Hello Fellow XDA Users!
Some of you might remember me from over the years or maybe just from SamPWND root on the S8/S8+. I have had a number of devices since SamPWND with a few being Sammy's. I have been real busy with life and work but of course every spare time I get has been breaking Samsung devices!
I've found some exploits I never released publicly due to the devices being "unpopular" but figured since I am close now as well as what I have found so far most likely works on most Samsung devices (I've only tested on Tab S4 and N9 from Big Red) that I wouldn't keep this one away from everyone.
With that being said, I do not have FULL root yet but am very close. I wanted to create this thread as I don't have let's of free time these days to hopefully bounce ideas around to achieve our end goal a lot faster.
I am going to spare all the specific details to the masses but will let you know what I got so far. I prefer to collaborate over other applications that are more "real time" if there are any developers that read this then PM me and we can share contact info. If you just want to toss ideas in here then that is ok. I just don't want to have someone potentially take my hard work and claim it as their own before I can achieve root. I have been almost non stop since the N9 was released so you can understand hopefully why I want to be the one to bring root to you all!
With that being said, I will begin telling my story and what I have so far.
Some time last year I was working on another Sammy device after SamPWND as I wanted root of course. I spent weeks and weeks trying to find exploits until I finally did! For this time I wanted to see what Sammy would offer for it as it was a tablet, the XDA forum was deserted etc. They did pay out a 2500$ reward so it was ok.
The reason I bring this up is because the exploit plays a factor here as well. The exploit was a mix of SamPWND and SamFAIL as I used the same rooting script as SamPWND but with a custom partition that wasn't checked for integrity when flashing in ODIN.
On this partition there were some init rc scripts. I noticed these scripts could be executed on combo firmware as root user. This means I could mount the partition in Linux, modify the scripts to my liking, sparse it back up and flash in ODIN. Then I could execute them. Believe it or not, they were executed by entering a simple setprop command in ADB. So from start to finish I simply extracted this partition, modified the scripts to install root as well as packaged the root package in with the image, flash it and then execute an adb command and viola! I felt like a loser it took me so long to find yet was so simple to exploit.
This ties in to where I am at now. I spent months looking through various attack vectors with no luck due to enhanced security not just with Sammy but Android also. So one day last week I decided to take a look at combo firmware again. In no time I found something interesting and then I slapped myself for spending months again when I should have looked at init scripts first.
I found it on my Tab s4 initially but wanted to see if the same file was on my N9 on combo and it was!
The first script runs as system user. For some reason the entire folder it is in is world readable/writable which means there is a script I can modify. This one is not an init script but is a script none the less that runs as system user that I can modify and execute with a simple adb command. Of course we want root, not system so I keep looking.
So I started writing all sorts of scripts/commands and executing it as system user since it's better than running as shell user right? One day I decide I am going to try and change permissions on the entire device. To my surprise it actually changed permissions to ALOT of partitions/files including EFS. I start messing with efs but don't want to break my phone so I settled with backing it up, enabling hidden menu, changing my sales code, enabling factory test mode etc. Etc.
One day I decided to see if I could access the same scripts I used previously. The partition was not readable (perms denied) so initially I thought it was a dead end. Then for some reason I tried to go into the sub-directory where I knew the scripts were and guess what!? The parent directory perms were not changed but its sub directories were! Now I am somewhere I have been before and now I have some scripts that I know are executed by init and as root and how to trigger them.
I spent over a week and all my spare time trying to gain full root but progress is slow moving due to new security. I can make a script that backs up every partition on the device, mounts "most" partitions as rw, dd magisk boot images (of course secure check fail due to locked bl but I had to try lol), create folders and push files to roots etc. Etc. Its basically like having full root but you have to run it in a script for everything you do.
Since we have locked bootloaders, we cannot boot modified boot.img. There's also more security causing me to have issues with system root. One of those issues is the fact that system, vendor and odm partitions cause the kernel to panic instantly as soon as they are mounted.
I managed to force some stuff quickly before the crash but they also have something called "secure write protect" which basically backs out anything you might have written before it reboots. I have tried installing chains systemless root and even tried to install magisk without modifying the boot but I am just getting frustrated and tired.
One thing I am currently trying is a safestrap recovery. The end goal is to try and get a GSI on that is pre rooted. Yes, I also tried to dd a gsi and tried with a file manager... it appears to write but it doesn't. I think there is some security going on as it along with odm and vendor are "protected" partitions.
I can modify rootfs and just about every other partition on the device with ease but haven't successfully gained root via su or magisk etc. Some stuff will cause device to boot with good old custom unlock splash screen and even say custom and custom binary in ODIN. That plus it being project treble certified indicates we shouldn't have any issues using GSI's and more soon as we can get ot nailed down!
So in a nutshell, I now have the ability to do almost anything as root user using init scripts on our locked bootloader devices but we only have a little bit left to go in figuring out how to get su binaries onto the device thanks to sammy and googs enhanced security updates.
Hopefully this gets the convo going and I wanted everyone to know that it's not "impossible" and now seems like a guarantee! Let's get some ideas going in here on this last hurdle! If you are a developer please also PM me as I tend to forget to check xda sometimes plus I like a more real time conversation when it comes to this stuff.
