Related
Hi,
I recently had to return my phone back to stock because of a warranty issue. (battery dying between 25% and 40%)
So chances are high that I will get the phone back with Marshmallow instead of Lollipop.
is there a guide or can anyone give some pointers how to root this device? After a bit of reading I still have a few specific questions, so maybe someone here can help.
A) What TWRP version will I need for the M8s on Marsmallow?
B) Will Magisk systemless root work on this device?
C) If the rooting has succeeded and I remove some bloatware apps from /system/vendor and /privapp and such. Will this trip the Google safety net? Or is safety net not yet applied to our M8s devices?
Thanks!
I don't personally have the M8s version specifically. But as the device forum sections for all the M8 versions in general are becoming pretty quiet; I'll try to help you to the best of my knowledge.
A) The TWRP recovery posted in this (M8s) forum section should work fine on Marshmallow. Looks like it's only updated to 2.8.6
B) Should work, yes. I would suggest the current stable Magisk version, which is 14.0
Backup your stock (unrooted) ROM before trying to root (as you always should - this is best practice and just good common sense). Then if anything goes wrong, you can easily restore to stock.
C) Not sure. But I can tell you on my current device (OnePlus 3T) that removing system (bloat) apps does not trip safety net.
Hi @redpoint73,
Thanks. That takes away some worries and gives me some confidence for giving it a third shot . Nandroid's don't work on the M8s unfortunately, I've tried this once since I botched something up during my first root attempt, put back the Nandroid and my Bluetooth was dead. (and probably more, but I didn't investigate it further back then.)
As in regards of removing bloat, since HTC has the S-on I was only able to remove the pre-installed apps from within TWRP (or else the apps were back after a reboot), so I guess this process remains the same?
Thanks so far and I'll report back my results in this topic. Now I first have to wait to see if they give me my warranty, since the bootloader said relocked and the firm I had to send it to is notorious for blaming factory faults on rooting of the phone. Fingers crossed!
Thijs_Rallye said:
As in regards of removing bloat, since HTC has the S-on I was only able to remove the pre-installed apps from within TWRP (or else the apps were back after a reboot), so I guess this process remains the same?
Click to expand...
Click to collapse
Should be the same, yes.
The reason for this, is that the system is write-protected, even with root. On the M8, there is a kernel mod which disables the write protection (allows you to modify system while booted to OS), but I don't know if there is such a mod for the M8s. But if you were able to do it in TWRP, the same should apply on Marshmallow.
So I finally got my phone back, or well, to be accurate, I got another phone (albeit another M8s) back under warranty. I guess they f'd it up during repairs or something. And as expected my phone was upgraded to Marshmallow.
Anyhow, the more I read about Magisk and systemless rooting the more lost I seem to get lost. Is there somewhere a step by step guide for obtaining root on this phone?
Let me recap from what I've understood so far (SOURCE 1, SOURCE 2 and SOURCE 3)
1) Backup my boot partition, I am still searching how to accomplish this without rooting the phone first. Booting to TWRP without installing resulted in mangling some data in the boot partition, so unfortunately that is not an option. (blanks the OS version)
2) Boot to TWRP and flash the Magisk zip file. There should be an option somewhere in TWRP to enable systemless rooting.
3) ?
So if anyone knows if I am on the right (or wrong) track please let me know .
Thijs
Edit: I can't seem to get the phone boot TWRP for some reason (from my harddrive htc_fastboot boot twrp.img). This used to be possible on my old M8s which I had send in for repairs. Do I really have to flash it because I have no way of backing up the old original recovery .
Okay, since it is kinda dead in here let me bump this for anyone in the same situation. I've managed to install Magisk successfully. The steps involved
1) unlock bootloader
2) flash twrp (htc_fastboot flash recovery twrp.img) I've used the latest version from Captain Throwback which I've found in the OP of the Void_Zero Lineage OS thread.
3) boot the phone and copy magisk systemless root zip and the apk file to your internal storage Grab the uninstaller as well in the topic.
