Hello guys,
Sorry if this is the wrong forum to post this or if I'm breaking the XDA rules, I will delete the thread and move it if this is not the right place.
Just wondering if any of you have been able to root the AT&T Samsung Galaxy S4 Mini (sgh-i257). I have tried several times with different tools without success.
Could you please share something or guide me in the right direction with this stubborn cellphone?
Thank everyone!
Didn't know it was released in the US yet. Is it released on other carriers as well?
arco68 said:
Didn't know it was released in the US yet. Is it released on other carriers as well?
Click to expand...
Click to collapse
Thank you for the reply.
Officially is not released yet, I think it will be released by Thanksgiving day or before since it features VoLTE, same for Telus and I'm pretty sure TMO too.
It is running 4.2.2 , so I already tried to root it with different tools but I'm afraid the bootloader is locked, so just wondering on how to pre-root an Image but haven't find good info so far.
It should be pretty easy if you have a copy of the stock boot.img, but you would need to at least compile an insecure kernel to replace the stock one. I don't think they've released kernel sources for that device yet, but the sources for the GT-I9195 contains device files for a variety of US variants, so it might be possible to use that. However, regarding locked bootloaders, I know a few of the US variants of the regular S4 have that, and requires a hack called Loki to circumvent it. Looking at the sources, the AT&T and Verizon variants need it, so it might be quite possible that the AT&T S4 mini is also locked.
arco68 said:
It should be pretty easy if you have a copy of the stock boot.img, but you would need to at least compile an insecure kernel to replace the stock one. I don't think they've released kernel sources for that device yet, but the sources for the GT-I9195 contains device files for a variety of US variants, so it might be possible to use that. However, regarding locked bootloaders, I know a few of the US variants of the regular S4 have that, and requires a hack called Loki to circumvent it. Looking at the sources, the AT&T and Verizon variants need it, so it might be quite possible that the AT&T S4 mini is also locked.
Click to expand...
Click to collapse
Cool, thanks again! I have access to the complete IMG (1.5GB) not a separated boot.img.
Is there a way that i can extract that partition from the IMG, maybe with dd? I know is not a HDD or USB but should be a way.
I just checked and seems that it has a locked bootloader since the Download option reads: WRITE PROTECTION: Enable.
So i checked the site that you provided me and reading the examples seems that I need root beforehand in the device.
[email protected]:~$ adb shell
[email protected]:/ $ su
[email protected]:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/local/tmp/aboot.img
[email protected]:/ # chmod 644 /data/local/tmp/aboot.img
[email protected]:/ # exit
[email protected]:/ $ exit
[email protected]:~$ adb pull /data/local/tmp/aboot.img
3293 KB/s (2097152 bytes in 0.621s)
Is it possible to add temporary root to the device?
Thanks!
You can copy the boot image using dd, but you probably need root to do it, or from CWM recovery or something.
dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/sdcard/boot.img
Don't know about temp root, but I guess not since the kernel won't allow su to run unless it's insecure (root prevention removed).
What makes you say it might be released around Thanksgiving? Did they tell you that when they gave you the phone?
Where did you get it?
doomfrawen said:
Hello guys,
Sorry if this is the wrong forum to post this or if I'm breaking the XDA rules, I will delete the thread and move it if this is not the right place.
Just wondering if any of you have been able to root the AT&T Samsung Galaxy S4 Mini (sgh-i257). I have tried several times with different tools without success.
Could you please share something or guide me in the right direction with this stubborn cellphone?
Thank everyone!
Click to expand...
Click to collapse
Where did you get that phone? I didn't think it was released yet?
Related
Let's get things started over here.
While we wait for the kernel source from Samsung, we can grab some basic information about the phone and use it to get things rolling.
I have the Sprint GSII, but I'm very prominent in that area as well.
Note: USB Debugging has to be enabled to run any adb commands.
Anybody with ADB if you would be so kind as to run:
Code:
adb shell mounts > mounts.txt
and then upload mounts.txt in your adb folder, that would be an amazing thing right about now.
Also somebody with some good internet speeds I would love to have a dump of the system and mounts.
Make a new folder (called SGH-T989-dump) from where you run adb and run the following command:
Code:
adb pull / /SGH-T989-dump
then please compress the SGH-T989-dump folder and upload it for me to use in future endeavors.
Thanks guys.
