I am trying to root my Moto Z Play without unlocking the bootloader. It's the first smartphone I bought new (the other ones I bought used), so as long as I have warranty I'd like to (officially) keep it.
I am currently running Android 6.0.1, which is vulnerable against Dirty COW. I tried it and managed to get a working root shell. Now I need to get around SELinux. From what I read, I only need to change the content of /sys/fs/selinux/enforce from 1 to 0, which is very easy with Dirty COW.
My question is now, if I do this, can this possibly brick the phone because the bootloader detects SELinux to be in permissive mode? Does anyone know anything about that?
If this works out, I'd gladly share the whole exploit, create pre-built binaries and document the whole thing. I just don't want to brick my phone two days after I got it.
PS: The Dirty COW exploit should work up to Android 7.1, from what I read. I don't know if it works on Android 7.1.
Just giving you my input... developers woud've already informed most of us if the Z play is able to be rooted without unlocking the bootloader. EVERYONE has unlocked their bootloader in order to root so... I'm pretty sure you have to unlock it. I wouldnt play around with the Z play if I were you lol.
Oh, rooting itself was a breeze. Just getting around SELinux is not that easy. I just tried it out, and it seems like I did not understand SELinuxFS correctly. Dirty Cow sadly does not seem to be able to write onto the SELinuxFS
It's not necessarily the case. I am a developer myself, only that I only worked on my old Motorola Droid 4 (just swapped it out this week for the Moto Z Play), where there was no SELinux yet. What I've seen with many devices is, if there is one easy way of rooting and the device does not have enormous market share, developers usually don't try to find other ways to get in.
But I'll have a look and see what else I can do.
I don't necessarily need to get around all of SELinux. All I want to do is run mount and chroot so I can run a proper Linux subsystem on the device.
This might work:
https://forum.xda-developers.com/g4-play/development/root-autoinitroot-motorola-bootloader-t3639316
Related
Hello,
I have had my G4 H815 locked to UKEE for a good few months now and I have been holding off on rooting as the official way of unlocking the bootloader I believe breaks the DRM keys and it was hinted that there was a small possibility than a nicer way may come about. It's not looking like that at the moment and I am now clucking to get my root apps and freedom back.
I have had and HTC Desire, Samsung S2 and Xperia Z1 all rooted many times and flashing multiple different things etc so I am by no means new to rooting but I am not a technological whizz kid and looking at the root methods for this, as with every new phone it seems, rooting methods are getting more difficult. My questions are;
1. Can anyone tell me what they have experienced not working when the bootloader gets unlocked? I understand it may just be video streaming? Can anyone confirm the likes of Netflix etc won't work? Any other apps / ill effects? I assume YouTube still works? I currently use Barclays banking app, that didn't work on old phone while that was rooted, I'm assuming with the bootloader unlocked it will never work again on G4?
2. Is Root ANY LG G4 Variant 100% Success Directives | Root Injection | Less Bricks the best root method to use? Or is it, as I guess [ROOT] TMO/VZW/ATT/SPRINT/INTL Root your LG G4 with Low Effort Root! the best to use? Or is there another you suggest that is easier / better / harder to destroy my phone?
3. Slightly O/T but being on EE they are extremely stingy with updates so I am still running 10C, I have seen about FW up to 10H or more. Is there somewhere that has the change logs of these different firmwares?
"I believe breaks the DRM keys"
This is true for the Sony Xperia devices, but not really for others that I know (Samsung S6 and HTC M9 included). I have unlocked the device on day 2, and everything works: YouTube, My own banking apps (they give me a warning tough that I am rooted, but working without issues), all camera functionality, video streaming (no Netflix here to check tough), IRDA, BT etc.
The banking checks for root (if you have SU access and not if the bootloader is unlocked), this can be hidden with the RootCloak app, but depends on the banking app itself. As I said, mine warns me that I am rooted, but everything works.
As for which is the easiest method, I prefer flashing SuperSU package with TWRP recovery, since the bootloader is unlocked. It's safe and failproof.
The other methods you listed are mainly for devices, which can't have their bootloaders unlocked.
Thanks. I know the Xperia devices broke drm keys so that the bravia engine etc didn't work. But at least with them you could backup drm keys and relock the boot loader. I read somewhere that the g4 breaks the keys but it was only really streaming type service's that may be effected.
