Database Info

[ROM] CyanogenMod 6.0rc1-coburnrom - Milestone Port project

Project Description
This is a project to port the Droid version of CyanogenMod to the milestone. While the Droid and Milestone devices are twins, they are CDMA and GSM respectively. Hacks include not flashing the boot image provided by the CM Droid package and some GSM configurations.
Status
CyanogenMod 6 RC1 (with CoburnROM hacks) will flash successfully, however it will refuse to boot (possibly due to incompatible stock kernel or that the milestone doesn't like unsigned ROMs). So far, flashing works from koush's ClockWorkMod Recovery and Open Recovery 1.14. When rebooted, the device hangs on the M Boot logo.
Downloads
PoC/RC #1: Download from my blog, Geek In The Family - 75MB.
What you can do
Pretty much this ROM is currently a playground, if you want to have a poke around, download a copy of the above versions of the ROM and extract it, and then poke around and see what makes it tick.
Other notes
Space saved for future use.
Cheers!

Reserved for future use
Sent from my Milestone using XDA App

Good luck man, I really hope this happens
You should check with the guys on and-developers.com, and their IRC channel #milestone-modding on Freenode for any progress on the bootloader

Hacking the bootloader is impossibile on our Milestone, the TI OMAP chipset runs in High Security mode and for switching to General Purpose mode you have to desolder and resolder the OMAP chipset on your mainboard, soldering the right pins for enabling the GP mode.
Anyway, 2ndboot can make us able to boot a different kernel (for now GSM modem is unusable, so we can't use the phone with the new?y booted kernel) and this is the way that we'll take on the Milestone for using a custom kernel.
No custom ROMs. Or at least not this way.
We'll NEVER be able to boot this ROM.
Sent from my Milestone using Tapatalk

kholk said:
No custom ROMs. Or at least not this way.
We'll NEVER be able to boot this ROM.
Click to expand...
Click to collapse
My my, that's negative. I do know about the custom kernel via kexec/2ndboot trick.
Nothing is impossible to be hacked, it's a matter of time and blood, sweat and tears. As Paul from MoDaCo stated, nothing is impenetrable.
I'll get this ROM booting, even if I have to wait a year or two before the Boot loader is hacked or a proper method is working.

Good luck to you. I commend you for your efforts.
After 1 year waiting for the bootloader to be hacked...I am slightly skeptical. However, now that the Droid X has been released to the masses with the same locked bootloader, we might get some fresh eyes to look into this matter.
I would be happy enough with a custom kernel running on 2nd boot ;-)

SenseUI Mod
Hello, You might try using the mot_boot_mode file, which is also used with the SenseUI Port for the Milestone, I guess that would make this boot too? If I'm right, this is the boot sequence:
This is what I'm talking about:
"the ramdisk is located in /system/ramdisk.tar folder, it all starts here.
the ramdisk is opened by /system/bin/mot_boot_mode."
You should download the SenseUI Mod and analyse it's way of booting.
Good luck!

Coburn64 said:
My my, that's negative. I do know about the custom kernel via kexec/2ndboot trick.
Nothing is impossible to be hacked, it's a matter of time and blood, sweat and tears. As Paul from MoDaCo stated, nothing is impenetrable.
I'll get this ROM booting, even if I have to wait a year or two before the Boot loader is hacked or a proper method is working.
Click to expand...
Click to collapse
the problem is not about being negative but you are facing it the wrong way .
the problem here is to hack the thing not to port an already existing mod .
Once the bootloader is bypassed they ll be hundreds of real ROMS .
Anybody can pretend at porting there own roms it is completely IRRELEVANT since it wont be possible until its hacked.
you said it 'even if I have to wait ' well there you go do like thousands of others and just wait . BUt please dont pretend at anything else , thank you .

I am actually porting the ROM to the Milestone, in case if you're concerned that I'm lying. Check my twitter for progress reports.
@Mikevhl we may have a hope if we try that! Thanks for the recommendation!
Also, kexec is working. However, instead of rebooting Android with the Droid CM6 Kernel, it just reboots the phone instead. I'm working on a possible fix for that, thank Kiljacken for compiling the kexec module.

So you're not going with that 2ndboot method?
In any case, my eyes are glued to your twitter account

Coburn64 said:
I am actually porting the ROM to the Milestone, in case if you're concerned that I'm lying. Check my twitter for progress reports.
@Mikevhl we may have a hope if we try that! Thanks for the recommendation!
Also, kexec is working. However, instead of rebooting Android with the Droid CM6 Kernel, it just reboots the phone instead. I'm working on a possible fix for that, thank Kiljacken for compiling the kexec module.
Click to expand...
Click to collapse
dude your my hero

It's kinda off-topic, but I just thought, why don't we go 4chan style on Motorola, and, for example, black fax local Motorola offices or something?

