http://sourceforge.net/projects/vir...untu Linux/12.10/ubuntu-12.10-desktop-i386.7z
user/pass: ubuntu/reverse
Load up Ubuntu and Log in. Download Inject Root Files. Copy system.img and contents of Inject_Root_G4.zip to desktop.
Load up a Terminal and "cd Desktop"
Code:
sudo chmod +x autoroot.sh
sudo ./autoroot.sh
Your "system.img" should change to "rootedsystem.img"
Copy this out of your VM and copy back to the root of your internal storage on your LG G Tab x8.3 VK815
Click to expand...
Click to collapse
I am uploading the 11A Stock OTA System Image Here:
StockSystem
Code:
MD5:cda4e8ce36f009403a45f00f29c58fff
Here is the ROOTED 11A OTA System Image:
Download Rooted System Image - Mirror
Code:
MD5: 165bc9152f20e66623477870c574500b
STEP 3: PUSH ROOTED SYSTEM IMAGE said:
Boot back into Download Mode. Now we copy and install the rootedsystem.img into our operating system partition:
Code:
dd if=/data/media/0/rootedsystem.img bs=8192 seek=44992 count=458752 of=/dev/block/mmcblk0
Type LEAVE and reboot.
Click to expand...
Click to collapse
ENJOY!
Special Thanks to @smason for help and @hackarchive for the original walkthrough!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Wrong device, wrong Forum.
Please ask in the Q and Forum for your device - thanks.
Yea the new update breaks the existing root methods. There currently is no way TO root, but I think we can root it similarly like we do on the G4.
You basically pull the system image (using the command I posted), open it up on the PC, copy in the root files, and push the whole root system image (3.5gb) back to the phone.
I would recommend doing a factory reset and do not sign in to google, install apps, etc. The tablet is 16gb and you'll have both images on your G4. You might not have enough internal storage space with apps installed.
I do not have the UPDATE installed, nor do I want the update unless I KNOW it can be rooted. So if you can pull the system image for me and upload it, I will try to inject the root and you can try it. You'll have BOTH system images on your tablet, so if the rooted one doesn't work, you can just flash the original.
Anyone on the OTA able to pull a stock system image to upload?
I have no intention of taking the OTA if it cannot be rooted. I will help anyone looking to root the new update.
player911 said:
Anyone on the OTA able to pull a stock system image to upload?
I have no intention of taking the OTA if it cannot be rooted. I will help anyone looking to root the new update.
Click to expand...
Click to collapse
Hi there, im now trying to root it using this method. If its right i would update my img :cyclops:
I am having problems copying the image off of the device. I tried doing it though adb pull and shell and just a straight copy. Keep getting permission errors. I rerooted my 11A tab to try permissions.
player911 said:
I am having problems copying the image off of the device. I tried doing it though adb pull and shell and just a straight copy. Keep getting permission errors. I rerooted my 11A tab to try permissions.
Click to expand...
Click to collapse
I have the same problem too, i can't move/copy the system.img. Any solutions of this?
Update to pull system.img
Code:
#mv /data/media/0/system.img /data/media/0/Download
#chown media_rw:media_rw /data/media/0/Download/system.img
#chmod 664 /data/media/0/Download/system.img
#chcon "u:object_r:media_rw_data_file:s0" /data/media/0/Download/system.img
#ls -laZ /data/media/0/Download/system.img
-rw------- media_rw media_rw u:object_r:media_rw_data_file:s0 system.img
#
Thanks to @smason for the help.
I have pulled the stock OTA system image, injected root, and about to flash it now. If successful, I will upload the rooted system.img.
The OP is sort of a mess right now while I am adding notes and steps. If I am successful, I will organize it better. The steps for flashing is 1 line
EDIT!
SUCCESS!
Another thread that should be stickied.
Agreed as this method will probably be the standard for all updates going forward unless LG blocks it.
Unlike the G4, additional steps need to be taken to get the image off your device because they locked down permissions.
I am interested in hearing of how this works for others. I've been all over this for a while and my instructions may skip details.
Is the link for the rooted system file broken?
Skizzy034 said:
Is the link for the rooted system file broken?
Click to expand...
Click to collapse
I confirm that the download link doesn't work for me. Like you said in the other thread, it just takes me to the site's main page.
roirraW "edor" ehT said:
I confirm that the download link doesn't work for me. Like you said in the other thread, it just takes me to the site's main page.
Click to expand...
Click to collapse
=/ That sucks.
This worked for me. I FINALLY got my x8.3 rooted. Uploading the rootedsystem.img file to FileDropper right now. Will share the link as soon as it is uploaded.
Edit:
FileDropper wouldn't hand over the link to the file so I'm uploading it to MediaFire now. Will post link as soon as it is uploaded.
Edit:
File is uploaded (Remove spaces): www . mediafire .com /download/ qnx4f9bzxage96o/ rootedsystem.img
Cool!
I'll update the OP links with your mirror.
Can you provide a MD5 checksum? I think I zipped the original to save file size so the MD5 will be different.
Looks like both of my links have died. I'll reupload the Original and Rooted images up to other services tonight. I was excited when I finally got it and threw it up on the first host that would support the size.
player911 said:
Cool!
I'll update the OP links with your mirror.
Can you provide a MD5 checksum? I think I zipped the original to save file size so the MD5 will be different.
Looks like both of my links have died. I'll reupload the Original and Rooted images up to other services tonight. I was excited when I finally got it and threw it up on the first host that would support the size.
Click to expand...
Click to collapse
I'd be glad to post the MD5... as soon as I figure out how to get that... I have no idea, never done that before. xD Normally I just wait for everyone else to fix things like this and I download their hard work but I decided it was time for me to step up to the plate.
EDIT:
I believe I got the MD5 for it. I used WinMD5Free v1.20 so I hope I'm not just being an idiot here (Never learn until you stick your neck out.)
MD5: 5e151c2126263423a1602fd39eb2db47
So the only step we need to do is push the system image you provided?
I would back up your system image too, but not needed.
You should just copy the rootedsystem.img to your internal storage and use the DD command from Download mode to copy it over.
player911 said:
I would back up your system image too, but not needed.
You should just copy the rootedsystem.img to your internal storage and use the DD command from Download mode to copy it over.
Click to expand...
Click to collapse
Will an android terminal work?
@MikeChannon removed OP. please close
what? lol
Good good. Can't wait! :silly:
workdowg said:
Good good. Can't wait! :silly:
Click to expand...
Click to collapse
i'm working on an automated deploying (kind of the one for restoring the bios) and i will start with the 1050f one. automated because otherwise things can get messy
maybe you can prepare some tutorial for the X part based on your experience (tho i, as a proud windows user, didnt believed people use that stuff and i'm sure goes the other way around )
ionioni said:
i'm working on an automated deploying (kind of the one for restoring the bios) and i will start with the 1050f one. automated because otherwise things can get messy
maybe you can prepare some tutorial for the X part based on your experience (tho i, as a proud windows user, didnt believed people use that stuff and i'm sure goes the other way around )
Click to expand...
