So I actually don't have the S5, or any Samsung device for that matter, but a friend of mine does, and really wants to root their phone. I had no idea the AT&T S5 was so secure, but it's pretty interesting too. I've been researching for over 15 hours. I may not have been able to root his phone, but I think I have learned a couple things and maybe some possible root methods.
1.) Since using ODIN to downgrade would soft brick the phone, would it be possible to download the stock Lollipop update onto a computer, give the update super user access, replace the recovery with a custom one, or unlock the bootloader from the computer, then flash it through ODIN?
2.) Intercept any sort of OTA update, then alter it to flash a custom recovery or unlock bootloader? I don't know how you would go around this though.
3.) If someone hasn't taken the OTA update that patched the Stagefright exploit, could someone purposely use the exploit to allow installation of a custom recovery or even to unlock the bootloader since the Stagefright bug has super user access (or so I've heard).
Also, I'm sorry if these are stupid ideas. I know close to nothing about Samsung so everything I'm basing this off of is what I've read in the past 15 hours.
jsmithfms said:
So I actually don't have the S5, or any Samsung device for that matter, but a friend of mine does, and really wants to root their phone. I had no idea the AT&T S5 was so secure, but it's pretty interesting too. I've been researching for over 15 hours. I may not have been able to root his phone, but I think I have learned a couple things and maybe some possible root methods.
1.) Since using ODIN to downgrade would soft brick the phone, would it be possible to download the stock Lollipop update onto a computer, give the update super user access, replace the recovery with a custom one, or unlock the bootloader from the computer, then flash it through ODIN?
2.) Intercept any sort of OTA update, then alter it to flash a custom recovery or unlock bootloader? I don't know how you would go around this though.
3.) If someone hasn't taken the OTA update that patched the Stagefright exploit, could someone purposely use the exploit to allow installation of a custom recovery or even to unlock the bootloader since the Stagefright bug has super user access (or so I've heard).
Also, I'm sorry if these are stupid ideas. I know close to nothing about Samsung so everything I'm basing this off of is what I've read in the past 15 hours.
Click to expand...
Click to collapse
The issue is that AT&T (and Verizon) use an encrypted signature key to verify they are the correct unaltered files as well as the means to unlock the bootloader to allow the OTA. Without that key, the tasks you mention are near impossible. They are not stupid ideas at all..just very difficult with all the security checks included.
KennyG123 said:
The issue is that AT&T (and Verizon) use an encrypted signature key to verify they are the correct unaltered files as well as the means to unlock the bootloader to allow the OTA. Without that key, the tasks you mention are near impossible. They are not stupid ideas at all..just very difficult with all the security checks included.
Click to expand...
Click to collapse
Crap... well does anyone know how that encyption key is generated? Like, could I theoretically get an algorithm from a ROM?
Honestly for the time being I wouldn't bother with ROMS for that Device and carrier at the moment. Especially being that its someone elses device. Towelroot should be a good start. If Im not mistaken I don't think its supposed to trip knox.
Sent from my HTCEVODesign4G using XDA Free mobile app
jsmithfms said:
Crap... well does anyone know how that encyption key is generated? Like, could I theoretically get an algorithm from a ROM?
Click to expand...
Click to collapse
This is the riddle of the Sphinx my friend. I am sure the super devs have tried their best so far to crack it. It has been an ongoing effort to make phones more and more secure, not against the amateur developers and rooters, but against the hackers. These smartphones are now our personal computers, diaries, personal assistants, financial operator, and more. They basically are a person's (and business's) life. AT&T and Verizon have taken the big steps to appeal to the Exchange clients, corporate, government and military contracts. Even the general public want to know their phone is secure. This is what keeps me stuck on the Sprint network.
Have you tried Kingroot?
I successfully rooted my wife's AT&T S4 on OC3 lollipop (supposedly unrootable) with the desktop version. Mobile version didn't work but desktop did without a hiccup. Maybe it'll work on the S5.
http://forum.xda-developers.com/android/apps-games/one-click-root-tool-android-2-x-5-0-t3107461
Rockin' a l337 with Goldeneye v49.1 + Wanam Xposed and loving life on AT&T's 4G LTE network
S5 on lollipop has a new nasty boot loader.... it was a miracle on its own that they ever came up with safestrap to duck the boot loader on earlier versions of android
Related
Hey everyone!
First off, I apologize if I am posting this in the wrong area, as this is my first post here.
About two months ago, I used TowelRoot on my phone and achieved root status. Afterwards, I installed Xposed Framework and started loading modules. When AT&T pushed out an OTA update which updated the kernel, making rooting impossible once again, I did lose my root status. However, Xposed Framework and all of my modules remained installed and still function.
The interesting part is, after a reboot, I noticed that my boot splash screen says "Samsung Galaxy S5 Active", and "Custom" with the unlocked padlock at the bottom. Also, under device status, it says "custom" instead of "official".
I haven't attempted to flash a custom recovery on this phone, but what I'd really like to know is -- is my device's bootloader unlocked now, can I flash a recovery on it, and is there any ROM like a Cyanogenmod base that will be compatible with this phone? I haven't had any luck with researching it because everyone with the AT&T variant of this phone has a locked bootloader, so there hasn't been much opportunity to play with it.