Coburn64 said:
My my, that's negative. I do know about the custom kernel via kexec/2ndboot trick.
Nothing is impossible to be hacked, it's a matter of time and blood, sweat and tears. As Paul from MoDaCo stated, nothing is impenetrable.
I'll get this ROM booting, even if I have to wait a year or two before the Boot loader is hacked or a proper method is working.
Click to expand...
Click to collapse
As I said, it IS possible to skip the BL checks, and it's fully hackable...but...I know.... you don't want to resolder your OMAP....

if this mod is "Droid" based, you need to make many modifications to the startup..
the Droid is in no way protected, where Milestone has GSM radio protected, and specific drivers required to open it, which for now only opens when using the original "init" process of a milestone.. the "init" from droid disables radio completely..
but take a look on how i got the senseui port running.. i got the froyo partly running the same way, so im sure my solution used in senseui mod will help you along to make it work...it just requires some debugging and "adb logcat" so you at least can see what happens at startup..

why not work together dexter? i think this may help out in particular cases

Dexter_nlb said:
if this mod is "Droid" based, you need to make many modifications to the startup..
the Droid is in no way protected, where Milestone has GSM radio protected, and specific drivers required to open it, which for now only opens when using the original "init" process of a milestone.. the "init" from droid disables radio completely..
but take a look on how i got the senseui port running.. i got the froyo partly running the same way, so im sure my solution used in senseui mod will help you along to make it work...it just requires some debugging and "adb logcat" so you at least can see what happens at startup..
Click to expand...
Click to collapse
DO YOU HAVE FroYo running!?!?!?!??!?!?!?!?

Coburn64 said:
I am actually porting the ROM to the Milestone, in case if you're concerned that I'm lying. Check my twitter for progress reports.
@Mikevhl we may have a hope if we try that! Thanks for the recommendation!
Also, kexec is working. However, instead of rebooting Android with the Droid CM6 Kernel, it just reboots the phone instead. I'm working on a possible fix for that, thank Kiljacken for compiling the kexec module.
Click to expand...
Click to collapse
I never said you were lying all I said was dont pretend ' about rom ' when even a basic kernel wont run .
if you have a workin kexec would you mind sharing it ?

I'm very interested in your work since it seems that we will never see an official 2.2 from Motorola... I don't know if we are going to have the new update, here in France (2.1 update 2).
Well, I just have a question. On a french forum, someone posted a method to downgrade the ROM of the Milestone by implementing the right version of the bootloader in it, I don't know if I very clear. This member had some major problems with the 2.1 update so he decided to downgrade to 2.0.1. However he wasn't able to do it because his Milestone was using the 90.78 bootloader while the 2.0.1 rom was using the 90.73 bootloader. Eventulally, he managed to install the 2.0.1 rom on his Milestone by putting the 90.78 bootloader in the 2.0.1 rom.
So my question is : will it be possible put a bootloader in a custom rom in order to make it boot on the Milestone ?
(I would give you the link for the topic on the french forum once my account si verified)

kholk said:
Hacking the bootloader is impossibile on our Milestone, the TI OMAP chipset runs in High Security mode and for switching to General Purpose mode you have to desolder and resolder the OMAP chipset on your mainboard, soldering the right pins for enabling the GP mode.
Anyway, 2ndboot can make us able to boot a different kernel (for now GSM modem is unusable, so we can't use the phone with the new?y booted kernel) and this is the way that we'll take on the Milestone for using a custom kernel.
No custom ROMs. Or at least not this way.
We'll NEVER be able to boot this ROM.
Sent from my Milestone using Tapatalk
Click to expand...
Click to collapse
Actually this is a wrong assumption. HS chip cannot be turned to a Generag purpose.

For those who are interested, here is kexec.
Devs should know the drill, insmod kexec.ko etc etc.
Originally made by Kiljacken (compilation, etc), shared by me.
As for the Android 2.0.1 on Boot Loader 97.73, he may have just made a custom update zip that nukes the system partition and installs 2.0.1 on the device.
Also, I updated my Boot Loader to 90.78ch, which is the XT702 Boot Loader - no bricks. Yet.

D2G Security

Hello wonderful people of XDA! This is my first post, so I apologize in advance if I am asking obvious questions.
So everyone is talking about the "locked" bootloaders present on several of the new Droid phones, including my beloved new D2G. This has been cited as the reason that the bootloader, recovery menu, and android kernel on these phones cannot be replaced with unofficial code. I was wondering if anyone here knew the exact technical details of the security systems that actually make up this so called "lock".
One thread I read vaguely mentioned RSA keys, so I can only assume that something somewhere is signed. Is it the typical setup, with a bootloader that is signed with a key that is burned into the CPU, and a kernel that is signed with a key in the bootloader? Clearly the code on the /system partition is not signed, since I was able flash a custom ROM over it (not to mention install the bootstrap recovery).
Also, how much control does a root process really have? If it is possible to inject root code into the boot process just by modifying some things in init.rc (as the bootstrap recovery does), then shouldn't it be possible to manually load whatever we want into memory after that point, including a new kernel? If so, then couldn't we leave the (presumably) signed stock kernel in place, put our kernel in /system, and write some root code that copies it into memory and executes it (without checking any sigs)?
Forgive me if I have no idea what I am talking about. Like I said, I am new to the forum, and I just got my first Android phone a few months ago.
Thanks!