We are almost there!
Donation Link: https://forum.xda-developers.com/donatetome.php?u=3812611
Forgot as a reminder that I can confirm the scripts there on tab s4 and n9 combos.. it's very likely they are present on S9/S9+ also and potentially other devices but they will need to be confirmed once we get to that point.
Was just barely reading up on Samsung defex security.. hope that's not the problem since only fix I can find requires hex patching the boot.img
so i noticed you gave quite a lot of info without going too much into details. i understand that you don't want anyone to steal your ideas and take credit.
would be a shame to get root.
and not get the credit where it is due..
now, that being said, isn't making these statements public open up the door for samsung to notice these possible exploits and patch them up for good? thus rendering all your efforts in vain? As even if the details were kept at a minimum from kangers to use them, the samsung devs can probably read through the lines quite easily.
anyways, hope your effort will bare fruit for as long as it is possible.( samfail lasted what 3 or 4 months? before patches made it too difficult to keep up)
Regards
bober10113 said:
so i noticed you gave quite a lot of info without going too much into details. i understand that you don't want anyone to steal your ideas and take credit.
would be a shame to get root.
and not get the credit where it is due..
now, that being said, isn't making these statements public open up the door for samsung to notice these possible exploits and patch them up for good? thus rendering all your efforts in vain? As even if the details were kept at a minimum from kangers to use them, the samsung devs can probably read through the lines quite easily.
anyways, hope your effort will bare fruit for as long as it is possible.( samfail lasted what 3 or 4 months? before patches made it too difficult to keep up)
Regards
Click to expand...
Click to collapse
I can see where youre coming from but I dont think they can glean exactly what I have as theres are probably hundreds of scripts throughout the system.
Also, this approach is far from new. People have been using init scripts for rooting purposes for many years.
I also tried it with newer firmware and it actually didnt work. So it already requires an older frmware and I expect Sammy will increment bootloaders soon making it unavailable to those who have updated at that poimt in time. I figured best to put out the word on progress now and those can choose to wait or not.
Exploits never last very long. The only way to ensure longevity is to remain on old firmware. There was SamPWND before there was SamFAIL. This could be the perfect time. Unless I am the only one working on this device there will be other exploits to be found.
With that being said, only you have posted all day and no devs have reached out to join in the fun so at this rate by the time full root is achieved it most likely will already be patched.
Thats just my thoughts though.
elliwigy said:
I can see where youre coming from but I dont think they can glean exactly what I have as theres are probably hundreds of scripts throughout the system.
Also, this approach is far from new. People have been using init scripts for rooting purposes for many years.
I also tried it with newer firmware and it actually didnt work. So it already requires an older frmware and I expect Sammy will increment bootloaders soon making it unavailable to those who have updated at that poimt in time. I figured best to put out the word on progress now and those can choose to wait or not.
Exploits never last very long. The only way to ensure longevity is to remain on old firmware. There was SamPWND before there was SamFAIL. This could be the perfect time. Unless I am the only one working on this device there will be other exploits to be found.
With that being said, only you have posted all day and no devs have reached out to join in the fun so at this rate by the time full root is achieved it most likely will already be patched.
Thats just my thoughts though.
Click to expand...
Click to collapse
the note 9 kinda missed the party bus.
ive had almost all Sammy's devices and i have to unfortuanly say this is by far the most bleek state of development ive ever experienced.
but back in the day, there was far less android competition.
edit:
and i think that if not the competition, the fact that alot of people feel content with what stock samsung is offering. when the device came out, the forums were littered with Shakespearean: 'to root or not to' type of threads.
This is great news. Hopefully some devs contact you. Loved your work with the S8.
Yeeeeeeeesssssss!
Very exciting! If we're updated to Pie, are we out of luck then though, regarding the firmware?
I remember you doing some great stuff but I don't recall the phone... Galaxy S3? Note5? Note7? Note8? HTC M8? EVO 4G LTE? OG EVO? Anyway, I am excited to see you here. ?
Wow, this is very interesting, and I loved reading your detailed post. I am super exited, and can't thank you enough for all your work elliwigy! :good:
Full on beast!
Sent from my SM-N960U using Tapatalk
PsiPhiDan said:
Yeeeeeeeesssssss!
Very exciting! If we're updated to Pie, are we out of luck then though, regarding the firmware?
I remember you doing some great stuff but I don't recall the phone... Galaxy S3? Note5? Note7? Note8? HTC M8? EVO 4G LTE? OG EVO? Anyway, I am excited to see you here.
Click to expand...
Click to collapse
I wanna say s8/+ and the note 8.. both of which root solutions I used.
Word brotha ?? thank you for your diligence. I love that your hobby can help out so many who don't have the time, will, or discipline to learn it.
PsiPhiDan said:
Yeeeeeeeesssssss!
Very exciting! If we're updated to Pie, are we out of luck then though, regarding the firmware?
I remember you doing some great stuff but I don't recall the phone... Galaxy S3? Note5? Note7? Note8? HTC M8? EVO 4G LTE? OG EVO? Anyway, I am excited to see you here. ?
Click to expand...
Click to collapse
you should be fine as long as you remain on rev1 firmware..
PsiPhiDan said:
Yeeeeeeeesssssss!
