My Journey Thus Far, am I wasting my effort? - Verizon Motorola Droid Turbo Q&A, Help & Troublesh

I've been doing research and experimenting for the past few days, with only 6 hours of sleep in the last 48 hours. Long story short, I had a Droid TURBO on Verizon, loved it, the best phone I've ever had hands down. A month or so into having my Turbo, my family switched to Sprint, rendering my Turbo completely useless as a phone Skip a few more months ahead to 11/15 when I broke my Samsung S6. I was looking for an excuse to figure out how to do this, I'd done a few hours of research, but never really had a reason to attempt what I have been. My goal is to allow my droid turbo to call/text with my sprint number and plan. My first idea was to simply open up some bands, maybe change some APN settings, BOY was I in for a trip. I'm currently running the 5.1 OTA of Lollipop on my Turbo, which means I have a locked bootloader, however I've gotten as far as getting temporary root access on 5.1 OTA (SU3TL-39). I wasn't sure how temporary root worked at first so of course, I was trying to get "XPOSED" working with this temporary root, then I could modify the phones information and trick Sprint into thinking that my Droid Turbo, is actually my old phone. I attempted to change the IMEI swap the two different IMEI's however it was soon after that, that I found out that my temporary root doesn't actually save after a boot, or even in-between roots. Kingroot seems to have to keep re-rooting itself in order to keep it's temporary root alive. Anyways, I've been up all night, and I've got to get to Uni. I'd like to see what other ideas you all might have. At this point I've gotten invested in attempting to find my own method to rooting, or flashing a modified firmware of some type. I'd really like some guidance in these fields even if my Turbo will never work with Sprint. I appreciate those of you who read the post entirely.
EDIT: I've gotten many different theories, but the only way I see myself doing this is by somehow downgrading and starting from complete scratch, maybe even rebuilding the OS just to miss the security update? (All of these things are probably impossible, but I'd really like to think that we can figure something out together instead of letting the TURBO die.)
EDIT 2: ****, I really need to leave, but I had one last idea as I walked out the door, I'm sure it's out of the question, but maybe there's some way to physically modify the TURBO, or even modify the IMEI that the SIM card is looking for in the first place, but all just theories, will come back later with more ideas!

Tabrune said:
I've been doing research and experimenting for the past few days, with only 6 hours of sleep in the last 48 hours. Long story short, I had a Droid TURBO on Verizon, loved it, the best phone I've ever had hands down. A month or so into having my Turbo, my family switched to Sprint, rendering my Turbo completely useless as a phone Skip a few more months ahead to 11/15 when I broke my Samsung S6. I was looking for an excuse to figure out how to do this, I'd done a few hours of research, but never really had a reason to attempt what I have been. My goal is to allow my droid turbo to call/text with my sprint number and plan. My first idea was to simply open up some bands, maybe change some APN settings, BOY was I in for a trip. I'm currently running the 5.1 OTA of Lollipop on my Turbo, which means I have a locked bootloader, however I've gotten as far as getting temporary root access on 5.1 OTA (SU3TL-39). I wasn't sure how temporary root worked at first so of course, I was trying to get "XPOSED" working with this temporary root, then I could modify the phones information and trick Sprint into thinking that my Droid Turbo, is actually my old phone. I attempted to change the IMEI swap the two different IMEI's however it was soon after that, that I found out that my temporary root doesn't actually save after a boot, or even in-between roots. Kingroot seems to have to keep re-rooting itself in order to keep it's temporary root alive. Anyways, I've been up all night, and I've got to get to Uni. I'd like to see what other ideas you all might have. At this point I've gotten invested in attempting to find my own method to rooting, or flashing a modified firmware of some type. I'd really like some guidance in these fields even if my Turbo will never work with Sprint. I appreciate those of you who read the post entirely.
EDIT: I've gotten many different theories, but the only way I see myself doing this is by somehow downgrading and starting from complete scratch, maybe even rebuilding the OS just to miss the security update? (All of these things are probably impossible, but I'd really like to think that we can figure something out together instead of letting the TURBO die.)
EDIT 2: ****, I really need to leave, but I had one last idea as I walked out the door, I'm sure it's out of the question, but maybe there's some way to physically modify the TURBO, or even modify the IMEI that the SIM card is looking for in the first place, but all just theories, will come back later with more ideas!
Click to expand...
Click to collapse
There are two problems that you're up against:
1. The /system partition is write protected. Even with temp root (or permanent root, for that matter), /system cannot be modified. To use anything via the xposed framework, the framework must be installed, which requires writing to /system, which is impossible. The only way around this is the moforoot exploit, which allows flashing of pre-modified /system images, eliminating the need to modify /system while the phone is running. However, this does not work on the 5.1 bootloader, which you have.
2. As you correctly state, the bootloader is locked. That means no downgrading and no flashing of modified firmwares using official flashing methods (fastboot, mfastboot) or non-mofo unofficial methods (TWRP, FlashFire).
This thread discusses hardware modifications. It's way above my head, so I'm not sure how useful it is: http://forum.xda-developers.com/droid-turbo/development/rd-turbo-jtag-emmc-direct-hardware-t3162558.
Hope this is at least moderately helpful.

