Ever since I have grabbed the recent Verizon KDA20 (VZW_XT907_4.4.2-KDA20.62-10.1_CFC_1FF) RSD update image, knowing I can unlock (you will see why it was fortunate and unfortunate, both at the same time).
Trouble started when I allowed RSD Lite to reboot my phone with a clean slate. Immediately after the Kit Kat update's Linux kernel started to run, my phone got worryingly warm (enough to get me suspicious). I went ahead and do the usual thing: Hit it with Towel Root + SuperSU combo, and finally unlock the bootloader - I then allowed it to run with SetCPU set at aggressively conservative setting (similar to the laptop's battery saver mode), it didn't help much. So, I turned to CyanogenMod 11 KK_BL (Kit Kat Bootloader), and tried to do the same, that was when bug hunting started. To find out why and how.
Granted, I ran two flavors of stock OSes: Verizon's whale-sized Kit Kat OTA image and Google Play Edition, and the aftermarket: CyanogenMod 11 KK_BL. Even though majority of bugs are different across any OSes, Bootloader's bugs persisted.
Two bugs in Kit Kat bootloader caused me the biggest concerns: Failure of initialization of MSM8960 northbridge watchdog timers, and messed-up battery management software and they both have contributed to the demise of several tens of RAZR M and possibly few MSM8960-based RAZR lines. Enough to make me consider downgrading the phone back to Jelly Beans. Hot phone is an unsafe phone since the motherboard in the phone sits directly above the Lithium-ion polymer cell (aka "Pouch cell"), and there is very tight restrictions as of how hot the processor is allowed to run at: Any 4.2 / 4.3 Volts rated Li-ion batteries will get very unhappy at 60 °C (140 °F), and will start burning at 90 °C (194 °F - very close to water boiling point).
So, I will recommend downgrading back to Jelly Beans after the bootloader unlocking (Status 3 in Fastboot BIOS screen), and flash TWRP 2.7.0.0 specifically for Jelly Beans bootloader then reroot it or just flash CyanogenMod 11 Kit Kat specifically for Jelly Beans bootloader. If your phone's under warranty and is like new, take it to Verizon, and they will have to replace it (they are pretty much aware of dangerous bugs in Kit Kat updates). And yes, I talked to Verizon technicians about what I found out, they told me that Motorola is now fixing their Epic Fail.
~ And to be able to downgrade from Kit Kat back to Jelly Beans on the unlocked bootloader, remove TZ and GPT lines in *.xml file in the RSD image folder you unzipped, and remove the TZ and GPT files to prevent the chance of brick (there is also KK to JB downgrade thread also, you can take a look at the *.xml in the attached zip file as an example).
I didn't have this problem with my Razr M on 183.46.10, so maybe it's just your phone.
lem22 said:
I didn't have this problem with my Razr M on 183.46.10, so maybe it's just your phone.
Click to expand...
Click to collapse
Same here. The KitKat update has been running smooth for me. No heat issues whatsoever. I even play games while my phone is charging.
Hmm... there seem to be different versions/revisions of the Razr M. You can also tell by this "getvar" thing in RSD Lite. Some phones accept it (like mine - I have a Rev. B), some obviously don't.
I still have this audio problems in KitKat though (but nothing battery related).
You can find the soak update from 183.46.10 to 183.46.13 here. I don't know if it fixes some of the bugs, but you could try.
Mine only runs hot while charging but I believe its cuz I use the ultra charging adaptor that pushes 1150mA rather the the 850mA that came with it...but I flashed Fly-On mod last night rather then downgrading (lazy me) and didn't notice it getting hot...
Sent from my XT907 using XDA Premium 4 mobile app
If you think I am the only one who have this problem: partly correct and incorrect - my phone is of third Revision (MSM8960 with HkMG process, thus doesn't like extra voltage pushed by the particular kernel), and there are so many people having the same problems. Verizon have been dealing with this out of frustration. And like anything, it's a matter of time.
And, I used Samsung charger that's rated for 750mA current and yet charging on stock Verizon Kit Kat image have been sluggish. Whenever I used my phone, it have been warm no matter what.
And, I am not going to gamble on obviously broken Kit Kat image anymore. My phone is cool to the touch on Jelly Beans ROM, by the way.
lem22 said:
Hmm... there seem to be different versions/revisions of the Razr M. You can also tell by this "getvar" thing in RSD Lite. Some phones accept it (like mine - I have a Rev. B), some obviously don't.
I still have this audio problems in KitKat though (but nothing battery related).
You can find the soak update from 183.46.10 to 183.46.13 here. I don't know if it fixes some of the bugs, but you could try.
Click to expand...
Click to collapse
You could also use
Code:
mfastboot getvar all
I have no audio problems at all, but I know kabaldan posted a fix somewhere.
I believe .13 is just a patch for Towel Root.
.13 could be for patching the Towel Root exploit.
(I am waiting for the actual fix from Motorola, and see if there is complaints on this versions - there were so many pissed-off users on Verizon forums concerning the version I used.)
Dr. Mario said:
If you think I am the only one who have this problem: partly correct and incorrect - my phone is of third Revision (MSM8960 with HkMG process, thus doesn't like extra voltage pushed by the particular kernel), and there are so many people having the same problems. Verizon have been dealing with this out of frustration. And like anything, it's a matter of time.
And, I used Samsung charger that's rated for 750mA current and yet charging on stock Verizon Kit Kat image have been sluggish. Whenever I used my phone, it have been warm no matter what.
And, I am not going to gamble on obviously broken Kit Kat image anymore. My phone is cool to the touch on Jelly Beans ROM, by the way.
Click to expand...
Click to collapse
It seems to be a mixed bag...Some have problems, some don't. Some have only a couple of problems while others have all the problems. Just a all around lousy update:laugh:
Has anyone tried using a thermald config file? I haven't encountered this problem so I can't test. We have 13 files, most of which aren't even for our phone, but thermald doesn't seem to be getting called with anything. I see it set some max temperature to 65C over and over in the logcat, but my phone hot enough for thermald to do anything (or it never does do anything).
/etc/thermald-8960.conf seems like the best bet. Someone could try "thermald -c /etc/thermald-8960.conf", but you may have to kill the current thermald (which gets restarted immediately, dunno how to fix). It's possible if you copied the file to /etc/thermald.conf it would automatically pick it up when it gets restarted.
Wait a minute. It could be the most likely suspect. Luckily, I have an unzipped TWRP backup so I can find that file and study it. I also will pull that outta Jelly Beans distro to see if there is deviations between the files. And, I do indeed remember trying to force the CPU temperature governor in the tweaker app, it sometimes stick, and other time it won't.
EDIT: There is some difference in there. In Jelly Beans, thermald-8960.conf is simply labeled as thermald.conf - try renaming it, remove the other thermald configuration files (back them up) and restart thermald daemon - see what you get from it. * Yup, definitely thermald.conf - I checked in init.qcom.thermal_conf.sh file. Rename thermald-8960.conf to thermald.conf.
I wasn't aware there was another soak test out. Does that mean moto is trying to fix the kk problems? Or are they more likely trying to relock our phones? Or are they trying to ruin our phones' performance so we jump to newer models
I was hoping to get at least another 6 months out of my RAZR m, but I may have to switch to the xperia z1 compact.
Sent from my XT907 using XDA Free mobile app
They're fixing their Epic Fails due to sheer numbers of returned phones. And there is a rude awakening awaiting: they have TowelRoot fix (doubtful of BL patching though but time will tell). Whoever have unlocked BL will not have to worry about the anti-root fixes as it's easier to bypass that.
AFAIK someone has already looked at the .14 tz and it's no longer exploitable. Soo even if a new root exploit came out unlocking will be over for anyone who missed the window.
Edit... Thought about it a minute more... The bl patching you were talking about had nothing to do with unlocking did it?
Sorry for the mispost
If the bootloader exploit is re-patched, it would be a big OUCH. If your phone already have unlocked bootloader, you don't have to have the cold sweats, as the TZ patch won't touch upon the fact it's already unlocked because RAZR M retail and developer edition versions shares 100% of the same source codes except for changes in Developer Edition one (less bloatwares except for BIOS - bootloader - they're the same for all purposes and intentions).