Information about rooting the Samsung Galaxy S II:
The Galaxy S II is immune to exploits unless it is those of an unsecured kernel. To have an unsecured kernel however, we have to compile from source, against a source that hasn't yet been released (as of this post).
Root can be maintained in the kernel or in the ROM, either or.
ClockworkRecovery Mod can be easily ported over to this device once I have a dump as described above and the output of all the commands above.
dump: http://dl.dropbox.com/u/21231693/T989odex.zip
as far as that 'mounts' command... i don't think that's gonna work without root.
I've uploaded everything to my website:
for anybody that wants to take a look.
bubby323 said:
I've uploaded everything to my website:
for anybody that wants to take a look.
Click to expand...
Click to collapse
awesome. on the i9100 i believe it's mmcblk0p5 that's the kernel.
http://forum.xda-developers.com/showthread.php?t=1114297
EDIT: looks like the man 'chainfire' has already been modding kernels for the i9100 for while. http://forum.xda-developers.com/showthread.php?t=788108
Just in case some of you are not familiar with it... I wanna give you the link to Samsung's opensource website. This way we can all be checking it daily for the release for our T989.
https://opensource.samsung.com/
bubby323 said:
Let's get things started over here.
While we wait for the kernel source from Samsung, we can grab some basic information about the phone and use it to get things rolling.
I have the Sprint GSII, but I'm very prominent in that area as well.
Note: USB Debugging has to be enabled to run any adb commands.
Anybody with ADB if you would be so kind as to run:
Code:
adb shell mounts > mounts.txt
and then upload mounts.txt in your adb folder, that would be an amazing thing right about now.
Also somebody with some good internet speeds I would love to have a dump of the system and mounts.
Make a new folder (called SGH-T989-dump) from where you run adb and run the following command:
Code:
adb pull / /SGH-T989-dump
then please compress the SGH-T989-dump folder and upload it for me to use in future endeavors.
Thanks guys.
Click to expand...
Click to collapse
Hey, if you want we can setup a go to meeting remote session and do anything you need remotely that way you can get exactly what you need from my phone and at the same time I can learn something.
I just got my T-Mobile Galaxy S2 and have not even put the sim card in it.
If you like this idea email me at:
[email protected]
Thanks.
Much Needed
It seems like given how much bloatware there is on the T-Mobile version, it seems like Rooting is an absolute necessity for this particular device. The Sprint version at least lets you uninstall all that crapware.
This is a BIG THANK YOU to all of those working on getting a root done for this device.
If there is anything I can do to help (I'm a bit of a n00b but I can at least try), please don't hesitate to let me know.
luckyduck69 said:
well.. i'll put it this way guys. i've 4 top devs remote into my machine and look at the phone and try various things. all of them have said that root will not happen unless samsung drops source. so... you're in a waiting game just hoping that samsung will be gracious enough to give it to you.
as far as that goes... you should talk to some prior samsung owners how that works. i honestly can't believe (based on sever prior samsung experiences) that source will arrive before 6 months from now. probably closer to a year. so that's the bitter hard truth of the outlook right now. if you're still in buyer's remorse period might wanna use it.
Click to expand...
Click to collapse
I didn't say that.. I said put a damn device in my hand and I've got a method which, based on previous models, has a 99% chance of success. That 1% is if UART debugging is not present.
AdamOutler said:
I didn't say that.. I said put a damn device in my hand and I've got a method which, based on previous models, has a 99% chance of success. That 1% is if UART debugging is not present.
Click to expand...
Click to collapse
How would you do it? I'm really curious to hear.
But you don't have to if you don't want to.
-Hercules grabbed my post, and threw it at your face to be read-
wesmagyar said:
I see what ya did there...
LOL just share the method. I'm sure if it works the community would be willing to hook ya up.
Sent from my SGH-T989 using Tapatalk
Click to expand...
Click to collapse
I've been repeating this in both of these threads...
UART!
If that does not work, then I'd go inside the device and locate the pre-FSA9240 chip UART lines, connect to them and exploit the battery charging sequence root prompt.
btw.. that video is old. I found a method and the captivate is now a development platform
AdamOutler said:
I've been repeating this in both of these threads...
UART!
If that does not work, then I'd go inside the device and locate the pre-FSA9240 chip UART lines, connect to them and exploit the battery charging sequence root prompt.
btw.. that video is old. I found a method and the captivate is now a development platform
Click to expand...