Click to collapse
Will do Master Chef! It really was simple once the base is done...
Proof of concept (Actually it just plain works...):
Arch x86_x64 - LXDE (with Pulse sound) running on Xsdl
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If Installed, Can I steam game?
neverapple88 said:
If Installed, Can I steam game?
Click to expand...
Click to collapse
Most likely, if the linux graphics driver works with the embedded SoC graphics driver. And it seems Android also uses the same i915 driver.
update: need a 1050F owner to test the AoL deployment tool... my device is a 1380F so i cannot test thoroughly, i want to test it with a real owner. pm for details. worst case: you will have to flash kitkat rom back, best case: it keeps all the existing files in place, stealing space from data partition for the new linux. waiting...
ionioni said:
update: need a 1050F owner to test the AoL deployment tool... my device is a 1380F so i cannot test thoroughly, i want to test it with a real owner. pm for details. worst case: you will have to flash kitkat rom back, best case: it keeps all the existing files in place, stealing space from data partition for the new linux. waiting...
Click to expand...
Click to collapse
Anyone??? Everybody was so excited and no one wants to try? I'll do it if nobody else will. For me it means backing up my current Linux and Android partitions (been working hard at getting them lean and mean) partitions and going through the whole flash from kitkat ordeal again... for probably the 10th time at least...
Sent from my YOGA Tablet 2-1050F using Tapatalk
workdowg said:
Anyone??? Everybody was so excited and no one wants to try? I'll do it if nobody else will. For me it means backing up my current Linux and Android partitions (been working hard at getting them lean and mean) partitions and going through the whole flash from kitkat ordeal again... for probably the 10th time at least...
Sent from my YOGA Tablet 2-1050F using Tapatalk
Click to expand...
Click to collapse
yeah, funny thing...
upped a first version of the tutorial
and the first batch of files (for 830 and 1050)
I could not wait a few days ago. I excited.
But I can't English well. So it is difficult to test.
I wanted the first Windows. But if Linux works reliably, I would choose Linux. (I'm ubuntu user)
I think Intel graphics drivers are going to be good as the performance by Android. (for steam game!)
However, one problem occurred.
I used data parted More than 20GB. (sry my english)
This space is insufficient to install Linux and applications and steam game.
The workaround is to install a Linux partition on the sd card.
Can I install a Linux partition on the sd card? (and run)
ps. After entering the text has been changed the post. I'll go to see the Thread.
neverapple88 said:
I could not wait a few days ago. I excited.
But I can't English well. So it is difficult to test.
I wanted the first Windows. But if Linux works reliably, I would choose Linux. (I'm ubuntu user)
I think Intel graphics drivers are going to be good as the performance by Android. (for steam game!)
However, one problem occurred.
I used data parted More than 18GB. (sry my english)
This space is insufficient to install Linux and applications and steam game.
The workaround is to install a Linux partition on the sd card.
Can I install a Linux partition on the sd card? (and run)
Click to expand...
Click to collapse
this IS ONLY FOR UNCHANGED STOCK PARTITIONS LAYOUT (it will refuse to install if it detects that your data partition is not having the original configuration), it CHANGES your partitions by adding two more partitions a big one (min. 1024MB but you can make it bigger durin installation) and a small one for the original Android initramfs (read the tutorial to understand more) and that space is taken (ripped off) from the data partition. and whenever you will uninstall it will remove the two new partitions and restore the data partition to the original size
i did not did (i had a manual setup at some point) a setup to sdcard s it is too slow ( @workdowg can give you more details, as he stayed on that configuration more i went for the on the internal partition variant quickly when i've seen how much it takes to work with files when you 're having linux on sdcard)
also on the X related issues you should talk with him (i didn't used X on AoL, i only use shell tools/servers)
you should flash back your Android and check that you have the original partitions (number, size and names) before trying to install.
I have made a mistake when installing. (no insert rootfs file, uninstall, etc ...)
now. my /data partition 11.11GB (OMG,,,)
I've tried a factory reset. but no change. (GB)
how to? ...
ps. I want to work with the command.
neverapple88 said:
I have made a mistake when installing. (no rootfs file, uninstall, etc ...)
now. my /data partition 11.11GB
I've tried a factory reset. but no change.
how to? ...
Click to expand...
Click to collapse
use the corresponding tool from this post (if youre on lollipop use the lollipop one) it will open a root shell on a very early boot (without Android loading), you have to start in DnX mode then start the tool
after the shell opens, open another command window and push the extracted (attached) gdisk (it's a static IA32 version i compiled for working with GPT partitions) to your tab
adb push gdisk /tmp/gdisk, return to the root shell and input
chmod 755 /tmp/gdisk
/tmp/gdisk -p /dev/block/mmcblk0
and post the result
the partition.txt attached shows how ot should be default configurations of the partitions on a 1050 (830) device
ionioni said:
use the corresponding tool from this post (if youre on lollipop use the lollipop one) it will open a root shell on a very early boot (without Android loading), you have to start in DnX mode then start the tool
after the shell opens, open another command window and push the extracted (attached) gdisk (it's a static IA32 version i compiled for working with GPT partitions) to your tab
adb push gdisk /tmp/gdisk, return to the root shell and input
chmod 755 /tmp/gdisk
/tmp/gdisk -p /dev/block/mmcblk0
and post the result
the partition.txt attached shows how ot should be default configurations of the partitions on a 1050 (830) device
Click to expand...
Click to collapse
I first start DnX mode -> run tmp-root-1050F-lollipop -> run normal cmd
(cmd) >adb push gdisk /tmp/gdisk
adb server is out of date. killing...
* daemon started successfully *
5597 KB/s (492988 bytes in 0.086s)
after root cmd is shutdown(end)
neverapple88 said:
I first start DnX mode -> run tmp-root-1050F-lollipop -> run normal cmd
(cmd) >adb push gdisk /tmp/gdisk
adb server is out of date. killing...
* daemon started successfully *
5597 KB/s (492988 bytes in 0.086s)
after root cmd is shutdown(end)
Click to expand...
Click to collapse
but the root shell opens??? you must wait until it opens the root shell yeah, it opens otherwise you would not be able to push (i was reading too fast)
the window gets killed because the temp_root has a differnet version of adb and on your pc there is another and when you try to do the adb push you kill the adb from the tmp_root, but that is not a problem, just do a adb shell after you did the push and it will open anothe root shell and you can enter and input the other commands
also, have you seen the text file with the partitions? you seemed surprised and i don't know why, on the default configuration the data has around 11GB, do not confuse that with the whole mmc that has 16
ionioni said:
but the root shell opens??? you must wait until it opens the root shell yeah, it opens otherwise you would not be able to push (i was reading too fast)
the window gets killed because the temp_root has a differnet version of adb and on your pc there is another and when you try to do the adb push you kill the adb from the tmp_root, but that is not a problem, just do a adb shell after you did the push and it will open anothe root shell and you can enter and input the other commands
also, have you seen the text file with the partitions? you seemed surprised and i don't know why, on the default configuration the data has around 11GB, do not confuse that with the whole mmc that has 16
Click to expand...