For those of you that are having heat issues, try disabling mpdecision. Either using a app like Trickster MOD or using a root explorer.
Navigate to:
Code:
/system/bin/mpdecision
And rename it to:
Code:
mpdecision.bak
Then reboot.
For those of you that don't know what mpdecision is, here is a write up that explains how it works and how it can cause heat issues.
(It's for the Nexus 4 but the point still stands.)
http://www.reddit.com/r/nexus4/related/158t1i/custom_kernels_a_guide_on_what_you_need_to_know/
ATTACK said:
For those of you that are having heat issues, try disabling mpdecision. Either using a app like Trickster MOD or using a root explorer.
Navigate to:
Code:
/system/bin/mpdecision
And rename it to:
Code:
mpdecision.bak
Then reboot.
Click to expand...
Click to collapse
Thanks for the info. for those of us that don't know, can you explain what this does?
tronjojo said:
Thanks for the info. for those of us that don't know, can you explain what this does?
Click to expand...
Click to collapse
I added a link in my previous post.
http://www.droid-life.com/2014/08/0...nt-on-dan-rosenbergs-trustzone-vulernability/
We should probably avoid any update that pops up for our devices. I don't understand why they would even care about the bootloader unlock as long as they are selling phones.
Sorry if this is Off Topic.
Sent from my DROID RAZR M using XDA Free mobile app
Related
I just got a G2 as a replacement for my MT4g (not by my choice, by the choice of tmobile customer service, i guess after replacing 3 phones in a 90 period they are forced to replace with a different phone. MT4G had burnt out pixels, the second one also had burnt out pixels and the third one they sent me wouldn't even boot up as it was stuck in a permanent boot loop, hence I have arrived at the G2)
ANYWAYS the battery seems to drain like an absolute champ. My MT4G battery life wasn't that great but this G2 is awful. My question is: why would "Android System" be using the most battery on my battery usage report? It is using anywhere between 40% and 70% of my battery usage, even more than the display and that is during times when I'm mostly watching youtube or intentionally leaving the screen on.
For instance: After 2 hours off the charger the battery is at 74%, the top thing in the battery report is "android system" and that is 43% and the "CPU total" for android system is only 3m 4s. I just don't know what could be causing all the battery usage...
Also, with wi-fi calling enabled how come the "cell standby" is still draining battery? On my MT4G the cell standby would only show up if I was not using wifi calling (which happens to be most of the time).
I noticed this problem too. It sucks. The thing I did was root my phone and flash a custom ROM, which in this case is a stock gingerbread build with some "icing". Not sure if it's a 2.2 thing, but Android System just seems to sap the battery. On 2.3, the biggest draw now seems to be the display by far, but overall battery life is way better than the official stock 2.2 that shipped on the G2. So yeah... root that sucker!
killswitch11 said:
I noticed this problem too. It sucks. The thing I did was root my phone and flash a custom ROM, which in this case is a stock gingerbread build with some "icing". Not sure if it's a 2.2 thing, but Android System just seems to sap the battery. On 2.3, the biggest draw now seems to be the display by far, but overall battery life is way better than the official stock 2.2 that shipped on the G2. So yeah... root that sucker!
Click to expand...
Click to collapse
I am thinking I will probably have to do this. I see you use the Virtuous G-lite ROM which is the one I was considering using. My other question is what (and where) do I get the "radio" files from? I assume that they are just like drivers/firmware for the radios inside the phone but do I have to get them separately from the ROM? and if so, from where and how do I install them?
Also, what is the method for rooting that will be least likely to brick my phone. I saw something on the main G2 forum about not using visionary but then what is the best/easiest method for rooting it?
Thanks in advance.
As to rooting, I used this method here: http://forum.xda-developers.com/showthread.php?t=928160
This uses Visionary to gain temp root and g-free to perm root. It is very safe provided you have a US G2 and are not trying to root the new "official" 2.3 update that is lurking out there. Visionary is dangerous for trying to perm root so don't try that. Just follow the instructions to the letter and you'll be fine. Even flashing the hboot is safe with this method since it runs scripts instead of having to manually type things in, leaving room for errors that could brick your phone. Once rooted, make a backup of you stock image and try some ROMS out. Virtuous G-lite is nice... I like it. I also really like CM7, and I'd advise trying it. I just can't use it since it breaks my GPS. That doesn't happen to everyone though so you may get lucky.
Radios are found here: http://forum.xda-developers.com/showthread.php?t=970809
Flashing a new radio using the PCIMG method is pretty safe, but its generally not advised to mess with that unless you need to. A new radio is not necessary unless you are experiencing some reception or GPS issues. I would root first, flash a ROM, and look at the performance. If everything is legit, then I wouldn't sweat flashing a new radio just yet.
killswitch11 said:
As to rooting, I used this method here: http://forum.xda-developers.com/showthread.php?t=928160
This uses Visionary to gain temp root and g-free to perm root. It is very safe provided you have a US G2 and are not trying to root the new "official" 2.3 update that is lurking out there. Visionary is dangerous for trying to perm root so don't try that. Just follow the instructions to the letter and you'll be fine. Even flashing the hboot is safe with this method since it runs scripts instead of having to manually type things in, leaving room for errors that could brick your phone. Once rooted, make a backup of you stock image and try some ROMS out. Virtuous G-lite is nice... I like it. I also really like CM7, and I'd advise trying it. I just can't use it since it breaks my GPS. That doesn't happen to everyone though so you may get lucky.
Radios are found here: http://forum.xda-developers.com/showthread.php?t=970809
Flashing a new radio using the PCIMG method is pretty safe, but its generally not advised to mess with that unless you need to. A new radio is not necessary unless you are experiencing some reception or GPS issues. I would root first, flash a ROM, and look at the performance. If everything is legit, then I wouldn't sweat flashing a new radio just yet.
Click to expand...
Click to collapse
Thanks, it looks easy enough. What benefit does flashing the h-boot give me, just for curiosity's sake?
Honestly, I'm not the best person to answer that question. From what I understand, it makes it easier to recover if you somehow end up in a boot loop or something at some point. One of the more technical members may be able to better answer that question. I just did it since its generally advised to do, just something to be cautious about since one slight typo error can be fatal. But the scripts negate that danger so I don't see a reason not to flash it.
killswitch11 said:
Honestly, I'm not the best person to answer that question. From what I understand, it makes it easier to recover if you somehow end up in a boot loop or something at some point. One of the more technical members may be able to better answer that question. I just did it since its generally advised to do, just something to be cautious about since one slight typo error can be fatal. But the scripts negate that danger so I don't see a reason not to flash it.
Click to expand...
Click to collapse
Ok thanks, one last question you might know the answer to: is there a way to revert everything back to stock? Like, for instance, if i need to send it in for warranty repairs or get it replaced?
If you search the forums, there are guides on how to revert back to stock. Or you could always flash the official 2.3 update that will turn S-off, install gingerbread, and bring everything back to stock. But the official 2.3 image is not rootable at this point so that would be a last ditch thing.
killswitch11 said:
If you search the forums, there are guides on how to revert back to stock. Or you could always flash the official 2.3 update that will turn S-off, install gingerbread, and bring everything back to stock. But the official 2.3 image is not rootable at this point so that would be a last ditch thing.
Click to expand...
Click to collapse
I did it. Got virtuous g-lite working like a champ. much better...everything actually, but especially better battery life. thanks for your help!
***This is not a bootloader unlock. This is only a discussion about a possible bootloader unlock***
So I've been following this blog for the past couple of weeks. The owner of the blog describes an exploit to run arbitrary code in trustzone kernel in msm8974 chipsets (post1, post2, post3).
Trustzone is responsible for stuff like android keystore, decoding audio and video with DRM and has absolute control over every bit of hardware inside the chipset.
Most importantly the Qfuses checked by the bootloader to determine if it's unlocked or not.
Now, I've been looking at the deassemblies of trustzone images extracted from firmware versions 4.3.6, 3.5 AT&T, 3.6.2T-MobileDE.
The bug caused this exploit is in fact fixed in firmware 4.6.3. I didn't test 4.6.1 because probably it is fixed.
Anyway, In firmware versions 3.5 and 3.6.2 the bug is still present. Meaning that we would probably be able to run arbitrary code on the devices with old firmware, or if we can downgrade our phones to 3.6.2 firmware.