I'd appreciate any help I can get on the matter. I'd like to see what this thing is capable of!
dont mess with itttt leave it until someone replies we need to extract your firmware, hold onto it if you not messing around, im not experinced enough but someone will pm you im sure
MGArcher007 said:
Hey everyone!
First off, I apologize if I am posting this in the wrong area, as this is my first post here.
About two months ago, I used TowelRoot on my phone and achieved root status. Afterwards, I installed Xposed Framework and started loading modules. When AT&T pushed out an OTA update which updated the kernel, making rooting impossible once again, I did lose my root status. However, Xposed Framework and all of my modules remained installed and still function.
The interesting part is, after a reboot, I noticed that my boot splash screen says "Samsung Galaxy S5 Active", and "Custom" with the unlocked padlock at the bottom. Also, under device status, it says "custom" instead of "official".
I haven't attempted to flash a custom recovery on this phone, but what I'd really like to know is -- is my device's bootloader unlocked now, can I flash a recovery on it, and is there any ROM like a Cyanogenmod base that will be compatible with this phone? I haven't had any luck with researching it because everyone with the AT&T variant of this phone has a locked bootloader, so there hasn't been much opportunity to play with it.
I'd appreciate any help I can get on the matter. I'd like to see what this thing is capable of!
Click to expand...
Click to collapse
MGArcher007 said:
Hey everyone!
First off, I apologize if I am posting this in the wrong area, as this is my first post here.
About two months ago, I used TowelRoot on my phone and achieved root status. Afterwards, I installed Xposed Framework and started loading modules. When AT&T pushed out an OTA update which updated the kernel, making rooting impossible once again, I did lose my root status. However, Xposed Framework and all of my modules remained installed and still function.
The interesting part is, after a reboot, I noticed that my boot splash screen says "Samsung Galaxy S5 Active", and "Custom" with the unlocked padlock at the bottom. Also, under device status, it says "custom" instead of "official".
I haven't attempted to flash a custom recovery on this phone, but what I'd really like to know is -- is my device's bootloader unlocked now, can I flash a recovery on it, and is there any ROM like a Cyanogenmod base that will be compatible with this phone? I haven't had any luck with researching it because everyone with the AT&T variant of this phone has a locked bootloader, so there hasn't been much opportunity to play with it.
I'd appreciate any help I can get on the matter. I'd like to see what this thing is capable of!
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?p=54642044
Sent from my SAMSUNG-SM-G900A using XDA Premium HD app
Apparently there are many different circumstances under which the splash screen says custom, which have nothing to do with the bootloader being locked or unlocked. I seem to recall it showing up for people when they just switched to ART runtime, and in some cases it didn't even go back when they switched back to Dalvik. Many of the methods for making this not appear just involve cosmetically hiding it, not actually cleaning up whatever it is that is being detected.
What I wouldn't give to have this bootloader unlocked
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
If there is a dev that wants a s5 to experiment with to get the bootloader unlocked I'll be happy to donate my s5 if I can get it back after finding an exploit . But the dev needs to come with unanimous recommendation by the devs. Let me know I can still use my s3.
Sent from my SAMSUNG-SM-T537A using XDA Free mobile app
Aw man, I was really hoping that the bootloader just somehow magically unlocked itself. Wishful thinking, I suppose. I love my S5 Active, I just wish I had a little more freedom with customizing it in ways like I could my S3.
I wonder if this is a result of Knox being disabled during the root... Either way, I hope I'll still receive OTA updates for things like 4.4.4 if they ever decide to release it, and eventually Android L.
For now, I can't complain -- surprisingly enough, even without root, my Xposed Framework still functions very well and I can still make backend and UI changes in GravityBox.
Regardless, thanks for all the replies, guys! I probably won't mess with trying to fix it unless they come out with an OTA update that I can't get as a result of this.
MGArcher007 said:
Aw man, I was really hoping that the bootloader just somehow magically unlocked itself. Wishful thinking, I suppose. I love my S5 Active, I just wish I had a little more freedom with customizing it in ways like I could my S3.
I wonder if this is a result of Knox being disabled during the root... Either way, I hope I'll still receive OTA updates for things like 4.4.4 if they ever decide to release it, and eventually Android L.
For now, I can't complain -- surprisingly enough, even without root, my Xposed Framework still functions very well and I can still make backend and UI changes in GravityBox.
Regardless, thanks for all the replies, guys! I probably won't mess with trying to fix it unless they come out with an OTA update that I can't get as a result of this.
Click to expand...
Click to collapse
Sadly. ...We may never see the bootloader unlocked without a factory method...
It's encryption prevents us from even being able to open it into a usable state...
We need either an encryption key....or a new bootloader entirely...
Not happening any time soon....g
I have an ATT S5 (SM-G900A), completely stock, unrooted, updated to the latest 5.0 OTA update. My requirements for my phone are that it be able to pass Airwatch checks and that it be able to be encrypted (Personal device used at work). Some background first:
Last time I tried to play around with rooting, other mods, and whatnot was on my ATT S3 (I think I747?) and I discovered that an unspecified combination of rooting, installing a custom loader (CWM in my case) and installing a custom mod (Cyanogenmod at the time) made my phone unable to encrypt. At the time I was not required to use Airwatch, but encryption was required for my phone to connect to work, so I gave up on the whole lot.
