I came across a mention of two vulnerabilities in Oneplus 3 bootloader (https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/) which are said to have been patched in OS4.0.2 (partly) and 4.0.3 (fully).
However, I am wondering if it may be possible to:
* Downgrade to a version below OS4.0.2 (..but I can't seem to find OS4.0.1 on the official download site).
* Prepare a system image which is rooted
* Flash the modified system image
...to get a rooted system without having to unlock the bootloader.
If this works, then I think this would be a much better solution than keeping the bootloader unlocked if the user prefers to have a rooted system or a custom rom.
Has anyone tried it or has the time / patience to try it? I'll probably have a go at it next week when I have some spare time but thought I'll check with the community if someone has tried it already.
rk2612 said:
I came across a mention of two vulnerabilities in Oneplus 3 bootloader (https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/) which are said to have been patched in OS4.0.2 (partly) and 4.0.3 (fully).
However, I am wondering if it may be possible to:
* Downgrade to a version below OS4.0.2 (..but I can't seem to find OS4.0.1 on the official download site).
* Prepare a system image which is rooted
* Flash the modified system image
...to get a rooted system without having to unlock the bootloader.
If this works, then I think this would be a much better solution than keeping the bootloader unlocked if the user prefers to have a rooted system or a custom rom.
Has anyone tried it or has the time / patience to try it? I'll probably have a go at it next week when I have some spare time but thought I'll check with the community if someone has tried it already.
Click to expand...
Click to collapse
The best is to have a bootloader without any vulnerability. Unlocked or not. If you flash a rooted system image without unlocking bootloader as the system is modified you could have big issues potentially if you brick your phone, and you would have to dig in low level tools or rma to fix it. Not worth.
There are already many posts from people not able to read simple instructions, not a good idea to open another Pandora box.
And this is not the place to post questions, it's a development thread.
rk2612 said:
I came across a mention of two vulnerabilities in Oneplus 3 bootloader (https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/) which are said to have been patched in OS4.0.2 (partly) and 4.0.3 (fully).
However, I am wondering if it may be possible to:
* Downgrade to a version below OS4.0.2 (..but I can't seem to find OS4.0.1 on the official download site).
* Prepare a system image which is rooted
* Flash the modified system image
...to get a rooted system without having to unlock the bootloader.
If this works, then I think this would be a much better solution than keeping the bootloader unlocked if the user prefers to have a rooted system or a custom rom.
Has anyone tried it or has the time / patience to try it? I'll probably have a go at it next week when I have some spare time but thought I'll check with the community if someone has tried it already.
Click to expand...
Click to collapse
Accidentally I saw this topic, yes its possible. You can see it here OP3 - root & locked bootloader it's my video and it's not a channel
I'm sorry that there is no one-minded people)))
Somethink like this)))
and yes I installed a different version
can add a lot of screenshots
Related
Looking for an Orange branded RAZR i to get the firmware off of. Will require root and having some time to team viewer session.
How to tell if you are Orange branded:
In Settings > About Phone the System Version will look something like this, but the numbers may be off.
81.4.38001.XT890.Orange.en.GB
The important part is the XT890.Orange.en.GB.
Give me a ring at my gtalk ([email protected]) or PM me if you got one and willing to help get the firmware off of it.
Cheers
Dear sir,
Thk for your great work & ask ;
1) After unlock bootloader & flash root kernel & flash back official kernel,will it still root ?
2) Will root allow to update ?
3)Will subsequent update to Jelly Bean have to re-unlock & re root again ?
4)How to replace whole rom with this big size 81.5.38002.Retail.en.GB,fastboot command ?
5) Any place can i get CWM with update kernel or new rom,backup?
Have a good day.Bye.Daniel
mattlgroff said:
Looking for an Orange branded RAZR i to get the firmware off of. Will require root and having some time to team viewer session.
How to tell if you are Orange branded:
In Settings > About Phone the System Version will look something like this, but the numbers may be off.
81.4.38001.XT890.Orange.en.GB
The important part is the XT890.Orange.en.GB.
