Related
I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.
Thanks to Saurik and Giantpune for contributing (ie its based on their research)
Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command
adb uninstall com.qualcomm.privinit
Do you have a link to their research or are their findings private?
Regards,
Mr_Bartek said:
Do you have a link to their research or are their findings private?
Regards,
Click to expand...
Click to collapse
saurik - his analysis of the "second master key vuln"
giantpune for his symlnink attack vuln in property space:
Code:
/system/bin/mv /data/property /data/backupprop
/system/bin/mkdir /data/property
/system/bin/ln -s /sys/kernel/uevent_helper /data/property/.temp
/system/bin/setprop persist.sys.fail /data/pwn.sh
jcase said:
I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.
Thanks to Saurik and Giantpune for contributing (ie its based on their research)
Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command
adb uninstall com.qualcomm.privinit
Click to expand...
Click to collapse
Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.
coolrevi said:
Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.
Click to expand...
Click to collapse
Possibly other oppo devices
No it doesnt fix the vuln, just becareful where you install apps from
jcase said:
Possibly other oppo devices
No it doesnt fix the vuln, just becareful where you install apps from
Click to expand...
Click to collapse
a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!
ricky310711 said:
a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!
Click to expand...
Click to collapse
It should be patched in 4.4.
But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.
Anyway, I tested this root method a week or so ago and it works nicely
pulser_g2 said:
It should be patched in 4.4.
But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.
Anyway, I tested this root method a week or so ago and it works nicely
Click to expand...
Click to collapse
so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?
interesting...
ricky310711 said:
so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?
interesting...
Click to expand...
Click to collapse
It depends on if OEMs backported it, depends on which build OEMs used and depends on the bug. Four or five different zip parser bugs with similar results. This one I used was patched in 4.3, but other exist.
Im trying to figure out why oppown apk will not install in my n1. everytime i try it just. Says app not installed. But on the install screen it says something about being an update to an already installed program. Any clues as to what the issue is? all ive done is update to the latest ota software and im currently located in indonesia if that makes a difference.
trickraca said:
Im trying to figure out why oppown apk will not install in my n1. everytime i try it just. Says app not installed. But on the install screen it says something about being an update to an already installed program. Any clues as to what the issue is? all ive done is update to the latest ota software and im currently located in indonesia if that makes a difference.
Click to expand...
Click to collapse
Possible they patched it by now, if you are on cyanogenmod you are certainly patched
Sent from my HTC Two
jcase said:
Possible they patched it by now, if you are on cyanogenmod you are certainly patched
Sent from my HTC Two
Click to expand...
Click to collapse
So show do you root the cyanogenmod edition n1.. Can you help please.. Does it come rooted or what..
giuliano rigon said:
So show do you root the cyanogenmod edition n1.. Can you help please.. Does it come rooted or what..
Click to expand...
Click to collapse
It should not come rooted, if it comes rooted then no way did it pass CTS. I'm guessing unlocking the bootloader and flashing a recovery? I don't know, I dont have one
giuliano rigon said:
So show do you root the cyanogenmod edition n1.. Can you help please.. Does it come rooted or what..
Click to expand...
Click to collapse
You don't need to root if you aren't staying on stock. There's no lock anywhere on the bootloader or anything.
Simply flash TWRP in fastboot, then flash Omni (or whatever else) through TWRP.
You should be able to just flash a SuperSU zip in TWRP as well if you want to root the stock ColorOS.
Sent from my N1 using Tapatalk
noobish doubts..
Harfainx said:
You don't need to root if you aren't staying on stock. There's no lock anywhere on the bootloader or anything.
Simply flash TWRP in fastboot, then flash Omni (or whatever else) through TWRP.
You should be able to just flash a SuperSU zip in TWRP as well if you want to root the stock ColorOS.
Sent from my N1 using Tapatalk
Click to expand...
Click to collapse
Please i ne ed a walthrough..
1) download twrp
2) put it in root of the telephone robot
3) flash it in recovery?
4) reboot recovery wipe cache and dalvik flash omnirom..
Please correct me..
Thank you
giuliano rigon said:
1) download twrp Yes
2) put it in root of the telephone Yes
Make sure to copy Omnirom to your phone at some point
3) flash it in recovery? No - Flash TWRP in Fastboot if you haven't flashed the recovery already. Use the official Teamwin site for guidance
4) reboot recovery wipe cache and dalvik flash omnirom.. Wipe Cache, Dalvik, System, and Data
Click to expand...
