Related
I know that the Verizon bootloader is almost impenetrable as is, but would it be plausible to completely go over the head of the firmware and directly write an image with JTAG that would allow for custom software? If so, would it be possible to use the firmware from another carrier like USC or would it have to be a custom image?
EDIT: summary of the method and everything I have thusfar discovered
So, this method after a bit of evolution, got to the point it basically entailed the following: Using the SD Card debrick method (popularized by the galaxy s3 LTE variants) a modified firmware image would be written to an SD Card, and the phone would boot from that image. The main problem I ran into: it would not let me flash anything that could brick the phone, nor was I able to pull the usb cord at the right moment and try and manually brick it. I was able to flash firmware and stock tars from other variants of the phone (such as the one that runs on T-mobile), but what I found out through that is a couple things:
1. The stock tars seem mostly carrier independent, and I was without any modification able to flash a T-mobile bootloader, system image, and pit file, but within recovery and download mode it would show that because of integrated CSC, it would still change back to the original variant. This could have implications for a very simple method of removing bloat from the phone, but I'm not so sure
2. It must have a very low level method of injecting information and file verification that is not located anywhere on eMMC
The latter led me to research a TON, eventually finding that the most likely culprit is the use of Qualcomm Qfuses, non-volatile pre-set memory located directly on the SoC, to check how the bootloader is signed. They consist of a couple blocks of registers, and definitely aren't readily writable. The trusted base of the entire secure system, the same system that KNOX invokes on other systems, is within a series of Qfuses. From what I have deduced, however, they must be at some software level writable, as although the Knox counter is an e-fuse, the others (such as the warrantee bit) have been both changed upon their void and reverted when brought back to a service center. This must mean that the entire block is possible to modify in both directions, unlike a fuse or breaker; It seems to act more like flash memory than a "fuse." This is very good, mainly because if the service center can change it it means that jtag has not been disabled by those flags, and is enabled in at least some form. What this also means is that without another MAJOR exploit within unfortunately simple, clean code or a leak of several RSA keys from verizon, either current workarounds such as safestrap are the answer for the foreseeable future, or a method of manually changing a simgle Qfuse (the one that controls the "Qualcomm Secureboot" flag) could be used.
What I'm hopefully going to start at some point here is research into finding a way of accessing and changing that Qfuse via JTAG. I have no money for a JTAG box at the moment, so it'll have to wait, but if anyone who already has one wants to use it, hopefully this info helps
P.S. I figured out exactly what T-flash does in odin: it flashes the files that you input into odin to the currently inserted SD Card (or so it seems, I could be wrong but that's what it did for me)
P.P.S. Verizon, I respectfully request that...oh never mind, profanity is definitely frowned upon here
Also, I'm in ongoing discussion with the FCC as to block C violations by Verizon of aspects of the regulations that upon research have not really been argued to any substantial extent, so if that comes to fruition hopefully there'll be simple ODIN flashable patches for this stuff :fingers-crossed:
UPON REFLECTION: if the phone could be bricked, either by very subtly corrupted file or by interrupting a flash at the right moment, then could the debrick image from a tmobile galaxy s5 with an unlocked bootloader be used as not a method of flashing the on-board bootloader but as a kind of external boot, so a permenantly installed SD Card that would be permissive of modified kernels and such but still accepted as a boot device by the phone?
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
tr4nqui1i7y said:
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
Click to expand...
Click to collapse
what was done with the droix x? Did they use a direct JTAG patch?
I just realized something. From reading here: http://forum.gsmhosting.com/vbb/f200/how-fix-samsung-galaxy-s5-sm-g900f-dead-boot-1813266/
It seems to show that the S5 has a "alternative boot upon init fault" method similar to that that allows the galaxy s3 debrick to work (I have a guide I made with details) so would it be possible to somehow corrupt a very important part of the bootloader in an official update (would one or two bits still mess with the signature?), apply that, and have an insecure bootloader on a microsd card in the phone allowing it to boot into that, then use that with odin to flash an insecure bootloader to the s5 itself?
Now I have to ask an interesting question somewhere (since he: http://forum.xda-developers.com/verizon-galaxy-s5/help/g900v-hard-brick-t2914847 seems to have done it): "guys how do I brick my sm-g900v?"
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
tr4nqui1i7y said:
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
Click to expand...
Click to collapse
I think it might actually be easier
So long as a couple conditions are met for it:
1. The bootloader alone determines if an image is "signed" or not (like when flashed in odin)
2. The same UnBrick exploit from the S3 LTE variants works in some form (secondary storage, fault-triggered boot)
3. It is possible to get it to load a modified bootloader from that secondary boot (this is why number 1 is important)
4. KNOX is completely firmware based, and doesn't have any chip based verification
5. I or someone else actually knows how to modify the bootloader such that it will allow unsigned images (even if not removing it all together, then changing the key to one they publicize so people can sign their rom with it)
If all of these are met, then we might actually have free root! Basically all it would involve would be bricking the device badly enough it boots from secondary storage, have that secondary boot have a "back door" that allows a custom image to be flashed, that allows a bootloader image to be flashed that allows for a signed recovery (signed with that publicly available code) to be flashed without having to deal with safestrap or anything like that. Just full root like on any other phone. Anyone want to offer an opinion? Will this work? I would love to try this out, though I'm a bit unwilling to offer my s5 as a sacrifice just yet as I don't have a JTAG unit on site. I know the bounty is probs gone but I'm ok just getting my bootloader unlocked an' $#*+
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
tr4nqui1i7y said:
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Click to expand...
Click to collapse
Have you found anything yet?
dreamwave said:
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
Click to expand...
Click to collapse
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
dreamwave said:
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
Click to expand...
Click to collapse
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
that's why I'm hoping the debrick image method will work
tr4nqui1i7y said:
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
Click to expand...
Click to collapse
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom. Also, safestrap didn't do a thing with the bootloader, it was done during kernel init, right after firmware finishes. If a phone is hard bricked then adb won't work, and what I'm getting at is hard bricking it then using the debrick image thing
dreamwave said:
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom
Click to expand...
Click to collapse
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Click to expand...
Click to collapse
I don't know, I got it to go back to when root was still possible to get via an app. I don't see why there's a need to downgrade the bootloader if the debrick image thing works
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
Click to expand...
Click to collapse
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
dreamwave said:
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
Click to expand...
Click to collapse
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
tr4nqui1i7y said:
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
Click to expand...
Click to collapse
but that has already been done I think, root on a system with any bootloader so long as a root exploit exists for the OS
That's safestrap. It doesn't allow custom kernels or a full custom recovery though, that's why I'm trying to modify the bootloader
Hey guys.
Really sorry for having to post this again :/
Tried posting my issue in this thread but I think that thread's gone cold.
