Related
*** OTADelusion is no longer available ***
Use fastboot flash update instead - guide.
Code:
[B]*** Disclaimer[/B]
If you wish to follow the instructions in this post, you agree that -
* Your warranty is void.
* I do not offer any guarantees that this will work or that it won't cause any
bad side effects.
* You alone are responsible for any damages or other issues that may arise
directly or indirectly because of this.
This has undergone basic testing on multiple devices running supported ROMs, but
again, there are no guarantees. Use it at your own risk.
In particular, OTA updates have not been tested on rooted devices.
Introduction
What Is This?
The FonePad 7 has a very secure stock ROM that is not vulnerable to any known exploit. But fortunately for us, Asus introduced their own vulnerability in it, which we can take advantage of. This is a guide that will help you root your FonePad 7 using that vulnerability.
How Does It Work?
Overplayed, Cool-Sounding Version
OTADelusion exploits multiple critical security vulnerabilities in the over-the-air update mechanism employed by the FonePad 7 -
The update delta packages are delivered to the device through an unencrypted medium.
The device can be configured to use any DNS server and it does not verify DNS query responses.
The package verification process relies on an asymmetric key-pair whose private key is compromised.
A man-in-the-middle attack is performed while downloading an OTA update by forcing the device to use a rogue DNS server which directs the device to connect to a rogue web server. This web server serves malicious update packages with forged cryptographic signatures. These update packages are designed to install a permanent backdoor in the device, allowing the user full access to it.
Down-To-Earth Version
Someone at Asus forgot the 'S' in 'HTTPS'
Someone at Asus forgot to replace the test Android signing key with their own
1 + 2 = Pwnage
What Do I Need To Use It?
A FonePad 7 running a supported version of the stock ROM (check the section below for a list of supported versions)
A working Wi-Fi connection (this will NOT work on 2G or 3G)
Supported ROM Versions
Go to Settings -> About tablet and check the "Build number" field
3.2.2 - NOT supported. Upgrade to 3.2.4
3.2.4 - Supported (WW and TW)
5.1.6 - NOT supported. I need volunteers to help me test.
5.2.2 - Supported (WW)
5.2.5 - NOT supported. May be added in the future. Check this thread for updates.
Click to expand...
Click to collapse
Installation Instructions
Follow these steps -
Read the disclaimer at the top of this post.
Make sure you're connected to a WiFi connection, NOT 2G/3G.
Go to Settings -> About tablet -> System Update and check for updates.
When you see the update prompt, select "NO"
Go to Settings -> Apps -> scroll to the "All" tab -> CMClient
Press the "Force Stop" button
Press the "Clear Data" button
Repeat the above steps with DMClient in the Apps list
Go to Settings -> WiFi -> long press on your network -> Modify Network and follow these steps -
Set IP Settings to "Static"
Note down the values of DNS 1 and DNS 2 somewhere.
Set DNS 1 to <snip>
Make DNS 2 blank
At this point, your Internet connection will stop functioning correctly. This is intended and temporary.
Repeat step 3. If it shows an error, reboot and repeat this step.
Make sure you get an update called "OTADelusion".
Download and install the update.
After reboot, go back to WiFi settings and restore the previous values of DNS 1 and DNS 2.
You now have root. Enjoy! But also be careful - there is currently no way to de-brick this device if you screw up.
Click to expand...
Click to collapse
Changelog
v0.2 - February 27, 2014
Added v5.2.2 WW.
Works on v3.2.4 WW, v3.2.4 TW, v5.2.2 WW.
v0.1 - January 24, 2014
Initial version.
Works on v3.2.4 WW and TW.
Click to expand...
Click to collapse
Thanks To/Credits
Code:
* XDA members (in alphabetical order) d0p3d, eagleofdeath13, fabiocr, Fuad.kh,
Lord Childe and MEHRDAD595, for testing.
* Chainfire, for SuperSU.
* Asus, for leaving one last security hole.
Status
Running an update server costs actual money, so I won't be able to keep it running indefinitely. I expect to be able to keep it running through 2014 at least, but there are no guarantees. It can go offline at any time. The address mentioned may also change at times. This post will be updated if that happens. Server taken down because there is now an offline method.
Current Server Status: Offline
Thanks for the hard work man, hope you are able to solve the other versions as well. :good:
Hey, just a thinking. If Asus can update the "update" app, maybe you can too, and then send any updates (and modification) you want, no?
