Related
For those of us without any way to flash a ROM e.g., with an LG.(G3).D-850 model, because nobody has cracked the bootloader ...
Would it be difficult to include a script to kexex the kernel after the boot?
I mean, without a boot loader crack, I'm feeling really deprived, and limited.
Root alone just feels like cookies without the milk and kernel loop modules.
I don't want a crappy "jails" VM, I want easy interaction between my VM and Android host!
Are the emails and flimsey hints from LG about the boot loader unlock stuff legit?
What is the ETA (best guess) on a boot unlock hack for the D-850??
PRichardson said:
For those of us without any way to flash a ROM e.g., with an LG.(G3).D-850 model, because nobody has cracked the bootloader ...
Would it be difficult to include a script to kexex the kernel after the boot?
I mean, without a boot loader crack, I'm feeling really deprived, and limited.
Root alone just feels like cookies without the milk and kernel loop modules.
I don't want a crappy "jails" VM, I want easy interaction between my VM and Android host!
Are the emails and flimsey hints from LG about the boot loader unlock stuff legit?
What is the ETA (best guess) on a boot unlock hack for the D-850??
Click to expand...
Click to collapse
Our devs had stated already that there is a Loki Like exploit they can most likely exploit if a true bootloader unlock doesn't pan out.
They don't want to take that route until they give the bootloader unlock a shot.
As far as an ETA on any of that... That's a big no no asking that on here. TheCubed has been updating us from time to time and we just have to wait that's all.
Im with you though I'm excited to have an unlock but I've just been patient that's all.
- Tapatalked From The G3 -
Mistertac said:
Our devs had stated already that there is a Loki Like exploit they can most likely exploit if a true bootloader unlock doesn't pan out.
They don't want to take that route until they give the bootloader unlock a shot.
As far as an ETA on any of that... That's a big no no asking that on here. TheCubed has been updating us from time to time and we just have to wait that's all.
Im with you though I'm excited to have an unlock but I've just been patient that's all.
- Tapatalked From The G3 -
Click to expand...
Click to collapse
Understood thanks.
I've seen references to the Loki method but never a detailed explanation.
Can you give me a link to a walk-thru or tutorial on it?
(Really appreciate your advise and tips on the ETA too, Txs)
PRichardson said:
Understood thanks.
I've seen references to the Loki method but never a detailed explanation.
Can you give me a link to a walk-thru or tutorial on it?
(Really appreciate your advise and tips on the ETA too, Txs)
Click to expand...
Click to collapse
Not a problem!
Here is some info on the actual Loki exploit that we had on the S4s.
http://forum.xda-developers.com/showthread.php?t=2292157
Now I'm not entirely sure how close to that process it would be for our G3s and Loki has been patched so.... You could at least get an idea of what's going on.
- Tapatalked From The G3 -
Mistertac said:
Not a problem!
Here is some info on the actual Loki exploit that we had on the S4s.
http://forum.xda-developers.com/showthread.php?t=2292157
Now I'm not entirely sure how close to that process it would be for our G3s and Loki has been patched so.... You could at least get an idea of what's going on.
- Tapatalked From The G3 -
Click to expand...
Click to collapse
Thus is EXACTLY what I wanted!! The OP for the S4 Loki hack has a link to a very helpful article with some hints about the exploit, Qualcomm chipset and how they leverage software-programmable fuses (QFuses).
As long as I continue to read what is just beyond my skills level, but not impossible to attain, I continue to arrive where previously I could barely see
http://forum.xda-developers.com/general/rooting-roms/cnc-bootloader-bootloader-access-phone-t3169432
could something like this help with the unlocking of our bootloader ? or am i not getting how it works all together ?
well if you brave enough to test it ...
it states "unless you softbrick there is no bl mode" which assumes you have a bl mode if you softbrick it. If it's true it's cool and unlock via fastboot might work. if it's not true, you've just softbricked your phone without any way to recover.
Someone brave with Equipement protection plan may want ot backup his phone and try the method and if it softbricks just file a claim with assurion and wait 3 days for a replacement living without phone.
