[Q] Unofficial way to unlock bl or qualcomm exploit question - Xperia Z1 Q&A, Help & Troubleshooting

Hi everyone!
I heard a lot of whining about locked bootloaders and answers just to pay for unlock and etc. However no so long ago in august on xda appeared http://www.xda-developers.com/android/qualcomm-security-exploit-djrbliss/ post about new exploit in quallcom soc's which should obviously affect our phone. This could really help for people like me with locked bl.
So has anyone heard something about using it IRL?

Arstorm.Z said:
Hi everyone!
I heard a lot of whining about locked bootloaders and answers just to pay for unlock and etc. However no so long ago in august on xda appeared http://www.xda-developers.com/android/qualcomm-security-exploit-djrbliss/ post about new exploit in quallcom soc's which should obviously affect our phone. This could really help for people like me with locked bl.
So has anyone heard something about using it IRL?
Click to expand...
Click to collapse
There is no unofficial unlock of bootloaders available
This has been talked about before
If you read the last paragraph of the article you linked to (Seen here http://prntscr.com/4ph7dk) you will see that although the vulnerability was found it is also not going to be released to the general public, but given to the OEMs so they can fix it.
While this is a notable discovery, it poses no immediate threat since Rosenberg did not release his exploit to the public, which allows manufacturers to patch it before any serious damage is done. Have a look at his full report in this summary image.
Click to expand...
Click to collapse
Also, there should be no advertising of paid for services on XDA, especially since if you can unlock your bootloader it is free to do it the official way and if anyone is taking your money for an unofficial unlock you are most likely being conned because there is no unofficial unlock.

Thank you for the reply! Unfortunately highly likely there is no official way to unlock my bl. My phone is sim-free but bl unlock is not allowed so I have no idea how to unlock it.
Also I checked comments section and found "On the summary page are enough information for any dev to write a exploit " http://www.xda-developers.com/android/qualcomm-security-exploit-djrbliss/#comment-1538589467
I'm just worried because after the end of support from sony there will be no possibility to switch to newer versions of android.

Related

What is an Encypted Bootloader and What does it Mean?

We seem to have a lot of confusion in the Atrix forum about the implications of an encrypted and or locked bootloader.
What is a bootloader?
See this article for a decent description.
Is the bootloader on the Atrix encrypted?
We don't know and likely will not know until the phone is released and people smarter than I can look at it. No reviews, including the Engadget review, have looked at whether the bootloader is encrypted. However, some have inaccurately said that it is because the installation of non-market apps is not permitted the bootloader is encrypted. However, this is a separate issue and is a requirement imposed by ATT that has nothing to do with the bootloader.
Why do people assume the bootloader is encypted?
Motorola has a strong recent history of releasing encrypted bootloaders, see the Droid X and Milestone phones. Most of the current discussion about the bootloader is limited to what we have seen from Motorola in the past. That being said, there is some hope that the bootloader will not be encrypted. In prior phones, such as the Droid X and Milestone, Motorola relied on the eFuse feature of Texas Instruments OMAP processors. Given that the Atrix uses an Nvidia Tegra 2 chip it is unlikely that Motorola can utilize the same eFuse technology.
As a result, there is some reason to be optimistic that the Atrix will only have a locked and not encrypted bootloader.
What is the difference between a locked and encrypted bootloader?
This is a good post on the topic. Locked bootloaders are on almost all android phones, including the Nexus S. Although certain locks, such as the Nexus S, are easier to open. A locked bootloader is essentially software that is written in such a way so as to prevent you from gaining access. So far XDA devs have been very skilled at cracking locked bootloaders by finding holes in this software.
An encrypted bootloader, from my understanding, is not itself encrypted, but signed by an encryption key. The phones hardware will refuse to boot unless the software that it attempts to boot is signed with the correct encryption key. The only options to crack this protection appear to be to go around the bootloader which is unlikely or to crack the encryption which also appears unlikely. See this post for more discussion.
What does an encypted bootloader mean to me?
This post at Android Forums provides a great summary of the effects of an encrypted bootloader. If you have the time, the entire thread is very informative.
The bad news is an encrypted bootloader likely means no custom kernels. This means that custom ROMs must rely on the official kernel. It also means the OS version (Froyo, Gingerbread . . .) is limited to whatever the official release is. The good news is that root access is still be possible. Root access allows you to run certain applications as the root or administrator. This allows for a lot of customization and hacking of your phone.
In the end, an encrypted bootloader may hinder your ability to completely hack the phone.
Can an encrypted bootloader be cracked?
Unlikely. For a brief discussion see this post and read the thread for a better understanding. I am aware that there is a team working on cracking the Milestone encryption using the BIONIC platform and a distributed computing effort, see androinc.net. However, even that team admits that the second coming of the dinosaurs may occur before they crack the encryption. I believe on the Milestone that the encryption is 1024 bit, which according to androinc.net may take hundreds of thousands of years to crack using a brute force method, even on a distributed computing platform.
Can a locked bootloader be cracked?
We won't know until we see it, but likely yes. Generally all software coded by humans has some error in it that can be exploited.
Why should I care if the bootloader protection cannot be circumvented?
You don't have to. But, in today's environment, consumers are tied to a 2 year contracts but new phones are released on a 1 year or less timeline. This means the device you buy today will likely be forgotten by your carrier and the phone manufacturer long before your contract is up. The inability to load custom kernels means that consumers cannot upgrade their own phones after the manufacturer decides to no longer support the phone. The decision to stop supporting upgrades often occurs well before a phones 2 year birthday, see the Motorola Upgrade Roadmap.
In addition, many people believe that they have purchased the phone hardware and should be permitted to do anything that they please with the hardware.
** I do not claim to be an expert, I have only recanted the results of my research. If I have made a mistake please let me know.
thanks for writing this i was going to my self today as i have been fighting people all day with this, i was trying to get motorola to tell me as i had a few reps available in a forum and one said that he will get back to me shortly with an answer ... but i was having to do so with people that dont know the difference chiming in and making the q&a with moto hard even for some one who does know what hes talking about ... any how i will update when i get my reply, and thanks again for putting info in right place btw up at top you put milestone instead of atrix
What a great and informative post. THIS SHOULD BE STICKIED for the time being to prevent future threads that ask the same questions. Great job.
Sent from my MSM using XDA App
sdlopez83 said:
What a great and informative post. THIS SHOULD BE STICKIED for the time being to prevent future threads that ask the same questions. Great job.
Sent from my MSM using XDA App
Click to expand...
Click to collapse
+1 here, very informative.
Thanks and sorry about the typos.
Nice job both in the layout and in maintaining an unbiased take on the possibilities.
thankyou for explaining that so well
can we get a MOD to sticky this for a while, at least until we know whether it is encrypted or what not. could really cut down on the "does the bootloader restrict me from doing xxxxxxxxxxx?" chatter on all the threads.
+1 Great post! Guess we'll have to wait for quantum computers before we can crack 1024bit encryption in under a lifetime (seconds probably.) But very informative, I'm off to read everything you linked in your post.
Excellent post sir!
Great post! This should be required reading...
That means that if the Atrix 4G is HSUPA disabled, there's no way around it?
royalemint said:
That means that if the Atrix 4G is HSUPA disabled, there's no way around it?
Click to expand...
Click to collapse
please post in the general forum where a thread is going about this. however, it can mostly likely be resolved with a new modem driver.
I have an Atrix 4G in my hand... how can I find out if the bootloader is encrypted?
EGBTMagus said:
I have an Atrix 4G in my hand... how can I find out if the bootloader is encrypted?
Click to expand...
Click to collapse
I would like to know also. I know there are other threads about this the only problem is that there are 6 different answers/opinions.
Does not look good:
The Atrix 4G has a locked and encrypted bootloader. More bootloader related announcements are forthcoming.
http://getsatisfaction.com/motorola...tm_medium=email&utm_source=reply_notification
TinyRK said:
Does not look good:
The Atrix 4G has a locked and encrypted bootloader. More bootloader related announcements are forthcoming.
Click to expand...
Click to collapse
... and here just for the record:
https://supportforums.motorola.com/thread/45249?start=15&tstart=0
meta96 said:
... and here just for the record:
https://supportforums.motorola.com/thread/45249?start=15&tstart=0
Click to expand...
Click to collapse
I saw both of those. I am not totally convinced by a PR response, even if it is from Moto. So far the devs here in XDA seem to think it is only signed. I am inclined to believe them more, at least until I see otherwise.
Also, I need to update my OP and will try and do so tonight.
krkeegan said:
I saw both of those. I am not totally convinced by a PR response, even if it is from Moto. So far the devs here in XDA seem to think it is only signed. I am inclined to believe them more, at least until I see otherwise.
https://supportforums.motorola.com/thread/45249?start=15&tstart=0
Also, I need to update my OP and will try and do so tonight.
Click to expand...
Click to collapse
... the number of page views for this topic is bad PR, isn't it? It is just a act/react thing, you know ...
Who is your daddy and what does he do?
I dunno why but that's immediately what I thought of, lol
Sent from my MB860 using XDA App

