Related
I've never owned a Nexus/Google phone, how long would you all guess it's going to take to root the Nexus 6?
Thanks! :fingers-crossed:
Kidding I hope
Pyros2008 said:
I've never owned a Nexus/Google phone, how long would you all guess it's going to take to root the Nexus 6?
Thanks! :fingers-crossed:
Click to expand...
Click to collapse
Before you even get it
Sent from my A0001 using XDA Free mobile app
Nope, the first time I rooted was a month ago, my Note 3. I take it the device can be rooted off the bat.. or there something else I am missing?
Give Chainfire a couple hours with the phone
Pretty sure the process will be similar to other Nexus devices... Fastboot oem unlock, etc, etc.
http://phandroid.com/2014/11/17/nexus-6-lollipop-root/
all hail king chainfire?
kgeissler said:
http://phandroid.com/2014/11/17/nexus-6-lollipop-root/
Click to expand...
Click to collapse
That has 6 nexus devices with root. Bit not the nexus 6.
I would make sure to wait until Google releases the factory image before rooting just in case something goes wrong
I'm pretty sure that the factory images have to be out as he has to create a modified kernel for the N6 for superuser to work on 5.0.
lordgodgeneral said:
I'm pretty sure that the factory images have to be out as he has to create a modified kernel for the N6 for superuser to work on 5.0.
Click to expand...
Click to collapse
I think he just patches the existing kernel so don't think he would need images. Think being the key word there as I don't know for sure how it works exactly.
You don't need a developer to root a nexus. Boot into the bootloader, connect to your computer, run: fastboot oem unlock, then install the recovery of your choice via fastboot (fastboot flash recovery blahxxx.img), then just flash whatever superuser you want (e.g. SuperSU)
Sent from my XT1053 using Tapatalk
bongostl said:
You don't need a developer to root a nexus. Boot into the bootloader, connect to your computer, run: fastboot oem unlock, then install the recovery of your choice via fastboot (fastboot flash recovery blahxxx.img), then just flash whatever superuser you want (e.g. SuperSU)
Sent from my XT1053 using Tapatalk
Click to expand...
Click to collapse
Sorry but this is no longer accurate. First off, there are no custom recoveries yet. Second, lollipop requires additional work arounds for root other than just flashing superuser.
akellar said:
Sorry but this is no longer accurate. First off, there are no custom recoveries yet. Second, lollipop requires additional work arounds for root other than just flashing superuser.
Click to expand...
Click to collapse
Hm? I'm running oneplus one with root on lollipop. All I had to do was just flash supersu in recovery.
Hopefully we can see a twrp on nexus 6 soon.
Sent from my A0001 using Tapatalk
zephiK said:
Hm? I'm running oneplus one with root on lollipop. All I had to do was just flash supersu in recovery.
Hopefully we can see a twrp on nexus 6 soon.
Sent from my A0001 using Tapatalk
Click to expand...
Click to collapse
It's likely not a complete build with the SELinux improvements that google made to the kernel. You need to modify the kernel on lollipop to have root so your one plus probably just has a ROM not a full image of the lollipop on it. Also as stated earlier you can't root anything without the factory image posted by google for the nexus. Then the developers can have at it. Until your happens we are just left waiting.
Pilz said:
It's likely not a complete build with the SELinux improvements that google made to the kernel. You need to modify the kernel on lollipop to have root so your one plus probably just has a ROM not a full image of the lollipop on it. Also as stated earlier you can't root anything without the factory image posted by google for the nexus. Then the developers can have at it. Until your happens we are just left waiting.
Click to expand...
Click to collapse
SELinux is currently permissive and yep its built off CM12 sources. But to answer OP's question, probably won't take too long but no ETAs.
zephiK said:
SELinux is currently permissive and yep its built off CM12 sources. But to answer OP's question, probably won't take too long but no ETAs.
Click to expand...
Click to collapse
Then that's why you can flash it in recovery. Normally you wouldn't be able to if it wasn't changed.
Chainfire said:
On LPX13D, SELinux, and root
As promised, here are some more details about the current situation.
Why it breaks
Google has really put some effort into better securing Android, and we've seen a lot of SELinux related commits to the AOSP tree over the past months. There is some disconnect between the AOSP tree and actual L preview builds, some things from AOSP are not in the L preview build, and vice versa. Ultimately, it's a pretty good bet these things will mostly align, though.
On most devices and firmwares, SuperSU's daemon is started by the install-recovery.sh service script that runs at system boot time, as user root with the init context. This is what the daemon needs to function.
Recently, they've started requiring all started services to run in their own SELinux context, instead of init. Developers and security guys following AOSP have known this was coming; AOSP builds have been logging complaints about this specific service not having its own context for a while now.
Now this script runs as root, but as the install_recovery context, which breaks SuperSU's operation, as it is a very restrictive context.
In the last AOSP build I have tried (a few weeks old), there were a fair number of other holes that we could use to launch the daemon. At first glance(!), it seems those have all been closed. An impressive feat by the guys working on this, if it proves true.
How to fix it
To fix root, all that really had to be done was ensure the daemon's startup script is run at boot as the root user with the init context.
There are multiple ways to do this, but unfortunately for now it seems that it does require a modified kernel package (changing the ramdisk).
In the modified kernel packages I've posted for the Nexus 5 and Nexus 7, the daemon's startup is fixed by commenting out the line in init.rc that forces the install-recovery.sh script to run as the install_recovery context, so now it runs as init again, and all is well.
Repercussions
As stated above, it seems for now that modifications to the kernel package are required to have root, we cannot attain it with only modifications to the system partition.