----
I have a Moto G5 Plus US, Model XT1687
Current ROM Info:
Software channel: retus
Build #: NPN 25.137-33
Security patch: Jan, 1 2017
Baseband: M8953_02.03.07.06R POTTER_NA_CUST
On a whim, unlocked the bootloader. Now id like to lock it back.
I haven't updated my phone / installed any OTA's, phone keeps asking to update to NPNS25.137-33-5, haven't done it.
Does this procedure work for me?
Which ROM should I use?
Id like to relock the bootloader and receive OTA updates as normal on my US variant phone!
Many thanks!
I'm pretty sure Motorola hasn't released stock firmware for the retus version.
Cats_PJs said:
I'm pretty sure Motorola hasn't released stock firmware for the retus version.
Click to expand...
Click to collapse
So, there's no way for me to relock my bootloader unless motorola releases it?
Can't I use another firmware that's available here at XDA?
What would you do?
Not update OTA and wait for motorola to release the firmware, or should just leave it unlocked?
Thanks
seed_87 said:
So, there's no way for me to relock my bootloader unless motorola releases it?
Can't I use another firmware that's available here at XDA?
What would you do?
Not update OTA and wait for motorola to release the firmware, or should just leave it unlocked?
Thanks
Click to expand...
Click to collapse
I don't think there's a way to relock the retus version, but maybe I'm wrong.
As far as what I would do. I always run a custom ROM, so I'd flash twrp, make a backup and try a few roms..
seed_87 said:
So, there's no way for me to relock my bootloader unless motorola releases it?
Can't I use another firmware that's available here at XDA?
What would you do?
Not update OTA and wait for motorola to release the firmware, or should just leave it unlocked?
Thanks
Click to expand...
Click to collapse
To relock the phone, you must flash a complete factory image that is the same or newer than what you have installed... Only way, not that it gains much except the ability to pass SafetyNet checks on pure stock, which you can do with some root magic anyway, but the bootloader will change to a state of 2 (Relocked), your warranty will still be void, and you will still get the bootloader unlocked warning screen (unless you flash a custom logo).
Cats_PJs said:
I don't think there's a way to relock the retus version, but maybe I'm wrong.
As far as what I would do. I always run a custom ROM, so I'd flash twrp, make a backup and try a few roms..
Click to expand...
Click to collapse
Well, I originally wanted to just root the stock ROM and install a couple of things like: Adaway, some Xposed modules (Like the Youtube ad remover one), WiFi ADB (which requires root, allows one to wirelessly debug apks)
acejavelin said:
To relock the phone, you must flash a complete factory image that is the same or newer than what you have installed... Only way, not that it gains much except the ability to pass SafetyNet checks on pure stock, which you can do with some root magic anyway, but the bootloader will change to a state of 2 (Relocked), your warranty will still be void, and you will still get the bootloader unlocked warning screen (unless you flash a custom logo).
Click to expand...
Click to collapse
Wow relocking the BL sounds really useless once you realize what you're getting from it. I really don't care much for SafetyNet as (this model has no NFC). I don't use Android Pay either.
Honestly, I unlocked the BL but finally didn't root mainly because I read some issues when rooting. Please see this post
Thanks for the enlightenment!
seed_87 said:
Well, I originally wanted to just root the stock ROM and install a couple of things like: Adaway, some Xposed modules (Like the Youtube ad remover one), WiFi ADB (which requires root, allows one to wirelessly debug apks)
Wow relocking the BL sounds really useless once you realize what you're getting from it. I really don't care much for SafetyNet as (this model has no NFC). I don't use Android Pay either.
Honestly, I unlocked the BL but finally didn't root mainly because I read some issues when rooting. Please see this post
Thanks for the enlightenment!
Click to expand...
Click to collapse
If you do decide to root, I would suggest using magisk instead of SuperSU. I switched a few months ago, and it works perfectly
Safetynet isn't just for nfc, other companies and apps have used it in their software as well ie: Snapchat, and Pokemon go are 2 I can think off the bat.
Installing and/or rooting with magisk is fairly easy and painless, and it will have superSU which will give you root.
How to:
Must have twrp recovery, or some other custom recovery, although these days I would recommend twrp, as it works and is more widely used than say cm recovery is, since cm project was taken over by lineage now. Anyways, flash a custom recovery and use it. (note: I haven't used cm recovery or any other recovery in years, so I do not know it this works with antyhing else, aside from twrp, which I know it works fine with). There are also tutorials all over xda on how to install/flash twrp, as well as youtube videos if you prefer that better.
Go grab magisk.zip, (do a google search or look on xda, it's all over the place just do a search for like magisk zip, you'll find it).
The latest as of right now I think is 14.0 and you will also (if I recall correctly) need magisk manager, (and just like the zip file you can do a quick search it's also all over the place).
Once you have that, reboot into recovery, then flash the magisk.zip file, and reboot, it should give you magisk manager app in your app drawer and you should be rooted. (Note: You may need to update magisk manager.)
To check root grab an app called root checker on the plays store. (it's free)
It's that easy.
Short summary:
1: Install custom recovery (if you haven't already)
2: Boot to recovery, flash magisk.zip
3: reboot to system, and profit from root + safetynet hide.
Quick and painless root method.
I do all my rooting now this way, in fact I recently re-flashed my nexus 5x rom and instead of flashing superSU I flashed the magisk way instead, and it cover 2 things,
1: gives you root
2: it hides root from safetynet and lets you use nfc, pokemon go, snapchat, and other apps that use safetynet as well.
Cats_PJs said:
If you do decide to root, I would suggest using magisk instead of SuperSU. I switched a few months ago, and it works perfectly
Click to expand...
Click to collapse
Oh, wow, I had the (wrong) idea that the SuperSU method was the better one and superseeded magisk. If that works great then awesome I will root using magisk, thanks @Cats_PJs !
easyrider77 said:
Safetynet isn't just for nfc, other companies and apps have used it in their software as well ie: Snapchat, and Pokemon go are 2 I can think off the bat.
Installing and/or rooting with magisk is fairly easy and painless, and it will have superSU which will give you root.
How to:
Must have twrp recovery, or some other custom recovery, although these days I would recommend twrp, as it works and is more widely used than say cm recovery is, since cm project was taken over by lineage now. Anyways, flash a custom recovery and use it. (note: I haven't used cm recovery or any other recovery in years, so I do not know it this works with antyhing else, aside from twrp, which I know it works fine with). There are also tutorials all over xda on how to install/flash twrp, as well as youtube videos if you prefer that better.
Go grab magisk.zip, (do a google search or look on xda, it's all over the place just do a search for like magisk zip, you'll find it).
The latest as of right now I think is 14.0 and you will also (if I recall correctly) need magisk manager, (and just like the zip file you can do a quick search it's also all over the place).
Once you have that, reboot into recovery, then flash the magisk.zip file, and reboot, it should give you magisk manager app in your app drawer and you should be rooted. (Note: You may need to update magisk manager.)