Give me a ring at my gtalk ([email protected]) or PM me if you got one and willing to help get the firmware off of it.
Cheers
Click to expand...
Click to collapse
I got mine on Orange/EE but from Phones4U.
So its actually XT890.Retail.en.GB
But if theres any other ways I can help in development please say
Daniel 9999 said:
Dear sir,
Thk for your great work & ask ;
1) After unlock bootloader & flash root kernel & flash back official kernel,will it still root ? The root tool I does flashes the insecure, which allows remounting /system/. When this is done the root files are pushed to the phone and set for permissions. Then, not needing the insecured kernel anymore and keeping OTA updates intact, we flash back the secured kernel. So yes, you will still be rooted.
2) Will root allow to update ? Since you flash back the stock kernel, it won't affect root.
3)Will subsequent update to Jelly Bean have to re-unlock & re root again ? Unlock a permanent. We will have to re-root since it seems we cannot use OTA Rootkeeper and similar apps. Not a big deal though.
4)How to replace whole rom with this big size 81.5.38002.Retail.en.GB,fastboot command ? My firmware changer already includes and uses the newer fastboot that does 100MB parts required. (Thanks to P3Droid and aosp.us for that).
5) Any place can i get CWM with update kernel or new rom,backup? No CWM yet.
Have a good day.Bye.Daniel
Click to expand...
Click to collapse
Kind of off topic, but ok....
Hi all,
I am having issues with my Bluetooth and GSM. I am considering trying to downgrade from OOS 4.1.3 to 4.1.1. I am completely stock, not rooted and don't even have TWRP.
Would appreciate some clarification to the following questions:
1) Can I downgrade by just flashing the official full 4.1.1 zip found in OP website?
2) Should I only flash the modem zip? And if so, can I use 4.1.1 modem while having 4.1.3 installed?
3) Since 4.1.1 already has nougat 7.1.1, is 1) also safe for further downgrades, for example, directly to 4.0.4?
Thanks.
Best regards,
Oldiamond
If your bootloader is locked, you can't downgrade (unless you exploit the security vulnerability from a few weeks back).
If your bootloader is unlocked, use TWRP or fastboot to clean flash whatever version of OOS you want.
You should consider flashing the latest open beta release, I think it's already fixed over there plus there are some Extra goodies and its stable as ****
Anova's Origin said:
If your bootloader is locked, you can't downgrade (unless you exploit the security vulnerability from a few weeks back).
If your bootloader is unlocked, use TWRP or fastboot to clean flash whatever version of OOS you want.
Click to expand...
Click to collapse
Pharrax said:
You should consider flashing the latest open beta release, I think it's already fixed over there plus there are some Extra goodies and its stable as ****
Click to expand...
Click to collapse
Thanks to both. I am this close to send it back to RMA, as I did not install anything other than 4.1.3, and didn't even unroot it. I don't know... perhaps by sending it back without ever installing TWRP or unlocking anything would provide more feedback to the manufacturer, other than saying "damn guy, started fiddling with the phone and ROMs, and here's the result".
Regarding the beta, I initially considered avoiding it because i read in the forums about issues such as sometimes alarms not ringing. I figure that my boss wouldn't like that
Going back from BETA to regular version also requires TWRP?
Best regards,
Old
oldiamond said:
Thanks to both. I am this close to send it back to RMA, as I did not install anything other than 4.1.3, and didn't even unroot it. I don't know... perhaps by sending it back without ever installing TWRP or unlocking anything would provide more feedback to the manufacturer, other than saying "damn guy, started fiddling with the phone and ROMs, and here's the result".
Regarding the beta, I initially considered avoiding it because i read in the forums about issues such as sometimes alarms not ringing. I figure that my boss wouldn't like that
Going back from BETA to regular version also requires TWRP?
Best regards,
Old
Click to expand...
Click to collapse
Alarm issues were fixed, also it never happened to me I and I've been on beta a long time i think on the official page there are the steps to switch between stable and beta. I don't think it requires twrp but don't take my word for it.
