Related
I8150XXLA2:
Code:
# begin build properties
# autogenerated by buildinfo.sh
ro.build.id=GINGERBREAD
ro.build.display.id=GINGERBREAD.XXLA2
ro.build.version.incremental=XXLA2
ro.build.version.sdk=10
ro.build.version.codename=REL
ro.build.version.release=2.3.6
ro.build.date=Thu Jan 5 22:17:00 KST 2012
ro.build.date.utc=1325769420
ro.build.type=user
ro.build.user=dpi
ro.build.host=DELL170
ro.build.tags=release-keys
ro.product.model=GT-I8150
ro.product.brand=samsung
ro.product.name=GT-I8150
ro.product.device=GT-I8150
ro.product.board=GT-I8150
ro.product.cpu.abi=armeabi-v7a
# Samsung Specific Properties
ro.build.PDA=I8150XXLA2
ro.build.hidden_ver=I8150XXLA2
ro.build.changelist=869026
ro.product.cpu.abi2=armeabi
ro.product.manufacturer=samsung
ro.product.locale.language=en
ro.product.locale.region=GB
ro.wifi.channels=
ro.board.platform=msm7k
# ro.build.product is obsolete; use ro.product.device
ro.build.product=GT-I8150
# Do not try to parse ro.build.description or .fingerprint
ro.build.description=GT-I8150-user 2.3.6 GINGERBREAD XXLA2 release-keys
ro.build.fingerprint=samsung/GT-I8150/GT-I8150:2.3.6/GINGERBREAD/XXLA2:user/release-keys
# Samsung Specific Properties
ro.build.PDA=I8150XXLA2
ro.build.hidden_ver=I8150XXLA2
ro.build.changelist=869026
ro.tether.denied=false
ro.flash.resolution=1080
# end build properties
Instruction:
1. Extract the downloaded file, so that you'll get the tar file.
2. Run Odin 4.38
3. Enter download mode by pressing down on Volume Down Key + OK button then the Power Button
4. Connect phone to PC and wait for Odin detect it ( “ID : COM” block will turn yellow )
5. Put extracted files in PDA slot
6. Hit "Start" button and wait for firmware update to complete
7. Phone reboot and mission accomplished !
Download:
SER:
http://hotfile.com/dl/141768495/41f27c0/I8150XXLA2_I8150OXEKL1_I8150XXKL3.ZIP.html
XEU:
http://hotfile.com/dl/141854637/6931473/GT-I8150_XEU_I8150XXLA2_I8150XXKL4_I8150XXKL3.rar.html
ITV
http://hotfile.com/dl/141860549/227d81c/GT-I8150_ITV_I8150XXLA2_I8150ITVKK1_I8150XXKL3.rar.html
Pass: sampro.pl
What region is this from?
think it's SER
KezraPlanes said:
What region is this from?
Click to expand...
Click to collapse
It's a Asian rom!
Hmm.. I see... Apart from language differences is it better or worse than the stock from EUR?
Sent from my GT-I8150 using XDA App
KezraPlanes said:
Hmm.. I see... Apart from language differences is it better or worse than the stock from EUR?
Sent from my GT-I8150 using XDA App
Click to expand...
Click to collapse
I sent you a private message
May I ask is this rom suitable for Malaysian device?
Which Download Link is for Asia devices ?
ROM for european galaxy w
Hi everyone,
is this rom compatible to the european Galaxy W?
i don´t believe it´s an asian rom.
I think ser is russia, itv ist italy and xeu is united kingdom
anyone tried it already??
fboyde said:
i don´t believe it´s an asian rom.
I think ser is russia, itv ist italy and xeu is united kingdom
anyone tried it already??
Click to expand...
Click to collapse
I believe it's the one I'm using. That language is italian. Rooted and installed CWM Recovery.
is root working on this one?
fboyde said:
is root working on this one?
Click to expand...
Click to collapse
Yes, the Root via Recovery works.
fender90 said:
I believe it's the one I'm using. That language is italian. Rooted and installed CWM Recovery.
Click to expand...
Click to collapse
Hi fender
CWM???
You got ClockworkMod Recovery on your GT-i8150......
Is it in the ROM??
Sent from my GT-I8150 using Tapatalk
irishpancake said:
Hi fender
CWM???
You got ClockworkMod Recovery on your GT-i8150......
Is it in the ROM??
Sent from my GT-I8150 using Tapatalk
Click to expand...
Click to collapse
It's not in the ROM, but arco68 provided it to us so I could flash it
Can u give us the link for the cwm recovery for our phone?
Sent from my GT-I8150 The Grate using XDA App
DarthJonathan said:
Can u give us the link for the cwm recovery for our phone?
Sent from my GT-I8150 The Grate using XDA App
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1446593
fender90 said:
http://forum.xda-developers.com/showthread.php?t=1446593
Click to expand...
Click to collapse
I don't see it in the dev subforum xD, Thanks anyway!!
Can I try this on Asia Device ?
---------- Post added 16th January 2012 at 12:06 AM ---------- Previous post was 15th January 2012 at 11:46 PM ----------
Any asia rom available for 2.3.6 ? Anyone can help me ?
iCyberWorld said:
Can I try this on Asia Device ?
---------- Post added 16th January 2012 at 12:06 AM ---------- Previous post was 15th January 2012 at 11:46 PM ----------
Any asia rom available for 2.3.6 ? Anyone can help me ?
Click to expand...
Click to collapse
http://www.sammobile.com/firmware/
Hey guys,
How did you root the phone with this firmware?
I upgraded to this firmware and now it will not work with Doomlord v3 or v4
This errors is what i got
---------------------------------------------------------------
Easy rooting toolkit (v3.0)
created by DooMLoRD
using exploit zergRush (Revolutionary Team)
Credits go to all those involved in making this possible!
---------------------------------------------------------------
[*] This script will:
(1) root ur device using latest zergRush exploit (16 Nov)
(2) install Busybox (1.18.4)
(3) install SU files (binary: 3.0.3 and apk: 3.0.6)
[*] Before u begin:
(1) make sure u have installed adb drivers for ur device
(2) enable "USB DEBUGGING"
from (Menu\Settings\Applications\Development)
(3) enable "UNKNOWN SOURCES"
from (Menu\Settings\Applications)
(4) [OPTIONAL] increase screen timeout to 10 minutes
(5) connect USB cable to PHONE and then connect to PC
(6) skip "PC Companion Software" prompt on device
---------------------------------------------------------------
CONFIRM ALL THE ABOVE THEN
Druk op een toets om door te gaan. . .