A guy by the name of Matthew Veety (aliasxerog on droidforums) is working on a kexec module to reboot a custom kernel after all the security checks. He has gotten it to boot, however, most of the hardware doesn't function as he needs drivers built for the new kernel. For now the project is focused on the DX, but they have mentioned the D2G as a "planned project."
More info at freemymoto.com

buryboi said:
A guy by the name of Matthew Veety (aliasxerog on droidforums) is working on a kexec module to reboot a custom kernel after all the security checks. He has gotten it to boot, however, most of the hardware doesn't function as he needs drivers built for the new kernel. For now the project is focused on the DX, but they have mentioned the D2G as a "planned project."
More info at freemymoto.com
Click to expand...
Click to collapse
Thanks for the info! I checked out that site and PMed the guy you mentioned on Droid Forums. We'll see if there is something I can do to help.
Any extra info anyone has is still appreciated!

Hi,
Punmaster did you find any more information concerning the locked bootloader. Any ideas to put another kernel?
If i understand well, the roms can only modify the application layer.
You seem to know linux dev, maybe you can help me with the usbnet problem?
Sent from my MotoA953 using XDA App

[A510][Kernel]Development Questions

Hi Folks,
I already spent some years in customizing Linux kernels and in the last time I was already playing around with Android devices and the possibility they offer to boot customized kernel. Now, thanks to NoThrill, we have a working CWM and my interest rises again. I already compiled the Acer Kernel Sources but I got into trouble booting it. Few months ago, I did the same with a lenovo IdeaPad a1 and it should be possible on the A510 too to boot an outside kernel using the command fastboot boot kernel ramdisk.gz. Problem is, that it does download and boot the kernel - but then it returns to fastboot mode instead of booting android. First I thought, it may be due to kernel errors but it does the same if I am using the stock kernel or the boot.img provided by working ROMs. So my questions are:
Is there any possibility to test an experimental kernel without flashing it first? Do I understand correctly, that it is relatively safe to flash it to the boot partition as long as recovery keeps untouched?
What exactly does the (unexplained) command fastboot continue? I thought it may be used to continue booting process with a downloaded kernel, but unfortunately it seems like it does just the same like a normal reboot ...

Simply pack the kernel into a boot.img and flash it to the /boot partition. If something goes wrong, simply reboot into recovery and flash your original boot.img back. Recovery will always work because it uses its own kernel and therefor is independent of whatever kernel you flash to /boot.
A word of warning though: The Acer kernelsource contains code that could brick your tablet. That needs to be fixed before you experiment any further.
Nevertheless, any work done on the A510 kernel is always encouraged :good:

NoThrills said:
Simply pack the kernel into a boot.img and flash it to the /boot partition. If something goes wrong, simply reboot into recovery and flash your original boot.img back. Recovery will always work because it uses its own kernel and therefor is independent of whatever kernel you flash to /boot.
A word of warning though: The Acer kernelsource contains code that could brick your tablet. That needs to be fixed before you experiment any further.
Nevertheless, any work done on the A510 kernel is always encouraged :good:
Click to expand...
Click to collapse
by the way, nothrills, did you set-up a git or something like that to share kernel mods and stuff like that ?

BENETNATH said:
by the way, nothrills, did you set-up a git or something like that to share kernel mods and stuff like that ?
Click to expand...
Click to collapse
Actually, no, because (call me stupid) I really have no clue how git works. I know how to get stuff from it, and used it alot, but never looked into actually setting something up or submitting patches.
I am very ashamed

NoThrills said:
Actually, no, because (call me stupid) I really have no clue how git works. I know how to get stuff from it, and used it alot, but never looked into actually setting something up or submitting patches.
I am very ashamed
Click to expand...
Click to collapse
THAT is something really easy you know..
but if it's something that you agree, i can upload it to my git if you don't want to use time for that.
i can clearly state about the source and then.. work can be shared and commit done.
otherwise, yu have to set-up a free account and follow this :
https://help.github.com/articles/create-a-repo
it would REALLY help you know

[GUIDE][INFO] The beginner's info thread (aka. the noob helper)