Very exciting! If we're updated to Pie, are we out of luck then though, regarding the firmware?
I remember you doing some great stuff but I don't recall the phone... Galaxy S3? Note5? Note7? Note8? HTC M8? EVO 4G LTE? OG EVO? Anyway, I am excited to see you here. ?
Click to expand...
Click to collapse
lol ive had a lot of devices thats for sure but most my work is on samsung
teknowiz23 said:
I wanna say s8/+ and the note 8.. both of which root solutions I used.
Word brotha ?? thank you for your diligence. I love that your hobby can help out so many who don't have the time, will, or discipline to learn it.
Click to expand...
Click to collapse
Yeeeeeeeesssssss!
You are always the loveliest "Rev1 firmware baby"
elliwigy said:
you should be fine as long as you remain on rev1 firmware..
Click to expand...
Click to collapse
So.. I had to get a replacement via Asurion, and before setting it up I installed the earliest unlocked firmware. Sm-n960u on Verizon plan. I understand that this should work as long as I don't update, correct?
teknowiz23 said:
So.. I had to get a replacement via Asurion, and before setting it up I installed the earliest unlocked firmware. Sm-n960u on Verizon plan. I understand that this should work as long as I don't update, correct?
Click to expand...
Click to collapse
Yes, just make sure you stay away from anything that says N960UxxU2 or S2
Jammol said:
Yes, just make sure you stay away from anything that says N960UxxU2 or S2
Click to expand...
Click to collapse
Mine says Rev 1.1. Does that mean game over for me?
PsiPhiDan said:
Mine says Rev 1.1. Does that mean game over for me?
Click to expand...
Click to collapse
No that's for hardware revision. Is normally for when a device has had a hardware fix that changed something from the original design. So if they realized the fingerprint readers on rev1 were crappy and changed it out for future ones, they would show rev1.1 or whatever numbers they want to classify it as.
I'm not sure what they may have changed on the Note 9 though. Could have been camera or even something internal such as memory or radio chip.
What you want to stay away from is any changes to the attached image. Don't update to anything that says U2 or S2 at that section of the firmware.
Thank you for your hard work on this .
Related
Back when the turbo was originally rooted many users stated that they were able to get temporary write protection off. How could I do this? And I don't care if it makes my device unstable.
All we were doing was writing to cache. System was never actually really touched. Root apps just thought it was. So unfortunately you will not get the answer you're looking for.
Please wait for when and if a WP off method is released.
Harry44 said:
All we were doing was writing to cache. System was never actually really touched. Root apps just thought it was. So unfortunately you will not get the answer you're looking for.
Please wait for when and if a WP off method is released.
Click to expand...
Click to collapse
But I thought that apps like Xposed would work if you did a soft reboot. Right?
Can you tell me how you did it? I would just like to try this for myself if that is OK.
cadenmiller60 said:
Can you tell me how you did it? I would just like to try this for myself if that is OK.
Click to expand...
Click to collapse
Well you've now made 2 threads concerning root, that at their heart are based on one, quite easy, response for you (see summary).
You'd like to have xposed up and running, to be able to install modules and tweak your android experience as you see fit. You'd like to debloat and remove apps/ads you feel are unwarranted on your phone.
The good news (part 1): I've been doing all these things on my turbo since late March, and will gladly help you achieve an awesome level of customization for your turbo.
The bad news (part 1): It appears you refuse to just pay for mofo so you can push a custom system image to your phone.
The good news (part 2): It seems daunting, getting a virtualbox setup and making your own image... but some people have been nice enough to post their images that you can use. Which is really no different than flashing a custom rom with bells and whistles.
The bad news (part 2): 20 dollars is a lot of money. Thats like....almost 1/40th the cost of the msrp of the Turbo at release.
The good news (part 3): Even after having setup my virtualbox and customizing my own image, I haven't flashed that image since the last week of March... I've added a lot of new xposed modules (todays newest xhangouts), and until a new ad pops up, I have no need to edit the hosts file again.
Summary.. Just pay 20 bucks for mofo, find an image you like (or take the 90 mins to customize your own) and you'll be way better off.
This was always my issue with the free root.. not the idea of free.. not the idea that its an alternative which may lead to new thinking on cracking w/p but because now people are even LESS inclined to learn for themselves and not make multiple, ultimately pointless, threads.
I have gotten a few private messages plus some people have posted on the threads with the updates.
Do NOT update to 5.1.1 if you want to maintain root.
After days of tinkering, here are your possible outcomes (none of which are what you want):
A. Continuous soft reboot after upgrading via FlashFire updates.
B. Use ODIN to flash the system/boot partitions or properly done FlashFire update... Hoorah! You're on 5.1.1, but your fingerprint sensor and LTE are dead - plus no root.
C. You try to downgrade after B, and you no longer have signal under any circumstance.
Personally, I am now just going to flash the OI2 ODIN files in full and be done with it until a new root method is available. Sorry guys, I have tried everything that I can think of. As you can see above that something in the 5.1.1 kernel/system images require the latest bootloader which is what allows us to downgrade and get root from OE2 using PingPong.