Combine that with a locked bootloader (and optionally dm-verity) and a device becomes nigh unrootable - exactly as intended by the security guys.
Exploit-based roots are already harder to do thanks to SELinux, and now because of the kernel requirements for persistent root, these exploits will need to be run at every boot. Exploits that make the system unstable (as many do) are thus out as well.
Of course, this is all dependent on OEMs implementing everything exactly right. If a certain OEM doesn't protect one of their services correctly, then we can leverage that to launch the daemon without kernel modifications. While I'm fairly certain this will be the case for a bunch of devices and firmwares, especially the earlier L firmwares, this is not something you should expect or base decisions on. It is now thus more important than ever to buy unlocked devices if you want root.
It might also mean that every firmware update will require re-rooting, and OTA survival mode will be broken. For many (but far from all) devices we can probably automate patching the kernel package right in the SuperSU installer ZIP. We can try to keep it relatively easy, but updating stock firmwares while maintaining root is probably not going to work as easy and fast as it did until now.
Apps need updates
Unsurprisingly, with a new major Android release, apps will need updates. None more so than apps that go beyond the Android API, as root apps do, but even some non-root apps will be affected by the security changes.
As one example, someone posted in the SuperSU thread of a kernel flashing app that didn't work. From the logcat you could see that it was looking for partitions in /dev/block from its normal non-root user and non-init context. That used to be possible, but now it is restricted: normal apps no longer have read access there.
The solution for that app is actually quite simple: list the /dev/block contents using root instead. But simple solution or not, the app will still need to be updated.
By far most root apps should be updateable for L without too much issue. There are indeed exceptions that will need some special care, but those are rare.
Permissive vs enforcing
The kernel packages I posted for the Nexus 5 and 7 LPX13D firmware keep SELinux mostly set to enforcing. I say mostly, because SuperSU actually switches a small part of the system to permissive, so apps calling su can do most things without much interference. The details on this are lengthy (yes, your apps will be able to modify policies as well if needed, which should be rare), and I will document these for other developers after L retail release, assuming it will all still work at that time.
Alternatively, you can set the whole system to permissive or otherwise disable SELinux. There are other kernel packages released that indeed do this. The advantage here is that it instantly fixes some apps' issues, as the SELinux based restrictions have all gone the way of the dodo. The disadvantage here is that you've just shut down a major part of the security system of the device.
Some would argue that a device with an unlocked bootloader, root, encrypted modem firmwares of which nobody really knows what they're doing, etc, is inherently insecure, and thus disabling SELinux doesn't make much difference.
I personally disagree with this. While I do agree that these things weaken security down from the ideal level, I would still not disable more security features than I absolutely need to. Just because you cannot eliminate all attack vectors, is no reason to just completely give up on defending against them.
It is of course your own choice if you want to run a permissive system or not. I will strive to keep everything working in enforcing mode though, and I hope other root app developers will do the same - as stated earlier in the post, I believe this is still possible.
(everything in this post is subject to change for retail L release, obviously)
Click to expand...
Click to collapse
https://plus.google.com/+Chainfire/posts/VxjfYJnZAXP
http://www.xda-developers.com/android/supersu-beta-2-23-lollipop/
Pilz said:
Then that's why you can flash it in recovery. Normally you wouldn't be able to if it wasn't changed.
Click to expand...
Click to collapse
Good news everyone, starting one of the upcoming SuperSU updates, modified kernels will no longer be needed for root on Android 5.0 ... !
Click to expand...
Click to collapse
https://twitter.com/ChainfireXDA/status/535253476021116928
On the G900A shipped from AT&T we have a locked bootloader, and there is no known existing workaround to unlock it correct?
So given that, root was achieved , then safestrap was developed so we can currently flash roms that use the stock bootloader and kernel image, however we can customize the OS as long as the kernel and loader are untouched.
If the bootloader stays locked, what is known regarding safestrap and lollipop?
Can we still rollback the stock kernel to achieve root, then roll forward and keep it?
If that is the case, then when the stock AT&T lollipop is released, some level of ROM development can occur?
I am confused somewhat by all the discussions surrounding this, and didn't see any threads to discuss it specifically.
wmunn said:
On the G900A shipped from AT&T we have a locked bootloader, and there is no known existing workaround to unlock it correct?
So given that, root was achieved , then safestrap was developed so we can currently flash roms that use the stock bootloader and kernel image, however we can customize the OS as long as the kernel and loader are untouched.
If the bootloader stays locked, what is known regarding safestrap and lollipop?
Can we still rollback the stock kernel to achieve root, then roll forward and keep it?
If that is the case, then when the stock AT&T lollipop is released, some level of ROM development can occur?
I am confused somewhat by all the discussions surrounding this, and didn't see any threads to discuss it specifically.
Click to expand...
Click to collapse
No, if you update to lollipop then your ability to have a rooted phone will be lost. The bootloader hasnt changed since the phone was released which is the reason we have been able to rollback the rom. This was a loophole in the original firmware of the s5. When lollipop comes out then it will be a completely different bootloader and will be locked and you will not be able to roll back to kk bootloader. The loophole for this has been patched and there probably wont be another way to root the phone after lollipop considering the guy that found the loophole is now working for googles security team. Bottom line is if you want root then you cant have lollipop.
Sent from my SM-G900A using XDA Free mobile app
miller1821 said:
No, if you update to lollipop then your ability to have a rooted phone will be lost. The bootloader hasnt changed since the phone was released which is the reason we have been able to rollback the rom. This was a loophole in the original firmware of the s5. When lollipop comes out then it will be a completely different bootloader and will be locked and you will not be able to roll back to kk bootloader. The loophole for this has been patched and there probably wont be another way to root the phone after lollipop considering the guy that found the loophole is now working for googles security team. Bottom line is if you want root then you cant have lollipop.
