Hi all - I've read that in order to root it is necessary to unlock the bootloader and then root, but I've also read some threads where the bootloader can be re-locked. My question is whether I can still be rooted then, maybe with the use of OTA rootkeeper or some such. I haven't rooted yet (my prime uses would initially be for adblocking and wifi tether), but I'm thinking I will soon. However, I'd really like to be able to hold out until the 4.2/4.3 OTA comes out before flashing ROMS (need stable bluetooth in a bunch of areas, and want to wait and see if there are problems with that update in stock).
So, any way to be stock, re-locked and rooted?
Can't you just root using the normal method then flash stock recovery to remove "*** Tampered***" and then re-lock with fastboot? You're system partition wont be stock obviously because it will have the su binary. You're boot loader will say "*** Relocked ***" though. I'm thinking it might be possible to remove "*** Relocked ***" using JTAG if someone can find the area in memory where the history of unlocking is stored.
Unlock bootloader, flash custom recovery, use Aroma File manager to copy su to /system/bin and set permissions, reflash stock recovery, relock bootloader, install Superuser from play store. This should work but I haven't tried it.
i really need help trying to figure how to root my AT&T Motorola Moto x. i tried to downgrade but couldnt succeed and i tried unlocking bootloader as well and couldnt succeed either. if anyone can help me please reply! thank you.
Sorry for the long answer, but I think you're going to need this info....
The Moto Maker and Retail Moto X from ATT and Verizon have locked bootloaders and can't have their bootloaders unlocked. Moto doesn't give out the bootloader unlock codes for them. There was a Chinese site selling the codes but it got shut down.
Since you couldn't downgrade successfully, I'm going to guess that you have 4.4.2 on your phone?
Due to changes in the bootloader, GPT.BIN and other parts included with 4.4.2, under certain circumstances when trying to downgrade from 4.4.2 to 4.4 or lower, you could either brick your phone, or set it up to brick in the future when you take an upgrade. So it is suggested you just stick with what is on your phone once you get on 4.4.2!! i.e. do NOT attempt to downgrade from 4.4.2 to anything lower.
I don't know what state your phone is in now, but if you had 4.4.2 on your phone, and you tried to downgrade, but didn't brick, do NOT take any OTA's!!! That will definitely brick your phone. For now, you'll likely get HAB Check errors, and other things if you try to reboot into bootloader or recovery. If you try to go under Settings -> Security you likely be "kicked back" to the settings screen instead. If you are experiencing these or similar issues, when the ATT 4.4.2 SBF gets leaked and posted to -> http://sbf.droid-developers.org/phone.php?device=0 you'll want to download it and flash your phone with it to get back to a stable/consistent foundation.
As for rooting the X with a locked bootloader... (like the ATT Moto X, or non-Developer Verizon X)
If you want usable root on the X you need two parts 1. Root Exploit, and 2. An Exploit that allows for disabling Write Protection.
When Write Protection is enabled (the phone's default state with locked bootloader, or the state you are in after you take the 4.4.2 OTA), any changes made to /system, or the like, (including, but not limited to, App installs, file modifications, deletions, renames, etc) are not permanent and are lost at power off/on.
Even if you have root, but lost Write Protection, any apps you've installed that need to write to system can't permanently save their changes (you have to re-do every time your phone powers off/on), and any Root type app, or app that gets installed to /system after WP is enabled will be lost at power off/on.
MotoWpNoMo was used on 4.4. and below to Disable Write Protection. Part of the 4.4.2 update patches the exploit that MotoWpNoMo used, so it wont work on 4.4.2.
SlapMyMoto/RockMyMoto/etc, used on 4.4 and lower to Root, involved downgrading the rom to use an exploit in 4.2.2 to gain root. But with 4.4.2 you can't downgrade the rom safely, without risk of bricking your phone, so you can't use these anymore.
JCASE has already posted he has an exploit to use to gain root on 4.4.2, but due to job and family, wont release it or a process making use of it until the fall. Who knows what ROM Moto will push out by then, and if they will have patched the exploit already. BUT before you get mad at JCASE for waiting so long, that doesn't address a Write Protection dis-abler. I've not seen any talk about work on that for locked bootloaders (when you unlock the bootloader, like on Dev Editions, the write protection is disabled). So JCASE could release his Root exploit, he or someone could develop that process, but it would be kind of useless without the ability to disable write protection since all your changes would be lost as soon as you power off/on.
Trust me, *IF* or when a Root and Write Protection bypass is out for 4.4.2, you will see threads on it. Until then, you have to sit tight.
