I have serious doubts about the so called "proof of root" youtube video for 4.4.4 N900V, so I've decided to start a research related thread so we don't have to rely on someone who will probably give everyones hopes up. Since N900V NJ4 4.4.4 is the oldest flashable version on those of us stuck on 4.4.4 or 5.0, I will be focusing on that build. Here are a few exploits I've found so far which may definitely lead to a root exploit for everyone who is patiently waiting for root access (including me):
1) Android sensord Local Root Exploit - says tested on LG L7, but may also apply to N900V (unconfirmed)
2) Linux Kernel < 3.4.5 - Local Root Exploit (ARM - Android 4.2.2 / 4.4) - N900V NJ6 has kernel version 3.4.0, so this exploit may be a viable option
3) Nexus 5 Android 5.0 - Local Root Exploit - May also apply to other devices as it relies an selinux flaw
Here is a very interesting page I found about ABOOT, and details of the Android boot process: http://newandroidbook.com/Articles/aboot.html
We should also look into possibly using Loki for the note 3: https://github.com/djrbliss/loki
Here is an excellent site which lists all know Android root vulnerabilities categorized by Android software version: http://androidvulnerabilities.org/by/version/
UPDATE: I have some really good news which I came across which applies to N900V NJ6 (build KTU84P):
http://www.androidpolice.com/2014/06/19/google-rolling-out-android-4-4-4-update-ktu84p-with-a-security-fix-factory-imagesbinaries-up-for-nexus-devices/
According to the above, the vulnerability which towelroot exploits was in fact not patched in build KTU84P.
I'm going to compile towelroot and add the N900V to the supported device list, and theoretically it should provide root.
Here are some ideas I'm investigating for achieving root on NJ6:
1) Inject su and SuperUser.apk into the sparse ext4 format system.img.ext4 from the odin package
2) If someone has a rooted N900V and is on 4.4.4 NJ6 firmware, please do a raw dump of your full system partition, and post it. I may be able to convert to a pre-rooted odin package
3) Find unused executable from system.img.ext4 (in sparse format), find the offset of the unused executable in the sparse image, and directly replace the binary data of the executable with the binary data of su (replaced e2fsck with su executable (zero padded to match size of e2fsck), haven't been able to successfully flash with ODIN yet, still investigating what aboot checks that is causing it to fail)
4) NJ6 is running Kernel version 3.4.0, I'm sure there are quite a few Linux exploits which work on Kernel version 3.4.0 and lower.
This is successfully exploiting a vulnerability and is rebooting my note 3 (not installing su yet, haven't had time to fully research how this root exploit works:
https://github.com/retme7/CVE-2014-7911_poc/
I've attached the prebuilt apk for this vulnerability. I'm getting activity on logcat, just don't have time to look into it fully until I get off of work.
i downgraded from of1 to nk1
i also tried going from of1 directly to nj6.
just tick on nand erase in odin
scottgl9 said:
This is successfully exploiting a vulnerability and is rebooting my note 3 (not installing su yet, haven't had time to fully research how this root exploit works:
https://github.com/retme7/CVE-2014-7911_poc/
I've attached the prebuilt apk for this vulnerability. I'm getting activity on logcat, just don't have time to look into it fully until I get off of work.
Click to expand...
Click to collapse
go on bro, we believe in you !
sorry for annoy you guys, but I don't get it, this xploid is for get just root, or for unlock the boot loader (at least??)
SLver said:
sorry for annoy you guys, but I don't get it, this xploid is for get just root, or for unlock the boot loader (at least??)
Click to expand...
Click to collapse
we need root to be able to unlock bootloader
Hello, everyone.
Even after flashing stock ROM with kdz your L90 may still display ROOTED in download mode or in the RCT test (open Telephone app and type 3845#*XXX# where XXX is your phone model, 410 for instance if you have a D410hn). The fix is relatively simple:
1. While still rooted, use a file manager with root access and navigate to /persist folder, then backup to a safe place (just in case you need them later) and delete these two files:
rct
rct.cfg
2. Reboot to recovery and do a full wipe: caches, data and system. It's important because maybe some files that trigger the rooted flag may be in /data/local/tmp, for instance;
3. Reboot to Download Mode (bootloader) and follow this tutorial to flash stock kdz:
http://forum.xda-developers.com/lg-l90/general/guide-flash-stock-kdz-offline-lg-l90-t2803479
Before flashing kdz you shouldn't already see any ROOTED on screen, and after booting to stock the RCT tool should not display that your device is rooted anymore.