Click to collapse
I totally have an Arduino board. I never thought about attempting to use it as an interface. That's slick.
icebrkr said:
I totally have an Arduino board. I never thought about attempting to use it as an interface. That's slick.
Click to expand...
Click to collapse
Are you using it or are you just stating that it's cool? I'm betting that it will take at least a few days to get the parts together.
This would already have been done if someone had USPS'd me a device on day one.
Only DEV work on this topic!
Developers only please
keep all comments and chats on this other thread http://forum.xda-developers.com/showthread.php?t=1299840
To figure out which partition the kernel is, and also as an initial "can heimdall even talk to this thing" test, someone needs to install heimdall, enter download mode, and run the following:
Code:
heimdall print-pit
And put the output here.
Preferably someone who is already familiar with heimdall. Download mode is USUALLY accessed as follows:
Turn off device
Hold VolUp + VolDn
Insert USB
Again i wish i was home if for some reason nobody does this throughout today i will when i get home. I am not a dev bit also a quick learner and willing to help in any way possible
Sent from my SGH-T989 using xda premium
Entropy512 said:
To figure out which partition the kernel is, and also as an initial "can heimdall even talk to this thing" test, someone needs to install heimdall, enter download mode, and run the following:
Code:
heimdall print-pit
And put the output here.
Preferably someone who is already familiar with heimdall. Download mode is USUALLY accessed as follows:
Turn off device
Hold VolUp + VolDn
Insert USB
Click to expand...
Click to collapse
I am not familiar with heimdall at all, but if you can't find anyone else, ill try to help.
Sent from my Tmo Galaxy S II
"Steve Jobs is not your boyfriend.....STFU"
Bad news... I've been told that heimdall won't work with the T989, and also supposedly, Odin won't work without a PIT (this is a new thing I've never seen before.)
Entropy512 said:
Bad news... I've been told that heimdall won't work with the T989, and also supposedly, Odin won't work without a PIT (this is a new thing I've never seen before.)
Click to expand...
Click to collapse
that can't be good for business
Sent from my SGH-T989 using XDA Premium App
bzlik88 said:
I am not familiar with heimdall at all, but if you can't find anyone else, ill try to help.
Sent from my Tmo Galaxy S II
"Steve Jobs is not your boyfriend.....STFU"
Click to expand...
Click to collapse
jeffk-macbookpro:bin jeffkloy$ sudo heimdall print-pit
Heimdall v1.3.0, Copyright (c) 2010-2011, Benjamin Dobell, Glass Echidna
http://www.glassechidna.com.au
This software is provided free of charge. Copying and redistribution is
encouraged.
If you appreciate this software and you would like to support future
development please consider donating:
http://www.glassechidna.com.au/donate/
Initialising connection...
Detecting device...
Claiming interface...
ERROR: Claiming interface failed!
DONT ANY ONE ATTEMPT TO FLASH ANYTHING TALKED IN THIS THREAD IT WILL MESS UP UR PHONE only trying to pass info.....I know the thread isn't titled properly, that's because I wanted everyone to look at this post. I know we all want root. So I was looking in the Sprint gs3 section and noobnl of team epic, I believe has achieved root. now he says it's buggy.Now I posted in that thread they said we need the tar file for our phone. I don't have the device, here's the thread (2 of them)http://forum.xda-developers.com/showthread.php?t=1725395 http://forum.xda-developers.com/showthread.php?t=1726088
Youtube post showing how to dump firmware http://www.youtube.com/watch?v=UWs6PKnDtFk Adb commands used:
1.To dump system
dd if=/dev/block/stl6 of=/sdcard/factoryfs.rfs
2.To mount system in rw mode
mount -o remount,rw /dev/block/stl9 /system
or
mount -o remount,rw /dev/block/stl6 /system
guide to unpack http://www.haskell.org/haskellwiki/How_to_unpack_a_tar_file_in_windows
stock boot.img from sprint is compatible with t-mobile
If you (like me) bricked your perfectly working phone by flashing an international boot image. The stock boot.img file from the Sprint version: http://forum.xda-developers.com/showthread.php?t=1726088&page=3 works to bring it back from the dead.
All I can say is that next time I'm going to patiently wait for a complete root. I had a couple of panicked hours there.
