Related
THIS SOURCE WILL WORK ON ALL CURRENT HTC EVO'S!!!
i found the board files for the EVO a while back but wanted to wait til we at least had the release RUU to release it. now the actual kernel itself isnt a EVO kernel. its actually an Incredible kernel source with the EVO board files in it. that said i had to mod the board files a little to get it to compile. anyhow link below and remember to fork as it helps github and everyone. thanx
GoDmOdE-EVO
Commit log:
Sat May 22, 2010 - First-commit-0_o = first commit
Sat Jun 19, 2010 - Fix the wimax LED, capella prox sensor. Add epson panel support for supersonic
(panel_type=0), which is present on
hardware revision 3. Implement 9bit spi. - by Joe Hansche (maejrep)
Sun Jun 20, 2010 - Add some more epson vs novatec fixes - by Joe Hansche (maejrep)
Mon Jun 21, 2010 - Fix proximity sensor and Implement wimax LED control. These commits also fixed issues with all other sensors, and enabling them to all work!!! - by Joe Hansche (maejrep)
THIS IS A UPDATE.ZIP THAT CAN BE USED WITH FRESH ROM, TO BOOT THIS KERNEL WITHOUT WIPING. PLEEEEEESE DO A NANDROID BACKUP BEFORE FLASHING THIS UPDATE.ZIP. SO U CAN JUST NANDROID RESTORE UR DEVICE BACK TO NORMAL AFTER UR DONE PLAYING . ANYHOW CAMERA IS NOT WORKING AND THERE SEEM TO BE WHATS THOUGHT TO BE VSYNC ISSUES. ANYHOW ENJOY!!!
http://link.geekfor.me/godmodefreshhh
of course dont turn this thread into a this is broke can u please fix it thread.
IF U WOULD LIKE TO HELP OUT OR BUILD UR OWN KERNEL FROM THIS SOURCE, PLEASE FORK. THIS IS ADVISED BY GITHUB AND ALSO BY ME. AS IT MAKE PULLING CHANGES TO AND FROM BRANCHES MUCH EASIER. THIS IS A GOOD THING FOR U AND ME. IF I MAKE A COMMIT U WANNA ADD U CAN EASILY SYNC UP WITH ME AND VICE VERSA. WORKS OUT GREAT FOR EVERYONE AND KEEPS US COMPLETELY OPEN, AFTER ALL WERE ALL ON THE SAME TEAM.
ToAsTcFh For MOD!!!! This is genius
Im a little too buzzed atm. What exactly is this and what does it mean for us? explain and ill understand it in the A.M.
Trying to take over the Evo forums already Toast? ha ha Good to know we are going to have good devs on this board. Still running your kernel on my Hero. That is until my Evo arrives today and I start trying to root it
chuckhriczko said:
Trying to take over the Evo forums already Toast? ha ha Good to know we are going to have good devs on this board. Still running your kernel on my Hero. That is until my Evo arrives today and I start trying to root it
Click to expand...
Click to collapse
how're you getting your evo today??
so far i know a lot of good devs coming over. im pre-ordered so as soon as it shows up at best buy ill be struggling for root again.
justinisyoung said:
how're you getting your evo today??
Click to expand...
Click to collapse
Ebay? Craglist?
ppl from the google i/o event selling them
YoungAceAtlanta said:
Ebay? Craglist?
ppl from the google i/o event selling them
Click to expand...
Click to collapse
Yep. eBay. It's a Google I/O device. Paid a HEFTY premium for it but it's worth it to get it two weeks early for me.
toastcfh said:
so far i know a lot of good devs coming over. im pre-ordered so as soon as it shows up at best buy ill be struggling for root again.
Click to expand...
Click to collapse
Awesome. Who else that you know of? I know I stopped devving for the Hero but I can't wait to start devving for this thing. This community is going to be epic!
Right on toast, this is awesome.
fantastic toast
can this kernel be loaded onto one of the google I/O event EVOs to test?
The device isn't root yet
toastcfh said:
The device isn't root yet
Click to expand...
Click to collapse
now i see the catch 22...sorry im new to all this and dont have an EVO to experiment with...
could this kernel be combined with the standard ramdisk into a boot.img, packaged into a signed update.zip and installed through the stock recovery?
joeykrim said:
now i see the catch 22...sorry im new to all this and dont have an EVO to experiment with...
could this kernel be combined with the standard ramdisk into a boot.img, packaged into a signed update.zip and installed through the stock recovery?