There is a possibility of a new solution soon enough... see progress here for other models of S6: UniKernel
Yeah I ended up tripping knox in my attempts at working something out. Fortunately I was able to revert but thats only because I didn't dare try and flash the bootloader or modem. Man this is like a sick mind-game. I wish I would have had more experience with Samsung and AT&T before I bought this damn phone. This is my first phone on AT&T and my first Samsung. It was the perfect **** storm... I never anticipated this bull****, after this long... And I can't even get rid of the damn thing. Nobody wants it.
wesgarner said:
I have gotten a few private messages plus some people have posted on the threads with the updates.
Do NOT update to 5.1.1 if you want to maintain root.
After days of tinkering, here are your possible outcomes (none of which are what you want):
A. Continuous soft reboot after upgrading via FlashFire updates.
B. Use ODIN to flash the system/boot partitions or properly done FlashFire update... Hoorah! You're on 5.1.1, but your fingerprint sensor and LTE are dead - plus no root.
C. You try to downgrade after B, and you no longer have signal under any circumstance.
Personally, I am now just going to flash the OI2 ODIN files in full and be done with it until a new root method is available. Sorry guys, I have tried everything that I can think of. As you can see above that something in the 5.1.1 kernel/system images require the latest bootloader which is what allows us to downgrade and get root from OE2 using PingPong.
There is a possibility of a new solution soon enough... see progress here for other models of S6: UniKernel
Click to expand...
Click to collapse
Forgive my ignorance here...I've not kept close track of the progress of unikernel. But it was my impression that without a custom recovery option, we are entirely SOL regarding custom kernels. Am I misunderstanding things, or did something change? I didn't see anything in the recent posts there that got my hopes up...
Sent from my SAMSUNG-SM-G920A using Tapatalk
Well technically you can flash the kernel using FlashFire however a screen will stop you from booting.. Says something about at&t detecting modified software on your device please take to repair center blah blah
timde9 said:
Well technically you can flash the kernel using FlashFire however a screen will stop you from booting.. Says something about at&t detecting modified software on your device please take to repair center blah blah
Click to expand...
Click to collapse
Lol. Well not bootable is not useful! ?
Sent from my SAMSUNG-SM-G920A using Tapatalk
Gah! I don't even use custom roms. Stupid Textra App has this ****ty ghost notification that does not work on 5.0.x android. I would go to 5.1 unrooted but I just can't stand the thought of not being able to get rid of annoying notifications (wifi, etc). Plus all the custom easy hacks. So lame. Never going AT&T again. Why do they make it so difficult anyways? Tmobile doesn't.
They make the majority of their money from enterprise customers. These customers desire the locked bootloader as to avoid security risks. Since this is AT&T's main source of profit this is their main consideration. In short this phone and its software was not designed with our consumer use cases in mind. We are merely an after thought. I have waited too long I am jumping ship, just ordered a Moto X Pure and as soon as it gets here I am leaving this phone behind. Had it since launch and haven't been able to accomplish my original intention since then. Never buying from AT&T and also I am staying far away from anything with an Exynos chipset. Touch Wiz is a lag fest nightmare. For this to be pretty much the most powerful chip in the mobile space and to experience such a lag on it is truly unnerving. Samsung is all too eager to jump the Android band wagon all together and probably intend to do so as soon as they feel their tizen offerings stack up. And I sincerely hope they fail miserably. They are a good hardware company but they should just give up on software. They just don't get it at all.
timde9 said:
Yeah I ended up tripping knox in my attempts at working something out. Fortunately I was able to revert but thats only because I didn't dare try and flash the bootloader or modem. Man this is like a sick mind-game. I wish I would have had more experience with Samsung and AT&T before I bought this damn phone. This is my first phone on AT&T and my first Samsung. It was the perfect **** storm... I never anticipated this bull****, after this long... And I can't even get rid of the damn thing. Nobody wants it.
Click to expand...
Click to collapse
Amen. Well said. Bravo.... I feel your pain. My first real SmartPhone was the Fire Phone with AT&T, exactly a year ago, and I took its enema for 10+ months before I finally decided to just add payments for the S6 and finally have a good phone I could root. So now I'm paying for both, and the more I search for help and answers on here, the more I feel like my kind aren't welcome. Not by the community, but by ATT and Samsung. Gee thanks.
Well, at least I have a new phone... I'm totally down to build and burn a 5.1.1 effigy with you, if you want.
Well I have already given up on this phone. See my post above. My sister has already agreed to take over the line and the phone payment and I just bought a Moto X Pure outright yesterday. Just waiting for it to arrive now.
I've been thinking of just doing an Odin back to stock (unrooted) and OTA update up to the newest 5.1.1 on my 925a for a week or so now. For anyone that is already on OI2, how is it working out for you? Is the phone still slow at times? Does the memory issues still exist?
I recall seeing an app a little while ago that is able to freeze/disable apps without root. What was that app? Has anyone tried doing something like this? How did it work out?
sirdizzle415 said:
I've been thinking of just doing an Odin back to stock (unrooted) and OTA update up to the newest 5.1.1 on my 925a for a week or so now. For anyone that is already on OI2, how is it working out for you? Is the phone still slow at times? Does the memory issues still exist?
I recall seeing an app a little while ago that is able to freeze/disable apps without root. What was that app? Has anyone tried doing something like this? How did it work out?
