Related
I've never owned a Nexus/Google phone, how long would you all guess it's going to take to root the Nexus 6?
Thanks! :fingers-crossed:
Kidding I hope
Pyros2008 said:
I've never owned a Nexus/Google phone, how long would you all guess it's going to take to root the Nexus 6?
Thanks! :fingers-crossed:
Click to expand...
Click to collapse
Before you even get it
Sent from my A0001 using XDA Free mobile app
Nope, the first time I rooted was a month ago, my Note 3. I take it the device can be rooted off the bat.. or there something else I am missing?
Give Chainfire a couple hours with the phone
Pretty sure the process will be similar to other Nexus devices... Fastboot oem unlock, etc, etc.
http://phandroid.com/2014/11/17/nexus-6-lollipop-root/
all hail king chainfire?
kgeissler said:
http://phandroid.com/2014/11/17/nexus-6-lollipop-root/
Click to expand...
Click to collapse
That has 6 nexus devices with root. Bit not the nexus 6.
I would make sure to wait until Google releases the factory image before rooting just in case something goes wrong
I'm pretty sure that the factory images have to be out as he has to create a modified kernel for the N6 for superuser to work on 5.0.
lordgodgeneral said:
I'm pretty sure that the factory images have to be out as he has to create a modified kernel for the N6 for superuser to work on 5.0.
Click to expand...
Click to collapse
I think he just patches the existing kernel so don't think he would need images. Think being the key word there as I don't know for sure how it works exactly.
You don't need a developer to root a nexus. Boot into the bootloader, connect to your computer, run: fastboot oem unlock, then install the recovery of your choice via fastboot (fastboot flash recovery blahxxx.img), then just flash whatever superuser you want (e.g. SuperSU)
Sent from my XT1053 using Tapatalk
bongostl said:
You don't need a developer to root a nexus. Boot into the bootloader, connect to your computer, run: fastboot oem unlock, then install the recovery of your choice via fastboot (fastboot flash recovery blahxxx.img), then just flash whatever superuser you want (e.g. SuperSU)
Sent from my XT1053 using Tapatalk
Click to expand...
Click to collapse
Sorry but this is no longer accurate. First off, there are no custom recoveries yet. Second, lollipop requires additional work arounds for root other than just flashing superuser.
akellar said:
Sorry but this is no longer accurate. First off, there are no custom recoveries yet. Second, lollipop requires additional work arounds for root other than just flashing superuser.
Click to expand...
Click to collapse
Hm? I'm running oneplus one with root on lollipop. All I had to do was just flash supersu in recovery.
Hopefully we can see a twrp on nexus 6 soon.
Sent from my A0001 using Tapatalk
zephiK said:
Hm? I'm running oneplus one with root on lollipop. All I had to do was just flash supersu in recovery.
Hopefully we can see a twrp on nexus 6 soon.
Sent from my A0001 using Tapatalk
Click to expand...
Click to collapse
It's likely not a complete build with the SELinux improvements that google made to the kernel. You need to modify the kernel on lollipop to have root so your one plus probably just has a ROM not a full image of the lollipop on it. Also as stated earlier you can't root anything without the factory image posted by google for the nexus. Then the developers can have at it. Until your happens we are just left waiting.
Pilz said:
It's likely not a complete build with the SELinux improvements that google made to the kernel. You need to modify the kernel on lollipop to have root so your one plus probably just has a ROM not a full image of the lollipop on it. Also as stated earlier you can't root anything without the factory image posted by google for the nexus. Then the developers can have at it. Until your happens we are just left waiting.
Click to expand...
Click to collapse
SELinux is currently permissive and yep its built off CM12 sources. But to answer OP's question, probably won't take too long but no ETAs.
zephiK said:
SELinux is currently permissive and yep its built off CM12 sources. But to answer OP's question, probably won't take too long but no ETAs.
Click to expand...
Click to collapse
Then that's why you can flash it in recovery. Normally you wouldn't be able to if it wasn't changed.
Chainfire said:
On LPX13D, SELinux, and root
As promised, here are some more details about the current situation.
