Develop Bugs

[Q] Is there a way to root the S3 via ADB script?

So, after messing around with trying to root the S3 via adb scripts for a while, trying to get fastboot working, I came across several sources that the S3, and Samsung altogether, does not use fastboot. (I didn't know this, as I've never owned a Samsung phone before.)
Considering the lack of fastboot, is there anyway to adb push the su and busybox binaries and root the phone via adb scripts? I've tried, but as you all are aware, I'm sure, the adb remount script is a forbidden operation.
I have a Virgin Mobile (VM) S3, same model number SPH-L710. The reason I want to root via ADB is to avoid tripping the flash counter, as ODIN is required for every root method, and I'm not sure if Triangle Away is compatible with the VM bootloader. I am also reluctant to use CF-Autoroot from XDA, as it contains a Sprint boot.img, and I don't want to mess up my phone.
Any help would be appreciated.

Try this
http://forum.xda-developers.com/showthread.php?t=2252248
Yes, in s4 forums but it has worked for a large large range of Qualcomm devices

CNexus said:
Try this
http://forum.xda-developers.com/showthread.php?t=2252248
Yes, in s4 forums but it has worked for a large large range of Qualcomm devices
Click to expand...
Click to collapse
Thank you very much for this. What's the likelihood of bricking my phone if this exploit doesn't work? After looking at the run script, I know it's just pushing the binaries to temp directories. But, I already replaced my phone under store warranty once, and won't be able to do it twice.

Higgs_Boson said:
Thank you very much for this. What's the likelihood of bricking my phone if this exploit doesn't work? After looking at the run script, I know it's just pushing the binaries to temp directories. But, I already replaced my phone under store warranty once, and won't be able to do it twice.
Click to expand...
Click to collapse
None. If it fails, nothing bad will happen
Speaking from experience here

CNexus said:
None. If it fails, nothing bad will happen
Speaking from experience here
Click to expand...
Click to collapse
I guess I'll join the club. Exploit failed. There was a minor incremental update to the VM S3 recently. Maybe, they patched that loophole?

VM is Sprint there should be no difference. You can flash a costom recovery then just flash the team epic root file. It's not going to touch your bootloader or anything. Triangle away should work spot on for the VM device as well.
Remember search is your best friend, Have a great day!

edfunkycold said:
VM is Sprint there should be no difference. You can flash a costom recovery then just flash the team epic root file. It's not going to touch your bootloader or anything. Triangle away should work spot on for the VM device as well.
Remember search is your best friend, Have a great day!
Click to expand...
Click to collapse
Thank you for your reply. I would have searched, but I didn't really know where to begin. But, your reply has me pondering... If I have the stock recovery.img, can I flash via odin after unrooting and triangle away to restore to stock?
Again, sorry for adding clutter.
EDIT: Kind of answered my own question in a sense, as the mere flash of stock recovery via ODIN would trip flash counter... conundrum.

Would odin trip or brick anything with 4.2.2?
Would odin trip or brick anything with 4.2.2? Now?? Know there has been some issues with KNOX, My son's phone just cracked, and he cant use the screen and I want to wipe/install factory rom before I sell it.

A new thread for some knox only question. Maybe in thisvone place for reference. Beca

So... This knox @$€&s.
Please confirm the following so that people will be confident in upgrading.
1. You can rwmove it. It is not still stealthy hidden in background to shaft you.
2. Once removed you can do whatever you want to the phone like before.
Anymore questions.

Knox locked bootloader not only app u can uninstalled it what ever u like
Sent from my GT-N7100 using Tapatalk

This is one point of confusion I had. Various post say its a bootloader but then if you google it on the samsung supports page it details a way to dsiable it in a similar way as one would disable an app.
If its a bootloader aswell, would it mean a extra step to flash a compatible booloader as well as disabling the app.
Is there a guide on how to do all this, other than that vroot stuff which is said to be spyware.
It is everytime a new ota comes out we talk about rooting. Why cant they just give us root for everyone.

emgluon said:
So... This knox @$€&s.
Please confirm the following so that people will be confident in upgrading.
1. You can rwmove it. It is not still stealthy hidden in background to shaft you.
2. Once removed you can do whatever you want to the phone like before.
Anymore questions.
Click to expand...
Click to collapse
The way I understand it:
once you have KNOX and get rid of it, you will NEVER be able to use KNOX again
Hope this is correct?

http://www.samsung.com/global/business/mobile/solution/security/samsung-knox

[Q] +rep Help With Sprint Galaxy S3 SPH-L710 Tried to Root!?