This guide is intended to be an all-in-one resource for people coming to Samsung phones after using other devices. It is a general introduction to the S4 and a glossary/explanation of terms you may see here in the forums.
This thread is slightly out of date but the info is still good, I will be updating again soon!!! Remember to hit thanks if this was useful
Disclaimer "Just because I am trying to be helpful does not make me responsible for anything that you do to your phone. Playing with any of this stuff could destroy your phone"
The layout of this post is as follows:
Welcome
FAQ
Glossary of terms
First off, welcome to XDA
The XDA community is home to the most talented and helpful phone developers on the planet.
These developers spend lots of their free time working on making all of our phones better. You should be nice and respectful to them and follow the rules. WHY? If the statement above isn’t enough reason then think selfishly, the less time they are dealing with redundant questions, the more time they have to develop stuff for all of us!
Help them help you by following the following basic rules:
1.If you are confused or have a question, the first thing to do is READ! Read lots, look things up both on xda and using google.
2.If after searching you still have not answered your question, then post in the Q&A forum.
3.Asking for ETAs on ROMs, updates, etc. is considered rude.. DON’T DO IT!
4.Don’t report bugs to a developer unless:
a.You know 100% that it hasn’t already been reported,
b.You know how to reproduce it
c.You can get a logcat of the problem (more on this later)
Some advice if you are new to all this and don’t want to ruin your phone:
1.Be patient. Don’t be the first or even the tenth person to flash anything. Wait until you see others using whatever Rom or kernel with success.
2.If you have any doubts about what you are doing, read more. Don’t flash.
3.Make sure you are in the forum for your device, not some similar or related device.
FAQ:
Q. Is my bootloader locked?
A. Only if you have an AT&T or Verizon phone
******* Info for AT&T users *******
Q. What is LOKI?
A. Loki is an exploit for phones with locked boot loader that allows us to bypass the locked boot loader in order to install custom roms or recoveries. More Loki info down below
Q. Whats the deal with MF3?
A. MF3 is the current firmware from AT&T that comes on any new phone. Your phone may also auto update to MF3 if you are not careful. MF3 patched the ability to use Loki to install custom roms/recoveries so if you are on MF3 things are much more difficult.
Q. How can I keep my phone from updating to MF3?
A. If you want to avoid the update, you should root your phone and freeze the following three apps using titanium backup or some similar app.
1. AT&T Software update Vxx_x_xxxx_x_x
2. FWUpgrade x.x.x
3. LocalFOTA vx_xxxx_x_x​
Why flash?
by flashing your device you can make your phone act differently, look different, and enable new or disabled options. you could ,for example:
enable native tethering
enable call recording
change the look of your phone
add custom toggle buttons
overclock or undervolt
increase battery life
etc..
Kernel vs Rom vs Recovery vs Modem
Kernel is the layer between the phone hardware and the rom. it controls things like Wi-Fi power, touch sensitivity, possible range of screen brightness, phone logging, and processor max and min speed. kernel must be designed not only for your device but also for the type of rom you are using (Sammy rom or Aosp) some kernels support all roms, others are specific.
Rom is the operating system of your phone. there are three main categories of roms.
roms that are based off of the Samsung stock rom (Sammy rom)
roms that are based off of Android open source project aka AOSP (AOSP, AOKP)
roms based off of the miui project (these used to be a branch of AOSP but recently they have also used Sammy base for miui)
recovery is a partition that you can access at boot by holding down a combination of keys. (volume up and home button in the case of our sgs4) every phone has recovery stock but it doesn't do much. you can replace stock with clockwork mod recovery which is extremely useful for flashing all kinds of things and making backups before you do. There are other alternative recoveries besides clockwork but that seems to be the most common. TWRP is also gaining popularity these days. You can easily switch between recoveries and or upgrade your current recovery. All that needs to happen is for a new image to be flashed onto the recovery partition. See the rooting guide for more info on how to flash a custom recovery.
modem is a file that controls the cell radio of the phone. Helps determine what frequencies to use and settings for a particular network. It is important when flashing a radio that you flash a radio that is for the AT&T sgs4
Methods for flashing files - Odin vs mobile Odin vs. clockworkmod(cwm) vs adb
Odin is the internal Samsung tool for flashing. I believe it only exists on Windows platform. This tool is mostly used to initially flash an insecure kernel or rooted kernel, OR to return to completely stock rom.. Files for flashing in odin generally should end in .tar or .tar.md5 although sometimes they come zipped and the tar is inside the zip. Read more about Odin before using it as it can easily break your phone. !!!as a general rule make sure you never check the "partition" checkbox EVER!!!
Mobile Odin (THIS TOOL DOES NOT SUPPORT ALL S4 MODELS...make sure you check that it specifically works with yours first. I think at this time it works on your phone unless you have locked bootloader but STILL DOUBLE CHECK) is a phone based version of Odin made by the very talented developer Chainfire. It can be installed on a rooted phone and used to flash the same .tar based files as the desktop version. Mobile odin has a few advantages. 1 you can use it from your phone. 2 it can auto root a stock rom (nice if you want to try out a brand new update that has not been rooted yet)
clockworkmod(cwm) or TWRP is recovery based tool that can make backups of your entire phone, flash new roms, kernels etc.., and do many other useful tasks. Once you have this on your phone my guess is that most of your flashing will be done through this tool. The files for flashing through clockworkmod are .zip files.
ADB is the android develpment bridge. It allows for command line interface with your phone through its debugging options. ADB can do most anything as I understand it. In my several years of flashing I have only had to use it once, and i could have waited for someone to come up with another solution. In general as a noob i recommend you stay away from ADB.
open source vs Samsung base(aka Touchwiz or TW) vs miui