Another problem is - the thread in the link mentions the cnc-bootloader without actual link to it or any other way to download, otherwise maybe I'd try it
there was a user in the root development thread who backed up/deleted laf.img in order to boot to fastboot, which worked but i think it didnt respond to any commands. i bricked my first g4 trying the same but i didnt enter the right command and deleted aboot by accident oops.
found that post
http://forum.xda-developers.com/showthread.php?p=62085237
just wanted to share what seemed like a possibility at helping with the current bootloader status...
as much as id love to try, i have no idea how to but would gladly work with someone that could go with me step by step...
if **** hits the fan , warranty should cover the damage and i could roll back to my trusty G2 till i get the phone back
Do google know that we've unlocked the bootloader? (as Sony do as they ask for email adresses etc and confirm the ulock)
Wondering about warranty.
there is a notice about unlocking of bootloader may violate warranty . thing is it is stated in a somewhat vague manner, it is not like CAUTION YOU ARE ABOUT TO VIOLATE WARRANTY but rather worded like you may be in violation of warranty. anyway, i think it does violate and yes there is most likely a software switch that sets a value in hardware register which can be recovered to determine that the bootloader was unlocked. if you have the least bit of concern do not unlock.
dkryder said:
there is a notice about unlocking of bootloader may violate warranty . thing is it is stated in a somewhat vague manner, it is not like CAUTION YOU ARE ABOUT TO VIOLATE WARRANTY but rather worded like you may be in violation of warranty. anyway, i think it does violate and yes there is most likely a software switch that sets a value in hardware register which can be recovered to determine that the bootloader was unlocked. if you have the least bit of concern do not unlock.
Click to expand...
Click to collapse
Ok thanks.
One last google noob question; does rooting usually need an unlocked bootloader?
On xperia root is more difficult to achieve with a locked bootloader, but can be done, thanks to the devs.
I guess I will read the 6P thread to get a feel for the situation.
Cheers again.
i do not know if it is possible, in practice as far as i know it is necessary to unlock if any modification is wanted. recently it is popular to gain root without mod of /system partition. hopefully that is what is achieved with the pixel c.
edit: never done this but, fastboot boot recovery recovery.img then flash a superuser from temp recovery. however it seems you would still be restricted from mod of /system
in future.
dkryder said:
i do not know if it is possible, in practice as far as i know it is necessary to unlock if any modification is wanted. recently it is popular to gain root without mod of /system partition. hopefully that is what is achieved with the pixel c.
edit: never done this but, fastboot boot recovery recovery.img then flash a superuser from temp recovery. however it seems you would still be restricted from mod of /system
in future.
Click to expand...
Click to collapse
If you use fastboot boot then you do not need to specify a partition (only if using fasboot flash *partition* image.img).
The device is still very new but im sure a custom recovery will be released soon so an easy root can be achieved.
MArk.
mskip said:
If you use fastboot boot then you do not need to specify a partition (only if using fasboot flash *partition* image.img).
The device is still very new but im sure a custom recovery will be released soon so an easy root can be achieved.
MArk.
Click to expand...
Click to collapse
I sure hope so. That's one of the only things keeping me from buying it already. It's kind of worrisome that the development forums are almost completely dead (save for the one thread trying to get root without a custom recovery, of course). I guess I'm just spoiled by using only Nexus devices, so having very active development is usually the norm.
well, the thing was only a rumor about sales start up until a report in a german site on 12/5 or so that sales would start 12/8 and then on 12/8 a confirm that at 1pm eastern u.s.a. sales would begin. talk about giving people a decent notice about a device this pixel c was a new low for google. it's almost they decided to sell them as android tablet at last moment instead of tossing in trash as a complete failure as chrome os tablet so, yeah, it will take a while for anyone that has skill to develop this device to ante up the funds and take delivery. if bootloader remains locked and boot temp recovery to flash supersu does that restrict the root in any way? i am just curious about this as my bootloader is unlocked.
So, in order to utilise the memory on the OP3, you need to root in order to update values to allow this.
But this invalidates the ability to use Android Pay by rooting the device.
Is there a workaround for this? (another website talked about disabling SuperSu, but does this work???)