PS: I am not sure if deleting these two files will break anything, I have just did these steps and my device doesn't show ROOTED anymore. Ideally, you should backup /persist before rooting (I don't think it's possible anyway, at least not on Lollipop), or at least backup them just after rooting, so you can replace the files as explained is the treads bellow.
Credits
@Drachenminister - http://forum.xda-developers.com/showthread.php?t=2700992
@AriHell - http://forum.xda-developers.com/lg-g3/general/tot-reset-rct-root-check-tool-t2853627
@k0nane - http://forum.xda-developers.com/showthread.php?p=41136026#post41136026
My titan Moto G 2014 (XT1068) causes problems because it has neither WiFi nor radio. Somehow I must have messed up the /persist folder because it is just empty. Any custom ROM I flash stays in the boot logo for ever, regardless if I install AEX or LineageOs (14, 15.0 or 15.1)
Therefore I returned to stock 6.0 which seems to be more "forgiving". I still don't have WiFi or radio, but at least the system comes up and can be used without any wireless connections.
I managed to get WiFi working but this doesn't survive a reboot. After a reboot the WiFi is gone again. These are the steps I made:
- installed stock firmware
- installed TWRP 3.2.1.0 using `fastboot flash recovery twrp-3.2.1.0.img`
- installed a current SuperSU
- ran `adb shell`
- executed `su`
- want to my external MicroSD card to which I copied the .bin file before: `cd /mnt/media_rw/43E3-332A/Titan/current`
- remounted / read write: `mount -o rw,remount -t yaffs2 /`
- copied the bin file: `cp *.bin /persist`
After these steps I was able to enable WiFi in the settings, but this change is gone after I reboot. How can I persist these changes ?
I have a second XT1068 at hand, I thought about copying the persist mblk from that one, similar what Q13 describes in the FAQ:
https://forum.xda-developers.com/moto-g-2014/help/wip-frequently-questions-moto-g-2nd-gen-t2875723
Is this a good idea or will this cause even more problems ?
Hello everybody!
The latest firmware version NASH_SPRINT_8.0.0_OCXS27.109_48_17.
Download links: https://mega.nz/#!j1dmgKgZ!KVrCg9k5cEaLxeS05kOnrVqT6yYRmLOZfeyA32AtCTE
I present to your attention the factory firmware NASH_SPRINT_OCX27.109-48_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml for the Moto Z2 Force XT1789-03 Sprint with the executive bat file for installation.
Download links:
Factory Image https://mega.nz/#!X0FGhDxL!tsO6r3Pxa7tEVWU8Iss8fQ5gLnI9KjyPLkEpA_bz1uM
.bat https://mega.nz/#!KsMQWRKZ!O-uyGz5mUSAoLz-esS6cgbVPqnMuIzrBgsbqnisl1MM
Good luck to all! :highfive:
I have nogout sprint version..its a kit device
can kit device can be upgraded to oreo ? plz guide .. will I be have any problem with oreo update?
mshadabalam said:
its a kit device
Click to expand...
Click to collapse
What means kit device? This is the factory firmware for Moto Z2 Force XT1789-03 Sprint. If the phone is Sprint, then naturally you can safely install this firmware.
ilia3367 said:
What means kit device? This is the factory firmware for Moto Z2 Force XT1789-03 Sprint. If the phone is Sprint, then naturally you can safely install this firmware.
Click to expand...
Click to collapse
Is this compatible with this version in the SS? Or do you have the version that would work or could you point me in the right direction? Tia
ilia3367 said:
Hello everybody! I present to your attention the factory firmware NASH_SPRINT_OCX27.109-48_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml for the Moto Z2 Force XT1789-03 Sprint with the executive bat file for installation.
Download links:
Factory Image https://mega.nz/#!X0FGhDxL!tsO6r3Pxa7tEVWU8Iss8fQ5gLnI9KjyPLkEpA_bz1uM
.bat https://mega.nz/#!KsMQWRKZ!O-uyGz5mUSAoLz-esS6cgbVPqnMuIzrBgsbqnisl1MM
Good luck to all! :highfive:
Click to expand...
Click to collapse
Can you provide files needed for z2 force sprint conversion to dual sim ???
zeeshan.siddique4779 said:
Can you provide files needed for z2 force sprint conversion to dual sim ???
Click to expand...
Click to collapse
I did not do Dual SIM cards on Android Oreo. It's left from Android 7.
ilia3367 said:
I did not do Dual SIM cards on Android Oreo. It's left from Android 7.
Click to expand...
Click to collapse
i have done dual sim on 7.1.1 can you now help how to upgrade to 8.0 without loosing dual sim mod
zeeshan.siddique4779 said:
i have done dual sim on 7.1.1 can you now help how to upgrade to 8.0 without loosing dual sim mod
Click to expand...