If it's possible, we have a big posibility in here i think
eagleofdeath13 said:
Hey, just a thinking. If Asus can update the "update" app, maybe you can too, and then send any updates (and modification) you want, no?
If it's possible, we have a big posibility in here i think
Click to expand...
Click to collapse
It's certainly possible, but a much cleaner solution would be to get a working recovery. The bootloader is locked, but it looks like it's not encrypted. There may be a way to make it accept a custom recovery.
But we need someone who's willing to take the risk of possible bricking and test the recovery on their device.
I think that it could be a good idea to open one of our devices, to see if there's some JTAG (or thing like that) to have a fully trustable backup option.
after rooting my ME372CG, can it download upgrading package automatically and upgrade to newer version firmware?
thanks.
qianw said:
after rooting my ME372CG, can it download upgrading package automatically and upgrade to newer version firmware?
Click to expand...
Click to collapse
It hasn't been tested yet. I would suggest you don't, at least until somebody else confirms that it works.
I do suspect that there is some code in the OTA package that triggers a ROM verification in the bootloader, but I'm not sure.
Either way, if somebody's willing to take the risk, let me know. I can make a modified update package that should reduce the risk of bricking.
Hi, Dr. Psycho
Thank you for your quick reply.
I am using 5.2.2 firmware, so need to waiting for next rooting opportunity..
BTW, after rooting, if can't download upgrading package automatically, is there any way to flash the package manually (if i can download it from somewhere)?
Dr. Psycho said:
It hasn't been tested yet. I would suggest you don't, at least until somebody else confirms that it works.
I do suspect that there is some code in the OTA package that triggers a ROM verification in the bootloader, but I'm not sure.
Either way, if somebody's willing to take the risk, let me know. I can make a modified update package that should reduce the risk of bricking.
Click to expand...
Click to collapse
qianw said:
BTW, after rooting, if can't download upgrading package automatically, is there any way to flash the package manually (if i can download it from somewhere)?
Click to expand...
Click to collapse
The only way is to do what I'm doing with this guide. You'll need to run a fake DNS server and a web server and fool the tablet into downloading your package. If you're on the latest version of the stock ROM, you'll need to either patch the DMClient app or install a self-signed CA certificate (not through Settings, you'll need to copy it to /system).
This thread has a lot of information for those interested, especially in the last ten or so pages: http://forum.xda-developers.com/showthread.php?t=2514714
EDIT: Just realized you might talking about official updates. Those will be downloadable and installable, but we don't know if it'll work. It might brick your device.
What I wrote above was for custom mods.
This will all become much easier if we get a working recovery.
Yes, I mean official ROM upgrading after rooting. Sorry for the confusing.
I am waiting for Android 4.4, I don't know when Asus can release it for ME372CG. I don't want rooting affect ROM upgrading in the future.
Your answer is quite clear, thanks!
Dr. Psycho said:
The only way is to do what I'm doing with this guide. You'll need to run a fake DNS server and a web server and fool the tablet into downloading your package. If you're on the latest version of the stock ROM, you'll need to either patch the DMClient app or install a self-signed CA certificate (not through Settings, you'll need to copy it to /system).
This thread has a lot of information for those interested, especially in the last ten or so pages: http://forum.xda-developers.com/showthread.php?t=2514714
EDIT: Just realized you might talking about official updates. Those will be downloadable and installable, but we don't know if it'll work. It might brick your device.
What I wrote above was for custom mods.
This will all become much easier if we get a working recovery.
Click to expand...
Click to collapse
Hello all!!!
Dr. Psycho, I confirm your solution is working!!!!.... Thank you very much... I bought the device today, based on your solution to root the phone... Thank you again...
Theodore
Thanks! working great here
I noticed that some JP (as opposed to WW and TW) FonePad 7 users are trying to use my server to root. The JP version isn't supported yet (I didn't even know it existed). I can add it if someone with the JP version could help me get some values from their device. It'll only take a couple of minutes. Send me a private message if you're interested.
To check if you're using the JP version, go to Settings -> About tablet and check the "Build number" field. It should say "JP" somewhere in the middle.
Botto00 rooted the original Fonepad and made it Flash capable. There are several Flash browsers (Photon, Flashfox, Puffin), but because the Flash stream is redirected it's not a good viewing experience. I was wondering If you had any plans to incorporate Flash in your rooting method? I've already taken advantage of your root and maybe it's too late anyhow.
Lord Childe said:
I was wondering If you had any plans to incorporate Flash in your rooting method?
Click to expand...