Click to collapse
Updates in Red
This is off-topic for this thread though. Questions/Info for flashing Omnirom should be addressed in the Omnirom thread.
Harfainx said:
You don't need to root if you aren't staying on stock. There's no lock anywhere on the bootloader or anything.
Simply flash TWRP in fastboot, then flash Omni (or whatever else) through TWRP.
You should be able to just flash a SuperSU zip in TWRP as well if you want to root the stock ColorOS.
Sent from my N1 using Tapatalk
Click to expand...
Click to collapse
may you provide to right superSU.zip files
I v got superSU from this link and it doesnt work on first and second CM version
I am not rooted yet ...
thnaks
nowy57 said:
may you provide to right superSU.zip files
I v got superSU from this link and it doesnt work on first and second CM version
I am not rooted yet ...
thnaks
Click to expand...
Click to collapse
That does work. You're likely not removing root, but rather just uninstalling SuperSU.
I answered you in your Q&A thread on root.
not rooted.. confirm i can flash
nowy57 said:
may you provide to right superSU.zip files
I v got superSU from this link and it doesnt work on first and second CM version
I am not rooted yet ...
thnaks
Click to expand...
Click to collapse
I nave tried my damnedest to root .. Fastboot flashing supersu flashing from recovery Direct install from google play complete unroots and reflash letting recovery do it .. No way..
So now i need a last confirmation.. Can i flash omnirom after wipes even if i am unrooted.. And has anyone rooted omnirom or does it come unrooted.. Thanks for the info .. Another idea.. Flashing color OS footing and then flashing omni.. Or is this a late night bad Dream..
---------- Post added at 01:17 AM ---------- Previous post was at 01:05 AM ----------
Harfainx said:
That does work. You're likely not removing root, but rather just uninstalling SuperSU.
I answered you in your Q&A thread on root.
Click to expand...
Click to collapse
Sorry now i got it.. It was in the forums.. Just unchecking the respect cyanogen settings in the super su menu got me roooted and happy.. Sorry for your time.. I flashed super su zip from recovery rebooted and unchecked .. Now i am set..
I were rooted myN1 in yesterday, its really good . thankss
Sent from my N1 using XDA Premium 4 mobile app
I have flashed twrp recovery over odin. I can only get into stock recovery though. Usual fix would be to remove battery b4 rebooting, but I can not make out the battery on this device - seems integrated / hidden.
I am running 4.4.2 KitKat. Trying to root it to debloat.
Any ideas? Maybe remove some startup scripts or Idk...
EDIT: I got word that it seems to be either some hash verification in the new android 4.4.x kernel or even a locked bootloader on top. Is that correct? And, if so, what would be a good course of action now?
More info can be found imo when googling for
Android 4.4 KitKat: Google Making Root Without Unlocked Bootloader Difficult?
Click to expand...
Click to collapse
(sry can't link)
JoeRifle said:
I have flashed twrp recovery over odin. I can only get into stock recovery though. Usual fix would be to remove battery b4 rebooting, but I can not make out the battery on this device - seems integrated / hidden.
I am running 4.4.2 KitKat. Trying to root it to debloat.
Any ideas? Maybe remove some startup scripts or Idk...
EDIT: I got word that it seems to be either some hash verification in the new android 4.4.x kernel or even a locked bootloader on top. Is that correct? And, if so, what would be a good course of action now?
More info can be found imo when googling for (sry can't link)
Click to expand...
Click to collapse
I don't know of any tablet that has user removable battery. I'm sure you have to be rooted before you can install a custom recovery. Are you using the rooting method in the development topic?
The question would be why you didn't use the recommended way of using Flashify to flash twrp?
Eddie Hicks said:
I don't know of any tablet that has user removable battery. I'm sure you have to be rooted before you can install a custom recovery. Are you using the rooting method in the development topic?
Click to expand...
Click to collapse
Yes. Would have posted there too had it been allowed. It is the method described in the t800 thread, where it says you should flash twrp via odin and then install SuperUser zip in TWRP.
kenkiller said:
The question would be why you didn't use the recommended way of using Flashify to flash twrp?
Click to expand...
Click to collapse
I thought that this was the way to do it. I have not read anything in that thread about flashify.
If flashify works with Android 4.4.2 I will dig into that. Does it?
JoeRifle said:
Yes. Would have posted there too had it been allowed. It is the method described in the t800 thread, where it says you should flash twrp via odin and then install SuperUser zip in TWRP.