I'm uploading a system dump of the t-mobile galaxy s3 for some one to find what they need for root. Should be done in 30 minutes.
thing12 said:
If you (like me) bricked your perfectly working phone by flashing an international boot image. The stock boot.img file from the Sprint version: http://forum.xda-developers.com/showthread.php?t=1726088&page=3 works to bring it back from the dead.
All I can say is that next time I'm going to patiently wait for a complete root. I had a couple of panicked hours there.
Click to expand...
Click to collapse
I'm looking in to this now to see if we can use this to flash our own recovery.
Here's the link to a system dump for t-Mobile's s3.
https://www.dropbox.com/s/uvtlbwh88zgrnyk/system dump.rar
I did a adb system pull to get this.
If you don't know what your doing with this i suggest not flashing anything to you phone or it might be bricked. It is for Dev's who don't have the phone yet to use.
sswb27 said:
Here's the link to a system dump for t-Mobile's s3.
https://www.dropbox.com/s/uvtlbwh88zgrnyk/system dump.rar
I did a adb system pull to get this.
If you don't know what your doing with this i suggest not flashing anything to you phone or it might be bricked. It is for Dev's who don't have the phone yet to use.
Click to expand...
Click to collapse
please create a new thread for this, i was trying to do the same but you beat me to it
AT&T, T-MOBILE, SPRINT, VERIZON have the same models and processor, s4 i figure the only different between all these 4 carriers is their radio, why wouldnt a rom from the gs3 from sprint work on tmobile gs3 and vise versa? if we can keep the same radio and kernel it should be fine. as on rooting method and recoveries
i understand if the hardware was different but we have the same chip and hardware in this case
gypsy214 said:
AT&T, T-MOBILE, SPRINT, VERIZON have the same models and processor, s4 i figure the only different between all these 4 carriers is their radio, why wouldnt a rom from the gs3 from sprint work on tmobile gs3 and vise versa? if we can keep the same radio and kernel it should be fine. as on rooting method and recoveries
i understand if the hardware was different but we have the same chip and hardware in this case
Click to expand...
Click to collapse
Well I'm new to samsung phones but my hunch would be they have different boot loaders. But I'm not sure if that would have any thing to do with it since the boot loader is unlocked.
View the development thread.
We have root!!
sswb27 said:
Well I'm new to samsung phones but my hunch would be they have different boot loaders. But I'm not sure if that would have any thing to do with it since the boot loader is unlocked.
Click to expand...
Click to collapse
Is kinda like the HTC sensation 4G (tmobile us) HTC sensation XE (international with beats) and the HTC sensation (international) same phone same hardware same processor different clocked and all roms works rooting method works and all the goods in development. as long you have the proper radio you were fine. in this case all us version are the same not the international one witch have the samsung exynos quadcore thats a hardware different there. In any case i might be wrong. as i see each of the us sgs3 have its own thread stead of a single one
i know this is stupid to ask as, they dont mean anything. Do you guys think you guys could throw me a bone, for bring this method to our attention if not its nbd. Ill catch em down the road ill be here a while
Boot image?
thing12 said:
If you (like me) bricked your perfectly working phone by flashing an international boot image. The stock boot.img file from the Sprint version: http://forum.xda-developers.com/showthread.php?t=1726088&page=3 works to bring it back from the dead.
All I can say is that next time I'm going to patiently wait for a complete root. I had a couple of panicked hours there.
Click to expand...
Click to collapse
Can you post the image you used or instructions on what you did? I have downloaded the boot.img from the Sprint thread but getting it loaded is a mystery. Thank you
thank you for the TMo firmware, it may come in handy
Im trying to root my canadian e973 but nothing seems to work. Rooting procedure seems to root but when i reboot it isn't? Can someone please help !
taylorheaps said:
Im trying to root my canadian e973 but nothing seems to work. Rooting procedure seems to root but when i reboot it isn't? Can someone please help !
Click to expand...
Click to collapse
what software version are you running?
e97310h
taylorheaps said:
e97310h
Click to expand...
Click to collapse
thats the latest update right? if yes then you will need to revert back to E97310f to root it
would you mind giving me steps to do that?
taylorheaps said:
would you mind giving me steps to do that?
Click to expand...