Why it breaks
Google has really put some effort into better securing Android, and we've seen a lot of SELinux related commits to the AOSP tree over the past months. There is some disconnect between the AOSP tree and actual L preview builds, some things from AOSP are not in the L preview build, and vice versa. Ultimately, it's a pretty good bet these things will mostly align, though.
On most devices and firmwares, SuperSU's daemon is started by the install-recovery.sh service script that runs at system boot time, as user root with the init context. This is what the daemon needs to function.
Recently, they've started requiring all started services to run in their own SELinux context, instead of init. Developers and security guys following AOSP have known this was coming; AOSP builds have been logging complaints about this specific service not having its own context for a while now.
Now this script runs as root, but as the install_recovery context, which breaks SuperSU's operation, as it is a very restrictive context.
In the last AOSP build I have tried (a few weeks old), there were a fair number of other holes that we could use to launch the daemon. At first glance(!), it seems those have all been closed. An impressive feat by the guys working on this, if it proves true.
How to fix it
To fix root, all that really had to be done was ensure the daemon's startup script is run at boot as the root user with the init context.
There are multiple ways to do this, but unfortunately for now it seems that it does require a modified kernel package (changing the ramdisk).
In the modified kernel packages I've posted for the Nexus 5 and Nexus 7, the daemon's startup is fixed by commenting out the line in init.rc that forces the install-recovery.sh script to run as the install_recovery context, so now it runs as init again, and all is well.
Repercussions
As stated above, it seems for now that modifications to the kernel package are required to have root, we cannot attain it with only modifications to the system partition.
Combine that with a locked bootloader (and optionally dm-verity) and a device becomes nigh unrootable - exactly as intended by the security guys.
Exploit-based roots are already harder to do thanks to SELinux, and now because of the kernel requirements for persistent root, these exploits will need to be run at every boot. Exploits that make the system unstable (as many do) are thus out as well.
Of course, this is all dependent on OEMs implementing everything exactly right. If a certain OEM doesn't protect one of their services correctly, then we can leverage that to launch the daemon without kernel modifications. While I'm fairly certain this will be the case for a bunch of devices and firmwares, especially the earlier L firmwares, this is not something you should expect or base decisions on. It is now thus more important than ever to buy unlocked devices if you want root.
It might also mean that every firmware update will require re-rooting, and OTA survival mode will be broken. For many (but far from all) devices we can probably automate patching the kernel package right in the SuperSU installer ZIP. We can try to keep it relatively easy, but updating stock firmwares while maintaining root is probably not going to work as easy and fast as it did until now.
Apps need updates
Unsurprisingly, with a new major Android release, apps will need updates. None more so than apps that go beyond the Android API, as root apps do, but even some non-root apps will be affected by the security changes.
As one example, someone posted in the SuperSU thread of a kernel flashing app that didn't work. From the logcat you could see that it was looking for partitions in /dev/block from its normal non-root user and non-init context. That used to be possible, but now it is restricted: normal apps no longer have read access there.
The solution for that app is actually quite simple: list the /dev/block contents using root instead. But simple solution or not, the app will still need to be updated.
By far most root apps should be updateable for L without too much issue. There are indeed exceptions that will need some special care, but those are rare.
Permissive vs enforcing
The kernel packages I posted for the Nexus 5 and 7 LPX13D firmware keep SELinux mostly set to enforcing. I say mostly, because SuperSU actually switches a small part of the system to permissive, so apps calling su can do most things without much interference. The details on this are lengthy (yes, your apps will be able to modify policies as well if needed, which should be rare), and I will document these for other developers after L retail release, assuming it will all still work at that time.
Alternatively, you can set the whole system to permissive or otherwise disable SELinux. There are other kernel packages released that indeed do this. The advantage here is that it instantly fixes some apps' issues, as the SELinux based restrictions have all gone the way of the dodo. The disadvantage here is that you've just shut down a major part of the security system of the device.
Some would argue that a device with an unlocked bootloader, root, encrypted modem firmwares of which nobody really knows what they're doing, etc, is inherently insecure, and thus disabling SELinux doesn't make much difference.
I personally disagree with this. While I do agree that these things weaken security down from the ideal level, I would still not disable more security features than I absolutely need to. Just because you cannot eliminate all attack vectors, is no reason to just completely give up on defending against them.