I have now discovered that ATT, in their infinite wisdom, has replaced the S Voice drive mode with their own "ATT Drive Mode", and it's been verified they went so far as to remove the related APKs from the phone entirely. For those unaware, S Voice Drive mode is an feature of S Voice that (when turned on) reads out all callers and text messages, and then verbally prompts you for actions; reply, answer, ignore, etc. It allows fully hands free functionality. ATT Drive Mode, on the other hand, automatically kicks in whenever speeds of 20 MPH are detected (even if you're a passenger), rejects all calls and texts excluding a user-defined 5 person list, and essentially makes your phone useless anytime you're in a car. The goal is to "reduce texting and distracted driving", but as I'm on-call as part of my job and need to at least be aware of texts that come in within 10 minutes of receipt, it actually makes my drive much more dangerous. ATT Drive mode is a good idea for teens, perhaps, but i'm not a teen.
This brings me to my question: What are my options?
--Does rooting break my ability to encrypt? I know airwatch will flag, but I'm thinking there's a possibility of being able to root, put a custom loader on my phone, and then restore stock with that custom loader, whereupon I can try to install the drive mode APK...which leads me to my next question:
--Does having a custom loader (like safestrap or CWM or whatever is in use nowadays) break my ability to encrypt?
--Does anyone know of a way to install the S Voice drive mode in the G900A? I tried searching, but the only references involved being rooted, or ended with something vague like "download a stock rom and find the apk using root explorer" as the solution (which is vague to me because I don't know which stock rom to use, what apk to look for, and last time I used root explorer on my s3, it needed root...)
Honestly, the ideal solution would be something like the stock rom from the international version that would run on my ATT version...but I don't know if such a thing exists or is possible. I don't mind Samsung's cruft, but I do dislike ATT's lobotomizing of my phone to push their own little product that treats me like a kid. I know that I am less safe as a driver without the S Voice drive mode than I was with it.
I take it I have no options? And that no one knows how rooting affects encryption?
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
sheaiden said:
I take it I have no options? And that no one knows how rooting affects encryption?
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
Click to expand...
Click to collapse
I will make it easy for you. Since you took the 5.0 OTA update rooting is not possible anymore. Also there is no way to downgrade to KitKat which was rootable. Sorry. Not much you can do until someone finds a way to root 5.0. If you find the S Voice Drive app, you can side load it and see if it works.
Waiting4MyAndroid said:
I will make it easy for you. Since you took the 5.0 OTA update rooting is not possible anymore. Also there is no way to downgrade to KitKat which was rootable. Sorry. Not much you can do until someone finds a way to root 5.0. If you find the S Voice Drive app, you can side load it and see if it works.
Click to expand...
Click to collapse
Actually, while I greatly appreciate the fact that you took the time to reply (seriously! at least you took the time!), this is neither easy nor related to the questions I asked. If you look at my post, I'm not asking "how can I root", I'm asking three rather different questions:
--Does rooting break my ability to encrypt? I know airwatch will flag, but I'm thinking there's a possibility of being able to root, put a custom loader on my phone, and then restore stock with that custom loader, whereupon I can try to install the drive mode APK...which leads me to my next question:
--Does having a custom loader (like safestrap or CWM or whatever is in use nowadays) break my ability to encrypt?
--Does anyone know of a way to install the S Voice drive mode in the G900A? I tried searching, but the only references involved being rooted, or ended with something vague like "download a stock rom and find the apk using root explorer" as the solution (which is vague to me because I don't know which stock rom to use, what apk to look for, and last time I used root explorer on my s3, it needed root...)
In fact, I am unable to remain rooted (Airwatch; it's part of the post title), and the whole point and thrust of my question lies in the fact that I am looking to find out what affects encryption and what options I have as far as getting S Voice Drive mode on my phone while staying Airwatch compliant (not rooted). In addition, "if you can find the s voice drive app" is part of the problem too, as evidenced by the third question I asked above; I don't know where to find said app.
Does anyone know anything regarding what I was actually asking?
Everything that you want to do requires ROOT! Safstrap needs root, CWM will brick you phone since the bootloader is locked. Again, there is no way as of now to root the S5 with 5.0 att OTA.
Here is the link to download the GS4 S Voice app. You can try and side load it,
https://www.dropbox.com/s/oe7i2g81iuhjv38/S-Voice_Android_phone_J.apk?dl=0
Waiting4MyAndroid said:
Everything that you want to do requires ROOT! Safstrap needs root, CWM will brick you phone since the bootloader is locked. Again, there is no way as of now to root the S5 with 5.0 att OTA.
Here is the link to download the GS4 S Voice app. You can try and side load it,
Click to expand...