Click to collapse
Thank you! It has been recovered.
This was a fun experience. (and risk...) XD
I'd like to know more, but do not know the English language. :silly:
So I'll use the Arch Linux.
Your articles are hard to read, But Thank you for your time.
neverapple88 said:
Thank you! It has been recovered.
This was a fun experience. (and risk...) XD
I'd like to know more, but do not know the English language. :silly:
So I'll use the Arch Linux.
Thank you for your time. : D
Click to expand...
Click to collapse
Theres an Ubuntu too now...
ionioni said:
Theres an Ubuntu too now...
Click to expand...
Click to collapse
C
===============================================
Found ready-made linux rootfs.tgz file, pushing to device...
Checking for valid deployment enviroment
Error! Invalid <failed check> data partition end sector.
Have you already deployed Linux? If so try restoring first.
ABORTING! Nothing was changed!
OMG.. (I try fix)
neverapple88 said:
C
===============================================
Found ready-made linux rootfs.tgz file, pushing to device...
Checking for valid deployment enviroment
Error! Invalid <failed check> data partition end sector.
Have you already deployed Linux? If so try restoring first.
ABORTING! Nothing was changed!
OMG..
Click to expand...
Click to collapse
nothing to be scared of, it has not changed anything, just detected that something is wrong and exited
what is your partition layout? it compares what he reads against the stock values and if they don't match he gives error.... can you run a command so that we see the EXACT layout of your partitions? (number, start_sector, end_sector, name)
you could use the commands i asked you previously to run
temp_root -> adb push gdisk... etc and you will get a print of the partitions on your device
what is your mmc capacity (16GB?) if your mmc is a 32GB one then download and use this
This project is closed due to lack of interest. I'm leaving the files and instructions here for any that want it...
One last present.... See here for a working Arch-AoL MircoSD rootfs.... Just extract it to the ext4 partition of the MicroSD (Step 1) and install the modified kernel (Step 3).
AoL - Android ON Linux - GM-T810 Edition - MicroSD
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Background
This project was started on the Lenovo Yoga Tab 2 by @ionioni. Over the past couple months he managed to unlock the bootloader and get Linux running natively with Android in the chroot. See his thread here for more details and the real reasons why we would want this. Having Linux in charge makes for a much nicer environment for me. Also having REAL Linux on the go helps with my day to day work.
MicroSD Install of:
AoL - Android ON Linux - GM-T810 Edition
You must be rooted, and have TWRP and Busybox installed
1) Format MicroSD using Linux gparted:
--MAKE SURE IT IS YOUR MICROSD CARD(/dev/mmcblk..) YOU ARE WORKING WITH!!
--Delete all partitions of MicroSD
--Device>>Create partition table - Select ms-dos
--Partition>>New - Select fat32 and the size you want
--Partition>>New - Select ext4 and the rest of the card (suggest ~4-8GB)
--Click the checkmark...
Click to expand...
Click to collapse
2) Install the rootfs on Partition 2 of the MicroSD:
(The following is for an Arch AoL install. Someone else will need to do other Distro's)
**The following is run as root not sudo in a terminal on your Linux PC**
--"su"
--Create and cd into a temp directory
--Download - "wget http://archlinuxarm.org/os/ArchLinuxARM-armv7-latest.tar.gz"
--Download - "wget https://busybox.net/downloads/binaries/latest/busybox-armv7l"
--Download and extract - aol_inits.7z
--Download aol_cold_initramfs.cpio.gz
--cd to root_of_MicroSD_partition2
--"tar -xpvf /path/to/temp_directory/ArchLinuxARM-armv7-latest.tar.gz ."
--"cp /path/to/temp_directory/busybox-armv7l usr/bin/busybox"
--"cp /path/to/temp_directory/aol_inits/init.stage* etc/"
--"chmod a+x usr/bin/busybox etc/init.stage*"
-- "mkdir -p android android/hot android/cold"
--"cd android/cold"
--"gzip -dc /path/to/temp_directory/aol_cold_initramfs.cpio.gz | cpio -idv"
--"cd ../../" (Root of sdcard)
--"rm etc/resolv*"
--"echo "nameserver 8.8.8.8" > resolv.conf"
--"echo "nameserver 8.8.4.4" >> resolv.conf"
--"echo "inet:x:3003:root" >> etc/group"
--"echo "net_raw:x:3004:root" >> etc/group"
--"echo "PermitRootLogin Yes" >> etc/ssh/sshd_config"
--cd out of the MicroSD and do a sync
--Remove MicroSD and place into your tablet
Click to expand...
Click to collapse
3) Installing the aol_kernel:
***YOU MUST DO THIS FIRST***
***Goto SuperSU app and do a "cleanup for reinstall from Playstore"
***Reboot
***DO NOT REINSTALL SuperSU app (or be ready to flash a stock image in ODIN and start all over)
--
--Extract aol_external_sm-t810.7z to /sdcard
--Reboot to TWRP (backup if you wish)
--Install>>Image file
--Select aol_external_sm-t810.img and flash
--Reboot and profit.
Click to expand...
Click to collapse
After AoL boots you will need to log in to ssh localhost, port 22 (Arch install user:alarm pass:alarm) and run the following as root(pass:root):
--"su"
--"gpasswd -a alarm inet"
To go back just need to reflash your old kernel...
If you would like a X11 Desktop (LXDE, XFCE4...) see this thread.... Either use the user alarm or create a new one...
I will be crediting all sources here:
@ionioni - Master Linux/Android chef
@BigBot96 - Rooting tutorial
@ashyx - GTS2 Root, permissive kernel and Recovery Threads, also the permissive custom kernel
Blog @ http://whiteboard.ping.se/Android/Debian - Great hints
@osm0sis - For his AIK
Click to expand...
Click to collapse
Dev Updates
01/17/2016
- Data corruption
At this point the internal installer does its job resizing and creating the needed new partitions. The issue now is the same one I encountered on my first install. The data partition (even if wiped) ends up corrupted. TWRP can't even mount it or fix it. The only solution to fix the error and finish the install process has been to flash the stock recovery. This extra step is not what I want to release to the "public". Until I find a solution I will not be releasing this.
Anyone that "has" to have this installed and doesn't mind the extra 5 minutes of work can PM me and I'll fill you in on the details....
I will release the MicroSD install as it doesn't require any internal partitioning. I will only support Arch at the moment because that is my distro of choice....
12/22/2015
- SUCCESS!!!! AGAIN!!!
After much testing and then a total fail (partitions got corrupted), I now have a working internal AoL install on my tablet. I resized /data (mmcblk0p22) and added 2 new partitions (mmcblk0p23 + 24).