Don't you hate it when you flash something and it puts you in an unrecoverable state?
Does it aggravate you to no end when you flash something and then all you can do is go into bootloader and nothing else?
Well, have no fear Motorola Z2 Force users! Your issues will be resolved!
Reasons for using this method:
If you haphazardly flashed a ROM, and now can't boot.
If you tried flashing an audio mod and have issues getting things to work.
If you accidentally (or purposefully) deleted a file and now can't OTA.
Anything else that you can do to soft brick your device.
This zip will fix that and put you back to stock.
You then can update.
If you rooted and cannot update but want the update, this will make your phone clean to accept updates again.
Now, to the meat of this thread. In post two, there is flash all zips for each patch version and instructions on what to do. This does need an unlocked bootloader.
Credits:
Motorola Firmware Team for the zips
Great, So you've read why you might have borked your phone!
Now, let's get it fixed! Below is the link to the only flashall bat file I currently have. This is a simple process to do. There are some requirements though.
Requirements:
Correct drivers (ADB and fastboot is included in the utilities zip if you don't have minimal adb and fastboot installed, or don't have the SDK.)
Over 4GB of RAM.
How to fix your phone:
Download the Utilities zip
Extract the zip to it's own folder
Download the flash all for your device from the options below.
Extract the flash all zip into the same folder as the Utilities.
Run the Flashall.bat file
Watch windows command prompt put your phone back to stock!
This process can take up to 10-15 minutes depending on USB connection and your PC
Disclaimer: I did not personally test the zips below besides the Sprint and T-Mobile ones. These are the official Firmware links from the Motorola Firmware Team. My only contribution is this thread and the utilities zip.
Disclaimer 2: it is never suggested to flash a zip not intended for your device/major patch version. If you're on Oreo, DO NOT FLASH NOUGAT. (I flashed T-Mobile to my Sprint phone for testing purposes and so I can tell you what it does. I lost all sim functionality and had to do some wonky stuff to get my phone back to working shape... Word of advise: don't do it.)
Disclaimer 3: if you have minimal adb and fastboot or the Android SDK, please be sure you update to the latest fastboot. The exe files included in the zip are for those who don't have a development environment set up.
Downloads:
Flash All Utilities
AT&T Oreo Flash All
Sprint Oreo Flash All
T-Mobile Flash All (Not official download link, but official files, See here)
USC (check version) Flash All
Verizon Flash All
NOTE: yes, it's in the Z2 play folder. Motorola Firmware Team did not make another folder for our device. Check the file name. It has "Nash" specifying the Z2 force. If you ask why it's in the Play folder, I will not respond.
If you have any other official links, I will add to second post and give proper credits to who found the zip. Only perm links like the AFH ones I posted.
Uzephi said:
First: The Sprint variant is different than the AT&T and T-Mobile phone as it is GSM/CDMA. This means it's baseband, oem, and boot.img are different. Boot is slightly different, but oem and baseband is completely different.
If you haphazardly flashed a T-Mobile ROM, you might find out that after wiping oem, you cannot get mobile data to work.
This zip will fix that and put you back to stock on the "August" security patch (September update). You then can update to the "September" security update that came out in October.
If you rooted and cannot update but want the update, this will make your phone clean to accept updates again.
Now, to the meat of this thread. In post two, there is flash all zips for each patch version and instructions on what to do. This does need an unlocked bootloader.
Credits: Motorola Firmware Team for the zips
Me for modifying the zip to fix oem.img issue on B partitions and turning the xml into a simple flash all.bat
Note: I am mobile and I will clean up the OP and second post when I get time @ home
Click to expand...
Click to collapse
I was going to add yours in but kinda got busy
Thanks for this! I flashed a modified boot.img for root to get my phone unlocked, and flashed the stock kernel back, but I couldn't update to the September patch. After flashing this, updates are working fine. A bit of a lifesaver!
full circle...
i went from stock, to rooted to soft bricked and hopefully after these download ill be back at stock... thanks for all your hard work ...payday ill buy ya beer!
esuormai said:
i went from stock, to rooted to soft bricked and hopefully after these download ill be back at stock... thanks for all your hard work ...payday ill buy ya beer!