Click to expand...
Click to collapse
Package disabler. Works like a charm.
anneoneamouse said:
Package disabler. Works like a charm.
Click to expand...
Click to collapse
Thanks! Is it the "for Samsung" one? or do you have another one in mind?
How is OI2 working out for you?
Don't have oi2, I have an s6 active, no update yet.
Appears this is where we come to an end with development and rooting. All other g4s have been Rooted on Android m. We just don't have any love for this device. Appears we all messed up when we chose sprint as our carrier. Argh!
Wat, who are you? What makes you think you can make that call? There are people that spent countless hours making ROMs and Developing for the Sprint LG G4 and you think you have the final say?
Quoting what you said just in case you edit you post: "Appears this is where we come to an end with development and rooting. All other g4s have been Rooted on Android m. We just don't have any love for this device. Appears we all messed up when we chose sprint as our carrier. Argh!" with screenshot: http://i.imgur.com/DxsEmvG.png
Not the right way to think, just wait. Have you contributed in anyway to the Sprint LG G4 here on XDA? I sure have with my free hotspot bug (patched on Android M).
I highly doubt Verizon G4 is rooted on m.
In fact I don't think they even have Marshmallow update yet.
what is so appealing in Marshmallow to make one want to upgrade urgently? If you have stable L with root and xposed, why not staying with it. I do not think there is Xposed for M anyways yet, which is the main reason to root this phone.
I am with you. This phone is the most disappointing tech purchase in all my years of existence. I love the camera and removable battery but this phone is just crap and doesn't get much dev love. I beat if the bootloader got unlocked and I can load a true rom on it this phone would be great. I think most of the problems is LG's crappy modifications to android. Every time it get slow, unresponsive, the touch screen lags behind, or a stupid Sprint notification advertisement pops up I want to chuck it against a wall and then jump off a cliff.
I am just using this as a rude awakening to the future. This will most likely be one of the last phones that isn't sealed tight. Guess I need to carry around a clunky battery pack with cable dangling from my pockets instead of a small quick batter swap. Rooting and unlocking the bootloader will become ever more difficult with upcoming phones. The glory days are over I feel
centran said:
I am with you. This phone is the most disappointing tech purchase in all my years of existence. I love the camera and removable battery but this phone is just crap and doesn't get much dev love. I beat if the bootloader got unlocked and I can load a true rom on it this phone would be great. I think most of the problems is LG's crappy modifications to android. Every time it get slow, unresponsive, the touch screen lags behind, or a stupid Sprint notification advertisement pops up I want to chuck it against a wall and then jump off a cliff.
I am just using this as a rude awakening to the future. This will most likely be one of the last phones that isn't sealed tight. Guess I need to carry around a clunky battery pack with cable dangling from my pockets instead of a small quick batter swap. Rooting and unlocking the bootloader will become ever more difficult with upcoming phones. The glory days are over I feel
Click to expand...
Click to collapse
I disabled and uninstalled everything I could with sprint software. Haven't had any of their pop ups in months. It seems you bought a phone in one of the bad batches with your lagging screen.
I hate their UI though...
One of the best phones I've had in terms of specs etc. Would be something if I could run CM13 on this one day..
Sent from my LGLS991 using Tapatalk
I don't have Android M on my phone yet....
...so maybe I can keep my hopes up. Sprint didn't give me Marshmallow on my phone. I'm not begging for it either. From what I'm gathering here, you're all good if you're on Lollipop (5.1) Right?
EmSeeMAC said:
I disabled and uninstalled everything I could with sprint software. Haven't had any of their pop ups in months. It seems you bought a phone in one of the bad batches with your lagging screen.
I hate their UI though...
Click to expand...
Click to collapse
Yep I had a bad batch phone and it was before Sprint admitted the problem so I sent it to LG. LG fixed my phone but did not replace it. That is probably the big problem. Now I have a phone that is only having lagging problems and since that is subjective and random so not easily repeatable I am screwed.
SeeLaH said:
...so maybe I can keep my hopes up. Sprint didn't give me Marshmallow on my phone. I'm not begging for it either. From what I'm gathering here, you're all good if you're on Lollipop (5.1) Right?
Click to expand...
Click to collapse
We do have Marshmallow, but the OTA is taking reaaaaaaaaaaaaaaaaaaaaaaaaally long.
I just got the notification a few minutes ago for the update. I'm from Michigan and figured I was one of the last places to get it but I guess not. Newho, I've read that there's gonna be more dev work on our g4 but they were waiting for Android m to come out before they focused their energy to cracking the bootloader. Stay patient as the carriers are getting wise to what our devs have been doing and they try to seal up the phone to keep us out. But when there's a will there's a way and it will happen eventually.
Well I'm hoping for ultrapop marshmallow, lol. The phone stock was fine and ultrapop was perfect for me. Would be nice to have cm in this phone but ultrapop was all I really need.
Sent from my LGLS991 using Tapatalk
esloudan said:
Well I'm hoping for ultrapop marshmallow, lol. The phone stock was fine and ultrapop was perfect for me. Would be nice to have cm in this phone but ultrapop was all I really need.
Sent from my LGLS991 using Tapatalk
Click to expand...