The first problem we have is, the exploit needs a slight kernel driver modification to run. (that is if we are not going to use his "zero write primitive" to blow a Qfuse).
But in our devices we can't even boot a custom kernel! (fastboot kernel hotbooting complain even if you pass a signed boot image, saying "boot not allowed in locked HW").
So we might need to find a way to use "kexec" to hotswap a kernel at runtime. Which in turn might need a modified kernel module to be loaded.
We still don't know if we can load unsigned kernel modules to the stock kernel.
The next problem is to find the correct Qfuse to blow, If we blow a wrong one, We can say our device goodbye.
This would need an analysis of aboot partition image (emmc_appsboot.mbn) to find which Qfuse aboot check for bootloader unlocked. (take a look here to know more about this)
So a very simple outline of what we have to do is,
1)Find a way to downgrade to firmware/trustzone 3.6.2
2)Get kexec to run a custom kernel
3)Run the trustzone exploit to blow the correct Qfuse
Now, I'm not very good at reverse engineering stuff since I'm still a newbie, I need help from everyone.
Reply if you have any ideas and contributions. any kind of feedback is appreciated.
Hello @madushan1000,
Here seemed an appropriate place to reply to your PM
Some points to consider:
- Safestrap doesn't use kexec, it uses 2nd init which hijacks the boot process to load a different ramdisk
- Therefore you won't be able to use anything from Safestrap including 2nd init to enable loading a new kernel
- Also note kexec is not enabled on stock kernel builds so at least the exec part is out the window.
- I checked the aboot of 3.5.x and 4.6.1 and noted that the exploit used on the Kindle HDX tabs to bypass/unlock the bootloader have been patched up.
- Other than that: It seems the bootloader is going to remain locked on our devices - Though I hope I am wrong.
More info on the trustzoon exploit can be found in the posts I linked above.
Anyway, I don't think we can use HDX bugs even if the aboot bug was present because there is no unlock partition found on the device and flashing to any kind of partition is absolutely prohibited.
We are going to do what described in this post (http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html) using the trustzoon exploit.
As per kexec, there is a kexec kernel module developed at Xperia forums, I can try to port it to fire phone. Probably wouldn't be too hard because it was built for msms8974 kernel too.
Anyway, Does anyone had gone back to 3.6.2 from 4.6.1 without bricking the device?
Wow, I just found out you can't load unsigned kernel modules too.
madushan1000 said:
***This is not a bootloader unlock. This is only a discussion about a possible bootloader unlock***
So I've been following this blog for the past couple of weeks. The owner of the blog describes an exploit to run arbitrary code in trustzone kernel in msm8974 chipsets (post1, post2, post3).
Trustzone is responsible for stuff like android keystore, decoding audio and video with DRM and has absolute control over every bit of hardware inside the chipset.
Most importantly the Qfuses checked by the bootloader to determine if it's unlocked or not.
Now, I've been looking at the deassemblies of trustzone images extracted from firmware versions 4.3.6, 3.5 AT&T, 3.6.2T-MobileDE.
The bug caused this exploit is in fact fixed in firmware 4.6.3. I didn't test 4.6.1 because probably it is fixed.
Anyway, In firmware versions 3.5 and 3.6.2 the bug is still present. Meaning that we would probably be able to run arbitrary code on the devices with old firmware, or if we can downgrade our phones to 3.6.2 firmware.
The first problem we have is, the exploit needs a slight kernel driver modification to run. (that is if we are not going to use his "zero write primitive" to blow a Qfuse).
But in our devices we can't even boot a custom kernel! (fastboot kernel hotbooting complain even if you pass a signed boot image, saying "boot not allowed in locked HW").
So we might need to find a way to use "kexec" to hotswap a kernel at runtime. Which in turn might need a modified kernel module to be loaded.
We still don't know if we can load unsigned kernel modules to the stock kernel.
The next problem is to find the correct Qfuse to blow, If we blow a wrong one, We can say our device goodbye.
This would need an analysis of aboot partition image (emmc_appsboot.mbn) to find which Qfuse aboot check for bootloader unlocked. (take a look here to know more about this)
So a very simple outline of what we have to do is,
1)Find a way to downgrade to firmware/trustzone 3.6.2
2)Get kexec to run a custom kernel
3)Run the trustzone exploit to blow the correct Qfuse
Now, I'm not very good at reverse engineering stuff since I'm still a newbie, I need help from everyone.
Reply if you have any ideas and contributions. any kind of feedback is appreciated.
Click to expand...
Click to collapse
How do you know there's a bit in the QFPROM dedicated to unlocking the bootloader? Doesn't that seem kind of like an oversight since there's one you blow to lock it in the first place? Blowing a random fuse will just brick your phone and I'll tell you right now there's no bit to unlock it. The bug has been patched for quite a while and even if it did work, I'm doubtful you'd find what you're looking for.
Well, I don't know. That's why this is still work in progress. But still, As pointed out in the original post, the is one qfuse which is blown after first factory flash to mark the device as bootloader locked. Then there is another one (which is not blown in almost all the msm chipsets in case vendor change their mind and offer a unlock in the future) which mark the device as permanently unlockable. Even if this fuse is blown, by gaining arbitrary code execution in trustzoon we might be able to trick the bootloader in to thinking device is unlocked.
Don't worry, I'm not going to start blowing qfuses up blindly. First I'm going to identify if there is such a qfuse at all by looking at the aboot drassembly. Then try reading their values first to verify it is in fact not blown. Then I'm going to blow stuff up when I can afford a new phone
Even before that, I have to find a way to downgrade trustzoon and find a way to load unsigned kernel modules. I have no illusions, I'm very very far away from unlocking this thing.
And which bug you are referring to? The new trustzoon bug I mentioned or the previous trustzoon bug?
kaboom away
madushan1000 said:
Don't worry, I'm not going to start blowing qfuses up blindly. First I'm going to identify if there is such a qfuse at all by looking at the aboot drassembly. Then try reading their values first to verify it is in fact not blown. Then I'm going to blow stuff up when I can afford a new phone
Click to expand...
Click to collapse
With the current fire sale on these phones, you can probably afford to blow up as many as you want. I cannot believe the prices on these babies right now, that is, if you are into Prime, or don't mind reselling the Prime. I am almost ready to buy a third one.
LNRrgB said:
With the current fire sale on these phones, you can probably afford to blow up as many as you want. I cannot believe the prices on these babies right now, that is, if you are into Prime, or don't mind reselling the Prime. I am almost ready to buy a third one.
Click to expand...
Click to collapse
The sad thing is, Amazon prime is not available, let alone fire sales I would definitely love to get my hands on few more.
madushan1000 said:
The sad thing is, Amazon prime is not available, let alone fire sales I would definitely love to get my hands on few more.
Click to expand...
Click to collapse
it's $124.99 in ebay, brand new, prime and warranty.
Yup, ebay has the 32GB and the 64GB for sale right now, with Prime ! Seller is qualitycellz .
litan1106 said:
it's $124.99 in ebay, brand new, prime and warranty.
Click to expand...
Click to collapse
Now $119
Perhaps, after all stock containing Prime is depleted, we will get a bootloader unlock...
Wow, If I only had the money. Wish the stock will hold untill I graduate next month and get a job.
This thread is intended for the Droid Turbo 2. For the lucky Moto X Force owners, this thread shouldn't apply to you.
I think there are some brilliant minds lurking on this forum and I'm hoping there could be some research done to "encourage" the possibility of attaining root and boot loader access on our Droid Turbo 2 Devices.
My approach here is to establish a collection of "Zero Day Bugs". Security flaws found in our devices that would put our OS as risk. As far as I can tell, Google keeps a record database and the media likes to talk about zero-day discoveries. Of course these bugs need to be timely so zero-day flaws found in 2014 or early 2015 likely were patched with the launch of the DT2.
For example, below is a link to a Zero-Day exploit that elevates the privileges of an app. Can something like this be used? Who has the technical expertise to replicate such an exploit? This thread is to talk about these things.
http://perception-point.io/2016/01/...f-a-linux-kernel-vulnerability-cve-2016-0728/
Hopefully this will spur up some traction and help get us root and bootloader.