Click to expand...
Click to collapse
No. You can't flash anything worthwhile until the phone is rooted. Once this happens expect this forum to explode.
No we need root and the ability. To flash a custom recovery. Basically. The catch 22 is we need root before we can do anything custom
By flashing an updated NBH, doesn't that overwrite both the Kernel and the OS on the NAND? If so, couldn't we replace the Kernel with one with root, and also provide for our own (AOSP, etc.) builds of Android?
Essentially, I'm wondering what the breakdown process is for recovery. The bootloader (Power + Volume on boot) is stored on the ROM, so regardless of "bricking" your device, you should always be able to get back to the bootloader to recover, correct?
If that's the case, what stops us from simply building an NBH with the current (locked) Kernel, but with modified system files for our own ROM?
Shidell said:
By flashing an updated NBH, doesn't that overwrite both the Kernel and the OS on the NAND? If so, couldn't we replace the Kernel with one with root, and also provide for our own (AOSP, etc.) builds of Android?
Essentially, I'm wondering what the breakdown process is for recovery. The bootloader (Power + Volume on boot) is stored on the ROM, so regardless of "bricking" your device, you should always be able to get back to the bootloader to recover, correct?
If that's the case, what stops us from simply building an NBH with the current (locked) Kernel, but with modified system files for our own ROM?
Click to expand...
Click to collapse
we're thinking alike here. some of this terminology is new to me and some isnt. hopefully this makes sense. im gonna reword but ask the same question as above (at least i think same question) plus another question. im doing a lot of research and tryin to word things correctly...
this might be the same question as above, are we able to trick the supersonic RUU released here into loading our own rom.zip file (NBH)? (we were able to do this with the samsung moment)
if not, are we able to use the fastboot-bootloader mode (samsung moment doesnt have this) to install a custom recovery? if so, we are then waiting on a custom recovery to be developed?
I think we are heading down the same path.
My understanding is that flashing a new "ROM" via NBH will replace both the Kernel and the OS (Android) files on the NAND, as both live there. The only item that lives in the ROM itself is the bootloader, which should always persist. With this understanding, even if you totally destroy your Kernel and/or Android OS, you should always be able to power the device to bootloader mode (Power + Volume) to flash (and therefore replace/restore) a new Kernel/OS to your phone.
If that's the case, then root access isn't necessary. All root access will allow us to do is some fancy side operations, like running a ROM (OS) manager inside Android--and who really wants to do that? Most of us want to be able to load a single custom build of Android, optimized and designed the way we want, right?
My thought process is this:
HTC should be releasing the EVO Kernel source on developer.htc.com by the official launch. With that, we can compile the Kernel ourselves (if we can't otherwise find it compiled) and theoretically bundle that with our own OS compilation of Android into a .NBH. This .NBH could then be flashed via the bootloader, replacing both the stock OS and the Kernel with what we've bundled.
This would seem to mean we wouldn't have root access, but we wouldn't need it, as we could simply update the OS files, build an .NBH, and provide it to users to flash. This could mean that custom distros would be a single contained file--one file to flash and that's it, you're updated.
Thoughts? Is this accurate?
If this is the case, we should start looking at the Kernel and the .NBH format rather than obtaining root, because once we understand the .NBH, we can load whatever we want (including a Kernel with root access, if desired.)
Shidell said:
I think we are heading down the same path.
My understanding is that flashing a new "ROM" via NBH will replace both the Kernel and the OS (Android) files on the NAND, as both live there. The only item that lives in the ROM itself is the bootloader, which should always persist. With this understanding, even if you totally destroy your Kernel and/or Android OS, you should always be able to power the device to bootloader mode (Power + Volume) to flash (and therefore replace/restore) a new Kernel/OS to your phone.
If that's the case, then root access isn't necessary. All root access will allow us to do is some fancy side operations, like running a ROM (OS) manager inside Android--and who really wants to do that? Most of us want to be able to load a single custom build of Android, optimized and designed the way we want, right?