Hey Guys,
I have read a burch of different threads about my problem and nothing has seemed to help or it was too advanced for me to understand. So here it is:
I tried to root my S3 and at first Oden 307 said the root failed, then i was able to try a different file and it said pass. but now when it boots up it gets stuck on the samsung galaxy s3 screen. I can still get into download mode and recovery mode. I have already tried the factory reset in recovery mode. Please help I have only had this phone a month. At this point I dont even care rooted or not I just want my phone back lol
Thanks for any help
+rep

garrett.burn said:
Hey Guys,
I have read a burch of different threads about my problem and nothing has seemed to help or it was too advanced for me to understand. So here it is:
I tried to root my S3 and at first Oden 307 said the root failed, then i was able to try a different file and it said pass. but now when it boots up it gets stuck on the samsung galaxy s3 screen. I can still get into download mode and recovery mode. I have already tried the factory reset in recovery mode. Please help I have only had this phone a month. At this point I dont even care rooted or not I just want my phone back lol
Thanks for any help
+rep
Click to expand...
Click to collapse
First you need to tell us which build you were on, and then what build did you try flashing...
GS4 Stock Rooted MJA 4.3,Philz Touch CWM,HotSpot Mod,Transparent Weather Widget...

BIGSAMDA1st, can I call you "Sam?" Your post count would indicate you've got more experience than I do so I thought I'd ask: aren't all the Sprint S3s on the MK3 build by default? Or are there inconsistencies within the Sprint-branded line of S3s?
Oh man. At least you've still got access to the download console. Can you also access the recovery console? Also, sounds like you're new to rooting (I could be wrong, just going on your comment about certain techniques being too advanced for you to wrap your head around). If you're new, you really picked both one hell of a time and one hell of a phone to cut your teeth on. Samsung's official 4.3 update (which, for all I know, is shipped standard now) comes with the KNOX bootloader which is, in certain situations, basically a bomb designed to ruin your week... and your phone. In particular, it has a REALLY nasty reaction to attempts at downgrading to the old (and much happier) bootloader. It also seems to really hate the older versions of TriangleAway (might hate the new one too, for all I know. I won't touch it anymore). It has other ways to make you hate life as well, but those are two big ones.
How to tell if you have the KNOX bootloader: Did you install the official OTA update to 4.3? If so, you've got the bomb. Did your phone come with 4.3 right out of the box? If so, you've probably got the bomb. Are you still unsure? Look in your Download console for red text that says something like "Warranty Void Bit" or anything that mentions KNOX. If so, you guessed it, you've got the bomb.
If you have the Warranty Void thing listed, then check to see: is it a 0, or is it a 1? If it's a zero, don't do anything else with trying to flash your ROM or root the device until we try some things in your Recovery Console (assuming it's also accessible). Once that flag is tripped, there's no going back... Not a huge deal if it's just a personal device, assuming you're not still under warranty... If you are, well, don't trip that bugger if you can avoid it.

FallenZen said:
BIGSAMDA1st, can I call you "Sam?" Your post count would indicate you've got more experience than I do so I thought I'd ask: aren't all the Sprint S3s on the MK3 build by default? Or are there inconsistencies within the Sprint-branded line of S3s?
Oh man. At least you've still got access to the download console. Can you also access the recovery console? Also, sounds like you're new to rooting (I could be wrong, just going on your comment about certain techniques being too advanced for you to wrap your head around). If you're new, you really picked both one hell of a time and one hell of a phone to cut your teeth on. Samsung's official 4.3 update (which, for all I know, is shipped standard now) comes with the KNOX bootloader which is, in certain situations, basically a bomb designed to ruin your week... and your phone. In particular, it has a REALLY nasty reaction to attempts at downgrading to the old (and much happier) bootloader. It also seems to really hate the older versions of TriangleAway (might hate the new one too, for all I know. I won't touch it anymore). It has other ways to make you hate life as well, but those are two big ones.
How to tell if you have the KNOX bootloader: Did you install the official OTA update to 4.3? If so, you've got the bomb. Did your phone come with 4.3 right out of the box? If so, you've probably got the bomb. Are you still unsure? Look in your Download console for red text that says something like "Warranty Void Bit" or anything that mentions KNOX. If so, you guessed it, you've got the bomb.
If you have the Warranty Void thing listed, then check to see: is it a 0, or is it a 1? If it's a zero, don't do anything else with trying to flash your ROM or root the device until we try some things in your Recovery Console (assuming it's also accessible). Once that flag is tripped, there's no going back... Not a huge deal if it's just a personal device, assuming you're not still under warranty... If you are, well, don't trip that bugger if you can avoid it.
Click to expand...
Click to collapse
First thing is THANK YOU and as i am a noob, where is the +rep button for you? Second and maybe you could help with this, since I posted this I was able to flash back to the official 4.3 :/ so I got my phone back but made my life harder in the process...I got clockwork recovery working and I was able to flash KNOX app remover .zip and I flashed team epic v5..it said everything was installed I rebooted and Im stll not rooted..Supersu says something about not having binary something another and root checker says I dont have root access. According to the step by step I followed I should be rooted :/ Any advise other than nex time dont upgrade to 4.3? lol
-Thanks Bro