Click to collapse
Have you tried this?: http://forum.xda-developers.com/showthread.php?t=1931699
Lord Childe said:
I've already taken advantage of your root and maybe it's too late anyhow.
Click to expand...
Click to collapse
If I did come up with patches or ROMs, already having root would't be a problem at all. It shouldn't be too hard to make an app that instructs the bootloader to flash a package like DMClient does. Even if it turns out to be difficult, with root access, I can easily hijack the update-checking mechanism with a self-signed CA certificate and a web server, similar to how we're achieving root right now.
I did in fact have plans to make a recovery or at least an app that would act like a minimalistic recovery and let you flash recovery packages. The problem is, I'd need either a test device or a daring volunteer. And time too - I don't have much of that right now.
Dr. Psycho said:
Have you tried this?: http://forum.xda-developers.com/showthread.php?t=1931699
If I did come up with patches or ROMs, already having root would't be a problem at all. It shouldn't be too hard to make an app that instructs the bootloader to flash a package like DMClient does. Even if it turns out to be difficult, with root access, I can easily hijack the update-checking mechanism with a self-signed CA certificate and a web server, similar to how we're achieving root right now.
I did in fact have plans to make a recovery or at least an app that would act like a minimalistic recovery and let you flash recovery packages. The problem is, I'd need either a test device or a daring volunteer. And time too - I don't have much of that right now.
Click to expand...
Click to collapse
I quite understand time limitations working on stuff like this - I think everyone appreciates the time and effort you've spent on rooting Fonepad 7.
I followed the procedure in the link. Unfortunately, it doesn't work... maybe that fix is for machines that still support Flash.
Would I dare to volunteer? Hmm... now that I've got root I don't think I would risk it.
Lord Childe said:
I followed the procedure in the link. Unfortunately, it doesn't work... maybe that fix is for machines that still support Flash.
Click to expand...
Click to collapse
I'll give it a try when I get my tablet back and see if I can get it to work.
Lord Childe said:
Would I dare to volunteer? Hmm... now that I've got root I don't think I would risk it.
Click to expand...
Click to collapse
I don't blame you. I wouldn't suggest testing unless you really don't care if you brick the tablet.
thumbs up for 5.2.2 :highfive:
USB OTG
Hi, i know this is not the right tread to ask but since there is not forum about our tablet i'll ask here. I have a fonemap 7 ME372GC the 4 GB version (witch by the way doesn't appear on Asus page) and i'm not able to use usb OTG. Is this not possible on our tablets or does mine have something wrong? I have 5.22 rom version andoid 4.3. I use an OTG cable witch is working on my HTC One
Thank you for your help
Let's root it again
Hi Dr. Psycho,
I just got a Asus fonepad 7 model: k00E (ME372CG) and I will put some more data about this device:
- Firmware version: 54.2F
- Android version: 4.2.2
- Baseband version: 1338G_1.12.0_0913
- Kernel version : 3.4.34-00006-gc3b491f
[email protected] #1
Fri Sep 13 21:24:31 CST 2013
- Build number: JDQ39.WW_epad-V3.2.1-20120913
000053_201307241030
It seems as this is the older version of the build then 3.2.4 but it is well WW.
Should I upgrade to version 3.2.4 (and can you explain me how to do this but still to avoid ASUS upgrading to even newest version) or may I try to update this "OTADelusion" update directly with this "old" build number following the instructions ?
And is there any risk of bricking my device with rooting following this method as you stated that there is no way to de-brick Asus fonepad 7 yet ?
Or is there any other (older and safer) way to root this older build version except this "OTADelusion" ?
Thanks in advance !
Cheers !
Hello, I would like to be able to get Sony's Firmware updates, basically to fix an audio Bug. My carrier told me they would not release that update, or any at all, however I really need it. Plus, I would like to get those new features that Sony offers and Android Lollipop when available.
The thing is my Z1 Compact is not allowed to Unlock the Bootloader, although when I connect it to the PC while pressing Volume Up, the LED turns blue, which means it's Unlockable, as I read somewhere.
So , I hope you can help me with this: What do I need to get Sony's firmware update in my not unlockable Z1 Compact?
Thanks in advance.
Firmware installed: 14.3.A.0.681 (Android 4.4.2 KitKat)
You don't need to have unlocked bootloader to do a update. Download latest firmware and flash via flashtool how to flash rooms is describe in general section In first thread you need your phone flashtool rom and knowledge how to flash firmwares as I mention in general section is everything to do that. Bootloader unlock is necessary when you want to flash cm or aosp or kernel other than stock
Thank you!