Open Source Roms such as AOSP/AOKP are built using Google's open source android code as a base. The developers then add functionality specific to the device. The advantages of these builds are that they often have tons of options built in to the rom that change the behavior and look of the phone. They usually allow you to change the toggles in your notification pull down, change the battery display, make all kinds of adjustments to sounds, vibration etc... Some people also prefer the "vanilla" android look and feel. These roms often provide "bleeding edge" concepts, design, and modifications. The Disadvantages of these roms is that some of the hardware coding is done closed source by the phone manufacturers, which means that things like Infrared, bluetooth, camera, video recording, and MHL video out often don't work or take much longer to get working by the developers. Basically anything that relies on the Samsung framework will not work in an open source build. This means Svoice, Snote, and the Samsung camera app will not work.
Samsung based roms (aka Touchwiz/TW) are taken from the Samsung original phone software and modified by the developer. Usually, these roms are modified in order to be faster and to make changes to some of the features. Expect to see changes to the stock rom like: debloated (ATT and samsung software removed), de-odexed (explained later), enable tethering, unlimited sms recipients, added notification toggles, etc. Most of these changes are made to: make the phone faster, improve battery life, make the phone easier to theme. The advantage of these roms is that they still use the Samsung framework so all the proprietary stuff like camera, bluetooth, MHL still work, the disadvantage is that they will never be as customisable as open source roms.
MIUI is a rom that focuses on theming. Official MIUI (Chinese) gets updated weekly on Friday and then there are lots of miui developers who adapt it to other languanges and make some tweaks to it. MIUI can be built from AOSP source or Samsung source and depending will have different features. The first MIUI rom for our phone just appeared in these forums and it is based off of AOSP. MIUI has a unique look and is also highly customizable through theming. There are tons of themes available for download through the rom itself and you can mix and match any part of any theme you want. This includes icons, lockscreen style, etc.. Some people criticize while others praise MIUI for being very "iphone like". This is because the icons look more iphone like and there is no app drawer in the MIUI launcher. However, you can still use any launcher you like within MIUI.
odexed vs de-odexed
odexed is how the phone comes stock from Samsung. Odexed means that system files and apps are split into two pieces and kept in different places on the phone. This is done to speed things up a bit. However, it makes it harder to theme the phone because the apps are split up. Most custom roms choose to de-odex (basically regroup the files back into one) so that custom themers can make themes more easily for the phone.
Flashing "dirty" vs flashing "clean"
Clean
Doing a clean install of a rom means erasing or formatting all the data from the previous rom before you flash the new one. This is the prefered way to flash a rom to ensure that it will run smoothly. It is necessary if you are switching from one rom type to another (CM to Samsung base). In order to do a clean flash you need to boot into recovery and select the following options: wipe user data (this wipes all apps and personal data, but not your photos/videos), wipe cache, advanced>wipe dalvik cache, storage/mounts>format system. This will ensure that no trace of the former rom is left on the phone. Beware that at this point your phone will not boot until you install a new rom. I suggest using titanium backup to backup apps and smsbackup+ for texts to make getting your new rom configured easy.
Dirty
Doing a dirty install means just flashing a new rom right over the top of the old one without wiping any data. The advantage to this is that you don't lose any apps or account info. The disadvantage is that you open up the possibility for problems. Generally you only want to flash this way if you are upgrading a rom (CM10 nightly to the next nightly, or from one samsung based rom to another). If you decide to flash over the top and have any issues, you should not report bugs, but try flashing clean first.
Logcat
Logcat is a way to access the android system log for everything that is going on behind the scenes. This tool is used to help developers pinpoint problems in a rom. If you want to actually be helpful to a dev when reporting a bug, you should really learn to use this tool. I am no expert on logcat but you can find some good information in this post: http://forum.xda-developers.com/show....php?t=1726238
What is the Bootloader?
The bootloader is basically what it sounds like...it loads the boot image of the device. Basically it is one of the first things to run on the phone and it shows the phone where to find the boot image and how to start. The bootloader is also responsible for allowing access to the recovery part of the phone.
Locked Bootloader?
This seems to confuse a lot of users so here goes: The AT&T and Verizon versions of our phone have a locked bootloader. What does this mean? To the noob, it means that the devs had to figure out how to bypass or unlock this part of the phone in order to be able to boot custom recoveries such as CWM and TWRP. Getting a custom recovery means being able to backup the phone as well as flash custom roms. Luckily for us, Djrbliss (make sure and thank him! his thread is here:http://forum.xda-developers.com/showthread.php?t=2292157) figured out how to bypass the locked bootloader. The exploit he used is known as Loki. Please remember that the loki exploit is not the same thing as unlocking the bootloader, it is a bypass/trick. AT&T and Verizon have fixed the exploit that allowed loki to work in there newest firmware. Loki patch will not work for MF3 firmware or later.
Loki
refers to the exploit that allows us to run custom recoveries as well as custom roms. You only need to have a loki'd rom if you have a model with a locked bootloader (AT&T). Thankfully, you can install a custom recovery that will auto-Loki any rom you flash so that you can install almost any rom built for our model phone (see below). I strongly recommend flashing an auto loki recovery if you have a phone with locked bootloader. I use this one here: http://forum.xda-developers.com/showthread.php?t=2291956
Compatible Roms
you should be able to run any rom built for AT&T, TMobile, or the I9505 international model (NOT I9500!!) as long as you flash with an auto loki recovery. You can check out this thread for more info. Make sure and thank TheAxman! http://forum.xda-developers.com/showthread.php?t=2295557
You may have to manually set the APN. If you encounter problems with the rom look in that roms thread for answers.