BIGSAMDA1ST said:
First you need to tell us which build you were on, and then what build did you try flashing...
GS4 Stock Rooted MJA 4.3,Philz Touch CWM,HotSpot Mod,Transparent Weather Widget...
Click to expand...
Click to collapse
Im not quite sure what you are looking for but it says "Build Number JSS15J.L10VPUCMK3" And its a GS3 4.3 Model SPH-L710
Thanks for the reply

Hey mate,
I'm not familiar with the method of rooting 4.3 that you used. I'm glad to hear you got around the soft brick though! As far as running a rooted 4.3, I can tell you that what I wound up using was CNexus's pre-rooted ROM and the various fixes (s)he's compiled here:
http://forum.xda-developers.com/showthread.php?t=2541900
I've also shared my personal installation notes as well as hosted the files that worked for me on my Google Drive. That information is here:
http://forum.xda-developers.com/showthread.php?t=2560478&page=3
You shouldn't need the files I've got hosted on my Drive though... The ones CNexus has assembled in that thread should work just fine (that's where I got most of them, after all).
I cannot speak to whether or not any of the steps in my notes will trip your KNOX Warranty Void bit since I tripped mine (and damn near hard-bricked my phone) before I even knew what the KNOX bootloader was, let alone that Samsung had gone ahead and installed it for me.
I hope that helps.
-Zen

Root for AT&T N920A.

I know this is not the right place to ask. I need to know. Do we have developers working on root for this model?
Sent from my SAMSUNG-SM-N920A using Tapatalk

Yes and No...still having booloader issues!
And yes wrong place...this post belongs in Q&A!

We need firmware release so we can restore after. Tell then no one really wants to try because just messing with options in recovery disables the phone.
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=N920

Will firmware release happen for our model?
Sent from my SAMSUNG-SM-N920A using Tapatalk

amwbt said:
Will firmware release happen for our model?
Sent from my SAMSUNG-SM-N920A using Tapatalk
Click to expand...
Click to collapse
AT&T has to because it's open source. They however can keep it for like 6 months to a year or something. With the cracks down on root AT&T and Verizon it might be a long wait with the locked bootloader saidly and we need a custom kernel to get root and we can't flash kernels with locked bootloader. Just watch the website I linked and when we get our firmware then we can possibly expect root and someone to try and unlock the bootloader. I'm not sure if there is a "anti root" in the AT&T phone because I'm not going to lose my phone. I already had to return for warranty due to defective screen and spen. Look at how long it takes the new iPhone software to get jailbroken.

TechNyne66 said:
AT&T has to because it's open source. They however can keep it for like 6 months to a year or something. With the cracks down on root AT&T and Verizon it might be a long wait with the locked bootloader saidly and we need a custom kernel to get root and we can't flash kernels with locked bootloader. Just watch the website I linked and when we get our firmware then we can possibly expect root and someone to try and unlock the bootloader. I'm not sure if there is a "anti root" in the AT&T phone because I'm not going to lose my phone. I already had to return for warranty due to defective screen and spen. Look at how long it takes the new iPhone software to get jailbroken.
Click to expand...
Click to collapse
Needing a custom kernel for root is actually a false statement. A custom kernel is not needed to get root for this device. The AT&T S6 for example got root without the bootloader being unlocked or a custom kernel.
Which leads me to the bootloader being unlocked. There is probably a 100% chance that we don't get an unlocked bootloader for this device. It's extremely difficult and there hasn't been an AT&T device in a very long time that has had it unlocked.
And since we would need that for a custom kernel and aosp roms, those things will probably never happen unfortunately.
The very best we can hope for is root and a recovery like FlashFire like the S6 got. And even then we would be limited to only Touchwiz roms.