Hello, Wrocław.
Thank you so much for your answer! It's been very helpful.
One last question: The firmware I will download, does it need to be for my country/carrier? Because I have my carrier's latest firmware installed and they said the won't release any other update for the z1 compact... So, is it enough to get the same language firmware (spanish)? Or does it need to be for my specific country (Perú)?
Thanks again!
mariepizzer said:
So, is it enough to get the same language firmware (spanish)? Or does it need to be for my specific country (Perú)?
Click to expand...
Click to collapse
If you are keen to get the latest firmware and baseband then you should head over to IaguCool' s thread on Xperia Firmware Downloader & Checker. Follow the instructuions there. You will need a copy of Flashtool and it'd be good to read the thread on 'how to' as all the instructions are there, rather than jump to the last page and ask, which is what everybody does.
This will deliver you the latest stock build for your area/service priovider, bootlocked and not rooted, so what you do with it after that is up to you?
Thanks, Didgesteve!
I've got the latest firmware release by the carrier for my country installed, the bad part is that's not the latest firware available for Z1C, so I wanted to know if there is a problem if I install a firmware for other country/service. Will I still be able to make calls, text, etc?
Thank you for the link! However, IaguCool' s Xperifirm stopts working whenever I select a region/carrier firmware :/
Didgesteve said:
If you are keen to get the latest firmware and baseband then you should head over to IaguCool' s thread on Xperia Firmware Downloader & Checker. Follow the instructuions there. You will need a copy of Flashtool and it'd be good to read the thread on 'how to' as all the instructions are there, rather than jump to the last page and ask, which is what everybody does.
This will deliver you the latest stock build for your area/service priovider, bootlocked and not rooted, so what you do with it after that is up to you?
Click to expand...
Click to collapse
mariepizzer said:
Thanks, Didgesteve!
I've got the latest firmware release by the carrier for my country installed, the bad part is that's not the latest firware available for Z1C, so I wanted to know if there is a problem if I install a firmware for other country/service. Will I still be able to make calls, text, etc?
Thank you for the link! However, IaguCool' s Xperifirm stopts working whenever I select a region/carrier firmware :/
Click to expand...
Click to collapse
yes, you can install any firmware, it will always start with choosing the language you want to use and just follow the setup guide.
If Xperiafirm stops working after it has opened, then it is being blocked by firewall, or you didn't install Java
G928IDVU1AOH2 Android 5.1.1 lollipop Official firmware Released today in VAU Australia (vodafone)
http://best-tech-reviews.com/update-sm-g928i-g928idvu1aoh2-android-5-1-1-7795/
Damn....I want to flash this so much on my tmobile (us) version :silly:
Is it possible to do that? I'm in the same boat.
I'm not very familiar with samsung modding, unfortunately
SolarTrans said:
Is it possible to do that? I'm in the same boat.
I'm not very familiar with samsung modding, unfortunately
Click to expand...
Click to collapse
Yes it's possible but we need to flash on top our (tmobile) kernel.
I also can't find our tmobile frimeware tar (for odin in case of bootloop)
Damn....booooooring
Hmm I'm downloading the TMO firmware from SamsungUpdate to start, but it's gonna take another 6 hours because of their metered connection -_-.
We'll see how that works out, but ideally I'd be 100% debloated and rooted with Samsung Pay working.
Don't think that'll be possible, but at least we're dealing with unlocked bootloader devices haha
SolarTrans said:
Hmm I'm downloading the TMO firmware from SamsungUpdate to start, but it's gonna take another 6 hours because of their metered connection -_-.
We'll see how that works out, but ideally I'd be 100% debloated and rooted with Samsung Pay working.
Don't think that'll be possible, but at least we're dealing with unlocked bootloader devices haha
Click to expand...
Click to collapse
where did you get the update from?
@Jduncan312
http://samsung-firmware.org/download/SM-G928T/i70w/TMB/G928TUVU1AOGD/G928TTMB1AOGD/
hello
any lucks for the SM-G928C ?
My edge plus is already on 5.1.1 - why the desire to download the same version of firmware from another country? Maybe I'm missing something...
That's not new
Guys, the phone is running great!
Updating for the sake of updating isn't always a good thing when out of the box it's actually working well!
When a device has problems there are threads everywhere of complaints. When a device works things are quiet usually with just the usual how to question. Of course everyone wants root, when it comes it comes. Be patient!
codee said:
My edge plus is already on 5.1.1 - why the desire to download the same version of firmware from another country? Maybe I'm missing something...