Sticky!!

Well damn, I thought I knew a lot, but after reading this thread, I really didn't. Well done. :good:

Incredible resource for those coming in from a different ecosystem.
Thanks much!!

Thread stuck!! Nice work!

Got my new At&t Samsung Galaxy S4 and this will definitely help me!!

this is another thread that really helped me as well these two have really helped me so far i have rooted several divices and just relied on everyone else and not i am starting to take a lot more of an interest ant these threads have been the most helpful
http://forum.xda-developers.com/showthread.php?p=42055644#post42055644

WoW
Great work! I'm sure this thread will be very helpful to a lot of people (Myself included). Tanks bro! :victory:

More! More! :d

I've been searching high and low ive read everything and maybe im not understanding but after I root my phone how do I do the whole loki thing??... I'm eager to start flashing roms... Ive read of some recoveries that do this is that an accurate assessment??

KINGDROID25 said:
I've been searching high and low ive read everything and maybe im not understanding but after I root my phone how do I do the whole loki thing??... I'm eager to start flashing roms... Ive read of some recoveries that do this is that an accurate assessment??
Click to expand...
Click to collapse
What exactly are you trying to do?
If you want to install a custom ROM or kernel, you need a custom recovery. The ROM or Kernel developer will have LOKI-fied it for you.
For TWRP (my custom recovery of choice) Download GooManager from the Play Store and install.
Inside the goo.im app, go to menu>Install OpenRecovery Script
then you can boot into recovery to apply kernels, ROMs, etc to your hearts desire

joeybear23 said:
What exactly are you trying to do?
If you want to install a custom ROM or kernel, you need a custom recovery. The ROM or Kernel developer will have LOKI-fied it for you.
For TWRP (my custom recovery of choice) Download GooManager from the Play Store and install.
Inside the goo.im app, go to menu>Install OpenRecovery Script
then you can boot into recovery to apply kernels, ROMs, etc to your hearts desire
Click to expand...
Click to collapse
Its tht ez just root and add custom recovery??.. The whole loki thing is what's been throwing me off
Sent from my SAMSUNG-SGH-I337 using Tapatalk 2

KINGDROID25 said:
Its tht ez just root and add custom recovery??.. The whole loki thing is what's been throwing me off
Sent from my SAMSUNG-SGH-I337 using Tapatalk 2
Click to expand...
Click to collapse
Yes... the difficult part is if you are a developer. They make our lives much easier.

joeybear23 said:
Yes... the difficult part is if you are a developer. They make our lives much easier.
Click to expand...
Click to collapse
Thanx ima root tonight I jus need to get a copy of the stock firmware
Sent from my SAMSUNG-SGH-I337 using Tapatalk 2

KINGDROID25 said:
Thanx ima root tonight I jus need to get a copy of the stock firmware
Sent from my SAMSUNG-SGH-I337 using Tapatalk 2
Click to expand...
Click to collapse
Stock Firmware:
http://forum.xda-developers.com/showthread.php?t=2261573
That is a HUGE download, but the process is simple.

im not a newb but i need to boost my post count lol...soooo spam

KINGDROID25 said:
I've been searching high and low ive read everything and maybe im not understanding but after I root my phone how do I do the whole loki thing??... I'm eager to start flashing roms... Ive read of some recoveries that do this is that an accurate assessment??
Click to expand...
Click to collapse
I have updated the OP to explain Loki, hope that helps :good:

Noob here first time posting I rooted my phone and installed cwm using casual method, created backup and installed mint rom love it but after a couple of post I see I didn't backup EFS should I be worried?