Sent from my SM-G900A using XDA Free mobile app
Click to expand...
Click to collapse
How does this affect our device when it gets the lollipop update?
http://www.xda-developers.com/android/supersu-beta-lollipop-root-stock-kernel/
wmunn said:
On the G900A shipped from AT&T we have a locked bootloader, and there is no known existing workaround to unlock it correct?
So given that, root was achieved , then safestrap was developed so we can currently flash roms that use the stock bootloader and kernel image, however we can customize the OS as long as the kernel and loader are untouched.
If the bootloader stays locked, what is known regarding safestrap and lollipop?
Can we still rollback the stock kernel to achieve root, then roll forward and keep it?
If that is the case, then when the stock AT&T lollipop is released, some level of ROM development can occur?
I am confused somewhat by all the discussions surrounding this, and didn't see any threads to discuss it specifically.
Click to expand...
Click to collapse
Thanks to chainfire the chances of updating to 5.0 while keeping root seems more doable at this point.
However, based on recent samsung updates for other devices, safestrap may stop functioning after the update as it continues its slow death.
Once again, if having root access is important to you, do no not take the 5.0 update when released until some of us have a chance to evaluate it.
Since I am running dynamic Kat on stock slot right now, I should be safe from updates for now right?
Waiting to see what happens with all this. I did back up my stock rom to an SD card, so I can restore and unroot etc... to get an update if I choose to later.
muniz_ri said:
Thanks to chainfire the chances of updating to 5.0 while keeping root seems more doable at this point.
However, based on recent samsung updates for other devices, safestrap may stop functioning after the update as it continues its slow death.
Once again, if having root access is important to you, do no not take the 5.0 update when released until some of us have a chance to evaluate it.
Click to expand...
Click to collapse
was looking for a post like this. well maybe we might get 5.1 in the next few weeks or sooner so i am sure you will give it a try and a good look and hopefully you will have success in attaining root and a good SS. seems like u da man for this...:good::good:
as for 5.1 or a custom rom...well whose to say what that will bring...
will be waiting to see what happens. will check back here when it comes out. i watch for it everyday and as usual, thank you for all your great work!
miller1821 said:
No, if you update to lollipop then your ability to have a rooted phone will be lost. The bootloader hasnt changed since the phone was released which is the reason we have been able to rollback the rom. This was a loophole in the original firmware of the s5. When lollipop comes out then it will be a completely different bootloader and will be locked and you will not be able to roll back to kk bootloader. The loophole for this has been patched and there probably wont be another way to root the phone after lollipop considering the guy that found the loophole is now working for googles security team. Bottom line is if you want root then you cant have lollipop.
Sent from my SM-G900A using XDA Free mobile app
Click to expand...
Click to collapse
Not necessarily, just because (if) the S5 gets 5.0 does not mean the ability to root will be lost just go check out the Verizon S5 forums you'll see they have a method for rooting with 5.0 that in theory should work for us as well. again it is recomended to remain on a 4.4.x rom until this has been fully evaluated.
wmunn said:
On the G900A shipped from AT&T we have a locked bootloader, and there is no known existing workaround to unlock it correct?
So given that, root was achieved , then safestrap was developed so we can currently flash roms that use the stock bootloader and kernel image, however we can customize the OS as long as the kernel and loader are untouched.
If the bootloader stays locked, what is known regarding safestrap and lollipop?
Can we still rollback the stock kernel to achieve root, then roll forward and keep it?
If that is the case, then when the stock AT&T lollipop is released, some level of ROM development can occur?
I am confused somewhat by all the discussions surrounding this, and didn't see any threads to discuss it specifically.
Click to expand...
Click to collapse
My suggestion would be not to take any updates until the root capabilities have been evaluated.
As always, research goes a long way towards alleviating fears and stopping panic attacks before they happen. be patient there are great devs here give them time to work
Well, I stopped using the S5 and switched to a oneplus one, happily running CM12 nightlies now
the att gs5 doesn't seem like it's getting any updates..
wmunn said:
Well, I stopped using the S5 and switched to a oneplus one, happily running CM12 nightlies now
Click to expand...
Click to collapse
How are you liking it? I'm seriously thinking about doing the same thing.
I have a coworker that just got the Lollipop update for his Note 3 so that means it will be coming to the S5 very soon!
There is a pre-rooted lollipop update on droid views "http://www.droidviews.com/install-rooted-lollipop-on-att-galaxy-s5-sm-g900a/" . I have updated already and it runs smoothly. The only thing is after you run the update it can take anywhere from 5 to 20 minutes to reboot so just hang tight.
silentscreamz said:
There is a pre-rooted lollipop update on droid views "http://www.droidviews.com/install-rooted-lollipop-on-att-galaxy-s5-sm-g900a/" . I have updated already and it runs smoothly. The only thing is after you run the update it can take anywhere from 5 to 20 minutes to reboot so just hang tight.
Click to expand...
Click to collapse
I used that method as well. Sure, it worked for me, but I came from Dynamic Kat, a well debloated stock rom. Due to this, after installing the update using this method, the built-in apps restore function could not complete due to having all of the useless bloatware back, taking up the extra space I was free to use in Dynamic Kat. Even removing the apps that are safe to remove via Titanium Backup doesn't help because the space is reserved for them. I've also already moved every app that it will allow to move to SD card. I've removed unneeded apps. I've gone through my internal storage to remove any unneeded files.