After I work out the kinks in the installer I'll post it. The internal installer will also need a fresh rootfs but I will help with that via a menu driven script similar to my AKBI-TF700 project. It will be better to do the two separately, especially if someone just needs to split their /data partition ( @moonbutt74).
12/16/2015
- SUCCESS!!!!
Apparently AIK was the ticket!!! I also had a bad rootfs (someone somewhere had said to use GPT for the sdcard... GRRR). Arch linux is now in charge and "letting" Android run on my tablet! I have to get the internet working from Linux (systemd issue...) but Android works flawlessly as before. Stay tuned!
EDIT:
- Ok, so I have a working rootfs and a working kernel (thanks to @ashyx (permissive kernel), @moonbutt74 for pointing me to AIK and @osm0sis for making AIK!!!!). I'll be packing up the rootfs as is (simple root and 1 regular user) and anyone who would like to try it shoot me a PM.
I'll run some testing but I'm confident this is a good build. I'll post a rootfs and kernel once at least 2 people PM me and try it... Also eventually my rootfs builder and kernel init's...
My new priority is repartitioning mmcblk0 to add 2 new partitions for Linux to be installed.
EDIT2:
- Posted the install instructions but no files until someone steps up to do a confirming test... Also I decided not to supply any rootfs as it is better (and easy) to build your own fresh.
12/11/2015
- Here is where I am at on the project. I am now setup to compile, pack and unpack successfully the kernel for the SM-T810. Unfortunately (I hate to keep saying that...), any time I modify or replace the ramdisk, it fails to boot. This is what I had thought would be the "easy" way using an externalsd install. All permissions and binaries check out. Grrr.
So, on the advice of my "Master Chef", I'm going to focus on an internal install. This requires taking some space from the /data partition to make 2 new internal partitions. This worked flawlessly on the YT2 and we think that will solve the init issue.
I am going to keep this on hold until @CTXz finishes his port of CM 12.1 to the SM-T710 and he ports CM 12.1 and more importantly CWM-recovery the SM-T810. I need adb access from recovery to do some "safe" initial formatting and the current TWRP does not support adb. Also CM will be a more generic install and will, I think, be more linux friendly...
So to the 350+ observers so far of this project... Stay tuned!
12/8/2015
-I've tried many ways but can't get a kernel to even try to boot. I even tried unpacking ashyx's permissive kernel and repacking it and it won't boot either. I don't have any experience building (or apparently modifying) kernels and no one has stepped up or shown interest. So regretfully this project is on hold. If someone wants to take over feel free to PM me I'll give you everything you need to get an sdcard install running, you just need the "secret" to packing this kernel.
12/7/2015
- So got all my Linux rootfs ducks in a row (binaries and scripts in place). Still can't get the kernel to boot past the first splash... I'm not a kernel man but I guess I'll need to hit the books and see what I can do...
Reserved 2
This one too...
Thank you for your time and effort. I would be happy to test once you get to that in development.
Take care and have a wonderful day.
I went ahead and got an sd install setup. I can't get the kernel to flash in ODIN though. I'm trying to look for information about the kernel build, are they still signed even though the bootloader is unlocked... Probably. I'll have to ask around and find how to sign it...
workdowg said:
I went ahead and got an sd install setup. I can't get the kernel to flash in ODIN though. I'm trying to look for information about the kernel build, are they still signed even though the bootloader is unlocked... Probably. I'll have to ask around and find how to sign it...
Click to expand...
Click to collapse
Unsigned images can be flashed with odin if the bootloader is unlocked.
It's more likely to be something with the way it's been packaged.
How did you repack the boot.img, what is the error in Odin?
Wouldn't it be easier to flash the boot.img with recovery?
ashyx said:
Unsigned images can be flashed with odin if the bootloader is unlocked.
It's more likely to be something with the way it's been packaged.
How did you repack the boot.img, what is the error in Odin?
Wouldn't it be easier to flash the boot.img with recovery?
Click to expand...
Click to collapse
Yes I realize that. There was some there was something wrong with the way I repacked it. It flashed this time but didn't boot. And I do plan on flashing recovery I am just testing and playing around right now. Thank you!
From my LG-G4, Rooted running Stock 5.1
Dev Update
12/7/2015 - So got all my Linux rootfs ducks in a row (binaries and scripts in place). Still can't get the kernel to boot past the first splash... I'm not a kernel man but I guess I'll need to hit the books and see what I can do...
All updates HERE
workdowg said:
12/7/2015 - So got all my Linux rootfs ducks in a row (binaries and scripts in place). Still can't get the kernel to boot past the first splash... I'm not a kernel man but I guess I'll need to hit the books and see what I can do...
All updates HERE
Click to expand...
Click to collapse
@ashyx - Didn't want to bother you with a PM... I tried unpacking and immediately repacking your kernel to test my mod and it doesn't boot either. How is the kernel packed for this device? Thanks.
Edit: I'm thinking it may be the ram base address? Umkbootimg doesn't spit out that on this kernel...
Sent from my SM-T810 using Tapatalk
I've tried many ways but can't get a kernel to even try to boot. I even tried unpacking ashyx's permissive kernel and repacking it and it won't boot either. I don't have any experience building (or apparently modifying) kernels and no one has stepped up or shown interest. So regretfully this project is on hold. If someone wants to take over feel free to PM me I'll give you everything you need to get an sdcard install running, you just need the "secret" to packing this kernel.
Update - 12/11/2015
12/11/2015 - Here is where I am at on the project. I am now setup to compile, pack and unpack successfully the kernel for the SM-T810. Unfortunately (I hate to keep saying that...), any time I modify or replace the ramdisk, it fails to boot. This is what I had thought would be the "easy" way using an externalsd install. All permissions and binaries check out. Grrr.
So, on the advice of my "Master Chef", I'm going to focus on an internal install. This requires taking some space from the /data partition to make 2 new internal partitions. This worked flawlessly on the YT2 and we think that will solve the init issue.
I am going to keep this on hold until @CTXz finishes his port of CM 12.1 to the SM-T710 and he ports CM 12.1 and more importantly CWM-recovery the SM-T810. I need adb access from recovery to do some "safe" initial formatting and the current TWRP does not support adb. Also CM will be a more generic install and will, I think, be more linux friendly...
So to the 350+ observers so far of this project... Stay tuned!
workdowg said:
12/11/2015 - Here is where I am at on the project. I am now setup to compile, pack and unpack successfully the kernel for the SM-T810. Unfortunately (I hate to keep saying that...), any time I modify or replace the ramdisk, it fails to boot. This is what I had thought would be the "easy" way using an externalsd install. All permissions and binaries check out. Grrr.
So, on the advice of my "Master Chef", I'm going to focus on an internal install. This requires taking some space from the /data partition to make 2 new internal partitions. This worked flawlessly on the YT2 and we think that will solve the init issue.