We will more then likely need custom kernel with permissive set. AT&T and Verizon are saying there's anti root and that would be in the kernel and would need to be killed. If we do obtain root with stock kernel the phone is said to not boot.
http://www.idigitaltimes.com/samsun...d-features-att-and-verizon-models-wont-468357

It is one of those things where they're will be zero development until some Uber-geek cracks the bootloader issue. Then there will be 20 devices or more that will be released from developer quarantine...
Sent from my SAMSUNG-SM-N920A using Tapatalk

AOSP will never happen without unlocked bootloader.
I do have hope for a root such as Ping Pong. Honestly, with how clean these phones ship nowadays, all I want root for is to replace emojis with iOS style throughout the system so I can grasp more context from my text messages lol. Also, LCD Density change would be nice too.

Is there anybody working on root for this phone?
Sent from my SAMSUNG-SM-N920A

Have no need for root either except for xposed. Only want root for like 4 xposed modules.. Otherwise this device is nearly perfect

I need to change muy dpis
Enviado desde mi GT-N7100 usando Tapatalk 2

Planning on getting this phone today..
I have rooted and installed ROMs on almost every phone I have owned and really hope that eventually a safe way of rooting is obtained.

jellybear456 said:
a safe way of rooting
Click to expand...
Click to collapse
heh. I know what you mean, but I'm grumpy this morning so I'm going to pick this apart anyway.
If root is found on a boot loader locked device, it's usually via an exploit... Basically, most rooting mechanisms are similar to computer viruses. Sure, most of them are controlled viruses, but they exploit and expose security holes that something malicious could use just as easily. Instead of copying a "su" binary, that same exploit could install something that uploads your private data somewhere, or monitors the android keypad entry when you type credit card numbers, etc.
Don't get me wrong... I don't think that most of the root exploits here on XDA are doing that... but any time you use one, you should seriously consider that it might be. It would only take a single mishap to completely destroy your life outside of XDA.
To that end, you should REALLY pay attention to the entire filesystem both before and after an exploit is applied. See what files, if any, are modified and/or added. If an exploit adds a "su" binary (which most of them do), try to replace that "su" binary with one from a trusted source BEFORE you put personal data on your phone. Never "root" a device that has any data on it.
Remember that no matter what precautions you might be taking, a rooted device has a lower level of security than one that isn't. Not only have you added a "simple" root mechanism, but you likely had to defeat the security mechanisms that are part of the security enhanced linux kernel. (There are exceptions to this, of course, but I've never seen the exceptions here on XDA or any other sites that aren't focused on security.)
If this message made you a bit more paranoid, that's a good thing. You should be paranoid about it. I'm not saying not to do it, and I'm certainly not saying that XDA is overflowing with malicious code...

garyd9 said:
heh. I know what you mean, but I'm grumpy this morning so I'm going to pick this apart anyway.
If root is found on a boot loader locked device, it's usually via an exploit... Basically, most rooting mechanisms are similar to computer viruses. Sure, most of them are controlled viruses, but they exploit and expose security holes that something malicious could use just as easily. Instead of copying a "su" binary, that same exploit could install something that uploads your private data somewhere, or monitors the android keypad entry when you type credit card numbers, etc.
Don't get me wrong... I don't think that most of the root exploits here on XDA are doing that... but any time you use one, you should seriously consider that it might be. It would only take a single mishap to completely destroy your life outside of XDA.
To that end, you should REALLY pay attention to the entire filesystem both before and after an exploit is applied. See what files, if any, are modified and/or added. If an exploit adds a "su" binary (which most of them do), try to replace that "su" binary with one from a trusted source BEFORE you put personal data on your phone. Never "root" a device that has any data on it.
Remember that no matter what precautions you might be taking, a rooted device has a lower level of security than one that isn't. Not only have you added a "simple" root mechanism, but you likely had to defeat the security mechanisms that are part of the security enhanced linux kernel. (There are exceptions to this, of course, but I've never seen the exceptions here on XDA or any other sites that aren't focused on security.)
If this message made you a bit more paranoid, that's a good thing. You should be paranoid about it. I'm not saying not to do it, and I'm certainly not saying that XDA is overflowing with malicious code...
Click to expand...
Click to collapse
Yes, I do realize that rooting a device often does take advantage of any security holes found, and I also realize that there is no, in the literal sense, "safe" way to root a phone considering it is exploiting security flaws. Personally, I have never had such an issue of having something malicious on my phone after rooting(at least not to my knowledge)
By "safe" I meant a way to root without having the phone locked down and unable to boot. I am not worried about AOSP ROMs as I am completely content with using an AOSP themed launcher. But I would love to be able to uninstall bloat, ad block, greenify/amplify etc.
But I do appreciate your input on the subject as I have never put much thought into the security of the phone before and after root, or replacing the su binary with one from a trusted source or checking if it is from a trusted source.
It is also great to see someone else on the forums from Pittsburgh:highfive:

I have n920a. Please share the path to rooting this phone.

Cuando se podra rootear el dispositivo Samsung Galaxy Note 5 N920A?

Possible way to root?
I don't know if this would work. But what about flashing one of those new root.tar eng kernal then manually pushing the survey binary and super apk into phone then reflash stock kernal. I'm just intermediate at all this stuff. So idk if it would work or if this is stupid.

vahalaru said:
I don't know if this would work. But what about flashing one of those new root.tar eng kernal then manually pushing the survey binary and super apk into phone then reflash stock kernal. I'm just intermediate at all this stuff. So idk if it would work or if this is stupid.
Click to expand...
Click to collapse
It's possible, after flashing the eng-boot do this:
adb shell mount -o rw,remount /system
Then manually push SuperSU to system, or install King/Kingo Root
Just be careful this is still a tethered root.

I have posted a teathered root process that Michael31 found from the AT&T s6 section. It works and you can get reboots with hoot booting. The locked bootloader causing issues with the kernel needed add commands on hard boot to change to permissive mode. Few of us have tried to fix this issue and haven't found anyway yet.

[G975U] DISCUSSION on Root/BL Unlock

Hello!
I just picked up a SM-G975U to play with.
Before you get your hopes up, Root and BL Unlock is NOT POSSIBLE on USA variants at this time!
I created this discussion so those willing and able can brainstorm with me with hopes of achieving root or unlock.
Now I wouldnt be creating this thread if I didnt think it was possible or without some form of teasers.
Dont ask me how but flashing combo is possible. I cannot and will not share the method/files as they are not mine to do so.
I noticed on combo this time around if you toggle oem unlock there is a tag that says "OEM Unlocked" when you enter download mode. When you long press vol up it also takes you to the unlock screen. After pressing vol up to accept it reboots and wipes data.
I am not sure the steps after this but so far havent been successful in flashing modified firmware. It is possible this is just a visual but I feel this is closer than any past devices ive owned. Anyone with know how on where the flash lock bit is stored would be of great help.
I should be able to flash some partitions after modifying them such as vbmeta or dtbo etc. to hopefully unlock the BL if I only knew what to modify.
This is not a how-to or dev thread so dont expect me to share any files. It is merely to discuss how the BL is unlocked on SD S10 devices to hopefully lead to an unlock down the road.
To my understanding, toggling the oem unlock sets a bit that tells the system that oem unlocking is allowed as well as disables security such as frp. This persists across reboots and firmware flashes etc.
After that, in DL mode there is a tag that also says device is oem unlocked. At this point you need to actually hold vol up to actually oem unlock the device.
After this I am unclear. We should be able to flash custom firmware at which verified boot state will be orange and the flash lock bit is 0. In my case, verified state is still green and flash lock is still 1 and flashes fail unless officially signed.
I know the dtbo is related to verity and vbmeta to verified boot. Vaultkeeeper to rlc. Then you have metadata, a few "keys" related partitions etc etc.
What is everyones take on this? Any ideas/suggestions are greatly appreciated in advance!