My thought process is this:
HTC should be releasing the EVO Kernel source on developer.htc.com by the official launch. With that, we can compile the Kernel ourselves (if we can't otherwise find it compiled) and theoretically bundle that with our own OS compilation of Android into a .NBH. This .NBH could then be flashed via the bootloader, replacing both the stock OS and the Kernel with what we've bundled.
This would seem to mean we wouldn't have root access, but we wouldn't need it, as we could simply update the OS files, build an .NBH, and provide it to users to flash. This could mean that custom distros would be a single contained file--one file to flash and that's it, you're updated.
Thoughts? Is this accurate?
If this is the case, we should start looking at the Kernel and the .NBH format rather than obtaining root, because once we understand the .NBH, we can load whatever we want (including a Kernel with root access, if desired.)
Click to expand...
Click to collapse
ok.. the bootloader isnt gonna let us flash anything that isnt for the phone that ive heard of at least. the bootloader is only gonna let us flash rom.zips signed by htc unless we have a engineering spl. if we had that we could fastboot whatever we want. but it is also my understanding that the new engineering spls will not let us flash to certain major partitions (ie rocovery, and boot) anyhow this i think was an issue for the desire that modaco rooted and he found a way around it. we need a recovery for sure. as starting a new with no backups and such would be nothing more then a pain. we should focus i think on obtaining a engineering SPL from someone nice who wants to hook us up or a exploit of some sort. we need to gain read/write access to system, boot and recovery partitions. we do that and we can do what we want with the device. were not gonna be able to just flash a kernel, boot.img, system, or update.zip thats not official without the ability to gain access to the recovery partition.
in an exploit we would have root user status and we would have write perms on system at that point we could possible add flash_image to bin, chmod it and use that to flash a new recovery. write access is all we need. if ur idea was possible all we would need to do is flash a distro with root access and then flash the recovery partition with a custom recovery. a custome recovery will give us the ability to flash, backup and restore whatever we want. so long story short we need root user status in any event so we can gain access to recovery partition.
Project Description
This is a project to port the Droid version of CyanogenMod to the milestone. While the Droid and Milestone devices are twins, they are CDMA and GSM respectively. Hacks include not flashing the boot image provided by the CM Droid package and some GSM configurations.
Status
CyanogenMod 6 RC1 (with CoburnROM hacks) will flash successfully, however it will refuse to boot (possibly due to incompatible stock kernel or that the milestone doesn't like unsigned ROMs). So far, flashing works from koush's ClockWorkMod Recovery and Open Recovery 1.14. When rebooted, the device hangs on the M Boot logo.
Downloads
PoC/RC #1: Download from my blog, Geek In The Family - 75MB.
What you can do
Pretty much this ROM is currently a playground, if you want to have a poke around, download a copy of the above versions of the ROM and extract it, and then poke around and see what makes it tick.
Other notes
Space saved for future use.
Cheers!
Reserved for future use
Sent from my Milestone using XDA App
Good luck man, I really hope this happens
You should check with the guys on and-developers.com, and their IRC channel #milestone-modding on Freenode for any progress on the bootloader
Hacking the bootloader is impossibile on our Milestone, the TI OMAP chipset runs in High Security mode and for switching to General Purpose mode you have to desolder and resolder the OMAP chipset on your mainboard, soldering the right pins for enabling the GP mode.
Anyway, 2ndboot can make us able to boot a different kernel (for now GSM modem is unusable, so we can't use the phone with the new?y booted kernel) and this is the way that we'll take on the Milestone for using a custom kernel.
No custom ROMs. Or at least not this way.
We'll NEVER be able to boot this ROM.
Sent from my Milestone using Tapatalk
kholk said:
No custom ROMs. Or at least not this way.
We'll NEVER be able to boot this ROM.
Click to expand...
Click to collapse
My my, that's negative. I do know about the custom kernel via kexec/2ndboot trick.
Nothing is impossible to be hacked, it's a matter of time and blood, sweat and tears. As Paul from MoDaCo stated, nothing is impenetrable.
I'll get this ROM booting, even if I have to wait a year or two before the Boot loader is hacked or a proper method is working.
Good luck to you. I commend you for your efforts.
After 1 year waiting for the bootloader to be hacked...I am slightly skeptical. However, now that the Droid X has been released to the masses with the same locked bootloader, we might get some fresh eyes to look into this matter.