To check root grab an app called root checker on the plays store. (it's free)
It's that easy.
Short summary:
1: Install custom recovery (if you haven't already)
2: Boot to recovery, flash magisk.zip
3: reboot to system, and profit from root + safetynet hide.
Quick and painless root method.
I do all my rooting now this way, in fact I recently re-flashed my nexus 5x rom and instead of flashing superSU I flashed the magisk way instead, and it cover 2 things,
1: gives you root
2: it hides root from safetynet and lets you use nfc, pokemon go, snapchat, and other apps that use safetynet as well.
Click to expand...
Click to collapse
Awesome explanation @easyrider77 I will definitely try to root using magisk. Thanks for the warning, don't play Pokemon go and haven't used Snapchat in years so i'm good! I'll try flashing the latest Magisk (v14.0)
One thing tho:
I think I want to (for now anyways) stay stock-ish (stock rom + stock kernel + twrp + magisk).
If I understand it correctly, flashing a custom recovery renders the phone unable to get OTA's (Not that I'd want to apply an OTA update on a modified rooted phone and risk a brick anyways) So, how would one eventually update Android? (Keeping in mind that Motorola hasn't released any retus firmware) Can I flash other non-retus firmwares? (Which wouldn't flash over twrp I think, I would then just loose root and have to flash magisk again, right?)
Thanks a ton guys :good::good::good:
EDIT:
Short xda search pointed me to this official TWRP link, will follow fastboot method to install TWRP.
I'm not sure what exactly stops ota from coming in. I've heard unlocking the bootloader is what causes it, and I've also heard that flashing a custom recovery is what causes it, and I've also heard a custom rom is what does it.
There are options as far as ota goes though, and work the same way, but you'd jsut have to wait. People release flashable ota files all the time, and can be flashed via twrp.
If you want to keep stock, and root that's fine too, but I personally wouldn't worry much about the ota issue at all, because eventually every phone will not get ota as it will lose support, but you can still get the latest and greatest up to date rom with it's features.
Prime examples would be:
Oneplus One,
Oneplus 3
some of the samsung devices like s4
These are just a few, and although they don't receive support officially, they are sporting the brand new android 8 oreo.
Even the samsung s4 has N for it and it came out in 2013 (that's near 5 yrs ago now) and started on Android 4.2.2 (Jelly Bean) and said it was upgradable to 5.0.1 (Lollipop), and now here we are running android 7.1.x.
https://forum.xda-developers.com/galaxy-s4-tmobile/development
(not sure if there were any unlocked variants of that phone at the time as it wasn't a common thing like it is now, that's why I chose the tmobile thread but there are other variants that get it as well)
So when it comes to ota, I personally would not an do not worry about that when I root, that's the last of my worries.
I prefer functionality and customization over ota myself, because most times someone comes out with either an official link to an ota or makes an flashable ota you can flash via twrp, although my semi-educated guess would be if you decide to install the official/stock ota, then it will erase everything you have anyways which can be a pain.
DO keep in mind once you unlock the bootloader, it "officially" voids any warranty and moto does have the option to refuse service if anything goes wrong with the phone, but I have heard some people had no issues and moto took the phone back even when rooted, but that is something you would have to make a choice and live with IF you decided to unlock the bootloader, as there is no way to undo that process.
I have re-locked the bootloader on a moto phone so yes it CAN be re-locked, but........it still gets triggered and moto will know that it's been unlocked even if you re-lock it, because that part is irreversible and cannot be undone, aside from you locking and unlocking it on your side.
As for flashing firmware and all that, make DOUBLY sure you know your phones model number and/or codename, this is key in flashing most anything you do with your phone, because even though a phone may have multiple variants, ie: tmobile, sprint, at&t versions, and even European versions, and the phones are identical in EVERY way hardware wise, you can't just simply pick a rom of choice and use it, it's a matter of knowing what your phones info is.
Example: you cannot take a t-mobile phone rom and flash it's official firmware or it's roms, and updates on a at&t variant, or a metroPCS on a tmobile variant, even though they use the same network, and are the exact same phone and hardware, there are subtle differences and can most likely brick the phone, either hard or soft.
So if I had the US variant of the g5 plus that would be codenamed the same "potter" like the rest, but, the number is different which is XT1687, so I would use that number as my reference, as apposed to the potter name, because there are 3 other variants of that phone which are Amazon Edition and the consumer cellular and of corse the European variants as well, I'm not exactly sure what numbers go with what phones other than the US unlocked variant, but on a quick look the other numbers are XT1684 and XT1685, perhaps someone else with more experience than I have can tell you what those number match up with said phone.
As far as the US variant goes though, I do not want to take a rom or firmware meant for the XT1684 XT1685 and use it on the XT1687 US variant, as it will most likely have bad results, ie: brick of some sort.
That's the main thing you have to worry about, other than that, there isn't much worry. Just do some major research and goggling and read and re-read and read again the directions on the threads at xda as most generally all of them are pretty simple to follow, if you do it step by step.
I recently bought an lg k20 plus phone from metroPCS, have never rooted that phone before and came to xda and followed the rooting thread and rooted it the first time. In a matter of 30 mins I had full root with stock rom (since there are no roms for that phone as of yet) but it is a metroPCS variant, (mp260) and in the case above, this phone is also sold by tmobile, is the exact same phones specs hardware, etc....I could not use the tmobile rom or firmware on this phone.
Hope this helps clear it up some.
Update:
I just bought a 64gb storage/4gb ram US variant of the g5 plus. It brought back some older memories of when I had my other moto, X I think it was, not sure anymore, but I DO remember you can unlock the bootloader as well as re-lock it, but, do keep in mind it still triggers something internally that can't be reveresed, so if moto did decide to check into things, they can tell if it's been bootloader unlocked.
So while you can unlock and lock the bootloader on our side, moto can still tell it's been unlocked, even when re-locked. Just hope if you send it back in they just don't check it and even if they do, hope they don't bother sending it back saying your warranty is void sorry.
Thanks @easyrider77
I used to install custom ROMs on my older phones. Recently though, stock android has gotten pretty good so maybe when this phone loses support I'll try some ROMs. Out of curiosity, what ROM/hacks/kernel do you use?
So, how does this sound:
- Install the OTA my phone's been prompting me to update to (upgrading from NPN25.137-33 to NPNS25.137-33-5 and I think it will then try to update to NPN25.137-83 with an August 1 security patch)
- Install TWRP via fastboot, make a nandroid backup!
- Root with Magisk v14.0
- Looking into maybe changing the boot.img "Your device is not trustworthy" thing
- Adaway! Xposed! Other goodies yay!
- Any other recommendations?
PS: Can Magisk root every firmware released by Motorola for the Moto G5+?
I've used it on my nexus 5x, and a lg k20 plus phone to root. I'm not sure if it has any limits when it comes to phones, but to my knowledge it should work fine.