Click to collapse
Dual SIM still you will have even after upgrading to Oreo.
ilia3367 said:
Dual SIM still you will have even after upgrading to Oreo.
Click to expand...
Click to collapse
I dont think so , when i will flash oreo rom it will flash orignal sprit modem files then it will again become single sim as per my knowledge . But i am not sure what lines to skip from flash script to flash oreo .
zeeshan.siddique4779 You don't need to skip anything when flashing. The firmware will not affect these sections of the system.
At least I had that when using this method to activate Dual SIM mode http://4pda.ru/forum/index.php?showtopic=885689&view=findpost&p=69776735
ilia3367 said:
zeeshan.siddique4779 You don't need to skip anything when flashing. The firmware will not affect these sections of the system.
At least I had that when using this method to activate Dual SIM mode http://4pda.ru/forum/index.php?showtopic=885689&view=findpost&p=69776735
Click to expand...
Click to collapse
Can you upload the "dualsim.zip"
devilyuan said:
Can you upload the "dualsim.zip"
Click to expand...
Click to collapse
No problem, you're welcome! https://mega.nz/#!KpUx1YoY!iJidPmXBJUMe9xvZ0-qQoeDYl_QMYsC1AEOFrC9wEXA
ilia3367 said:
No problem, you're welcome! https://mega.nz/#!KpUx1YoY!iJidPmXBJUMe9xvZ0-qQoeDYl_QMYsC1AEOFrC9wEXA
Click to expand...
Click to collapse
Thank you very much!
ilia3367 said:
zeeshan.siddique4779 You don't need to skip anything when flashing. The firmware will not affect these sections of the system.
At least I had that when using this method to activate Dual SIM mode http://4pda.ru/forum/index.php?showtopic=885689&view=findpost&p=69776735
Click to expand...
Click to collapse
I wish I could know Russian. Any instructions in English? Thanks!
TopGun2000 said:
I wish I could know Russian. Any instructions in English? Thanks!
Click to expand...
Click to collapse
This technique is designed to activate the Dual SIM mode for Sprint phones. IMEI SIM 2 = 0 As a basis for the preparation of the tool of this method was taken instructions from a third-party forum, written by wizardik For which he thank you in particular!
Perhaps it will suit T-Mobile phones. Owners of this modification of the phone, wishing to apply this method, write in a personal.
I apologize in advance that this method has turned out not so concise and fast, but in principle there is nothing complicated in it. To begin with, carefully and thoughtfully read the sequence of actions.
Be careful! For your mistakes you answer yourself.
Attention! If you want to upgrade to Android 8.0, be sure to restore the backup partition of the hw partition first.
#
Prerequisites
This method is designed for firmware on Android 7.1.1 . On the phone, the bootloader must be unlocked and the custom recovery TWRP installed, Root rights received.
#
Installation
1. Download the attached archive Attached fileDual_SIM.zip (46,52 MB)
and copy from it to the phone:
- Utility folder to the root of external or internal memory;
- folder 2018-01-29--00-00-00 in the folder where you have backup TWRP.
2. We reboot the phone in the boot loader mode, and from it into TWRP.
3. Create a full backup (Backup); all sections of the system!
4. Go to the Installation tab , navigate the explorer to the Utility folder . In the lower right corner, click the Install Img button and select the image TWRP_3.2.0_DS.img In the window that opens, select the partition to flash the image -Boot and execute the svayp for the firmware.
5. After the firmware is finished, go to the Main Menu -> Restart and reboot again in the Recovery .
6. Select the Backup tab, and select only one hw section . Save this backup to your computer. If something goes wrong, you can always restore and work the connection, and IMEI.
7. Next, select the Restore tab, select the copied backup 2018-01-29--00-00-00 , the partition for the recovery of hw and perform the recovery copy.
8. Again go to the Installation tab, navigate the Explorer to the Utility folder . In the lower right corner, click the Install Img button and select the image TWRP_3.2.img In the window that opens, select the partition for flashing the image - Boot and execute the svayp for the firmware.
9. When the firmware is finished, go to the Main Menu -> Restart and reboot again in the Recovery .
10. Select the Restore tab , select the backup you created , all partitions, and perform the recovery copy.
11. After the restore is complete, we reboot into the system.
#
Screenshots
Decreased by 81%
Attached Image
1440 x 2560 (111.21 KB)
Decreased by 81%
Attached Image
1440 x 2560 (163.55 KB)
Decreased by 81%
Attached Image
1440 x 2560 (154.84 KB)
Decreased by 81%
Attached Image
1440 x 2560 (127.4 KB)
ilia3367 said:
zeeshan.siddique4779 You don't need to skip anything when flashing. The firmware will not affect these sections of the system.