It is of course your own choice if you want to run a permissive system or not. I will strive to keep everything working in enforcing mode though, and I hope other root app developers will do the same - as stated earlier in the post, I believe this is still possible.
(everything in this post is subject to change for retail L release, obviously)
Click to expand...
Click to collapse
https://plus.google.com/+Chainfire/posts/VxjfYJnZAXP
http://www.xda-developers.com/android/supersu-beta-2-23-lollipop/
Pilz said:
Then that's why you can flash it in recovery. Normally you wouldn't be able to if it wasn't changed.
Click to expand...
Click to collapse
Good news everyone, starting one of the upcoming SuperSU updates, modified kernels will no longer be needed for root on Android 5.0 ... !
Click to expand...
Click to collapse
https://twitter.com/ChainfireXDA/status/535253476021116928
So I actually don't have the S5, or any Samsung device for that matter, but a friend of mine does, and really wants to root their phone. I had no idea the AT&T S5 was so secure, but it's pretty interesting too. I've been researching for over 15 hours. I may not have been able to root his phone, but I think I have learned a couple things and maybe some possible root methods.
1.) Since using ODIN to downgrade would soft brick the phone, would it be possible to download the stock Lollipop update onto a computer, give the update super user access, replace the recovery with a custom one, or unlock the bootloader from the computer, then flash it through ODIN?
2.) Intercept any sort of OTA update, then alter it to flash a custom recovery or unlock bootloader? I don't know how you would go around this though.
3.) If someone hasn't taken the OTA update that patched the Stagefright exploit, could someone purposely use the exploit to allow installation of a custom recovery or even to unlock the bootloader since the Stagefright bug has super user access (or so I've heard).
Also, I'm sorry if these are stupid ideas. I know close to nothing about Samsung so everything I'm basing this off of is what I've read in the past 15 hours.
jsmithfms said:
So I actually don't have the S5, or any Samsung device for that matter, but a friend of mine does, and really wants to root their phone. I had no idea the AT&T S5 was so secure, but it's pretty interesting too. I've been researching for over 15 hours. I may not have been able to root his phone, but I think I have learned a couple things and maybe some possible root methods.
1.) Since using ODIN to downgrade would soft brick the phone, would it be possible to download the stock Lollipop update onto a computer, give the update super user access, replace the recovery with a custom one, or unlock the bootloader from the computer, then flash it through ODIN?
2.) Intercept any sort of OTA update, then alter it to flash a custom recovery or unlock bootloader? I don't know how you would go around this though.
3.) If someone hasn't taken the OTA update that patched the Stagefright exploit, could someone purposely use the exploit to allow installation of a custom recovery or even to unlock the bootloader since the Stagefright bug has super user access (or so I've heard).
Also, I'm sorry if these are stupid ideas. I know close to nothing about Samsung so everything I'm basing this off of is what I've read in the past 15 hours.
Click to expand...
Click to collapse
The issue is that AT&T (and Verizon) use an encrypted signature key to verify they are the correct unaltered files as well as the means to unlock the bootloader to allow the OTA. Without that key, the tasks you mention are near impossible. They are not stupid ideas at all..just very difficult with all the security checks included.
KennyG123 said:
The issue is that AT&T (and Verizon) use an encrypted signature key to verify they are the correct unaltered files as well as the means to unlock the bootloader to allow the OTA. Without that key, the tasks you mention are near impossible. They are not stupid ideas at all..just very difficult with all the security checks included.
Click to expand...
Click to collapse
Crap... well does anyone know how that encyption key is generated? Like, could I theoretically get an algorithm from a ROM?
Honestly for the time being I wouldn't bother with ROMS for that Device and carrier at the moment. Especially being that its someone elses device. Towelroot should be a good start. If Im not mistaken I don't think its supposed to trip knox.
Sent from my HTCEVODesign4G using XDA Free mobile app
jsmithfms said:
Crap... well does anyone know how that encyption key is generated? Like, could I theoretically get an algorithm from a ROM?
Click to expand...