[Q] Can my phone get root?

I've been trying to figure out on the forums which device has which path to get root and wow it doesn't make sense to me. I'm no noobie but I don't get all the updates and processes.
I just want root so i can use Xposed. i don't care about loading different roms or kernels.
I bought it from swappa. It has android version 4.4, system 140.44.5.ghost_att.en.US, Build 13.11.1Q2.X-69-3
this thing sucks HARD without root. there is so much you could do that you can't. It astounds me how diligently manufacturers and carriers are about preventing you from using the phone to its fullest. So i void a warranty, i don't care...
a10fjet said:
I've been trying to figure out on the forums which device has which path to get root and wow it doesn't make sense to me. I'm no noobie but I don't get all the updates and processes.
I just want root so i can use Xposed. i don't care about loading different roms or kernels.
I bought it from swappa. It has android version 4.4, system 140.44.5.ghost_att.en.US, Build 13.11.1Q2.X-69-3
this thing sucks HARD without root. there is so much you could do that you can't. It astounds me how diligently manufacturers and carriers are about preventing you from using the phone to its fullest. So i void a warranty, i don't care...
Click to expand...
Click to collapse
I have an AT&T Moto X running Kit Kat 4.4 (from OTA) and I'm also not clear on whether I can root my phone. I'm also unclear about whether I can unlock my phone
I would also appreciate guidance and direction.
Many thanks!
The AT&T branded Moto X cannot be unlocked, but the GSM unlocked DE will work on AT&T and is unlockable. The TMobile Moto Maker Moto X will work on AT&T and has an unlockable bootloader, too, but if you unlock the bootloader on it, your warranty is void. So I would stick with the GSM unlocked DE. There may be some issues with 4G LTE on AT&T using the TMobile devices but I am not sure. That is probably covered in the forum somewhere if there are any issues.
Click to expand...
Click to collapse
Okay, so I can root, but not unlock. I think I'll wait till an easier and simpler root method is developed like there was for my Samsung GS2.
I appreciate the guidance.
CartlandSmith said:
We are lucky to even have this method. Google is making Android more and more secure by incorporating SELinux. If a root method for 4.4.2 is ever found, it will likely be even more complicated.
4.4 Security Enhancements
Also, the dev who came up with the current root method, jcase, is not interested in finding a root method for Motorola phones running 4.4.2.
So rooting now is likely your only chance at rooting. If you take the 4.4.2 OTA unrooted, it is doubtful you will ever be able to gain root because the 4.4.2 bootloader is not downgreadable.
Since the developer edition phones are so readily available from Motorola at such a good price and since only AT&T and Verizon retail/customized phones are not unlockable, there isn't much interest in trying to find a way to root locked Motorola phones running 4.4.2. Sprint, US Cellular and TMobile retail/customized Moto X's are unlockable as are the developer edition Moto X's.
Click to expand...
Click to collapse
Thanks for the thoughtful and informed reply, Cartland. My last phone was a Samsung GS2 and it was easy to root (all automated). Though I have rooted and flashed ROMs on a number of phones, this process seems complicated and readily screw-upable (not a real word, I admit). I like being rooted, so I can flash tweaked-out ROMs that are better than stock.
I'll explore rooting more and see how comfortable I am with it.
Much appreciated.
CartlandSmith said:
We are lucky to even have this method. Google is making Android more and more secure by incorporating SELinux. If a root method for 4.4.2 is ever found, it will likely be even more complicated.
4.4 Security Enhancements
Also, the dev who came up with the current root method, jcase, is not interested in finding a root method for Motorola phones running 4.4.2.
So rooting now is likely your only chance at rooting. If you take the 4.4.2 OTA unrooted, it is doubtful you will ever be able to gain root because the 4.4.2 bootloader is not downgreadable.
Since the developer edition phones are so readily available from Motorola at such a good price and since only AT&T and Verizon retail/customized phones are not unlockable, there isn't much interest in trying to find a way to root locked Motorola phones running 4.4.2. Sprint, US Cellular and TMobile retail/customized Moto X's are unlockable as are the developer edition Moto X's.
Click to expand...
Click to collapse
CartlandSmith said:
It takes some time to do it. I did it on a relative's phone. There are unfortunately some pointers that are left out of the original posts that help everything to go smoothly if you know them. You can find them in the threads, but the threads have gotten so long it makes the process take longer when you have to read through them to find all of the pointers.
If you are only flashing using RSD Lite - RSD Lite will stop you from bricking your phone.
You are never going to get a simpler method with a locked bootloader Motorola phone - it is only going to get harder and I predict the devs won't invest much energy in it going forward because it is just not worth it when there are developer editions available to us. I think those that are doing it get a kick out of it, but when it becomes too time consuming, well, they have their day jobs they have to make sure they focus enough time on to pay their bills. They get donations for this sort of thing, but I am sure the donations don't compensate them very well for all of the time they take trying to find exploits the more secure Android becomes.
With a locked bootloader, you can't flash ROMs because you don't have a custom recovery. But what you can do it use Xposed Framework and its modules like Gravity Box if you are rooted.
I spent some time this weekend rooting a relative's Verizon Moto X with a locked bootloader due to the 4.4.2 OTA coming. You have some breathing room on AT&T right now to root, but don't wait too long or you will lose the opportunity once the OTA comes.
Click to expand...
Click to collapse
I don't think I have the time or energy to go through the process of finding those pointers and then going through the root method. I'm wondering if anyone will compile those pointers (as you suggest, I have noticed with previous rooting and flashing methods, some key steps aren't described which can cause major problems).
A clarification. You say that if I just want to flash ROMs, I can use RSD Lite. But then you say that with a locked bootloader, you can't flash ROMs.
I do appreciate your taking the time.
POINTER - sell or trade your phone for a Dev edition
It is difficult to root if you can't unlock your bootloader. There is a thread in this forum telling you how to root your device with both locked and unlocked bootloader.
Rooting this device isn't difficult. If you can read and type verbatim, letter for letter, you can get root. People need to stop psyching themselves and others out.