Click to collapse
Awesome, I'll start with that sideloading, and test it out. Thanks! As far as the rest, I suppose that does clarify some things (that I admittedly already knew), so I do appreciate it, but it still does leave the answers to the other questions. I can infer, of course, that the answer to whether having a custom bootloader on the Galaxy S5 breaks encryption will be dependent on whether root breaks the encryption, since as you pointed out custom bootloaders need root to install, but the fantasy I entertained for a little while was rooting when there's a method (hope springs eternal, so I'm hoping it will eventually be possible), installing a custom bootloader so I can do things like backups and sideload, getting the proper apk's installed for the drive app, and then unrooting it so I can connect it via airwatch to my work's network. Perhaps I should have marked this as a solidly theoretical question, since as you said, there currently exists no root. I just want to know, with the unique way that Samsung implemented Knox and the encryption on the S5, what will break encryption and what won't?
Of course, there is a side question brought up by all this...how possible is it to load another firmware on my phone? as in, use Odin to put the tmobile image on my phone. That is likely a bad example, since I'm fairly certain there are actual hardware differences between the ATT and the tmobile models, but the concept still stands. At what level are the hardware configurations different between phone companies?
sheaiden said:
Awesome, I'll start with that sideloading, and test it out. Thanks! As far as the rest, I suppose that does clarify some things (that I admittedly already knew), so I do appreciate it, but it still does leave the answers to the other questions. I can infer, of course, that the answer to whether having a custom bootloader on the Galaxy S5 breaks encryption will be dependent on whether root breaks the encryption, since as you pointed out custom bootloaders need root to install, but the fantasy I entertained for a little while was rooting when there's a method (hope springs eternal, so I'm hoping it will eventually be possible), installing a custom bootloader so I can do things like backups and sideload, getting the proper apk's installed for the drive app, and then unrooting it so I can connect it via airwatch to my work's network. Perhaps I should have marked this as a solidly theoretical question, since as you said, there currently exists no root. I just want to know, with the unique way that Samsung implemented Knox and the encryption on the S5, what will break encryption and what won't?
Of course, there is a side question brought up by all this...how possible is it to load another firmware on my phone? as in, use Odin to put the tmobile image on my phone. That is likely a bad example, since I'm fairly certain there are actual hardware differences between the ATT and the tmobile models, but the concept still stands. At what level are the hardware configurations different between phone companies?
Click to expand...
Click to collapse
You will not be able to change your bootloader period... At this point the locked bootloader is unbreakable. That leads to your next question about tmobile and that's a no as well due to the locked down bootloader.
Even with root you won't be able to do anything you've suggested due to the locked bootloader.
OPOfreak said:
You will not be able to change your bootloader period... At this point the locked bootloader is unbreakable. That leads to your next question about tmobile and that's a no as well due to the locked down bootloader.
Even with root you won't be able to do anything you've suggested due to the locked bootloader.
Click to expand...
Click to collapse
Interesting. I had been under the impression that I had seen people referring to installing clockworkmod or some similar thing on an S5, but I think I may be getting caught up in terminology; those are recoveries, aren't they? not bootloaders? Or perhaps people were posting about the other S5s with unlocked bootloaders. 15 different versions of S5, and I get stuck with the most apple-like of all the carriers....(in the sense of "you take what we give you and don't play with it!")
So, assuming I don't manage to get it installed via the link Waiting4MyAndroid was kind enough to post, I think that rules out anything other than the method of:
--wait for a root method to be established for the new OTA
--root, install the drive apk
--unroot, so I can encrypt and pass airwatch
Does anyone know if the old method of rooting broke encryption? and whether encryption was able to be performed after unrooting again?
Edit: Attempted to Sideload. Sadly, it is telling me "App not installed" (other sideloads do work; it's not the unknown sources setting). I'm thinking either the apk is marked for s4, and it's not compatible, or it's trying to overwrite files from the established svoice system, and that's not allowed. I suppose if someone has the drive apks from a tmobile S5 image or some such thing (same model, different carrier), then I could try again, but unfortunately this apk doesn't work. Thanks for the attempt, Waiting4MyAndroid!
the guy who unlocked the bootloader on Verizon's s5 variant has released a document detailing what I believe is the procedure. Could this open the door for ATT's variant to be unlocked?
https://twitter.com/firewaterdevs/status/713906161834192896
http://theroot.ninja/disclosures/SAMDUNK_1.0-03262016.pdf
sensei22 said:
the guy who unlocked the bootloader on Verizon's s5 variant has released a document detailing what I believe is the procedure. Could this open the door for ATT's variant to be unlocked?
https://twitter.com/firewaterdevs/status/713906161834192896
http://theroot.ninja/disclosures/SAMDUNK_1.0-03262016.pdf
Click to expand...
Click to collapse
Possibly, based on what I read from it though it needs the string from the dev-edition device, they have that with the Verizon version so it's easy to get, we only have the one, so I think(speculation) it would be trivial at best to repeat this in our model since we don't even know what to set the CID to to make it reflect that of the 'dev edition', I don't think we're getting a towelroot from this at least[emoji14]
Sent from my SAMSUNG-SM-G900A using Tapatalk
I'm going to take a guess that the Verizon and AT&T phones are both unlockable via the same method. I don't even know how to run Samdunk.. Phone or PC? (Can't be Phone if we have no root access :/)
this really seems promising, i still love my s5 and would like to have the bootloader unlocked at some point.
I wouldn't get your hopes up. That unlock requires root which means anyone on 5.0 or above already is SOL, even IF that method worked on AT&T.