Click to collapse
Don't think that's gonna happen, as MM security is the reason we don't even have systemless root yet. UltraPop relies on changing the system partition, which the Lollipop boot sequence isn't as strong. in MM as soon as the system partition is changed, it causes hashes and whatnot to change, the boot sequence detects the changes and doesn't allow the phone to boot. I think we'll need an unlocked bootloader for UP-type "pseudo-roms"
natator99 said:
Don't think that's gonna happen, as MM security is the reason we don't even have systemless root yet. UltraPop relies on changing the system partition, which the Lollipop boot sequence isn't as strong. in MM as soon as the system partition is changed, it causes hashes and whatnot to change, the boot sequence detects the changes and doesn't allow the phone to boot. I think we'll need an unlocked bootloader for UP-type "pseudo-roms"
Click to expand...
Click to collapse
Exactly. I was able to work-around the system partition in ZV6 because LG security only checked for certain files were present. In ZV8, there is LG security checksum for the whole system partition. Since we have a locked bootloader, we can't modify Kernel without tripping the boot security. I am still going to try to get a modified stock ROM working, or maybe mix of ZV6/ZV8, but have not had much time lately.
Roms for our phone? please tell me where roms are at for our phone. i only see 1. that is still stock. ultrapop
Go to the Sprint Fun and Games app and hit the menu button, then settings, then deselect the box Atuomatically install Zone / Fun & Game updates and the notifications boxes. Super disappointed in Sprint for having this.
centran said:
I am with you. This phone is the most disappointing tech purchase in all my years of existence. I love the camera and removable battery but this phone is just crap and doesn't get much dev love. I beat if the bootloader got unlocked and I can load a true rom on it this phone would be great. I think most of the problems is LG's crappy modifications to android. Every time it get slow, unresponsive, the touch screen lags behind, or a stupid Sprint notification advertisement pops up I want to chuck it against a wall and then jump off a cliff.
I am just using this as a rude awakening to the future. This will most likely be one of the last phones that isn't sealed tight. Guess I need to carry around a clunky battery pack with cable dangling from my pockets instead of a small quick batter swap. Rooting and unlocking the bootloader will become ever more difficult with upcoming phones. The glory days are over I feel
Click to expand...
Click to collapse
This phone has plenty of "dev love". Some of the best developers are trying their hand at it. There's a huge bounty for unlocking the bootloader, and plenty of people trying to earn it.
The problem is, until one of them (or the part timers like me) stumble across something that works, we're in a holding pattern. We have something stable that works in Android L with root and xposed framework, and until the bootloader issue is solved, that will have to do.
Be patient, OR hit the general Android development section and LEARN. Do it yourself. Grab the bounty. There's plenty of us doing what we can, even as far as hard bricking our devices and getting them replaced by trying methods that work for other devices. I myself am on my second LS991 from trying a method that worked on the kindle fire where you get into fastboot by nuking laf and still haven't had any luck getting a patched bootloader to stick.
So cool off and have some patience. Some people haven't even had the official OTA roll out to their area yet and you're crying that you don't have rooted M? Grow up.
+1
Sent from my LGLS991 using Tapatalk
---------- Post added at 09:43 PM ---------- Previous post was at 09:41 PM ----------
agentfusion said:
This phone has plenty of "dev love". Some of the best developers are trying their hand at it. There's a huge bounty for unlocking the bootloader, and plenty of people trying to earn it.
The problem is, until one of them (or the part timers like me) stumble across something that works, we're in a holding pattern. We have something stable that works in Android L with root and xposed framework, and until the bootloader issue is solved, that will have to do.
Be patient, OR hit the general Android development section and LEARN. Do it yourself. Grab the bounty. There's plenty of us doing what we can, even as far as hard bricking our devices and getting them replaced by trying methods that work for other devices. I myself am on my second LS991 from trying a method that worked on the kindle fire where you get into fastboot by nuking laf and still haven't had any luck getting a patched bootloader to stick.
So cool off and have some patience. Some people haven't even had the official OTA roll out to their area yet and you're crying that you don't have rooted M? Grow up.
Click to expand...
Click to collapse
+1
Sent from my LGLS991 using Tapatalk
LG will not be unlocking any other G4's except the Euro H815.
Hello,
Thank you for your interest in LG mobile devices.
Currently, you can only unlock bootloader for LG G4 for the European market with model number H815.
And we have no plan to support bootloader unlocking for H815T.
If there are any changes to the supported devices, we will let you know via our website.
Thank you.
Click to expand...
Click to collapse
DaemeonZane said:
LG will not be unlocking any other G4's except the Euro H815.
Click to expand...
Click to collapse
And? That doesn't mean they can't be unlocked by other means. It just means LG will not be providing the binary file for oem-unlock via fastboot. Some of us have already gotten limited fastboot access by willingly destroying the laf partition and using a serial USB connection. Right now I'm working on trying to figure out how to get access to other fastboot commands not available in this limited mode, then it's just a matter of creating a reliable semi-automated process so it's accessible to less technical users, and if no one beats me to it; collecting the bounty on a reliable bootloader unlock and ability to flash recovery and make it stick. (Which, to be absolutely honest ... Though I'm not working with anyone else, I would not have gotten *anywhere* without ideas others have bounced around on these forums that helped me make progress when stuck, so I will contact each of them privately to divide half of the bounty between them if I am first to be able to collect it)
All I read is negative on the topic of the US Snapdragon Galaxy S10 receiving root/an unlocked bootloader as I understand Samsung has kept these variants locked since the S7 series.