CartlandSmith said:
Yes you can get root, but it takes a bit of work
First you have to downgrade to 4.2.2 by flashing the sbf firmware for your device.
Click to expand...
Click to collapse
can you specify what sbf is? searching didn't help. Try not to use so many acronyms for us dummies.
CartlandSmith said:
Then use RockMyMoto to get root on 4.2.2. Then use MotoWPNoMo to disable write protection.
Then reflash 4.2.2 and use SlapMyMoto.
Click to expand...
Click to collapse
do i use ODIN? what do i use to flash?
CartlandSmith said:
You will be rooted on 4.4 and write protection will be disabled when you are done with all of that.
Once you have root, be sure and freeze MotorolaOTA to stop the 4.4.2 OTA. If you take the 4.4.2 OTA, you may keep root, but write protection will be enabled.
Click to expand...
Click to collapse
Does motorolaOTA automatically download the latest updates and install them without warning you?
thanks for giving me hope!
EDIT: does anyone know if http://forum.xda-developers.com/moto-x/orig-development/script-root-moto-x-root-script-locked-t2603051 will work?
I'm getting close to knowing what to do!
But the individual steps are not very well written.
For example on the RockMyMoto page, he just starts giving you commands. He doesn't tell you what to type them into. In the video, everything is already open. I tried the command in cydia impactor and it didn't do anything. I though maybe you do it in adb, I don't really know what that is but I found adb.exe and launched it but the command window it opens goes through a bunch of commands and then closes. I can't even get past step one because he never said how he got to the point where he starts!
CartlandSmith said, in the third post, that i am supposed to reflash 4.2.2 at the end.. Did he mean 4.4? Or 4.2.2 then slapmymoto then take 4.4 over the air?
It would be really helpful (to me at least) if someone could put step by step instructions. Like humiliatingly degradingly redundant instructions for a complete idiot. I will put them up if I ever figure it all out. It's so frustrating when the instructions are so detailed from where they start, but they never show you how they got to where they are.
Thanks to everyone for the help.
EDIT: probably stupid question but does the phone ever need to be connected by USB? none of the posts mention it but all other devices i've used needed it. adb (here is a tutorial)/ isn't recognizing my device with USB connection or not. Both connected to same router, all drivers and everything updated, Debugging enabled...
No offense intended...at all....but if you value your phone, you really need to study up and read LOTS of stuff here. Until you understand what you are about to do, don't do anything.
Just trying to save you from a bricked phone. You seem very unsure of everything at this point. No one can post anything here that isn't already covered in the guides. Look at the stickies, complete Moto x guide is there.
Good luck.
Sent from my Nexus 5 using Tapatalk
Hmm i rebooted my computer and factory reset my X and now everything is connecting. Guess you should always try the IT Crowd's advice before doing anything else lol
I agree that everything is covered on this site, it's just not organized.
It seems unorganized when you don't understand. Read enough of it and it all makes sense eventually. This has everything about bootloaders, rooting...etc. BUT, you need to know what applies to your situation. And again...that comes when you understand the stuff.
http://forum.xda-developers.com/showthread.php?t=2603358
Sent from my Nexus 5 using Tapatalk
CartlandSmith said:
It's even more clear how unorganized the info here is the more educated you become.
The thing that becomes the most clear eventually is how much misinformation is posted.
Sorry but the "it only appears disorganized and unreadable and full of misinformation" because you don't understand it won't fly with those of us who do understand it.
Click to expand...
Click to collapse
The OP of the thread I linked is well organized. Its about the only one that is. Its also stickied, so should be incredibly easy to find.
As far as misinformation goes, that's due to people being quick to post advice when they clearly don't have a handle on this stuff themselves.
How to avoid the clutter and misinformation? Maybe point people to good threads that already exist instead of filling new ones with more misinformation. No? Or God forbid, suggest they search for the information that already exists? Instead of helping to grow yet another repeated thread with both good and poor information within it.
Xda's number one rule was created for a reason. To keep clutter and thread after thread of similar content to a minimum. A lot of inaccurate information gets repeated over and over as well. But, so many refuse to search cause its too much work, and just as many others condone this behavior by answering.
I know most don't agree with what I'm saying, as the forums prove with the repeated information here in truck loads. And I also know when any of us remind people of rule number one here on xda....we're called trolls, flamers and much worse....even when the reminder was posted respectfully.
So who exactly are the flamers? LOL
Its looking like reminding members to search and read and actually help them help themselves is becoming a dangerous practice. I'm tired of the misinformation and cluttered forums....and if reminding is just going to start drama at every turn, I suppose reporting the offenders is the easier option. Tho not my first choice.
But if you read this carefully, you'll see I'm completely agreeing with you. LOL. So lets agree to agree and leave it at that.
And as a member who's been around a while, I won't stop doing my part to try to cut down the misinformation and lack of respect for the xda rules. Not abiding by rule number one is EXACTLY why the mess of confusing information exists. You see that, right?
If the newer members want to make me the bad guy for this, fine. I'll be the bad guy.
And I help more people here than most as well.....but that's forgotten if you disagree with anyone or remind anyone of the rules here. Fine. Again.....call me the bad guy. Better get used to it too, I'm not going anywhere.
I'd apologize for the off topic, but this thread should have been closed anyway.
Have a good one!
Sent from my Nexus 5 using Tapatalk
CartlandSmith said:
The most confusing thing of all is why someone with a Nexus 5 self-appoints themselves to be the "hall monitor" of the Moto X forums. *shrugs*
Click to expand...
Click to collapse
Um, perhaps I own both.
How bout you drop it and stop commenting on multiple posts of mine since you appear to dislike the things I say. K?
Try the ignore member feature.
Sent from my Nexus 5 using Tapatalk
Please search before posting
Check the sticky guides before asking questions about rooting
Thanks
FNSM
kennyglass123 said:
Please search before posting
Check the sticky guides before asking questions about rooting
Thanks
FNSM
Click to expand...
Click to collapse
Ninja'd .....:good:

(No progress yet)Root dev for Galaxy S9 Plus SM-G965U (Snapdragon)

Do not ask for an ETA
Once the mods start getting onto people for asking, I'll take my dev work off site. I don't want to upset mods and admin over people being impatient.
I've been looking and root isn't available yet for the Snapdragon version. I've created root access for a few devices so far, be it years ago. I want root, so I've decided to start dev work on my own. Can't say how long it will take, or if I will be able to, but anyone that is willing to test or help, feel free to comment and say so, since help would be greatly appreciated. Testers are needed.
First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
Reserved for future links.
drakaina said:
Do not ask for an ETA
Once the mods start getting onto people for asking, I'll take my dev work off site. I don't want to upset mods and admin over people being impatient.
I've been looking and root isn't available yet for the Snapdragon version. I've created root access for a few devices so far, be it years ago. I want root, so I've decided to start dev work on my own. Can't say how long it will take, or if I will be able to, but anyone that is willing to test or help, feel free to comment and say so, since help would be greatly appreciated. Testers are needed.
First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
Click to expand...
Click to collapse
One guy flashed a combination version of the firmware and got the OEM unlock toggle to show on a SM-G960U. It switched on and off but I am not sure if it actually unlocked the bootloader or not. There is a TWRP already ported to the Snapdragon version as well, although only for the Chinese and Hong Kong version, it should work on our device if you can get the bootloader unlocked first. I have been scouring online and in the forums since the phone came out and that's all I nave found thus far. Im sure you already know these things, but I figured I would say it just in case you weren't aware. Hope you get it figured out! Good luck! ?
The only development I've heard of is one user claiming he got a diagnostic boot with SElinux permissive. (In the S9 root dev forum/thread) I also have a source who is NOT trying to be identified publicly because he works for google, but he informed me that "the android O build for SAMSUNG DEVICES, was developed with special instructions in it to automatically kick a KERNEL PANIC , if ANY app NOT on some internal White List attempts to access, modify, or send SU commands through any NOT LISTED app with those permissions granted already." ... now I'm not an Android level programmer, but I'm an old Linux dev/ penetration systems tester (lol) and from what I am gathering is that the patches or whatever that Samsung added to the O.S. also included an encrypted or hidden white list, which he says is VERY small, (as in number of items actually in the list) , but even he said they do not have any access nor knowledge of where they stored this. He did tell me that they delivered an incomplete or infant code for Samsung Snapdragon Model Note 8,9 and s8,9, and it was so crude that not only would it not compile because of missing crap Samsung deliberately did not supply them with... but he said that it was NOT lockable in that state, so Samsung either inserted their own locked kernel and whatever to create this B.S. broke down version of Android that is Root crippled. BUT the only clue he could give me was that "On no level can an E-fuse provide an unbreakable chain of trust, and that if an extreme modded were to actually break down the system board of an S9, they could in theory remove or add some sort of device that would bypass the Qualcomm Secure boot completely!" ... now this ain't a best friend or nothing so truthfully I'm surprised I got this much from him... but I've known who he was and that hes worked for Google nearly 12 years as a developer and software engineer. So I dont know if any of that info helps... but my contribution is that I can get my device (s9+ from Sprint USA Sm-g965U) replaced with little to no hassle, so I'm 100% willing to do any tests u need, providing that you give me at least a basic level of instruction, as to each set of commands or package u want me to flash. I'm pretty android savvy considering it's just a linux derivative... and I know Samsung 100% .. I've had every S - galaxy since day 1 . BUT throwing blind commands at my device that I have 0 understanding of their impact, makes me feel like a squirrel running across the freeway during rush hour! Plz Do me a favor and shoot me a private message and I'll give you my cell number and email so u can reach me quicker when you have something u need tested! Now please people don't berate me if something he said to me was not correct or you have different data to disprove what he said. I literally took notes by hand and had him confirm them, so I'm just the messenger/informant and u gotta realize that as a google employee, he #1 is partially not knowledgeable of ways to exploit the O.S. which is what the hackers come into play for. And make the developers work **** tons harder to FIX the hole the ****ed up in the 1st place! ? Lol... and #2. I did ask about the possibility of a $$$$ number he would take in order to provide an actual Eng-boot like that of the S8, and he said that "Those are developed by each individual corporation after they are provided the build source code", and that "google has no interest in possessing or archiving any such file because the O.S. does not need it to provide a developers version of the O.S., which is as far as Google goes in providing a new system to the companies.... so for something like that, reach out to one of the underpaid factories full of workers and I'm sure they would happily give you what you want for much cheaper than you imagine!" Ok that was very long winded but I wanted to cover all I could because I prob wont check this thread anymore.... plz PM me bro so I can get you my info ... and let's put this Flashing Guinea Pig (me) to work in getting this ***** at least hack rooted or maybe full!!!