I've removed most of the apps listed here
This doesn't give me the Bluetooth tether that I used to us for my Gear 1(Running Null Rom). I'd look for an app to cover this but... I can't install anything because I've got no space to do so... I hope a good debloat method comes along soon. I still have root, so I'm hopeful.
Yea, bloatware is ridiculous for this phone. Have you tried the Alliance rom, that is what I run and it's not to bad for bloatware but I have only managed to get 5.6 running. Going to try version 8 today sometime. If you like to customize that is an awesome rom.
Hi folks, new to the S5 forums on here as I just upgraded from my trusty S3 on AT&T. I'm still on the stock 4.4.2 firmware, NG3 build, and I'm wondering if I should just root from here using TowelRoot method or take the 4.4.4 OTA and root from there.
Root your 4.4.2, then use the update while saving root to lollipop and skip 4.4.4 all together.
SoCalHTCFuze said:
Root your 4.4.2, then use the update while saving root to lollipop and skip 4.4.4 all together.
Click to expand...
Click to collapse
I tried to root using TowelRoot but it said device not supported. I'll do some research though. Havent even had the phone 5 hours yet.
MetalHead66 said:
I tried to root using TowelRoot but it said device not supported. I'll do some research though. Havent even had the phone 5 hours yet.
Click to expand...
Click to collapse
You gotta downgrade theres a post on here just type it in the search bar. Pretty easy process
Yes. Follow the 4.4.2 how to root thread, it says that bit still works.
OK thanks a bunch. Getting ready to do that now.
---------- Post added at 03:27 AM ---------- Previous post was at 02:53 AM ----------
Well that was quite easy and I'm a happy camper now! Just had to flash nd3 kernel with odin in order for TR to work then flash my ng3 kernel. So nice to be able to use TiBu. Helium wouldnt install all my apps. Now I can start freezing and uninstalling all the bloatware!
This is the place to discuss anything and everything related to SuperSU and SafetyNet / Android Pay.
To clarify, I am not currently actively doing any development on having SuperSU pass SafetyNet detection, or having Android Pay work; the same way I put no effort into beating other root detection methods such as various enterprise security tools.
In case any SuperSU-rooted device passes SafetyNet, that is a bug in SafetyNet, not a feature of SuperSU.
While I may not agree with Google's stance, I'm not about to go messing with payment systems. Is it possible though? Probably yes.
This thread has been created because you guys simply cannot stop talking about this, so these posts can now go here, where I don't ever have to see them.
Will v2.50 cause Android Pay not to work in 6.0? If so, I am guessing there is no way around it?
0.0 said:
Will v2.50 cause Android Pay not to work in 6.0? If so, I am guessing there is no way around it?
Click to expand...
Click to collapse
Root is a no no with android pay and I think custom ROMs are also out at the moment
Sent from my A0001 using Tapatalk
Pure Drive GT said:
Hey, thanks for your continued support for root on Android, was just wondering, is google making it harder to achieve decent root privileges, as in they don't want rooted devices or are they just unrelatedly changing up things which forces you guys to adapt?
On another note, is there any progress on root without the modded boot? This is by no means an ETA, just wanted to know if you think it's possible or the situation looks rather dire.
Thanks again for your many efforts!
Click to expand...
Click to collapse
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
mdamaged said:
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
Click to expand...
Click to collapse
Many banking and financial apps restrict access on rooted devices; it's not just Google.
It makes sense in some ways: root access allows running things in the background to either circumvent, monitor, or interrupt program transactions. They're being paranoid, and I don't blame them.
I don't like the Google Pay concept (or Apple's either); like every other encryption or security system, it's destined to eventually be hacked.
mdamaged said:
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
Click to expand...
Click to collapse
Yep, I was able to add my debit card but not credit.
VZW LG G4
mdamaged said:
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
Click to expand...
Click to collapse
http://www.androidpolice.com/2015/0...hy-android-pay-doesnt-support-rooted-devices/
shaggyskunk said:
Yet the Note 5 has been rooted for at least a couple of weeks
Click to expand...
Click to collapse
On Lollipop... And you also have to unlock your bootloader to do that, right? If yes, then you will trip the KNOX, and that mean you will loose some of your device functionality (Samsung Pay for example), without option to take it back. On the Nexus on the other hand, when you want to use Android Pay on Nexus, you can restore your phone to completely stock condition, without any trace of previously used root.
Also, all of this is completely irrelevant to carried device users, since they have a locked bootloaders.
Srandista said:
On Lollipop... And you also have to unlock your bootloader to do that, right? If yes, then you will trip the KNOX, and that mean you will loose some of your device functionality (Samsung Pay for example), without option to take it back. On the Nexus on the other hand, when you want to use Android Pay on Nexus, you can restore your phone to completely stock condition, without any trace of previously used root.
Also, all of this is completely irrelevant to carried device users, since they have a locked bootloaders.
Click to expand...
Click to collapse
I believe that it's only at&t and Verizon that locks the bootloader - And none in Canada and many other Countries.
Sent From my SM-N910W8 Running SlimRemix V5.1
Had an interesting event, on 2.52.
I unchecked "Enable Superuser" in Settings, to attempt to use Android Pay (Android Pay still wouldn't work). Then, when I rechecked "Enable Superuser", the re-installation of the binary failed, and I was prompted to reboot to try again. However, then I got a boot loop (never even got the opportunity to enter my encryption code). The only way I was able to boot was to re-flash the modified boot.img and re-install SuperSU from the zip (no idea whether both steps were necessary).
