Galaxy S7 (SM-G930VL) - Samsung Galaxy S7 (Exynos) ROMs, Kernels, Recoveri

I just picked up this phone with the intention of using it mainly for monitoring car data with Forscan and the Torque app. It will never be activated with a carrier.
It’s an S7 (SM-G930VL) with Android 8.0. I’ve been messing with it for hours in an attempt to get TWRP on it so I can load Lineage.
I’m seeing mixed information on whether or not this can be done. Plenty of ROMs available, root information and guides for installing TWRP. Also several threads stating this phones boot loader is locked tight.
Can anyone tell me what’s different about this particular S7, that’s giving me so many problems?
Thanks!

At this point I’ve spent way too much time on this. Gave up on TWRP and am just trying to get root.
It’s a snapdragon variant, usb debug is on, oem unlock on, tried various cables, computers, versions of Odin etc. I attempted to go from VL to U. Tried all the root tutorials. No matter what, Odin fails to write.
I think I’m going to give up on this phone. Luckily it was only $60.

Did you have OEM unlocked adb allow USB debugging in developer options?

acadiantoast said:
Did you have OEM unlocked adb allow USB debugging in developer options?
Click to expand...
Click to collapse
Yeah.

Related

Droid Turbo 2 Lets figure out how to get root

This thread is intended for the Droid Turbo 2. For the lucky Moto X Force owners, this thread shouldn't apply to you.
I think there are some brilliant minds lurking on this forum and I'm hoping there could be some research done to "encourage" the possibility of attaining root and boot loader access on our Droid Turbo 2 Devices.
My approach here is to establish a collection of "Zero Day Bugs". Security flaws found in our devices that would put our OS as risk. As far as I can tell, Google keeps a record database and the media likes to talk about zero-day discoveries. Of course these bugs need to be timely so zero-day flaws found in 2014 or early 2015 likely were patched with the launch of the DT2.
For example, below is a link to a Zero-Day exploit that elevates the privileges of an app. Can something like this be used? Who has the technical expertise to replicate such an exploit? This thread is to talk about these things.
http://perception-point.io/2016/01/...f-a-linux-kernel-vulnerability-cve-2016-0728/
Hopefully this will spur up some traction and help get us root and bootloader.
Exploit found for Turbo 2 that can grant root access
Given the widespread impact of this exploit, it is likely other device owners are going to try to implement this exploit as well. Please post here if you find any implementations for other devices as it may be usable for the Turbo 2.
It has been confirmed that Quadrooter can exploit the Turbo 2: http://www.zdnet.com/article/quadrooter-security-flaws-affect-over-900-million-android-phones/
Four vulnerabilities (CVE-2016-2059, CVE-2016-2504, CVE-2016-2503, CVE-2016-5340)
And just an FYI:
"ALLOW OEM UNLOCKING" DOES NOTHING ON THE DROID TURBO 2
Click to expand...
Click to collapse
windraver said:
This thread is intended for the Droid Turbo 2. For the lucky Moto X Force owners, this thread shouldn't apply to you.
I think there are some brilliant minds lurking on this forum and I'm hoping there could be some research done to "encourage" the possibility of attaining root and boot loader access on our Droid Turbo 2 Devices.
My approach here is to establish a collection of "Zero Day Bugs". Security flaws found in our devices that would put our OS as risk. As far as I can tell, Google keeps a record database and the media likes to talk about zero-day discoveries. Of course these bugs need to be timely so zero-day flaws found in 2014 or early 2015 likely were patched with the launch of the DT2.
For example, below is a link to a Zero-Day exploit that elevates the privileges of an app. Can something like this be used? Who has the technical expertise to replicate such an exploit? This thread is to talk about these things.
http://perception-point.io/2016/01/...f-a-linux-kernel-vulnerability-cve-2016-0728/
Hopefully this will spur up some traction and help get us root and bootloader.
Click to expand...
Click to collapse
Could be used on a Terminal Simulator and get the bootloader lock transistor to break safety.
But honestly, my first thought would be to force into QHSUSB_DLOAD and somehow inject all XT1580 stuff to get it recognized as such.
I have installed one-click root (I got it through another site, not from them) and it sometimes says failed to root, but other times, it goes through the process, says it's done and to reboot, but when rebooting it does not have root. I have tried running other apps, like King Root, or Root Genius, or half a dozen others to get it to root, after getting one-click to say it has rooted it. Not sure if this will help or not, and honestly, I'm to the point, I'm ready to give up and do something different. I WILL NEVER buy another Verizon phone, ever! I may not drop them as a carrier, but I wont be keeping their crappy locked junk.
brannonwj said:
rant
Click to expand...
Click to collapse
From what I understand, this thread is for brainstorming. Not ranting about how you didn't do your research.
not a rant
Techn0Luigi said:
From what I understand, this thread is for brainstorming. Not ranting about how you didn't do your research.
Click to expand...
Click to collapse
That wasn't a rant about how I didn't do any research. IT was a what I did that might lead to someone having an idea of how it might help.
Don't be a jerk.
mr_verystock said:
Could be used on a Terminal Simulator and get the bootloader lock transistor to break safety.
But honestly, my first thought would be to force into QHSUSB_DLOAD and somehow inject all XT1580 stuff to get it recognized as such.
Click to expand...
Click to collapse
Can you explain the QHSUSB_DLOAD more?
QHSUSB_DLOAD (Qualcomm High-Speed USB Download Mode)
Man... It's been a while. Haven't had fun with any of this.