--- STARTING ----
--- WAITING FOR DEVICE
--- cleaning
rm failed for *, No such file or directory
--- pushing zergRush"
1441 KB/s (23056 bytes in 0.015s)
--- correcting permissions
--- executing zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00029118
[+] Found a Samsung, running Samsung mode
[*] Scooting ...
[*] Sleeping a bit (~40s)...
[*] Waking !
[*] Sending 149 zerglings ...
[*] Sleeping a bit (~40s)...
[*] Waking !
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
--- WAITING FOR DEVICE TO RECONNECT
if it gets stuck over here for a long time then try:
disconnect usb cable and reconnect it
toggle "USB DEBUGGING" (first disable it then enable it)
--- DEVICE FOUND
--- pushing busybox
3733 KB/s (1075144 bytes in 0.281s)
--- correcting permissions
--- remounting /system
mount: permission denied (are you root?)
--- copying busybox to /system/xbin/
/system/xbin/busybox: cannot open for write: Read-only file system
--- correcting ownership
Unable to chmod /system/xbin/busybox: No such file or directory
--- correcting permissions
Unable to chmod /system/xbin/busybox: No such file or directory
--- installing busybox
/system/xbin/busybox: not found
--- pushing SU binary
failed to copy 'files\su' to '/system/bin/su': Read-only file system
--- correcting ownership
Unable to chmod /system/bin/su: No such file or directory
--- correcting permissions
Unable to chmod /system/bin/su: No such file or directory
--- correcting symlinks
rm failed for /system/xbin/su, Read-only file system
link failed Read-only file system
--- pushing Superuser app
failed to copy 'files\Superuser.apk' to '/system/app/./Superuser.apk': Read-only
file system
--- cleaning
--- rebooting
ALL DONE!!!
Druk op een toets om door te gaan. . .
Thanks in advance for helping!
Here's how to root your Samsung Galaxy S3. This is ONLY work for U.S or Canadian Galaxy S3. DO NOT TRY ON INTERNATIONAL!
I have tested this process and works flawlessly.
Note: This will only root your phone, it will NOT install ClockworkMod Recovery. If you want ClockworkMod Recovery 1st root your phone and then flash ClocworkMod Recovery using ROM Manager
Download Links & Step by Step Guide: http://ultimatedroid.blogspot.com/2012/10/how-to-root-galaxy-s3-on-mac-osx.html
Credits:
Zedomax - For the tool!
sparkym3 - For finding the exploit!
As of this post it has only been confirmed working on ICS, I have not tested it on Jelly Bean. I will be testing it on Jelly Bean when it is official released.
Enjoy!!
Does this work on Sprint SG3?
thanks
It only rebooted once...
This script will give you
1. Root !
Please read full tutorial at GalaxyS3Root.com!
***************************************************************
waiting... If you get stuck here, try another USB port.
* daemon not running. starting it now *
* daemon started successfully *
Start Rooting...
2935 KB/s (1862336 bytes in 0.619s)
3065 KB/s (91980 bytes in 0.029s)
39 KB/s (142 bytes in 0.003s)
reboot #1 - DO NOT DISCONNECT YOUR DEVICE!
Please help
---------- Post added at 11:23 AM ---------- Previous post was at 10:50 AM ----------
techfanatic9 said:
Here's how to root your Samsung Galaxy S3. This is ONLY work for U.S or Canadian Galaxy S3. DO NOT TRY ON INTERNATIONAL!
I have tested this process and works flawlessly.
Note: This will only root your phone, it will NOT install ClockworkMod Recovery. If you want ClockworkMod Recovery 1st root your phone and then flash ClocworkMod Recovery using ROM Manager
Download Links & Step by Step Guide: http://ultimatedroid.blogspot.com/2012/10/how-to-root-galaxy-s3-on-mac-osx.html
Credits:
Zedomax - For the tool!
sparkym3 - For finding the exploit!
As of this post it has only been confirmed working on ICS, I have not tested it on Jelly Bean. I will be testing it on Jelly Bean when it is official released.
Enjoy!!
Click to expand...
Click to collapse
I am having major issues.
*
* One-Click Root Script for Galaxy S3!
*
* brought to you by GalaxyS3Root.com
*
* Credit goes to XDA user sparkym3 for exploit.
*
***************************************************************
This script will give you
1. Root !
Please read full tutorial at GalaxyS3Root.com!
***************************************************************
waiting... If you get stuck here, try another USB port.
Start Rooting...
4444 KB/s (1862336 bytes in 0.409s)
4657 KB/s (91980 bytes in 0.019s)
84 KB/s (142 bytes in 0.001s)
reboot #1 - DO NOT DISCONNECT YOUR DEVICE!
debugfs 1.42 (29-Nov-2011)
debugfs: rm: File not found by ext2_lookup while trying to resolve filename
debugfs:
debugfs: debugfs: Allocated inode: 2080
debugfs: debugfs: debugfs: debugfs: reboot #2 - DO NOT DISCONNECT YOUR DEVICE!
All Done rooting Galaxy S3, install SuperUser or SuperSU app from Play Store to get full root!
Subscribe to GalaxyS3Root.com for more cool stuff!
rootmac.sh: line 41: @pause: command not found
Coles-Macbook-Air:galaxys3rootuscanadascript cole$
Please help. it reboots once then returns this error from this command.
d0g said:
Does this work on Sprint SG3?
thanks
Click to expand...
Click to collapse
Yes
colemac said:
It only rebooted once...
This script will give you
1. Root !
Please read full tutorial at GalaxyS3Root.com!
***************************************************************
waiting... If you get stuck here, try another USB port.
* daemon not running. starting it now *
* daemon started successfully *
Start Rooting...
2935 KB/s (1862336 bytes in 0.619s)
3065 KB/s (91980 bytes in 0.029s)
39 KB/s (142 bytes in 0.003s)
reboot #1 - DO NOT DISCONNECT YOUR DEVICE!
Please help
---------- Post added at 11:23 AM ---------- Previous post was at 10:50 AM ----------
I am having major issues.
*
* One-Click Root Script for Galaxy S3!
*
* brought to you by GalaxyS3Root.com
*
* Credit goes to XDA user sparkym3 for exploit.
*
***************************************************************
This script will give you
1. Root !
Please read full tutorial at GalaxyS3Root.com!
***************************************************************
waiting... If you get stuck here, try another USB port.
Start Rooting...
4444 KB/s (1862336 bytes in 0.409s)
4657 KB/s (91980 bytes in 0.019s)
84 KB/s (142 bytes in 0.001s)
reboot #1 - DO NOT DISCONNECT YOUR DEVICE!
debugfs 1.42 (29-Nov-2011)
debugfs: rm: File not found by ext2_lookup while trying to resolve filename
debugfs:
debugfs: debugfs: Allocated inode: 2080
debugfs: debugfs: debugfs: debugfs: reboot #2 - DO NOT DISCONNECT YOUR DEVICE!