Hello, i've just finished reading all above and from what I've read I can tell that not all hopes are lost as well I'm offering my help to be a (TESTER) for any attempts you wanna try, however, please note that I'm NO DEV just a user who would like to his phone rooted ASAP that's all, so please explain the commands that you would give me and the steps. plz PM me so I can get you my contact info
It ain't happening with the known exploits.
Ok, so far I have a few routes I plan to take that have worked on other devices. Working on the first, but not at the moment. The rude comment compelled me to post my own. Devs don't follow old ways of doing things so get that out of your head if you want to think forward, not backwards. I have found what could be an exploit in the rom itself that "might" be the starting point to get root access. This is NOT an ETA but hopefully we can start testing in the next few weeks.
I'll say it now, don't get overly excited a possible exploit has been found. I make no guarantee on it being THE exploit needed. Just be patient, and if you have insight on a way to attack this or another possible exploit, do say so.
If anyone knows of the bootloader partition already having been copied, post a link. I share mine at the moment so I don't always have it around, so any of the bootloader data would help greatly.
drakaina said:
Ok, so far I have a few routes I plan to take that have worked on other devices. Working on the first, but not at the moment. The rude comment compelled me to post my own.
Click to expand...
Click to collapse
I saw no rude comment, just a dose of reality for you, a little thin skinned are we?
You're continuing to be rude and attempting to derail the point of the thread. Meh, I'm getting back to work since it not good to feed trolls.
Pretty sure placeholder threads are not allowed on XDA...
I am making presence known now. I will be watching this closely
Technicly this thread don't even need to exist right now.
drakaina said:
Do not ask for an ETA
First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
Click to expand...
Click to collapse
Myself and a handful of other people involved in us snapdragon s8/s8+/n8+ took a brief crack at it a little while ago to no avail. I don't want to go into too many details on here as 1) Samsung is watching surely and 2) the contents from the peanut gallery get old quick but here are the cliff notes. Feel free to pm me here or on telegram for more details. (Backstory on me, I created samfail which was the first/only n8 root method and the second for the s8/s8+ and the only published one beyond bootloader v1.
- samfail is 100% patched. No known way to modify system
- you can't mix combo boot with stock images anymore. Samsung got wise to that. Figured out how to track it if we can force write a system image
- there is a ton of new system level security because they had to move out of the boot image due to treble. Probably the first big nail in the coffin I'm.
- don't waste your time on the oem unlock toggle in the combo/factory rom. No it doesn't unlock the bootloader. The us snapdragons don't respect it's value outside of turning off frp, but that was with the s8 idk if it is still true on the s9.
- the other poster is right about the anti root thing. It's in the open source kernel code. If anything being exexuted under uid 0 matches a list of common/known root mods/not stuff that is supposed to be there, instant kernel panic. Things like "binary is called BusyBox" are on that list.
This was the point I gave up. Partially because I don't have the device so testing is extremely difficult (I wised up this year and purchased a intl. Snapdragon sm-g9650 which has full oem unlock just like the exy).
In sure there's things in forgetting right now and again, being too transparent here results in root method bring patched faster, hit me up if you want more brain dump
drakaina said:
You're continuing to be rude and attempting to derail the point of the thread. Meh, I'm getting back to work since it not good to feed trolls.
Click to expand...
Click to collapse
Although I have seen a lot worse on these threads, his comment was pretty negative, which is what we do not need in this thread. I wish people would just keep their thoughts to themselves if they have nothing to add to the discussion. I also will test so let me know if there is anything I can do to help.
i also have a g965u and have been trying various mwthods to no avail at this point.. we need new exploits to be found.. all the obvious stuff will not work
It is because of this is why I will never buy another Galaxy phone. I need root.
zzEvilGeniuszz said:
It is because of this is why I will never buy another Galaxy phone. I need root.
Click to expand...
Click to collapse
Just don't buy snapdragon, the Exynos S9s are unlocked
*Detection* said:
Just don't buy snapdragon, the Exynos S9s are unlocked
Click to expand...
Click to collapse
You cannot buy Exynos from a carrier. You have to buy directly from Samsung for that. I know because I requested a Exynos variant. Sprint said they couldn't (or wouldn't) give me one.
edit: nvm not worth it.
zzEvilGeniuszz said:
You cannot buy Exynos from a carrier. You have to buy directly from Samsung for that. I know because I requested a Exynos variant. Sprint said they couldn't (or wouldn't) give me one.
Click to expand...
Click to collapse
i talked to samsung a couple months ago before i got my s9 and they told me they wont sell you one directly with the Exynos. I was going to get the s8 with the exynos if they would of sold me one. They wouldn'ty so i bought a tmobile s9 with my carrier.
has anyone been able to reboot phone into edl mode?