Click to expand...
Click to collapse
I don't take donations, just pay it forward! Thanks for the offer though.
NOTE: make sure your computer has more than 1 GB ram when you flash this you will get a buffer error because this requires a lot of memory I MADE THIS MISTAKE
WeUseLord- said:
NOTE: make sure your computer has more than 1 GB ram when you flash this you will get a buffer error because this requires a lot of memory I MADE THIS MISTAKE
Click to expand...
Click to collapse
Added in requirements, thank you for verifying that.
Uzephi said:
Added in requirements, thank you for verifying that.
Click to expand...
Click to collapse
Okay thanks OP
when i did this (i did this so that i could go back to stock with a locked bootloader which as of writing i just realized would work fine if i just did fastboot oem lock without anything else, goddamnit) it told me that a different operating system had been installed, even though it's (presumably) the same os. what's going on?
cooleoboom5 said:
when i did this (i did this so that i could go back to stock with a locked bootloader which as of writing i just realized would work fine if i just did fastboot oem lock without anything else, goddamnit) it told me that a different operating system had been installed, even though it's (presumably) the same os. what's going on?
Click to expand...
Click to collapse
That is a "permanent" flag that triggers when you flash something unsigned and not from Motorola. I.E. custom boot image for root. Reason it's in quotes is because we don't know how to return it back or if we even can.
moto z2 force
WeUseLord- said:
Okay thanks OP
Click to expand...
Click to collapse
where do you download the bat file from
irule1977 said:
where do you download the bat file from
Click to expand...
Click to collapse
It's in the zip
So Sprint Z2 can't get GSM unlocked by flashing ROMs from other carriers? Any idea how it can be unlocked?
How to get back to software status official in bootloader menu? I did managed to do it with T-Mobile version but cant get that from this one.
Uzephi said:
Don't you hate it when you flash something and it puts you in an unrecoverable state?
Does it aggravate you to no end when you flash something and then all you can do is go into bootloader and nothing else?
Well, have no fear Sprint Motorola Z2 force users! Your issues will be resolved!
First: Our phone differences
The Sprint variant is different than the AT&T and T-Mobile phone as it is GSM/CDMA.
This means it's baseband, oem, and boot.img are different. Boot is slightly different, but oem and baseband is completely different.
Reasons for using this method:
If you haphazardly flashed a T-Mobile ROM, you might find out that after wiping oem, you cannot get mobile data to work.
If you tried flashing an audio mod and have issues getting things to work.
If you accidentally (or purposefully) deleted a file and now can't OTA.
Anything else that you can do to soft brick your device.
This zip will fix that and put you back to stock on the "August" security patch (September update).
You then can update to the "September" security update that came out in October.
If you rooted and cannot update but want the update, this will make your phone clean to accept updates again.
Now, to the meat of this thread. In post two, there is flash all zips for each patch version and instructions on what to do. This does need an unlocked bootloader.
Credits:Motorola Firmware Team for the zips
Versions currently available:
NCXS26.122-59-8-6
NCX26.122-59-8
NCX26.122-51
Versions on OTA but no firmware files available:
NCXS26.122-59-8-9
Click to expand...
Click to collapse
Would you be able to make T-Mobile Stock? I've got flash all zips 7.1.1 but when flashing them I can't get any ota's. Every ota just failing on installation even via sideload. I've had multiple carriers ROMs installed on my device earlier looking the way to sim unlock it. Now my device unlock app failing to request unlock.
robdevil said:
Would you be able to make T-Mobile Stock? I've got flash all zips 7.1.1 but when flashing them I can't get any ota's. Every ota just failing on installation even via sideload. I've had multiple carriers ROMs installed on my device earlier looking the way to sim unlock it. Now my device unlock app failing to request unlock.