4) reboot to recovery (adb reboot bootloader)
5) flash the zip from within recovery
6) reboot the phone and install the Magisk app.
7) done
Use this guide on your own risk. It worked flawlessly for me but no guarantees .
I've successfully flashed my first ROM. My purpose in doing so was to get the monthly Android security updates, and more broadly have my phone as secure as practical. In that vein, can I safely relock the bootloader? Should I? I am aware that many (most?) people here choose to keep the bootloader unlocked, and I respect that choice, but I'm seeking maximum security.
Searching here at XDA I see conflicting guidance. Some folks say that re-locking the bootloader with a custom ROM installed is begging to be bricked, while others say they have re-locked with no trouble. So what is your advice, why is that your opinion, and do you speak from experience?
I have not rooted the phone, nor do I plan to. I'm running AICP 8.1 on Nextbit Robin and don't plan to make any changes other than receive OTA updates. Should I make future changes beyond that I would not be bothered by the very minor inconvenience of having to unlock then relock it.
I too want to simply flash the stock recovery and lock my bootloader, but from what I've read to update the ROMs we need an unlocked bootloader. So that needs to be unlocked again does that mean everytime I lock-unlock I will be wiping my data all over? Thats would be a pain.
So this is an experiment I want to run from quite long and might do it sometime next month maybe. I will be wiping-unlocking-flashing-locking and see again if I can unlock without wiping my data and lock again, this way I can know for sure if this is doable because most online answers are weirdly confusing.
javelinanddart found that locking the bootloader on the Robin results in similar behavior as on the Nexus devices. The phone will check and make sure that the key used to sign the recovery partition remains the same as it was when your device got relocked, so as a result, TWRP should still work, and updating to a new version of TWRP would work too since it's (presumably) signed with the same key. System partition checking is handled by the kernel itself (dm-verity), but all the custom roms for the Robin have that disabled, so that wouldn't be a problem.
I've also been running custom roms with my bootloader locked and haven't run into any issues with flashing roms with TWRP.
I will be honest though, since TWRP lets you do so much to your phone, relocking your bootloader wouldn't really help security wise. You can pull up a damn root shell right in TWRP, for crying out loud.
@jabashque
Wait so are you saying despite locking the bootloader I can still go in custom recovery? Whats the point then?
I mean for me why I a considering locking the bootloader is so that if I lose my phone no one can access my data. As of now with custom ROM anyone has free access to my data via TWRP/custom recovery.
/root said:
@jabashque
Wait so are you saying despite locking the bootloader I can still go in custom recovery? Whats the point then?
I mean for me why I a considering locking the bootloader is so that if I lose my phone no one can access my data. As of now with custom ROM anyone has free access to my data via TWRP/custom recovery.
Click to expand...
Click to collapse
I suppose you could flash Lineage recovery instead, which was designed to be an OEM-grade recovery and doesn't include the ability to pull up a root shell or use adb.
Grab that here: http://downloads.codefi.re/jdcteam/javelinanddart/ether/ether-lineage-recovery-20180310_170949.img
Personally, I locked my bootloader so that I could actually see my custom splash screen without having to press the power button to dismiss the warning message.
EDIT: the build of Lineage recovery I linked still has adb shell access enabled it seems; I was wrong on that. Also, I haven't tried flashing another rom's system partition that's been signed with different keys.
jabashque said:
I suppose you could flash Lineage recovery instead, which was designed to be an OEM-grade recovery and doesn't include the ability to pull up a root shell or use adb.
Grab that here: http://downloads.codefi.re/jdcteam/javelinanddart/ether/ether-lineage-recovery-20180310_170949.img
Personally, I locked my bootloader so that I could actually see my custom splash screen without having to press the power button to dismiss the warning message.
Click to expand...
Click to collapse
So for an OTA update do I have to wipe all data to unlock again? I am on Omni btw.