I am going to keep this on hold until @CTXz finishes his port of CM 12.1 to the SM-T710 and he ports CM 12.1 and more importantly CWM-recovery the SM-T810. I need adb access from recovery to do some "safe" initial formatting and the current TWRP does not support adb. Also CM will be a more generic install and will, I think, be more linux friendly...
So to the 350+ observers so far of this project... Stay tuned!
Click to expand...
Click to collapse
How do you repack the boot.img. Usually the kitchen is fault. Try carliv image kitchen. Works almost always.
CTXz said:
How do you repack the boot.img. Usually the kitchen is fault. Try carliv image kitchen. Works almost always.
Click to expand...
Click to collapse
I'll definitely try it...
But I'm almost positive because I'm able to pack and then repack any working kernel it is my changes that aren't being liked... The ramdisk init is actually a shell script and it makes calls for /dev/mmcblk1p2 which may be called something else at boot before Android starts (Android names it /dev/block/mmcblk1p2).
workdowg said:
I'll definitely try it...
But I'm almost positive because I'm able to pack and then repack any working kernel it is my changes that aren't being liked... The ramdisk init is actually a shell script and it makes calls for /dev/mmcblk1p2 which may be called something else at boot before Android starts (Android names it /dev/block/mmcblk1p2).
Click to expand...
Click to collapse
Maybe multirom would be usefull for such cases. If I remember right you can decide what partition to boot from multirom itself. Anyways, i am building CM recovery now to see if I have root access.
Nice utility... He put some work into that... But it still boot loops... Thanks though, it will come in handy.
Hmm CM recovery still saying
33005960dd4672df offline
Guess i'll have to build another recovery then.
I was hoping that selinux was the fault. I will still check the kmsg if it is kernel related.
By the way, realized this right now. I remember getting adb in LPM mode. So while the rom didn't work, instead of reflashing all, I just booted into LPM and from there I had adb. You need to set your default.prop for that.
---------- Post added 12-12-2015 at 12:10 AM ---------- Previous post was 11-12-2015 at 11:52 PM ----------
Ok little update here. I got adb working on the stock recovery. There still no root access tough. I'll replace it with a rooted kernel.
CTXz said:
Hmm CM recovery still saying
33005960dd4672df offline
Guess i'll have to build another recovery then.
I was hoping that selinux was the fault. I will still check the kmsg if it is kernel related.
By the way, realized this right now. I remember getting adb in LPM mode. So while the rom didn't work, instead of reflashing all, I just booted into LPM and from there I had adb. You need to set your default.prop for that.
Click to expand...
Click to collapse
The only info I could fine on LPM mode is for mobile sim cards.... What exactly is this you are refering to...
Ok little update here. I got adb working on the stock recovery. There still no root access tough. I'll replace it with a rooted kernel.
Click to expand...
Click to collapse
Sounds like progress... Not for me... well a little bit. I'm not having any issues modifying the default.prop or any .rc script in the ramdisk and repacking so the kitchen is fine. Although they all boot, none of my changes did anything though.
workdowg said:
The only info I could fine on LPM mode is for mobile sim cards.... What exactly is this you are refering to...Sounds like progress... Not for me... well a little bit. I'm not having any issues modifying the default.prop or any .rc script in the ramdisk and repacking so the kitchen is fine. Although they all boot, none of my changes did anything though.
Click to expand...
Click to collapse
With LPM I mean charging mode, with the big battery. Usually it would gain me full adb access but it would take about a min until adb started.
CTXz said:
Hmm CM recovery still saying
33005960dd4672df offline
Guess i'll have to build another recovery then.
I was hoping that selinux was the fault. I will still check the kmsg if it is kernel related.
Click to expand...
Click to collapse
Well I edited the ramdisk on ashax twrp (based on the nexus 9) and before it couldn't find adb devices at all. Now I get the same error you are:
Code:
3300123a6b6982cd offline
Maybe something in the kernel build stopping it from working???
workdowg said:
Well I edited the ramdisk on ashax twrp (based on the nexus 9) and before it couldn't find adb devices at all. Now I get the same error you are:
Code:
3300123a6b6982cd offline
Maybe something in the kernel build stopping it from working???
Click to expand...
Click to collapse
I thought the same. Strangely enough stock recovery seems to wnter adb fine if the flags are set unsecure in the default prop.
I wanted to help develop root for my and anybody else's LG Stylo 2. I'm ready to help in almost any way possible. Attached is my info. Let me know if anything can be done or if development has started.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Cant wait for permanent root. things i have learned about this phone is it can be temporary rooted with kingroot 4.9.6 things i have been able to do with temp root are remove bloat, install busybox and I use Lspeed tweeks. You can softboot without losing root also if you power down you phone then hold power + volume down it will boot into recovery mode there is a option to apply a update through adb or any basic adb commands and if you go to the option in recovery to to boot to bootloader that will put your phone in fastboot mode. Also if you power your phone down and hold volume up while plugging in your phone to the power cord via wall plug or computer it will boot into download mode i believe that is for flashing our .kdz firmware files thru lg flasher program for pc but have yet to find a firmware file for the LGLS775. those are the only things i have found and contribute thus far. good luck and god speed. Oh also i believe if you can find a way to switch kingroot with supersu without having to reboot and lose root then we should be able to use (Root) Flash Fire to possibly flash a updated supersu binary and hopefully keep root I know that flash fire needs supersu binaries or it wont work it wont even recognize root with kingroot.
DirtyPISTOLA said:
Cant wait for permanent root. things i have learned about this phone is it can be temporary rooted with kingroot 4.9.6 things i have been able to do with temp root are remove bloat, install busybox and I use Lspeed tweeks. You can softboot without losing root also if you power down you phone then hold power + volume down it will boot into recovery mode there is a option to apply a update through adb or any basic adb commands and if you go to the option in recovery to to boot to bootloader that will put your phone in fastboot mode. Also if you power your phone down and hold volume up while plugging in your phone to the power cord via wall plug or computer it will boot into download mode i believe that is for flashing our .kdz firmware files thru lg flasher program for pc but have yet to find a firmware file for the LGLS775. those are the only things i have found and contribute thus far. good luck and god speed. Oh also i believe if you can find a way to switch kingroot with supersu without having to reboot and lose root then we should be able to use (Root) Flash Fire to possibly flash a updated supersu binary and hopefully keep root I know that flash fire needs supersu binaries or it wont work it wont even recognize root with kingroot.
Click to expand...
Click to collapse
I tried another method for fastboot. But nothing.....is there anything that you can recommend?
JOKERx2 said:
I tried another method for fastboot. But nothing.....is there anything that you can recommend?
Click to expand...
Click to collapse
unfortunately not as of now I actually gave this phone to my sister in law and went to the ZTE Warp Elite 4G and the screen on that phone cracked in my pocket like the 2nd day I bought it and now on the Samsung Galaxy J7 but my wife is still using the ver4 of the stylo 2 Ill mess around with it here or there and if i find something ill let you guys know for sure.
please need stock filmware ls775zv5
ltindi32 said:
please need stock filmware ls775zv5
Click to expand...