You should be able to boot TWRP, adb pull the file you need to modify, make the changes and then adb push and set permissions. The only thing you need in order to do this is an unlocked bootloader.
Yeah doing it via adb worked for me. Here's what I did.
Opened terminal on Mac.
Entered: adb pull build.prop /system/build.prop
Opened the file via a text editor, made the desired changes.
Back to terminal. Entered: adb push build.prop /system/build.prop
Entered: adb reboot
And that's it.
What are the appropriate changes?
---------- Post added at 12:24 PM ---------- Previous post was at 12:19 PM ----------
Nevermind..http://m.gsmarena.com/tweak_helps_oneplus_3_better_manage_its_6gb_of_ram-blog-18891.php
Change the value from 20 to 42 in build prop
---------- Post added at 11:31 AM ---------- Previous post was at 11:28 AM ----------
/system/build.prop in your root folder
ro.sys.fw.bg_apps_limit=20
Change value from 20 to the 42
cannot change it without root right?
angelsanges said:
cannot change it without root right?
Click to expand...
Click to collapse
Once again... No, you do not need to be rooted to make this change. You just need to have the bootloader unlocked from what I understand. The fix takes about 2 minutes using adb pull/push. I laid out the steps in a previous post.
You want to find this line: ro.sys.fw.bg_apps_limit=20
It's near-ish to the bottom of the file. One of the next-to-last "paragraphs".
Change the "20" to a higher number. Most people are suggesting 42.
unlocking bootloader wipes all the data on phone
Just back everything up and restore once you've unlocked the bootloader. You'll want to copy the backup to your computer before actually unlocking the bootloader, then copy it back over to the phone once you've booted back into TWRP because you'll probably lose the backup on your phone during the wipe. Might add an extra three minutes to the process. Sounds a lot more complicated than it really is. If you've done any rooting or bootloader unlocking before, it's no more difficult than any of that.
After the mod i can relock bootloader? This invalidates warranty?
Inviato dal mio ONEPLUS A3003 utilizzando Tapatalk
I suppose you could lock the bootloader back up, but it's not necessary. One of the great things about OnePlus is that they're developer friendly. Unlocking the bootloader and flashing custom ROMs doesn't invalidate your phone's warranty. The only time it might would be if the issue you're having is the direct result of your tampering with the phone, but Android is typically pretty forgiving so even if something does go wrong there's usually a reasonably easy way to undo what you've done.
TL;DR unlocking your bootloader and flashing ROMs will not invalidate your warranty.
From a security standpoint, you probably should relock your bootloader if you're not going to use root. It will prevent any exploits from overwriting your bootloader and makes your phone safer in case an OTA isn't released after a major flaw is found. That said, I understand this instruction might be labeled "tin foil hat" by some people here on the forum but the reality is that these exploits do exist, though they are incredibly rare and unlikely to target you. But that doesn't invalidate the security that locking your bootloader grants you.
A new update of OxygenOS will fix that very soon
Check on Google : oneplus3 3.1.4
Steadyson said:
A new update of OxygenOS will fix that very soon
Check on Google : oneplus3 3.1.4
Click to expand...
Click to collapse
You've gotta love these smaller companies with smaller user bases. Easier to get heard and smaller companies are more concerned about pleasing the customers they have. I love OnePlus. The phones they make might not be the absolute best phones in the world, but they're definitely up there and they're made with users' wants and needs in mind specifically.
Hi! I'm here with a XT1635-01, the Verizon variant, and as we all know the bootloader is locked to all hell. I'm really looking to flash LOS on here and I was hoping we had some sort of progress.
Here is an article I read today on a supposed bootloader exploit (possibly including the Moto Z 1st-gen series) that allows for a custom boot image to be uploaded into the device RAM without modifying the original boot image. Now, I don't know if this is equal to booting unsigned boot images such as custom recoveries and such, but this may lead us a step closer to at least getting a custom recovery on this device WITHOUT unlocking the bootloader. This can also quite easily allow us to root, although I don't think custom firmware will be supported using this method, as the locked bootloader and FRP will still prevent that from happening.
