Related
*** OTADelusion is no longer available ***
Use fastboot flash update instead - guide.
Code:
[B]*** Disclaimer[/B]
If you wish to follow the instructions in this post, you agree that -
* Your warranty is void.
* I do not offer any guarantees that this will work or that it won't cause any
bad side effects.
* You alone are responsible for any damages or other issues that may arise
directly or indirectly because of this.
This has undergone basic testing on multiple devices running supported ROMs, but
again, there are no guarantees. Use it at your own risk.
In particular, OTA updates have not been tested on rooted devices.
Introduction
What Is This?
The FonePad 7 has a very secure stock ROM that is not vulnerable to any known exploit. But fortunately for us, Asus introduced their own vulnerability in it, which we can take advantage of. This is a guide that will help you root your FonePad 7 using that vulnerability.
How Does It Work?
Overplayed, Cool-Sounding Version
OTADelusion exploits multiple critical security vulnerabilities in the over-the-air update mechanism employed by the FonePad 7 -
The update delta packages are delivered to the device through an unencrypted medium.
The device can be configured to use any DNS server and it does not verify DNS query responses.
The package verification process relies on an asymmetric key-pair whose private key is compromised.
A man-in-the-middle attack is performed while downloading an OTA update by forcing the device to use a rogue DNS server which directs the device to connect to a rogue web server. This web server serves malicious update packages with forged cryptographic signatures. These update packages are designed to install a permanent backdoor in the device, allowing the user full access to it.
Down-To-Earth Version
Someone at Asus forgot the 'S' in 'HTTPS'
Someone at Asus forgot to replace the test Android signing key with their own
1 + 2 = Pwnage
What Do I Need To Use It?
A FonePad 7 running a supported version of the stock ROM (check the section below for a list of supported versions)
A working Wi-Fi connection (this will NOT work on 2G or 3G)
Supported ROM Versions
Go to Settings -> About tablet and check the "Build number" field
3.2.2 - NOT supported. Upgrade to 3.2.4
3.2.4 - Supported (WW and TW)
5.1.6 - NOT supported. I need volunteers to help me test.
5.2.2 - Supported (WW)
5.2.5 - NOT supported. May be added in the future. Check this thread for updates.
Click to expand...
Click to collapse
Installation Instructions
Follow these steps -
Read the disclaimer at the top of this post.
Make sure you're connected to a WiFi connection, NOT 2G/3G.
Go to Settings -> About tablet -> System Update and check for updates.
When you see the update prompt, select "NO"
Go to Settings -> Apps -> scroll to the "All" tab -> CMClient
Press the "Force Stop" button
Press the "Clear Data" button
Repeat the above steps with DMClient in the Apps list
Go to Settings -> WiFi -> long press on your network -> Modify Network and follow these steps -
Set IP Settings to "Static"
Note down the values of DNS 1 and DNS 2 somewhere.
Set DNS 1 to <snip>
Make DNS 2 blank
At this point, your Internet connection will stop functioning correctly. This is intended and temporary.
Repeat step 3. If it shows an error, reboot and repeat this step.
Make sure you get an update called "OTADelusion".
Download and install the update.
After reboot, go back to WiFi settings and restore the previous values of DNS 1 and DNS 2.
You now have root. Enjoy! But also be careful - there is currently no way to de-brick this device if you screw up.
Click to expand...
Click to collapse
Changelog
v0.2 - February 27, 2014
Added v5.2.2 WW.
Works on v3.2.4 WW, v3.2.4 TW, v5.2.2 WW.
v0.1 - January 24, 2014
Initial version.
Works on v3.2.4 WW and TW.
Click to expand...
Click to collapse
Thanks To/Credits
Code:
* XDA members (in alphabetical order) d0p3d, eagleofdeath13, fabiocr, Fuad.kh,
Lord Childe and MEHRDAD595, for testing.
* Chainfire, for SuperSU.
* Asus, for leaving one last security hole.
Status
Running an update server costs actual money, so I won't be able to keep it running indefinitely. I expect to be able to keep it running through 2014 at least, but there are no guarantees. It can go offline at any time. The address mentioned may also change at times. This post will be updated if that happens. Server taken down because there is now an offline method.