I thought that this was the way to do it. I have not read anything in that thread about flashify.
If flashify works with Android 4.4.2 I will dig into that. Does it?
Click to expand...
Click to collapse
You did not follow the instructions in the first post, but the latter ones posted by bodivas? Then you should consider trying those in the first post - they work for T805 as well.
The ones in the first post work. Flashify I found it in the CF-Root for T700 thread, it works fine on T805 as well, as long as you get the correct img file from the TWRP site.
kenkiller said:
You did not follow the instructions in the first post, but the latter ones posted by bodivas? Then you should consider trying those in the first post - they work for T805 as well.
The ones in the first post work. Flashify I found it in the CF-Root for T700 thread, it works fine on T805 as well, as long as you get the correct img file from the TWRP site.
Click to expand...
Click to collapse
yes bodivas is his name. it seemed to be the better method. but since it did not "accept" the image, although odin said success, I dug deeper and found out that there is supposed to be a hash check in 4.4.2 which keeps me from keeping the flashed image
Will flashify solve that problem and make TWRP "resident"? I would rather not flash the CF Auto since it is for a t800 not t805, but maybe i am overcautious:angel:
JoeRifle said:
yes bodivas is his name. it seemed to be the better method. but since it did not "accept" the image, although odin said success, I dug deeper and found out that there is supposed to be a hash check in 4.4.2 which keeps me from keeping the flashed image
Will flashify solve that problem and make TWRP "resident"? I would rather not flash the CF Auto since it is for a t800 not t805, but maybe i am overcautious:angel:
Click to expand...
Click to collapse
You don't get by in XDA by being cautious in everything. There's enough reports to tell otherwise.
Yes, using Flashify to flash TWRP replaces stock recovery. TOTALLY.
Requires root though right? So is not possible for me I fear Only way would then be CF Auto for t800...as we found out. TU anyhow.
JoeRifle said:
Requires root though right? So is not possible for me I fear Only way would then be CF Auto for t800...as we found out. TU anyhow.
Click to expand...
Click to collapse
Of course it requires root. Not possible because you don't dare to flash the T800 files? Hehe.....you're gonna have a hard time here.
kenkiller said:
Of course it requires root. Not possible because you don't dare to flash the T800 files? Hehe.....you're gonna have a hard time here.
Click to expand...
Click to collapse
I just need to get the hang of these appy lil spy thingy thing things...god knows what g**gle has in store for you. out of curiosity, so you are saying there is no hash check in the bootloader keeping me/us from doing our evil deeds? how about the article up there I quoted, and what the heck happened when i odined TWRP?
just asking...will flash the CF. so lets cross thumbs and make tha knox trip count
Hi Guys. As following the instructions to flash openrecovery-twrp-2.8.0.1-chagallwifi.tar using Odin3 v3.09, my T805 reboots into recovery, the TWRP boot screen is blurred, and after the Menu appears, my device locks up and there is no way to reboot it. Force reboot by holding down the Power button doesn't work. I've been trying for nearly an hour and nothing works. The Task Menu and Return buttons are lit, but the screen is blank. Any suggestions on how to get my T805 to reboot normally?
Thanks.
UPDATE:
I found that 2.8.0.1 appears out of alignment on the screen, and I had to poke around until I found where the Reboot button was located. By chance I got it to go into Bootloader and the system rebooted. Once online I installed Flashify and installed TWRP 2.7.1.1 and SUCCESS!! Now my T805 is working normally. WHEW!!
I have a new in the box S6 with 5.02. Is there any way to root at 5.02 and have root survive the OTA factory update to 5.1.1? I've searched the forum and haven't seen any methods to do this.
Thanks,
WX
wxfreak said:
I have a new in the box S6 with 5.02. Is there any way to root at 5.02 and have root survive the OTA factory update to 5.1.1? I've searched the forum and haven't seen any methods to do this.
Thanks,
WX
Click to expand...
Click to collapse
5.1.1 is rootable now however i would hold out till TWRP is made for 5.1.1 if not rooting is currently pointless since you wont have a recovery
rhyme187 said:
5.1.1 is rootable now however i would hold out till TWRP is made for 5.1.1 if not rooting is currently pointless since you wont have a recovery
Click to expand...