I would be happy enough with a custom kernel running on 2nd boot ;-)
SenseUI Mod
Hello, You might try using the mot_boot_mode file, which is also used with the SenseUI Port for the Milestone, I guess that would make this boot too? If I'm right, this is the boot sequence:
This is what I'm talking about:
"the ramdisk is located in /system/ramdisk.tar folder, it all starts here.
the ramdisk is opened by /system/bin/mot_boot_mode."
You should download the SenseUI Mod and analyse it's way of booting.
Good luck!
Coburn64 said:
My my, that's negative. I do know about the custom kernel via kexec/2ndboot trick.
Nothing is impossible to be hacked, it's a matter of time and blood, sweat and tears. As Paul from MoDaCo stated, nothing is impenetrable.
I'll get this ROM booting, even if I have to wait a year or two before the Boot loader is hacked or a proper method is working.
Click to expand...
Click to collapse
the problem is not about being negative but you are facing it the wrong way .
the problem here is to hack the thing not to port an already existing mod .
Once the bootloader is bypassed they ll be hundreds of real ROMS .
Anybody can pretend at porting there own roms it is completely IRRELEVANT since it wont be possible until its hacked.
you said it 'even if I have to wait ' well there you go do like thousands of others and just wait . BUt please dont pretend at anything else , thank you .
I am actually porting the ROM to the Milestone, in case if you're concerned that I'm lying. Check my twitter for progress reports.
@Mikevhl we may have a hope if we try that! Thanks for the recommendation!
Also, kexec is working. However, instead of rebooting Android with the Droid CM6 Kernel, it just reboots the phone instead. I'm working on a possible fix for that, thank Kiljacken for compiling the kexec module.
So you're not going with that 2ndboot method?
In any case, my eyes are glued to your twitter account
Coburn64 said:
I am actually porting the ROM to the Milestone, in case if you're concerned that I'm lying. Check my twitter for progress reports.
@Mikevhl we may have a hope if we try that! Thanks for the recommendation!
Also, kexec is working. However, instead of rebooting Android with the Droid CM6 Kernel, it just reboots the phone instead. I'm working on a possible fix for that, thank Kiljacken for compiling the kexec module.
Click to expand...
Click to collapse
dude your my hero
It's kinda off-topic, but I just thought, why don't we go 4chan style on Motorola, and, for example, black fax local Motorola offices or something?
Coburn64 said:
My my, that's negative. I do know about the custom kernel via kexec/2ndboot trick.
Nothing is impossible to be hacked, it's a matter of time and blood, sweat and tears. As Paul from MoDaCo stated, nothing is impenetrable.
I'll get this ROM booting, even if I have to wait a year or two before the Boot loader is hacked or a proper method is working.
Click to expand...
Click to collapse
As I said, it IS possible to skip the BL checks, and it's fully hackable...but...I know.... you don't want to resolder your OMAP....
if this mod is "Droid" based, you need to make many modifications to the startup..
the Droid is in no way protected, where Milestone has GSM radio protected, and specific drivers required to open it, which for now only opens when using the original "init" process of a milestone.. the "init" from droid disables radio completely..
but take a look on how i got the senseui port running.. i got the froyo partly running the same way, so im sure my solution used in senseui mod will help you along to make it work...it just requires some debugging and "adb logcat" so you at least can see what happens at startup..
why not work together dexter? i think this may help out in particular cases
Dexter_nlb said:
if this mod is "Droid" based, you need to make many modifications to the startup..
the Droid is in no way protected, where Milestone has GSM radio protected, and specific drivers required to open it, which for now only opens when using the original "init" process of a milestone.. the "init" from droid disables radio completely..
but take a look on how i got the senseui port running.. i got the froyo partly running the same way, so im sure my solution used in senseui mod will help you along to make it work...it just requires some debugging and "adb logcat" so you at least can see what happens at startup..
Click to expand...
Click to collapse
DO YOU HAVE FroYo running!?!?!?!??!?!?!?!?
Coburn64 said:
I am actually porting the ROM to the Milestone, in case if you're concerned that I'm lying. Check my twitter for progress reports.
@Mikevhl we may have a hope if we try that! Thanks for the recommendation!
Also, kexec is working. However, instead of rebooting Android with the Droid CM6 Kernel, it just reboots the phone instead. I'm working on a possible fix for that, thank Kiljacken for compiling the kexec module.
Click to expand...