I suppose there's no way to disguise an exploit within some of the core system files? Since all of these files are signature checked, but how exactly does signature checking work with the Lollipop, I doubt that it would be easy to trick, but maybe some reverse engineering of it? Trick it into thinking that everything is okay even though an exploit is riding alongside a system file.

Tabrune said:
I suppose there's no way to disguise an exploit within some of the core system files? Since all of these files are signature checked, but how exactly does signature checking work with the Lollipop, I doubt that it would be easy to trick, but maybe some reverse engineering of it? Trick it into thinking that everything is okay even though an exploit is riding alongside a system file.
Click to expand...
Click to collapse
Even if that were possible, it would not help you, since that would require being able to write a file to where the core system files are stored (/system). As for how signature checking works, I think it is enforced by whatever is stored on the /boot partition, but I'm not sure about that. A locked bootloader will not allow flashing modified images to /boot, and there are no known ways to bypass this.

When I get home, I'm going to do some experimenting on attempting to strip down and down grade to KK. I know that it most likely won't work, but I will gain some knowledge about it at least.

TheSt33v said:
Even if that were possible, it would not help you, since that would require being able to write a file to where the core system files are stored (/system). As for how signature checking works, I think it is enforced by whatever is stored on the /boot partition, but I'm not sure about that. A locked bootloader will not allow flashing modified images to /boot, and there are no known ways to bypass this.
Click to expand...
Click to collapse
Yep, the boot partition is what would have to be bypassed or unlocked in order to be able to write to system. That is where all the sig checks are locked in, right in the boot partition.

Well, we had a BL Unlock coming to us in a few days, maybe a week or two. With that, you can flash what you need to attempt to use with sprint possibly, depending on the bands the Turbo has

I've gotten the phone to work to an extent, I'm hoping if the BL unlock happens that it will open up lots of opportunity.

Related

[Q] Heartbleed - Disable Heartbeats in OpenSSL on Android 4.1.1 Rooted

Apparently the ONLY version of Android that is vulnerable to Heartbleed is 4.1.1. I ran a check on my phone, and sure enough I'm running that version, and heartbeats are definitely enabled. I used the Lookout security app to verify this. Is there a way I can patch my system myself and somehow disable the heartbeats feature without having to wait another 3 years for Motorola to come out with a fix? My phone is rooted, but something tells me that OpenSSL probably needs to be essentially recompiled with a flag set to disable heartbeats?
I was hoping there would be a quick config file for OpenSSL that can be modified, but I'm not usually lucky. Based on everything I've seen thus far, a recompile with a flag set is the only way to fix this. Figured i'd give it a shot and ask on here.
I've been thinking about the same thing.
If memory was encrypted that could solve all or part of the problem.
If the Chrome https browser cache were turned off, which I think requires an APK edit there would not be any clear text data in the browser cache.
What do you think?
dosmac said:
Apparently the ONLY version of Android that is vulnerable to Heartbleed is 4.1.1. I ran a check on my phone, and sure enough I'm running that version, and heartbeats are definitely enabled. I used the Lookout security app to verify this. Is there a way I can patch my system myself and somehow disable the heartbeats feature without having to wait another 3 years for Motorola to come out with a fix? My phone is rooted, but something tells me that OpenSSL probably needs to be essentially recompiled with a flag set to disable heartbeats?
I was hoping there would be a quick config file for OpenSSL that can be modified, but I'm not usually lucky. Based on everything I've seen thus far, a recompile with a flag set is the only way to fix this. Figured i'd give it a shot and ask on here.
Click to expand...
Click to collapse
Yep, 4.1.1 is vulnerable to this. 4.1.2 has the no heartbeat fix added in and 4.1.1 took the update that was bugged. That said, we DO have TWO 4.1.2 Stock roms, Mexican Retail and Bell are both 4.1.2 and should have that fix -- needs confirmation. Our Stock ICS roms are all from before this bug was added in and are safe. In reality, only stock, locked AT&T Atrix HD's are vulnerable to this since all the other roms* have this fix.
Normally I'd say something around the lines of give me a few days and I'll look into this more, but I've been busy lately, and when I'm not busy I'm either tired or sore; did some heavy lifting a few weeks ago and my back is still sore from that day.
*Our 4.1.2 roms are untested, but 4.1.2 AOSP has the fix so our 4.1.2 stocks should too
I was just thinking that ther eis no such thing as security. Security is achieved by being harder to exploit than the other computers. Even 3-DES can be cracked with enough computing power.
So encrypting memory and stopping https caching would close two big holes. I'm now wondering what holes would remain to be exploited by the heartbeat exploit on a 4.1.1 device if this were done?
stevep2007 said:
I was just thinking that ther eis no such thing as security. Security is achieved by being harder to exploit than the other computers. Even 3-DES can be cracked with enough computing power.
So encrypting memory and stopping https caching would close two big holes. I'm now wondering what holes would remain to be exploited by the heartbeat exploit on a 4.1.1 device if this were done?
Click to expand...
Click to collapse
If I was on a stock phone running 4.1.1 and I was that worried about heartbleed, I'd unlock the bootloader and install Bell or Mex Retail because both are 4.1.2. I might even be possible to just swap the exploited binaries with the ones in our 4.1.2 roms, that's something someone else worried about this can do. Hell, it might even be possible to run the 4.1.2 roms with safestrap and the AT&T kernel...again, that's a someone else thing...I have no intention of dicking with SSR.
Think about Wifi being hacked....when it first came out a crappy password like 12345678 was good enough because computing power wasn't that good for consumers yet; nowadays, a basic gaming laptop can check 500,000 wpa2 passwords a second, a decent desktop with multiple GPU's can do over a million a second. All wpa2 hacking is sniffing out the verification md5*, then the tools generate passwords and their md5 and compare it against the sniffed out one, eventually you'll find one that matches, especially so if the password sucks. If you know how certain telecoms set up their wifi passwords, you can shorten the amount of time taken by limiting to the characters they use -- for example, AT&T U-Verse** uses 10 digit numeric passwords, so all you'd have to do is limit the tools to use numbers and start with 10 digits....hint: there are only 1 million codes if you use 10 numbers only....10 to the power of 10 and all....
That isn't a wifi hacking tutorial, just an example of how overtime good security unchanged becomes very bad security and how eventually an exploit will be found and security compromised, like how wpa2 for a split second sends out a the verification md5 unencrypted.
*not sure if WPA2 uses md5, but most of us know what md5's are
**last time I read about that service that's what I saw...and I read that a few months ago