Click to collapse
FYI, twrp 2.8.7. 1 was working for me on 5.1.1 before I Odin'd back to stock
sent from my S6 using tapatalk
I think if we could find flashables for the OTA we might be able to use flashify with everroot
rooted 5.0.2 to 5.1.1 update problems
I would like to put the romified rom on my device and I cannot seem to update to 5.1.1 OTA isn't working. Any ideas? Last time I used this forum to root a device I was on the G1 so it's been a long time, these new devices are rather tricky for me
I am getting an error saying that my system has been modified so I cannot get any OTA updates
captainrobb609 said:
I would like to put the romified rom on my device and I cannot seem to update to 5.1.1 OTA isn't working. Any ideas? Last time I used this forum to root a device I was on the G1 so it's been a long time, these new devices are rather tricky for me
I am getting an error saying that my system has been modified so I cannot get any OTA updates
Click to expand...
Click to collapse
Use ODIN and the OH1 TAR file from SAMMOBILE. That will bring you up to the most recent stock and baseband. Then Unikernel and TWRP and flash the ROM.
Steps and links to all that you need can be found here: http://forum.xda-developers.com/sprint-galaxy-s6/general/how-to-to-100-stock-root-t3075448
koop1955 said:
Use ODIN and the OH1 TAR file from SAMMOBILE. That will bring you up to the most recent stock and baseband. Then Unikernel and TWRP and flash the ROM.
Steps and links to all that you need can be found here: http://forum.xda-developers.com/sprint-galaxy-s6/general/how-to-to-100-stock-root-t3075448
Click to expand...
Click to collapse
Is this something i can do with a mac or do i need a windows?
captainrobb609 said:
Is this something i can do with a mac or do i need a windows?
Click to expand...
Click to collapse
Never done it with a mac, but here are instructions: http://techbeasts.com/2015/04/13/download-odin-jdoin3-mac/
Good luck.
koop1955 said:
Never done it with a mac, but here are instructions:
Good luck.
Click to expand...
Click to collapse
Thank you, y'all are very helpful, i remember now why i enjoy this forum so much, last question i seem to be getting mixed answers from is whether or not 5.1.1 has a root that doesn't trip knox on our phones
captainrobb609 said:
Thank you, y'all are very helpful, i remember now why i enjoy this forum so much, last question i seem to be getting mixed answers from is whether or not 5.1.1 has a root that doesn't trip knox on our phones
Click to expand...
Click to collapse
No. It does not. Rooting 5.11 WILL trip Knox.
Recently I got a nexus 7 2013 5.1.1 LMY48I which I tried to root with NRT. Long story short like many other people I cant get TWRP to mount the files it needs(I get to the automated step that is suppose to open TWRP and install some files from a ZIP archive and it hangs up). First off I have a USB OTG cable coming within a couple days. I have looked for the past couple hours for a solution and keep coming up empty. Basically I have two questions, 1. what files do I need to have transferred so that I can get my Root permissions installed properly and 2. should I wait for the USB OTG calbe or should I try to use abs push
I'm in the same boat, really would like to get this thing rooted. I have been all over the WugFresh Forum, as well as Android Central and this one too of course. I have not found an answer to this problem yet. If I come across one I will post here, please do the same.
Dude. this is infuriating. Apparently the alst batch that was made, they changed the mmc chip. These all went out on Groupon and stuff on sale.
https://www.reddit.com/r/AndroidQue...e_to_mount_partitions_after_flashing_twrp_on/
The only recovery that I got to work was the TWRP for Multirom because they actually addressed the issue. The bug has been brought up on the TWRP flo github they just have yet to fix it.
This is infuriating
gorilla p said:
Dude. this is infuriating. Apparently the alst batch that was made, they changed the mmc chip. These all went out on Groupon and stuff on sale.
The only recovery that I got to work was the TWRP for Multirom because they actually addressed the issue. The bug has been brought up on the TWRP flo github they just have yet to fix it.
This is infuriating
Click to expand...
Click to collapse
So what version of Android are you running now. I am on 6.0.1 and want to root it. Did you apply this to to Lollipop or Marshmallow? Thanks for the info.
UPDATE: This worked for me I am now on MM 6.0.1 and rooted. Thank you for the find.
Yea we already have a thread for this..
http://forum.xda-developers.com/nexus-7-2013/nexus-7-2013-qa/mount-recovery-t3064562
sgtfoo said:
Yea we already have a thread for this..
http://forum.xda-developers.com/nexus-7-2013/nexus-7-2013-qa/mount-recovery-t3064562
Click to expand...
Click to collapse
Thank you I was able to downgrade and root my device using that method. Now I just need to figure out how to flash to purenexus or just upgrade my device to 6.+ and root it.