Click to collapse
This is the riddle of the Sphinx my friend. I am sure the super devs have tried their best so far to crack it. It has been an ongoing effort to make phones more and more secure, not against the amateur developers and rooters, but against the hackers. These smartphones are now our personal computers, diaries, personal assistants, financial operator, and more. They basically are a person's (and business's) life. AT&T and Verizon have taken the big steps to appeal to the Exchange clients, corporate, government and military contracts. Even the general public want to know their phone is secure. This is what keeps me stuck on the Sprint network.
Have you tried Kingroot?
I successfully rooted my wife's AT&T S4 on OC3 lollipop (supposedly unrootable) with the desktop version. Mobile version didn't work but desktop did without a hiccup. Maybe it'll work on the S5.
http://forum.xda-developers.com/android/apps-games/one-click-root-tool-android-2-x-5-0-t3107461
Rockin' a l337 with Goldeneye v49.1 + Wanam Xposed and loving life on AT&T's 4G LTE network
S5 on lollipop has a new nasty boot loader.... it was a miracle on its own that they ever came up with safestrap to duck the boot loader on earlier versions of android
I know that we have root through the Sprint released ROM and we can achieve root as long as we are on the N920TUVU3DPG1, which I am and have done so using Jovy's ROM. However, my question is regarding the possibility to achieve root for stock odexed firmware. My problem is that I do not like all/some of the modifications that are done on the available ROMS. I prefer the stock look/functions for my phone. I mostly use root for recovery purposes (ie. Titanium, etc). Is there a possible way to achieve Stock Root under our current bootloader limitations without heavily modifying the ROM? I want to use Knox dependent apps (like S-Health) without having to worry about updates etc... If so, can someone here point me to the way to do it? From what I remember reading, leaving the phone on the initial Sprint ROM broke a lot of the functions like bluetooth, LTE and wifi and required a lot of behind the scene changes to make it work. I think that my limited knowledge would not allow me to do these twicks effectively. Thanks for any help.
Recently, Tab A6 T280 successfully rooted and the bootloader still tight locked. However, somebody did a reverse engineering on both kernel and recovery to extract out SHA keys and add it into TWRP and bypass bootloader. This is a major milestone that ALL Samsung phones and tablets can be rooted this way.
Nevertheless, a custom kernel with SELinux policy needs to be installed to achieve root.
mingkee said:
Recently, Tab A6 T280 successfully rooted and the bootloader still tight locked. However, somebody did a reverse engineering on both kernel and recovery to extract out SHA keys and add it into TWRP and bypass bootloader. This is a major milestone that ALL Samsung phones and tablets can be rooted this way.
Nevertheless, a custom kernel with SELinux policy needs to be installed to achieve root.
Click to expand...
Click to collapse
I hadn't read about that and this is an awesome news. Thanks for sharing. I am hopeful that it will come to our great phone since we have the most amazing developers here.
First of all, I have been using custom kernels and later rooting since Pocket PC 2002/Merlin, and I now have bought my first Sony (after just about every other brand of Android phone, no particular reason why I never had a Sony since the SE T68) because it's the only phone I can use with salt water spray on the screen and wet fingers. I do a lot of lobster, crayfish and crab fishing with traps and use an app called Fishing Poins to keep track of my pots and what I get where. Coming from Samsung (S5 was the latest I had) the rooting of a Sony seems rather cumbersome, but I have a few apps that need root access. LIke Air Audio to play music through an Airplay system. DLNA is useless to me, I want to stream the audio that I'm using on the phone directly to the whole house systen.
So can somebody please tell me what I do to get root access on Nougat (which my phone upgraded to before I saw that's what was happening, and no, I'm not big on reading long explanation screens, if it's a new phone and an official upgrade I am used to just doing it before I root on Samsung phones, since I have to unroot to install them later) and nothing else? For now I don't want to use any custom kernels or recovery, if I can avoid it. Just stock, rooted, like I could on my S5 (and Note 2, S4 Active and so on), please!
I did attempt the KingRoot app, but it didn't work. Also I have read a bit about that app that doesn't seem to good (Chinese spy fator app), so I did a full reset after the failed attempt. But if there's something similar that would be the perfect way of doing this. Of course I'm no stranger to ADB, so hooking it up to my pc is not a problem either.