But is it not true that anything that can be locked can be unlocked? It's impossible to have a truly unbreakable lock, hardware or software, no?
And if it is completely impossible, why is this? Are people actively working on it/is there any potential we will receive root in a way similar to the SamFails exploit for the S8 series?
Of course, I'm just a consumer. I'm not exactly sure what goes into this. It would be helpful to gain some insight on what is and is not possible for my S10.
Kind of disappointed I'm unable to afford a Canadian or other foreign variant because I do payment plans. But I really would love the feeling of having root again. I really do miss it.
CrackyRaps said:
. I really do miss it.
Click to expand...
Click to collapse
But why?
CrackyRaps said:
All I read is negative on the topic of the US Snapdragon Galaxy S10 receiving root/an unlocked bootloader as I understand Samsung has kept these variants locked since the S7 series.
But is it not true that anything that can be locked can be unlocked? It's impossible to have a truly unbreakable lock, hardware or software, no?
And if it is completely impossible, why is this? Are people actively working on it/is there any potential we will receive root in a way similar to the SamFails exploit for the S8 series?
Of course, I'm just a consumer. I'm not exactly sure what goes into this. It would be helpful to gain some insight on what is and is not possible for my S10.
Kind of disappointed I'm unable to afford a Canadian or other foreign variant because I do payment plans. But I really would love the feeling of having root again. I really do miss it.
Click to expand...
Click to collapse
You should have purchased another phone, because it's not going to happen on this one.
raduque said:
But why?
Click to expand...
Click to collapse
Because I enjoyed the extra features associated with it?
Superuser, flashing a ROM, even just getting rid of certain bloatware or using a PS3 controller with bluetooth.
There's just a bunch of small things that I miss being able to do, but Samsung has been progressively locking their **** up more and more.
Why does it matter why I want it?
raduque said:
But why?
Click to expand...
Click to collapse
Tel864 said:
You should have purchased another phone, because it's not going to happen on this one.
Click to expand...
Click to collapse
This is the sort of thing I'm talking about. I don't know how you can definitively say this other than for the fact that nobody seems to even be giving a ****.
And that's how it goes, nobody gives a **** until it's figured out.
I'm sure a lot of people had the same exact mindset when the S8 got root without tripping Knox, but it got it eventually.
Maybe if more people had been working on it, it would've come about much earlier than it did.
So what is your reasoning other than "well Samsung made it hard to do so nobody attempts it?"
Nothing is impossible to break into.
CrackyRaps said:
This is the sort of thing I'm talking about. I don't know how you can definitively say this other than for the fact that nobody seems to even be giving a ****.
And that's how it goes, nobody gives a **** until it's figured out.
I'm sure a lot of people had the same exact mindset when the S8 got root without tripping Knox, but it got it eventually.
Maybe if more people had been working on it, it would've come about much earlier than it did.
So what is your reasoning other than "well Samsung made it hard to do so nobody attempts it?"
Nothing is impossible to break into.
Click to expand...
Click to collapse
Wait wait wait lets clear this up. the s8 got root within a month or two of it being out. However, this was NOT because "people worked on it hard enough" It was because an engineering boot/build got leaked. This was not matter of working to root the thing then they had a magic breakthrough due to hard work. It was rooted because of the leaked engineering build.
I hope that they end up having the same thing happen there too, I really do. However, I would not keep your hopes up. Samsung is very good about locking their devices down when they want to. The level of dedication and work that a team would have to put in would have to be the equivalent or bigger than the team samsung has working to lock these things down. The problem with that? any team that has that time and money is not going to be working to root a samsung device. they are going to be taking paid jobs and if they did find a security flaw to exploit, they would probably turn it into samsung for a payout.
CrackyRaps said:
So what is your reasoning other than "well Samsung made it hard to do so nobody attempts it?"
Nothing is impossible to break into.
Click to expand...
Click to collapse
LOL, welcome to the real world, because things can be made impossible to break into. I'm still amazed at people buying a phone they know can't be rooted, get buy it anyway.
Hey guys I agree with the OP of this thread. I am by no means a dev but want to try and help where I can. I posted a thread on galaxy s10+ forum regarding the eng bootloader from Pakfirmware. If you are interested check it out https://forum.xda-developers.com/s10-plus/how-to/eng-bootloader-t3914050
ait1071 said:
Hey guys I agree with the OP of this thread. I am by no means a dev but want to try and help where I can. I posted a thread on galaxy s10+ forum regarding the eng bootloader from Pakfirmware. If you are interested check it out https://forum.xda-developers.com/s10-plus/how-to/eng-bootloader-t3914050
Click to expand...
Click to collapse
Good dialog here. One question, is the Exynos version the same in every way as the Snapdragon, especially the having the same 3G/4G LTE Bands?
If so, why not just buy the Exynos version Unlocked from an overseas website?
The only disadvantage would be if they fail to include the newer bands like 23, 66,71,14....etc...