Be careful with the boot.img file, if its not the correct size it will brick the phone too.
easyrider77 said:
I've used it on my nexus 5x, and a lg k20 plus phone to root. I'm not sure if it has any limits when it comes to phones, but to my knowledge it should work fine.
Be careful with the boot.img file, if its not the correct size it will brick the phone too.
Click to expand...
Click to collapse
WIll do, many thanks for all your help guys!
@easyrider77 @Cats_PJs @acejavelin
:good::good::good:
Every rom I've tried on this phone works well, with only minor bugs. Right now I'm using the Pixel ROM. Elemental x is my kernel of choice because it's stable and has a sound option to increase volume. I use Kernel Adiutor for settings. The viper magisk module by ahrion works great, and ad away is a must. Good luck
Cats_PJs said:
Every rom I've tried on this phone works well, with only minor bugs. Right now I'm using the Pixel ROM. Elemental x is my kernel of choice because it's stable and has a sound option to increase volume. I use Kernel Adiutor for settings. The viper magisk module by ahrion works great, and ad away is a must. Good luck
Click to expand...
Click to collapse
Nice to hear cat.
I'm holding off on rooting just yet, although the temptation is really really great and pulling at me right now ina bad way . I just want to make doubly sure the phone isn't going to have issues, and hardware glitches. Anytime you mass produce a product, inevitably there will always be a bad batch(s) so I am just watching and waiting patiently on stock non-root (yes I said non-root LOL) but it's not as bad of an experience as I thought it would be.
I have to give this phone props, this phone is simply great. I bought the 64gb storage/4gb ram US variant, and have been nothing but happy with it, even on stock.
Camera isn't exactly your top tier phone camera but it certainly stands out as one of the not bad at all cameras. I see many saying the camera sucks, well if your zooming in and expect to get a good picture, good luck with that, simply put as I read in an article, two things 1: just don't use zoom, it's a digital zoom as apposed to an optical zoom, and simply will give you fuzzy and blurry pics a alot 2: if your after a good picture taking experience, for crimeny sake, buy a dang camera, these are phones people, NOT cameras. If they were meant for that, photographers around the world would be using phones, but guess what, news flash, they are using things called "cameras" wow what a concept LOL.
Anyways, if you just use very little zoom (I'd say 1.5 - 2.0x at most) but mostly just get closer to the subject or item you are takeing pics of, you'll have a much more pleasant experience with picture taking, trust me.
Ok of my soap box and tangent, sorry .
I will eventually root this bad boy, as I cannot resist the urge. For now I am just making sure the phone has no hiccups or glitches hardware wise, so glad to know roms are working well.
I did have a question about the sound though. I see people saying low sound volume with this phone, and I personally do not see (or hear in this case) the problems. I watched a few youtube videos last night and honestly I had to turn it down some because it was plenty loud, at least from this side.
Does the sound get lower with roms? (in wich case I can use viper) but I'm just curious.
easyrider77 said:
Nice to hear cat.
I'm holding off on rooting just yet, although the temptation is really really great and pulling at me right now ina bad way . I just want to make doubly sure the phone isn't going to have issues, and hardware glitches. Anytime you mass produce a product, inevitably there will always be a bad batch(s) so I am just watching and waiting patiently on stock non-root (yes I said non-root LOL) but it's not as bad of an experience as I thought it would be.
I have to give this phone props, this phone is simply great. I bought the 64gb storage/4gb ram US variant, and have been nothing but happy with it, even on stock.
Camera isn't exactly your top tier phone camera but it certainly stands out as one of the not bad at all cameras. I see many saying the camera sucks, well if your zooming in and expect to get a good picture, good luck with that, simply put as I read in an article, two things 1: just don't use zoom, it's a digital zoom as apposed to an optical zoom, and simply will give you fuzzy and blurry pics a alot 2: if your after a good picture taking experience, for crimeny sake, buy a dang camera, these are phones people, NOT cameras. If they were meant for that, photographers around the world would be using phones, but guess what, news flash, they are using things called "cameras" wow what a concept LOL.
Anyways, if you just use very little zoom (I'd say 1.5 - 2.0x at most) but mostly just get closer to the subject or item you are takeing pics of, you'll have a much more pleasant experience with picture taking, trust me.
Ok of my soap box and tangent, sorry .
I will eventually root this bad boy, as I cannot resist the urge. For now I am just making sure the phone has no hiccups or glitches hardware wise, so glad to know roms are working well.
I did have a question about the sound though. I see people saying low sound volume with this phone, and I personally do not see (or hear in this case) the problems. I watched a few youtube videos last night and honestly I had to turn it down some because it was plenty loud, at least from this side.
Does the sound get lower with roms? (in wich case I can use viper) but I'm just curious.
Click to expand...
Click to collapse
I really don't have a problem with the sound volume, except when I plug it into my truck. If there's a good song on, and I really want to crank it up, I run out of volume, so I usually turn up the headphone gain in the kernel settings by 3.
I haven't noticed variance between ROM volumes on this phone, but I know on my old note 3 there was definitely fairly large variance between ROMs.
I'm expecting delivery of 2 V20s in the next couple of days. These are "refurbs" of the VS995 variety. These are advertised from the seller as "unlocked." I will be using these on Verizon (or MVNO).
I did some basic research before I bought and I was pretty sure I saw info on rooting this model and the ability to do custom ROMS on an unlocked, but I am a little concerned.
I have 3 main questions:
1) I see there is both a VS995 and a US996. I'm having a hard time finding info on the differences spelled out exactly - but it appears that the VS995 is locked to verizon and US996 is unlocked for all GSM. Is this correct? If so, wouldn't an "unlocked" VS995 be equivalent to a US996? If not, what would be different.
2) I want to do a comprehensive check on these phones before I start tinkering to make sure everything works. My last HTC phone had a hidden diagnostics menu which would test everything (battery, compass, gps, sensors, buttons, etc, etc...). I would like to know if the V20 has something similar? Also I want to know what the "problem areas" of V20s are. Things I should check out to make sure they aren't wonky.
3) I need to know if I can root this phone. I've seen a couple methods but I'm not sure now if they apply to my model and if they still work and/or if they are safe (relatively speaking). I definitely need root and would also like to load custom recovery so I can do alternate ROMS, thought I probably will run with stock for a while to get used to it. I would like to upgrade to latest official ROM (for the newest features), but don't want to do any upgrades if it will ruin my chances to root/unlock/etc. What do I need to check on the phone and what is the method I should follow (links are fine for this).