[Q] Root and Unroot...

I know it may seem counterproductive to ask about rooting my G2 just to turn around and unroot it, but hear me out first.
My initial G2 developed display issues and Verizon shipped me off a "new" one. After setting up the new device, everything was good except that some of the apps had to be setup again and one huge thing - my Wi-Fi information did not get transferred. Sadly, of the 40 to 50 networks I have saved on my old G2, many of them have passwords that are lost to me and I really want to try to save them.
I know I can root the G2 and get them but if after I send the old G2 back they find it "altered", they will charge me for a new phone. That said, is there a way to get my Wi-Fi information without rooting? I have used 3 different Google accounts and done the factory reset 4 or 5 times in hopes something would help but no dice. Assuming there is nothing that can be done without rooting, what is the least intrusive, just get me access to the system files and unroot so one might not be able to tell it was rooted, method?
Thanks very much in advance.

Flashing OTA issues

So I bought a Nexus 6 on Amazon when they were on sale. I used wugfresh NRT and unlocked it, rooted it (no custom recovery) and then updated the files for tethering. Its activated on Verizon if that matters-
I got an update today, I was running LMY48I and I choose the file to update to LMY48M. I used the NRT and sideloaded it, and after I was done it still shows I have LMY48I, and a few hours later the OTA shows up at in my notifications again.
What am I doing wrong?
caecusscius said:
So I bought a Nexus 6 on Amazon when they were on sale. I used wugfresh NRT and unlocked it, rooted it (no custom recovery) and then updated the files for tethering. Its activated on Verizon if that matters-
I got an update today, I was running LMY48I and I choose the file to update to LMY48M. I used the NRT and sideloaded it, and after I was done it still shows I have LMY48I, and a few hours later the OTA shows up at in my notifications again.
What am I doing wrong?
Click to expand...
Click to collapse
what are you doing wrong? oh, thats an easy one..! you havent done any research into the phone that you are using. i bet you probably used a toolkit to root it as well. anyways, for the 20 billionth time ill repeat it. you can not take an ota if you are not completely, 100% stock. and root is not stock. on top if that, many completely stock nexus 6 cant take updates as well, if any system files have changed.
simms22 said:
what are you doing wrong? oh, thats an easy one..! you havent done any research into the phone that you are using. i bet you probably used a toolkit to root it as well. anyways, for the 20 billionth time ill repeat it. you can not take an ota if you are not completely, 100% stock. and root is not stock. on top if that, many completely stock nexus 6 cant take updates as well, if any system files have changed.
Click to expand...
Click to collapse
Your help is awful, condescending and rude. Maybe its the effect of the internet, but that is how it sounds. I did root using a toolkit- and I used the same toolkit to sideload the OTA. I assumed that I could do that since that is what the 40 threads I read about told me to do. I have a job and a wife and kids, I don't have the time to be a full time developer for my phone just to enjoy it. ALL I needed root for, was to enable tethering- otherwise I'm happy with stock android.
I will take one thing from what you did write and assume that because I edited the build.prop to enable tethering I will not be able to sideload OTA's either? IF I can't, thats fine with me- Can you tell me how to disable the OTAs?
Anyone else know how to read a question and offer an answer without insults?
I did find out how to hide the OTA notification- it was so easy I feel dumb- but not having used a 5.x android before this one I couldn't have known it.
caecusscius said:
Your help is awful, condescending and rude. Maybe its the effect of the internet, but that is how it sounds. I did root using a toolkit- and I used the same toolkit to sideload the OTA. I assumed that I could do that since that is what the 40 threads I read about told me to do. I have a job and a wife and kids, I don't have the time to be a full time developer for my phone just to enjoy it. ALL I needed root for, was to enable tethering- otherwise I'm happy with stock android.
I will take one thing from what you did write and assume that because I edited the build.prop to enable tethering I will not be able to sideload OTA's either? IF I can't, thats fine with me- Can you tell me how to disable the OTAs?
Anyone else know how to read a question and offer an answer without insults?
Click to expand...
Click to collapse
But his answer is 100% correct. If you change any system file cannot OTA. Don't kill the messenger. No OTA with root, Kernel, change build.prop. Or custom recovery. If change any file no OTA.
caecusscius said:
Your help is awful, condescending and rude. Maybe its the effect of the internet, but that is how it sounds. I did root using a toolkit- and I used the same toolkit to sideload the OTA. I assumed that I could do that since that is what the 40 threads I read about told me to do. I have a job and a wife and kids, I don't have the time to be a full time developer for my phone just to enjoy it. ALL I needed root for, was to enable tethering- otherwise I'm happy with stock android.
I will take one thing from what you did write and assume that because I edited the build.prop to enable tethering I will not be able to sideload OTA's either? IF I can't, thats fine with me- Can you tell me how to disable the OTAs?
Anyone else know how to read a question and offer an answer without insults?
Click to expand...
Click to collapse
i apologize, i was a little ruder than i meant to be. but not much, just a little. and i bet that you didnt learn much about the rooting process using the toolkit? anyways, before ever even rooting the phone, you have to do some research about it. or you wouldnt be asking such a basic question. heck, search can a rooted nexus 6 take an ota on google. one search, its all it really needs to take. anyways, it doesnt matter that you have a job, a wife, kids, this applies to everyone, do some research. im not a youngster myself, lol.
Obviously you read only the first sentences of everything I write... its Ok I notice you are from Brooklyn- I can forgive you for not using southern manners that I am accustomed to. I am not trying to take an OTA- I was trying to sideload it using ADB. I know I can't take it normally.
I'm currently downloading the system.img from https://developers.google.com/android/nexus/images
I'm going to try and flash just the system.img and cache.img so I can update to the newest version without going back to stock.
I also found out how to hide the OTA update
caecusscius said:
Your help is awful, condescending and rude. Maybe its the effect of the internet, but that is how it sounds. I did root using a toolkit- and I used the same toolkit to sideload the OTA. I assumed that I could do that since that is what the 40 threads I read about told me to do. I have a job and a wife and kids, I don't have the time to be a full time developer for my phone just to enjoy it. ALL I needed root for, was to enable tethering- otherwise I'm happy with stock android.
I will take one thing from what you did write and assume that because I edited the build.prop to enable tethering I will not be able to sideload OTA's either? IF I can't, thats fine with me- Can you tell me how to disable the OTAs?
Anyone else know how to read a question and offer an answer without insults?
I did find out how to hide the OTA notification- it was so easy I feel dumb- but not having used a 5.x android before this one I couldn't have known it.
Click to expand...
Click to collapse
As someone with a job, a wife and kid and I can assure you, nothing is more frustrating than to do the research after something happened, phone not working while waiting for calls or whatever other inconvenience.