I have a Marshmallow Nexus 6, encrypted. For what it's worth, I was previously rooted on 5.1.1, and, after updating to 6.0 and until I re-rooted, I always got a "Your device is corrupt" message on startup, despite being all stock.
NYZack said:
Had an interesting event, on 2.52.
I unchecked "Enable Superuser" in Settings, to attempt to use Android Pay (Android Pay still wouldn't work). Then, when I rechecked "Enable Superuser", the re-installation of the binary failed, and I was prompted to reboot to try again. However, then I got a boot loop (never even got the opportunity to enter my encryption code). The only way I was able to boot was to re-flash the modified boot.img and re-install SuperSU from the zip (no idea whether both steps were necessary).
I have a Marshmallow Nexus 6, encrypted. For what it's worth, I was previously rooted on 5.1.1, and, after updating to 6.0 and until I re-rooted, I always got a "Your device is corrupt" message on startup, despite being all stock.
Click to expand...
Click to collapse
Root doesn't have to be enabled for pay to fail. Any time the system partition is modified pay will not work. There was an xda news article on it. A quick Google search involving Android pay and root should find it.
Lrs121 said:
Root doesn't have to be enabled for pay to fail. Any time the system partition is modified pay will not work. There was an xda news article on it. A quick Google search involving Android pay and root should find it.
Click to expand...
Click to collapse
I also found that having an unlocked bootloader will stop Pay working. When MM released I decided to go fully back to stock but kept the bootloader unlocked so I could flash MM. Pay still failed, so I've given up and gone rooted again.
Sent from my Nexus 6 using Tapatalk
Ch3vr0n said:
@Chainfire if you actually are able to pull off fully working stable root WITHOUT modifying the /system does that mean you MIGHT have opened the door into having root AND still being able to get OTA's?
Click to expand...
Click to collapse
osm0sis said:
Yup, all you'd need to do is reflash stock kernel to pass the boot partition EMMC check, or, we could automate restoring the previous stock kernel, flashing the OTA and then injecting the new stock kernel with root after flashing (à la AnyKernel2 or MultiROM). So many exciting possibilities there where custom recoveries are concerned.
Click to expand...
Click to collapse
Chainfire said:
Honestly it's not so different from using FlashFire to flash re-flash system, then OTA, then re-root. But it is easier, yes.
Click to expand...
Click to collapse
This is indeed exciting. However, I noticed that @Chainfire posted this downside on Google+ :
Andrew Morykin 12:24
This should retain Android Pay, right?
Click to expand...
Click to collapse
Chainfire 12:58
+Andrew Morykin if it does, then it's by accident and not by design, and Android Pay will be updated to block it.
Click to expand...
Click to collapse
https://plus.google.com/+Chainfire/posts/aJbqUZ8PEP4
also, I was confused by this:
Chainfire said:
- I have not tested with encrypted devices
Click to expand...
Click to collapse
http://forum.xda-developers.com/showpost.php?p=63197935
Aren't
Nexus 6P / angler
angler-mdb08k-boot-systemless.zip
Click to expand...
Click to collapse
and
Nexus 5X / bullhead
bullhead-mdb08i-boot-systemless.zip
Click to expand...
Click to collapse
encrypted out of the box?
dabotsonline said:
This is indeed exciting. However, I noticed that @Chainfire posted this downside on Google+ :
Click to expand...
Click to collapse
How is that a downside?
It's exactly the same with every other form of root you will ever see. They don't want to support Android Pay (and some other stuff) on rooted devices. If we find a root that allows it, they will update their system to detect and block it. That cat and mouse game will not end as long as Google doesn't want Android Pay on rooted devices.
Maybe someone will make apps/modules that help circumvent this, but it certainly will not be me.
also, I was confused by this:
Aren't
Nexus 6P / angler
and
Nexus 5X / bullhead
encrypted out of the box?
Click to expand...
Click to collapse
Still can't test what I don't have.
russlowe73 said:
Factory images
Click to expand...
Click to collapse
So basically I have to go back to 100% stock using ADB, and then flash the new SuperSU stuff with any custom ROM? If so, what are the benefits of this other than getting Android Pay while rooted?
I'm not sure if anyone has specifically mentioned this, but Android Pay still works with this form of root on the Nexus 6!!
efrant said:
Starting with Android 5.0, OTA updates are now block-based rather than file-based, so any modification to the system partition will cause the OTA to fail, even mounting the system partition as r/w.
Click to expand...
Click to collapse
Just to add to this, it's a whole-partition /system patch OTA if the device launched with Lollipop or later, anything that launched with KitKat is still receiving the old file-based patch OTAs. Modifying Settings.apk would likely trip either method for a lot of OTAs though, since it's a pretty central component.
galaxyuserx said:
I use Galaxy s6 G9200 HK with Kernel compiled by me, but i have problem with root 5.1.1 and i think in future too 6.0
These root method is integrated in kernel source or i can integrate with those "boot.img systemless" my selfcompiled kernel?(repack boot.img with kernel compiled by me)
Is possible to work this new root method to android 5.1.1?
I have problem with gain root when i use kernel compiled by me ( STOCK kernel have too this problem BOOTLOOPs and FREEZEs on boot system) and i don't know how slove it :/
I found on chineese forums root integrated in boot.img it working good and isn't comunicat "KERNEL is not SEandroid enforced" but when i try integrate my kernel with this boot.img error with boot system :/
Click to expand...
