temp root exploit for sony xperia XZ2/XZ2c/XZ2p/XZ3 with android 10 firmwareGet a root shell with still locked bootloader.
The main thread is located in xz2 forum section here.
implemented magisk setup from temproot
finally got magisk from temp root working including permission asking feature - released as tama-mroot.zip - get it here
exploit sources released
Exploit sources for all temp root releases are available at my github here.
Related
I rooted my phone only so I could use AdAway. So once I update the hosts file with AdAway, technically I can disable root and only enable root once a week or so to re-run AdAway and update the hosts file again correct?
So I want to use Android Pay too... I keep reading that if I disable root in SuperSU it'll work, but my Android Pay flat out rufuses to work.
Only other thing I can think of is disabling OEM Unlock. What does that even do? I'm currently running custom recovey (TWRP).
Does OEM Unlock need to remain enabled? Could that prevent Android Pay working when SuperSU root is disabled?
Thanks
If your root method modified /system/ then you will never be able to use Android Pay as it checks this. Even systemless root stopped working with the August security patch. It's why I didn't root my Note 7 when I got it because I figured this out on the 6P. Sad but true.
Is there a way to un-root and re-root quickly? I disabled root in SuperSU but it doesn't help.
All I really want to do is block ads via the host file with adaway (which is how it works right?) And I can enable root every time I want to update the ad block list.
Thanks for reply
I found a few ways to do it on other sections of this forum but they seemed tedious and I haven't really looked since the August patch flarked everything up for folks who want AP. Sorry. I wish I could answer.
So im trying to get use a certain app that blocks rooted devices and bypass the March security update in order to use mock locations. After some search I found a reddit post in which the op suggest a solution which required magisk. I flashes magisk but when I use root checker I get an error.
Here are some images:
http://imgur.com/FxFqX98
http://imgur.com/LqJY5h9
This is an announcement post about new very fast and reliable temp root exploit for XZ1c/XZ1/XZp phones with latest oreo fw, using recent vulnerability in binder (CVE-2019-2215).
Please check the following thread in Sony Cross-Device General section:
[XZ1c/XZ1/XZp] temp root exploit via CVE-2019-2215 including magisk setup [Locked BL]
It may be used as an alternative to renoroot for TA (drm keys) backup or with implemented script to start and use magisk on still locked phone.
Now also including support for Japan and Canada phones variants.
I've been trying to get the root prompt on the ZTE Blade A7 Prime (Visible version; MediaTek MT6761 A22 Quadcore processor) since the past couple of weeks and have researched down all the possible known and/or related methods discussed in forums here and failed each one of them, due to the following 2 fundamental reasons:
Failure reasons:
1. ZTE Blade A7 Prime has the 'unlock' command(s) removed from the fastboot, viz., 'fastboot oem [unlock | unlock-go | unlock_critical]' are not even implemented and the 'fastboot flashing [unlock | unlock_critical]' commands have been removed. So all the permanent rooting methods, including the Magisk App, fail.
2. There was a firmware auto-upgrade around 2021JUN01 by ZTE. This was the first one since the last upgrade back in ~2020JAN/FEB, when the bootloader-locked 'mtk-su' bootless root method was supposedly working (I had not tried it then). Now its broken and I am getting the following error right at the launch of the 'mtk-su -v' command:
" armv71 machine
Failed critical init step 1 "
The following methods of getting a root prompt DO NOT work anymore:
A. Magisk App method:
Releases · topjohnwu/Magisk
The Magic Mask for Android. Contribute to topjohnwu/Magisk development by creating an account on GitHub.
github.com
This method requires an unlocked bootloader and that is NOT possible due to 1. above.