All Done rooting Galaxy S3, install SuperUser or SuperSU app from Play Store to get full root!
Subscribe to GalaxyS3Root.com for more cool stuff!
rootmac.sh: line 41: @pause: command not found
Coles-Macbook-Air:galaxys3rootuscanadascript cole$
Please help. it reboots once then returns this error from this command.
Click to expand...
Click to collapse
Install SuperUser and see if you get SU permission.
Yep it worked. I am trying to transfer files to ext sdcard and get an error when copying....
Sent from my SGH-I747M using xda app-developers app
colemac said:
Yep it worked. I am trying to transfer files to ext sdcard and get an error when copying....
Sent from my SGH-I747M using xda app-developers app
Click to expand...
Click to collapse
Try a factory reset in settings and see if that fixes the problem.
seems people are having a little bit of issue with this method.. has there been any updates or anyone else have success?
This method worked perfectly for me. Just read the instructions twice before actually performing the root.
Sent from my SGH-I747 using Tapatalk 2
Jelly Bean?
Anyone know if this works with Jelly Bean?
Does it work with JB?
I know this is an old thread, but has it been tested with Jelly Bean yet? I really want to know if it works.
Just got the Xperia T2 D5306 version 19.0.1.A.0.223 in Chile and can't find any way to root it
The boot loader is locked and it's looking at the service menu *#*#7378423#*#* Service info > Configuration > Rooting Status, it can't be unlocked.
What are my option ?
http://forum.xda-developers.com/devdb/project/dl/?id=8583&task=get
Enable USB debugging > download from above link, extract to a new folder, run the install.bat file, connect phone, allow permission requests = rooted in 30 seconds
Xperia T2 Ultra | Android 4.4.2
Sadly it's not working, I've already tried that :
==============================================
= =
= Easy Root Tool v12 =
= Supports various Xperia devices =
= created by zxz0O0 =
= =
= http://forum.xda-developers.com/ =
= showthread.php?p=53448680 =
= =
= Many thanks to: =
= - [NUT] =
= - geohot =
= - MohammadAG =
= - cubeundcube =
= - nhnt11 =
= - xsacha =
= =
==============================================
It looks like you are running Linux
Please make sure ia32-libs is installed if you get any errors
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
=============================================
Waiting for Device, connect USB cable now...
Make sure that you authorize the connection
if you get any message on the phone
=============================================
Device found!
=============================================
Getting device variables
=============================================
Device model is D5306
Firmware is 19.0.1.A.0.223
=============================================
Sending files
=============================================
35 KB/s (1593 bytes in 0.044s)
26 KB/s (1133 bytes in 0.042s)
204 KB/s (9496 bytes in 0.045s)
286 KB/s (13672 bytes in 0.046s)
2625 KB/s (657704 bytes in 0.244s)
Copying kernel module...
820 KB/s (34473 bytes in 0.041s)
19 KB/s (823 bytes in 0.041s)
285 KB/s (13592 bytes in 0.046s)
Kernel version is 3.4.0+
Version does not match 3.4.0-perf-ge4322cd, needs patching...
0+1 records in
0+1 records out
7 bytes transferred in 0.001 secs (7000 bytes/sec)
Kernel module patched.
modulecrcpatch (by zxz0O0)
module_layout: patched to 0x041FDEDA
__aeabi_unwind_cpp_pr1: match
kallsyms_lookup_name: not found
printk: not found
mem_text_write_kernel_word: not found
__aeabi_unwind_cpp_pr0: match
successfully patched
=============================================
Loading geohot's towelroot (modified by zxz0O0)
=============================================
290 KB/s (13592 bytes in 0.045s)
2590 KB/s (197320 bytes in 0.074s)
=============================================
Waiting for towelroot to exploit...
towelzxperia by zxz0O0 (EasyRootTool Version)
libexploit by geohot
libzxploit.so created
doing the magic
creating vm (loljavasucks)
done
Checking if device is rooted...
error: device not found
Error: device not rooted
Hi guys, i'm new to this forum and to android rooting.
I followed the procedure to root the device but i'm getting this error:
==============================================
= =
= Easy Root Tool v12 =
= Supports various Xperia devices =
= created by zxz0O0 =
= =
= http://forum.xda-developers.com/ =
= showthread.php?p=53448680 =
= =
= Many thanks to: =
= - [NUT] =
= - geohot =
= - MohammadAG =
= - cubeundcube =
= - nhnt11 =
= - xsacha =
= =
==============================================
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
=============================================
Waiting for Device, connect USB cable now...
Make sure that you authorize the connection
if you get any message on the phone
=============================================
Device found
=============================================
Getting device variables
=============================================
Device model is D5503
Firmware is 14.6.A.0.368
=============================================
Sending files
=============================================
1 KB/s (1593 bytes in 1.000s)
4574 KB/s (657704 bytes in 0.140s)
1 KB/s (1575 bytes in 1.000s)
594 KB/s (9496 bytes in 0.015s)
13 KB/s (13672 bytes in 1.000s)
Copying kernel module...
2158 KB/s (34473 bytes in 0.015s)
0 KB/s (823 bytes in 1.000s)
850 KB/s (13592 bytes in 0.015s)
Kernel version is 3.4.0-perf-g4fd66c3
Version does not match 3.4.0-perf-ge4322cd, needs patching...
dd: conv option disabled
Kernel module patched.
error: only position independent executables (PIE) are supported.
=============================================
Loading towelzxperia
=============================================
13 KB/s (13592 bytes in 1.000s)
4117 KB/s (197320 bytes in 0.046s)
=============================================
Waiting for towelzxperia to exploit...
error: only position independent executables (PIE) are supported.
done
Checking if device is rooted...
Error: device not rooted
Premere un tasto per continuare . . .
Can you please help me?
i got this version build and kernel
Build 14.6.A.0.368
Kernel 3.4.0-perf-g4fd66c3
Thanks
oppio said:
Hi guys, i'm new to this forum and to android rooting.
I followed the procedure to root the device but i'm getting this error:
==============================================
= =
= Easy Root Tool v12 =
= Supports various Xperia devices =
= created by zxz0O0 =
= =
= http://forum.xda-developers.com/ =
= showthread.php?p=53448680 =
= =
= Many thanks to: =
= - [NUT] =
= - geohot =
= - MohammadAG =
= - cubeundcube =
= - nhnt11 =
= - xsacha =
= =
==============================================
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
=============================================
Waiting for Device, connect USB cable now...