Exploit found for Turbo 2 that can grant root access
Given the widespread impact of this exploit, it is likely other device owners are going to try to implement this exploit as well. Please post here if you find any implementations for other devices as it may be usable for the Turbo 2.
It has been confirmed that Quadrooter can exploit the Turbo 2: http://www.zdnet.com/article/quadrooter-security-flaws-affect-over-900-million-android-phones/
Four vulnerabilities (CVE-2016-2059, CVE-2016-2504, CVE-2016-2503, CVE-2016-5340)
And just an FYI:
"ALLOW OEM UNLOCKING" DOES NOTHING ON THE DROID TURBO 2
Click to expand...
Click to collapse
windraver said:
This thread is intended for the Droid Turbo 2. For the lucky Moto X Force owners, this thread shouldn't apply to you.
I think there are some brilliant minds lurking on this forum and I'm hoping there could be some research done to "encourage" the possibility of attaining root and boot loader access on our Droid Turbo 2 Devices.
My approach here is to establish a collection of "Zero Day Bugs". Security flaws found in our devices that would put our OS as risk. As far as I can tell, Google keeps a record database and the media likes to talk about zero-day discoveries. Of course these bugs need to be timely so zero-day flaws found in 2014 or early 2015 likely were patched with the launch of the DT2.
For example, below is a link to a Zero-Day exploit that elevates the privileges of an app. Can something like this be used? Who has the technical expertise to replicate such an exploit? This thread is to talk about these things.
http://perception-point.io/2016/01/...f-a-linux-kernel-vulnerability-cve-2016-0728/
Hopefully this will spur up some traction and help get us root and bootloader.
Click to expand...
Click to collapse
Could be used on a Terminal Simulator and get the bootloader lock transistor to break safety.
But honestly, my first thought would be to force into QHSUSB_DLOAD and somehow inject all XT1580 stuff to get it recognized as such.
I have installed one-click root (I got it through another site, not from them) and it sometimes says failed to root, but other times, it goes through the process, says it's done and to reboot, but when rebooting it does not have root. I have tried running other apps, like King Root, or Root Genius, or half a dozen others to get it to root, after getting one-click to say it has rooted it. Not sure if this will help or not, and honestly, I'm to the point, I'm ready to give up and do something different. I WILL NEVER buy another Verizon phone, ever! I may not drop them as a carrier, but I wont be keeping their crappy locked junk.
brannonwj said:
rant
Click to expand...
Click to collapse
From what I understand, this thread is for brainstorming. Not ranting about how you didn't do your research.
not a rant
Techn0Luigi said:
From what I understand, this thread is for brainstorming. Not ranting about how you didn't do your research.
Click to expand...
Click to collapse
That wasn't a rant about how I didn't do any research. IT was a what I did that might lead to someone having an idea of how it might help.
Don't be a jerk.
mr_verystock said:
Could be used on a Terminal Simulator and get the bootloader lock transistor to break safety.
But honestly, my first thought would be to force into QHSUSB_DLOAD and somehow inject all XT1580 stuff to get it recognized as such.
Click to expand...
Click to collapse
Can you explain the QHSUSB_DLOAD more?
QHSUSB_DLOAD (Qualcomm High-Speed USB Download Mode)
Man... It's been a while. Haven't had fun with any of this.
The bootloader starts and checks everything. There are 3 stages of the bootloader. 1 starts TZ, 2 something else, by 3 everything is booted and then it loads fastboot. QHSUSB_DLOAD is baked into the hardware. If the bootloader file is missing (.sbn) or doesn't match magic key (.hex) then booting fails. Most of the stuff turn off except for the CPU (in this case, ARM Cortex A53 and A78) and communications (USB interface), and it is stuck at QHSUSB_DLOAD. From there, you can load anything raw into the phone. So you can bring over the partitions that is used to boot (so in this case, you may be able to bring over something that damages TZ transistor, thereby unlocking bootloader). What you bring over exactly for the bootloader unlock, it hasn't been discovered even with the original Moto X (2013). However, that's how root is done. Bring over the blocks of the OS that contains the root blocks, and the bootloader doesn't know a thing.
Bring over a valid .sbn and .hex file and forcing the phone CPU to reset would bring the phone back from the missing bootloader, and then fastboot loads, followed by the OS (if the Linux core is present, the boot sector there, but that's another topic).
They rooted the phone in China , they sell it rooted!! Here is the link
m.intl.taobao.com/detail/detail.html?id=521809261322&spm=0.0.0.0
mr_verystock said:
QHSUSB_DLOAD (Qualcomm High-Speed USB Download Mode)
Man... It's been a while. Haven't had fun with any of this.
The bootloader starts and checks everything. There are 3 stages of the bootloader. 1 starts TZ, 2 something else, by 3 everything is booted and then it loads fastboot. QHSUSB_DLOAD is baked into the hardware. If the bootloader file is missing (.sbn) or doesn't match magic key (.hex) then booting fails. Most of the stuff turn off except for the CPU (in this case, ARM Cortex A53 and A78) and communications (USB interface), and it is stuck at QHSUSB_DLOAD. From there, you can load anything raw into the phone. So you can bring over the partitions that is used to boot (so in this case, you may be able to bring over something that damages TZ transistor, thereby unlocking bootloader). What you bring over exactly for the bootloader unlock, it hasn't been discovered even with the original Moto X (2013). However, that's how root is done. Bring over the blocks of the OS that contains the root blocks, and the bootloader doesn't know a thing.
Bring over a valid .sbn and .hex file and forcing the phone CPU to reset would bring the phone back from the missing bootloader, and then fastboot loads, followed by the OS (if the Linux core is present, the boot sector there, but that's another topic).
Click to expand...
Click to collapse
I'd like to see a Verizon phone rooted. That is the version I have and most in the U.S. have as well.
Sent from my XT1585 using Tapatalk
I finally updated my Turbo 2, losing hope on a root exploit.
Then I read this.
http arstechnica dot com/security/2016/06/godless-apps-some-found-in-google-play-root-90-of-android-phones (sorry, longtime lurker, just registered, can't post links)
It might lead to nothing, but maybe for those who haven't updated an exploit can be found with the godless apps?
The godless app is a hack that steals your data. If it did work, (which from what I understand it only works on 5.1 and below) you'd risk your personal and financial data being stolen and sold.
Alaadragonfire said:
They rooted the phone in China , they sell it rooted!! Here is the link
m.intl.taobao.com/detail/detail.html?id=521809261322&spm=0.0.0.0
Click to expand...
Click to collapse
Any luck in contacting the seller on how it is rooted?
I'm sure they use stolen Lenovo/Motorola factory development "engineering" software which unlocks the bootloader. It's the same phone as the Moto X Force but with locked down bootloader.
There were similar Droid Turbo phones being sold with unlocked bootloader a year ago in China, months before the Sunshine exploit was found.
gizzardgulpe said:
I finally updated my Turbo 2, losing hope on a root exploit.
Then I read this.
http arstechnica dot com/security/2016/06/godless-apps-some-found-in-google-play-root-90-of-android-phones (sorry, longtime lurker, just registered, can't post links)
It might lead to nothing, but maybe for those who haven't updated an exploit can be found with the godless apps?
Click to expand...
Click to collapse
I dont have my dt2 but link to one of the apps in case someone wants to try
https://apkpure.com/summer-flashlight/com.foresight.free.flashlight?hl=en
I'm usually just lurking here and grab Roms and exploits when they pop up, but I have something to add. Has anyone unlocked the developer settings? There's a toggle named 'oem unlocking' with a subtext of 'allow the bootloader to be unlocked'. Does this mean the bootloader can be unlocked? Last Verizon phone I had was a g3 and only way to gain a faux unlock was to use 'bump' to install twrp. Could this be possible with the turbo 2? I'm not a coder or anything, but just trying to add to the think tank here
This setting does nothing.
damkol said:
This setting does nothing.
Click to expand...