Click to collapse
me too idk whats up with my phone im getting no notifications and my home and recent apps not working
temp 2 perm
JOKERx2 said:
I tried another method for fastboot. But nothing.....is there anything that you can recommend?
Click to expand...
Click to collapse
I believe there are couple threads on XDA, one was even by a "Joker" username on switching cfChainfiresSuperSU out for Kingoroots temp root............
Once even temp root is obtained, Chainfires su can be pushed.........
Just thought 2 comment, looking at switching from my Samsung Galaxy J3 (2016) back to an LG. Had this one before but it had lollipop 5.1.1 and only 1gb of ram..........
zach
got something maybe
JOKERx2 said:
I wanted to help develop root for my and anybody else's LG Stylo 2. I'm ready to help in almost any way possible. Attached is my info. Let me know if anything can be done or if development has started.
Click to expand...
Click to collapse
I just bought this same exact phone yesterday at BestBuy because it was such a good price ($119), plus I thought a thread I was looking at on XDA was for it with twrp & root..........
Reason I'm writing you right now, is out of the box this phone has an update waiting to install that is 454.4mb, I'm pretty sure its the complete KDZ file.
Any idea how to get it off this phone??? Since this could be the break were looking for recovering from trying stuff out!!!!!!
I'll leave the phone like it is, for awhile...........
Hoping to get a response back soon
zach
You might need to PM the OP for options. But I do believe there is a way to get the file now
sent from Joker Stylos2
smile
DirtyPISTOLA said:
Cant wait for permanent root. things i have learned about this phone is it can be temporary rooted with kingroot 4.9.6 things i have been able to do with temp root are remove bloat, install busybox and I use Lspeed tweeks. You can softboot without losing root also if you power down you phone then hold power + volume down it will boot into recovery mode there is a option to apply a update through adb or any basic adb commands and if you go to the option in recovery to to boot to bootloader that will put your phone in fastboot mode. Also if you power your phone down and hold volume up while plugging in your phone to the power cord via wall plug or computer it will boot into download mode i believe that is for flashing our .kdz firmware files thru lg flasher program for pc but have yet to find a firmware file for the LGLS775. those are the only things i have found and contribute thus far. good luck and god speed. Oh also i believe if you can find a way to switch kingroot with supersu without having to reboot and lose root then we should be able to use (Root) Flash Fire to possibly flash a updated supersu binary and hopefully keep root I know that flash fire needs supersu binaries or it wont work it wont even recognize root with kingroot.
Click to expand...
Click to collapse
Would a kdz file help?
https://mega.nz/#!6BMlmIZB!CBKqxLvGl3c2EfYXj6_hIbdUKxPtbfWzgoglQb0d5aA
When I purchased my BOOST Stylo 2 two days ago, it had an update popped up not long after powering on.......
logcatted it, went through a bunch of URL's until one gave me a username/password popup, admin by itself with no password got the 454.4mb .zip downloaded!
http://imgur.com/q2dvC13
what it looks like unzipped.........
Hope this helps!!!!!!!
zach
---------- Post added at 07:10 PM ---------- Previous post was at 07:06 PM ----------
ltindi32 said:
please need stock filmware ls775zv5
Click to expand...
Click to collapse
I just purchased my LGLS775, 6.0.1, update out of box popped up and I captured it. Phone says software version is ZV4 but with the update????
I'm no expert on this, why I'm in this forum with the kdz...............
heres the link in case it will help:
https://mega.nz/#!6BMlmIZB!CBKqxLvGl3c2EfYXj6_hIbdUKxPtbfWzgoglQb0d5aA
let me know........
zach
O'tay, if anyones interested. BOOST Stylo 2, same specs that Joker put up. I have 1.02gb kdz, LGUP recognizes it in download mode, still says it can't open it...........
Got Terminal script to replace Kingroot's temp root with SuperSU but I issz not gonna go a step further until I know I can flash this bad boy when the going gets rough................
Any ideas, hello????
Did everyone toss their Stylo 2's on the heap?
jeez
zach
Ok, so the update was ZV5, but in theory now that I have the LG OTA cert, I might be able to possibly package SuperSU in it. It depends on LG's update checking, some manufacturers just check the cert, others check the sum of the package, so I'll see what the case is with LG.
---------- Post added at 06:52 AM ---------- Previous post was at 06:44 AM ----------
Ok, so apparently, they are checking some footer that doesn't match, so a no go there.
---------- Post added at 06:53 AM ---------- Previous post was at 06:52 AM ----------
I wonder if I replace their aboot with a modified kernel and update the signatures if it would install.
https://mega.nz/#!LFlBRAhS!rDl7PJMkFq7HqUDDgbKV6ddv-C3qkQIJl_CJkhkx2sc
Dirtycow exploit, ADB folder with the adb/fastboot, .bat & .dll's, either replace whats in your folder with the included or for those without refer how to setup and just place this under your OS C: directory and cd c:\adb in command screen to get there! control+shift keys before, as you click on cmd screen will open as admin. Includes Drammer.apk, if your ZV4 or ZV5.... Rock & Roll!!!... I'm ZV6 but I believe running this along with Drammer taxing the processor allowed my Kingroot (included in dwnld, BETA ver.) to achieve root, even if only temporarily, it lost it by the time I picked phone up @ 1:33am this morning but still allowing me to attempt to fix "root auth" over & over.........
Happy Holidays
Not responsible for bricks or burnt turkeys!
zach
thanks to slickrick for putting the binaries and commands together off github, and to messi2050 who has TWRP built and waiting for the LG Stylo 2 (not the plus the LGLS775ABB)
coolbeans2016 said:
https://mega.nz/#!LFlBRAhS!rDl7PJMkFq7HqUDDgbKV6ddv-C3qkQIJl_CJkhkx2sc
Dirtycow exploit, ADB folder with the adb/fastboot, .bat & .dll's, either replace whats in your folder with the included or for those without refer how to setup and just place this under your OS C: directory and cd c:\adb in command screen to get there! control+shift keys before, as you click on cmd screen will open as admin. Includes Drammer.apk, if your ZV4 or ZV5.... Rock & Roll!!!... I'm ZV6 but I believe running this along with Drammer taxing the processor allowed my Kingroot (included in dwnld, BETA ver.) to achieve root, even if only temporarily, it lost it by the time I picked phone up @ 1:33am this morning but still allowing me to attempt to fix "root auth" over & over.........
Happy Holidays
Not responsible for bricks or burnt turkeys!
zach
thanks to slickrick for putting the binaries and commands together off github, and to messi2050 who has TWRP built and waiting for the LG Stylo 2 (not the plus the LGLS775ABB)
Click to expand...