Now, if you have 4.4 on your phone, you can root and disable write protection by using SlapMyMoto and MotoWpNoMo, but then you must NOT take the 4.4.2 OTA update, as you will keep root, but write protection will become enabled again. You can use a root capable file explorer (like Root Explorer) to navigate to /system/priv-app and rename the 3C_OTA.APK to 3C_OTA.APK.BAK to prevent the OTA update prompts.
If you are on 4.4 rooted with write protection disabled, you might want to check out the SafeStrap discussions over at Rootzwiki.com. That might at least afford you a way to run 4.4.2.
I just got this phone and unfortunately didn't get the developer edition. I am using the "Towel Pie Root" made by a developer here on XDA and got temporary root. So under this temporary root is it possible to flash a recovery and if it is, is it possible to then flash ROMs with the recovery? Thanks in advance!
Sent from my XT1058 using XDA Premium 4 mobile app
You have to have a unlocked bootloader to use twrp. If you are locked down look into safestrap.
Travisdroidx2 said:
You have to have a unlocked bootloader to use twrp. If you are locked down look into safestrap.
Click to expand...
Click to collapse
Alright thanks. I'll look into that tomorrow.
Sent from my XT1058 using XDA Premium 4 mobile app
procitysam said:
I just got this phone and unfortunately didn't get the developer edition. I am using the "Towel Pie Root" made by a developer here on XDA and got temporary root. So under this temporary root is it possible to flash a recovery and if it is, is it possible to then flash ROMs with the recovery? Thanks in advance!
Sent from my XT1058 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
When the bootloader on the X is locked, you can only flash components which are signed by Motorola's "digital key" as being for your phone. So you can only flash an entire rom, or parts of it, which are for your phone.
This prevents using 3rd party or custom recoveries, custom roms, etc. as they are not signed by Motorola's key.
PIE, TowelRoot, TowelPieRoot, SlapMyMoto, RockMyMoto, MotoWPNoMo, etc. does NOT allow for bypassing this.
Only unlocking your bootloader will allow you to use parts not signed by moto, like custom recoveries, 3rd party roms, etc.
My thought is that you are on 4.4.2 because you have used TowelPieRoot. Is that correct?
@Travisdroidx2 suggested SafeStrap, but to install/use Safestrap you need to be rooted and have write protection disabled. Unfortunately, on the Moto X, the MotoWpNoMo exploit was used to disable write protection if you can't unlock your bootloader, BUT the vulnerability in the bootloader that was exploited by MotoWpNoMo has been patched in 4.4.2 ROM and above. So you can't use it on 4.4.2, 4.4.3, and 4.4.4. You can't downgrade the bootloader either. In fact, once on 4.4.2 or above, NEVER try to downgrade your ROM, as you could brick your phone!!
i.e. If you have a locked bootloader and are on 4.4.2 or above, you can't disable write protection, and you can't downgrade your phone safely. If you do try, you can't downgrade Motoboot.img (bootloader and a couple of other things), and GPT.BIN (partition table). which can brick your phone and cause other problems.
However, if you were on 4.4 (aka 4.4.0) with its vulnerable bootloader, you could use SlapMyMoto with MotoWpNoMo to root and disable write protection, then use Safestrap to install 4.4.2 and 4.4.4, and retain root and write protection disable.
KidJoe said:
When the bootloader on the X is locked, you can only flash components which are signed by Motorola's "digital key" as being for your phone. So you can only flash an entire rom, or parts of it, which are for your phone.
This prevents using 3rd party or custom recoveries, custom roms, etc. as they are not signed by Motorola's key.
PIE, TowelRoot, TowelPieRoot, SlapMyMoto, RockMyMoto, MotoWPNoMo, etc. does NOT allow for bypassing this.
Only unlocking your bootloader will allow you to use parts not signed by moto, like custom recoveries, 3rd party roms, etc.
My thought is that you are on 4.4.2 because you have used TowelPieRoot. Is that correct?
@Travisdroidx2 suggested SafeStrap, but to install/use Safestrap you need to be rooted and have write protection disabled. Unfortunately, on the Moto X, the MotoWpNoMo exploit was used to disable write protection if you can't unlock your bootloader, BUT the vulnerability in the bootloader that was exploited by MotoWpNoMo has been patched in 4.4.2 ROM and above. So you can't use it on 4.4.2, 4.4.3, and 4.4.4. You can't downgrade the bootloader either. In fact, once on 4.4.2 or above, NEVER try to downgrade your ROM, as you could brick your phone!!
i.e. If you have a locked bootloader and are on 4.4.2 or above, you can't disable write protection, and you can't downgrade your phone safely. If you do try, you can't downgrade Motoboot.img (bootloader and a couple of other things), and GPT.BIN (partition table). which can brick your phone and cause other problems.