Click to collapse
There really should be a sticky saying "ALLOW OEM UNLOCKING DOES NOTHING ON THE DT2"
Droid turbo 2
After spending countless hours trying to unlock my bootloader to root my phone I'm at an impasse I've been told the Verizon and at&t models arnt able to be unlocked I will keep trying to get around this to root and install custom roms if anyone has any tips
Rhydenallnight said:
After spending countless hours trying to unlock my bootloader to root my phone I'm at an impasse I've been told the Verizon and at&t models arnt able to be unlocked I will keep trying to get around this to root and install custom roms if anyone has any tips
Click to expand...
Click to collapse
Crack the case, hook up some leads (microscope) and dump the memory for the boot loader is the only thing I can think of. Don't know if the that is even possible with that memory. It's probably integrated with other stuff.
Sent from my XT1585 using Tapatalk
Update: Oh yeah, it's encrypted. Guess that won't work.
Found something. Does anyone know if this vulnerability exists on the Droid Turbo 2?
CVE-2015-1805
http://www.computerworld.com/articl...itical-android-root-vulnerability-itbwcw.html
There is a proof of concept out there. Has anyone tried it?
https://github.com/dosomder/iovyroot
Hi All,
I was reading the news and came accross a recent article stating that there is way of having root access to old android devices that are preety much out of luck for futre security updates. I thought a developer can take a look and see if note 4 at&t can have root.
Article: http://arstechnica.com/security/201...tflips-to-root-android-phones-is-now-a-thing/
How I wish we could get one..possibly a glimmer of hope for us..
Tried the app, says closest thing to my phone is an S5 Plus..
I got the same thing. What does your actual output say? We should cut and paste our logs.
I assume it says S5 Plus due to the fact that both phones have a SD 805. Hopefully this actually leads to root. Another bug called Dirty Cow was also found. Maybe that will lead to root too. Hopefully.
I'm not a Dev, and this might even be an irrelevant post as it's coming from a different device, but it looks like they've managed to install TWRP on their device - previously not possible, using the Dirty Cow exploit..
http://forum.xda-developers.com/showpost.php?p=69312919&postcount=148
Maybe we can have something like that?
I dunno... I'm still of the mind that N4 will NEVER be root-possible because of the device's utilization with government contracts. I have given up on rooting this thing, and with N7 having been recalled, I'm awaiting N8, and hoping it doesn't start blowing up!
Sent from my SAMSUNG-SM-N910A using XDA Premium HD app
can anyone help me with something?
I've been keeping up on the progress they have been making with dirty cow. As of right now they can get the exploit to run and create a root shell, but after doing so they are losing read/write access and are being left with a read-only access. It's looking they they are probing into finding the right process the disrupt to keep the rw access so they can change selinux.
If they can manage to pull it off, which given how much progress they have made since it was announced, we will get root, but we will not be able to flash custom roms due to the locked bootloader. We will be probably be able to clean the bloat out and other system tweaks. The only downside so far is if you upgrade to 6.0+ this will most likely not work due to the enforced boot security check.
Hope they do find a way to get root using Dirty Cow..but then, I don't think I'd be willing to trade off MM to root at this point, since we cant flash custom ROMs anyways..
But if they can get it to work on MM, I'd be willing to try it out..
I'm looking for the PIT files for Sprint's Note 4. Or does anyone know if the PIT for SM-N910F will work. Is the (F) version compatible in all of the Sprint versions. I.E. when looking for Sprint programs there is no SM-N910(P) but always a SM-N910(F). Is it safe to use the F version? Or is there a safe way to update/redo the bootloaders? I flashed some bad files with Odin right around the BOB7 udate and my device has been spinning in circles around that since. Even if I go full stock and Odin the latest firmware my device is set back to that period from a protected file that is in between bootloaders. I can't touch it. The closest I can get is with a terminal command from TWRP [/sbin/recovery] I can then chmod the files and erase or do whatever with them but they are restored in cold boot. Even after flashing the official firmware it reverts to the files from BOB7. What's really crazy is I'm running stock firmware so can not use xposed but if I mount data and system wipe and then run uberwipe my device will boot with xposed apps functional. It is as if I am running two ROMS one that can not be removed or changed. I can see it happening but not from where exactly. In cold boot it loads the RO biuld from /dev/block/platforms/msm_scc1.by_name/hidden. I can find everything but the hidden. In the stock recovery logs it says the command to fix it is wipe_data_crypto but I can't accomplish it. Any suggestions?
PIT for Sprint Note 4 is here:
http://www.sammobile.com/forum/showthread.php?p=137840 No links are permitted by the developer; please respect that.
Not experiencing what you have and not attempting to fix what isn't broken, can't say what works but from what you describe, it sounds like you may have attempted to flash an older bootloader which isn't advised.
You may consider it's risky to try to undo that but first verify your reactivation lock is disabled. If your eMMC is OK, it might be OK to try to Odin PIT with repartition and nand erase all with an acceptable tar OG5 or higher loaded in AP slot. Always use PIT for repartition but only use if needed. And use at your own risk.
No guarantee but consider the risk and IF you have an issue with boot after Odin, you may need to factory reset in stock recovery and try the stock tar again (it's important to try that first without panicking). Always power down and pull battery before flashing stock tar. Also make sure you have ample battery charge. These days, 80% is recommended because there's a lot of weak batteries out there. Consider a new battery if older than 12 months or requiring frequent charging or phone shuts down before 0%. (I don't recommend full discharge, just that some batteries start shutting down around 20% when going bad. It only gets worse after that.)
Sent from my SM-N930P using Tapatalk
samep said:
PIT for Sprint Note 4 is here:
http://www.sammobile.com/forum/showthread.php?p=137840 No links are permitted by the developer; please respect that.
Not experiencing what you have and not attempting to fix what isn't broken, can't say what works but from what you describe, it sounds like you may have attempted to flash an older bootloader which isn't advised.
You may consider it's risky to try to undo that but first verify your reactivation lock is disabled. If your eMMC is OK, it might be OK to try to Odin PIT with repartition and nand erase all with an acceptable tar OG5 or higher loaded in AP slot. Always use PIT for repartition but only use if needed. And use at your own risk.
No guarantee but consider the risk and IF you have an issue with boot after Odin, you may need to factory reset in stock recovery and try the stock tar again (it's important to try that first without panicking). Always power down and pull battery before flashing stock tar. Also make sure you have ample battery charge. These days, 80% is recommended because there's a lot of weak batteries out there. Consider a new battery if older than 12 months or requiring frequent charging or phone shuts down before 0%. (I don't recommend full discharge, just that some batteries start shutting down around 20% when going bad. It only gets worse after that.)
Sent from my SM-N930P using Tapatalk
Click to expand...
Click to collapse
Yes I'm getting ready to flash bootloaders big AF. I will two the pit files first but if that doesn't work I've got a list. Involves downgrading to kit kat, rooting with auoto root (can't screw me thrice) running triangle away to lose the warranty bit, installing xposed and wanam so as to make it read official. Once samsungs stuff isn't all a scared anymore I delete the /dev/block/platform/msm1_byname/hidden/rape the dumbass that used to trust developers he didn't know until he knew better and the rape was done.
I'm not really looking to flash boot loaders per say. I realized that you can only install a newer version and I TiVo I'm out of updates if I need a new bootloader. Just went to erase the obtrusive piece of poo hidden in between the 2 bootloaders. I'm not even sure theres supposed to be 2 bootladers. I look at samsuny stock firmware it's nothing like the billithera of extra stuff I have on my device. Can't say for sure who caused it because I did some retarded stuff when I was even greener than I am now. But whether it be auto root or srs unlock that super su is obtrusive as it gets. The purpose of root was flee me the user to gain access tip everything. The whole limiting the user and granting permission to every creepy fook on this planet to stock me and my kids is not what I had in mind. These people are so adamant about their creepy stalking not only is my devices esp network cut by 90% they do dangerous stuff like hidden robuilds that has a value of 1 where the radio don't shut off I airplane mode.
samep said:
PIT for Sprint Note 4 is here:
http://www.sammobile.com/forum/showthread.php?p=137840 No links are permitted by the developer; please respect that.
Not experiencing what you have and not attempting to fix what isn't broken, can't say what works but from what you describe, it sounds like you may have attempted to flash an older bootloader which isn't advised.
You may consider it's risky to try to undo that but first verify your reactivation lock is disabled. If your eMMC is OK, it might be OK to try to Odin PIT with repartition and nand erase all with an acceptable tar OG5 or higher loaded in AP slot. Always use PIT for repartition but only use if needed. And use at your own risk.