I recently bought a refurb VS995 because I like my original VS995 so much and I am thinking that shortly after the Oreo upgrade comes out, any refurb might come with Oreo and may or may not be easily rootable. (and it is looking very unlikely any phone in the future will come with replaceable batteries) That said, mine came with 15A and I was easily able to roll back to 12A with the 'hacked' LGUP tool and then root it and flash the at-the-time current AlphaRom (now discontinued) without issue. AFAIK *all* current VS995 ROMs can be rolled back to 12A (rootable), up to the latest 1BA. This may or may not change soon (some versions of the V20 CANNOT be rolled back after they take specific updates) The SuperV20 ROM is running the almost up to date version 1AA (with hints of an update coming soon) so you'd be up to date with a close to stock ROM. I will say the rooting process on the V20 is a bit more convoluted than most other phones, which leads to the issue that the rooting threads are nearly incomprehensible anymore-- too many people not following directions, not reading, and complaining about tons of "normal" issues-- static screen (normal after rooting with stock kernel, once the phone boots up fully cover the proximity sensor until the 2nd screen blanks out and then the static will go away-- replace the stock kernel with the mk2000 kernel to fix), phone vibrates on boot after charging (no fix, but will stop the first time it's made to vibrate after booting). I would stay stick to the original rooting thread and READ CAREFULLY. I had issues trying to follow some of the "updated"/new threads where I had issues trying to get the phone to boot properly.
That said, if you do hit a roadblock, DON'T PANIC. The V20 is more resilient than you might think and you can almost always get it back from soft bricking with the LGUP tool (I had to reflash mine 2 or 3 times before I finally got root to stick with the ORIGINAL DirtySanta thread). Basically, the process is flash it back to 12A, use DirtySanta, **boot it once or twice after getting root via DS** (first reboo.t may take a while, with a static screen and vibrating phone, let it sit 10-15 minutes before panicking as it's rebuilding the app cache), then get into TWRP, do a factory reset, flash the new ROM and BTTF kernel, then it should work.
The VS995 has a more limited LTE band selection than the US996. While it can sort of work with other carriers (you'll have to search for instructions/compatibility), the US996 will provide a better experience.
Keep in mind, each version of the phone is SLIGHTLY different, so MAKE SURE you're always using VS995 builds of ROMs/kernerls/recoveries. Apparently you can use US996 ROMs as well but I've never bothered. (you gain a few things, you lose a few things [like wifi calling I think], do your research) Trying to use anything other than VS995 or US996 roms is asking for trouble/limited functionality/soft bricking.
I haven't really used my refurb all that much but it seems mostly fine. The only glitch I see is that the battery seems to drain faster than my original V20 but that might have more to do with the battery condition-- I need to get around to swapping batteries between the phones to see what happens. Given everything else is fine I am very hesitant to return it under warranty. I don't know if there is a way to run a self-test, I would hope there is..!
Good luck, the phone is amazing once you get it tamed...
Links:
Downgrade: the VS995 "all in one" thread has a good video for this. That said I think I had to piece together a working LGUP from a few threads since you need a tweaked DLL file. https://forum.xda-developers.com/v20/how-to/lgv20-vs995-verizon-aio-post-06-19-2017-t3624326 (when I tried to follow the root directions in that link I had issues and had to re-flash 12A and start over, YMMV)
DirtySanta: https://forum.xda-developers.com/v20/development/ls997vs995h910-dirtysanta-bootloader-t3519410
Once you get a working TWRP from DirtySanta, update it to this one: https://forum.xda-developers.com/v20/development/recovery-twrp-3-2-1-0-t3720239
SuperV20 ROM: https://forum.xda-developers.com/v20/development/rom-superv20-h918-t3764390
mk2000 kernel (I'd use the "back to the future" version of the kernel to start): https://forum.xda-developers.com/v20/development/h918-h910-us996-ucl-mk2000-kernel-t3708330
Buzzy42 said:
Good luck, the phone is amazing once you get it tamed...
[/url]
Click to expand...
Click to collapse
thanks.
Been doing research for the past hour or two and am getting a little bit of a better handle. I've seen the downgrade tutorial and looks solid.
I'm not worried about "convoluted" and the phone seems pretty brick proof so I'm good there.
Just to confirm - if I want root I need to go no later than 13A firmware? My understanding is "firmware" in context of this phone is ROM+Kernel rolled into one.
So if I want root, I can't be on the latest stock ROM (18A), right? Looks like features are all the same - although I do like having the latest security updates, but I guess I will need to forgo those for root?
One other thing I'm looking at is that I prefer to root with Magisk. I've seen a couple threads dealing with this and they recommend to use the "reStock" kernel. My understanding is that you would flash the "reStock" after reverting to the 13A firmware. What I'm trying to understand is if the kernel can be separated from the ROM, could one not flash 18A and then the reStock kernel (which is based on 10b)?
Also, still really interested in the answer to my 2nd question in OP regarding accessing diagnostics for the phone and any problem hardware/screen/etc issues to look out for before I accept this "refurb" as golden.
Yeah, the phone is mostly brickproof and most issues you run into can be solved. If all else fails, just re-roll it back to 12Ain download mode (pull battery, hold down volume, plug in USB cord which will make the phone boot into download mode) and start over. I've seen very little signs of anyone TRULY bricking a V20 who wasn't really trying. (I.e., doing major hacking on it or totally throwing caution to the wind and flashing something they shouldn't have flashed)
You have to downgrade to 12A or 13A to root the phone and get TWRP properly installed the first time, but then you can flash any ROM/recovery you want, so you don't need to worry as much about security patches (just find a ROM that's as up to date as possible). There was AlphaRom up to 1AA which works great (and what both of my V20s are on), Super V20 is being updated but apparently has known issues on the VS995 that the developer has issued a patch for... you might want to skim the various ROM threads to know what works for you. My V20s are both using Magisk.
You can flash kernels and ROMs separately. Some ROMs have a kernel baked in-- I usually boot them once or twice and then re-flash the kernel if I want to. Some ROMs need a kernel flashed separately during the install process. So yeah, you could install an 18A based ROM and then the reStock kernel. (some ROM/kernel combinations work better than others, but you'll have to figure out what you want as some kernels do more than others-- specifically look for KCAL color adjustments, as you can slightly tweak the colors on the screen to help with the screen retention issue the phone has)
The kernel versions and ROM versions are different. I don't fully understand it myself either but AFAIK kernels based on 10b are the latest for the VS995. ROMs based on 1BA would be the latest (they're using hex numbers, so releases go 11A, 12A, 13A.... up to 1AA, 1BA). Some variations of the V20 seem to have more versions of the kernels than the 995 does.
Buzzy42 said:
...
You have to downgrade to 12A or 13A to root the phone and get TWRP properly installed the first time, but then you can flash any ROM/recovery you want, so you don't need to worry as much about security patches (just find a ROM that's as up to date as possible). There was AlphaRom up to 1AA which works great (and what both of my V20s are on), Super V20 is being updated but apparently has known issues on the VS995 that the developer has issued a patch for... you might want to skim the various ROM threads to know what works for you. My V20s are both using Magisk....