I only unlock my bootloader to flash a cool splash screen then relock it. Even if the bootloader is locked I can still flash custom ROMs using ADB sideload. Works like a charm every time. I'm running the AEX custom ROM with Android 8.1.0
akeemk said:
I only unlock my bootloader to flash a cool splash screen then relock it. Even if the bootloader is locked I can still flash custom ROMs using ADB sideload. Works like a charm every time. I'm running the AEX custom ROM with Android 8.1.0
Click to expand...
Click to collapse
But you still locking it while on TWRP isn't it? Which means anyone has access to shell via TWRP defeats the purpose of security provided by a locked bootloader, isn't it?
/root said:
But you still locking it while on TWRP isn't it? Which means anyone has access to shell via TWRP defeats the purpose of security provided by a locked bootloader, isn't it?
Click to expand...
Click to collapse
I guess that's why Nextbit never had a problem with us unlocking the phone's bootloader.
Hello,
Is it possible to get root access on the Moto Z Play without needing TWRP? I tried to use this guide but my phone doesn't want to flash TWRP. It may require a unlocked bootloader. My question is that is it possible to get root on this phone without TWRP or unlocked bootloader?
PS. I only want root access to get Viper4Android/ Dolby. If there are any other alternatives, please let me know below.
Thanks,
mPreet
mPreet said:
Hello,
Is it possible to get root access on the Moto Z Play without needing TWRP? I tried to use this guide but my phone doesn't want to flash TWRP. It may require a unlocked bootloader. My question is that is it possible to get root on this phone without TWRP or unlocked bootloader?
PS. I only want root access to get Viper4Android/ Dolby. If there are any other alternatives, please let me know below.
Thanks,
mPreet
Click to expand...
Click to collapse
Your title says without unlock bootloader - no
Your text says without twrp - you can fastboot boot twrp.img - that will boot to it but not flash it permanently. But, again, not if the bl is not unlocked - gotta have that.
KrisM22 said:
Your title says without unlock bootloader - no
Your text says without twrp - you can fastboot boot twrp.img - that will boot to it but not flash it permanently. But, again, not if the bl is not unlocked - gotta have that.
Click to expand...
Click to collapse
So just to make sure that I understand, I have to get the unlock key from Motorola in order to unlock the bootloader. There is no other way around it, right.
mPreet said:
So just to make sure that I understand, I have to get the unlock key from Motorola in order to unlock the bootloader. There is no other way around it, right.
Click to expand...
Click to collapse
Pretty much - the process of obtaining your key will void your remaining Motorola warranty (though you may still have some protection depending on your local consumer laws), and the process of actually using the unlock key on your device will wipe your device in a factory reset. Ensure you back up your device (and adopted SD card as well) beforehand.
After that, you should be able to flash or boot TWRP, then root and flash Viper4Android (or ARISE Soundsystems) or Dolby. If you get OTA updates, you will not be able to flash them unless you can revert back to full stock, so ensure you have a TWRP backup without modifications or access to a stock ROM of the same build that you have now.
mPreet said:
So just to make sure that I understand, I have to get the unlock key from Motorola in order to unlock the bootloader. There is no other way around it, right.
Click to expand...
Click to collapse
correct. afaik.
echo92 said:
Pretty much - the process of obtaining your key will void your remaining Motorola warranty (though you may still have some protection depending on your local consumer laws), and the process of actually using the unlock key on your device will wipe your device in a factory reset. Ensure you back up your device (and adopted SD card as well) beforehand.
After that, you should be able to flash or boot TWRP, then root and flash Viper4Android (or ARISE Soundsystems) or Dolby. If you get OTA updates, you will not be able to flash them unless you can revert back to full stock, so ensure you have a TWRP backup without modifications or access to a stock ROM of the same build that you have now.
Click to expand...
Click to collapse
If I just boot off the TWRP instead of flashing, would that backup constitute as stock? So boot the TWRP instead of flashing then make a backup before rooting.
Thanks,
mPreet
mPreet said:
If I just boot off the TWRP instead of flashing, would that backup constitute as stock? So boot the TWRP instead of flashing then make a backup before rooting.