Current Server Status: Offline
Thanks for the hard work man, hope you are able to solve the other versions as well. :good:
Hey, just a thinking. If Asus can update the "update" app, maybe you can too, and then send any updates (and modification) you want, no?
If it's possible, we have a big posibility in here i think
eagleofdeath13 said:
Hey, just a thinking. If Asus can update the "update" app, maybe you can too, and then send any updates (and modification) you want, no?
If it's possible, we have a big posibility in here i think
Click to expand...
Click to collapse
It's certainly possible, but a much cleaner solution would be to get a working recovery. The bootloader is locked, but it looks like it's not encrypted. There may be a way to make it accept a custom recovery.
But we need someone who's willing to take the risk of possible bricking and test the recovery on their device.
I think that it could be a good idea to open one of our devices, to see if there's some JTAG (or thing like that) to have a fully trustable backup option.
after rooting my ME372CG, can it download upgrading package automatically and upgrade to newer version firmware?
thanks.
qianw said:
after rooting my ME372CG, can it download upgrading package automatically and upgrade to newer version firmware?
Click to expand...
Click to collapse
It hasn't been tested yet. I would suggest you don't, at least until somebody else confirms that it works.
I do suspect that there is some code in the OTA package that triggers a ROM verification in the bootloader, but I'm not sure.
Either way, if somebody's willing to take the risk, let me know. I can make a modified update package that should reduce the risk of bricking.
Hi, Dr. Psycho
Thank you for your quick reply.
I am using 5.2.2 firmware, so need to waiting for next rooting opportunity..
BTW, after rooting, if can't download upgrading package automatically, is there any way to flash the package manually (if i can download it from somewhere)?
Dr. Psycho said:
It hasn't been tested yet. I would suggest you don't, at least until somebody else confirms that it works.
I do suspect that there is some code in the OTA package that triggers a ROM verification in the bootloader, but I'm not sure.
Either way, if somebody's willing to take the risk, let me know. I can make a modified update package that should reduce the risk of bricking.
Click to expand...
Click to collapse
qianw said:
BTW, after rooting, if can't download upgrading package automatically, is there any way to flash the package manually (if i can download it from somewhere)?
Click to expand...
Click to collapse
The only way is to do what I'm doing with this guide. You'll need to run a fake DNS server and a web server and fool the tablet into downloading your package. If you're on the latest version of the stock ROM, you'll need to either patch the DMClient app or install a self-signed CA certificate (not through Settings, you'll need to copy it to /system).
This thread has a lot of information for those interested, especially in the last ten or so pages: http://forum.xda-developers.com/showthread.php?t=2514714
EDIT: Just realized you might talking about official updates. Those will be downloadable and installable, but we don't know if it'll work. It might brick your device.
What I wrote above was for custom mods.
This will all become much easier if we get a working recovery.
Yes, I mean official ROM upgrading after rooting. Sorry for the confusing.
I am waiting for Android 4.4, I don't know when Asus can release it for ME372CG. I don't want rooting affect ROM upgrading in the future.
Your answer is quite clear, thanks!
Dr. Psycho said:
The only way is to do what I'm doing with this guide. You'll need to run a fake DNS server and a web server and fool the tablet into downloading your package. If you're on the latest version of the stock ROM, you'll need to either patch the DMClient app or install a self-signed CA certificate (not through Settings, you'll need to copy it to /system).
This thread has a lot of information for those interested, especially in the last ten or so pages: http://forum.xda-developers.com/showthread.php?t=2514714
EDIT: Just realized you might talking about official updates. Those will be downloadable and installable, but we don't know if it'll work. It might brick your device.
What I wrote above was for custom mods.
This will all become much easier if we get a working recovery.
Click to expand...
Click to collapse
Hello all!!!
Dr. Psycho, I confirm your solution is working!!!!.... Thank you very much... I bought the device today, based on your solution to root the phone... Thank you again...
Theodore
Thanks! working great here
I noticed that some JP (as opposed to WW and TW) FonePad 7 users are trying to use my server to root. The JP version isn't supported yet (I didn't even know it existed). I can add it if someone with the JP version could help me get some values from their device. It'll only take a couple of minutes. Send me a private message if you're interested.
To check if you're using the JP version, go to Settings -> About tablet and check the "Build number" field. It should say "JP" somewhere in the middle.