Make sure that you authorize the connection
if you get any message on the phone
=============================================
Device found
=============================================
Getting device variables
=============================================
Device model is D5503
Firmware is 14.6.A.0.368
=============================================
Sending files
=============================================
1 KB/s (1593 bytes in 1.000s)
4574 KB/s (657704 bytes in 0.140s)
1 KB/s (1575 bytes in 1.000s)
594 KB/s (9496 bytes in 0.015s)
13 KB/s (13672 bytes in 1.000s)
Copying kernel module...
2158 KB/s (34473 bytes in 0.015s)
0 KB/s (823 bytes in 1.000s)
850 KB/s (13592 bytes in 0.015s)
Kernel version is 3.4.0-perf-g4fd66c3
Version does not match 3.4.0-perf-ge4322cd, needs patching...
dd: conv option disabled
Kernel module patched.
error: only position independent executables (PIE) are supported.
=============================================
Loading towelzxperia
=============================================
13 KB/s (13592 bytes in 1.000s)
4117 KB/s (197320 bytes in 0.046s)
=============================================
Waiting for towelzxperia to exploit...
error: only position independent executables (PIE) are supported.
done
Checking if device is rooted...
Error: device not rooted
Premere un tasto per continuare . . .
Can you please help me?
i got this version build and kernel
Build 14.6.A.0.368
Kernel 3.4.0-perf-g4fd66c3
Thanks
Click to expand...
Click to collapse
I have not seen a working root method for 5.1.1. Be patient.
Best regards,
Coempi
Coempi said:
I have not seen a working root method for 5.1.1. Be patient.
Best regards,
Coempi
Click to expand...
Click to collapse
oh thanks for the reply.
I'll wait for the new method then!
best regards
oppio said:
Hi guys, i'm new to this forum and to android rooting.
I followed the procedure to root the device but i'm getting this error:
==============================================
= =
= Easy Root Tool v12 =
= Supports various Xperia devices =
= created by zxz0O0 =
= =
= http://forum.xda-developers.com/ =
= showthread.php?p=53448680 =
= =
= Many thanks to: =
= - [NUT] =
= - geohot =
= - MohammadAG =
= - cubeundcube =
= - nhnt11 =
= - xsacha =
= =
==============================================
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
=============================================
Waiting for Device, connect USB cable now...
Make sure that you authorize the connection
if you get any message on the phone
=============================================
Device found
=============================================
Getting device variables
=============================================
Device model is D5503
Firmware is 14.6.A.0.368
=============================================
Sending files
=============================================
1 KB/s (1593 bytes in 1.000s)
4574 KB/s (657704 bytes in 0.140s)
1 KB/s (1575 bytes in 1.000s)
594 KB/s (9496 bytes in 0.015s)
13 KB/s (13672 bytes in 1.000s)
Copying kernel module...
2158 KB/s (34473 bytes in 0.015s)
0 KB/s (823 bytes in 1.000s)
850 KB/s (13592 bytes in 0.015s)
Kernel version is 3.4.0-perf-g4fd66c3
Version does not match 3.4.0-perf-ge4322cd, needs patching...
dd: conv option disabled
Kernel module patched.
error: only position independent executables (PIE) are supported.
=============================================
Loading towelzxperia
=============================================
13 KB/s (13592 bytes in 1.000s)
4117 KB/s (197320 bytes in 0.046s)
=============================================
Waiting for towelzxperia to exploit...
error: only position independent executables (PIE) are supported.
done
Checking if device is rooted...
Error: device not rooted
Premere un tasto per continuare . . .
Can you please help me?
i got this version build and kernel
Build 14.6.A.0.368
Kernel 3.4.0-perf-g4fd66c3
Thanks
Click to expand...
Click to collapse
If bootloader unlocked, many options. If not, not yet, (maybe prf, haven't tried myself).
levone1 said:
If bootloader unlocked, many options. If not, not yet, (maybe prf, haven't tried myself).
Click to expand...
Click to collapse
how can i unlock bootloader?
sorry but i'm just a noob
oppio said:
how can i unlock bootloader?
sorry but i'm just a noob
Click to expand...
Click to collapse
If you want to, start here - http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/ - but make sure you want to... There are certain risks and ramifications involved. Personally, I did it right away bc I wasn't too worried about those things, but some people are more hesitant.
levone1 said:
If bootloader unlocked, many options. If not, not yet, (maybe prf, haven't tried myself).
Click to expand...
Click to collapse
What options are there in open BL????
dakbungie said:
What options are there in open BL????
Click to expand...
Click to collapse
Here's what I did -
http://forum.xda-developers.com/sony-xperia-z1-compact/general/root-stock-5-1-ub-t3203247
There's also at least 4 PRFs in the 'general' section of this forum. You could also make your own PRF. PRF Creator thread is in cross-device development forum. (BTW, I think PRFs work fine with locked bl, but I've never done it, just read some threads).
With unlocked bl, almost anything is possible, since you can flash any IMG any time to get into recovery and modify /system. As long as you have a stock kernel that will work, then you just flash it back when you're ready. Of course it's risky if you're messing with things you don't really understand.
you flash via adb?
EdiT:
adb is waiting for device....can u help me
Win10
dakbungie said:
you flash via adb?
EdiT:
adb is waiting for device....can u help me
Win10
Click to expand...
Click to collapse
What point are you at? Are you trying to unlock bl?
As far as getting adb to work, I've only used up to Win 8, so not sure about Win 10. I know that it's very common to have problems with it, but it seems like it can always be fixed. Besides installing adb package, you may need phone drivers. PC companion or Flashtool can help.
levone1 said:
What point are you at? Are you trying to unlock bl?
As far as getting adb to work, I've only used up to Win 8, so not sure about Win 10. I know that it's very common to have problems with it, but it seems like it can always be fixed. Besides installing adb package, you may need phone drivers. PC companion or Flashtool can help.
Click to expand...
Click to collapse
bootloader is unlocked.
but i don´t get root ..
and i don´t know what is wrong.
witch phone drive do u use?
---------- Post added at 08:41 AM ---------- Previous post was at 08:01 AM ----------
so.....
adb device - work (my phone is listed)
adb reboot-bootloader (works led is blue)
fastboot flash boot boot.img (waiting for device for minutes........)
so i dont find the problem....
levone1 said:
What point are you at? Are you trying to unlock bl?
As far as getting adb to work, I've only used up to Win 8, so not sure about Win 10. I know that it's very common to have problems with it, but it seems like it can always be fixed. Besides installing adb package, you may need phone drivers. PC companion or Flashtool can help.
Click to expand...
Click to collapse
I accidently thanked your post, but didn't ment it.