Click to collapse
I never said you were lying all I said was dont pretend ' about rom ' when even a basic kernel wont run .
if you have a workin kexec would you mind sharing it ?
I'm very interested in your work since it seems that we will never see an official 2.2 from Motorola... I don't know if we are going to have the new update, here in France (2.1 update 2).
Well, I just have a question. On a french forum, someone posted a method to downgrade the ROM of the Milestone by implementing the right version of the bootloader in it, I don't know if I very clear. This member had some major problems with the 2.1 update so he decided to downgrade to 2.0.1. However he wasn't able to do it because his Milestone was using the 90.78 bootloader while the 2.0.1 rom was using the 90.73 bootloader. Eventulally, he managed to install the 2.0.1 rom on his Milestone by putting the 90.78 bootloader in the 2.0.1 rom.
So my question is : will it be possible put a bootloader in a custom rom in order to make it boot on the Milestone ?
(I would give you the link for the topic on the french forum once my account si verified)
kholk said:
Hacking the bootloader is impossibile on our Milestone, the TI OMAP chipset runs in High Security mode and for switching to General Purpose mode you have to desolder and resolder the OMAP chipset on your mainboard, soldering the right pins for enabling the GP mode.
Anyway, 2ndboot can make us able to boot a different kernel (for now GSM modem is unusable, so we can't use the phone with the new?y booted kernel) and this is the way that we'll take on the Milestone for using a custom kernel.
No custom ROMs. Or at least not this way.
We'll NEVER be able to boot this ROM.
Sent from my Milestone using Tapatalk
Click to expand...
Click to collapse
Actually this is a wrong assumption. HS chip cannot be turned to a Generag purpose.
For those who are interested, here is kexec.
Devs should know the drill, insmod kexec.ko etc etc.
Originally made by Kiljacken (compilation, etc), shared by me.
As for the Android 2.0.1 on Boot Loader 97.73, he may have just made a custom update zip that nukes the system partition and installs 2.0.1 on the device.
Also, I updated my Boot Loader to 90.78ch, which is the XT702 Boot Loader - no bricks. Yet.
I've been researching methods to boot another linux kernel from the android bootloader by first booting into the bootloader and then using a command similar to what fastboot uses to boot a temporary zImage.
hxxp://groups.google.com/group/android-kernel/browse_thread/thread/71a7cb1c35933a21
NOTE: replace the xx with tt
From my thread on the android Linux kernel group, it seems I can find more information on the recovery program here.
1. What exactly is the recovery program?
2. How does it function?
3. where do I find modified code for it?
(PS: I had originally posted this on questions and answers but this forum is better suited)
Cheers,
Earlence
anyone have any ideas?
atleast where can I get information on what code is in the recovery partition and how was it replaced to unlock these types of phones?
Honestly it seems to be a one kernel only situation for these devices. I understand what you are referring to. Much like desktop systems where you have a distro of Linux installed and you can choose different kernels to boot with. Unfortunately I don't believe any device right now has a bootloader that is capable of having multiple kernels installed with the option to boot from each one. Unless GRUB or LILO make it on to our devices I don't see this happening anytime in the near future.
stupid/sily questions:
APK related
if I try to delete a single file or apk in an android system, will it delete related files also?
Port related (ASOP/CM6/CM7/Custom ROMs/etc)
I know that the majority of XT720's kernel is 2.6.29..., anyways, why I am seeing 'Android version of 2.3.5'? and getprop value of '[ro.build.version.sdk]: [10]?..., are these valid?
I still have many questions that I would like to ask but for now, this will do.
Please enlighten me, I'm still starting to learn 'Android', any feedback is appreciated..., be it good or bad
best regards,
dabiano
Actually all the kernels are 2.6.29 because that's all Motorola has released--and because of the signature checks we can only use official Motorola kernels (except for fastbooting). That only applies to the kernel, though. Those ROMs have newer userspaces. E.g everything else (GUI etc) uses newer code. Even Motorola's 2.2.1 for Motoroi used 2.6.29.
Sent from my Milestone XT720 using xda premium
Mioze7Ae said:
Actually all the kernels are 2.6.29 because that's all Motorola has released--and because of the signature checks we can only use official Motorola kernels (except for fastbooting). That only applies to the kernel, though. Those ROMs have newer userspaces. E.g everything else (GUI etc) uses newer code. Even Motorola's 2.2.1 for Motoroi used 2.6.29.