Unlock, Rebrand, Unbrick, Update - FunkyHuawei Support Thread for Mate 20 Pro

This is the official FunkyHuawei support thread for the Mate 20 Pro.
The below applies to both the Mate 20 and the Mate 20 Pro.
Install:
Currently FunkyHuawei has a new install method for EMUI 9 devices which is not public as of yet.
Unbrick:
Unbricking will be possible with the new HiSuite 9 method, but it is not public as of yet.
Rebrand:
Rebranding is not currently planned to be offered. Neither is single sim to dual sim conversion. This may change in the future.
Unlock:
Unlock codes are available via the unlock code order form, or by purchasing an unlimited pass. See the site for details.
If you have a global variant, make sure that you can choose Enable OEM Unlock in developer options. So far we have seen the option grayed out on all devices. If you can't enable this, even with the code, you can't unlock the bootloader.
It has been confirmed that bootloader unlocking on the Chinese variant is possible. On the global variant we can give you the code, but you'll need to be able to choose Enable OEM Unlock as specified above.
Root:
The methods which are not public are available to those who want to test them, by contacting FunkyHuawei support by email.
We will update this thread with any changes.
so I have to purchase for unlocking my device?
what the ..
I would prefer bootloader unlock with paid service rather than having Mate 20 Pro with access limitation. Since you as the owner, you should've the right to use your phone the way you want it. Since the official unlock method was suspended months ago, what else option do we have?
silentdc said:
I would prefer bootloader unlock with paid service rather than having Mate 20 Pro with access limitation. Since you as the owner, you should've the right to use your phone the way you want it. Since the official unlock method was suspended months ago, what else option do we have?
Click to expand...
Click to collapse
it honestly feels like a money grab.
alisj99 said:
it honestly feels like a money grab.
Click to expand...
Click to collapse
Sure, but these people are putting work in to it and want to be paid -- I don't believe they're affiliated with Huawei. If it was Huawei doing this, I'd understand your sentiment.
Keeping tabs here. I'm hoping to pre order the UK emerald green variant before the timeframe ends for the free gifts.
Not sure of the purpose of this thread. It offers nothing. So will it? Can the phone be unlocked? Is a purchase required?
We already know Huaweu have publicly stated all phones after an earlier date in 2018 won't be boot-unlockable. So curious...how will FunkyHuaweu help me?
RoOSTA
roosta said:
Not sure of the purpose of this thread. It offers nothing. So will it? Can the phone be unlocked? Is a purchase required?
We already know Huaweu have publicly stated all phones after an earlier date in 2018 won't be boot-unlockable. So curious...how will FunkyHuaweu help me?
RoOSTA
Click to expand...
Click to collapse
Think we've gotta wait for Friday onwards, as seemingly people with devices now (presumably different software wise?) have the OEM unlock option greyed out in developer options.
As far as my understanding goes, if we can check that option, we can't unlock the bootloader..... Sad times if so.
I'll be hopefully getting my device on Friday and I'll be sure to see if that option is an option for me...
So is there any way to unlock bootloader other than OEM unlock?
ryballs said:
So is there any way to unlock bootloader other than OEM unlock?
Click to expand...
Click to collapse
As far as I know that setting needs to be checked, we need to be able to select Allow. Without it I don't think the bootloader can be unlocked, but I'd be gladly proved wrong!
Does rebrand from L09 to L29 work or is it in the works?
Edit.. Meant without root, not bothered about that.. Or are we saying we need unlocked BL nowadays to rebrand to doff model?
Cass67 said:
Does rebrand from L09 to L29 work or is it in the works?
Click to expand...
Click to collapse
May change in the future, but right now, any kind of rebranding is looking very unlikely.
The same software updates can be offered for all brandings, which is a plus, so there shouldn't be such a need to rebrand, even if you have an obscure branding.
But enabling dual sim on single-sim, is looking very unlikely with the current state of things. We are looking into it, though.
Thanks for the reply. I need global, not Chinese with root... this is a Dev community - so I don't support anyone holding the root process for global ROM as a ransom. Happy to pay a contribution but it's meant to be shared..
Unless your version is a 1 click solution like chain fire and has no phone side effects, then I don't see the value on demanding a ransom
Sent from my [device_name] using XDA-Developers Legacy app
roosta said:
Thanks for the reply. I need global, not Chinese with root... this is a Dev community - so I don't support anyone holding the root process for global ROM as a ransom. Happy to pay a contribution but it's meant to be shared..
Unless your version is a 1 click solution like chain fire and has no phone side effects, then I don't see the value on demanding a ransom
Sent from my [device_name] using XDA-Developers Legacy app
Click to expand...
Click to collapse
Demanding a ransom? LOL.
They're a business providing a service.
If others want to do it for free, there's nothing stopping them from doing so. The problem is, I doubt there will be enough people interested in doing that ... the Huawei / Honor development community has already been shattered.
mudnightoil said:
Demanding a ransom? LOL.
They're a business providing a service.
If others want to do it for free, there's nothing stopping them from doing so. The problem is, I doubt there will be enough people interested in doing that ... the Huawei / Honor development community has already been shattered.
Click to expand...
Click to collapse
Cool dude. You can go ahead and buy "pre rooted" phones from them because "only they can do it."... I'm. Here to support Devs who are on the forum to work out problens together and share the results with the community.. And i may add, earn money in the process via tulhe bounty thread...