AngryPotato said:
Thank you I was able to downgrade and root my device using that method. Now I just need to figure out how to flash to purenexus or just upgrade my device to 6.+ and root it.
Click to expand...
Click to collapse
You can root 6.0.1 using the beta SU from Chainfire. I am running the new one from Groupon using the multirom TWRP and I flashed SU 2.65 and it worked perfectly.
diggitydogg said:
You can root 6.0.1 using the beta SU from Chainfire. I am running the new one from Groupon using the multirom TWRP and I flashed SU 2.65 and it worked perfectly.
Click to expand...
Click to collapse
so update to 6.0.1 stock then root or flash a rooted rom?
AngryPotato said:
so update to 6.0.1 stock then root or flash a rooted rom?
Click to expand...
Click to collapse
I did a clean flash of stock 6.0.1. Then flashed the multirom version of TWRP since I have one of the newer chipsets of the Nexus 7. Then I flashed the beta SU. All was good. The issue I am having now is that I can't get the restore from within TWRP to work. I backup fine, but when I restore it gets partway through the system part and then just says Failed. Not really sure what the deal is there. I am guessing it has to do with this multirom version of TWRP, but I'm not really sure...
I am considering buying S7 Active, and I have a question about rooting.
I will buy one on ebay, I'm not sure which firmware it will be on.
What is the latest rom that can be rooted, and how can I download that rom? There is no combined guide and it is a little confusing. Once I root my phone I usually use it until I replace my phone, so I would like to get to the latest.
Also how do I root the phone? Do I still need to follow the post?
https://forum.xda-developers.com/s7-active/help/samsung-galaxy-s7-active-root-t3473649
Thank you in advance!
all version are rootable...
that link althou starts out as links to android 6... ends up on 7 at around #700
there is no recovery like twrp,.. but yes they all got root ....
if not follow rom modder thread tut, up to flashfire if you only want root
miniminus said:
all version are rootable...
that link althou starts out as links to android 6... ends up on 7 at around #700
there is no recovery like twrp,.. but yes they all got root ....
if not follow rom modder thread tut, uo
p to flashfire if you only want root
Click to expand...
Click to collapse
Thank you for the reply.
I couldn't understand some parts of your comment... So the latest firmware is still rootable using the method in the above link? Then how can I obtain and flash the latest firmware? I'll not use the phone on AT&T.
Also I couldn't understand the last line of your comment... what did you mean?
think its oulined in the main thread you posted ...
but use this site ..
https://cloud.mail.ru/public/BGy7/gKs4xzhRE/
which has all the 'update' zips, of which you can use in normal stock recovery and load up via memorycard
is a slow process, and wipes everthing (you can stop it before it does, but you gotta be ready, so make backup anyhows !!)
miniminus said:
think its oulined in the main thread you posted ...
but use this site ..
https://cloud.mail.ru/public/BGy7/gKs4xzhRE/
which has all the 'update' zips, of which you can use in normal stock recovery and load up via memorycard
is a slow process, and wipes everthing (you can stop it before it does, but you gotta be ready, so make backup anyhows !!)
Click to expand...
Click to collapse
Thank you for the link! QF2 seems to be the most recent one. I will follow the steps when I get the phone.
EDIT: someone said QF2 is not rootable yet... is it still the case? Then I may have to go for QE1.
well people had issues at the start, as i think they was not using the most recent (2.82) root methods...
but people on the Ufirm Rom modder thread ARE rooted on QF2...
miniminus said:
well people had issues at the start, as i think they was not using the most recent (2.82) root methods...
but people on the Ufirm Rom modder thread ARE rooted on QF2...
Click to expand...
Click to collapse
Ummmm... sorry but what is the 2.82 root method? Is it different from the above method?
2.82 is the newest version of SuperSU which provides you root privileges, and thus the version of 'root.bat' that you run (on your PC with phone connected, with ADB USB debugging enabled in Developer mode)
AFTER you flash the Eng.Boot file (teh engineering boot image that you flash with Odin, while phones in 'download' mode)
miniminus said:
2.82 is the newest version of SuperSU which provides you root privileges, and thus the version of 'root.bat' that you run (on your PC with phone connected, with ADB USB debugging enabled in Developer mode)
AFTER you flash the Eng.Boot file (teh engineering boot image that you flash with Odin, while phones in 'download' mode)
Click to expand...
Click to collapse
Thanks. The post explains based on 2.76, I should do some research how to do that with ver 2.82 when I get the phone.