Click to collapse
[email protected]:/ $ run-as -exec id
run-as -exec id
Current uid: 2000
Setting capabilities
Attempting to escalate to root
Current uid: 0
Executing: 'id' with 0 arguments
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:runas:s0
[email protected]:/ $ run-as -exec sh
run-as -exec sh
Current uid: 2000
Setting capabilities
Attempting to escalate to root
Current uid: 0
Executing: 'sh' with 0 arguments
Failed to execute 'sh'!
1|[email protected]:/ $ chmod 0777 /system/bin/sh
chmod 0777 /system/bin/sh
chmod: chmod '/system/bin/sh' to 100777: Read-only file system
1|[email protected]:/ $
im LS775ZV5 trying to get root so I can hopefully use shortcut master lite to access hidden menu to bring up unlock menu to enter the unlock code I brought...
patched
mrw187 said:
[email protected]:/ $ run-as -exec id
run-as -exec id
Current uid: 2000
Setting capabilities
Attempting to escalate to root
Current uid: 0
Executing: 'id' with 0 arguments
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:runas:s0
[email protected]:/ $ run-as -exec sh
run-as -exec sh
Current uid: 2000
Setting capabilities
Attempting to escalate to root
Current uid: 0
Executing: 'sh' with 0 arguments
Failed to execute 'sh'!
1|[email protected]:/ $ chmod 0777 /system/bin/sh
chmod 0777 /system/bin/sh
chmod: chmod '/system/bin/sh' to 100777: Read-only file system
1|[email protected]:/ $
im LS775ZV5 trying to get root so I can hopefully use shortcut master lite to access hidden menu to bring up unlock menu to enter the unlock code I brought...
Click to expand...
Click to collapse
not sure what versions after ZV3 are for which xploit patches...... but if you are ZV5 & getting this return (read-only) when executing the dirtycow xploit, it means ZV5 has that xploit patched....
& at this time, it was the last available xploit to get root.........
so........
waiting game
A little late to the party, but I just got this phone as a replacement and so far am loving it. I always had root, so I hope we can find a way soon. I'm on v4, are you guys saying temp root is possible via king root v4.96?
Ouch, never mind I'm on v5 no exploits?
Sent from my LGLS775 using Tapatalk
coolbeans2016 said:
not sure what versions after ZV3 are for which xploit patches...... but if you are ZV5 & getting this return (read-only) when executing the dirtycow xploit, it means ZV5 has that xploit patched....
& at this time, it was the last available xploit to get root.........
so........
waiting game
Click to expand...
Click to collapse
Hey guys, happy new to all. I just got this phone but bought a BOOST version instead of a VIrgin mobile version by mistake. I have had it SIM GSM unlocked yet cannot enable APN settings. I am on V3 of software. Any one have full V4 KDZ or at least how to enable APN configuration? Thanks!
keep ZV3!!!!!
luisitox22 said:
Hey guys, happy new to all. I just got this phone but bought a BOOST version instead of a VIrgin mobile version by mistake. I have had it SIM GSM unlocked yet cannot enable APN settings. I am on V3 of software. Any one have full V4 KDZ or at least how to enable APN configuration? Thanks!
Click to expand...
Click to collapse
If you want root & TWRP DON'T TAKE THE UPDATES
ALSO DO NOT USE KINGROOT VER. 4.6, USE 5.0 BETA (or 4.9)
zach
coolbeans2016 said:
If you want root & TWRP DON'T TAKE THE UPDATES
ALSO DO NOT USE KINGROOT VER. 4.6, USE 5.0 BETA (or 4.9)
zach
Click to expand...
Click to collapse
Thanks for the reply bro. Unfortunately, I miss read instructions in another thread and took a small update that took me to v6. Is it possible to downgrade?
Thanks?
nope
luisitox22 said:
Thanks for the reply bro. Unfortunately, I miss read instructions in another thread and took a small update that took me to v6. Is it possible to downgrade?
Thanks?
Click to expand...
Click to collapse
Your now the proud owner of the MOST undevelopable device known to man....
***BOOST VARIANT ONLY*** ***BOOST VARIANT ONLY*** ***BOOST VARIANT ONLY***
CLEAR/DELETE DALVIK-CACHE FOLDER FROM "/data/dalvik-cache" IN ROOT EXPLORER OR TWRP AFTER INSTALLING BOOT IMAGE TO ALLOW SYSTEM TO ADJUST
##FLASH THE LATEST SUPERSU ZIP BELOW##
P.S. I NOTICE IT IS NO LONGER SYSTEM-LESS MODE. SO WE CAN TRIM THE SUPERSU SYSTEM-LESS CONTENT FROM THE RAMDISK.
Tweaked the contents of the boot image to allow for faster boot and better runtime performance. I use it as my daily driver. App performance is snappier. Only for the Boost Desire 626s. Unzip and flash with Flashify, TWRP, or your choice of image flasher. I also added some optimization scripts to supplement the boot image. Run them with Smanager, Root Explorer or in the terminal. Also here is a zip 601626SPIEFIX.zip that when flashed in TWRP recovery will allow the system to run non-pie executables and it works great. You'll be able to run custom binaries without any issue or error. All zips in this thread are the latest.
If you have ISSUES WITH DATA SPEEDS in certain areas, especially if you tether, GO INTO THE DIALER and DIAL *#*#4636#*#* then ACCESS PHONE INFORMATION and SELECT CDMA auto (PRL) UNDER SET PREFERRED NETWORK TYPE. LTE seems to be problematic in certain areas with speeds dropping to 150kbps and with this solution you'll be getting about 600 to 700kbps so at least it'll be a gain until you get into an area with better LTE coverage. In a good coverage area, I get download speeds of up to 5 to 7 mbps with LTE on, but in bad areas, CDMA works better. If you want to tether with a wireless third party solution make sure to run in a terminal window or adb shell as root : pm disable com.htc.tetheringguard
DOWNLOAD BOOT IMAGE: http://forum.xda-developers.com/attachment.php?attachmentid=3917986&d=1477604429
DOWNLOAD SUPERSU BETA: https://download.chainfire.eu/1009/SuperSU/SR2-SuperSU-v2.78-SR2-20161029143931.zip?retrieve_file=1
DOWNLOAD SCRIPTS: http://forum.xda-developers.com/attachment.php?attachmentid=3863279&d=1472880351
DOWNLOAD PIE FIX: http://forum.xda-developers.com/attachment.php?attachmentid=3844539&d=1471383163
DOWNLOAD BOOT IMAGE TOOL : http://forum.xda-developers.com/attachment.php?attachmentid=3917995&d=1477605263
DOWNLOAD HTC DRIVERS AND MINIMAL ADB + FASTBOOT: http://forum.xda-developers.com/attachment.php?attachmentid=3868562&d=1473328405
ANDBLOCKDEV.sh from scripts zip will speed up file input and output speeds, its contents have been incorporated into the boot image so the scripts files are for your own archival.
The zip DESIRE626SIMGTOOL.zip contains the android image kitchen and the 6.0.1 Boost Desire 626S boot image contents already extracted into two folders split_img and ramdisk with recent modifications. Enjoy!
http://www.vysor.io/ is a great tool to control your android device from a computer within chrome. You should try it out.