Click to collapse
Yup, it's all ramdisk changes so should be workable on any version of Android. Chainfire left instructions outlining the ramdisk changes in the WIP thread if you want to give it a try.
phishfi said:
I'm not sure if anyone has specifically mentioned this, but Android Pay still works with this form of on the Nexus 6!!
Click to expand...
Click to collapse
Yup, seems to be the case with most banking and root-detecting apps... for now.
Can someone with the non-system SU use this app: https://play.google.com/store/apps/details?id=com.cigital.safetynetplayground and post the results?
This app is supposed to do the SafetyNet checks cleanly, the same way Android Pay does them.
Would be interesting to see if it succeeds on devices with this new supersu version.
secguy said:
Can someone with the non-system SU use this app: https://play.google.com/store/apps/details?id=com.cigital.safetynetplayground and post the results?
This app is supposed to do the SafetyNet checks cleanly, the same way Android Pay does them.
Would be interesting to see if it succeeds on devices with this new supersu version.
Click to expand...
Click to collapse
Just ran it and it passed.
Went ahead and installed su on a stock nexus 5, so far working well, android pay does not work but that was me being stupid and changing the host file and dpi before setting it up
I do notice a little input lag after this, not enough to even make me consider removing root, but it is noticeable, anybody else with this?
I am currently using CM13 with December patch, but the January patch fixed a high priority exploit. I do not want to upgrade to Nougat just yet because I want to keep the Xposed framework. Is there any community build for CM13 with January Patch? Or is there an alternative ROM to switch to that will continue to update Marshmallow? And if so, will I be able to flash it without a data wipe?
ExpertMC said:
I am currently using CM13 with December patch, but the January patch fixed a high priority exploit. I do not want to upgrade to Nougat just yet because I want to keep the Xposed framework. Is there any community build for CM13 with January Patch? Or is there an alternative ROM to switch to that will continue to update Marshmallow? And if so, will I be able to flash it without a data wipe?
Click to expand...
Click to collapse
You should ask Neo from Resurrection Rom if he's still building for M
Edit: Apophis9283 made a build, check his afh mirror at his
Singularity kernel thread, may he merged the January patch
coremania said:
You should ask Neo from Resurrection Rom if he's still building for M
Edit: Apophis9283 made a build, check his afh mirror at his
Singularity kernel thread, may he merged the January patch
Click to expand...
Click to collapse
I thought Singularity kernel is no longer under active development.
ExpertMC said:
I am currently using CM13 with December patch, but the January patch fixed a high priority exploit. I do not want to upgrade to Nougat just yet because I want to keep the Xposed framework. Is there any community build for CM13 with January Patch? Or is there an alternative ROM to switch to that will continue to update Marshmallow? And if so, will I be able to flash it without a data wipe?
Click to expand...
Click to collapse
From what I read about that patch, Nexus 6 got it back in November and the 6p just got. I believe we been had this patch. Let me find where I read that.[
Here goes the article.
http://www.androidauthority.com/google-patches-exploit-nexus-6-6p-742048/
If you are running a November or December security update, your already patched it seems.
christianpeso said:
From what I read about that patch, Nexus 6 got it back in November and the 6p just got. I believe we been had this patch. Let me find where I read that.[
Here goes the article.
http://www.androidauthority.com/google-patches-exploit-nexus-6-6p-742048/
If you are running a November or December security update, your already patched it seems.
Click to expand...
Click to collapse
Thanks for the info, but I would still like to know my options for the future.
coremania said:
You should ask Neo from Resurrection Rom if he's still building for M
Edit: Apophis9283 made a build, check his afh mirror at his
Singularity kernel thread, may he merged the January patch
Click to expand...
Click to collapse
No he didn't include the January patch. It's stock RR with November security patch. He also added a commit to fix verizon visual voicemail (which now works) and to stop battery issues below 40%
If you really want January security patch on MM my only guess would be Mokee. Google search Mokee Shamu.
It's funny being concerned so much about security patches, when you're running a rooted phone with an unlocked bootloader lol I wouldn't stress too much over it.
ExpertMC said:
... And if so, will I be able to flash it without a data wipe?
Click to expand...
Click to collapse
Flashing another type ROM generally needs wiping data.
You can try to keep the data but there could be bootloop or forced closing apps.
Dopamin3 said:
....
It's funny being concerned so much about security patches, when you're running a rooted phone with an unlocked bootloader....
Click to expand...
Click to collapse
I agree with you for the 'stressing' part, but one of the advantages of rooting for me is that root access allows installing a firewall and blocking ads with a hosts file.
Rooting can give us more security.[emoji1]
Rooting for that simply limits how much you're tracked. There are non-root methods of reducing your tracking. Rooting, as much as we may want it, is a security hole. This is why every device manufacturer - including Google - either does not recommend it or locks the bootloader to prevent it.
Hmm; I said 'one of the advantages' another important thing is the use of layers.
As long as Google only offers white UI rooting is a must.
Except your very last sentence says "rooting can give us more security." That is absolutely wrong, thus my comments.
I do agree that theming is a reason to root, along with ad blocking. Root however is still a security hole.
Strephon Alkhalikoi said:
Except your very last sentence says "rooting can give us more security." That is absolutely wrong, thus my comments.
Click to expand...
Click to collapse
Is it though? What about instances of things like AdAway which edit your hosts file to block advertisements and potentially malicious websites? What about AppOpsXposed which can revoke permissions for apps even if on stock it forces you to accept and use those permissions for the app to work? How about uninstalling pre-installed carrier garbage like CarrierIQ or system apps which could invade privacy and report things either to your carrier or the app manufacturer?
Rooting doesn't give you more security. But rooting can give you more security.