The bootloader starts and checks everything. There are 3 stages of the bootloader. 1 starts TZ, 2 something else, by 3 everything is booted and then it loads fastboot. QHSUSB_DLOAD is baked into the hardware. If the bootloader file is missing (.sbn) or doesn't match magic key (.hex) then booting fails. Most of the stuff turn off except for the CPU (in this case, ARM Cortex A53 and A78) and communications (USB interface), and it is stuck at QHSUSB_DLOAD. From there, you can load anything raw into the phone. So you can bring over the partitions that is used to boot (so in this case, you may be able to bring over something that damages TZ transistor, thereby unlocking bootloader). What you bring over exactly for the bootloader unlock, it hasn't been discovered even with the original Moto X (2013). However, that's how root is done. Bring over the blocks of the OS that contains the root blocks, and the bootloader doesn't know a thing.
Bring over a valid .sbn and .hex file and forcing the phone CPU to reset would bring the phone back from the missing bootloader, and then fastboot loads, followed by the OS (if the Linux core is present, the boot sector there, but that's another topic).
They rooted the phone in China , they sell it rooted!! Here is the link
m.intl.taobao.com/detail/detail.html?id=521809261322&spm=0.0.0.0
mr_verystock said:
QHSUSB_DLOAD (Qualcomm High-Speed USB Download Mode)
Man... It's been a while. Haven't had fun with any of this.
The bootloader starts and checks everything. There are 3 stages of the bootloader. 1 starts TZ, 2 something else, by 3 everything is booted and then it loads fastboot. QHSUSB_DLOAD is baked into the hardware. If the bootloader file is missing (.sbn) or doesn't match magic key (.hex) then booting fails. Most of the stuff turn off except for the CPU (in this case, ARM Cortex A53 and A78) and communications (USB interface), and it is stuck at QHSUSB_DLOAD. From there, you can load anything raw into the phone. So you can bring over the partitions that is used to boot (so in this case, you may be able to bring over something that damages TZ transistor, thereby unlocking bootloader). What you bring over exactly for the bootloader unlock, it hasn't been discovered even with the original Moto X (2013). However, that's how root is done. Bring over the blocks of the OS that contains the root blocks, and the bootloader doesn't know a thing.
Bring over a valid .sbn and .hex file and forcing the phone CPU to reset would bring the phone back from the missing bootloader, and then fastboot loads, followed by the OS (if the Linux core is present, the boot sector there, but that's another topic).
Click to expand...
Click to collapse
I'd like to see a Verizon phone rooted. That is the version I have and most in the U.S. have as well.
Sent from my XT1585 using Tapatalk
I finally updated my Turbo 2, losing hope on a root exploit.
Then I read this.
http arstechnica dot com/security/2016/06/godless-apps-some-found-in-google-play-root-90-of-android-phones (sorry, longtime lurker, just registered, can't post links)
It might lead to nothing, but maybe for those who haven't updated an exploit can be found with the godless apps?
The godless app is a hack that steals your data. If it did work, (which from what I understand it only works on 5.1 and below) you'd risk your personal and financial data being stolen and sold.
Alaadragonfire said:
They rooted the phone in China , they sell it rooted!! Here is the link
m.intl.taobao.com/detail/detail.html?id=521809261322&spm=0.0.0.0
Click to expand...
Click to collapse
Any luck in contacting the seller on how it is rooted?
I'm sure they use stolen Lenovo/Motorola factory development "engineering" software which unlocks the bootloader. It's the same phone as the Moto X Force but with locked down bootloader.
There were similar Droid Turbo phones being sold with unlocked bootloader a year ago in China, months before the Sunshine exploit was found.
gizzardgulpe said:
I finally updated my Turbo 2, losing hope on a root exploit.
Then I read this.
http arstechnica dot com/security/2016/06/godless-apps-some-found-in-google-play-root-90-of-android-phones (sorry, longtime lurker, just registered, can't post links)
It might lead to nothing, but maybe for those who haven't updated an exploit can be found with the godless apps?
Click to expand...
Click to collapse
I dont have my dt2 but link to one of the apps in case someone wants to try
https://apkpure.com/summer-flashlight/com.foresight.free.flashlight?hl=en
I'm usually just lurking here and grab Roms and exploits when they pop up, but I have something to add. Has anyone unlocked the developer settings? There's a toggle named 'oem unlocking' with a subtext of 'allow the bootloader to be unlocked'. Does this mean the bootloader can be unlocked? Last Verizon phone I had was a g3 and only way to gain a faux unlock was to use 'bump' to install twrp. Could this be possible with the turbo 2? I'm not a coder or anything, but just trying to add to the think tank here
This setting does nothing.
damkol said:
This setting does nothing.
Click to expand...
Click to collapse
There really should be a sticky saying "ALLOW OEM UNLOCKING DOES NOTHING ON THE DT2"
Droid turbo 2
After spending countless hours trying to unlock my bootloader to root my phone I'm at an impasse I've been told the Verizon and at&t models arnt able to be unlocked I will keep trying to get around this to root and install custom roms if anyone has any tips
Rhydenallnight said:
After spending countless hours trying to unlock my bootloader to root my phone I'm at an impasse I've been told the Verizon and at&t models arnt able to be unlocked I will keep trying to get around this to root and install custom roms if anyone has any tips
Click to expand...
Click to collapse
Crack the case, hook up some leads (microscope) and dump the memory for the boot loader is the only thing I can think of. Don't know if the that is even possible with that memory. It's probably integrated with other stuff.
Sent from my XT1585 using Tapatalk
Update: Oh yeah, it's encrypted. Guess that won't work.
Found something. Does anyone know if this vulnerability exists on the Droid Turbo 2?
CVE-2015-1805
http://www.computerworld.com/articl...itical-android-root-vulnerability-itbwcw.html
There is a proof of concept out there. Has anyone tried it?
https://github.com/dosomder/iovyroot