No guarantee but consider the risk and IF you have an issue with boot after Odin, you may need to factory reset in stock recovery and try the stock tar again (it's important to try that first without panicking). Always power down and pull battery before flashing stock tar. Also make sure you have ample battery charge. These days, 80% is recommended because there's a lot of weak batteries out there. Consider a new battery if older than 12 months or requiring frequent charging or phone shuts down before 0%. (I don't recommend full discharge, just that some batteries start shutting down around 20% when going bad. It only gets worse after that.)
Sent from my SM-N930P using Tapatalk
Click to expand...
Click to collapse
I appreciate the advice. I hope to avoid allot with the PIT. That's what flashfire back up says it needs. Shutting the phone of is a good idea. The recovery log was actually making fun of me for not. Along with the simple command I needed to open /sbin/recovery then wipe cane and data crypto. The /sbin/recovery was an eye opener (try it from the emulator in twrp to see if root has crippled you. The thing is most of us use a universal supersu update to reinstall and that is not good. That is written to take out the marines if that's what it takes to accomplish root. Remember the food old days when superuser binary was a line compatible with your cu?
Anyways another good command people don't know is if odin fails don't pull the battery. I put am s4 tip sleep forever that way. volumedwn home and power reatart the bootloader and wipe the cache for the software out is rejecting.
Yes I'm getting ready to flash bootloaders big AF. I will two the pit files first but if that doesn't work I've got a list. Involves downgrading to kit kat, rooting with auoto root (can't screw me thrice) running triangle away to lose the warranty bit, installing xposed and wanam so as to make it read official. Once samsungs stuff isn't all a scared anymore I delete the /dev/block/platform/msm1_byname/hidden/rape the dumbass that used to trust developers he didn't know until he knew better and the rape was done.
I'm not really looking to flash boot loaders per say. I realized that you can only install a newer version and I TiVo I'm out of updates if I need a new bootloader. Just went to erase the obtrusive piece of poo hidden in between the 2 bootloaders. I'm not even sure theres supposed to be 2 bootladers. I look at samsuny stock firmware it's nothing like the billithera of extra stuff I have on my device. Can't say for sure who caused it because I did some retarded stuff when I was even greener than I am now. But whether it be auto root or srs unlock that super su is obtrusive as it gets. The purpose of root was flee me the user to gain access tip everything. The whole limiting the user and granting permission to every creepy fook on this planet to stock me and my kids is not what I had in mind. These people are so adamant about their creepy stalking not only is my devices esp network cut by 90% they do dangerous stuff like hidden robuilds that has a value of 1 where the radio don't shut off I airplane mode.
samep said:
PIT for Sprint Note 4 is here:
http://www.sammobile.com/forum/showthread.php?p=137840 No links are permitted by the developer; please respect that.
Not experiencing what you have and not attempting to fix what isn't broken, can't say what works but from what you describe, it sounds like you may have attempted to flash an older bootloader which isn't advised.
You may consider it's risky to try to undo that but first verify your reactivation lock is disabled. If your eMMC is OK, it might be OK to try to Odin PIT with repartition and nand erase all with an acceptable tar OG5 or higher loaded in AP slot. Always use PIT for repartition but only use if needed. And use at your own risk.
No guarantee but consider the risk and IF you have an issue with boot after Odin, you may need to factory reset in stock recovery and try the stock tar again (it's important to try that first without panicking). Always power down and pull battery before flashing stock tar. Also make sure you have ample battery charge. These days, 80% is recommended because there's a lot of weak batteries out there. Consider a new battery if older than 12 months or requiring frequent charging or phone shuts down before 0%. (I don't recommend full discharge, just that some batteries start shutting down around 20% when going bad. It only gets worse after that.)
Sent from my SM-N930P using Tapatalk
Click to expand...
Click to collapse
by chance i got one of these thats only in qloader9008 you got any ideas on that i am downloading the debrick img from sammobiles rite now. aint really ever had this issue on a samsung only lgs
thanks in advance man
TheMadScientist420 said:
by chance i got one of these thats only in qloader9008 you got any ideas on that i am downloading the debrick img from sammobiles rite now. aint really ever had this issue on a samsung only lgs
thanks in advance man
Click to expand...
Click to collapse
You may have discovered this thread. I haven't had the issue or tried fixing one bricked but marked this thread because of all the theories, examples and links, it seemed a place to start for answers but I couldn't know without experiencing an issue, myself. What works? Don't know.
http://forum.xda-developers.com/showpost.php?p=63848150&postcount=1
It's probably a starting point but nothing new if you've devoted time with success in finding methods to try. It suggests also it could be the eMMC failing which is all too common for Note 4. Either way, if it's just bricked, maybe you recover it. If it's component failure, main board replacement should fix it. Main boards can be found on eBay and Amazon but I think they're all used or remanufactured boards. Samsung repair may be an alternative if you're not to inconvenienced by waiting. Just recently, I got a quote from my local uBreakItIfixIt and the guy said it's not a fixed estimate store to store but he'd only charge $10 to replace a main board in store.
Best wishes for timely procedure or economical repair.
Sent from my SM-N930P using Tapatalk
samep said:
You may have discovered this thread. I haven't had the issue or tried fixing one bricked but marked this thread because of all the theories, examples and links, it seemed a place to start for answers but I couldn't know without experiencing an issue, myself. What works? Don't know.
http://forum.xda-developers.com/showpost.php?p=63848150&postcount=1
It's probably a starting point but nothing new if you've devoted time with success in finding methods to try. It suggests also it could be the eMMC failing which is all too common for Note 4. Either way, if it's just bricked, maybe you recover it. If it's component failure, main board replacement should fix it. Main boards can be found on eBay and Amazon but I think they're all used or remanufactured boards. Samsung repair may be an alternative if you're not to inconvenienced by waiting. Just recently, I got a quote from my local uBreakItIfixIt and the guy said it's not a fixed estimate store to store but he'd only charge $10 to replace a main board in store.
Best wishes for timely procedure or economical repair.
Sent from my SM-N930P using Tapatalk
Click to expand...
Click to collapse
i dont know the problem seems to have been in a update.. playing with it for a while it started charging and turned on and finished a update....
i got a s6 active did the same thing to me just started working i run it for like 6 months no probs
of coarse its on sprints black list just found out due to non payment of ezpay. but ill deal with that on my own as such talks are downed and frowned upon.
man i got this thing for 20 bucks.... even if nothing else my buddy needs a screen for one in his shop. but most def thank you for responding..
too further your post i do all my own repairs ussually the cheapest route currently behind the wheel of a unrootable verizon note 5 and a lgg4 which is rooted but no twrp method available. each i have very little invested in.
I never could find the files. The link was valid, samep, it just refused to let me have them. It turns out it is easier to get them off your own device and I've zero doubt they are for the 32gb Sprint Note 4. At least mine anyways. I tried the down grade to kitkat which would have worked because it downgrades you boatloader at least according to the page. I got a failed md5. So it wouldn't supirise me if these pit files are different than what the stock one was. Hard to tell what you have, for sure, when you are a flash junk that trusts random people on the inter web. At least I was/did. I gave myself this when it was brand new. It was hard to get it going again. I back up worked with plasma kernel then on the next official it was right again, well almost, I've had this problem almost two years now. I went without root for a while so didn't notice.
I
I hope this fixes it. If not I'll find the right files for the kk downgrade. It would be sweet to go back anyways. I'll leave a link in the next thread for the pit.
TheMadScientist420 said:
i dont know the problem seems to have been in a update.. playing with it for a while it started charging and turned on and finished a update....
i got a s6 active did the same thing to me just started working i run it for like 6 months no probs
of coarse its on sprints black list just found out due to non payment of ezpay. but ill deal with that on my own as such talks are downed and frowned upon.
man i got this thing for 20 bucks.... even if nothing else my buddy needs a screen for one in his shop. but most def thank you for responding..
too further your post i do all my own repairs ussually the cheapest route currently behind the wheel of a unrootable verizon note 5 and a lgg4 which is rooted but no twrp method available. each i have very little invested in.
Click to expand...