You cant root 5.1.1 on atnt because root modifys the system partition.You can still gain hardware access if theres an exploit you just cant modify the system partition(or the device wont turn on again after a full power-down) because it is checksumed on every boot. (and you cant remove this because it is in the kernel that is signature checked on every boot(and the user and system partitions aren't mounted yet so you cant run a hack to get around it))
This does not mess with the system partition so you could run a kernel exploit and this right after with out rooting.
For the cid use the tmobile s5 cid it is bootloader unlocked right from the store and has the same hardware(gsm modem).
Although my atnt device has 11 toshiba memory and all atnt devices might.
Guicrith said:
You cant root 5.1.1 on atnt because root modifys the system partition.You can still gain hardware access if theres an exploit you just cant modify the system partition(or the device wont turn on again after a full power-down) because it is checksumed on every boot. (and you cant remove this because it is in the kernel that is signature checked on every boot(and the user and system partitions aren't mounted yet so you cant run a hack to get around it))
This does not mess with the system partition so you could run a kernel exploit and this right after with out rooting.
For the cid use the tmobile s5 cid it is bootloader unlocked right from the store and has the same hardware(gsm modem).
Although my atnt device has 11 toshiba memory and all atnt devices might.
Click to expand...
Click to collapse
My att s5 has 15 for the first 2 digits of the Cid.
Guicrith said:
You cant root 5.1.1 on atnt because root modifys the system partition.You can still gain hardware access if theres an exploit you just cant modify the system partition(or the device wont turn on again after a full power-down) because it is checksumed on every boot. (and you cant remove this because it is in the kernel that is signature checked on every boot(and the user and system partitions aren't mounted yet so you cant run a hack to get around it))
This does not mess with the system partition so you could run a kernel exploit and this right after with out rooting.
For the cid use the tmobile s5 cid it is bootloader unlocked right from the store and has the same hardware(gsm modem).
Although my atnt device has 11 toshiba memory and all atnt devices might.
Click to expand...
Click to collapse
Mine is 15, I may be willing to be the guinea pig for this as long as it's not a 100% brick. I'm not entirely sure about the tmo s5 simply having the same hardware will make it work, if something like that was the case why did Verizon folks have to wait for someone with the dev Verizon s5 to upload their aboot?
Sent from my SAMSUNG-SM-G900A using Tapatalk
Anyone here willing to risk bricking their device with a 15 series chip pm me!
I saw on a thread maybe the Verizon s5 bootloader unlocking thread a post about copying your original boot chain to an SD card so incase you brick you can still boot the original boot chain off of your SD. Apparently your SD has to be class 10. Just more food for thought.
How do I check my cid? I'm tempted to test as I have the S7 now. But if this works, I may very well return the S7 due to locked bootloader.
TehPirate_ said:
How do I check my cid? I'm tempted to test as I have the S7 now. But if this works, I may very well return the S7 due to locked bootloader.
Click to expand...
Click to collapse
Brickbug emmc from play store. Still not clear if we can make it work, it should and can, but I think we're missing the att 'dev edition'(maybe factory has it with this?) aboot as just using the Verizon one doesn't seem to work.
Sent from my SAMSUNG-SM-G900A using Tapatalk
Rakuu said:
Brickbug emmc from play store. Still not clear if we can make it work, it should and can, but I think we're missing the att 'dev edition'(maybe factory has it with this?) aboot as just using the Verizon one doesn't seem to work.
Sent from my SAMSUNG-SM-G900A using Tapatalk
Click to expand...
Click to collapse
Shame, mines Toshiba (11)
I just want to let everyone know that I've been involved with the thread over at Verizon and guinea pigged for us. I do have an active, however that shouldn't matter. At the moment, you can run both methods and it will appear to be successful, even changing the Cid, but it doesn't unlock the bootloader.
So for now, we're out of luck.
N4styN1ghtm4r3 said:
I just want to let everyone know that I've been involved with the thread over at Verizon and guinea pigged for us. I do have an active, however that shouldn't matter. At the moment, you can run both methods and it will appear to be successful, even changing the Cid, but it doesn't unlock the bootloader.
So for now, we're out of luck.
Click to expand...
Click to collapse
Damn, I was hoping this would pan out as I have a CID that starts with 15. Checked yesterday when advised in the TMS5 3.0 thread. I got this s5 from Samsung insights so I was hoping that'd help but it's At&t branded with locked bootloader. Waiting patiently for an option to unlock bootloader as I don't plan to get a new phone anytime soon.
~TMS5-3.0-TMBUILD on G900A with Blue Ice Theme
joshua14 said:
Damn, I was hoping this would pan out as I have a CID that starts with 15. Checked yesterday when advised in the TMS5 3.0 thread. I got this s5 from Samsung insights so I was hoping that'd help but it's At&t branded with locked bootloader. Waiting patiently for an option to unlock bootloader as I don't plan to get a new phone anytime soon.
~TMS5-3.0-TMBUILD on G900A with Blue Ice Theme
Click to expand...