B. bootloader locked 'mtk-su' bootless root method:
Amazing Temp Root for MediaTek ARMv8 [2020-08-24]
Software root method for MediaTek MT67xx, MT816x, and MT817x! So it's no big secret that not too long ago, I found a way to achieve temporary root on MediaTek chipsets. No preinstalled root solution or device unlock was needed. The tool I...
forum.xda-developers.com
AND
Amazing Temp Root for MediaTek ARMv8 [2020-08-24]
Software root method for MediaTek MT67xx, MT816x, and MT817x! So it's no big secret that not too long ago, I found a way to achieve temporary root on MediaTek chipsets. No preinstalled root solution or device unlock was needed. The tool I...
forum.xda-developers.com
Both these above procedures FAIL because of the failure mentioned in 2. above.
C. The mtk-su easy App method.
ZTE Blade 10 prime root possible?
Is it possible to root the blade 10 prime? I couldn't find a suitable forum thread for it, so sorry if this is the wrong place. If it's the wrong place, is there somewhere I should post this question instead?
forum.xda-developers.com
OR
GitHub - JunioJsv/mtk-easy-su: Get bootless root access with few clicks.
Get bootless root access with few clicks. Contribute to JunioJsv/mtk-easy-su development by creating an account on GitHub.
github.com
This method also fails due to 2. above as its just a wrapper around the 'mtk-su' B. method above.
If anyone knows how to get the root prompt, or even the bootloader unlocked by any method whatsoever, please enlighten.
pity you didn't use flashify or some partition backup software to save your phone firmware before it auto upgraded. then you'd be able to use sp flash tool to revert back to the rootable build
the bootloader isn't unlockable so the above is probably the only way you're getting root back if you can ask someone to provide the stock firmware and scatter file for you
luridphantom said:
pity you didn't use flashify or some partition backup software to save your phone firmware before it auto upgraded. then you'd be able to use sp flash tool to revert back to the rootable build
Click to expand...
Click to collapse
Doesn't flashify require root access to save the phone's firmware? I read a bit now about flashify and that's what I figure it implies/requires. I never had root access. I only tried to get it in 2021JUN and realized that I was late to the game by just about a month.
BTW, any chance the 'mtx-su' rooting script would be updated to root this new firmware update?
luridphantom said:
the bootloader isn't unlockable so the above is probably the only way you're getting root back if you can ask someone to provide the stock firmware and scatter file for you
Click to expand...
Click to collapse
Could you please care to give some pointers as to how to get the prior stock firmware and the "scatter file" and the procedure to downgrade?
TIA.
vla-511411 said:
Doesn't flashify require root access to save the phone's firmware? I read a bit now about flashify and that's what I figure it implies/requires. I never had root access. I only tried to get it in 2021JUN and realized that I was late to the game by just about a month.
BTW, any chance the 'mtx-su' rooting script would be updated to root this new firmware update?
Could you please care to give some pointers as to how to get the prior stock firmware and the "scatter file" and the procedure to downgrade?
TIA.
Click to expand...
Click to collapse
yea, the idea is to backup with flashify once you had a temp root with mtk-su if you were able to get it before. i've done it with some old alcatels to save their fw in case i ever had a forced update
no mtk-su update because the exploit has been patched long ago
you won't be able to get it unless someone else has the prior stock firmware. there's this method of dumping old fw without root that i haven't tried yet
How to use SP Flash tool to backup Mediatek firmware
Update: I suggest you use Wwr tool + SP flash tool for the dump instead of SP Flash tool alone as you can proceed without first having the scatter file and using MTK Droid Tools (which is now outdated
forum.hovatek.com
I'll give that 'wwr-tool + SP flash tool' method a try and comment back.
BTW, my ZTE phone is running Android 9 and hence has the partition A/B architecture. So, is it possible to that the *other* partition, viz., the currently non-active partition still has the older boot and system images?
i would just dump your entire rom and take out the partitions you need with the scatter file. that file gives you a mapping of where every partition is
without an unlocked bootloader id be very careful flashing partitions anywhere even with sp flash tool
Appreciate your responses.