Click to collapse
Did you fix it? Your right totally worth it for the screen. You can unlock the imei. I only did it once just because some people are so adamant you can't. I like to believe anything is possible. I don't feel bad about getting those non paid because the phone companies are the thieves. Especially in the US. They bury a lot of people locking you down to have a phone and the policy on being to stupid to fix anything is raw. With two kids I paid out a lot of dead phones. It takes rooting one phone to have bested the entire knowledge of tech at sprint. That's the hard part. If they sold parts it would be nothing.
TheMadScientist420 said:
by chance i got one of these thats only in qloader9008 you got any ideas on that i am downloading the debrick img from sammobiles rite now. aint really ever had this issue on a samsung only lgs
thanks in advance man
Click to expand...
Click to collapse
Sent from my SM-N910P using XDA-Developers mobile app
PIT_SM_N910P
https://mega.nz/#!cJREFYqS
Sent from my SM-N910P using XDA-Developers mobile app
planb234 said:
Did you fix it? Your right totally worth it for the screen. You can unlock the imei. I only did it once just because some people are so adamant you can't. I like to believe anything is possible. I don't feel bad about getting those non paid because the phone companies are the thieves. Especially in the US. They bury a lot of people locking you down to have a phone and the policy on being to stupid to fix anything is raw. With two kids I paid out a lot of dead phones. It takes rooting one phone to have bested the entire knowledge of tech at sprint. That's the hard part. If they sold parts it would be nothing.
Sent from my SM-N910P using XDA-Developers mobile app
Click to expand...
Click to collapse
Y3a it just decided it was gonna start workin heck yea.
The battery is trashed on it. Im gonna order one here soon
Ive flashed a few roms on it. Rooted. But everytime i restart it the bat percentage is totally diffrent.. thank you. I got a s6 once same way
Wouldnt do nothing. Plyin with it and decided to boot up.
Again i know talks of bad imeis are not good conversation. But i use cdma workshop and basicly took a old sammy i had that was junk and destroyed it. Took the sticker and rewrite a new iemi. Havent done it yet but. When i get there i know i can.
Ofcoarse now i cant unlock it even if i follow all the guides. Ive tried and tried.
TheMadScientist420 said:
Y3a it just decided it was gonna start workin heck yea.
The battery is trashed on it. Im gonna order one here soon
Ive flashed a few roms on it. Rooted. But everytime i restart it the bat percentage is totally diffrent.. thank you. I got a s6 once same way
Wouldnt do nothing. Plyin with it and decided to boot up.
Again i know talks of bad imeis are not good conversation. But i use cdma workshop and basicly took a old sammy i had that was junk and destroyed it. Took the sticker and rewrite a new iemi. Havent done it yet but. When i get there i know i can.
Ofcoarse now i cant unlock it even if i follow all the guides. Ive tried and tried.
Click to expand...
Click to collapse
There's a couple of ways to calibrate the battery. the easiest is a root app in Play "Battery Calibrator" it resets the stats at 100% Another is *#0228# I believe you calibrate it then let it run all the way dry then charge it to full with the system off. Not too hard to find if you want to give it a shot. It's hard to say what the problem is. I just got a new one because the old was dying at 30%. I use both and they take turns on which one is weak. Neither is a problem with out root. I probably have too much working Or to much stuff in the background.
I've heard that about changing the sticker. i only change the sticker if I used another phone for the screen. It matches what is in the board that way, If you take it in the store to get it activated they may be a little less confused.
I took an S4 that was compiled of 3 previous ones and my daughters that just stoppede working to get activated at sprint. Of course he couldn't. His story the same "When you work on them .. . He was pretty adamant that as it. I couldn't figure out how that affected both of them. So i took it home and activated it myself. Turns out the S4 is a dual band so he generally has a 50% succes rate it will turn on in the mode.
The sticker definitly won't get it activated. I've got an LG3 that was given to me by some who did't care about sprint anymoe that was Imei locked out activated. It was $100 bucks for the server. The server was. It unlocked a s5 also that a jerk sold me was clean. It unlocked it too. It was through verizon so i never activated it. I was trying to flop it to sprint when it disappeard .I unloced my note 4 with it to. The SIM so the APNs aere never locked altough I'm not positve it could have been GTidonetehapp that did it. I did' know what I ws doing, I just like plaing with them. No real reason to unlock a phone you own. Well ther is the hotspot. I'm pretty sure that's how I crumbed up my note and my puter to. I dropped exec files in my win 32 folder and flashed in something with a crazy odin to get my phone unlocked. But again not positive, thier stuff workied so it was just to give my equiment herepes.
planb234 said:
PIT_SM_N910P
https://mega.nz/#!cJREFYqS
My bad. I did not know that there has to be a key for mega. This one should do better.
Fwd: https://www.dropbox.com/sh/b0b3ywj5rbiec7h/AAAUM9TvOLUCDPJXXZTZBd_Ea?dl=0
Click to expand...
Click to collapse
planb234 said:
There's a couple of ways to calibrate the battery. the easiest is a root app in Play "Battery Calibrator" it resets the stats at 100% Another is *#0228# I believe you calibrate it then let it run all the way dry then charge it to full with the system off. Not too hard to find if you want to give it a shot. It's hard to say what the problem is. I just got a new one because the old was dying at 30%. I use both and they take turns on which one is weak. Neither is a problem with out root. I probably have too much working Or to much stuff in the background.
I've heard that about changing the sticker. i only change the sticker if I used another phone for the screen. It matches what is in the board that way, If you take it in the store to get it activated they may be a little less confused.
I took an S4 that was compiled of 3 previous ones and my daughters that just stoppede working to get activated at sprint. Of course he couldn't. His story the same "When you work on them .. . He was pretty adamant that as it. I couldn't figure out how that affected both of them. So i took it home and activated it myself. Turns out the S4 is a dual band so he generally has a 50% succes rate it will turn on in the mode.
The sticker definitly won't get it activated. I've got an LG3 that was given to me by some who did't care about sprint anymoe that was Imei locked out activated. It was $100 bucks for the server. The server was. It unlocked a s5 also that a jerk sold me was clean. It unlocked it too. It was through verizon so i never activated it. I was trying to flop it to sprint when it disappeard .I unloced my note 4 with it to. The SIM so the APNs aere never locked altough I'm not positve it could have been GTidonetehapp that did it. I did' know what I ws doing, I just like plaing with them. No real reason to unlock a phone you own. Well ther is the hotspot. I'm pretty sure that's how I crumbed up my note and my puter to. I dropped exec files in my win 32 folder and flashed in something with a crazy odin to get my phone unlocked. But again not positive, thier stuff workied so it was just to give my equiment herepes.
Click to expand...
Click to collapse
I do my own i jusf activate sim cards the sticker is basicly for my refrance i sell a lot of phones but i keep ones like this for myself. So theres no issues i just swap sims all the time so no need for activations
planb234 said:
I never could find the files. The link was valid, samep, it just refused to let me have them. It turns out it is easier to get them off your own device and I've zero doubt they are for the 32gb Sprint Note 4. At least mine anyways. I tried the down grade to kitkat which would have worked because it downgrades you boatloader at least according to the page. I got a failed md5. So it wouldn't supirise me if these pit files are different than what the stock one was. Hard to tell what you have, for sure, when you are a flash junk that trusts random people on the inter web. At least I was/did. I gave myself this when it was brand new. It was hard to get it going again. I back up worked with plasma kernel then on the next official it was right again, well almost, I've had this problem almost two years now. I went without root for a while so didn't notice.
I
I hope this fixes it. If not I'll find the right files for the kk downgrade. It would be sweet to go back anyways. I'll leave a link in the next thread for the pit.
Click to expand...
Click to collapse
I do believe you have to sign into Sammobile to download files.
The PIT can also be found in the first stock tar for each OS update; the developer I linked says that the PIT hasn't changed. I've seen methods to extract PIT from phone but they don't match md5 when checked. I checked your linked PIT in the post above and it doesn't match either. I wouldn't recommend using that one.
If your phone has ever updated beyond OB7, you can't Odin full stock KitKat tars or OB7 stock tar. The bootloader will block the Odin flash.