Click to collapse
If you're comfortable doing this kind of stuff, then you can try without risking anything. Nobody with an original s5 has tried it, only me, but again, mine is an active. That may or may not be the reason it didn't work for me, but if somebody with an original s5 wants to try, that would give us a definitive answer.
I did both methods and everything went fine, with no errors. It simply didn't unlock. So feel free to give it a shot, you'll just have to restore your old Cid if it fails, which is no big deal. The only thing I'd give a heads up on, is both methods erase your SD card, so use a spare SD card or back up your files from it somewhere else.
Good luck if you try!!
N4styN1ghtm4r3 said:
If you're comfortable doing this kind of stuff, then you can try without risking anything. Nobody with an original s5 has tried it, only me, but again, mine is an active. That may or may not be the reason it didn't work for me, but if somebody with an original s5 wants to try, that would give us a definitive answer.
I did both methods and everything went fine, with no errors. It simply didn't unlock. So feel free to give it a shot, you'll just have to restore your old Cid if it fails, which is no big deal. The only thing I'd give a heads up on, is both methods erase your SD card, so use a spare SD card or back up your files from it somewhere else.
Good luck if you try!!
Click to expand...
Click to collapse
This will be something to try for the weekend. I have backups for both SS and FF so as long as I don't risk full bricking then I'm game. I have a few spare sd cards too. I never took any OTA updates, the first one that tried getting pushed on me while still within the 6 month insights program I rooted with TowelRoot and froze with TB. Other than that I didn't do much else until more recently to go to Muniz_ri 5.0 keeproot and then to TMS5-3.0-TMBUILD. I was hoping of convincing At&t to unlock the bootloader along with the sim unlock since they don't have any rights to this phone. I still have my Next plan s5 thru them so I can toy with this one, just don't want to end up completely bricking either. I have 2 S3 that I put full custom CM builds on for the kids to play with, just turned off root. Lol
~TMS5-3.0-TMBUILD on G900A with Blue Ice Theme
joshua14 said:
This will be something to try for the weekend. I have backups for both SS and FF so as long as I don't risk full bricking then I'm game. I have a few spare sd cards too. I never took any OTA updates, the first one that tried getting pushed on me while still within the 6 month insights program I rooted with TowelRoot and froze with TB. Other than that I didn't do much else until more recently to go to Muniz_ri 5.0 keeproot and then to TMS5-3.0-TMBUILD. I was hoping of convincing At&t to unlock the bootloader along with the sim unlock since they don't have any rights to this phone. I still have my Next plan s5 thru them so I can toy with this one, just don't want to end up completely bricking either. I have 2 S3 that I put full custom CM builds on for the kids to play with, just turned off root. Lol
~TMS5-3.0-TMBUILD on G900A with Blue Ice Theme
Click to expand...
Click to collapse
Yea like I said, as long as you follow the steps closely, there isn't a chance of bricking, it just won't unlock. Let us know when you give it a shot!
Still don't work as of yet...maybe never. The main thread on this is here:
http://forum.xda-developers.com/ver...locking-galaxys-s5-bootloader-t3337909/page77
samccfl99 said:
Still don't work as of yet...maybe never. The main thread on this is here:
http://forum.xda-developers.com/ver...locking-galaxys-s5-bootloader-t3337909/page77
Click to expand...
Click to collapse
It's likely to be never unless we get the proper CID, which as about a needle in a haystack to guess as the bootloader key.
Sent from my SAMSUNG-SM-G900A using Tapatalk
I've got a S6 Active that when I received it was on Lollipop. I was able to flash MM (using thread here on XDA) to it before it was officially released from the carrier. Then I was able to flash back to stock Lollipop and then received the MM 6.0.1 update from the carrier. I wanted to flash back to Lollipop for testing purposes but was unable. I think it's because the bootloader is locked?
I've read a bunch of threads saying that the S6 active has nott been rooted? Has a locked bootloader? Can't run custom roms?
Can someone please give me the scoop on this. I'd like to go back to lollipop for testing but I don't think its possible. Is that the case? Thanks.
Roveer
roveer said:
I've got a S6 Active that when I received it was on Lollipop. I was able to flash MM (using thread here on XDA) to it before it was officially released from the carrier. Then I was able to flash back to stock Lollipop and then received the MM 6.0.1 update from the carrier. I wanted to flash back to Lollipop for testing purposes but was unable. I think it's because the bootloader is locked?
I've read a bunch of threads saying that the S6 active has nott been rooted? Has a locked bootloader? Can't run custom roms?
Can someone please give me the scoop on this. I'd like to go back to lollipop for testing but I don't think its possible. Is that the case? Thanks.
Roveer
Click to expand...
Click to collapse
hi
yes it's not possible to downgrade your rom or your bootloader because of the locked bootloader that prevents any try to modify the device...
is this typical of most phones? I've read of others frutrations about the S6 active still having a locked bootloader. Did I just pick a bad platform? Is S6 the same way? How about S7 series? Thanks.
roveer said:
is this typical of most phones? I've read of others frutrations about the S6 active still having a locked bootloader. Did I just pick a bad platform? Is S6 the same way? How about S7 series? Thanks.
Click to expand...