Click to expand...
Click to collapse
Thanks. I'm wanting to run stock for a while (with Root though) so I can get a feel for how everything is "supposed" to work.
I'm not sure if I will find benefit in the "Second screen", but if I do I would like to find a ROM that supports it.
I've been running latest LineageOS on my HTC M8 for a while now and wouldn't mind sticking with it. However I would like to find some ROMS that are still being actively developed. Honestly I plan to have this phone for at least 2 years so the most up to date stuff I can find now will hopefully future proof me a little from that angle.
TraderJack said:
Thanks. I'm wanting to run stock for a while (with Root though) so I can get a feel for how everything is "supposed" to work.
I'm not sure if I will find benefit in the "Second screen", but if I do I would like to find a ROM that supports it.
I've been running latest LineageOS on my HTC M8 for a while now and wouldn't mind sticking with it. However I would like to find some ROMS that are still being actively developed. Honestly I plan to have this phone for at least 2 years so the most up to date stuff I can find now will hopefully future proof me a little from that angle.
Click to expand...
Click to collapse
Yeah, totally understand not wanting to jump in to custom ROMs right away, especially if you're testing a refurbed phone. Flashable truly stock ROMs have been a weakness of the V20, but I think a version of 17A was floating around if you want something a bit newer than the 12A/13A that are rootable. Someone else might be able to help with that. Sadly there isn't a lot of development-- there have been big bursts of activity, then a lot of silence-- which mostly mirrors LG's seeming abandonment of the phone. You should still be able to flash other kernels (restock, mk2000, etc) over whichever rom you run, though. Be careful not to take any official OTA updates because the rooting process installs a debug-bootloader (someone got a hold of an engineering sample of the phone and dumped that phone's bootloader which is what allowed us all to get rooted with an unlocked bootloader) that gets wiped out and leaves the phone in a weird state.
The second screen is really useful once you look at it as a very powerful LED notification light. It takes a while to get used to but I don't know if would want to use a phone without it (or some sort of always-on feature) now. Unfortunately the Lineage ROMs lose a lot of the cooler functionality of this phone due to it having some many weird non-standard functions, but for some people that's not as big of a deal as staying current, so it's whatever your priority is. I am really hoping once the phone gets Oreo (which seems to be "real soon now"..) that we'll still be able to upgrade to it and use that as a base for a while, but keep root/etc..
Buzzy42 said:
...My V20s are both using Magisk....
Click to expand...
Click to collapse
Is there a special process to use Magisk instead of SuperSU? My search found some convoluted answers which "required" the reStock kernel to get it working.
I don't know if Magisk has been updated to make it easier...but is there any instructions/link you can forward on how to get rooted with Magisk after I do the 13A downgrade?
Also, it would appear that everything up to 1BA does *not* have anti rollback enabled (ARB=0). Is this correct?
I was told on reddit that you can only root firmware where ARB=0, but clearly this is not the case if you can't root anything past 13A.
Do you have any idea what specifically is the block as to why we can't root past 13A?
thanks
TraderJack said:
Is there a special process to use Magisk instead of SuperSU? My search found some convoluted answers which "required" the reStock kernel to get it working.
I don't know if Magisk has been updated to make it easier...but is there any instructions/link you can forward on how to get rooted with Magisk after I do the 13A downgrade?
Also, it would appear that everything up to 1BA does *not* have anti rollback enabled (ARB=0). Is this correct?
I was told on reddit that you can only root firmware where ARB=0, but clearly this is not the case if you can't root anything past 13A.
Do you have any idea what specifically is the block as to why we can't root past 13A?
thanks
Click to expand...
Click to collapse
I'm trying to remember what I did for Magisk. There wasn't anything particularly special. That said, I switched to Magisk when I re-flashed the phone (so I flashed the rom/kernel/Magisk together, in that order I think), I didn't try to just swap between SuperSU and Magisk on a running ROM. Once you get TWRP going you *should* be ok to just remove SuperSU and then reboot into TWRP and flash Magisk. I am on the mk2000 kernel with Magisk so you definitely don't need to be on Restock.
I am not sure if it is possible to do the rooting process without SuperSu and using Magisk instead, if that's what you're asking. I think it'd be safest to use SuperSu and then switch it out later once you're sure you're rooted in the first place.
As for the rollback, there are a few different issues here.
12A/13A have the Android vulnerability which allows DirtySanta to work to root the phone. This was patched after 13A, so DirtySanta can't run and you can't root the phone on a later version of the firmware. If you run anything later than 13A you can't start the rooting process (but you can upgrade your rooted phone past 13A using TWRP to flash an appropriate ROM, but not through the OTA process)
ARB (anti-rollback) prevents you from rolling back to a previous version of the firmware. It has nothing to do with rootable/non-rootable. But it prevents the phone from going back to a rootable firmware on SOME V20s. So far, no firmware on the VS995 has enabled this, so you are safe rolling back to 12A and trying to root with any firmware currently available up to 1BA (definitely 1AA but I have read a few comments that 1BA is still safe). On SOME other models of the V20, ARB *has* been set, which prevents you from rolling back to a previous version of the firmware with ARB=0 (if you try to roll back on a phone with ARB=1 you get an unrecoverable brick.)
So if tomorrow Verizon released a hypothetical update with ARB=1 and you updated, you could no longer roll back to 12A or 13A to root your phone, and you'd be stuck without root unless someone developed a new workaround.
Does that make more sense? Keep in mind that with all of the different versions of the V20, what is appropriate (or even relevant) for one model may not apply at all to another. Thankfully the VS995 still is pretty hackable at this moment. This could all change at any time.
Buzzy42 said:
...12A/13A have the Android vulnerability which allows DirtySanta to work to root the phone. This was patched after 13A, so DirtySanta can't run and you can't root the phone on a later version of the firmware. If you run anything later than 13A you can't start the rooting process (but you can upgrade your rooted phone past 13A using TWRP to flash an appropriate ROM, but not through the OTA process)...
Click to expand...
Click to collapse
Hold on.. So are you saying I can flash 13A, then root with Magisk, then upgrade the ROM itself to 18B to get all the latest patches?
If so, I haven't seen any instructions yet for doing that method, but that would be ideal for me for starters until I want to mess around with custom ROMS and Kernels.
TraderJack said:
Hold on.. So are you saying I can flash 13A, then root with Magisk, then upgrade the ROM itself to 18B to get all the latest patches?
If so, I haven't seen any instructions yet for doing that method, but that would be ideal for me for starters until I want to mess around with custom ROMS and Kernels.
Click to expand...
Click to collapse
Not quite that simple-- you have to downgrade to 13A if you're not already there when you get the phone.