However, if you were on 4.4 (aka 4.4.0) with its vulnerable bootloader, you could use SlapMyMoto with MotoWpNoMo to root and disable write protection, then use Safestrap to install 4.4.2 and 4.4.4, and retain root and write protection disable.
Click to expand...
Click to collapse
Yes that's correct that I'm on 4.4.2. Thank you for clearing that up, everything I looked at was confusing. So my last question is Towel Pie Root can only be used for root access apps?
Sent from my XT1058 using XDA Premium 4 mobile app
procitysam said:
Yes that's correct that I'm on 4.4.2. Thank you for clearing that up, everything I looked at was confusing. So my last question is Towel Pie Root can only be used for root access apps?
Sent from my XT1058 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Sort of.
TowelPieRoot provides READ access to protected folders that you can't touch/see without root permissions. So apps like Root Explorer and the like which don't need to WRITE files in /system and such will be fine.
Apps like AdFree, Xposed, and other things that need to write in /system either wont install, or will need an alternate install process. (Xposed does have a way to install without write permissions).
And of course, any changes done to the write protected folders will be lost at power off/on or "hard boot." This poses a challenge for many when installing Xposed, as they do a normal reboot after install which is a "hard boot" and they lose root and xposed and have to start all over. There is a "soft boot" option that can be used when installing xposed.
Note: I have an unlocked bootloader so I've only read about the challenges of installing Xposed and others who use PIE, Towel ROot, and TowelPieRoot and still have write protection enabled. So you'll really want to read those threads that deal with the ROOT app you want to use, or the root method you are using, to find the details of what can/can't be done.
KidJoe said:
Sort of.
TowelPieRoot provides READ access to protected folders that you can't touch/see without root permissions. So apps like Root Explorer and the like which don't need to WRITE files in /system and such will be fine.
Apps like AdFree, Xposed, and other things that need to write in /system either wont install, or will need an alternate install process. (Xposed does have a way to install without write permissions).
And of course, any changes done to the write protected folders will be lost at power off/on or "hard boot." This poses a challenge for many when installing Xposed, as they do a normal reboot after install which is a "hard boot" and they lose root and xposed and have to start all over. There is a "soft boot" option that can be used when installing xposed.
Note: I have an unlocked bootloader so I've only read about the challenges of installing Xposed and others who use PIE, Towel ROot, and TowelPieRoot and still have write protection enabled. So you'll really want to read those threads that deal with the ROOT app you want to use, or the root method you are using, to find the details of what can/can't be done.
Click to expand...
Click to collapse
Awesome explanation thanks. The app has the option to re-root after a reboot so that shouldn't be a problem. Thanks so much for helping!
Sent from my XT1058 using XDA Premium 4 mobile app
procitysam said:
Awesome explanation thanks. The app has the option to re-root after a reboot so that shouldn't be a problem. Thanks so much for helping!
Sent from my XT1058 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
sure, re-root after reboot... BUT any changes you made to the write protected folders while would still be lost and have to be redone after a power off/on or "hard boot".
KidJoe said:
When the bootloader on the X is locked, you can only flash components which are signed by Motorola's "digital key" as being for your phone. So you can only flash an entire rom, or parts of it, which are for your phone.
This prevents using 3rd party or custom recoveries, custom roms, etc. as they are not signed by Motorola's key.
PIE, TowelRoot, TowelPieRoot, SlapMyMoto, RockMyMoto, MotoWPNoMo, etc. does NOT allow for bypassing this.
Only unlocking your bootloader will allow you to use parts not signed by moto, like custom recoveries, 3rd party roms, etc.
My thought is that you are on 4.4.2 because you have used TowelPieRoot. Is that correct?
@Travisdroidx2 suggested SafeStrap, but to install/use Safestrap you need to be rooted and have write protection disabled. Unfortunately, on the Moto X, the MotoWpNoMo exploit was used to disable write protection if you can't unlock your bootloader, BUT the vulnerability in the bootloader that was exploited by MotoWpNoMo has been patched in 4.4.2 ROM and above. So you can't use it on 4.4.2, 4.4.3, and 4.4.4. You can't downgrade the bootloader either. In fact, once on 4.4.2 or above, NEVER try to downgrade your ROM, as you could brick your phone!!
i.e. If you have a locked bootloader and are on 4.4.2 or above, you can't disable write protection, and you can't downgrade your phone safely. If you do try, you can't downgrade Motoboot.img (bootloader and a couple of other things), and GPT.BIN (partition table). which can brick your phone and cause other problems.