Why don't you tell about the loss of DRM keys by unlocking the bootloader?
There are guides about backing up the TA partition before you unlock the bootloader.
With a TA backup you can always go back to the first time as you bought your device. :banghead:
Sent from my D5503 using xda premium
Frunzdoedel said:
I accidently thanked your post, but didn't ment it.
Why don't you tell about the loss of DRM keys by unlocking the bootloader?
There are guides about backing up the TA partition before you unlock the bootloader.
With a TA backup you can always go back to the first time as you bought your device. :banghead:
Sent from my D5503 using xda premium
Click to expand...
Click to collapse
I'm sorry you didn't know that ahead of time. I said in post 6 that there are ramifications involved. I didn't think I necessarily had to explain everything, but figured you'd look into it. As far as drivers, I mentioned in post 10 that PC Companion or Flashtool can help with drivers. If you use PC Companion, it will detect your phone, if Flashtool, there's a 'drivers' folder which contains a driver installation exe file.
I also mentioned that you could try PRF even without unlocking bl. I just told you what I did if you want to try. I'm glad to help, but it's your responsibility.
Anyway, the reason I was asking what point you're at is bc if your bl is unlocked, you don't use adb at this point, but fastboot. If you're connected in fastboot mode, (blue led), then go to adb directory in terminal, and type fastboot commands.
temp root exploit for LG V50 ThinQ with android 10 firmware
including temporal magisk setup from the exploit
The exploit uses CVE-2020-0041 originally designed for Pixel 3 running kernel 4.9.
I have adapted the Pixel 3 specific exploit for kernel 4.14 that is used with LG phones running Android 10 with March security patch level.
This work has been done upon request of @Inerent who contributed not only with very fine donations, but also did all the testing on his LG phone, as I do not own any LG phone myself.
As an addon I have implemented setup of magisk v20.4 from temp root exploit included su permission asking notification support, that has been also a hell of work to get working.
SUPPORTED TARGETS
You can find currently running fw version with 'getprop ro.vendor.lge.factoryversion' command run in an adb shell.
LMV500NAT-00-V20m-LAO-COM-MAR-10-2020+0 - LG V50 ThinQ with V500N20m fw, 2020-03-01 security patch level
LMV500NAT-00-V20f-LAO-COM-JAN-31-2020+0 - LG V50 ThinQ with V500N20f fw, 2020-01-01 security patch level
LMV500NAT-00-V20b-LAO-COM-DEC-23-2019+0 - LG V50 ThinQ with V500N20b fw, 2019-12-01 security patch level
LMV500AT-00-V20g-LAO-COM-MAR-10-2020+0
LMV500AT-00-V20a-LAO-COM-JAN-24-2020+0
LMV500AT-00-V20e-LAO-COM-JAN-23-2020+0
LMV450AT-00-V20a-LAO-COM-JAN-15-2020-ARB00+2 - LG V50 ThinQ Sprint fw, 2020-01-01 security patch level
Please note, it is unlikely that any other fw version than those listed above would work.
The only (unlikely) case when the exploit could work with different fw version (or different phone model) would be that they would use binary identical kernel image in the firmware.
USAGE HOWTO
be sure to run supported firmware version on your phone (you may need to downgrade, involving factory reset)
enable developer mode options and in there adb debugging (eventually install adb drivers)
download the v50g8-mroot3.zip with the exploit attached in this post and unzip it
use 'adb push v50g8-mroot3 /data/local/tmp' and get temp root with following commands in 'adb shell':
Code:
cd /data/local/tmp
chmod 755 ./v50g8-mroot3
./v50g8-mroot3
If it worked, you should see something like this:
Code:
[+] Mapped 200000
[+] selinux_enforcing before exploit: 1
...
[+] Launching privileged shell
root_by_cve-2020-0041:/data/local/tmp # getenforce
Permissive
root_by_cve-2020-0041:/data/local/tmp # id
uid=0(root) gid=0(root) groups=0(root) context=kernel
root_by_cve-2020-0041:/data/local/tmp #
In case you get 'target is not supported', you may list supported targets with
Code:
./v50g8-mroot3 -T
and try to force one close to yours using '-t num' option.
Please see the 2nd post for magisk setup from temp root details.
Please be careful what you use the temp root for.
Changing something in partitions protected by dm-verity (or Android Verified Boot 2.0), like for example /system, /vendor or kernel boot partition, can result with a not anymore booting phone.
In such case you would need a way to emergency flash stock firmware to recover.
This is why it is called 'temp root' - you get a root shell only temporarily, it is lost with reboot and it does not allow to make permanent changes in crucial partitions until bootloader unlock is achieved.
Some partitions might still be possible to modify - for example in case of sony xperia phones it was possible to do permanent debloat via changes in /oem partition and such debloat would survive even factory reset. Similarly some modem configs have been present in /oem allowing to setup IMS for different operators/regions or tune other modem related stuff.
SOURCES
Exploit sources for all releases are available at my github here.
CREDITS
Big thanks to Blue Frost Security for the excellent writeup and the exploit itself.
DONATIONS
If you like my work, you can donate using the Donate to Me button with several methods there.
Already donated:
@Catalin Oprea ($710)
Luis Rosado ($30)
Kirn Gill ($6) LG V60 user
Android Maisters ($30)
Matthew Hinkle ($40)
Daniel Novo ($22)
Tony Romeo ($56)
Yurii Boiko ($20)
VL48 ($33)
Savcho Savchev ($30)
Josue W ($15)
Reyna Cruz ($15)
Tyler Thompson ($3)
Tam Van Phan ($8,4)
MR D CRANSON ($25)
Gilberto Lozada ($15)
Keith Young ($45)
Zee Bee ($11)
Kevin Borges ($50) root bounty at gofundme.com
Catalin Oprea (+$50) root bounty at gofundme.com
Luke Miller ($50) root bounty at gofundme.com
@AngryManMLS ($20)
@Shtiff1 ($20)
Thank you very much to all who donated or are about to donate.
DOWNLOAD
MAGISK SETUP FROM TEMP ROOT WITH LOCKED BOOTLOADER
To enjoy the temporal root with apps asking for root permission, you can now start magisk v20.4 from the root shell provided by the exploit.
download the v50g8-mroot3.zip with the exploit attached in the first post
download Magisk-v20.4.zip from magisk releases page on github here
use 'adb push v50g8-mroot3.zip Magisk-v20.4.zip /data/local/tmp' to copy the zips to the phone
unzip and prepare magisk setup with following commands in 'adb shell'
Code:
cd /data/local/tmp
unzip v50g8-mroot3.zip
chmod 755 v50g8-mroot3 magisk-setup.sh magisk-start.sh
./magisk-setup.sh
get temp root and start magisk up with following commands in 'adb shell':
Code:
cd /data/local/tmp
./v50g8-mroot3
./magisk-start.sh -1
./magisk-start.sh -2
./magisk-start.sh -3
just this point should be done after each reboot to get magisk running again.