Not looking at your phone, it's hard to say what's going on. But I hope the feedback helps. Ask if you have further questions; I'll try to reply, but I haven't experienced what you've having issues with. Best wishes for resolution.
Sent from my SM-N910P using Tapatalk
samep said:
I do believe you have to sign into Sammobile to download files.
The PIT can also be found in the first stock tar for each OS update; the developer I linked says that the PIT hasn't changed. I've seen methods to extract PIT from phone but they don't match md5 when checked. I checked your linked PIT in the post above and it doesn't match either. I wouldn't recommend using that one.
If your phone has ever updated beyond OB7, you can't Odin full stock KitKat tars or OB7 stock tar. The bootloader will block the Odin flash.
Not looking at your phone, it's hard to say what's going on. But I hope the feedback helps. Ask if you have further questions; I'll try to reply, but I haven't experienced what you've having issues with. Best wishes for resolution.
Sent from my SM-N910P using Tapatalk
Click to expand...
Click to collapse
Yeah it didn't work . It just shut down . I'll explain what has going on. Thank you for this post. It's good to know there's more options.
I actually did take a note 4 and s4 back. It dependes on how they upgraded. The bootloader doesn't change in an fota. I could do the s4 again now.
Thanks again for the awesome info.
TheMadScientist420 said:
I do my own i jusf activate sim cards the sticker is basicly for my refrance i sell a lot of phones but i keep ones like this for myself. So theres no issues i just swap sims all the time so no need for activations
Click to expand...
Click to collapse
You don't have to unlock the SIM or anything? Even if you do that's a lot less than getting the imei forgot about. Don't you have to get an msl from a comany. I know it's very possible send easy in free countries but i live in murica. You pay and pay here and the still put a cap on the data. If we're not careful we may use up all that data and then there would be no way to watch us 24-7 just we might go rogue.
A sticker that changes the sim? Details please.
samep said:
You may have discovered this thread. I haven't had the issue or tried fixing one bricked but marked this thread because of all the theories, examples and links, it seemed a place to start for answers but I couldn't know without experiencing an issue, myself. What works? Don't know.
http://forum.xda-developers.com/showpost.php?p=63848150&postcount=1
It's probably a starting point but nothing new if you've devoted time with success in finding methods to try. It suggests also it could be the eMMC failing which is all too common for Note 4. Either way, if it's just bricked, maybe you recover it. If it's component failure, main board replacement should fix it. Main boards can be found on eBay and Amazon but I think they're all used or remanufactured boards. Samsung repair may be an alternative if you're not to inconvenienced by waiting. Just recently, I got a quote from my local uBreakItIfixIt and the guy said it's not a fixed estimate store to store but he'd only charge $10 to replace a main board in store.
Best wishes for timely procedure or economical repair.
Sent from my SM-N930P using Tapatalk
Click to expand...
Click to collapse
I've been trying to reply to this for 2 days. You see it's not the way my phone runs that is the issue it is my network that is completely raped. I can't lose my parasite. I screwed up my bootloader petty bad when I was learning about Samsung. If you ask how to unlock a bootloader the most common answer you get is "you don't, you use auto root". Auto root is as amazing for sure but I can tell there is a lot of people who don't read anything and just do. The the disclaimer is "don't use this with a locked boot loader, you will likely brick your device." As i mentioned I'm a flash junky. I didn't know once you blew the hole in thy boot you only needed a custom recovery forever. I like changing roms so i rooted with it a couple more times. Things for real bad after I ran the kitkat auto root on lollipop. I could use one of my back ups and add plasma kernel for a few months until the next update. Worse than that i flashed a something from an unlock sight with a special version of Odin. I didn't even need to because i had all ready changed the csc to xas so my apns were open. The effects were scary but cool. I got locked out of my phone for awhile except for virtual access on my puter screen. My home network for straight raped after that. I had everything set to home and share because i didn't think there would be even more bored than me so as to waste there life watching my life. There is and they are smart as #. I go in intervals of being angry to amazed. I thought they were gone but no. I was not keen on interweb when i got on here. Now that i could protect myself I can't keep the evil at bay because it lurks in the dark spaces I can't reach. FlashFire says it can remove the seemles. It is incredible to but I don't think so. It definitely can't mine. What's crazy is I've had a couple new bootloaderers since then but it remains. I'm with out root at the moment and am able to look at some of the data and dev were files. I can see the usb files that block adb is in but still no. Even though auto root totally changes the way and where from the device boots, I'm needing to extract or other wise terminate what is probably one card a ftp or smb. I can see in my win logs that if uses a machine to confuse the system in a barrage of security log ins while opening a door for daddy. I had the xml explaing how it's done but then a brand new 125gb card magically went to sleep forever. Some script out there is beyond amazing to me. Virtual net adapters that aren't on top of actual hardware blow my mind. It would have never crossed my mind in a million years they there is going to be a need for antivirus software on hardware like a Bluetooth keyboard.
planb234 said:
You don't have to unlock the SIM or anything? Even if you do that's a lot less than getting the imei forgot about. Don't you have to get an msl from a comany. I know it's very possible send easy in free countries but i live in murica. You pay and pay here and the still put a cap on the data. If we're not careful we may use up all that data and then there would be no way to watch us 24-7 just we might go rogue.
A sticker that changes the sim? Details please.
Click to expand...
Click to collapse
this device had a bad iemi person i got it from said they didnt pay for it on the sprint ezpay.
i checked and that was the truth. so i changed the iemi with another old sammy i had and put the sticker in for my records. so i know what the new iemi is without the device being turned on.
im trying to sim unlock it so i can use it on domestic gsm but no go sofar always invalid sim.
i guess i need to take this dissussion to another thread as so i dont get to far off the orig topic here
@planb234
I'm not following well what you've tried since getting a PIT file. Did you get the PIT file from Sammobile yet? Did you try the latest stock tar? If older ones, which ones fail?
If Odin fails, can you post the log and text on screen?
I believe what you're talking about is not needing to root if flashing a custom ROM. After a stock tar, you could Odin TWRP and flash a custom ROM. Custom ROMs include root and su. If using Chainfire Auto Root for Note 4, make sure to use the right one and latest for Lollipop and Marshmallow. KitKat had its own Auto Root. But the auto root uses a modified stock recovery which may make its use redundant if flashing a custom or even wanting just TWRP for backups if stock rooted.
Some fun facts for you:
The bootloader on Sprint Note 4 is unlocked. Flashing a stock tar will un-root it. Factory reset will cause you to lose systemless root. But flashing a full stock tar successfully will replace the bootloader. If you're trying to flash OB7 or older KitKat stock tar, your bootloader won't be replaced. As far as OTA, it patches existing baseband, bootloader and effected system files and partitions that need patched. Even if it's just a revision number in the update, it gets rolled up to match the update revision. While I feel stock tar updates are full and need no patching, the patching is sequential and should match the Odin'd bootloader and baseband once sequentially rolled up accordingly. So IMO, a patched bootloader is same as newly Odin'd bootloader. I could be wrong about the patching so not necessarily a fact.
I think your problem is unsuccessful flash of full stock tar. A blown eFuse may cause that but from what I've read in past posts of others that had issues back then is that flashing the correct stock tar after full wipe in stock recovery overcomes the flash. It leads me to believe it's only activating reset protection to try to roll the bootloader back to OB7 or KitKat. Maybe I'm wrong but if your phone isn't suffering a hardware issue, you should be able to recover it.
Other bootloaders between OB7 and OG5 like OE1 and OF5 were also exhibiting an inability to downgrade but bootloaders OG5 and up can so far can be downgraded to OG5. I haven't tried downgrading bootloader to OE1 or OF5 though.
I've seen phone info from posters claiming to roll their bootloader back to OB7 or older and they've actually reported a newer bootloader, post OB7.
As far as I know, the only true way to get KitKat ROM to flash and boot is to flash a newer kernel after ROM flash, but prior to initial boot attempt. Currently, I'm only aware of Android 5.1.1 kernel and post OB7 bootloader booting a KitKat ROM after bootloader is updated beyond OB7.
If you're capable of doing otherwise, I'd like to see legit screenshot of phone info or galaxy tools application.
https://play.google.com/store/apps/details?id=org.vndnguyen.phoneinfo
Sent from my SM-N910P using Tapatalk