However, if you were on 4.4 (aka 4.4.0) with its vulnerable bootloader, you could use SlapMyMoto with MotoWpNoMo to root and disable write protection, then use Safestrap to install 4.4.2 and 4.4.4, and retain root and write protection disable.
Click to expand...
Click to collapse
Thanks for the info. I have a Dev edition so never used safestrap myself. I just know it was a option for locked down phones. Thanks for the clarification.
When using the Towel Pie Root app, do you need Superuser installed as well? And if so do you or don't you need the su binary installed?
I have a locked BL VZW XT1060 on 4.4.2 stock
It was/is rooted.
It has SuperSU installed but without binaries installed.
A little history:
Originally on 4.2.2 then OTA to 4.4.
Downgraded to 4.2.2 and applied SlapMyMoto.
I believe I took OTA to 4.4 with the intention to sit tight there.
I accidentally took OTA to 4.4.2.
This is where it gets weird.
Root was still intact but write protection was temporary, meaning after reboot, I lose it.
This was fine as it allowed me to temporarily disable write protection and enable the native hotspot.
Then, one day I was updating some apps on my phone, I noticed that I completely lost the ability to disable to write protection. I tried uninstalling all to the app updates to no avail.
What are my options to get WiFi tether/Hotspot back?
Sunshine, unlock the bootloader, and have a fully unlocked device. Anything else and you'll likely run into issues similar to what you have now.
Sent from my Moto X
What the guy above me said.
@slingblade01 what you described is exactly what happens.
The vulnerability which MotoWpNoMo exploited to disable write protection was patched in 4.4.2, so if you have a LOCKED Bootloader, and updated from 4.4 you could keep root, but write protection became enabled with no way to disable it again.
If you don't care about upgrading past 4.4.2, you can search for TowelPieRoot, and gain temp root to.
Otherwise, as @imnuts and @nhizzat say, If you are still on 4.4.2, and have its bootloader, then you can use Sunshine to unlock the bootloader, after witch your phone will be just like a Developer Edition, or other edition with the bootloader unlocked.
In other words, once you unlock using Sunshine, you may root by following -> http://forum.xda-developers.com/moto-x/moto-x-qa/instructions-unlocking-rooting-dev-ed-t2649738 Just please be sure to use the latest TWRP fastboot IMG file and Installable ZIP of SuperSU. Once completed, you will have root with write protection disabled.
And it does not matter what Stock ROM or Android version is on your phone (Android 5 has some changes, so stay tuned) , once your bootloader is unlocked, you can always root or re-root it. (You just can't take OTA with custom recovery on there!!).
For Sunshine discussion see -> http://forum.xda-developers.com/moto-x/general/request-help-exploit-moto-x-bl-t2828471
and -> http://forum.xda-developers.com/showthread.php?t=2792487
and most importantly....
http://theroot.ninja/
Sunshine will check if its compatible with your phone first, if it is, it will charge you $25 before proceeding to unlock you. Unlike using the bootloader unlock code from Moto or the middleman, using Sunshine to unlock your bootloader is not destructive.
Once your bootloader is unlocked via Sunshine, do NOT attempt to re-lock it. because if you do relock it, you wont be able to unlock it again!! BTW, there is no need to relock anyway. It doesn't impact taking OTAs, etc.
Thank you and last question.
Thanks, that was the answer I was expecting but wanted professional opinions first.
Before I use Sunshine, do I need to do any prep work first, such as disable/remove root (remove SuperSU)?
Thanks again.
slingblade01 said:
Thanks, that was the answer I was expecting but wanted professional opinions first.
Before I use Sunshine, do I need to do any prep work first, such as disable/remove root (remove SuperSU)?
Thanks again.
Click to expand...
Click to collapse
Because I have a developer edition, I got my bootloader unlock code from moto, and haven't tried Sunshine.
From my brief reading/following of the Sunshine thread, I don't think you have to un-do anything. But I would consider flashing back to stock to remove any traces of SlapMyMoto and the like AFTER you unlock via Sunshine.
Edit: whoops I thought this was the 2014 forum. My bad, I'm not sure how to delete, but will when I figure out.
I'm just trying to get stock Marshmallow on my ATT xt1097. Used kingroot for temp root, and sunshine SUPPOSEDLY unlocked my bootloader. During the "process", Sunshine erased itself from my phone and I had to manually reboot my phone. I got the message before boot that my bootloader WAS unlocked. But root is gone, and kingroot will not give me a permanent root.
Do I need root to flash the stock ROM? If so, is there a way to do this from my phone? I don't have access to a computer at the moment.