What simms22 tried to convey is "know thy phone".
If you look for how to "root your nexus" you'll see how simple the pRocess is and you might feel better using the tools needed, rather than trusting some obscure tool that could always come with even more payloads.
Simms22 is someone who helped hundreds after they got themselves stuck after using root kits, his frustration I think lies more in the continued pushing of root tool kits for phones that don't need it.
The tone you took personal was directed at the root kits, at them being allowed, as they create just as much problems as they promise to fix.
Know thy Nexus, it's really a great thing.
Sorry if the reply is maybe a little long, must be all this not posting in a while
Daniel
caecusscius said:
Obviously you read only the first sentences of everything I write... its Ok I notice you are from Brooklyn- I can forgive you for not using southern manners that I am accustomed to. I am not trying to take an OTA- I was trying to sideload it using ADB. I know I can't take it normally.
I'm currently downloading the system.img from https://developers.google.com/android/nexus/images
I'm going to try and flash just the system.img and cache.img so I can update to the newest version without going back to stock.
I also found out how to hide the OTA update
Click to expand...
Click to collapse
now see, you made me smile, thank you
btw.. i was born in Ukraine(but Russian). left ehen i was two, came to the states when three, in 1975. lived in and outside cincinnati most my life. moved to Brooklyn 10 years ago
---------- Post added at 11:55 PM ---------- Previous post was at 11:53 PM ----------
morfic said:
As someone with a job, a wife and kid and I can assure you, nothing is more frustrating than to do the research after something happened, phone not working while waiting for calls or whatever other inconvenience.
What simms22 tried to convey is "know thy phone".
If you look for how to "root your nexus" you'll see how simple the pRocess is and you might feel better using the tools needed, rather than trusting some obscure tool that could always come with even more payloads.
Simms22 is someone who helped hundreds after they got themselves stuck after using root kits, his frustration I think lies more in the continued pushing of root tool kits for phones that don't need it.
The tone you took personal was directed at the root kits, at them being allowed, as they create just as much problems as they promise to fix.
Know thy Nexus, it's really a great thing.
Sorry if the reply is maybe a little long, must be all this not posting in a while
Daniel
Click to expand...
Click to collapse
oh, my, god.. its morfic!
Well, Hopefully I didn't mess things up using the toolkit instead of doing it the other ways: I know its not much harder to do it other ways, I'm just pressed for time. A few things about my situation:
I live in the country of Texas where I don't have ANY internet service providers. I have however, an old unlimited data plan from Verizon and a pretty good signal strength that I've boosted with a custom built amplifier (we also have metal roof that blocks a lot of signal otherwise)
I NEED internet so I don't become a savage. My phone tethering the internet is my PRIMARY way of having internet. Its very important that I can tether my unlimited plan...
After flashing the system.img and the radio img it booted back up no problems and I had lost root- I re-rooted it and changed the build.prop to allow tethering.
However- I dun F&*ked up somewhere, because now I can't seem to get LTE and my service is terribad. I'm assuming it was flashing the radios? Maybe because its verizon crap I need to do something else...
This has been a 5 hour ordeal (I watched tv during it all...) but now my phone doesn't quite do what i need it to do.
caecusscius said:
Well, Hopefully I didn't mess things up using the toolkit instead of doing it the other ways: I know its not much harder to do it other ways, I'm just pressed for time. A few things about my situation:
I live in the country of Texas where I don't have ANY internet service providers. I have however, an old unlimited data plan from Verizon and a pretty good signal strength that I've boosted with a custom built amplifier (we also have metal roof that blocks a lot of signal otherwise)
I NEED internet so I don't become a savage. My phone tethering the internet is my PRIMARY way of having internet. Its very important that I can tether my unlimited plan...
After flashing the system.img and the radio img it booted back up no problems and I had lost root- I re-rooted it and changed the build.prop to allow tethering.
However- I dun F&*ked up somewhere, because now I can't seem to get LTE and my service is terribad. I'm assuming it was flashing the radios? Maybe because its verizon crap I need to do something else...
This has been a 5 hour ordeal (I watched tv during it all...) but now my phone doesn't quite do what i need it to do.
Click to expand...
Click to collapse
there are many other nexus 6 radios, you can try sny of them. they will all work. you can try to find which one is best for you.
simms22 said:
there are many other nexus 6 radios, you can try sny of them. they will all work. you can try to find which one is best for you.
Click to expand...
Click to collapse
Link?
caecusscius said:
Link?
Click to expand...
Click to collapse
http://forum.xda-developers.com/nexus-6/general/ref-nexus-6-modem-collection-t2969380
Last night before bed, the phone appeared to be working fine: it was tethering and data was working. This morning I find that I can't call out or receive calls. I tried lots of things to fix this: none worked. Any ideas?
It appears to be stuck hanging up...
caecusscius said:
Last night before bed, the phone appeared to be working fine: it was tethering and data was working. This morning I find that I can't call out or receive calls. I tried lots of things to fix this: none worked. Any ideas?
It appears to be stuck hanging up...
Click to expand...
Click to collapse
have you tried a reboot?
Yes, and I tried a few other things. Right now, I've factory reset the device and I will re-root it and change build.prop I was trying to NOT have to do that. Right now its back to stock and not rooted... but it makes calls and is updated to the 48M build.
I was trying to enable VOLTE and HD calling which appears to be what messed it up probably (although flashing radios might have done it... )
I used the *#*#4636#*#* to check it and it was all sorts of messed up and not connecting to any towers. I'm in my classroom lab and it was making all the speakers go crazy... something was badly messed up
Mine did it last night. I had to wipe dalvik and cache in TWRP to get it back. Has happened occasionally since 5.0. The one I call can hear me. I don't hear them or the phone ringing. Completely dead on my end. VOLTE was disabled in settings.
caecusscius said:
Obviously you read only the first sentences of everything I write... its Ok I notice you are from Brooklyn- I can forgive you for not using southern manners that I am accustomed to. I am not trying to take an OTA- I was trying to sideload it using ADB. I know I can't take it normally.
I'm currently downloading the system.img from https://developers.google.com/android/nexus/images
I'm going to try and flash just the system.img and cache.img so I can update to the newest version without going back to stock.
I also found out how to hide the OTA update
Click to expand...
Click to collapse
You keep referencing that you found how to disable the ota notification - do tell. This would help.
Sent from my Nexus 6 using Tapatalk
voyageurs60 said:
You keep referencing that you found how to disable the ota notification - do tell. This would help.
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
When the notification appears, long press it in your drop down status bar. Then click "app info", then untick the box for " show notifications ".