Sent from my VKY-L29 using Tapatalk
roosta said:
Thanks for the reply. I need global, not Chinese with root... this is a Dev community - so I don't support anyone holding the root process for global ROM as a ransom. Happy to pay a contribution but it's meant to be shared..
Unless your version is a 1 click solution like chain fire and has no phone side effects, then I don't see the value on demanding a ransom
Sent from my [device_name] using XDA-Developers Legacy app
Click to expand...
Click to collapse
I mentioned before, I need the device in hand to do it. No way currently exists that I could offer people to do at home. That might change in the future, but that is the current situation.
With the Chinese version, you can likely simply unlock the bootloader and root like any other phone.
With the global version, you could theoretically do the same if Enable OEM Unlock is available. But if it isn't available, the only alternative I can offer, is one that requires the device in-hand. It's nothing to do with ransom. I'd much prefer there were easier rooting methods available. My full-time job is reverse-engineering and exploiting Huawei devices, so it would make my job much easier.
duraaraa said:
I mentioned before, I need the device in hand to do it. No way currently exists that I could offer people to do at home. That might change in the future, but that is the current situation.
With the Chinese version, you can likely simply unlock the bootloader and root like any other phone.
With the global version, you could theoretically do the same if Enable OEM Unlock is available. But if it isn't available, the only alternative I can offer, is one that requires the device in-hand. It's nothing to do with ransom. I'd much prefer there were easier rooting methods available. My full-time job is reverse-engineering and exploiting Huawei devices, so it would make my job much easier.
Click to expand...
Click to collapse
Many moons ago, "JTAG'ing" a Microsoft Xbox 360 console required a but of heavy lifting...and by that, I mean a lot of specialized effort and knowledge to carry about a successful JTAG, see what I mean:
https://www.instructables.com/id/How-to-JTAG-your-Xbox-360-and-run-homebrew/
So - with that in mind - are you literally pulling the Mate 20 Pro phone apart with special tools and connecting wires to it running specialized patent-pending software/s? I obviously need to ask as you have failed several times to mention WHY you need the "phone in hand" to root?!
Otherwise, if you're insinuating that it takes a lot of manual rebooting, flashing and lots of complicated software steps - well, that's why there's things called instruction guides....and people like me around offering to put one together so I/we can SHARE and help others in my position (who would want a rooted global version of this). So I will once again state, unless you can elaborate otherwise, it is in fact a ransom...imagine how much Chainfire, all those years ago, could've charged Samsung users for his (albeit, simpler) root method across the range and years of phone and tab models?
RoOSTA
roosta said:
Many moons ago, "JTAG'ing" a Microsoft Xbox 360 console required a but of heavy lifting...and by that, I mean a lot of specialized effort and knowledge to carry about a successful JTAG, see what I mean:
https://www.instructables.com/id/How-to-JTAG-your-Xbox-360-and-run-homebrew/
So - with that in mind - are you literally pulling the Mate 20 Pro phone apart with special tools and connecting wires to it running specialized patent-pending software/s? I obviously need to ask as you have failed several times to mention WHY you need the "phone in hand" to root?!
Otherwise, if you're insinuating that it takes a lot of manual rebooting, flashing and lots of complicated software steps - well, that's why there's things called instruction guides....and people like me around offering to put one together so I/we can SHARE and help others in my position (who would want a rooted global version of this). So I will once again state, unless you can elaborate otherwise, it is in fact a ransom...imagine how much Chainfire, all those years ago, could've charged Samsung users for his (albeit, simpler) root method across the range and years of phone and tab models?
RoOSTA
Click to expand...
Click to collapse
Just to add to this I'm willing, within reason, to help out in any way possible to achieve Magisk root for the global version. There is currently a pledged amount of around £170 and hell, even if some of those didn;t pay out I'd be willing to put more in....
If we can assist in anyway let us know....
Otherwise, if you're insinuating that it takes a lot of manual rebooting, flashing and lots of complicated software steps - well, that's why there's things called instruction guides....and people like me around offering to put one together so I/we can SHARE and help others in my position (who would want a rooted global version of this). So I will once again state, unless you can elaborate otherwise, it is in fact a ransom...imagine how much Chainfire, all those years ago, could've charged Samsung users for his (albeit, simpler) root method across the range and years of phone and tab models?
Click to expand...
Click to collapse
If it was something like this, I would be offering it as a do-at-yourself service, with a tool. I can't offer it like that, I need the phone in-hand to do it, as I said.
I guess one could then ask the question: What if someone in relation to Huawei pays you for a phone (global) pre-rooted. Then, they investigate how or where the exploit was made - and eventually patch it anyway? It may take longer, but we'd end up in the same position as before if Huawei wanted to control root on their global models...and, given your work/livelihood, you would know better than most: If Huawei did NOT want this to happen, they certainly wouldn't make the CN version as simple and easy to root as you claim in this thread...and they'd have something in the pipeline, if not available now ready to patch the exploit...
I still do not see how the CN and Global versions can be so completely and insanely different.
RoOSTA