Sent from my iPad using Tapatalk
CrackyRaps said:
But is it not true that anything that can be locked can be unlocked? It's impossible to have a truly unbreakable lock, hardware or software, no?
Click to expand...
Click to collapse
That locked down phone is a selling point. They'll sell far more phones to people that don't care about rooting... and that's before the corporate and government sales.
Can it be unlocked? It's possible. It could happen today, or it could take two years like the Verizon Note4 and require such a convoluted process that many people will screw their phones up in the attempt. In the case of the Note4, it took so long that many developers had long moved on to newer devices.
Are there people working on the unlock? Undoubtedly. But I've found that this work goes on quietly, less the unwashed masses try incomplete methods and end up making their phones useless. (I hesitate to use the term "bricked," because that implies a phone that cannot be fixed by anyone. It is an overused term on these forums.)
I used to flash two or three ROMs a day back when I first got an Android phone in the Droid Incredible days. Perhaps it's my age, but most of the ROMs I flashed had issues I don't want to mess with anymore. While the One UI isn't a perfect experience, the only possible enticement I could see to root my phone would be a full nandroid backup.
And if they do find a way to root, I'll be in the thread laughing my ass off at the idiots who don't know what they're doing and can't follow directions "brick" their phones. A word of wisdom: don't try to be the first. Let others screw up and get the process refined.
CrackyRaps said:
Because I enjoyed the extra features associated with it?
Superuser, flashing a ROM, even just getting rid of certain bloatware or using a PS3 controller with bluetooth.
There's just a bunch of small things that I miss being able to do, but Samsung has been progressively locking their **** up more and more.
Why does it matter why I want it?
Click to expand...
Click to collapse
It doesn't matter. I was genuinely curious. You might gain a few little things, but you break everything that uses Knox. Samsung Pay, S-Health, Secure Folder, apps like Adhell and Disconnect Pro. Oh, and you NEVER get those back even after un-rooting, so you have to sell it for a significantly lower price because the device is crippled.
Samsung is locking their devices down so they can provide a secure environment for US Government and company use. 97% of the consumer market appreciates the lock down as well, because it's more difficult for malware to use an exploit to gain root and use that to steal passwords, pins, numbers and so on.
If you want to be able to unlock a devices bootloader, add root access and flash community roms, you need to get another device. If you still want to root a Samsung, you need an Exynos device. But again, see my first paragraph.
If you really want to have root then probably the best thing is not to buy a phone till root has been made available. For certain type of phones this is unlikely to ever materialize. The situation is not unique to Samsung, particularly Samsung phones with Snapdragon; as also Huawei phones have become increasingly difficult/impossible to unlock and root.
need to find out this for purchase
Probably not
Gunnerabsek said:
need to find out this for purchase
Click to expand...
Click to collapse
I don't think so
Because Samsung only provides 2 android updates
Note 8 already got oreo and pie update so forget it.
Maybe in future someone can possibly cook a android q custom rom compatible with our note 8.
Trex888 said:
I don't think so
Because Samsung only provides 2 android updates
Note 8 already got oreo and pie update so forget it.
Maybe in future someone can possibly cook a android q custom rom compatible with our note 8.
Click to expand...
Click to collapse
Was Treble just an 8.1 thing then? Never had one of those devices and haven't had any of the newer samsung's until recently. I imagine we can't use it because of some signature check on the system partition that doesn't allow a generic AP? Because I thought 9.0 was supposed to be even more compatible with treble, or maybe I haven't looked into it in awhile.
I imagine we are really just at the tip of the iceberg still on using Safestrap to customize Stock 9.0 to it's fullest potential. I haven't gotten that far yet as far as Using Safestrap on Stock Pie. I'm trying to up my exploit game somehow. I understand the PoC's and the high level descriptions, and thus how things could maybe be chained together, but I'm not a low enough level coder yet. My Linux game is still a little weak sauce. By the time I'm done with Rev 5 Nougat root I might understand the environment enough to implement my ideas a little bit though.
But if we can use Safestrap to install a Stock 9.0 Build that also includes Safestrap then that does mean we should have quite a bit of leeway to get Q Roms backported, even if they aren't rooted. Didn't we do this for the Galaxy S5? I'm just saying, the security bulletins posted in the last 8-9 months do seem to show a path towards root through something like a User Controlled C&C Platform. It wouldn't be a stereotypical full root everyone thinks of, but it would get the foot in the door like dirtycow did.
To start though, we like to use busybox for a lot of things, but our devices natively use toybox, and toolbox. Samsung hasn't used busybox for anything, so us putting it there and usurping control from toybox is an automatic red flag. The device recognizes and accepts toybox over busybox naturally. I feel like we have a better chance of getting a modified or user controlled version of toybox onto the device than we do busybox or standard supersu. I don't think Pie was planned for in the code before CF left us. Because didn't we have to change over to sbin for a lot of things in Oreo? Maybe we actually just need a new path altogether. System Root seems to have had the best success in recent generations, but what elliwigy did on the Note9 is a good concept to start with I think.
Maybe I'm just crazy a bit, but we've seen that traditional root method keep getting harder and harder to use and new methods are very few and far between anymore. I just keep putting the concepts out in hopes others can put some dots together.