Downgrading from ZVA to ZV6 and rooting?

I'm recently new to this, just got a sprint G4 and I'm in Canada. It's supposed to be unlocked but it's not totally working, keeps trying to connect to sprint's data so I can only get 3G also can't send MMS. So I thought I'd try updating, see if that worked, it did not. I had updated to Marshmellow and it went askew and I couldn't get data at all then I downgraded to ZV6, fixed it so I could get 3G again then updated again. When ZVA came out I updated to that to see if it'd fix the issue but no luck. It's also very glitchy and bloated and tears through my battery though I've disabled most programs. So I'd love to try rooting or just the sim unlock fix or even ultrapop but I can't for the life of me figure out how to do it.
As I said, I'm new to this and it seems like a lot of great work has gone into it all but it's not exactly simple, as much as I keep bouncing around trying to get a grasp, I simply can't figure out what to do to not destroy my phone. I see that there's the low effort root, but that's for ZV5 which I can't switch to since I'm now on ZVA. I see another person said they figured out how to root ZV6 but there's no simple instructions on how to do that either.
So my questions are,
1. Is it possible to switch from ZVA to ZV6 without damage and
2. is anyone able to provide simple instructions from start to finish on how to do so and then from there to root?
I know I'm not the only one here who's got this or a similar issue and I think many people would appreciate the instructions laid out for beginners. I realize there's more to it than just a simple, do this, do that, such as hitting road blocks and such but these can be figured out. If anyone can do this I'd be happy to donate what I can, as well, it seems like a lot of people want something similar but get too intimidated with all the nomenclature and end up unable to do it. Or maybe it's just me?
Oh, and, thank you to everyone here who's done all the work sorting out this stuff for the rest of us, even if I don't understand all of it, I appreciate how much work goes into it.