Yea Barclays just straight up won't work and there rootcloak doesn't have an exploit to hide root from that as far as I could find.
I read somewhere on this earlier too that there is an unofficial unoficial bootloader unlock being worked on sounds like not far off. May just wait and see if that way comes to light soon and if it's a safer way and revertible for warranty purposes etc as it can't be done after accepting an update looks like.
Sent from my LG-H815 using Tapatalk
I am considering this phone as a replacement for Note 7, so I have some questions about root.
Does it break Android Pay, and if so, is it permanent? Like does it fry "secure element?" Or can one root, install adblock .hosts, but then reverse the effect?
Also, if the phone is rooted, can it still be secured? So, if I lose my phone, can someone plug it into usb and flash/wipe data? Or can it be secured, so that it could only be tampered by the owner?
Thanks.
nabbed said:
I am considering this phone as a replacement for Note 7, so I have some questions about root.
Does it break Android Pay, and if so, is it permanent? Like does it fry "secure element?" Or can one root, install adblock .hosts, but then reverse the effect?
Also, if the phone is rooted, can it still be secured? So, if I lose my phone, can someone plug it into usb and flash/wipe data? Or can it be secured, so that it could only be tampered by the owner?
Thanks.
Click to expand...
Click to collapse
Gentle bump.
At the current moment there's currently no root yet (although Chainfire did got seamless root working with boot image mods but is still working on getting everything done) and there's currently no custom recovery.
Also, Google hasn't used SE for the longest time since Verizon and other carriers has been locking out that chip on the SIM card for a long time. Instead they do some sort of emulation of sort which is stored in the data encrypted so if you ever wipe your phone you don't have to worry about the SE being all jacked up without unregistering it first.
In terms of being able to use Android Pay, it does check to see if the bootloader is unlocked but there's already a kernel out that bypasses that check and I'm able to use it just fine so even if you are rooted I'm sure you could just use that kernel and it'll still work (I'm not able to test with root since the root isn't publicly available yet but usually you can go into SuperSU and tell it to hide su and android pay should still work if it does check to see if su is installed on top of the bootloader being unlocked). So there's always ways around it.
This is an open discussion about the Straight Talk Galaxy S6. Here I want to discuss about possible root access along with a possibility to downgrade. Looking for any volunteers to help me with this phone.
I own a red magic 3, a G6, and an old S6 with straight talk firmware. I usually use my G6 and S6 to play around with for development purposes.
So awhile back, I managed to root my galaxy S6 straight talk with a third-party rootkit. Not long after that I wanted to upgrade this thing to marshmallow. I managed to succeed in doing it, only to be left with a useless phone.
Upon my research, you can flash an SM-S907VL firmware which appears to be a TracFone firmware for the S6. However, the 907VL appears to not support straight talk users. I attempted to downgrade back to the S906L but the strict SBoot prevents me from going back.
A half year later, I'm still messing with this phone. I want to see about finding a way to gain root access or look for any loop holes (possible exploits) that we could do with this phone. I managed to find a way to root the SM-S907VL. Here's how:
I first did some deep digging on the internet and found combination firmwares for this particular model. Combination ROMs are (what I believe are test ROMs for phones). I managed to flash a combination firmware to it. After that I rooted it with kingroot, uninstalled kingroot SU and switched to SuperSU. Then I installed Flashfire and I tried to flash the SM-S906L but no luck.
However, upon even FURTHER searching, I managed to flash the SM-S906L by ONLY flashing the system.img by extracting it from the md5 and adding it to a tar archive.
Well here is where things get complicated, since I only flashed the system, the kernel is running on a later kernel security patch. Which means rooting it with Kingroot fails. Also, the CVC and modem is still running on the SM-S907VL so even if you put a straight talk sim card into it, it won't work. Bummer
I'm wanting to see how far we can go into this phone and hopefully find a way to somehow get it unlocked somehow.
I'm all ears for y'all!
EDIT: Crap, posted in the wrong category. I should have posted in the general forum.