I'm hoping to do some testing tonight on this theory, but if I'm right, this can open a wide range of possibilities for us. I'm also working on cracking the bootloader at the moment, but that will take much longer. If I could figure out what that third line means in the unlock data (see this post), maybe we can finally have an unlocked bootloader. Until then, shoot me any ideas you guys may have!
If you want to help, please PM me the output of the commands
Code:
fastboot oem get_unlock_data
and
Code:
fastboot getvar all
(P.S. I also had another idea although I'm more skeptical about it. If we could change the CID from 0x0002 to 0x0001 or another supported CID, we could theoretically request the unlock code from Moto assuming that this modifies the output of
Code:
fastboot oem get_unlock_data
to accommodate this change. This is only theoretical, and while it has been previously mentioned by other users, I don't think this method is realistic. As far as my knowledge extends in this plane of Android development, the CID has nothing to do with the bootloader or unlocking it at all, nor do I think it has any effect on the output of that command. Unless the command uses the CID as some sort of keyhash for the third line (also a possibility?), I don't think we will get anywhere with this. Just a thought, though!)
Cool! I hope we find a way. Sounds interesting
---------- Post added at 09:47 PM ---------- Previous post was at 09:43 PM ----------
https://www.google.nl/amp/s/forum.x...d-to-flash-twrp-recovery-unlock-t3473294/amp/
Are you referring to this?
SupahCookie said:
https://www.google.nl/amp/s/forum.x...d-to-flash-twrp-recovery-unlock-t3473294/amp/
Are you referring to this?
Click to expand...
Click to collapse
I actually looked into this method before I tried anything else, but unless we can find a way to resign a TWRP image with the stock recovery image signature, flashing an entire ROM with the recovery.img replaced with an untouched TWRP image will work but will fail only at the recovery stage, as this bootloader checks not only the signature of the ROM, but it's components as well. I'm doing my best to try and find a bootloader exploit that will allow us to boot into TWRP temporarily, effectively allowing us to permanently flash the TWRP image.
I'm on the December 1st security patch. Try looking for any vulnerability possible with this bootloader and I'll keep working at it. The link in the OP (the article linked at the top of the post) feels like a step in the right direction, but as for how to use this vulnerability for our own devious uses, I am unsure.
Regards,
James
I know how to do it but it costs about $200 per phone. Chances are, developing an exploit will be more costly in time than my solution.
Sounds promising. Hope to hear more about this.
Sell the Verizon version on Swappa for $174, pitch in $56 and buy the Moto version for $230. Problem solved for even less than $200 now.
larsdennert said:
Sell the Verizon version on Swappa for $174, pitch in $56 and buy the Moto version for $230. Problem solved for even less than $200 now.
Click to expand...
Click to collapse
Yea I am going to get ~$200 out of mine as it is in Mint condition and I did a little customizing to the UI. When i come around to finding another one of these cheap I will def get non Verizon.
I got mine for only $50 !! The pawn shop thought that the phone's home button didnt work and what they didn't realize is that it is a fingerprint scanner not a home button. Muahahaa.. For once the working guy gets the upperhand with pawnshops. Usually they are screwing you! :good:
---------- Post added at 08:02 AM ---------- Previous post was at 07:58 AM ----------
larsdennert said:
Sell the Verizon version on Swappa for $174, pitch in $56 and buy the Moto version for $230. Problem solved for even less than $200 now.
Click to expand...
Click to collapse
Hmm post didnt go through.
I guess I am going to sell mine for $200 and then when i come across a non verizon variant for cheap I will buy it and customize it all. I got lucky with mine. I only paid $50!! from a pawnshop who thought that the home button was stuck. What they didn't realize is that wasn't a home button... It was the fingerprint reader. Muahaha. For once the working guy gets the upperhand at a pawn shop and doesn't get screwed like usual. :good:
Great
Finally at least someone with good knowledge and will to work on these phones, seems other have lost hope already, so it's like bootloader's are encrypted? And digging in deep, breaking it seems impossible, I m trying to learn this stuff as I want my device rooted no matter what! These devices have great specs but without root it's not like I m in control of it, I can't test amazing light weight custom ROMs, I hope its not forgotten
Any news about this dudes?
news?