Advice on how to recover media files on locked and one rooted stock OnePlus 3T

Hello,
I'm a bit of desperate and I come here to XDA with the hope to find some useful advide. :crying:
I know you probably have read many posts like these, but if you will read mine I hope you will find it different because there are some technical things to be explained (interesting at least for me).
I've lost 99% of my photos and videos taken in July on my phone (64 GB Memory model).
I know I know I should have implemented some sort of backups whatsoever in the cloud or with a home NAS, but unfortunately for me I'm not that kind of guy. The Android built-in backup is also disabled.
What has really happened here I think that probably somehow my daughter has grabbed my phone and has played with it and has deleted about hundreds of photos and videos taken in July. Of her mainly! Never underestimate the damage capabilities of a toddler.
In the meanwhile I've taken lots of photos in August and used a phone a lot and also got the OTA update to Oxygen 4.1.7 / Android 7.1.1
Now I have found that most of July media files are missing!!!!
At the moment there are 25 GB used out of the whole 54 in the Internal Archive Memory as it seen on the Phone Setup.
I have bought DiskDigger Pro for Android but somehow it cannot find the right files all it finds are Whatsapp Images and other files. Does not really find the missing files which I suspect have been somehow deleted.
I think it needs root privileged to dig deeper but I don't understand why, in theory the files should be recoverable on the same partition as the DCIM folder. To my understanding the files should be marked as "deleted" in the same partition as where the DCIM folder is. But there is also this TRIM mechanism on the newer phones flash memories that confuses me.
Q1) Can you please clarify why this and all other media files recovery programs which seem to be a bit serious need root to recover missing media files?
So given as assumption that I need to root, I've read here and there and it seems that sometime ago for OP One that was the possibility to root without unlocking the boot loader. But if I unlock somehow all the data will be wiped. And I fear this will make any further software base recovery method like diskdigger or photorec hopeless even with elevated root privileges.
Q2) Can you confirm that I cannot root without unlocking the bootloader and therefore without wiping the device?
For your information I have also bought tonight a 100 USD root + files recovery package one oneclickroot but the agent promised to refund me after I told her the model of my phone (scary!).
Q3) I know a couple of things in Linux, do you think is it possible without root to create a raw image of the internal phone memory or the proper partitions with a tool such as "dd" ? Then I would process those raw images on a Windows or linux PC with file recovery software.
Q4) Do you think that the wiping caused by the bootloader unlocking will render any possible further diskdigger like solution without hope? Or should I go that way because the wiping is not so deep after all?
I don't know what to think, the fact that the phone is also encrypted makes me fear the worst. Maybe after the wiping it will get re-encrypted over.
Q5) Any advice in general before contacting kroll on track and pay thousands of dollar with the hope to recover?
Thanks a lot for any useful reply! I hope this topic will bring a definitive guide on how to recover files on unrooted oneplus 3t!
I can't answer all your questions here, however I can say with 100% confidence that you cannot root without unlocking bootloader. Some people claim of other methods, but keep away from them.
And there is nothing to be scared of when rooting OnePlus 3T if you follow the correct steps.
Are you sure that your daughter deleted those photos? How can she specifically delete photos taken in July? Do you have Google photos installed?
Aneejian said:
I can't answer all your questions here, however I can say with 100% confidence that you cannot root without unlocking bootloader. Some people claim of other methods, but keep away from them.
And there is nothing to be scared of when rooting OnePlus 3T if you follow the correct steps.
Are you sure that your daughter deleted those photos? How can she specifically delete photos taken in July? Do you have Google photos installed?
Click to expand...
Click to collapse
Thanks for your answer.
I'm not scared of rooting, as I have rooted other phones in the past. I'm ready to spend 1000USD and maybe even more to recover these media files and therefore I'm not really scared of rooting or bricking the device. What really scares me is that by
unlocking bootloader -> wiping -> rooting -> (new encryption of the filesystem ?)
I will render the deleted missing files completely unrecoverable.
I don't have google photos and I'm not 100% sure that my daughter has deleted the files. Maybe I've done a cut & paste which has not worked correctly on the phone as I've only 1 or 2 days of the beginning of July in my external hard drive. But it's more likely that my daughter has played with the gallery application on the phone.
I don't have a lock gesture or pin and my screen can be unlocked just by sliding, however it seems my phone is encrypted.
This encryption I don't know how it works and how it relates with the bootloader unlocking, if someone have more information I would be glad to hear.
And also I've done some more research and it seems impossible to perform a "dd" command of the partitions without first being superuser / root. ;-(
Regards,
Claudio
Did you try connecting your phone to the pc and use the programm recuva?
I managed to restore my files with it once
I can feel your pain of loosing those valuable moments of your daughter. I feel sorry that I can help you much with this.
In future, I suggest you to use Google photos which can automatically backup all your photos for free.