Dopamin3 said:
Rooting doesn't give you more security. But rooting can give you more security.
Click to expand...
Click to collapse
A rooted device is a compromised device, period. In order to prevent a device from being compromised, on Linux you never run as root and execute commands via sudo. It's dangerous to run as root, yet on Android we have no choice as Android does not have the sudo command. Thus, a rooted device renders any security measures useless as root has total control over everything. The loss of security is why manufacturers do not support root, with some manufacturers taking steps to prevent it.
Using your example, malware on an untouched device is limited to infecting your data on the internal storage. On a rooted device that same malware can infiltrate the system and do damage that can only be fixed by a factory reset or worse, flashing the entire system again. By rooting, you open the door to more severe attacks than by not rooting.
Some of us on this site understand the risks involved with rooting, but every day we have noobs coming to this site trying to root for s***s and giggles, and neither thinking about or caring about the consequences. To them, it's all fun and games until some rogue app steals their information because their device is rooted, and then they come here and ask us to fix their screwups.
Rooting is not a game, but serious business. One that could cost you a lot more than you think.
Strephon Alkhalikoi said:
Using your example, malware on an untouched device is limited to infecting your data on the internal storage. On a rooted device that same malware can infiltrate the system and do damage that can only be fixed by a factory reset or worse, flashing the entire system again.
Click to expand...
Click to collapse
Okay, so what about the dirty cow exploit (and potentially others)? This would allow full root access to a device EVEN if it was unrooted. Just because you're running stock, unrooted, BL locked doesn't make it so you can never get affected by an exploit that achieves root access and totally wrecks your device.
I guess it just comes down to the user. I don't use an antivirus on any of my Windows PCs (gasp!) but have I ever been infected or compromised in any manner? No. I'm an IT technician and use common sense. Any files I'm suspicious of I will scan on virustotal.com before executing them. On Android I don't load "sketchy" apps from the Play Store and don't sideload APKs (except Kernel Adiutor-Mod). I've never been compromised on Android and while I can't guarantee it, it's unlikely that it will happen even with my rooted device. I guess I'll just agree to disagree because I do see your points.
You claim to see my points, but as an IT professional, you should not be discounting them simply because you haven't encountered them. I don't know if you have used Linux in your IT work, but Linux has always required the root account have a password. Dirty Cow wouldn't have been able to do much if root on Android required a password.
It is a proven fact that root compromises the device's security. Windows users likely wouldn't be familiar with the Linux security model as their user accounts always ran with admin privileges by default. That is one reason - the other being popularity - why antivirus and anti malware programs are so common on Windows, yet virtually nonexistent on Linux.
Strephon Alkhalikoi said:
.....
It is a proven fact that root compromises the device's security..,,.
Click to expand...
Click to collapse
Dopamin3 said:
.... Just becaus I guess I'll just agree to disagree because I do see your points.
Click to expand...
Click to collapse
It wasn't my intention to start a discussion about security.
It can't be denyed that root access is a security issue. But I wouldn't have a Nexus phone when I could not:
- install a firewall,
- change the hosts file for ad-blocking,
- change the theme to dark (eyes),
- flash a kernel (better battery life),
- remove bloat ware,
- block/remove services I do no want/use,
- disable NFC, no pay apps,
- unencrypt for a bit more performance.
I prefer to configure devices myself instead of Google etc. I am aware that comfort and performance have a price.
@NLBeev: I believe @Dopamin3 and I are actually on the same page here. It's only a difference in perception he and I have as to the seriousness of it all. Neither of us were questioning your choices, because all of us have rooted our devices. We are I believe all aware of the risks involved. But the noobs who come in and root for the wrong reasons might benefit from the discussion.
Strephon Alkhalikoi said:
@NLBeev: I believe @Dopamin3 ...the noobs who come in and root for the wrong reasons might benefit from the discussion.
Click to expand...
Click to collapse
Fully agree. [emoji106]
Hey there guys,
I just received my s21 ultra (G998B) and planning to root it. I had a few questions since I’m new to this and wanted some clarifications:
1) If I root the phone can I update it OTA through the settings or do I have to update it by another method? Will I lose root/data/apps if I do that?
2) If I lose root when updating it, can I just root again and be all set? Or do I have to follow another procedure for that?
3) I am planning to debloat a few apps and services that I won’t be using, if I update the system/software will the stuff that I debloated come back and will I have to do the debloat again?
Thank you for all the help.
paul_cherma said:
Hey there guys,
I just received my s21 ultra (G998B) and planning to root it. I had a few questions since I’m new to this and wanted some clarifications:
1) If I root the phone can I update it OTA through the settings or do I have to update it by another method? Will I lose root/data/apps if I do that?
2) If I lose root when updating it, can I just root again and be all set? Or do I have to follow another procedure for that?
3) I am planning to debloat a few apps and services that I won’t be using, if I update the system/software will the stuff that I debloated come back and will I have to do the debloat again?
Thank you for all the help.
Click to expand...
Click to collapse
1- Probably not usually the root or recovery will block OTA updates from installing, even if they download.
2- If you lose root, you can USUALLY re-root assuming the same root method wasnt patched. If it was patched, a new root method (though probably still through magisk) will be needed. If this is the case, its up to the dev to find that method, you might be without root for a while.
3-if you debloat, and receive an OTA, your will probably need to de-bloat again, thought I havent personally had experience with this.
Why are you rooting? Just to de-bloat? If so, root isn't really necessary...
As someone who's been in the rooting stage for many years, i can answer your questions.