Recover from hard brick with locked bootloader - Fairy tale?

Hello guys!
After much research on the internet about unbrick for Moto Z2 Force, after many forums, tutorials, tools, blankflash, etc., I've came to the conclusion: I've not found anyone who has managed to recover a Moto Z2 Force from a hardbrick with a locked bootloader.
Many are hopeful that it is possible to do so, but I believe it is no more than a fairy tale.
If you succeeded, please help others to get it too.
andrecesarvieira said:
Hello guys!
After much research on the internet about unbrick for Moto Z2 Force, after many forums, tutorials, tools, blankflash, etc., I've came to the conclusion: I've not found anyone who has managed to recover a Moto Z2 Force from a hardbrick with a locked bootloader.
Many are hopeful that it is possible to do so, but I believe it is no more than a fairy tale.
If you succeeded, please help others to get it too.
Click to expand...
Click to collapse
My second Z2 kept bricking and locking itself. My only saving Grace was I was able to unlock it since I had the unlock code still and since it wouldn't boot, it would accept the unlock code. It is a slot ab issue where if your phone never took an OTA (I flash all to Oreo and tried flashing DU and AOSP before taking an OTA to open slot B). This caused the phone to lock itself and go a little nuts. But it was unlocked then locked due to slot issues, so it shouldn't count. Maybe my story is a fairy tale ... No... I remember spending the hour trying to figure out why this thing wouldn't install an AOSP rom but my other would just fine, then facepalm when I figured I just needed to take an OTA.
This person had a locked bootloader and we were able to sort through and get it back to good. Maybe yours is a little worse off, idk, but the gist should be the same. I'm not sure what you've tried. whether you can load os, etc. Here is a link to the thread where we finally got it sorted, it's a little hit and miss, but maybe it'll get you going in the right direction.
https://forum.xda-developers.com/z2-force/help/help-help-help-deep-cable-flash-cable-t3925742
41rw4lk said:
This person had a locked bootloader and we were able to sort through and get it back to good. Maybe yours is a little worse off, idk, but the gist should be the same. I'm not sure what you've tried. whether you can load os, etc. Here is a link to the thread where we finally got it sorted, it's a little hit and miss, but maybe it'll get you going in the right direction.
https://forum.xda-developers.com/z2-force/help/help-help-help-deep-cable-flash-cable-t3925742
Click to expand...
Click to collapse
Alas this person had a different problem from me. It sounds like they had something of a pseudo-lock that just needed a nudge to get the kernel to recognize the OEM unlock had been authorized.
The above thread may prove useful to people who have had issues with locked bootloader but who have access to the system.
I do not have access to the system. fastboot oem blankflash command is "restricted" for me. Yet it still classifies both slots as bootable, it just refuses to boot them, which is not enough to trigger any emergency download apparently. It seems this person never succeeded in doing that, because they found an easier way.
I'm really trying to figure out if buying a cable would be worth it, but I have doubts. I was able to access my usb hub and manually short the pin using a voltmeter and some wire to find which traces were connected -- exactly mimicking the action of most "deepflash" cables.
No dice.
That, and I read that the MSM8998 doesn't use the same programmer as other qualcomm androids, possibly uses an older one, and I haven't found any reference to which one. I think blankflash should be possible on these phones, but triggering edl seems impossible from my position, since I have no adb but I do have a basically useless bootloader, which aggressively overrides edl. :angel:
Basically the way I see this, my bootloader thinks its serving a purpose: fending off modified system files, which I unwittingly made its only function when I locked it. It is forbidden from handing over the power of my z force to a patched OS. Since the bootloader exists, and is technically able to boot, it's just not allowed, edl will never be activated because it utterly defeats android security. edl is the backdoor that opens when everything else is completely gone or unintelligible. Is that accurate? :cyclops:
I am beginning to accept that my phone was not meant to be rooted really in the sense that, yes, its Linux and you can, but it's basically been booby trapped by Lenovo and if you fall for the logic I did at first, and try relocking it at the first sign of strange behavior, you have to buy a new phone. Exactly what they want.