Sent from my Milestone XT720 using xda premium
Click to expand...
Click to collapse
thanks for the reply
I'm still trying to grasp it all in my head about porting/compiling android (ASOP/CMx/etc...)
So in short, we can technically upgrade the userspace/api level of the entire android system even if the kernel stays the same?
also, you are saying that we can use another kernel if fastboot is used?, why not trick the bootloader to use a kernel that comes from a 'false' fastboot?, I may be wrong though ...
dabiano said:
thanks for the reply
I'm still trying to grasp it all in my head about porting/compiling android (ASOP/CMx/etc...)
So in short, we can technically upgrade the userspace/api level of the entire android system even if the kernel stays the same?
also, you are saying that we can use another kernel if fastboot is used?, why not trick the bootloader to use a kernel that comes from a 'false' fastboot?, I may be wrong though ...
Click to expand...
Click to collapse
That's right. I'm not certain but what I've gathered is the biggest kernel changes happened before 2.1 (which changed process management). I think it's been tweaked subsequently, but it may not be such a big deal. Additionally, there is another option--what I would call "kernel live surgery"-- skrilax_cz and nadlabak on A853 have been doing a lot of that lately--making modules that replace functions inside the kernel to replace bugs and add features.
And yes we can boot custom kernels using "fastboot boot", but I don't think anyone currently knows whether it is possible to trick fastboot to work without USB. It depends on how fastboot has been implemented. A853's seems to be the most studied bootloader, but "fastboot boot" doesn't work on A853.
Thanks for the info you shared Mioze7Ae
I believe this section is dead for the most part...
As many of you should know, those of us who took the OTA update have no way of rooting if towel root does not work... (Futex patched)
However there is hope!
I am not very knowledgable about exploits or reverse engineering...
There are two exploits that may be able to get us root when combined.
CVE-2014-7911(gets us system uid)
Cve-2014-4322(goes from system to root)
There is public poc code to do this...
However we need something...
I am working on getting the kernel symbols
When you get started please consider creating a thread in the Developers ONLY area which is heavily moderated. Good luck in this endeavor!!!
KennyG123 said:
When you get started please consider creating a thread in the Developers ONLY area which is heavily moderated. Good luck in this endeavor!!!
Click to expand...
Click to collapse
I figured that this may get more attention here....
I really do hope we can get root ASAP
I dunno if 4.3 kernel will work, I don't see why the addresses would of been changed but I am not a devloper nor an experienced hacker. (After some research this is probably incorrect)
Just need someone with stock kernel and root so we can get the addresses for cve 4322 and gg
Can you move this post or should I just create another thread in the developers section?
I'm rooted with Towelroot, on the Superliterom developed by mohammad.afaneh
http://forum.xda-developers.com/galaxy-s3-verizon/development/rom-superliterom-v1-0-i535vrudne1-t2805797
Not sure if that qualifies as stock kernel. I'd love to help as long as you can give me detailed instructions. If necessary I'm willing to go back to true stock if it helps unlock the bootloader so I can find a rom that's easier on the battery.
What do the commands yoh postes do, and what do you mean by "drop a link"? You can see I don't have much experience "under the hood".
IWellHeThanks said:
I'm rooted with Towelroot, on the Superliterom developed by mohammad.afaneh
http://forum.xda-developers.com/galaxy-s3-verizon/development/rom-superliterom-v1-0-i535vrudne1-t2805797
Not sure if that qualifies as stock kernel. I'd love to help as long as you can give me detailed instructions. If necessary I'm willing to go back to true stock if it helps unlock the bootloader so I can find a rom that's easier on the battery.
What do the commands yoh postes do, and what do you mean by "drop a link"? You can see I don't have much experience "under the hood".
Click to expand...
Click to collapse
If you're able to be on 4.4.2 that is rootable via towel root, it's not the exact kernel that I and others are on because futex is patched on the latest OTA. If you're able to boot into the stock rom (don't update if possible, may lose root?) and those commands (from my understanding) get us the addresses we need for the root on latest OTA. I remeber reading that they get randomized after every time it's compiled so it may not help. If someone more knowledgeable about this can help that would be great. No hurt in trying though. Just need you to do those commands then upload kallsyms and leave a link. Open it with a text editor and make sure it's not all 0's then words ect. Needs to be numbers then text, which is why root is required to do that... If we can get those adresses for the updated kernel we can get root on latest. I doubt we're getting lollipop....