1. Downgrade to any version of stock Marshmallow firmware with Xperifirm and Flashtool. Wipe everything and Exclude nothing (but *.ta - if any). Do not use FSC script! << FSC is now mandatory!
2. Backup your device's TA partition with Universal TA Backup tool.
3. Flash Nougat firmware (again with Xperifirm and Flashtool). Wipe everything and Exclude nothing (but *.ta - if any).
4. Unlock your device's bootloader
5. Follow this instructions to create/flash a custom kernel with root, and also DK.ftf (to fully reactivate sony's drm keys, which is wiped when bootloader is unlocked).
Anyway, try it at your own risk!
Thanks! So that's the method, which of course means deleting everything I've set up on the phone. Is there a chance there may be an easier, less destructive way during the next month or so? I can do without root access for that long.
oh, btw, by "custom kernel" do you mean that it will not be the original setup for the phone? I've been betatesting kernels on many devices, but nowadays I only want a phone that works without any hitches, and I want access to the official updates. That was easy on the Samsung phones, but maybe Sony is more different than I thought?
Oh, btw, maybe it is explained in the long post you directed me to, but I recently had an eye operation, and I would appreciate a shorter answer, before I get to the "how to", which takes me a while to read right now...
NEVER MIND THIS MESSAGE! Now I understand what Xperfirm is...
Also where would be a safe place to download ROMs from? Both the downgrade ROM and the Nougat ROM? I now really wish I hadn't let the thing upgrade before I took the TB backup (I'm still a bit unsure as to why I need that, I don't use any media with any form for DRM, but I guess better safe than sorry).
Mastiff said:
NEVER MIND THIS MESSAGE! Now I understand what Xperfirm is...
Also where would be a safe place to download ROMs from? Both the downgrade ROM and the Nougat ROM? I now really wish I hadn't let the thing upgrade before I took the TB backup (I'm still a bit unsure as to why I need that, I don't use any media with any form for DRM, but I guess better safe than sorry).
Click to expand...
Click to collapse
As far as I know there's no danger to download through Xperifirm, you need TA for guarantee reasons (if your phone need repair, not everywhere but for safety)
THanks, yeah. I have managed to read a bit and found out that Xperifirm downloads from the official Sony servers. Pain in the ass downloading, it breaks the download every couple of minutes. But that's probably Sony's servers, not the program. As for warranty, that's no problem in Norway since we have very strong consumer rights here. If an error can not be prooven to stem from rooting or other software stuff, it will be fixed. If I remember correctly Apple tried really hard to battle with the consumer rights officials about jailbreaking, but they had a very bloody defeat.
Seems like I have a problem. The Telenor Nougat ROM doesn't have a loader, according to Flashtool. Neither do the two other ROMs I have downloaded so far, but I'm trying again with a third, which doesn't have the "customised" moniker. So I hope that has a loader. But how do I upgrade again to Nougat, with the Norwegian version, when the Telenor ROM doesn't have a loader?
Mastiff said:
Seems like I have a problem. The Telenor Nougat ROM doesn't have a loader, according to Flashtool. Neither do the two other ROMs I have downloaded so far, but I'm trying again with a third, which doesn't have the "customised" moniker. So I hope that has a loader. But how do I upgrade again to Nougat, with the Norwegian version, when the Telenor ROM doesn't have a loader?
Click to expand...
Click to collapse
if your phone is locked(Bootloader),fix it using Xperia Companion..that way it upgrades automatically to Nougat.
if not,lock it using Flashtool first.
Well, the message was kind of badly worded, because I need to downgrade first of all. So I'm at the moment trying to get it to MM without messing up the TA partition. So anyway, this thread has been followed by others, I think this can be considered solved since there is only one way to get root on these phones.
What would be the best approach to rooting if you unlock your bootloader before learning about TA backup? I have since downgraded, done TA backup, upgraded, flashed TWRP, flashed SU/Magisk/phhSu, and saw two green checks in Magisk. Tried to continue to get the three checks by installing Sony framework v1 through Magisk and then Andros plus kernel, but got stuck on Sony screen on boot up. So I repeated steps and stopped after I got two checks, however after long use and simple phone restart, I lost root. Please HELP!