Verizon Pixel 2xl oem but Im being VERY detailed

Ive been rooting since my old Samsung Galaxy 4 using very early versions of Cyanogenmod, Towelroot, Odin and other tools. As recent as this summer I took my older Samsung Tab A while in quarantine and while using TWRP I flashed it and put Leneage on it and love it.
I have an old Verizon Google Pixel XL 2 I want to unlock, root, and repurpose. Here are the hardware details -
- Taimen:11/RP1A.201005.004.A1/6934943
- Android 11 security update Oct 5 2020
- Serial, IMEI and other data available upon request on a case by case basis
I have tried everything I could find on XDA and I find myself the victim of every dead end possible all leading back to the OEM unlocking refusing to stay enabled. Without getting too tl:dr, I've tried all the fastboot this, and critical that, and nothing. I made sure it's fully factory reset with no sim card as well as skipping all the setup prompts to include no pin codes, biometrics, or Google accounts. Wifi is off, Bluetooth is off, usb debugging on, and the latest drivers, OTA img, the latest platform-tools, and the latest version of Android Studio.
The furthest I've been able to get is by using
Code:
adb shell pm uninstall --user 0 com.android.phone
to enable OEM unlocking for a brief time before it goes back to being shaded out.
I'm leaving no rock unturned.
I can fill in any details and answer virtually any question clearly and with as much detail is requested. I'm not some kid or out-of-touch novice who's unable to answer basic questions or pay the respect to follow up. I didn't want to hijack other posts as it's a personal pet peeve of mine and hope others do the same for this post. I'm humbly asking for some assistance realizing what I don't know but can't figure out what I need to know.
Whatever support I receive I shall pay it forward within XDA.
Thank you!
No consistently successful method of bypassing the locked bootloader on a Verizon Pixel 2 XL has been found in the nearly four years this device has been around. There have been scattered reports of success, but most of those were due to an exploit discovered in an old version of the bootloader that has long since been patched.
You have done everything you could, and everything that anyone else with a Verizon device with a still-locked bootloader has done. Unfortunately, they've hit the same brick wall you have, and there is no way we know of to get past it.

Need help re-rooting my M8

I promise, I tried to do it myself by looking at some guides on here, but all the links are broken, there are mod addendums and warnings on some of the threads, and htcdev won't even let me log in! I reset my password and immediately entered the one they sent to me and it said incorrect login! Also powershell isn't working with adb services(term 'adb' is not recognized) and the HTC sync software is no longer available for download... not sure what to do!
I currently have a Pixel 3, but my last two phones were HTC phones. The M8(t-mobile) and the 10(sprint/unlocked). I used guides on this forum to root them both. However, I ended up giving the M8 to my sister when I got the 10. I relocked the bootloader so it could be stock again.
The status is "relocked." I want to use the old phones to tether wifi to two old computers that have no wifi connectivity. My HTC 10 does it perfectly, but it is an unlocked model and is still rooted. Back when I got the M8, carriers were very stingy about that kind of stuff, so it is not possible by default. I have seen a few ways to allow the phone to tether from wifi to usb, but they require root.
And now I am here... a couple hours trying to do something that I did once years ago pretty easily, but with a bunch of broken links and services.
Any help is greatly appreciated, I really don't want to pay and then wait for a wifi adapter.
Thanks