Click to expand...
Click to collapse
I would only release something I can test. I don't have TMobile service, so I won't be releasing TMobile only firmware. There is a thread by joemossjr for TMobile flashall.
A quick question sorry for newbie question in advance, I return to Motorola after a long years a lot changed
I got a Moto Z2 from a friend (he no have knowledge of rooting and modifying) which he got from his cousin in UK so when I got it seem it have a Tmobile sprint hybrid rom installed and google warning screen on the start, it is my guess it is Sprint's phone but I am not confirm.
XT-1789-03 is etched on the bottom near the and by search on google it is showing sprint so please if anyone can confirm -03 is sprint or not? imei is also showing the clean on the sprint site but it NOT definitely saying this phone is sprint.
Please someone tell me if I can flash this and get back to normal and get the OTA updates.
hackenggr said:
A quick question sorry for newbie question in advance, I return to Motorola after a long years a lot changed
I got a Moto Z2 from a friend (he no have knowledge of rooting and modifying) which he got from his cousin in UK so when I got it seem it have a Tmobile sprint hybrid rom installed and google warning screen on the start, it is my guess it is Sprint's phone but I am not confirm.
XT-1789-03 is etched on the bottom near the and by search on google it is showing sprint so please if anyone can confirm -03 is sprint or not? imei is also showing the clean on the sprint site but it NOT definitely saying this phone is sprint.
Please someone tell me if I can flash this and get back to normal and get the OTA updates.
Click to expand...
Click to collapse
My Sprint model has the -03 identifier. You should be safe if the bootloader is unlocked. Needs that to flash this
Hi,
I am very new to this android world so my queries might feel stupid. Actually i m here after 3 years and that is very long period in this world. I know about rooting(super Su), bootloader and recovery (stock,CM and TWRP) . Recently read about Magisk and got some queries. Hope you will help me out. These are not device specific but need to learn.
What i read/study i found these readings...
1. Magisk roots device systemlessly (does not touch system partition) so one can get OTA updates easily.
2.To install and run Magisk one needs to unlock the bootloader .
3.(Device Specific) My redmi MI Flash tool says,If you unlock the bootloader , you wont get OTA updates.
4.I have previously rooted my galaxy Y and uninstalled system apps. If i delete sys apps from magisk,still can we say that we are not touching system.
So all statements are true? or some? or none ?
Here my device is redmi 3s (6.0.1- MIUI 9.6.1.0 Global Stable).All these queries are just in relation to OTA system updates. Nothing related to warranty.
Thanking You
Yes.
Yes.
Don't know about Xiaomi, but I've never had issues with OTA on a device with an unlocked bootloader (I've mainly used different Google and Oneplus devices). Someone with a Xiaomi is gonna have to chime in on this one.
As long as you use Magisk's debloating feature of replacing files or directories with empty ones, you're good. The actual /system partition won't be touched. Use a module like the Debloater module by @veez21, or make a debloater module yourself.
Didgeridoohan said:
Don't know about Xiaomi, but I've never had issues with OTA on a device with an unlocked bootloader (I've mainly used different Google and Oneplus devices). Someone with a Xiaomi is gonna have to chime in on this one.
Click to expand...
Click to collapse
Ahh, Thank You.
You get OTA system updates for your STOCK ROM ?
inwell said:
Ahh, Thank You.
You get OTA system updates for your STOCK ROM ?
Click to expand...
Click to collapse
Yes. But, having both Magisk and a custom recovery (an OTA won't install with a modified boot image and a custom recovery installed) I always find it easier to download the update and flash it manually. But, like I said, I have no idea if this is true for Xiaomi.
1. Ok. i also heared that when you update your device,you lose root...not true ? Or you need to root again ?
2.In normal stock device,we get update notification and we downlaod then restart (as per convenience)device to update.
If i remove some system apps from my rooted device and unroot the device,manage to get stock recovery back ,will the OTA update system treat my device as Stock-untouched? And install updates just as stock device will do ?