I'm about to get an XZ1 Compact and I'm interested in exploring its files. I understand Windows, but Android's terminology is new to me. I'm unsure whether I understand correctly how Android works. Is this right?:
(1) When turned on, a small OS (the "bootloader") powers on, and its objects call
(2) objects in the "recovery partition," which in turn
(3) call the files and objects in the main partition which power the actual Android OS.
To change files in the main partition ("flashing ROM") either the new files' API's must match those in the previous OS or else files in the recovery partition also need to change ("be customized"). Similarly, changing the recovery partition requires either the same API calls from the bootloader or else changing the bootloader ("unlocking" it).
Is all that right? Does this mean doing something like installing TWRP (from the command line on my desktop, where I already have Android Studio and the Android SDK tools) means I have to "unlock" the bootloader too? [Is there a suggested web site or reference, besides this forum, with good info to teach me what I need to know to understand bootloaders, recovery partitions, custom ROMs, etc.?}
Thanks!
Al C.
acolburn3 said:
Is all that right? Does this mean doing something like installing TWRP (from the command line on my desktop, where I already have Android Studio and the Android SDK tools) means I have to "unlock" the bootloader too? [Is there a suggested web site or reference, besides this forum, with good info to teach me what I need to know to understand bootloaders, recovery partitions, custom ROMs, etc.?}
Thanks!
Al C.
Click to expand...
Click to collapse
Hi AI C,
What you described is basically how it works, although the bootloader decides what partition to load the operating system from. The recovery is located in the recovery partition and the bootloader can start it up the same way as an operating system and it allows users control over certain aspects of the phone such as wiping partitions and modifying the currently installed Android.
Here is a site that describes some of the terms:
https://trendblog.net/guide-to-android-rooting-custom-roms-apps/
In order to modify your Android operating system and flash a custom ROM you need to unlock the bootloader as the locked bootloader will only boot your stock firmware (Android OS) that came with your phone.
---------- Post added at 05:28 PM ---------- Previous post was at 05:22 PM ----------
The XZ1 compact is not the easiest device to learn these things with as Sony has locked certain parts of the OS using DRM (digital rights management) which requires a couple extra steps when unlocking the bootloader. Without these DRM keys the camera does not work.
Additionally not all XZ1 compacts bootloader's can be unlocked.
Check this PDF for instructions to unlocking the bootloader and backing up DRM keys:
https://forum.xda-developers.com/xp...-exploits-temp-root-to-backup-t3795510/page39
If you have any specific questions I'm happy to help.
Your explanation makes perfect sense, and those look like really useful links. Thank you for taking the time to respond so thoughtfully. I'd read about the camera issues. Although some folks describe solutions (XperiFix?), I don't think I need Android 10 enough to want to risk flashing it yet. In the meantime, do installing a different recovery (TWRP?) or rooting the device require unlocking the bootloader, too?
p.s. If the answers to those questions are in the links you gave me, I'm perfectly OK being told "go read them!"
acolburn3 said:
Your explanation makes perfect sense, and those look like really useful links. Thank you for taking the time to respond so thoughtfully. I'd read about the camera issues. Although some folks describe solutions (XperiFix?), I don't think I need Android 10 enough to want to risk flashing it yet. In the meantime, do installing a different recovery (TWRP?) or rooting the device require unlocking the bootloader, too?
p.s. If the answers to those questions are in the links you gave me, I'm perfectly OK being told "go read them!"
Click to expand...
Click to collapse
The short answer is yes. You need to unlock the bootloader in order to root and install a custom recovery.
The long answer is that there is a workaround using the Temp-Root solution provided by J4nn: https://forum.xda-developers.com/xp...devonly-exploits-temp-root-to-backup-t3795510
that is used to root the phone temporarily so that the DRM keys can be backed up. When you use the magisk version version of the exploit that is linked in the first post you have root access until you reboot the phone.
If you want to get root back you need to connect it to your computer using ADB (android debugging bridge) and send the commands again. Additionally it only works with a few certain android oreo based stock firmwares.
So it is not exactly a workable solution.
I have not heard of XperiFix before. The thread I linked by J4nn and the previous PDF I mentioned is the way that I bootloader unlocked my device and made sure I still have a working camera, although other methods might exist.
I'm glad I could help.