some screens

Welcome aboard! Appreciate all your work from the Note9! Kudos

Hey OP I know you from somewhere.... epic touch 4g forums?? I cant remember what device you had but anyways great to see you here. You think maybe chatting with the people that got root on enoxy may point you in the right direction. I know its enoxy and we got SD which is different but maybe a shot?*

krazy_smokezalot said:
Hey OP I know you from somewhere.... epic touch 4g forums?? I cant remember what device you had but anyways great to see you here. You think maybe chatting with the people that got root on enoxy may point you in the right direction. I know its enoxy and we got SD which is different but maybe a shot?*
Click to expand...
Click to collapse
haha I did own an epic 4g touch back in the day.. was more lurking way back then but who knows lol
for an update, no luck yet lol. been messin with combo on g975u but no easy way in yet. I have managed to change some stuff on efs and other partitions.
the binary checks sammy implemented starting in the s9 devices sucks.
I am still looking though.

i now have uid 1000 access.. with how selinux contexts and ownership is in pie tho i can only access stuff that is mounted rw and system user/group which so far is cache, carrier, efs, data, qdmdbg and various files spread throughout.
dev block wise i can access persistent, and steady partitions.. other than that i can write to the ones that are already mounted.
uid 1000 is a step in the right direction tho... beats shell 2000 uid

not to mention the method for uid 1000 should be there on any sammy device with combo firmware lol

Hi is there anything i can do to help at all cause if so i am willing i have found some stuff online as well posted it in a different post but can share it here if u are interested

I am definitely interested in learning more and being a part of this convo fellas! I have been in the Bus for at least 8 years now and want to learn the next step which is how to navigate around the S10 S10+ Security Features. Anyone mind showing me a few ropes please?

elliwigy said:
not to mention the method for uid 1000 should be there on any sammy device with combo firmware lol
Click to expand...
Click to collapse
This is similar to the techniques used to write imei on cpid phones. Can you share the scripts? You use for temp root.

Chibisuke1219 said:
Hi is there anything i can do to help at all cause if so i am willing i have found some stuff online as well posted it in a different post but can share it here if u are interested
Click to expand...
Click to collapse
Any good reads is welcome!

Vell123 said:
This is similar to the techniques used to write imei on cpid phones. Can you share the scripts? You use for temp root.
Click to expand...
Click to collapse
There is no scripts lol. I can't share the method or files to get to combo.
An update however, I noticed with system prices you can access the efs folder.
I found a way to pass kernel cmdline to the bootloader to set ro props.
I am still messing with it and need an rma as I messed up my efs and can't get cell service now lol

Is S10+ Snapdragon will get root / magisk in anytime soon?
Sent from my MI 8 using Tapatalk

Vuska said:
Is S10+ Snapdragon will get root / magisk in anytime soon?
Click to expand...
Click to collapse
Who knows lol. Similar to N9 seems like I'm only one working on it lol
Currently stuck In a boot loop as i found a exploit for kernel cmdline injection and set ro.secure=0 which it didn't like. I didn't read the info sammy posted on new securities on s10 lineup around additional security around RKP and Knox Verified Boot. It is not the same as say pixel devices as they added onto it

I was told in the other thread that what i had found was more than likely BS but if u still what the link i can give it also am still willing to use my phone as some help if u need it
Edit: switching phone sry guys but keep workin hard i will keep looking for new s10 + finds even though i wont have it and ill keep u updated with whatever i find

Try and flash G97500 I know on older devices it would boot if you used flash fire not sure if you can dd it or not Odin probably wont like it but worth a try just make a system tar and flash it but you would also need that combo firmware.

I'm rockin' the s10+ (am g975u)....
I want root!
I will make pwmage!
Stay tuned!

Ph3n0x said:
Try and flash G97500 I know on older devices it would boot if you used flash fire not sure if you can dd it or not Odin probably wont like it but worth a try just make a system tar and flash it but you would also need that combo firmware.
Click to expand...
Click to collapse
wont work.. secure check fail since signed with dif keys

elliwigy said:
i now have uid 1000 access.. with how selinux contexts and ownership is in pie tho i can only access stuff that is mounted rw and system user/group which so far is cache, carrier, efs, data, qdmdbg and various files spread throughout.
dev block wise i can access persistent, and steady partitions.. other than that i can write to the ones that are already mounted.
uid 1000 is a step in the right direction tho... beats shell 2000 uid
Click to expand...
Click to collapse
Since you have UID 1000 access, wouldn't you be able to dump the partitions off the phone?
If so, why not dump each of the writable partitions and then compare checksums/bits before and after doing the unlock?

I have the g975u and am willing to help however