Click to collapse
Locked bootloaders are often the case for phones provided by carriers. While a phone purchased directly from the manufacturer is usually able to have its bootloader unlocked, carrier phones are locked by the carrier themselves, preventing any tampering by the end user. A custom ROM is any modified version of Android not developed by the company that made your phone. Think of it like a third party system. To get these custom ROMs onto your phone you must "flash" (simply, install) the ROM from your computer to your phone. However, a locked bootloader prevents this. While in some cases there are ways to get around carrier locked bootloaders, it is generally futile. If you purchased the S6 Active in hopes of tinkering around with custom ROMs, I'm afraid you have picked the wrong phone. The S6 Active, as of currently, is permanently locked to Samsung's and AT&T's "stock ROM"
EDIT: as for going back to Lollipop, the reason this is generally not possible is due to the fact that the Marshmallow update also updated critical parts related to the bootloader. It is impossible to roll back these changes once they have been made as they are strictly one way.
Thanks for the explanation. I didn't buy the phone for the express reason for changing android versions but rather to use as my daily driver. We are a BES 12 (Blackberry Enterprise Server) shop and I have found a bug that causes the VPN portion of the software to drop after an hour or so. Simply hitting the home button (waking the phone up re-establishes the vpn and mail flow continues). I'm working with BB to determine what's going on. I've disabled all power saving and doze settings yet still the problem. They are going to activate some other phones on my system to see if they see the problem. My reason for wanting to go back to lollipop is that I don't believe I saw this problem when I was on that OS so I was hoping to go back to confirm that behavior. I like the "active" phones for their ruggedness but don't have an unlimited budget to be buying handsets.
Roveer
roveer said:
Thanks for the explanation. I didn't buy the phone for the express reason for changing android versions but rather to use as my daily driver. We are a BES 12 (Blackberry Enterprise Server) shop and I have found a bug that causes the VPN portion of the software to drop after an hour or so. Simply hitting the home button (waking the phone up re-establishes the vpn and mail flow continues). I'm working with BB to determine what's going on. I've disabled all power saving and doze settings yet still the problem. They are going to activate some other phones on my system to see if they see the problem. My reason for wanting to go back to lollipop is that I don't believe I saw this problem when I was on that OS so I was hoping to go back to confirm that behavior. I like the "active" phones for their ruggedness but don't have an unlimited budget to be buying handsets.
Roveer
Click to expand...
Click to collapse
If the software you are referring to is something provided by blackberry, perhaps they need to patch their software for compatibility with Android Marshmallow. While not all software is broken by a major Android update, there are definitely some that are. Of course enterprise level software is entirely foreign to me (I'm only 17), so getting a second opinion on this issue would definitely be a good idea.
OK, I understand locked bootloader preventing from flashing any custom roms etc. Even preventing previous official android. Here's another question: Is there a way to flash current android version? I'm on G890AUCS4CPF3 which is an AT&T build. What is the carrier's method to reflash current OS when there has been some corruption to the version that is on the phone. Not just wipe, but reload entire android, re-create file system etc... That's what I want to try next. Blackberry has activated a Samsung S6 on my server and it (so far) is not exhibiting the same problem as my S6 Active. This leads me to believe that it my be a problem with my hardware. I want to do a reload at this point. Any ideas how I can do that? Odin flash? Is there a repository for the G890AUCS4CPF3 ROM?
Thanks,
Roveer
roveer said:
OK, I understand locked bootloader preventing from flashing any custom roms etc. Even preventing previous official android. Here's another question: Is there a way to flash current android version? I'm on G890AUCS4CPF3 which is an AT&T build. What is the carrier's method to reflash current OS when there has been some corruption to the version that is on the phone. Not just wipe, but reload entire android, re-create file system etc... That's what I want to try next. Blackberry has activated a Samsung S6 on my server and it (so far) is not exhibiting the same problem as my S6 Active. This leads me to believe that it my be a problem with my hardware. I want to do a reload at this point. Any ideas how I can do that? Odin flash? Is there a repository for the G890AUCS4CPF3 ROM?
Thanks,
Roveer
Click to expand...
Click to collapse
Carriers can tell if your Firmware is theirs or not because official Firmware is digitally signed by Samsung and AT&T.
As for using Odin, that would be your most viable option. However, I am not aware of any Odin images for the Marshmallow update on the S6A. As far as I know, Odin cannot get around the restriction of having a newer Bootloader, so you cannot flash down.
One thing you can try is to wipe cache partition. If that fails, factory reset from within the bootloader. Just make sure you've backed your data up.
EDIT: Take note that there is a difference in Firmware between the S6 vs the S6A.
EDIT 2: In your other thread you stated you can't flash back to lollipop due to a locked bootloader. This is actually due to, as stated before, the newest bootloader tha to the latest Android Marshmallow update.
FevenKitsune said:
Carriers can tell if your Firmware is theirs or not because official Firmware is digitally signed by Samsung and AT&T.
As for using Odin, that would be your most viable option. However, I am not aware of any Odin images for the Marshmallow update on the S6A. As far as I know, Odin cannot get around the restriction of having a newer Bootloader, so you cannot flash down.
One thing you can try is to wipe cache partition. If that fails, factory reset from within the bootloader. Just make sure you've backed your data up.
EDIT: Take note that there is a difference in Firmware between the S6 vs the S6A.