Thanks,
mPreet
Click to expand...
Click to collapse
be aware you will be walking on shaky ground. Be sure you have a spare phone that works in case you brick this one.
I flashed TWRP and rooted my Z2 Force (Sprint) using SuperSU on stock 7.1.1 Sprint rom and now don't pass SafetyNet now and OTAs won't install.
Reading various threads online, they say I can uninstall SuperSU/root and clear data for Google Play to restore certified status of phone, but that doesn't work (I followed the proper uninstall steps and verified loss of root after a reboot). Still show not-certified, so I can't download Netflix, Moviepass, use Google Pay, etc.
At this point, I'm willing to remove root and revert to stock bootloader if needed to get functionality of apps back. Is there a working stock image that I can flash with TWRP that will restore SafetyNet (I will uninstall SuperSU)? I've seen a couple threads, but they say the factory image zip can't be installed with TWRP, only stock bootloader.
Basically, I just want to restore to stock phone again and am willing to give up TWRP/root.
Can anyone point me in the right direction as I have been reading Z2 Force rom threads for hours and am not finding what I'm needing.
Thanks
Here is what I've tried thus far:
Uninstall SuperSU, cleared Google Play data, tested SafetyNet... marked uncertified
Installed Magisk, cleared google play data, tested SafetyNet... marked uncertified
Performed factory reset (dalvik, data, internal storage) from TWRP... setup phone again, marked uncertified
Is there anything I need to do to clean up old remnants of SuperSU after uninstall that Google Play is detecting? From what I've found, SafetyNet detects SuperSU and uncertifies a device... but nothing much else (ie: unlocked boot loader, etc) is there something else that I need to check to get certified again?
EDIT: The only other thing I've done to this phone is to flash a black Motorola image to replace the "Unlocked boot loader" boot image... is that causing an issue? Is that in the system partition that SafetNet detects changes?
So upon using the Magisk uninstaller to get back to as stock as possible, I was put into a recovery (TWRP) bootloop... which was fixed by flashing the Sprint Oreo image posted in the ROM forum. Still back to the same old... "Not certified" in Google Play store for SafetyNet. I have no root installed of any sort now.
read this thread
[HOW TO] Return to stock
to return to stock and then you can take the OTA update
https://forum.xda-developers.com/z2-force/how-to/how-to-return-to-stock-sprint-t3694783
TwoBuells said:
read this thread
[HOW TO] Return to stock
to return to stock and then you can take the OTA update
https://forum.xda-developers.com/z2-force/how-to/how-to-return-to-stock-sprint-t3694783
Click to expand...
Click to collapse
Thank you! I've been reading threads all morning and didn't find this one! I'll give it a try....
jugernot said:
Thank you! I've been reading threads all morning and didn't find this one! I'll give it a try....
Click to expand...
Click to collapse
I locked the bootloader using the following and I am now able to use Google Pay and other Safetynet restricted apps.
fastboot oem lock
fastboot flashing lock
fastboot oem relock
jugernot said:
I locked the bootloader using the following and I am now able to use Google Pay and other Safetynet restricted apps.
fastboot oem lock
fastboot flashing lock
fastboot oem relock
Click to expand...
Click to collapse
Are you able to take OTA update now?
Is it possible to somehow leverage the in-built OTA mechanism to install any custom ROM, while keeping the bootloader unlocked on a A/B device?
No, unless you're a rocket scientist...
galaxys said:
No, unless you're a rocket scientist...
Click to expand...
Click to collapse
Why not, where is the verification happening? Is there a signature verification after downloading the file, which can maybe be bypassed with root?
I could be wrong but I think a couple ROMs have their own OTA service baked in.
Also, I don't think it's too difficult/much more of a hassle to download the zip, reboot to recovery and flash.
nithinmanne said:
Is it possible to somehow leverage the in-built OTA mechanism to install any custom ROM, while keeping the bootloader unlocked on a A/B device?
Click to expand...