At least I had that when using this method to activate Dual SIM mode http://4pda.ru/forum/index.php?showtopic=885689&view=findpost&p=69776735
Click to expand...
Click to collapse
Hello i dont have account of 4pda , the link you sent above have a file in its attachment can you give me link from mega or google drive ?
---------- Post added at 07:16 PM ---------- Previous post was at 07:08 PM ----------
ilia3367 said:
No problem, you're welcome! https://mega.nz/#!KpUx1YoY!iJidPmXBJUMe9xvZ0-qQoeDYl_QMYsC1AEOFrC9wEXA
Click to expand...
Click to collapse
Thank you very much .
doctorman said:
This technique is designed to activate the Dual SIM mode for Sprint phones. IMEI SIM 2 = 0 As a basis for the preparation of the tool of this method was taken instructions from a third-party forum, written by wizardik For which he thank you in particular!
Perhaps it will suit T-Mobile phones. Owners of this modification of the phone, wishing to apply this method, write in a personal.
I apologize in advance that this method has turned out not so concise and fast, but in principle there is nothing complicated in it. To begin with, carefully and thoughtfully read the sequence of actions.
Be careful! For your mistakes you answer yourself.
Attention! If you want to upgrade to Android 8.0, be sure to restore the backup partition of the hw partition first.
#
Prerequisites
This method is designed for firmware on Android 7.1.1 . On the phone, the bootloader must be unlocked and the custom recovery TWRP installed, Root rights received.
#
Installation
1. Download the attached archive Attached fileDual_SIM.zip (46,52 MB)
and copy from it to the phone:
- Utility folder to the root of external or internal memory;
- folder 2018-01-29--00-00-00 in the folder where you have backup TWRP.
2. We reboot the phone in the boot loader mode, and from it into TWRP.
3. Create a full backup (Backup); all sections of the system!
4. Go to the Installation tab , navigate the explorer to the Utility folder . In the lower right corner, click the Install Img button and select the image TWRP_3.2.0_DS.img In the window that opens, select the partition to flash the image -Boot and execute the svayp for the firmware.
5. After the firmware is finished, go to the Main Menu -> Restart and reboot again in the Recovery .
6. Select the Backup tab, and select only one hw section . Save this backup to your computer. If something goes wrong, you can always restore and work the connection, and IMEI.
7. Next, select the Restore tab, select the copied backup 2018-01-29--00-00-00 , the partition for the recovery of hw and perform the recovery copy.
8. Again go to the Installation tab, navigate the Explorer to the Utility folder . In the lower right corner, click the Install Img button and select the image TWRP_3.2.img In the window that opens, select the partition for flashing the image - Boot and execute the svayp for the firmware.
9. When the firmware is finished, go to the Main Menu -> Restart and reboot again in the Recovery .
10. Select the Restore tab , select the backup you created , all partitions, and perform the recovery copy.
11. After the restore is complete, we reboot into the system.
#
Screenshots
Decreased by 81%
Attached Image
1440 x 2560 (111.21 KB)
Decreased by 81%
Attached Image
1440 x 2560 (163.55 KB)
Decreased by 81%
Attached Image
1440 x 2560 (154.84 KB)
Decreased by 81%
Attached Image
1440 x 2560 (127.4 KB)
Click to expand...
Click to collapse
Appreciated it.
Phone is 100% Sprint but its unlocked to use other network.
ilia3367 said:
What means kit device? This is the factory firmware for Moto Z2 Force XT1789-03 Sprint. If the phone is Sprint, then naturally you can safely install this firmware.
Click to expand...
Click to collapse
.
I live in Pakistan and i am using sprint moto z2 force which is unlocked for other network like Telenor, Mobilink, Zong etc .. So my question is, if i upgrade my mobile to oreo, will other network work? and which version is better? oreo 8.0 from stock or oreo 8.1 form lineage ?
mshadabalam said:
.
I live in Pakistan and i am using sprint moto z2 force which is unlocked for other network like Telenor, Mobilink, Zong etc .. So my question is, if i upgrade my mobile to oreo, will other network work? and which version is better? oreo 8.0 from stock or oreo 8.1 form lineage ?
Click to expand...
Click to collapse
hey I think it works because I flashed many motorola 2017 to 2018 sprint models and not having any issues with relocking the network.
if you have doubt about network issues so try to flashing it without non-hlos,fsg, erasing modemst1 and modemst2 leave those partitions and flash other all partitions.
Sorry for my ignorance but i have a question. What would happend if i install this update in my at&t moto z2 force? It would work?