Click to expand...
Click to collapse
I do not believe you have to do anything.
While yes, both are version 5.1.1, if you look at the last 4 digits of your firmware build number you should see AOGD. The new firmware build number ends in AOH2, showing this is a newer build date. Nothing major, probably just a few under the hood changes, which usually means a liitle better performance.
http://forum.xda-developers.com/galaxy-nexus/general/help-understand-android-build-t1655863
crowlaw said:
While yes, both are version 5.1.1, if you look at the last 4 digits of your firmware build number you should see AOGD. The new firmware build number ends in AOH2, showing this is a newer build date. Nothing major, probably just a few under the hood changes, which usually means a liitle better performance.
http://forum.xda-developers.com/galaxy-nexus/general/help-understand-android-build-t1655863
Click to expand...
Click to collapse
what about the root-ability?
If you are rooted on an older firmware, and you flash a stock rom via Odin you will lose your root access. So long as your phone model can be/is rooted on your current firmware, after you flash the newer firmware just follow the same steps to root your phone again.
crowlaw said:
If you are rooted on an older firmware, and you flash a stock rom via Odin you will lose your root access. So long as your phone model can be/is rooted on your current firmware, after you flash the newer firmware just follow the same steps to root your phone again.
Click to expand...
Click to collapse
any differences between the OS Firmware, Build Number, or Baseband?
The only place I found this firmware on was on paysites, and I'm not willing to pay god knows how much because I wanted to restore my phone to stock especially when I can flash a custom ROM for the time being, and please don't throw me to firmware.center, because I have checked and they don't have the firmware I need, and I guess I was fooled by a thread for the OTAs of NPPS25.137-93-2-5 (not hating on the guy who posted this, it was my fault). I tried searching for the firmware by its filename, and I couldn't find it on a website that didn't want some money out of me.
ap4ss3rby said:
The only place I found this firmware on was on paysites, and I'm not willing to pay god knows how much because I wanted to restore my phone to stock especially when I can flash a custom ROM for the time being, and please don't throw me to firmware.center, because I have checked and they don't have the firmware I need, and I guess I was fooled by a thread for the OTAs of NPPS25.137-93-2-5 (not hating on the guy who posted this, it was my fault). I tried searching for the firmware by its filename, and I couldn't find it on a website that didn't want some money out of me.
Click to expand...
Click to collapse
The only thing I could find was the OTA update
You would need to flash the previous firmware if its available and then OTA update to the latest version
https://drive.google.com/file/d/1MFn7BEr3R1tkpNGsVZLRzJp_wkH54vLT/view
Hi, what is the difference between NPPS and NPP?
takoa said:
Hi, what is the difference between NPPS and NPP?
Click to expand...
Click to collapse
I guess there is no difference except other than an extra letter, or that your phone is blacklisted from updates, I don't really know
I am on 93-12 with XT1676, UK retgb, but am just being offered an update to 93-14 with Android updates to 1 July 2018.
mstombs said:
I am on 93-12 with XT1676, UK retgb, but am just being offered an update to 93-14 with Android updates to 1 July 2018.
Click to expand...
Click to collapse
I also recieved that OTA when I flashed 93. I then upgraded to 93-4, 93-8, then 93-12, then 93-14
Hello,
got here a new TA-1050, and been reading about updates. Was quite glad to find the list at HMD Nokia,
/phones/en_int/security-updates , then less thrilled to learn Pie is not a smooth sailing yet.
The device is on 00WW_2_13B, and offers OTA update to 00WW_3_260. If these are the only choices, I'm staying with 2_13B,
but would preffer the latest Oreo 00WW_2_22E_SP03 instead, or at least the patches with 00WW_2_13B_SP05.
If I understand correctly, all these updates should be still available via ota-api links, all official and signed, installable via copying to SD card and update command / dial.
But the only link I found is for the Pie update - the /packages/ota-api/nokia_pl2sprout_plate200ww/1879f071d6ca7ca72fb1a750f045c3cdf00ff4dc.zip
Is there a way to get the links for 00WW_2_22E / 00WW_2_22E_SP03 / 00WW_2_13B_SP05 ?
As in, does someone have them and would be willing to share?
Thanks in advance.
Pie is as stable as it can be. Whoever says something else is just a crybaby. :/
intervall said:
Pie is as stable as it can be. Whoever says something else is just a crybaby. :/
Click to expand...
Click to collapse
Exactly. The Pie update is a big improvement. Highly recommended.