I'm not sure what the deal is with backing up the IMEI number on our phones yet. I have not seen anyone post about losing their IMEI yet so I wouldn't be too worried. On the s3 only the international model phones could be backed up by saving the efs folder. The backup process for AT&T phones was much more complex. I assume the same holds true on the s4. Will update when I find out more
Sent from my GT-I9505 using xda premium

I wanted to make sure Thx. Is it to late to back EFS or can I just restore my backup and do it?

NF5 Rooting Progress(GS3 Prepaid)

I believe this section is dead for the most part...
As many of you should know, those of us who took the OTA update have no way of rooting if towel root does not work... (Futex patched)
However there is hope!
I am not very knowledgable about exploits or reverse engineering...
There are two exploits that may be able to get us root when combined.
CVE-2014-7911(gets us system uid)
Cve-2014-4322(goes from system to root)
There is public poc code to do this...
However we need something...
I am working on getting the kernel symbols

When you get started please consider creating a thread in the Developers ONLY area which is heavily moderated. Good luck in this endeavor!!!

KennyG123 said:
When you get started please consider creating a thread in the Developers ONLY area which is heavily moderated. Good luck in this endeavor!!!
Click to expand...
Click to collapse
I figured that this may get more attention here....
I really do hope we can get root ASAP
I dunno if 4.3 kernel will work, I don't see why the addresses would of been changed but I am not a devloper nor an experienced hacker. (After some research this is probably incorrect)
Just need someone with stock kernel and root so we can get the addresses for cve 4322 and gg
Can you move this post or should I just create another thread in the developers section?

I'm rooted with Towelroot, on the Superliterom developed by mohammad.afaneh
http://forum.xda-developers.com/galaxy-s3-verizon/development/rom-superliterom-v1-0-i535vrudne1-t2805797
Not sure if that qualifies as stock kernel. I'd love to help as long as you can give me detailed instructions. If necessary I'm willing to go back to true stock if it helps unlock the bootloader so I can find a rom that's easier on the battery.
What do the commands yoh postes do, and what do you mean by "drop a link"? You can see I don't have much experience "under the hood".

IWellHeThanks said:
I'm rooted with Towelroot, on the Superliterom developed by mohammad.afaneh
http://forum.xda-developers.com/galaxy-s3-verizon/development/rom-superliterom-v1-0-i535vrudne1-t2805797
Not sure if that qualifies as stock kernel. I'd love to help as long as you can give me detailed instructions. If necessary I'm willing to go back to true stock if it helps unlock the bootloader so I can find a rom that's easier on the battery.
What do the commands yoh postes do, and what do you mean by "drop a link"? You can see I don't have much experience "under the hood".
Click to expand...
Click to collapse
If you're able to be on 4.4.2 that is rootable via towel root, it's not the exact kernel that I and others are on because futex is patched on the latest OTA. If you're able to boot into the stock rom (don't update if possible, may lose root?) and those commands (from my understanding) get us the addresses we need for the root on latest OTA. I remeber reading that they get randomized after every time it's compiled so it may not help. If someone more knowledgeable about this can help that would be great. No hurt in trying though. Just need you to do those commands then upload kallsyms and leave a link. Open it with a text editor and make sure it's not all 0's then words ect. Needs to be numbers then text, which is why root is required to do that... If we can get those adresses for the updated kernel we can get root on latest. I doubt we're getting lollipop....

Ok guys I have the boot.img for my device, the prepaid on nf5
I will get kernel from it when I can and then we are close...

Today I upgraded to an S5, so I can now afford to get locked into a stock rom on the S3. So if someone more knowledgeable can help me get this phone to the point wherr it gets you the data you need, I'll do it. In fact, I may be willing to send you this phone in a few weeks and you can borrow it for development if you promise to eventually return it with Cyanogenmod 10.x or another AOSP rom on it If it needs to be connected to get the latest OTA "up"grades then I'll get those going. My plan for the S3 is now to keep it as a backup. Saves me from paying for insurance on the new one.
Just to clarify on the commands; each line is a separate command, right? Right now kallsyms is 000000 textetc. . . I inputted the commands assuming each line was a separate command, hit the "enter" key after each line. It definitely accessed SU to do it as well.
I don't have a file upload account but if it's possible to upload it here or e-mail it I'm happy to do so.

What firmware build.are you on and whata your model? If you're not on a locked bl yet then don't lock it...
To clarify I am on nf5 on the I535PP. I think that after each tike tge kernel is compiled the adresses aee randomized... I have the compressed kernel binary from an update.tar.md5... I need to figure out how to decompress it... could I load in in qemu and do a ram dump? We basiclly just need the kernel symbols for the exploit to modify poc to work for our devices. The build date on mine is jul 22, futex(towelroot) is a nogo. I don't know if I535 and I535PP use the same kernel, I'll test when I get a chance.... If a mod could move this to devlopment and change the title to "NF5 root progress" or something like thay, woupd be great.