I provided a zip named HTCDrivers.zip containing the installation for both fastboot and adb drivers for the Boost Desire 626S, and minimal adb and fastboot. This will help you connect your device up with Vysor.
COPY the FILES; fastboot.exe, adb.exe, AdbWinUsbApi.dll and AdbWinApi.dll FROM - C:\Program Files (x86)\Minimal ADB and Fastboot - TO - C:\Windows\System32 - AND - C:\Windows\SysWOW64
Once you have installed the drivers for HTC devices,
and copied the minimal adb and fastboot files specified above to both system folders, you should be able to run adb commands without a problem by just opening a command prompt as administrator,
and RUNNING the command:
adb devices
- to start the adb server. This will allow connection with Vysor.
##########
For those who prefer nightbreed813's 6.0.1 slim rom version, I uploaded 601VPNDIALOGSFIX.zip to fix the issue with authorizing VPN clients, but first YOU HAVE TO CREATE /system/priv-app/VpnDialogs in Root Explorer or any other root filesystem browser, then reboot to TWRP recovery and flash the zip.
DOWNLOAD VPNFIX : http://forum.xda-developers.com/attachment.php?attachmentid=3860930&d=1472669879
##########
Also, you can get your MSL/SPC security code easily.........
Use the info in this thread to get your MSL/SPC security code so you can write new values to NV entries in the modem. Some values are locked but you can change the BC config for both LTE and CDMA so that would at least be helpful.
INFO HERE: http://forum.xda-developers.com/spri...k-sim-t3314755
##########
Android settings can be changed in the terminal for three namespaces; system, global and secure.
In the terminal run:
settings list system
settings list global
settings list secure
For each namespace all associated settings and their values will be listed. To change a setting type:
settings put system setting_name_here value_here
settings put global setting_name_here value_here
settings put secure setting_name_here value_here
##########
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Look now has working VPN......
***BOOST VARIANT ONLY*** ***BOOST VARIANT ONLY*** ***BOOST VARIANT ONLY***
anthonykb said:
Tweaked the contents of the boot image to allow for faster boot and better runtime performance. I use it as my daily driver. App performance is snappier. Only for the Boost Desire 626s. Unzip and flash with Flashify, TWRP, or your choice of image flasher. I also added some optimization scripts to supplement the boot image. Run them with Smanager, Root Explorer or in the terminal. Also here is a zip 601626SPIEFIX.zip that when flashed in TWRP recovery will allow the system to run non-pie executables and it works great. You'll be able to run custom binaries without any issue or error. All zips in this thread are the latest.
Click to expand...
Click to collapse
Will this run on the Metro Variant?
As far as I know no but you can try in case it might.
Enter these commands in a new terminal window:
cd /dev/block/platform/soc.0/7824900.sdhci/by-name
dd if=boot of=/sdcard/backup.img
The backup boot image can be flashed from the sdcard in TWRP recovery if the device fails to boot into the system after flashing the boot image contained in the zip in the attachments.
Is there anyway you would be able to make one for the metro Variant if i upload my boot image?
MetroPCS Boot Image
GotHeart said:
Is there anyway you would be able to make one for the metro Variant if i upload my boot image?
Click to expand...
Click to collapse
Did you try unzipping the boot image and flashing it already? I don't think it could work that way. I would do it if I had the metro version myself.
anthonykb said:
Did you try unzipping the boot image and flashing it already? I don't think it could work that way. I would do it if I had the metro version myself.
Click to expand...
Click to collapse
Thats what im saying.if i upload my metro boot image would you be able to optimize it like you did before with the boost Variant?
GotHeart said:
Thats what im saying.if i upload my metro boot image would you be able to optimize it like you did before with the boost Variant?
Click to expand...
Click to collapse
I meant so you tried the boost version and it wouldn't boot?
anthonykb said:
I meant so you tried the boost version and it wouldn't boot?
Click to expand...
Click to collapse
No i havent tried it yet
GotHeart said:
No i havent tried it yet
Click to expand...
Click to collapse
Backup your kernel boot image to your sdcard and flash the boost version just to make sure.
cd /dev/block/platform/soc.0/7824900.sdhci/by-name
dd if=boot of=/sdcard/backup.img
Then unzip the 601bootimg.zip file with Zarchiver in the Play Store and flash the extracted boot image.
anthonykb said:
Backup your kernel boot image to your sdcard and flash the boost version just to make sure.
Click to expand...
Click to collapse
Okay ill do it now and let you know
The phone booted but it corrupted my sdcard,so i lost everything i had on there.
GotHeart said:
The phone booted but it corrupted my sdcard,so i lost everything i had on there.
Click to expand...
Click to collapse
Flash back the backed up boot image in TWRP and see if the sdcard mounts right. The mount point contained in the boost boot image is probably wrong for the the sdcard/emmc in the metropcs phone.
I did but my sdcard got corrupted so i was forced to format it.
GotHeart said:
I did but my sdcard got corrupted so i was forced to format it.
Click to expand...
Click to collapse
I'm so sorry the process turned out to be a dud for you I have the boost model myself. Hope you can recover your files with one of those forensic data recovery tools.
anthonykb said:
I'm so sorry the process turned out to be a dud for you I have the boost model myself. Hope you can recover your files with one of those forensic data recovery tools.
Click to expand...
Click to collapse
Its nothing important lol.any chance you can share what you did or how?
Use the Android Image Kitchen by osm0sis
GotHeart said:
Its nothing important lol.any chance you can share what you did or how?
Click to expand...
Click to collapse
Use the tool at the link below to unpack the image, make your modifications, and repack the image contents (The ramdisk and split_img folders.) It's available for Windows, Linux and Android. It's a simple process expect for knowing what you'd need to do to the image.
http://forum.xda-developers.com/showthread.php?t=2073775
anthonykb said:
Use the tool at the link below to unpack the image, make your modifications, and repack the image contents (The ramdisk and split_img folders.) It's available for Windows, Linux and Android. It's a simple process expect for knowing what you'd need to do to the image.
http://forum.xda-developers.com/showthread.php?t=2073775
Click to expand...
Click to collapse
My mistake i was in a hurry when i typed that last reply.
Im aware of how to unpack/repack boot images and i appreciate the link,but i was wondering what modifications that were made.if youd prefer not to share,i can upload my boot image if youd like to make the modifications yourself.im just trying to make this compatible with the metro version.
The same modifications done for the Boost Desire 626S might not work well for the MetroPCS version so upload the image you backed up yesterday as an attachment in a reply post and I'll work on it.
Thanks a ton!
MetroPCS Boot Image
GotHeart said:
Thanks a ton!
Click to expand...
Click to collapse
Run busybox top in the terminal on your phone and post some screenshots so I can see what might need to be done. We want to see what processes would be the culprit behind bogging down precious processor time and reducing the snappiness of the device in reacting to realtime input and handling current requests.