Botto00 rooted the original Fonepad and made it Flash capable. There are several Flash browsers (Photon, Flashfox, Puffin), but because the Flash stream is redirected it's not a good viewing experience. I was wondering If you had any plans to incorporate Flash in your rooting method? I've already taken advantage of your root and maybe it's too late anyhow.
Lord Childe said:
I was wondering If you had any plans to incorporate Flash in your rooting method?
Click to expand...
Click to collapse
Have you tried this?: http://forum.xda-developers.com/showthread.php?t=1931699
Lord Childe said:
I've already taken advantage of your root and maybe it's too late anyhow.
Click to expand...
Click to collapse
If I did come up with patches or ROMs, already having root would't be a problem at all. It shouldn't be too hard to make an app that instructs the bootloader to flash a package like DMClient does. Even if it turns out to be difficult, with root access, I can easily hijack the update-checking mechanism with a self-signed CA certificate and a web server, similar to how we're achieving root right now.
I did in fact have plans to make a recovery or at least an app that would act like a minimalistic recovery and let you flash recovery packages. The problem is, I'd need either a test device or a daring volunteer. And time too - I don't have much of that right now.
Dr. Psycho said:
Have you tried this?: http://forum.xda-developers.com/showthread.php?t=1931699
If I did come up with patches or ROMs, already having root would't be a problem at all. It shouldn't be too hard to make an app that instructs the bootloader to flash a package like DMClient does. Even if it turns out to be difficult, with root access, I can easily hijack the update-checking mechanism with a self-signed CA certificate and a web server, similar to how we're achieving root right now.
I did in fact have plans to make a recovery or at least an app that would act like a minimalistic recovery and let you flash recovery packages. The problem is, I'd need either a test device or a daring volunteer. And time too - I don't have much of that right now.
Click to expand...
Click to collapse
I quite understand time limitations working on stuff like this - I think everyone appreciates the time and effort you've spent on rooting Fonepad 7.
I followed the procedure in the link. Unfortunately, it doesn't work... maybe that fix is for machines that still support Flash.
Would I dare to volunteer? Hmm... now that I've got root I don't think I would risk it.
Lord Childe said:
I followed the procedure in the link. Unfortunately, it doesn't work... maybe that fix is for machines that still support Flash.
Click to expand...
Click to collapse
I'll give it a try when I get my tablet back and see if I can get it to work.
Lord Childe said:
Would I dare to volunteer? Hmm... now that I've got root I don't think I would risk it.
Click to expand...
Click to collapse
I don't blame you. I wouldn't suggest testing unless you really don't care if you brick the tablet.
thumbs up for 5.2.2 :highfive:
USB OTG
Hi, i know this is not the right tread to ask but since there is not forum about our tablet i'll ask here. I have a fonemap 7 ME372GC the 4 GB version (witch by the way doesn't appear on Asus page) and i'm not able to use usb OTG. Is this not possible on our tablets or does mine have something wrong? I have 5.22 rom version andoid 4.3. I use an OTG cable witch is working on my HTC One
Thank you for your help
Let's root it again
Hi Dr. Psycho,
I just got a Asus fonepad 7 model: k00E (ME372CG) and I will put some more data about this device:
- Firmware version: 54.2F
- Android version: 4.2.2
- Baseband version: 1338G_1.12.0_0913
- Kernel version : 3.4.34-00006-gc3b491f
[email protected] #1
Fri Sep 13 21:24:31 CST 2013
- Build number: JDQ39.WW_epad-V3.2.1-20120913
000053_201307241030
It seems as this is the older version of the build then 3.2.4 but it is well WW.
Should I upgrade to version 3.2.4 (and can you explain me how to do this but still to avoid ASUS upgrading to even newest version) or may I try to update this "OTADelusion" update directly with this "old" build number following the instructions ?
And is there any risk of bricking my device with rooting following this method as you stated that there is no way to de-brick Asus fonepad 7 yet ?
Or is there any other (older and safer) way to root this older build version except this "OTADelusion" ?
Thanks in advance !
Cheers !
I just see me there has LG applications, such as video, LGHealth, LGVideoEditor ... are no longer visible on the screen home after being passed version V10E-GLOBAL-SI, yet by going to the file system / app are installed? could someone help me? thank you in advance
ikkifcporto said:
I just see me there has LG applications, such as video, LGHealth, LGVideoEditor ... are no longer visible on the screen home after being passed version V10E-GLOBAL-SI, yet by going to the file system / app are installed? could someone help me? thank you in advance
Click to expand...