When you run the DirtySanta rooting process, when it's done, you will end up with a rooted 13A with TWRP and SuperSu. I believe it will have the debug kernel which has a lot of issues, but you can flash any kernel you want at this point (like ReStock to get rid of the static screen you'll see at every boot). That way you'll have a 99% stock (except the ReStock kernel tweaks), rooted, 13A phone.
You can now flash any ROM you want in TWRP. If you want to stay truly stock, I'm not sure what is out there that is flashable, beyond I vaguely remember there was a 17A flashable. You do need to use a repackaged update in TWRP no matter what you want to update to, if you try to just take whatever OTA update the phone offers you (the "software update available" notification pops up and asks you to install while you're using it), you'll lose root and have to do everything over again. This is where you will most likely not be able to get to a truly stock 1BA unless it's floating around.
If I were you, I'd roll it back to 13A, get it rooted (with Supersu), flash the Restock kernel, disable updates (use Titanium Backup to freeze "FOTA Update 7.0") and stay there for a while for testing. If you want to try to switch to Magisk, remove SuperSu and flash Magisk through TWRP. The phone's functionality hasn't changed much/at all. When you're more comfortable, move forward to a ROM based on 1BA.
When you flash a new ROM most will include a kernel or ask you to flash a kernel along with it.
Basically, any updating you do has to go through TWRP. After you get root initially, though, it's really straightforward.
TraderJack said:
I'm expecting delivery of 2 V20s in the next couple of days. These are "refurbs" of the VS995 variety. These are advertised from the seller as "unlocked." I will be using these on Verizon (or MVNO).
I did some basic research before I bought and I was pretty sure I saw info on rooting this model and the ability to do custom ROMS on an unlocked, but I am a little concerned.
I have 3 main questions:
1) I see there is both a VS995 and a US996. I'm having a hard time finding info on the differences spelled out exactly - but it appears that the VS995 is locked to verizon and US996 is unlocked for all GSM. Is this correct? If so, wouldn't an "unlocked" VS995 be equivalent to a US996? If not, what would be different.
2) I want to do a comprehensive check on these phones before I start tinkering to make sure everything works. My last HTC phone had a hidden diagnostics menu which would test everything (battery, compass, gps, sensors, buttons, etc, etc...). I would like to know if the V20 has something similar? Also I want to know what the "problem areas" of V20s are. Things I should check out to make sure they aren't wonky.
3) I need to know if I can root this phone. I've seen a couple methods but I'm not sure now if they apply to my model and if they still work and/or if they are safe (relatively speaking). I definitely need root and would also like to load custom recovery so I can do alternate ROMS, thought I probably will run with stock for a while to get used to it. I would like to upgrade to latest official ROM (for the newest features), but don't want to do any upgrades if it will ruin my chances to root/unlock/etc. What do I need to check on the phone and what is the method I should follow (links are fine for this).
Click to expand...
Click to collapse
I found your thread her and on Reddit and was hoping you have found an answer to the hardware check feature you were looking for. I am having radio off issues with my V20 and was hoping to have the phone run a hardware check. It seems that someone posted the code "##22378" to do this but this does nothing for my older sprint v20 and my Verizon model has the MOBO back in a bag of rice. Is this only code?
redsphinx said:
I found your thread her and on Reddit and was hoping you have found an answer to the hardware check feature you were looking for. I am having radio off issues with my V20 and was hoping to have the phone run a hardware check. It seems that someone posted the code "##22378" to do this but this does nothing for my older sprint v20 and my Verizon model has the MOBO back in a bag of rice. Is this only code?
Click to expand...
Click to collapse
I had a Verizon V20 (VS995) and these are all the codes I found (from my notes):
Hardware Diagnostics
To run in-built hardware diagnostics use the following phone code:
##228378
Select Device Test > SAAT
Other Diagnostic Menus
##DEBUG
##PROGRAM
##PROGRAM995
##FEATURE
** Service codes for all above should be "000000" **
Click to expand...
Click to collapse
I'm pretty sure the ##228378 code was the one that brought up a pretty comprehensive hardware test menu. But, as you know each vendor does their own and this very possibly doesn't work on non-Verizon models. Sorry that's all I got!
Hi,
Recently bought a Motorola Moto G5 Plus 2nd hand. It came rooted, TWRP, a custom ROM, etc. I'm pretty technical, but haven't done much in this arena.
Basically what would you got a phone from a stranger to "re mediate" it to the point you were comfortable (meaning felt it was probably not compromised in some way) using it? As an example, if this were a laptop I'd picked up 2nd hand, I'd format the drive and do a fresh OS install.
Some of my concerns:
1) How do I determine how it was rooted? I'm concerned the guy had some 3rd party "one click" style app use an exploit (and maybe install malware or a root kit). My understanding is some manufacturer's will provide keys on request and that's the right way to get root.
2) Can anyone point me to a good resource on understanding how the file system is setup? I'm not sure what a factory reset will do. Will it just reset the OS? Wipe the recovery partition? Reinstall the locked bootloader? Etc. It's all a little fuzzy to me.
Thanks
This phone is unlocked with manufacturer provided keys.
androidQuestions34 said:
Hi,
Recently bought a Motorola Moto G5 Plus 2nd hand. It came rooted, TWRP, a custom ROM, etc. I'm pretty technical, but haven't done much in this arena.
Basically what would you got a phone from a stranger to "re mediate" it to the point you were comfortable (meaning felt it was probably not compromised in some way) using it? As an example, if this were a laptop I'd picked up 2nd hand, I'd format the drive and do a fresh OS install.
Some of my concerns:
1) How do I determine how it was rooted? I'm concerned the guy had some 3rd party "one click" style app use an exploit (and maybe install malware or a root kit). My understanding is some manufacturer's will provide keys on request and that's the right way to get root.
2) Can anyone point me to a good resource on understanding how the file system is setup? I'm not sure what a factory reset will do. Will it just reset the OS? Wipe the recovery partition? Reinstall the locked bootloader? Etc. It's all a little fuzzy to me.
Thanks
Click to expand...
Click to collapse
As a custom ROM is installed a factory reset will only reset that ROM to it's state when it was installed. To be completely on the safe side you should flash the latest stock firmware for your region by fastboot or use a TWRP flashable stock ROM.
If you don't plan to root the device you will receive future OTA updates with the fastboot flashable version which isn't possible with a TWRP ROM.
Here's the thread for TWRP flashables incl how to do it:
https://forum.xda-developers.com/g5...ble-stock-builds-coming-t3830482/post77359934
Signed fastboot firmwares are here:
https://mirrors.lolinet.com/firmware/moto/potter/official/RETAIL/
There are several tutorial threads around how to flash them, some are outdated and the informations are a little bit disordered.
I'm about to write an actual guide soon.
Can you provide some informations like what custom ROM is installed (which android version) and as it is rooted if an app like magisk or SuperSU is installed.
Btw, the bootloader has to be unlocked when a custom ROM is installed. It is possible to lock it again if you are back on a stock firmware but not absolutely necessary.