Click to collapse
download the KDZ file from here, i am assuming your phone is from bell
http://forum.xda-developers.com/showthread.php?t=2036404&page=3
and this thread will tell u how to flash the KDZ file
http://forum.xda-developers.com/showthread.php?t=2010624
thanks! but im not on bell. im on sasktel. i think its the unlocked rom
Were you able to downgrade back to E97310f ? Yup, worked for me
Did that downgrade make your phone rootable? Yup, root worked
What root method are you using? Google LG Optimus G root, and look for the page on android central for the spring lgog
Ok ... so I'm going to follow the rules of XDA ....
Don't post a new thread ~ even if this is different from my model and predicament as it seems to me - a newb.
Search for threads on Q&A, read thoroughly through threads to see if you can find what you're looking for.
Goal: I'd like to root my Telus LG Optimus G, so that I can run "CM10.1" or "JPO40D] Google AOSP Optimus G LGE-973"
Fustration: It would seem, to us newbs at least, that the more experienced veteran members that we're an annoyance asking for steps by steps; thus only getting very generic (an example ... How do I get a citizenship in the USA, get a green card) answers. I'm not here to piss anyone off ... I'm just trying to get some help to make my first android experience worthwhile. Everyone had to learn from somewhere, someone else - yet too many on these threads have forgotten that .... the ESSENCE of a community!
This is what I've done thus far ....
http://forum.xda-developers.com/showpost.php?p=36859752&postcount=246
^ apparently I need to ROOT my Telus E973.
This tool in his thread is SUPPOSED to do it. "Root_with_Restore_by_Bin4ry_v18"
http://forum.xda-developers.com/showthread.php?t=1886460
^ this doesn't frak'n work so what am I supposed to really do???
notes:
Downloaded the "LGE973AT-00-V10e-TLS-CA-OCT-24-2012 0[TELUS CANADA]"
Does anyone have a step by step guide to get to the hidden RECOVERY menu (Power + UP & DOWN buttons from full power off state)!
Yes I've seen that youtube video posted by one of the android modders here - doesn't work. Arrgh!
I feel like throughing this G to the wall and just going back to my iPhone 5 until BB10 is available not ideal really.
Bell E97310F KDZ
I brought my phone in for repairs and it was updated in the process. I want to root again, but can't seem to find a KDZ to downgrade. All of the links that I find are dead. Any ideas?
N/M There was a link in the general section that explained that the address had been updated. If anyone else is looking for it, this worked for me
http://csmgdl.lgmobile.com/swdata/WDLSW/LGE973/ABLMBK/E97310F_00/E97310F_00.kdz
taylorheaps said:
thanks! but im not on bell. im on sasktel. i think its the unlocked rom
Click to expand...
Click to collapse
Sasktel and Bell are pretty much the same thing.....if your on software version of 10h and on Sasktel, revert back to 10f using the Bell .kdz file, then root. You can update via OTA after your rooted and will retain it.
Sent from my almost Nexus 4 E973 using xda app
Not sure why everyone is recommending downgrading to root when there is a perfectly usable method for the latest firmware.
Just create a file named g_security on your internal sd card, turn on adb debugging, get an adb shell, and you'll be root. Download su, copy it to /system/xbin, setuid it and you're rooted. You can then get superuser or supersu from play to seal the deal.
I didn't find this method, just passing along what appears to be overlooked information.
xxbeanxx said:
Not sure why everyone is recommending downgrading to root when there is a perfectly usable method for the latest firmware.
Just create a file named g_security on your internal sd card, turn on adb debugging, get an adb shell, and you'll be root. Download su, copy it to /system/xbin, setuid it and you're rooted. You can then get superuser or supersu from play to seal the deal.
I didn't find this method, just passing along what appears to be overlooked information.
Click to expand...
Click to collapse
What?!
Which folder do you create the empty file named "g_security". If this really does work xxbeanxx you should start a new thread, this is kind of a big deal.
brownsmell said:
What?!
Which folder do you create the empty file named "g_security". If this really does work xxbeanxx you should start a new thread, this is kind of a big deal.
Click to expand...
Click to collapse
he's a freaking genius, i've been using that method to root. xxbeanxx should really start a new thread and spread this
1. just create the "g_security" at the root of your internal memory then turn on adb debug (if its already on, turn off and back on)
2. when you adb in you'll have root.
3. push su to /system/xbin
4. in adb, chmod 4755 /system/xbin
5. ???
6. profit!