Ok guys, I am working on extracting.the kernel.then the kernel.adresses ahould.be easily obtainable, then I can build.the binary for 7911 to run as system and GG
When I get home I will begin I really hope I dont run into any issues...
Btw, I am not wanting/expencting donations/bountys nor am I promising anything other than mabey a "thanks". I am not a devloper and using publiC exploits and poc makes me nothing .special

OpenSourcererSweg said:
What firmware build.are you on and whata your model? If you're not on a locked bl yet then don't lock it...
To clarify I am on nf5 on the I535PP. I think that after each tike tge kernel is compiled the adresses aee randomized... I have the compressed kernel binary from an update.tar.md5... I need to figure out how to decompress it... could I load in in qemu and do a ram dump? We basiclly just need the kernel symbols for the exploit to modify poc to work for our devices. The build date on mine is jul 22, futex(towelroot) is a nogo. I don't know if I535 and I535PP use the same kernel, I'll test when I get a chance.... If a mod could move this to devlopment and change the title to "NF5 root progress" or something like thay, woupd be great.
Click to expand...
Click to collapse
I'm pretty sure the bootloader is locked; that's why I'm interested in what you're doing I was very disappointed to learn that I couldn't install an AOSP ROM after I repaired my phone.
When I replaced the motherboard and booted up, it was running 4.4.2 (and everything was in Spanish lol). The SKU on the sticker of the phone I got the motherboard from is SCHI535ZKB so does that make it the I535ZK? The concept of hardware version is new to me (and causing me frustration with my new S5).
I think the firmware is NE1, but as I said I've got the Superliterom, so under build number it says
SUPERLITEROM! V2.0
KOT49H.I535VRUDNE1
But as I said, if it helps you (and therefore helps me) I can flash it back to stock and take the OTA upgrades til it's at the NF5 firmware. But as you said I expect I would lose root, and then be unable to get the info you wanted. Seems like a real catch-22, at least at the skill level I'm at.
Glad you're making progress and let me know if you think there's anything I can do to help.

Don't risk losing root in a case I fail. You should be able to flash ne1 but don't flash nf5 or whatever. I don't think I will need someone who's already rooted since I am taking a diffrent approach to getting the symbols. I hate using hex editors... Especially ones from market and not on a pc....

I seem to have hit a brick wall... Great....
I don't seem to be able to decompress the kernel :/
I thought that most kernels on android used gzip but binwalk says its LOZ and some stuff about encryption... My device storage is encrypted and I did copy the update from it.....
I'm going to decrypt my phone tonight and try again tomarrow....

When you hit a brick wall, use a sledgehammer.
My phone is encrypted, too, so I guess it would have given you the same issue had you tried with it.

Well, I am taking a diffrent approach completely from what I originally thought I needed someone for.
I am trying to get the symbols from the kernel itself, I have gotten boot.img from the firmware, I have gotten zImage from boot.img. I am currently trying to get the goodies from zImage but having trouble getting at them. I am very confused because the gzip magic headers are there... When I use dd to get that saved and try to gunzip it I get an error about corruption... I need an uncompressed kernel to get the symbols for the qcom cve...
Once I get those I just plug those symbol values into poc code I found on GitHub, build the binary with ndk, then take that binary and put it In a folder from the other part of the poc, build the app using android studio, test it, then boom. Everyone with the same kernel *SHOULD* have root
If any of you devs with reverse engineering know how could point me in the direct for getting the uncompressed kernel binary, please point me in the right direction.
Google simply isn't helping at this point.
Basically, fire off cve 7911.
With system privileges, execute the binary and GG
I created a thread asking for help in the dev section, hope I get this going.

https://github.com/android-rooting-tools/libmsm_vfe_read_exploit
...
This is probably useful, going to try it later.

When did NF5 come out?
Is there a new radio I can flash?

LLStarks said:
When did NF5 come out?
Is there a new radio I can flash?
Click to expand...
Click to collapse
He's speaking of the prepaid VZW S3 not the contract version
Sent from my Nexus 5

Reversing the kernel doesn't seem possible to me at all at this point with my limited knowledge of this....However I have been digging and it may be possible to get root by taking the Odin flash able OTA, extracting the files, deleting the bootloader and recovery files, unpacking or mounting system.img and adding an SU binary (and setting permissions?), Repack, put it all together and then flashing it via Odin. If I can obtain root this way, I'll be able to get what I need to try to make a 1 click root for others on mf5(only the i535pp phones I believe) and then I can die happily.
I'm not much of a "developer" but I am determined to get this.

I have successfully built a flash able tar.md5 with a modified system.img.ext4 containing a su binary that I chowne as root under linux & chmoded
Also have supersu.apk chmoded and I'm the apps.
I am currently moving the tar.md5 to my sdcard from my pc and I am about to boot windows to see if I can no flash via Odin
If all goes well, I will be very happy indeed.

Well, I managed to soft bring my device.
I'm not entirely sure how I managed to do that...
I am about to flash stock again via odin, i should have backed up some files xD