Can i modify my g988u from verizon in anyway? And if so how? Im new to this kind of stuff. I know i should probably leave verizon
You might be able to disable some packages with ADB , but beyond that, if your phone has been receiving OTA updates, it's likely hopeless. Substantial customization requires root, and that is precluded by locked bootloaders. There are paid services that can unlock bootloaders in S20s with older software, but my understanding is this isn't an option for devices with newer software
I actually just switched to Verizon, entirely motivated by AT&T's hostiliity towards most unlocked devices (that they don't sell). So, if you leave, who are you going to go to? T-Mobile is the most permissive of the big 3, but tends to lag in infrastructure.
Right didnt even look into that. Probably going to stay with verizon now that ya said that lol. Just curious What do people get out of from rooting their phone? I want to learn how and dont know where to start.
CainD5 said:
Right didnt even look into that. Probably going to stay with verizon now that ya said that lol. Just curious What do people get out of from rooting their phone? I want to learn how and dont know where to start.
Click to expand...
Click to collapse
A lot. Android phones have come a long way in past decade and change that they have been available, but root access, which is typically associated with at least an unlocked bootloader and possibly also a custom ROM, remains the single most powerful customization tool. A short non-exhaustive list of what you can do:
Use Magisk (See Magisk Module Repo for ideas of capabilties).
Use EdXposed or LSPosed (See Xposed Module Repo for ideas of capabilities).
Install a custom kernel (natively mount CIFS/NFS filesystems, overclock your device, and all sorts of other options).
Permanently debloat your ROM (survives hard reset).
Enjoy the best ad blocking experience.
View/backup/edit private application data.
There are also downsides to root, such as tripping the warranty void bit (and disabling Knox-related functionality like Samsung Pay, likely losing filesystem encryption, and greatly increasing your odds of a malware infestation. That said, the XDA site is largely powered by the modding/root access community, so those risks aren't discussed much.
So I have successfully unlocked my motorola by following the official guide but am stuck on the next step because I don't know what I'm supposed to download next. I installed magisk from the official github onto my phone but that's about it. Thanks in advance for any help.
Which rom are you using?
So all I have done so far is unlocked my bootloader, do I need to download a rom next. I'm very inexperienced on this subject and saw a video of the different cool customizations you can do with a rooted phone.
So, there are two different things.
1. rooting gives you access to system files, so they can be modified/erased etc.
2. a custom ROM doesn't necessarily give you root access, but it can give you cool customizations built-in, or a newer version of Android, for example.
Personally I'm not a big fan of rooting in general. Because that comes with a couple of caveats. One being that your banking apps won't work anymore, unless you fiddle with magisk stuff to make it show like the device is not rooted, and stuff like that. I don't need root, so I don't generally need Magisk either.
But if you want to try a cool ROM for this phone, and you like stock Android, you could try the Pixel Experience ROM. The only thing that doesn't work (and I don't know how to fix right now), is VoLTE and VoWIFI. But it might work for you.
LineageOS works for VoLTE (with IMS APN added by the user), but still doesn't work for VoWIFI. It could be that it requires a few specific files to be flashed from the stock ROM. I don't know. So far I couldn't get it to work.
So, next step would be either staying on stock ROM, and fiddling with Magisk (but keep in mind some DRM apps won't work, some payment stuff won't work and so on so forth), ooor go flash a custom ROM (such as Pixel Experience), and enjoy it the way it is.
The choice is yours.
One advice I have: don't relock the bootloader unless the option in Developer Options > OEM Unlocking is ON. Doesn't matter if it's greyed out or not. But it needs to be ON.
Why? Because, if something happens and you can't boot because you locked your bootloader on a custom ROM for example (which you should never do, by the way), you won't be able to unlock it again, so you can fix your boot, if that option is OFF. So be very careful with that.
When that option is ON, it means bootloader is allowed to be unlocked (it's unlockable). When it's OFF, it's not. If it's not unlockable, you can't unlock it, so you can't flash anything. Which is really bad if you need to fix something and the only way is flashing.
Ok, I took some time to reflect based on what you said. I really do value being able to use banking apps so i guess I will try to fiddle with magisk stuff after I root my device. Speaking of which I was following this guide and I went through the procedure twice but for some reason after I ran the root checker plus app from the play store it says that root was not properly installed. Not sure what part of the process I did wrong but I await any feedback.
Technically, all you need is Magisk installed. That will also give you root access. You don't need anything else.
But maybe flashing was not done right? I don't know. Do you get an error? If so, it would be good to know which error.