Click to collapse
I thought an Android Central review of the Sprint version posted something about this.. I don't have those Apps on the Sprint version in the launcher, I think they said you have to access them through the special launcher page and if you remove the page there is no way to use them. Maybe the firmware update for your version is simply bringing that same setup to your version?
Seems kind of silly though.
RHall1340 said:
I thought an Android Central review of the Sprint version posted something about this.. I don't have those Apps on the Sprint version in the launcher, I think they said you have to access them through the special launcher page and if you remove the page there is no way to use them. Maybe the firmware update for your version is simply bringing that same setup to your version?
Seems kind of silly though.
Click to expand...
Click to collapse
you can find me or post it speaks?
I come from a rom V10A-sea-xx and suddenly no 4g, so I flashed the rom V10E-GLOBAL-SI but I do not see a lg application, on the Home phone
there has something to do right?
http://www.androidcentral.com/10-things-new-lg-g3-owners-need-know
Check out #4.
I think they are reviewing US versions and in some cases the Sprint version in particular which seems to have an updated firmware over most other U.S. carriers.. so its possible your EU version got patched and they removed the icons for yours now as well.
RHall1340 said:
http://www.androidcentral.com/10-things-new-lg-g3-owners-need-know
Check out #4.
I think they are reviewing US versions and in some cases the Sprint version in particular which seems to have an updated firmware over most other U.S. carriers.. so its possible your EU version got patched and they removed the icons for yours now as well.
Click to expand...
Click to collapse
I want to tell you is that I is not no shortcut apllications lg on my phone, while in system / app they are all installed
Hey folks!
I'm trying to research rooting procedures & tutorials and am running into a problem regarding 4.4.2 builds and compatibility. (I'm relatively tech savvy but have never rooted a device)
I have a T520 with Kitkat 4.4.2 build no. KOT49H.T520UEUANI1. The issue is that it seems this build has been available since last year, and somehow it is apparently the latest update (when I check for updates, it tells me this is the latest).
Now, as I understand it when using software like Odin to assist rooting, build compatibility is very important. I cannot find a tutorial with my particular build, or any information on its compatibility with Odin et al. The latest tutorial I can find for a T520 Root is for build KOT49H.T520XXUANAE ( I intended to link the URL but cannot as I'm a new user with less than 10 posts - if you'd like it, I can try typing it out manually). This particular tutorial was last updated on March 23rd of this year, so I assume this build is a later build than the one I am currently running.
It is also very possible I'm simply not comprehending basic information properly, so if there is any clarification or advice you can offer, I'd be happy to take it! Off the top of my head, I see builds mentioned such as KOT49H.T520XXUANI1 and I wonder if the "XX" is just a placeholder for various letters - it seems to be present in many builds, so it makes me curious. Anyhow, I'm very interested in rooting my device but obviously don't want to brick it in the process.
Also, I apologize if this is not the appropriate thread or forum to post in - it seemed the most recently active and relevant at the time of my posting and I didn't seem to find any appropriate answers in the suggested threads mentioned before posting this.
Thanks for reading!
-T
The "XX" is a region code (stands for some regions in Europe). IMO, the only thing matters is the last 3 digits of the build which shows the build date.
Also, as long as you don't care about Knox and warranty, isn't rooting Samsung stuff as simple as flashing a recovery via Odin and flashing SuperSU from there?
Sent from Google Nexus 4 @ CM12.1
[WARNING: XDA Premium 4.0.13+ lacks Signature function - do not update]
The "XX" is a region code (stands for some regions in Europe). IMO, the only thing matters is the last 3 digits of the build which shows the build date.
Also, as long as you don't care about Knox and warranty, isn't rooting Samsung stuff as simple as flashing a recovery via Odin and flashing SuperSU from there?
Click to expand...
Click to collapse
Region code or the like was my suspicion, thanks for clarifying
Regarding the simplicity of rooting a Samsung device, I've never rooted a device of any kind before but from what I can tell - if following a tutorial - it does seem pretty simple. Also, I'm pretty certain my warranty has expired, so that and KNOX is of no concern.