NOTE: please be sure to enter each command separately, line after line - do not paste all in a single block and do not put them in a script.
There are reasons this is divided in 3 stages. With this approach I got the best stability, while putting ./v50g8-mroot3 together with -1 and/or -2 stuff in a single script run resulted with a reboot most of the time.
Phases 2 and 3 need to be split for functional reasons to start magisk with working su permission asking notification.
If it worked, you should see something like this:
Code:
flashlmdd:/ $ cd /data/local/tmp
flashlmdd:/data/local/tmp $ ./v50g8-mroot3
[+] factoryversion = LMV500NAT-00-V20m-LAO-COM-MAR-10-2020+0
[+] Mapped 200000
[+] selinux_enforcing before exploit: 1
[+] pipe file: 0xffffffd07822fa00
[+] file epitem at ffffffd102da6d00
[+] Reallocating content of 'write8_inode' with controlled data...............[DONE]
[+] Overwriting 0xffffffd07822fa20 with 0xffffffd102da6d50...[DONE]
[+] Write done, should have arbitrary read now.
[+] file operations: ffffff9dee01ebf8
[+] kernel base: ffffff9dece80000
[+] Reallocating content of 'write8_selinux' with controlled data..[DONE]
[+] Overwriting 0xffffff9def290000 with 0x0...[DONE]
[+] init_cred: ffffff9def02fcd0
[+] memstart_addr: 0xfffffff040000000
[+] First level entry: ae7f6003 -> next table at ffffffd06e7f6000
[+] Second level entry: ae419003 -> next table at ffffffd06e419000
[+] sysctl_table_root = ffffff9def05c710
[+] Reallocating content of 'write8_sysctl' with controlled data.......[DONE]
[+] Overwriting 0xffffffd1316fc268 with 0xffffffd0ba748000...[DONE]
[+] Injected sysctl node!
[+] Node write8_inode, pid 7109, kaddr ffffffd0c1193700
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Node write8_selinux, pid 6726, kaddr ffffffd08bfeb400
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Node write8_sysctl, pid 6772, kaddr ffffffd0afc0d000
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Cleaned up sendmsg threads
[+] epitem.next = ffffffd07822fa20
[+] epitem.prev = ffffffd07822fad8
[+] Launching privileged shell
root_by_cve-2020-0041:/data/local/tmp # ./magisk-start.sh -1
+ FRESH=false
+ '[' -1 '=' --fresh ']'
+ '[' ! -e /data/adb/magisk/busybox ']'
+ ./magiskpolicy --live --magisk 'allow dumpstate * * *'
Load policy from: /sys/fs/selinux/policy
root_by_cve-2020-0041:/data/local/tmp # ./magisk-start.sh -2
+ FRESH=false
+ '[' -2 '=' --fresh ']'
+ '[' ! -e /data/adb/magisk/busybox ']'
+ STAGE=2
+ '[' 2 '=' 2 ']'
+ mount -t tmpfs -o 'mode=755' none /sbin
+ chcon u:object_r:rootfs:s0 /sbin
+ chmod 755 /sbin
+ cp -a magisk/boot_patch.sh /sbin
+ cp -a magisk/magiskboot /sbin
+ cp -a magisk/magiskinit64 /sbin
+ cp -a magisk/busybox /sbin
+ cp -a magisk/util_functions.sh /sbin
+ cd /sbin
+ chmod 755 boot_patch.sh busybox magiskboot magiskinit64 util_functions.sh
+ mkdir r
+ mount -o bind / r
+ cp -a r/sbin/. /sbin
+ umount r
+ rmdir r
+ mv magiskinit64 magiskinit
+ ./magiskinit -x magisk magisk
+ ln -s /sbin/magiskinit /sbin/magiskpolicy
+ ln -s /sbin/magiskinit /sbin/supolicy
+ false
+ chcon -R u:object_r:magisk_file:s0 /data/adb/magisk
+ rm -f magiskboot util_functions.sh boot_patch.sh
+ ln -s /sbin/magisk /sbin/su
+ ln -s /sbin/magisk /sbin/resetprop
+ ln -s /sbin/magisk /sbin/magiskhide
+ mkdir /sbin/.magisk
+ chmod 755 /sbin/.magisk
+ >/sbin/.magisk/config
+ echo 'KEEPVERITY=true'
+ >>/sbin/.magisk/config
+ echo 'KEEPFORCEENCRYPT=true'
+ chmod 000 /sbin/.magisk/config
+ mkdir -p /sbin/.magisk/busybox
+ chmod 755 /sbin/.magisk/busybox
+ mv busybox /sbin/.magisk/busybox
+ mkdir -p /sbin/.magisk/mirror
+ chmod 000 /sbin/.magisk/mirror
+ mkdir -p /sbin/.magisk/block
+ chmod 000 /sbin/.magisk/block
+ mkdir -p /sbin/.magisk/modules
+ chmod 755 /sbin/.magisk/modules
+ mkdir -p /data/adb/modules
+ chmod 755 /data/adb/modules
+ mkdir -p /data/adb/post-fs-data.d
+ chmod 755 /data/adb/post-fs-data.d
+ mkdir -p /data/adb/service.d
+ chmod 755 /data/adb/service.d
+ chcon -R -h u:object_r:rootfs:s0 /sbin/.magisk
+ chcon u:object_r:magisk_file:s0 /sbin/.magisk/busybox/busybox
+ /sbin/magisk --daemon
client: launching new main daemon process
+ pidof magiskd
+ MP=14148
+ '[' -z 14148 ']'
+ >/sbin/.magisk/escalate
+ echo 14148
+ '[' -e /sbin/.magisk/escalate ']'
+ sleep 1
+ '[' -e /sbin/.magisk/escalate ']'
root_by_cve-2020-0041:/data/local/tmp # ./magisk-start.sh -3
+ FRESH=false
+ '[' -3 '=' --fresh ']'
+ '[' ! -e /data/adb/magisk/busybox ']'
+ STAGE=3
+ '[' 3 '=' 2 ']'
+ >/sbin/.magisk/magiskd
+ echo -e '#!/system/bin/sh\n/sbin/magisk --daemon'
+ chmod 755 /sbin/.magisk/magiskd
+ chcon u:object_r:dumpstate_exec:s0 /sbin/.magisk/magiskd
+ getprop init.svc.dumpstate
+ SVC=''
+ timeout=10
+ '[' 10 -gt 0 ']'
+ stop dumpstate
+ killall -9 magiskd
+ stop dumpstate
+ mount -o bind /sbin/.magisk/magiskd /system/bin/dumpstate
+ start dumpstate
+ timeout=10
+ '[' 10 -le 0 ']'
+ pidof magiskd
+ MP=14165
+ '[' -n 14165 ']'
+ break
+ stop dumpstate
+ sleep 1
+ umount /system/bin/dumpstate
+ rm -f /sbin/.magisk/magiskd
+ '[' '' '=' running ']'
+ rm -f /dev/.magisk_unblock
+ /sbin/magisk --post-fs-data
+ timeout=10
+ '[' -e /dev/.magisk_unblock -o 10 -le 0 ']'
+ sleep 1
+ timeout=9
+ '[' -e /dev/.magisk_unblock -o 9 -le 0 ']'
+ /sbin/magisk --service
+ sleep 1
+ /sbin/magisk --boot-complete
+ chmod 751 /sbin
root_by_cve-2020-0041:/data/local/tmp # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc),3011(uhid) context=u:r:magisk:s0
root_by_cve-2020-0041:/data/local/tmp # uname -a
Linux localhost 4.14.117-perf #1 SMP PREEMPT Tue Mar 10 18:44:38 KST 2020 aarch64
root_by_cve-2020-0041:/data/local/tmp # getenforce
Permissive
Now you can exit the temp root shell and use 'su' to get a root shell controlled by magisk manager or allow other apps that need root as asking for root permission now works.