=D
xxbeanxx said:
Not sure why everyone is recommending downgrading to root when there is a perfectly usable method for the latest firmware.
Just create a file named g_security on your internal sd card, turn on adb debugging, get an adb shell, and you'll be root. Download su, copy it to /system/xbin, setuid it and you're rooted. You can then get superuser or supersu from play to seal the deal.
I didn't find this method, just passing along what appears to be overlooked information.
Click to expand...
Click to collapse
i try this but it says folder is read only, even after trying to adb remount
edit: got root finally, thank you good sirs
Please I didn't find this method. There is already a thread here about it but as I said it seems to have been overlooked by pretty much everyone.
xxbeanxx said:
Please I didn't find this method. There is already a thread here about it but as I said it seems to have been overlooked by pretty much everyone.
Click to expand...
Click to collapse
Link?
i have a bell e97310h and i did not had to e97310f for it to be rooted. but i did to go to e97310f so that it would allow me to change the rom.
as for getting it root i have used both method and they both worked. Freegee from app store and also from the xda forums.
IcEeeX said:
i have a bell e97310h and i did not had to e97310f for it to be rooted. but i did to go to e97310f so that it would allow me to change the rom.
as for getting it root i have used both method and they both worked. Freegee from app store and also from the xda forums.
Click to expand...
Click to collapse
FreeGee requires root and is for unlocking the boot loader after that, I'm trying to find a reliable known method for rooting the Bell Optimus G first. One that also has unroot. I've searched around here but I can't seem to find any common agreed upon root for the Bell OG
Originally Posted by fiddy619
I really would have posted this much sooner, however, this particular method was being kept secret with the intention of the exploit still being available upon US Jelly Bean release. Since this has been outed, and is now public, i will share a more proper script of the same method. I actually kept the adb shell id command, as it is pretty useful for this operation.
Main differences in my script is that you don't need to ever disconnect your phone.
1. Unzip the zip file
2. Make sure USB Debugging is on, and your are in Charge only Mode
3. Run the CurrentRoot.bat, wait for the prompt
4. Change to MTP mode.
5. Wait for your computer to ask how to view files.
6. Press enter in the CMD prompt to continue.
7. Done.
This is a fully working method for the most current US/Canadian releases, and Jelly Bean releases. BTW, the current release does not install busybox correctly, includes SuperuserPro.apk (which I'm sure wasn't purchased by everyone downloading this). Also I have updated it to the latest busybox, su binary's, and Superuser.apk available.
link for root kit.
http://forum.xda-developers.com/attachment.php?attachmentid=1693749&d=1359687263
Hi, I'm note sure if I'm asking this in the right area its been a while since I've asked anything. Anyway, I'm glad to have root on N930 All devices. However I have a N930V, both root method and combination firmware. I want gain root on the combination firmware but I really don't know how. First I tried flashing the rooted Sprint Leaked firmware, rooting it perm and then flashing the combo and even vice versa. I did alot of splitting files etc etc. Still no luck. I even cracked out Linux because I'm trying to discover how does this Sprint leaked file has root on it anyway but I believe its the "user-debug" kernel. Anyway can anyone elaborate on this? And kind of guide and help me out with this I'd really appreciate it. Please don't ask me why I'm doing this I'm looking for assistance not interrogation. Thanks Vell123
I don't know much about the technical issues, but you tried the Hydra method?
Vell123 said:
I'm trying to discover how does this Sprint leaked file has root on it anyway
Click to expand...
Click to collapse
I don't believe it has root but it doesn't block ADB from pushing SU. Directly after flashing the sprint firmware before even booting it you run ADB and push the superuser.apk so it is rooted at that point. Then you flash the partial VZW firmware which doesn't include the recovery and maybe bootloader. The VZW recovery doesn't even allow ADB to push anything so replacing the recovery is a key step. Why the PH1 firmware allows you to replace it with the Sprint firmware is a mystery to me.