Otherwise, because I'm new to the process of rooting, I want to make sure I'm on the right page, so to speak. If I can gather as much basic information about it as I can, and understand the context of that information, then I hopefully won't make an otherwise avoidable mistake. The build number compatibility was a little fuzzy to me.
Basically, I just need to make certain that whatever I use to root it is compatible with my tablet's build. From what I've gathered, that is one thing I should be certain of before beginning. That said, if yourself or anyone else can point me to something compatible with build KOT49H.T520UEUANI1, that would be be super helpful.
Also, thank you for taking the time to reply!
-T
I don't think you need to care that much about build number. Grab a custom recovery (latest TWRP recommended) for your device, flash it with Odin, and flash latest SuperSU package from it (it has almost universal compatibility).
Sent from Google Nexus 4 @ CM12.1
[WARNING: XDA Premium 4.0.13+ lacks Signature function - do not update]
I got an OTA update yesterday (the first since I purchased the device). I think I've been spoiled by custom firmware describing exactly what each update has changed.
As far as I can tell, the info section doesn't give any details whatsoever about the update itself (e.g. if it added new features and what they are, or was just a security patch etc). Is there anything deep within the strange menu setup of this phone that gives this info, or info on the LG website with this info etc?
Arcanen said:
I got an OTA update yesterday (the first since I purchased the device). I think I've been spoiled by custom firmware describing exactly what each update has changed.
As far as I can tell, the info section doesn't give any details whatsoever about the update itself (e.g. if it added new features and what they are, or was just a security patch etc). Is there anything deep within the strange menu setup of this phone that gives this info, or info on the LG website with this info etc?
Click to expand...
Click to collapse
It might just be the April security patch.
Sent from my LM-G820 using Tapatalk
According to J. Williams who is reviewing the US version, the software update provided an update to the audio, made the speakers seem louder.
https://youtu.be/6a6NKdN-f2o
https://mega.nz/#!w0ZHjA6I!hrKmMca42c5798fuqCWZgM8Vcl5V6TAQsHipLhpjC5o
Here we go, WW update, latest rom for us! Thanks to chicken on the Vietnam telegram group. I'll post more later when I get home regarding magisk etc.
For now though, place in root of the storage and restart. But hang fire of you're rooted and want to remain so, I'll post instructions later, unless of course you know what you're doing. I just want to check magisk via ota method works before I post in detail here...
Changelog
WW 1910.35
Added grid display for game selection in the Games Library of Armoury Crate
Added game cover customization in*the Games Library of Armoury Crate
Added AirTriggers slide gesture in Game Genie (Beta)
Fixed the issue where navigation bar couldn't be hidden when playing "Black Desert"
Fixed the issue where Game Genie panel was pulled out easily when Key Mapping was used
Update with root : I was running magisk 20.1 prior to updating. After placing ota in root of internal storage and rebooting, system update should be detected. Click to install. Once completed don't restart the device, just choose 'later', then go to magisk manager and choose install. Then choose install ota. After that, reboot and you should have a fully updated and working latest rom with latest magisk still intact
Root and stock boot img's should you need...
https://mega.nz/#!1wwyCQIa!Rtsfo0J94KvJOUgmhYTHpwY8zy22BLNWJi_9GbAzoYU
Still no WiFi calling or voLTE...boo!
Thanks... Very good.
Works great! Thanks @reg66 for all your contribution to this small community .
scum2000 said:
Still no WiFi calling or voLTE...boo!
Click to expand...
Click to collapse
Lol, it's not happening.
"Added AirTriggers slide gesture in Game Genie (Beta)"
Can you describe what this does?
MishaalRahman said:
"Added AirTriggers slide gesture in Game Genie (Beta)"
Can you describe what this does?
Click to expand...
Click to collapse
Umm, good question! I just posted the changelog, not sure what it allows to do. Will have a Google etc later if I get a chance...
Perhaps, for instance, when going around corners in a car racing game the slide option allows gradual increase in steering? But that's a complete guess at this point!
Thanks. Btw anyone using Paypal or Bank apps? Not working after rooting right?
iampatricktan said:
Thanks. Btw anyone using Paypal or Bank apps? Not working after rooting right?
Click to expand...