3. Is boot.img and bootloader are same things? Coz i read that for re locking boot loader you need to flash boot.img from stock software. (But Some procedures just use fastboot and relock oem command-they wont use boot.img,dont know why )
I read that unrooting,restoring stock recovery and locking bootloader again is more difficult/complicated than the rooting procedure
Some one should come up with solution just like Windows Restore .If you want to go back to everything STOCK,just use that feature same as done to Restore Windows in its previous state.
Any update that also updates the boot image (which means pretty much all) will remove root. But, that's just a simple case of reflashing Magisk right after applying the update.
If you've touched /system in any way, removing system apps or even just mounting the /system partition read-write, an OTA will fail. To be able update with an OTA your /system and /vendor partitions need to be untouched and you need to have the stock boot image and stock recovery installed. If your device doesn't conform to this the OTA will fail.
Boot image and bootloader are not the same thing. That you can read up on all over the internet, so I won't go into details. If you have done any kind of modifications on your device, I suggest you leave your bootloader unlocked. It's to easy to mess things up otherwise.
Going back to full stock is usually just a matter of flashing a full factory image/firmware package/stock ROM. Quite easy... Of course, some manufacturers make it harder than others.
Didgeridoohan said:
Boot image and bootloader are not the same thing. That you can read up on all over the internet, so I won't go into details. If you have done any kind of modifications on your device, I suggest you leave your bootloader unlocked. It's to easy to mess things up otherwise.
Click to expand...
Click to collapse
Ok. As you say the two are different , but can you explain in simple words (terms) that how they both are related/linked/connected? Coz as i read some forums/posts i get to read
1. To relock/lock bootloader you need to flash boot.img which suggests these (terms) are linked/connected.
2. but same time some forums/post suggest no img file flashing but just a fastboot command(s) to relock bootloader. In this case it seems they are not linked/connected.
And if the above 2 statements are true and device specific then how the bootloader and boot image are linked and not linked in diff devices? what changes are made so that in some cases these are linked and in some not
Sorry for asking too much. But you were really very kind to help me out.Thank you once again
I'm not 100% accurate (and someone will hopefully come I'm and correct me if needed), but basically the bootloader checks that everything is alright and then starts up your device. After that the boot image (ramdisk and kernel) takes over. Ramdisk basically makes sure all the partitions are mounted, and the kernel is exactly what it sounds like. The core of the OS, making sure that everything is working as it should.
This is of course a huge over-simplification, so if you want more you'll have to search around (and there are tons of resources around the web).
The main reason I can think of right at the moment for wanting to flash a boot image before locking the bootloader is that it's generally a good idea to have your device fully stock and functional before doing so. After you've locked the bootloader there might not be any going back if things start acting up and you could end up with a nice paperweight.
Questions are good. That's how you learn. I do believe that you'd be much better of searching around the internet for your answers. They've been put out there many, many times.
Ok.Thank you very much.I will learn more ...
Hi,
Years ago I successfully rooted my Xiaomi Mi 9 (M1902F1G). I don't remember how, I just remember waiting for the Xiaomi approval on my account to unlock the bootloader and that I was extra-careful regarding a non-decreasing integer number not to brick it or something like that. To avoid risking an unwanted unroot, I never updated the system (now at MIUI Global 10.2.14).
Now, for different reasons, I want to update to the last available version and unroot. What's the easiest way of doing it?
My system is currently offering an update to MIUI V11.0.6.0.QFAMIXM | Stable (2.3GB).
Should I just take it? Will device unroot and update or things could go wrong (soft/hard brick)?
I'm willing to follow specific instructions to unroot, and manually flash scripts or ROMs if you think it would be safer (I would like to keep my TWRP recovery).
I just don't know where to look on the internet. Even if you just pointed me to the right thread/forum, I would appreciate it, I cannot find much.
Thanks in advance
Hello,
Just flash the latest fastboot image version (select the flash_all_lock.bat or flash_all_lock.sh depending of your OS).
You will lose everything on the phone and you can't keep TWRP installed.