Click to collapse
If you were looking to flash a custom ROM with the stock recovery, required for sideloading an OTA, it wouldn't work. Each factory image or OTA image is signed by Google. The stock recovery is coded to look for that signature. If the recovery finds the signature it allows installation to continue. Any other signature or no signature at all will cause the process to halt with an error. In order to get a custom ROM to install using the OTA system you'd have to spoof Google's key in the ROM package so the stock recovery "thinks" it's installing a factory image or OTA.
What I described above applies regardless of whether the bootloader is locked or not. If your bootloader is unlocked, flash TWRP and call it a day.
Strephon Alkhalikoi said:
If you were looking to flash a custom ROM with the stock recovery, required for sideloading an OTA, it wouldn't work. Each factory image or OTA image is signed by Google. The stock recovery is coded to look for that signature. If the recovery finds the signature it allows installation to continue. Any other signature or no signature at all will cause the process to halt with an error. In order to get a custom ROM to install using the OTA system you'd have to spoof Google's key in the ROM package so the stock recovery "thinks" it's installing a factory image or OTA.
What I described above applies regardless of whether the bootloader is locked or not. If your bootloader is unlocked, flash TWRP and call it a day.
Click to expand...
Click to collapse
In A/B devices, it happens without a recovery, right, using update_engine. Do you know if there's a way to point it to a custom URL, instead of OEM's?
I don't believe the recovery is used for updates in the off slot on A/B devices. However, regardless of whether the recovery is required or not you still have to contend with the signing key requirement. So even if you could change the path to point to a particular download server, the absence of a Google signature will prevent the download from ocurring.
What you want is not possible because of the signing key requirement.
Strephon Alkhalikoi said:
I don't believe the recovery is used for updates in the off slot on A/B devices. However, regardless of whether the recovery is required or not you still have to contend with the signing key requirement. So even if you could change the path to point to a particular download server, the absence of a Google signature will prevent the download from ocurring.
What you want is not possible because of the signing key requirement.
Click to expand...
Click to collapse
All this validation happens in HLOS, right? Can this not be manipulated using root by replacing Google's OTA key?
nithinmanne said:
All this validation happens in HLOS, right? Can this not be manipulated using root by replacing Google's OTA key?
Click to expand...
Click to collapse
I don't know where it is, but a good guess would be the bootloader itself. And if that guess is right, not even root will help. You'd need to replace or modify the bootloader, which is a task beyond any of us.
If it were as easy as you make it sound, LineageOS and ROMs based on it wouldn't need their own OTA download systems.
Strephon Alkhalikoi said:
I don't know where it is, but a good guess would be the bootloader itself. And if that guess is right, not even root will help. You'd need to replace or modify the bootloader, which is a task beyond any of us.
If it were as easy as you make it sound, LineageOS and ROMs based on it wouldn't need their own OTA download systems.
Click to expand...
Click to collapse
The flashing happens when HLOS is still running(in Pixel, atleast), right? The bootloader can only verify when booting after flashing.
nithinmanne said:
The flashing happens when HLOS is still running(in Pixel, atleast), right? The bootloader can only verify when booting after flashing.
Click to expand...
Click to collapse
Again, I don't know. I do know however that this rabbit hole is deeper than I can go. You'll have to continue on your own from this point, because I simply have nothing left to add to the discussion.
Good luck. Hopefully you manage to avoid bricking your $1000 device in trying this.
Strephon Alkhalikoi said:
Again, I don't know. I do know however that this rabbit hole is deeper than I can go. You'll have to continue on your own from this point, because I simply have nothing left to add to the discussion.
Good luck. Hopefully you manage to avoid bricking your $1000 device in trying this.
Click to expand...
Click to collapse
Thanks, I'm not testing on my phone, I'm doing it during free time at work, where I can test on a debug 845 device, running android P. Its way easier, as I have access to more logging, and it takes 2 minutes to flash, even if I brick it. So I can try any solution you can think of. I eventually want to get it working on my phone though.