I don't exactly know what you mean by a "scatter file" but I do have the text o/p of the /dev/block/.../by-name directory (I'm very comfortable with Linux, I just don't know Android), if that's what is that scatter file for. Else, please detail how to get that. FWIW, I have read up and understand (to the extent needed) what the 2-partition slot A and B are about. If there're tutes or references about how/what all set of stock images I need to save out from my phone, please detail.
Ofcourse, I'll be very careful with flashing things with the locked bootloader. The only intent of mine is to extract the boot.img for patching via Magisk (which does not need a unlocked bootloader) and get the root prompt. So, again, my interest in 'mtk-su' or any other temp-root methods is just to extract that boot.img kernel image for Magisk.
I'm not yet able to use that SP flash tool method and will give details once I figure out that I'm not doing some basic wrong.
For mods: please move this discussion to the section where it belongs to, if this isn't the section for this
Chainfire's supersu was the best super user app and binary but there is no way to flash it without having a TWRP for these new devices like Samsung galaxy M02 SM-M022G. Chainfire's CF Auto root is also not ported for these devices. Even if i flash that out dated supersu.zip using TWRP on this device, i don't think it will work. So it's painful.
When it comes to magisk systemless root, it is just something that named as a root method or app but it's not. Magisk is just a app for me because that magisk never let us to modify system files or flash things into the system. So it's not a root access tool. That's why i call it useless than saying systemless.
Those old days with chainfire's super su was the greatest. But today, It is sad to say this there is no such perfect method to gain root access as those old days. I'm tired of this. I think we should be together and make some new rooting method for these new devices to gain full root access through it.
Thanks to those who reading this.
I don't have a current Samsung device, though I have used one in the distant past. Magisk IS a root method. The issue you are encountering is the protections put in place for the system partitions. I'm fairly sure Samsung does the same thing as Google does for its Pixel devices in that the system partitions are not only set to read-only, but are also dynamically resized so as to prevent read-only from ever being removed (search for "dedup" flag for more details).
Chainfire's SuperSU stopped being updated because he no longer owned the software. It was sold to a Chinese company that essentially screwed the entire community over with their antics. It wouldn't have mattered anyway, as all the old Superuser apps injected a modified su binary into the system, which cannot be done on newer devices (see above for why). If Chainfire had continued updating SuperSU the app would have eventually had to adopt a systemless root in order to continue being functional.
I won't disagree with your opinion that there is no perfect method for root access, but it isn't because of us, but because of Google ramping up the security of Android. I do agree that there needs to be alternatives to root other than Magisk, as if something catastrophic happens to Magisk itself root will still be possible. However any root solution proposed from this point on will not be able to modify the system, and that is simply something you will have to get used to.
P. S. This really isn't about a Samsung phone so perhaps it should be moved into the Magisk forum, but that's a moderator's call.
I won't buy their android devices anymore.
Strephon Alkhalikoi said:
I don't have a current Samsung device, though I have used one in the distant past. Magisk IS a root method. The issue you are encountering is the protections put in place for the system partitions. I'm fairly sure Samsung does the same thing as Google does for its Pixel devices in that the system partitions are not only set to read-only, but are also dynamically resized so as to prevent read-only from ever being removed (search for "dedup" flag for more details).
Chainfire's SuperSU stopped being updated because he no longer owned the software. It was sold to a Chinese company that essentially screwed the entire community over with their antics. It wouldn't have mattered anyway, as all the old Superuser apps injected a modified su binary into the system, which cannot be done on newer devices (see above for why). If Chainfire had continued updating SuperSU the app would have eventually had to adopt a systemless root in order to continue being functional.
I won't disagree with your opinion that there is no perfect method for root access, but it isn't because of us, but because of Google ramping up the security of Android. I do agree that there needs to be alternatives to root other than Magisk, as if something catastrophic happens to Magisk itself root will still be possible. However any root solution proposed from this point on will not be able to modify the system, and that is simply something you will have to get used to.
P. S. This really isn't about a Samsung phone so perhaps it should be moved into the Magisk forum, but that's a moderator's call.
Click to expand...
Click to collapse
Yes. that's the truth.