1. You can not update your phone through OTA updates after rooting the device, as the device was modified in an unauthorized way. And since you own a galaxy phone, the e-fuse within the motherboard will blow and knox will be permanently blown. You can no longer use samsung pay, google pay, and any other app that uses the safetynet api, even after you unroot the device.
2. You will lose root every time you update. You will need ODIN on your PC in order to properly update your firmware and to re-root your device by following the procedure again that you used to root your device, unless samsung patched the method you used to root your device. You can always check what bootloader version you're on within the firmware. For example, on the galaxy S8, the firmware version is N950U1UES5CRG9. The 5th to last number of the firmware will tell you. In this case, N950U1UES5CRG9 is the 5th bootloader version. Keep this in mind once samsung starts to update your phone often.
3. You will have to debloat again from scratch. In order to fully update your device through ODIN, you need to download the full firmware file containing an AP (Firmware), BL (Bootloader) , CP (Modem), and CSC (Carrier File) and manually flash them.
Do keep in mind, it is possible to soft brick or even hard brick your device, so back up your data frequently if you decide to tinker with your device.
Thank you for the detailed answer. I just updated my software to the latest official one by Samsung (April 1st security patch) but I am not rooted yet. I guess I could live with the fact that I can root the phone now and stay on this software version/security patch until I upgrade, since I would have to go through a lot of hassle to set-up the phone the way I wanted. But the main reason why I want to get the official updates is because of the camera improvements that Samsung does, since the main reason of me getting this phone is the camera. And there are some root-required tweaks that I absolutely need such as Viper, and some xposed tweaks also. I like the Stock ROM of Samsung, it really has come a long way at least imo throughout the years, as I have been a Samsung user since day 1 but:
Would it be a good idea to install a custom ROM then? I am reading the description of a few custom ROMs and it seems like I can “retain everything” by simply dirty flashing the ROM and following the dev’s instructions on how to retain root whenever the developer updates it. Is that a better route to take you think? I can keep my device rooted, and still get the updates through a custom ROM.
paul_cherma said:
Thank you for the detailed answer. I just updated my software to the latest official one by Samsung (April 1st security patch) but I am not rooted yet. I guess I could live with the fact that I can root the phone now and stay on this software version/security patch until I upgrade, since I would have to go through a lot of hassle to set-up the phone the way I wanted. But the main reason why I want to get the official updates is because of the camera improvements that Samsung does, since the main reason of me getting this phone is the camera. And there are some root-required tweaks that I absolutely need such as Viper, and some xposed tweaks also. I like the Stock ROM of Samsung, it really has come a long way at least imo throughout the years, as I have been a Samsung user since day 1 but:
Would it be a good idea to install a custom ROM then? I am reading the description of a few custom ROMs and it seems like I can “retain everything” by simply dirty flashing the ROM and following the dev’s instructions on how to retain root whenever the developer updates it. Is that a better route to take you think? I can keep my device rooted, and still get the updates through a custom ROM.
Click to expand...
Click to collapse
That really varies depending on the custom rom you go for. Usually when you dirty flash a rom, you would need to re root your device, but some (not all) roms are persistent with root after system updates. Do keep in mind if you switch to a custom rom, your system might be more buggy and crash more often. One thing i will say though is that xposed is outdated. The last android version xposed officially supported was either 8 or 9. When it has to come down to certain mods you'd wish to have with root, take that into consideration too, as it might make your device really unstable if it's too outdated or if there's a buggy port available. I've dealt with that issue too many times on my phones.
HighOnLinux said:
That really varies depending on the custom rom you go for. Usually when you dirty flash a rom, you would need to re root your device, but some (not all) roms are persistent with root after system updates. Do keep in mind if you switch to a custom rom, your system might be more buggy and crash more often. One thing i will say though is that xposed is outdated. The last android version xposed officially supported was either 8 or 9. When it has to come down to certain mods you'd wish to have with root, take that into consideration too, as it might make your device really unstable if it's too outdated or if there's a buggy port available. I've dealt with that issue too many times on my phones.
Click to expand...
Click to collapse
if xposed is outdated, what is the new thing the comunity is migrating to? All the privacy, security, and customizability tools available through xposed must go somewhere, right?
Twodordan said:
if xposed is outdated, what is the new thing the comunity is migrating to? All the privacy, security, and customizability tools available through xposed must go somewhere, right?
Click to expand...
Click to collapse
There's buggy ports thats flashable on magisk. While you still can get xposed, it'll be an unofficial version, and more likely to run into issues within your rom and daily use into your device.
HighOnLinux said:
There's buggy ports thats flashable on magisk. While you still can get xposed, it'll be an unofficial version, and more likely to run into issues within your rom and daily use into your device.
Click to expand...
Click to collapse
I mean xprivacy on xposed was the must have killer feature for any android device to turn your device into anything other than a privacy nightmare. If we can't do that any more we are f'd.
[EDIT] Looks like the new version of xprivacy, xprivacyLua is still supported for android 11, with magisk and EdXposed or LSPosed:
[CLOSED][APP][XPOSED][6.0+] XPrivacyLua - Android privacy manager [UNSUPPORTED]
XPrivacyLua Really simple to use privacy manager for Android 6.0 Marshmallow and later (successor of XPrivacy). Revoking Android permissions from apps often let apps crash or malfunction. XPrivacyLua solves this by feeding apps fake data...
forum.xda-developers.com
XPrivacyLua/README.md at master · M66B/XPrivacyLua
Really simple to use privacy manager for Android 6.0 Marshmallow and later - XPrivacyLua/README.md at master · M66B/XPrivacyLua
github.com