StarShoot97 said:
Did you try connecting your phone to the pc and use the programm recuva?
I managed to restore my files with it once
Click to expand...
Click to collapse
I don't think that recuva can do anything here. I am not allowed to past links here but as explained here
ht*ps://forums.androidcentral.com/ambassador-guides-tips-how-tos/500142-guide-recovering-deleted-files.html
and here
ht*ps://forum.xda-developers.com/galaxy-nexus/general/guide-internal-memory-data-recovery-yes-t1994705
Recuva can't do anything for internal memory.
But thanks for the hint!
Aneejian said:
I can feel your pain of loosing those valuable moments of your daughter. I feel sorry that I can help you much with this.
In future, I suggest you to use Google photos which can automatically backup all your photos for free.
Click to expand...
Click to collapse
One of the most affordable options I'm considering is this:
1) get another oneplus 3t
2) take some pictures and videos on it
3) delete those pictures and videos
4) root it
5) Install diskdigger to check if he can find anything after the wipe
I feel huge pain, my wife is also kindly pushing me. ^^
The problem ought to be that since this phone is force encrypted per default, unlocking the bootloader will destroy the encryption key for the previous installation won't it? Isn't that they point as to avoid anyone accessing your data by simply doing a factory restore and still keep the data in the internal storage. At least that's what I though, else where's the security of someone steals your phone.
Without that, any recovery software will just see rubbish when trying to recovery anything since it's encrypted.
pitrus- said:
The problem ought to be that since this phone is force encrypted per default, unlocking the bootloader will destroy the encryption key for the previous installation won't it? Isn't that they point as to avoid anyone accessing your data by simply doing a factory restore and still keep the data in the internal storage. At least that's what I though, else where's the security of someone steals your phone.
Without that, any recovery software will just see rubbish when trying to recovery anything since it's encrypted.
Click to expand...
Click to collapse
Thanks a lot, eventually some technical info on xda
If I lose my phone someone can use it and read everything because there is no lock, no pin, no gesture nothing. I would try a remote wipe via google android devices or something like that. Life is too short to unlock your phone every time you look at it even if it is via finger print!
This being said I've read year
ht*ps://source.android.com/security/encryption/full-disk
this paragraph among the others is not clear to me
Upon first boot, the device creates a randomly generated 128-bit master key and then hashes it with a default password and stored salt. The default password is: "default_password" However, the resultant hash is also signed through a TEE (such as TrustZone), which uses a hash of the signature to encrypt the master key.
You can find the default password defined in the Android Open Source Project cryptfs.c file.
When the user sets the PIN/pass or password on the device, only the 128-bit key is re-encrypted and stored. (ie. user PIN/pass/pattern changes do NOT cause re-encryption of userdata.) Note that managed device may be subject to PIN, pattern, or password restrictions.
Does this paragraph give me hope or not?
Thanks a lot for your interest! Sleepless nights go on here.
lallissimo said:
I know I know I should have implemented some sort of backups whatsoever in the cloud or with a home NAS, but unfortunately for me I'm not that kind of guy.
Click to expand...
Click to collapse
This is a really weak excuse. If the photos were that valuable to you, you should have been backing them up. There really is no excuse. Backup options are available that are effective, free, and require hardly any action on your part (aside form the initial setup - you've done more by disabling the default backup options).
Recovering deleted data is always a hit-or-miss proposition, at best. The longer you have the phone on, the higher the chance those memory sectors will be over-written. May have already happened.
---------- Post added at 10:53 AM ---------- Previous post was at 10:46 AM ----------
lallissimo said:
I'm not really scared of rooting or bricking the device. What really scares me is that by
unlocking bootloader -> wiping -> rooting -> (new encryption of the filesystem ?)
I will render the deleted missing files completely unrecoverable.
I don't have a lock gesture or pin and my screen can be unlocked just by sliding, however it seems my phone is encrypted.
This encryption I don't know how it works and how it relates with the bootloader unlocking, if someone have more information I would be glad to hear.
Click to expand...
Click to collapse
It doesn't matter. Unlocking the bootloader wipes all data on the phone by definition, regardless of whether it is encrypted or not. At least that is how it worked on previous Android devices I've owned, that did not have encryption by default. So I'd be willing to bet the same is try on the 3T.
lallissimo said:
I'm not 100% sure that my daughter has deleted the files. Maybe I've done a cut & paste which has not worked correctly on the phone as I've only 1 or 2 days of the beginning of July in my external hard drive. But it's more likely that my daughter has played with the gallery application on the phone.
Click to expand...
Click to collapse
I find it a little unlikely your daughter deleted all the photos. I don't see an easy way she could have done that to hundreds of photos, without an improbable number of screen taps. I'd use a good file explorer, and just keep digging. They might just be moved somewhere odd.
redpoint73 said:
This is a really weak excuse. If the photos were that valuable to you, you should have been backing them up. There really is no excuse. Backup options are available that are effective, free, and require hardly any action on your part (aside form the initial setup - you've done more by disabling the default backup options).
Recovering deleted data is always a hit-or-miss proposition, at best. The longer you have the phone on, the higher the chance those memory sectors will be over-written. May have already happened.
Click to expand...
Click to collapse
Thank you for the interest in my thread I really appreciate it.
I know a things or two about backups and I see your point. There is an ancient Chinese proverb saying something like this: Backup is that thing that should have done before.
However, being on xda I'd like to keep the discussion on a technical level if possible.
If you have any information or links on the way the internal memory is managed at physical level I'd like to discuss about it. As far as I know in order to extend the duration of this solid state memories the system makes his best to write on the blocks the least possible. I don't think I have already overwritten all the blocks of the internal memory. We'll see.
It doesn't matter. Unlocking the bootloader wipes all data on the phone by definition, regardless of whether it is encrypted or not. At least that is how it worked on previous Android devices I've owned, that did not have encryption by default. So I'd be willing to bet the same is try on the 3T.
Click to expand...
Click to collapse
I'm almost sure that the wiping does not scrape the memory with all 0 and 1. That would take really a lot of time and also that would reduce the duration of the memory.
Take a look here for example
h*tps://www.krollontrack.co.uk/blog//top-tips/what-you-need-to-know-about-androids-factory-reset-function/
so my real enemy here is encryption.
I find it a little unlikely your daughter deleted all the photos. I don't see an easy way she could have done that to hundreds of photos, without an improbable number of screen taps. I'd use a good file explorer, and just keep digging. They might just be moved somewhere odd.
Click to expand...
Click to collapse
You could be right, still I need to be root to dig deeper.
lallissimo said:
I'm almost sure that the wiping does not scrape the memory with all 0 and 1. That would take really a lot of time and also that would reduce the duration of the memory.
Take a look here for example
h*tps://www.krollontrack.co.uk/blog//top-tips/what-you-need-to-know-about-androids-factory-reset-function/
so my real enemy here is encryption.
Click to expand...
Click to collapse
This is just wishful thinking. That article sounds really paranoid to me. Whatever method the system is using to "scramble" the data is going to put it out of the realm of the cheap, consumer data retrieval tools (as you've pretty much already experienced). The article states:
A recovery is possible by looking at the data structures from a low-level and using specialist tools to recreate the data into a useable format
We aren't talking about free or $5 Android apps here. We're probably talking about specialist software that costs thousands of dollars. Yes, technically data is almost always retrievable. Law enforcement has tools that can retrieve "ghost" data images even after being overwritten multiple times. But such tools are feasible for consumers from a cost/benefit standpoint.
redpoint73 said:
This is a really weak excuse. If the photos were that valuable to you, you should have been backing them up. There really is no excuse. Backup options are available that are effective, free, and require hardly any action on your part (aside form the initial setup - you've done more by disabling the default backup options).
Recovering deleted data is always a hit-or-miss proposition, at best. The longer you have the phone on, the higher the chance those memory sectors will be over-written. May have already happened.
---------- Post added at 10:53 AM ---------- Previous post was at 10:46 AM ----------
It doesn't matter. Unlocking the bootloader wipes all data on the phone by definition, regardless of whether it is encrypted or not. At least that is how it worked on previous Android devices I've owned, that did not have encryption by default. So I'd be willing to bet the same is try on the 3T.
I find it a little unlikely your daughter deleted all the photos. I don't see an easy way she could have done that to hundreds of photos, without an improbable number of screen taps. I'd use a good file explorer, and just keep digging. They might just be moved somewhere odd.
Click to expand...
Click to collapse
redpoint73 said:
This is just wishful thinking. That article sounds really paranoid to me. Whatever method the system is using to "scramble" the data is going to put it out of the realm of the cheap, consumer data retrieval tools (as you've pretty much already experienced). The article states:
A recovery is possible by looking at the data structures from a low-level and using specialist tools to recreate the data into a useable format
We aren't talking about free or $5 Android apps here. We're probably talking about specialist software that costs thousands of dollars. Yes, technically data is almost always retrievable. Law enforcement has tools that can retrieve "ghost" data images even after being overwritten multiple times. But such tools are feasible for consumers from a cost/benefit standpoint.
Click to expand...
Click to collapse
If someone has more technical information about the encryption part I'll gladly look at it.
As far as wiping is concerned I have given a quick look at the source code, so for example here:
https://www.pentestpartners.com/sec...ta-from-wiped-android-devices-a-how-to-guide/
and if this is still what's inside my android phone I'm sure that mkfs.ext4 is nothing to fear when you need to recover data.
Problem for me is encryption, but yest I'm considering expensive solutions too. Just for the sake of the technical satisfaction, of course.

Categories

Resources