You can even re-enable selinux like this from 'adb shell':
Code:
su -c 'setenforce 1'
The magisk setup from exploit including working permission asking has been fully developed by me, it uses some novel techniques to overcome the limitations caused by magisk run from a temp root instead of being integrated in boot process as a service.
TIPS FOR BETTER STABILITY OF THE EXPLOIT
The exploit works based on use after free, that means it depends on state of memory heap and how it changes during exploit time.
That means there is some portion of unpredictability and a chance that something else is overwritten than hoped for by shaping the heap.
So to get best results, one should stop anything that could run in background, like:
set airplain mode, turn off wifi and bluetooth so there is no data connection at all
set "Stay awake" to ON while charging (i.e. using adb shell) in developer options
disable auto updates of system and apps
debloat your system so useless apps do not run in background
reboot your phone having all the above
wait two minutes after boot up with phone unlocked, screen on connected to PC via usb cable having 'adb shell' already active (checking with 'uptime' command)
start the exploit
after getting root shell and succesfuly starting magisk, do not forget to properly exit the temp root shell by use of 'exit' command two times, so the 'adb shell' with the exploit is ended with the rest of clean up
CHANGELOG
2020-05-11 : Initial release (V500N20m-testJ) supporting V500N20m all Korean variants
2020-05-16 : multiple targets supported (v50g8-root)
2020-05-20 : v50g8-dump tool to dump kernel space memory available in G8 thread
2020-05-24 : implemented support for magisk start from the exploit (v50g8-mroot), added support for V50 Sprint with 2020-01-01 security patch level
2020-06-10 : fixed problem when V50 rebooted/crashed soon after obtaining temp root shell, released as v50g8-mroot2
2020-06-23 : hopefully stability improved even more with V50 allowing stable magisk start from temp root, released as v50g8-mroot3
Ok guys, OK!!!!
Here is a guide made for noobs for Root (download, extract and copy root file inside platform tools folder) and Backup in it, using Adb Platform Tools
Root and Backup V50 Korea
1. Download LG V50 Root (extract it and copy inside platform tools folder), Platform Tools ADB and LG USB Drivers 4.4.2 and install it
https://forum.xda-developers.com/v5...g-v50-temp-root-exploit-via-cve-2020-t4098077
https://www.mediafire.com/file/mu78ydkoalgfzyd/platform_tools_adb.zip/file
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
2. Connect USB then Enable Developer Options and USB Debugging and enable Stay Awake Screen
3. Turn off wifi, data, bluetooth restart phone, unlock screen and let it 1 minute to load all processes
4. Run Power shell command from inside platform tools folder (SHIFT+right mouse and open power shell here) and type cmd and hit enter
5. Run command - adb devices - a pupup should appear on your phone - tap Allow and Remember it on your phone!
6. Run one by one the following commands
adb push V500N20m-testJ /data/local/tmp
adb shell
cd /data/local/tmp
chmod 755 ./V500N20m-testJ
./V500N20m-testJ
7. When rooted you will have this lines in terminal
[*] Launching privileged shell
root_by_cve-2020-0041:/data/local/tmp #
If root is not achieved or phone restarts by itself repeat from step 3
Backup Important non KDZ Stuff like IMEI
1. Download this file backupselected.sh and move it inside your adb program This is already pushed to Platform Tools folder so ignore it
https://www.mediafire.com/file/gh00t76n4ctc061/backupselected.sh/file
2. Run this command from cmd
adb push backupselected.sh /data/local/tmp
3. Obtain Temp Root and from root shell run these
chmod -R 777 /data/local/tmp
./backupselected.sh
4. Backup will be saved in Download folder on your phone
Usefull Commands - Maybe @j4nn can help us with more usefull commands
rm *.* - delete all files
rm -rf (folder name) - delete that folder
adb push (folder or file name) /data/local/tmp - copy that folder or file name to that /data/local/tmp address
cd /data/local/tmp - then - pm install (appname) - installs it
Thank you. Can't wait for the G8 root guide!
Excellent someday we will have the Bootloader unlocked and for being to install the R
ags
j4nn said:
temp root exploit for LG V50 ThinQ with android 10 firmware
...................................................................Mod Edit: Removed bulk of unnecessarily quoted OP.........................................................
Thank you very much to all who donated or are about to donate.
DOWNLOAD
Click to expand...
Click to collapse
Mod Edit: Please DO NOT quote the entire OP. Either use HIDE tags or trim the quote as I did. Thank you.
Awesome patiently waiting for spring g8 to be compatable.
Received 150 USD to my paypal from Kevin Borges with following comment:
KanBorges said:
Thank you so much for your work. This is all the money in the bounty I set up on Gofundme. com. My username in XDA is @KanBorges . Again, thank you! Hopefully you can get twrp/magisk soon.
Click to expand...
Click to collapse
Thank you and all other contributors for the donations.
I've updated the first post (not only the donations list but added some more clarifications too).
Please note, as discussed since beginning with @Inerent, only the temp root exploit has been supposed to be implemented by me.
There is however available an engineering booloader, that may eventually allow to unlock bootloader after flashing from temp root.