I know right. I havent tried the hydra method @cigars
@jellyhead I'm not trying to root. I just want to make a combo file that has root in the system because it does have a permissive kernel but doesnt have SU access
Vell123 said:
Hi, I'm note sure if I'm asking this in the right area its been a while since I've asked anything. Anyway, I'm glad to have root on N930 All devices. However I have a N930V, both root method and combination firmware. I want gain root on the combination firmware but I really don't know how. First I tried flashing the rooted Sprint Leaked firmware, rooting it perm and then flashing the combo and even vice versa. I did alot of splitting files etc etc. Still no luck. I even cracked out Linux because I'm trying to discover how does this Sprint leaked file has root on it anyway but I believe its the "user-debug" kernel. Anyway can anyone elaborate on this? And kind of guide and help me out with this I'd really appreciate it. Please don't ask me why I'm doing this I'm looking for assistance not interrogation. Thanks Vell123
Click to expand...
Click to collapse
Hi my name is Gary was curious if you ever got answers to your question or if you ever figured out an answer.I belong to a group trying to find root for phe fimware was wondering if you had figured anything out thanks
Sent from my SM-N930V using XDA-Developers Legacy app
garyinskeep1 said:
Hi my name is Gary was curious if you ever got answers to your question or if you ever figured out an answer.I belong to a group trying to find root for phe fimware was wondering if you had figured anything out thanks
Sent from my SM-N930V using XDA-Developers Legacy app
Click to expand...
Click to collapse
Hi Gary unfortunately no I have not found way to 1. root the phe firmware besides using combination files and 2. my answer hasnt been answered either. I'm assuming your device Note 7 device has been blacklisted or blocked via the imei and model number. it sucks i know but I'm still looking and if not anything I'm considering building on the combination file because with combination file you can call and text but you literally have to install all your apps with adb and or sd card if you have one. its a bit of a pain but you also can root and change the model number too
Vell123 said:
Hi Gary unfortunately no I have not found way to 1. root the phe firmware besides using combination files and 2. my answer hasnt been answered either. I'm assuming your device Note 7 device has been blacklisted or blocked via the imei and model number. it sucks i know but I'm still looking and if not anything I'm considering building on the combination file because with combination file you can call and text but you literally have to install all your apps with adb and or sd card if you have one. its a bit of a pain but you also can root and change the model number too
Click to expand...
Click to collapse
I have been able to root one of my note 7 i had an original first gen that was able to be rooted can you hit me up on messenger i would like to ask you a question.
Sent from my SM-N930V using Tapatalk
i dont know how to see your messenger. just email me [email protected]
Hello!
I just picked up a SM-G975U to play with.
Before you get your hopes up, Root and BL Unlock is NOT POSSIBLE on USA variants at this time!
I created this discussion so those willing and able can brainstorm with me with hopes of achieving root or unlock.
Now I wouldnt be creating this thread if I didnt think it was possible or without some form of teasers.
Dont ask me how but flashing combo is possible. I cannot and will not share the method/files as they are not mine to do so.
I noticed on combo this time around if you toggle oem unlock there is a tag that says "OEM Unlocked" when you enter download mode. When you long press vol up it also takes you to the unlock screen. After pressing vol up to accept it reboots and wipes data.
I am not sure the steps after this but so far havent been successful in flashing modified firmware. It is possible this is just a visual but I feel this is closer than any past devices ive owned. Anyone with know how on where the flash lock bit is stored would be of great help.
I should be able to flash some partitions after modifying them such as vbmeta or dtbo etc. to hopefully unlock the BL if I only knew what to modify.
This is not a how-to or dev thread so dont expect me to share any files. It is merely to discuss how the BL is unlocked on SD S10 devices to hopefully lead to an unlock down the road.
To my understanding, toggling the oem unlock sets a bit that tells the system that oem unlocking is allowed as well as disables security such as frp. This persists across reboots and firmware flashes etc.
After that, in DL mode there is a tag that also says device is oem unlocked. At this point you need to actually hold vol up to actually oem unlock the device.
After this I am unclear. We should be able to flash custom firmware at which verified boot state will be orange and the flash lock bit is 0. In my case, verified state is still green and flash lock is still 1 and flashes fail unless officially signed.
I know the dtbo is related to verity and vbmeta to verified boot. Vaultkeeeper to rlc. Then you have metadata, a few "keys" related partitions etc etc.
What is everyones take on this? Any ideas/suggestions are greatly appreciated in advance!
some screens
Welcome aboard! Appreciate all your work from the Note9! Kudos
Hey OP I know you from somewhere.... epic touch 4g forums?? I cant remember what device you had but anyways great to see you here. You think maybe chatting with the people that got root on enoxy may point you in the right direction. I know its enoxy and we got SD which is different but maybe a shot?*
krazy_smokezalot said:
Hey OP I know you from somewhere.... epic touch 4g forums?? I cant remember what device you had but anyways great to see you here. You think maybe chatting with the people that got root on enoxy may point you in the right direction. I know its enoxy and we got SD which is different but maybe a shot?*
Click to expand...