IntroductionSo... I was genuinely thinking of selling my Note 20 Ultra after the numerous headaches that OneUI 4 gave me, and then I thought "Would a reset fix my issues? What if I could go back to 3.1?"
And my venture began. I referred to the OTA/firmware thread in this forum along with flashing a U to a U1 (which I did, because carrier bloatware sickens me...) and I went to download the latest version of Android 11 they made... which luckily still flashes since we're still on Bootloader version 2. So I'm putting together this hastily made guide so you can downgrade to Android 11, AND prevent software updates.
Precautions1. Make sure you back up everything. Don't put the blame on me if you lose your baby shower photos simply because you forgot to back up. Also back up your call logs, messages, app data, etc etc. This step is optional if you don't care about whatever you possibly even have on your phone. I am also not responsible for anyone who damages, bricks, or outright fries their glass slate (aka the Note20 Ultra in this case) during the process. Your phone, your decisions. The only thing I did was write this guide.
2. Be sure you're on bootloader 2, which you'll be able to identify through download mode. I think it's BL or something, I forgot. But it has a 2 in it.
3. Be sure your stuff works well enough to the point where nothing bad happens during the flashing process. You don't want to be using an unstable computer for this kind of stuff... trust me.
4. Speaking of computers... you need a windows machine (Windows 7 or later) with a patched version of Odin, and samsung's USB drivers. Oh, and how could I forget... a USB cable! More specifically, a USB-C or a USB-C to A cable.
5. For firmware, refer to this thread. Some links might not work because AFH can't find a suitable mirror, so google the firmware version and you might be able to find another download for it somewhere. In this case, here is the latest Android 11 for the XAA CSC (US unlocked). galaxyfirmware.com has other CSCs for the latest patch, just use the direct link.
6. Be sure you find the right firmware for your CSC, unless you want to flash unlocked or another carrier's firmware. This thread goes into good detail about it. I was able to flash my N986U to an N986U1 and it works perfectly.
7. Follow directions and don't skip any of them.
Alright... let's get to it.First things first, reset your phone through settings to clear any locks and to be able to set it up offline. This also lets odin do its thing. Odin will NOT work on FRP locked devices, and I am not allowed to share how FRP locks can be bypassed. Don't steal devices, kids.
Now... the rest is actually fairly straightforward! It's almost like this post was absolutely pointless, right? Well, sorta. You still need the Patched Odin (and I mean patched, regular odin won't work) to do the rest. You also need to find the right firmware for your CSC (which is simple if you have a snapdragon, because you most likely live in the states if you do) and the links in the precautions section talk about a lot of this already. Examples... TMB is T-Mobile, ATT is AT&T (in which I feel sorry for you), VZW is Verizon Wireless, SPR is Sprint, XAA is US unlocked, and so on...
So now you want to download the correct firmware file after you've done your research, and in this case it will either be the November or December 2021 security patch. January 2022 patches are Android 12, and that's not what we're here for. Of course, you could downgrade to an older Android 12 firmware, but we're focusing on 11 here. Long story short, anything still on bootloader 2 will work. Down the line they're probably gonna update it, but luckily the latest Android 12 still runs BL 2.
Alright, now is when I'll shut up about firmware files and bootloaders. Once your device has been factory reset through the phone and NOT through recovery mode... restart your phone and enter download mode (hold both volume buttons after you press "restart") and you'll see a screen that says that loading a custom ROM will damage your phone blablabla, ignore that and go ahead. We're flashing official firmware, and official firmware only. No, this will not trip knox.
You want to start loading your BL, AP, CP, and CSC files into Odin. Now is the time where you make sure everything you did beforehand worked, and you have a proper backup of your phone's data. Hit start, and let the magic begin.
And that's about it! for the most part... you still need to disable updates.
Set your phone up OFFLINE (so sammy doesn't shove an update prompt into your face, also remove your SIM card) and enable Developer options. Disable auto-updates and enable USB debugging. Assuming you have the 15-second ADB package or other ADB environment already installed, open up an adb shell by literally typing "adb shell" into an admin command prompt. If you don't see an authorization prompt on your device, set your USB connection mode to "transferring images" on your phone. Then it should pop up.
Now, type in this string of commands:
pm uninstall --user 0 com.wssyncml
pm uninstall --user 0 com.sec.android.soagent
exit
and Voila! Now you're back on Android 11, and you won't have to deal with updates.
If by chance you do want to embrace masochism I mean, re-enable updates...
adb shell cmd package install-existing com.wssyncml
adb shell cmd package install-existing com.sec.android.soagent
Now you'll start having OTA updates again.
Potential issuesBackups made through Smart Switch or Samsung cloud might not work with Android 12. I usually back up to my computer by copying the contents of my internal storage+SD card, and I just start anew. Personally, my Android 12 install was pretty trashed.
Things that rely on Android 12 obviously won't work on 11, but I know of NOTHING that requires Android 12 at the moment... yet.
Again, we only have so much time before Samsung updates the bootloader again. Inform me if they do... I usually don't keep up with all of that.
Other than that, everything still works great. No tethered crap too, we're not dealing with iPhones.... although I wish they could allow us to downgrade THOSE.
Questions you may or may not haveQ: That's cool, ma'am, but can you downgrade to Android 10?
A: Unfortunately not... that's what I was initially going for. Android 10 doesn't have the same bootloader version.
Q: Will this make my device faster, and will it remove that god-awful scroll stretch effect?
A: Yep.
Q: Will this break anything on the phone?
A: No, not even Knox. It's completely safe.
Q: What if the bootloader does get updated?
A: Any firmware you'll be able to flash now would need to have the same BL version as the latest firmware.
Q: My computer does not detect the device, even with drivers installed.
A: Your USB cord might be bad, or the port you're using is either bad or potentially unsupported.
Q: Does this work on Linux?
A: I'm sure it will but I have no idea how to work a damn thing on Linux without it breaking.
Q: Will this work on Exynos devices?
A: Yes, provided you have the right firmware. This should work on all Note 20s.
Q: What if my device was produced after 2021?
A: This may or may not work for you, then...
Any other questions go in the replies. I'll shut up now.
Reserved, just in case.
No need this,with latest firmware,we have all bootloader v4 ,can't downgrade anymore
maxpaynezm said:
No need this,with latest firmware,we have all bootloader v4 ,can't downgrade anymore
Click to expand...
Click to collapse
Well that was fast. I guess if you're lucky enough to have BL 2 then this will still work for you.
How can you check your boot loader version?
I have a note20 ultra U1 unlocked One UI 4.1 Android 12.
Can I downgrade so I can root?
Normally you would want to check your firmware version and it should indicate somewhere with a "2" which means you can go back to 11. Honestly I'm not too sure as I'm switching back to iOS soon... which I know will set off some fuses.... lol