This needs to be tested first and can involve some risks to brick the phone.
I do not own any LG phone (and do not even want one), so I am not doing that, sorry.
But I've already checked few things regarding the engineering bootloader and I can conclude, that it could be compatible in the sense that it most likely would not brick the device.
The reason I see that comparing stock firmware ABL image and the eng bootloader (aka ABL) seems that both use the same signing root certificate and they both have identical OU info in the signature certificate:
Code:
OU=07 0001 SHA256,
OU=06 0000 MODEL_ID,
OU=05 00000000 SW_SIZE,
OU=04 0031 OEM_ID,
OU=03 0000000000000001 DEBUG,
OU=02 000A50E100310000 HW_ID,
OU=01 000000000000001C SW_ID
If it would work with android 10 is another question though.
Please find attached source for split utility, to get some parts of the image likely to start with a signature certificate.
Those parts then can be converted to text form representation of the certificate via following command for example:
Code:
openssl x509 -in LUN4_abl_a_COM3.img-001238 -inform der -text -noout > LUN4_abl_a_COM3.img-001238.txt
Yes, Jann, thats true. But thx for helping us with some advices. I hope we are a big community (also users are coming from LG v30 and V40) and will figure this out, or rise another bounty if not.
Thx for helping us!
$20 donation sent to @j4nn from me. Thanks for the hard work.
@AngryManMLS, thank you for the donation. Updated the first post.
LG G8
Inerent said:
It seems this lg g820UM is the code for all USA carriers and Canada and should work for all like for koreans
If you do March root it will be compatible with February or January? If yes then pick March firmware.
Firmwares here.:
https://lg-firmwares.com/lg-lmg820um-firmwares/
Click to expand...
Click to collapse
Please note, if the exploit works with March firmware, it does not make it compatible with any other older firmwares, even if they are vulnerable.
The kernel build (binary image) is different there, i.e. it would need different offsets in the exploit to succeed.
The reason for selecting March security patch level with LG V50, i.e. the V500N20m firmware version, has been in order to exploit the newest still exploitable firmware.
The bug has been fixed in LG kernel since April security patch level, so using March fw allows you to use the latest still vulnerable and the most up to date fw for the temp root.
For other targets like the G8 might be useful to select other fw version if there are multiple variants that would use identical kernel binary image, possibly even not having a downloadable fw release for a variant, while existing for another variant (this may be a case if phone variants have identical or nearly the same hw).
j4nn said:
For other targets like the G8 might be useful to select other fw version if there are multiple variants that would use identical kernel binary image, possibly even not having a downloadable fw release for a variant, while existing for another variant (this may be a case if phone variants have identical or nearly the same hw).
Click to expand...
Click to collapse
The difficult thing is that the G8 variants are all over the place with which firmware/security patch they are on. My T-Mobile variant (G820TM) is on January 2020 meanwhile say the Verizon variant (G820UM) is on February 2020. So it's a mess which pretty much tells me each variant will need to have it's own exploit made for it.
Edit: Just found out the G820UM just got the April security update. KDZ isn't out yet for that.
j4nn said:
Please note, if the exploit works with March firmware, it does not make it compatible with any other older firmwares, even if they are vulnerable.
The kernel build (binary image) is different there, i.e. it would need different offsets in the exploit to succeed.
The reason for selecting March security patch level with LG V50, i.e. the V500N20m firmware version, has been in order to exploit the newest still exploitable firmware.
The bug has been fixed in LG kernel since April security patch level, so using March fw allows you to use the latest still vulnerable and the most up to date fw for the temp root.
For other targets like the G8 might be useful to select other fw version if there are multiple variants that would use identical kernel binary image, possibly even not having a downloadable fw release for a variant, while existing for another variant (this may be a case if phone variants have identical or nearly the same hw).
Click to expand...
Click to collapse
Hello, I've been talking to inherent on telegram; I think he sent you some of my outputs / logs. I'm sorry I haven't been able to donate as I'm unfortunately not old enough to do so. I've got a Sprint g8 which is stuck on the Android 10 beta on November patch. If you adapt this for other g820um variants, will it likely work with my patch or not?
@AngryManMLS, most likely April security fixed the bug making it not exploitable anymore.
Yes, each kernel build/image would need specific support in the exploit.
@antintin, I need the binary image of kernel used in the firmware that is running the phone we would target with the temp root exploit in order to develop support for it.
Is your Android 10 beta on November patch firmware downloadable anywhere?
Or can you flash any other firmware?
Can you say which G8 model/carrier would have identical hardware to your Sprint G8, while having a downloadable fw?
j4nn said:
@AngryManMLS, most likely April security fixed the bug making it not exploitable anymore.
Yes, each kernel build/image would need specific support in the exploit.
@antintin, I need the binary image of kernel used in the firmware that is running the phone we would target with the temp root exploit in order to develop support for it.
Is your Android 10 beta on November patch firmware downloadable anywhere?
Or can you flash any other firmware?
Can you say which G8 model/carrier would have identical hardware to your Sprint G8, while having a downloadable fw?
Click to expand...
Click to collapse
Well I'm not entirely certain, maybe I can ask vl48. I think any g820um should be fine though. I doubt there is any beta kdz available to download, however. I unfortunately can only go on the final pie version or November patch beta 10 on my Sprint. My updates are broken :
After the temp root, can we flash Magisk patched boot img to /dev/block/bootdevice/by-name/boot_a or something like that? Does it still work after a reboot
@quantan, most likely not, due to dm-verity/AVB 2.0 - it is a temp root...
Magisk (with possibly limited functionality) may be eventually started from the exploit, but it seems not to work yet...
Would be good to at least have android 10 on the Australian V50 but we can't even get that.
Will never buy lg again.
snake65 said:
Would be good to at least have android 10 on the Australian V50 but we can't even get that.
Will never buy lg again.
Click to expand...
Click to collapse
That is not LG fault, is your carrier one. Wait patiently, pretty soon all our problems are resolved.
snake65 said:
Would be good to at least have android 10 on the Australian V50 but we can't even get that.
Will never buy lg again.
Click to expand...
Click to collapse
I have to agree with you on this one. Right now, LG is getting it's lunch eaten by many Chinese OEMs and their bleeding cash in the smartphone business. LG latest "FLAGSHIP", the V60, is a d*** joke when comparing it's 60Hz screen refresh rate to any new smartphone. It's selling for $809.99 new on Tmob and their already selling for less than $700 on Ebay. By end of summer, $390?
I too "Will never buy LG again!".
BTW, I have an Essential PH-1, admittedly old hardware but I'm already running Android 11 DP4 as a daily with very few problems. The V50 won't see 11 for what....... 18 months?