Click to collapse
haha I did own an epic 4g touch back in the day.. was more lurking way back then but who knows lol
for an update, no luck yet lol. been messin with combo on g975u but no easy way in yet. I have managed to change some stuff on efs and other partitions.
the binary checks sammy implemented starting in the s9 devices sucks.
I am still looking though.
i now have uid 1000 access.. with how selinux contexts and ownership is in pie tho i can only access stuff that is mounted rw and system user/group which so far is cache, carrier, efs, data, qdmdbg and various files spread throughout.
dev block wise i can access persistent, and steady partitions.. other than that i can write to the ones that are already mounted.
uid 1000 is a step in the right direction tho... beats shell 2000 uid
not to mention the method for uid 1000 should be there on any sammy device with combo firmware lol
Hi is there anything i can do to help at all cause if so i am willing i have found some stuff online as well posted it in a different post but can share it here if u are interested
I am definitely interested in learning more and being a part of this convo fellas! I have been in the Bus for at least 8 years now and want to learn the next step which is how to navigate around the S10 S10+ Security Features. Anyone mind showing me a few ropes please?
elliwigy said:
not to mention the method for uid 1000 should be there on any sammy device with combo firmware lol
Click to expand...
Click to collapse
This is similar to the techniques used to write imei on cpid phones. Can you share the scripts? You use for temp root.
Chibisuke1219 said:
Hi is there anything i can do to help at all cause if so i am willing i have found some stuff online as well posted it in a different post but can share it here if u are interested
Click to expand...
Click to collapse
Any good reads is welcome!
Vell123 said:
This is similar to the techniques used to write imei on cpid phones. Can you share the scripts? You use for temp root.
Click to expand...
Click to collapse
There is no scripts lol. I can't share the method or files to get to combo.
An update however, I noticed with system prices you can access the efs folder.
I found a way to pass kernel cmdline to the bootloader to set ro props.
I am still messing with it and need an rma as I messed up my efs and can't get cell service now lol
Is S10+ Snapdragon will get root / magisk in anytime soon?
Sent from my MI 8 using Tapatalk
Vuska said:
Is S10+ Snapdragon will get root / magisk in anytime soon?
Click to expand...
Click to collapse
Who knows lol. Similar to N9 seems like I'm only one working on it lol
Currently stuck In a boot loop as i found a exploit for kernel cmdline injection and set ro.secure=0 which it didn't like. I didn't read the info sammy posted on new securities on s10 lineup around additional security around RKP and Knox Verified Boot. It is not the same as say pixel devices as they added onto it
I was told in the other thread that what i had found was more than likely BS but if u still what the link i can give it also am still willing to use my phone as some help if u need it
Edit: switching phone sry guys but keep workin hard i will keep looking for new s10 + finds even though i wont have it and ill keep u updated with whatever i find
Try and flash G97500 I know on older devices it would boot if you used flash fire not sure if you can dd it or not Odin probably wont like it but worth a try just make a system tar and flash it but you would also need that combo firmware.
I'm rockin' the s10+ (am g975u)....
I want root!
I will make pwmage!
Stay tuned!
Ph3n0x said:
Try and flash G97500 I know on older devices it would boot if you used flash fire not sure if you can dd it or not Odin probably wont like it but worth a try just make a system tar and flash it but you would also need that combo firmware.
Click to expand...
Click to collapse
wont work.. secure check fail since signed with dif keys
elliwigy said:
i now have uid 1000 access.. with how selinux contexts and ownership is in pie tho i can only access stuff that is mounted rw and system user/group which so far is cache, carrier, efs, data, qdmdbg and various files spread throughout.
dev block wise i can access persistent, and steady partitions.. other than that i can write to the ones that are already mounted.
uid 1000 is a step in the right direction tho... beats shell 2000 uid
Click to expand...
Click to collapse
Since you have UID 1000 access, wouldn't you be able to dump the partitions off the phone?
If so, why not dump each of the writable partitions and then compare checksums/bits before and after doing the unlock?
I have the g975u and am willing to help however