TotalSec OS on Pixel 3XL

I got my hands on a Google Pixel 3XL phone modified by TotalSec. It seems like it has LineageOS modified by them and installed but bootloader locked without option to unlock it. Is there a way to force developer options thru OS somehow where I can unlock the bootloader? Tapping 7 times on build does nothing...they sell this phone for €1500 with 6 month service. After 6 months, phone is useless...
I don't know anything about TotalSec. I checked their site and see they offer the Pixel 3 and Pixel 3A. At 1500 euro, for 6 months use (I couldn't find the price for the ongoing subscription) this is clearly not a product intended for the consumer. I didn't see the 3XL.
I'm interested how they accomplished re-locking the bootloader on a Pixel device with a non-stock OS. Having to leave the bootloader unlocked is a security concern. I think many Pixel owners would like to unlock their bootloader, root or make other changes, then re-lock the bootloader.
It seems like they are running LineageOS as a base, modified it and locked it down. You have to literally log in, pay 1500 euros for 6 months of use. There is no option of tap build 7 times to enable developer options so I cant unlock the bootloader. Im currently in fastboot mode and will attempt to load new recovery and bootloader.
Is there a way to unlock a bootloader from fastboot mode?
My friend has one of those coming in. Pixel 4, specifically.
My guess is that they have custom AVB keys installed which allows them to relock the bootloader. Do you get a _yellow_, not orange, warning when you boot the device up?
Regardless, you should be able to flash stock even with a locked bootloader; https://flash.android.com/ should work just fine. I don't recommend you flash the device yet, unless it's your only device, as you might want to grab a copy of the OS just for ... giggles.
{Mod edit: Inappropriate language removed. Oswald Boelcke}
Thank you! Let me try it, it is my extra phone laying around with no use for anything at the moment. I use Pixel 7 Pro as a daily.
No go. It is telling me to enable OEM unlocking
{Mod edit: Inappropriate language removed. Oswald Boelcke}
what happens when you run `fastboot flashing unlock`? im not expecting anything to happen since the developer options are gone but I'm a tad curious. also, see if you can boot it to fastbootd.
there's also an app on fdroid called setedit, try to download it on that phone and search "development_settings_enabled". if it pops up set it to 1 and you should have the developer settings enabled
i won't lie to you i don't think there's anything that can be done. you could try manually installing the stock OS with the fastboot cli but i doubt it would lead to anything.
Yeah I think I tried that. Weird that OS level has triggers that switch on/off the bootloader and not CLI part! CLI should have priority and logically it makes more sense to be done now, not on OS level!
Did you found any solution, I have Pixel 4 with same situation I tried to sideload latest lineage OS flame via recovery to overwrite the existing system done with error !
Mine is stuck in fastboot, cant do anything! I wish I can wipe it and load a fresh OS! No luck so far!
At this point I'm tempted to get one of those devices for myself to experiment on. How much did you all get them for?
I got it for free from a friend of mine but prices are insane, it's $1500-$2000
I got a notification in my email, I dont see that message anymore, setedit app??
Oh yes, I edited the comment to remove it since it doesn't work for writing settings without some permissions that need to be given over ADB.
I'm trying to think what you can do, my friend got theirs and has so far been unable to do anything with it
Are you just trying to find a use for it? You might be able to completely reinstall everything with a firehose. I could try to find one for your pixel 3xl, there probably is one on XDA.
It's certainly a last resort and not something you should do for every device, but I'm running out of ideas and Qualcomm proprietary stuff is fun to mess with imo
pmnlla said:
Are you just trying to find a use for it? You might be able to completely reinstall everything with a firehose. I could try to find one for your pixel 3xl, there probably is one on XDA.
It's certainly a last resort and not something you should do for every device, but I'm running out of ideas and Qualcomm proprietary stuff is fun to mess with imo
Click to expand...
Click to collapse
I can send you a Google Pixel 3XL for free, with the bootloader locked from TotalSec. There are a lot of Google Pixels here in Albania that they have no use anymore because there are a lot of alternatives. But with the bootloader locked, we cannot do anything.
What do you mean by that? many useless phones because of the totalsec OS? shoot me an e-mail at [email protected], I know a few people who could possibly help.

Categories

Resources