EDIT 2: In your other thread you stated you can't flash back to lollipop due to a locked bootloader. This is actually due to, as stated before, the newest bootloader tha to the latest Android Marshmallow update.
Click to expand...
Click to collapse
So I wiped the cache partition and factory reset within the bootloader and tried my app again. It continued to fail. I even found the MM image in the S6 Active MM thread and sideloaded it. It was only 400+ megs though. Still the app doesn't work so I'm starting to doubt that my problems are related to my particular S6 but its always a possibility. I'm trying to get Blackberry to dig up their own S6A and test on their own. They've been testing with a S6 for the past 2 days (on my BES server) and haven't seen the same problems, so it's either my device or a problem with the S6A (which as has been pointed out does use a different firmware version than the S6), but until I can get another S6 Active device to test I won't know.
Roveer
Hey there,
So I need to know all the necessary steps to properly install Andronix and Termux (F-Droid) by unlocking the bootloader. Do you know where I can find all the information about that for Galaxy s10?
Depends on WHICH S10 you have. Snapdragon CPU versions cannot really be unlocked. Exynos can. This forum is full of threads on how to do the Exynos, of course... I have a Snapdragon so I haven't spent much time learning it...
Ok thanks I have a snapdragon also so I guess I will do something else
I hear you - I have Snapdragon too, so I gave up ROM and rooting on this phone. Honestly, I don't miss it. I used to ROM and root all my previous phones, but I don't see the need to do that anymore.
I want to ssh my network from my phone using a vpn to access my router so I can wake on lan my server
You should be able to do that without root from the phone - ssh doesn't require root to run, and it's just a secure terminal. You can get an app to do that (I see plenty on the play store). As for VPN, again, you don't need root on the phone to do that - I have used OVPN many times from my phone without issue (and without root).
schwinn8 said:
You should be able to do that without root from the phone - ssh doesn't require root to run, and it's just a secure terminal. You can get an app to do that (I see plenty on the play store). As for VPN, again, you don't need root on the phone to do that - I have used OVPN many times from my phone without issue (and without root).
Click to expand...
Click to collapse
Ok thanks
Why is everybody so convinced that rooting will only be possible with an unlocked bootloader? if there were to be a kernel exploit which would gain us access to the block devices i would say it's possible to downgrade the bootloader or anything which is accessible by block devices like the recovery partition. Am i missing something here?
DaanNL said:
Why is everybody so convinced that rooting will only be possible with an unlocked bootloader? if there were to be a kernel exploit which would gain us access to the block devices i would say it's possible to downgrade the bootloader or anything which is accessible by block devices like the recovery partition. Am i missing something here?
Click to expand...
Click to collapse
If you have a solution to root a galaxy s10 snapdragon cpu I will read your comments on it. But I think I believe that is because of the articles in the internet are only mentioning that I need to unlock the bootloader.
Indirectelex said:
If you have a solution to root a galaxy s10 snapdragon cpu I will read your comments on it. But I think I believe that is because of the articles in the internet are only mentioning that I need to unlock the bootloader.
Click to expand...
Click to collapse
Yes, everybody is so convinced that you need to unlock the bootloader and i wonder why.... we don't need odin to flash, afaik as we can find a kernel exploit which would gain us root access we could set properties to enable the oem unlock option.... making it available and usable could be a different case..... some requirements need to be met. If we could access block devices we should be able to install magisk and root the device.
Indirectelex said:
If you have a solution to root a galaxy s10 snapdragon cpu I will read your comments on it. But I think I believe that is because of the articles in the internet are only mentioning that I need to unlock the bootloader.
Click to expand...
Click to collapse
I think i'm getting somewhere, don't know for sure... at first i was only able to flash CSC and now i'm able to flash every slot.... do you have the same results in odin?
DaanNL said:
I think i'm getting somewhere, don't know for sure... at first i was only able to flash CSC and now i'm able to flash every slot.... do you have the same results in odin?
Click to expand...
Click to collapse
I cant do tests on my galaxy s10 but I will on a Moto z2
we are so ****ed with the cellphones
Yeah, I need one too! I got a Galaxy S10 Plus Snapdragon. It's it's been 2 years since I have it and I can't find nobody that can teach me how to root it!!!
Because it cannot be rooted. US carriers have made that happen, and the manufacturers have had to keep doing it.
Many have tried, and on older BLs it can be done, but once you update you are stuck on a newer BL and cannot downgrade. If you root with the older BL, you cannot upgrade the BL either, because that will relock it.
If someone comes up with a way to do it, I'm all ears, as are many others... but with higher level crypto being implemented for this protection (ie, you need to know the crypto key!), it likely won't happen.
I have an idea but i don't know if it's possible, i tried but it seems corepatch isn't working.
I see a lot of topics about what's needed to unlock the bootloader, but if i look in the source code what is required to unlock the bootloader there's a lot of ro. properties which we can't set because we are not root.
As LSPatch can now communicate with Shizuku and gain system level access we might be able to disable system app verification (platform certificate, by extending CorePatch or maybe someone can write a signature verification disabler for lsposed). Then create an app which doesn't check for all these properties and initiates an OEM unlock and install it as system user./