Click to collapse
Mine work, barclays and PayPal... Use magisk hide in the manager
MishaalRahman said:
"Added AirTriggers slide gesture in Game Genie (Beta)"
Can you describe what this does?
Click to expand...
Click to collapse
Basically, yeah, it allows gradual sliding to control, for instance, walking /sprinting in pubg or gradual drifting in asphalt... But I have used it yet, I'm only telling you what I was told! Hopefully that's correct though...
reg66 said:
Basically, yeah, it allows gradual sliding to control, for instance, walking /sprinting in pubg or gradual drifting in asphalt... But I have used it yet, I'm only telling you what I was told! Hopefully that's correct though...
Click to expand...
Click to collapse
Hope someone can confirm because this sounds really cool. I have the CN version so we don't get the same updates.
@MishaalRahman Please see screenshot...
I assume this has the October Security update too?? Isn't mentioned in the release notes
cheetah2k said:
I assume this has the October Security update too?? Isn't mentioned in the release notes
Click to expand...
Click to collapse
Yes, 1st Oct
Haven't gotten this OTA update, didn't get .25 either. I'm not sure why because my device is untouched. Anybody else seeing this issue? I'm on a WW device, Indian variant, 8/128.
GeekGod said:
Haven't gotten this OTA update, didn't get .25 either. I'm not sure why because my device is untouched. Anybody else seeing this issue? I'm on a WW device, Indian variant, 8/128.
Click to expand...
Click to collapse
1. Have you had any updates without forcing them?
2. These updates are early releases from CN or Taiwan or Vietnam (somewhere along those lines) and the updates for eu and India market will no doubt get released at some point in the future from the main asus website.
3. Although you may have bought a device with WW rom installed, doesn't mean the fingerprint has been changed. You can check with device info hw from playstore. You'll find, under system, your product id and rom plus fingerprint, they all need to match.
4. That said, even then I'm not sure (if they do all match) you'll get the updates without manually installing them. I can't say for sure as I always download the early bird releases from Vietnam telegram group. I've never waited to see if updates to indeed happen automatically here in UK...
Hope some of this helps...
reg66 said:
1. Have you had any updates without forcing them?
2. These updates are early releases from CN or Taiwan or Vietnam (somewhere along those lines) and the updates for eu and India market will no doubt get released at some point in the future from the main asus website.
3. Although you may have bought a device with WW rom installed, doesn't mean the fingerprint has been changed. You can check with device info hw from playstore. You'll find, under system, your product id and rom plus fingerprint, they all need to match.
4. That said, even then I'm not sure (if they do all match) you'll get the updates without manually installing them. I can't say for sure as I always download the early bird releases from Vietnam telegram group. I've never waited to see if updates to indeed happen automatically here in UK...
Hope some of this helps...
Click to expand...
Click to collapse
1. Yes, I've gotten the .21 update which is the only one that has come out since I bought the phone.
2. I thought so too, just need to confirm.
3. It's an official Indian variant from Asus, so fingerprint mismatch is unlikely. I think it's just that .25 was never officially released, and I'll probably get .35 soon. Hopefully!
Thanks for your help.
GeekGod said:
1. Yes, I've gotten the .21 update which is the only one that has come out since I bought the phone.
2. I thought so too, just need to confirm.
3. It's an official Indian variant from Asus, so fingerprint mismatch is unlikely. I think it's just that .25 was never officially released, and I'll probably get .35 soon. Hopefully!
Thanks for your help.
Click to expand...
Click to collapse
.21 was an official release. .25 still hasnt been updated on the Asus Bios firmware page, so I assume it wasnt official. .35 still hasn't been updated on the Asus Bios firmware page, so its still not available. If you have a genuine WW phone (like my North American WW bought from B&H) then just download, put in the root directory, and reboot the phone to install.
I've just done mine, and works great! :good::good:
cheetah2k said:
.21 was an official release. .25 still hasnt been updated on the Asus Bios firmware page, so I assume it wasnt official. .35 still hasn't been updated on the Asus Bios firmware page, so its still not available. If you have a genuine WW phone (like my North American WW bought from B&H) then just download, put in the root directory, and reboot the phone to install.
I've just done mine, and works great! :good::good:
Click to expand...
Click to collapse
I'll wait for a couple of days and then try doing that. OTA for Indian units is usually delayed so I'm hoping I'll get it by the end of this week.
Goooood