Sad news for Galaxy s9 G960U users wanting root.

I have looked around the internet and finally found over on a sprint forum some sad news about rooting. So in the case most of you are unaware, the US models for the Galaxy s9 have had their OEM Unlock(Bootloader unlock) option disabled. I finally found the reason why on an old post back from the Galaxy s8. Please don't harp on me that its a different phone because its the concept discussed that actually gives the real reason why vendors like sprint have disabled the option!
"Link to below quote: community.sprint.com/t5/Samsung-Board/OEM-Unlock-option-is-gone/td-p/965240"]https://community.sprint.com/t5/Samsung-Board/OEM-Unlock-option-is-gone/td-p/965240:
"Quoted from Community manager, seawolf's post!"
Re: OEM Unlock option is gone
First of all, wow @zahale! its my job to be somewhat aware of our current population and to keep an eye out for knowledgeable posters (we like to try to make those people Advocates, like @DJ_Damjano and @Fireguy_6364). I have run across several of your comments in this space lately and you're definitely above the curve when it comes to technical device knowledge and experience. I'm kind of following you around now just to learn Smiley Wink
I was pretty sure I knew why Sprint locks down developer options but I put the question to some of my device folks in conversation yesterday. The explanation probably won't be something you like, but hopefully, it'll be something you can understand. Unfortunately, as with many things, knowing why also won't change anything but you asked a fair question and I wanted to try to give you a fair answer.
Sprint locks things like boot loaders down to control the average customer experience and to prevent a novice user from accidentally damaging the device or negatively affecting performance. While technically such a change isn't Sprint's fault, I can tell you from experience from when I was in customer service that most customers think it is and correcting the problem, if its possible, can be a challenge at best.
Unfortunately, this is an all or nothing kind of situation. We either leave it open for everyone or we lock it down for everyone. Since we can't customize the experience based on user knowledge, we try to optimize it for the novice, which means some of the more advanced setting areas on the phone are locked down.
This is clearly important to you and I can understand why. With this particular phone there isn't anything we can do on our end to unlock the developer options for one individual. When you are ready to upgrade again, you might want to look for factory unlocked versions of the phones you like or OEMs that leave theirs unlocked (although that's harder to verify). In this case, the developer options are not locked down in the factory unlocked versions of the S8 and S8+.
SeaWolf
Sprint Community Manager & Customer Advocate
Captain of the Vicious Cream-puff
I encourage you to post your questions on the community, give Kudos when earned and always mark the correct answer as "Accepted Solution".
Like SeaWolf states, it is just easier after your contract is done to just buy a OEM unlockable version. They do this for customer based reasons to make a novice experience for all users so that new users can't brick their phone on accident messing with settings. Sorry all but OEM unlocking will never be an option for g960U users.
All US (snapdragon) model S9s have a locked bootloader, it has been the case for a long time since at least the S7....
*Detection* said:
All US (snapdragon) model S9s have a locked bootloader, it has been the case for a long time since at least the S7....
Click to expand...
Click to collapse
Yes we already know this, but this post is an update on the reason why its that way. I have looked everywhere and even asked around but no one gave me a reason why they made it this way. I finally found this post and was just sharing it for news so that people can finally understand and get an update.
WatchersGrim said:
Yes we already know this, but this post is an update on the reason why its that way. I have looked everywhere and even asked around but no one gave me a reason why they made it this way. I finally found this post and was just sharing it for news so that people can finally understand and get an update.
Click to expand...
Click to collapse
but the info is nothing new plus its just a thread of people living in the stone age mixing up sim unlock with oem unlock and then complaining about it.
US snapdagon device's bootlaoder arent unlockable its a very very well know fact. any other device destined NOT for American soil can have its BL unlocked and probably be rooted.( so thats any device made for the rest of the world). surely this info has been plastered all over xda...
https://forum.xda-developers.com/ga...s-recoveries--other-development/root-t4041815
root is out
I have been rooting and modding various and sundry devices since 2011. I find, for my purposes, the s9 doesn't need it. Of course YMMV

Categories

Resources