Ok guys I have the boot.img for my device, the prepaid on nf5
I will get kernel from it when I can and then we are close...
Today I upgraded to an S5, so I can now afford to get locked into a stock rom on the S3. So if someone more knowledgeable can help me get this phone to the point wherr it gets you the data you need, I'll do it. In fact, I may be willing to send you this phone in a few weeks and you can borrow it for development if you promise to eventually return it with Cyanogenmod 10.x or another AOSP rom on it If it needs to be connected to get the latest OTA "up"grades then I'll get those going. My plan for the S3 is now to keep it as a backup. Saves me from paying for insurance on the new one.
Just to clarify on the commands; each line is a separate command, right? Right now kallsyms is 000000 textetc. . . I inputted the commands assuming each line was a separate command, hit the "enter" key after each line. It definitely accessed SU to do it as well.
I don't have a file upload account but if it's possible to upload it here or e-mail it I'm happy to do so.
What firmware build.are you on and whata your model? If you're not on a locked bl yet then don't lock it...
To clarify I am on nf5 on the I535PP. I think that after each tike tge kernel is compiled the adresses aee randomized... I have the compressed kernel binary from an update.tar.md5... I need to figure out how to decompress it... could I load in in qemu and do a ram dump? We basiclly just need the kernel symbols for the exploit to modify poc to work for our devices. The build date on mine is jul 22, futex(towelroot) is a nogo. I don't know if I535 and I535PP use the same kernel, I'll test when I get a chance.... If a mod could move this to devlopment and change the title to "NF5 root progress" or something like thay, woupd be great.
Ok guys, I am working on extracting.the kernel.then the kernel.adresses ahould.be easily obtainable, then I can build.the binary for 7911 to run as system and GG
When I get home I will begin I really hope I dont run into any issues...
Btw, I am not wanting/expencting donations/bountys nor am I promising anything other than mabey a "thanks". I am not a devloper and using publiC exploits and poc makes me nothing .special
OpenSourcererSweg said:
What firmware build.are you on and whata your model? If you're not on a locked bl yet then don't lock it...
To clarify I am on nf5 on the I535PP. I think that after each tike tge kernel is compiled the adresses aee randomized... I have the compressed kernel binary from an update.tar.md5... I need to figure out how to decompress it... could I load in in qemu and do a ram dump? We basiclly just need the kernel symbols for the exploit to modify poc to work for our devices. The build date on mine is jul 22, futex(towelroot) is a nogo. I don't know if I535 and I535PP use the same kernel, I'll test when I get a chance.... If a mod could move this to devlopment and change the title to "NF5 root progress" or something like thay, woupd be great.
Click to expand...
Click to collapse
I'm pretty sure the bootloader is locked; that's why I'm interested in what you're doing I was very disappointed to learn that I couldn't install an AOSP ROM after I repaired my phone.
When I replaced the motherboard and booted up, it was running 4.4.2 (and everything was in Spanish lol). The SKU on the sticker of the phone I got the motherboard from is SCHI535ZKB so does that make it the I535ZK? The concept of hardware version is new to me (and causing me frustration with my new S5).
I think the firmware is NE1, but as I said I've got the Superliterom, so under build number it says
SUPERLITEROM! V2.0
KOT49H.I535VRUDNE1
But as I said, if it helps you (and therefore helps me) I can flash it back to stock and take the OTA upgrades til it's at the NF5 firmware. But as you said I expect I would lose root, and then be unable to get the info you wanted. Seems like a real catch-22, at least at the skill level I'm at.
Glad you're making progress and let me know if you think there's anything I can do to help.
Don't risk losing root in a case I fail. You should be able to flash ne1 but don't flash nf5 or whatever. I don't think I will need someone who's already rooted since I am taking a diffrent approach to getting the symbols. I hate using hex editors... Especially ones from market and not on a pc....
I seem to have hit a brick wall... Great....
I don't seem to be able to decompress the kernel :/
I thought that most kernels on android used gzip but binwalk says its LOZ and some stuff about encryption... My device storage is encrypted and I did copy the update from it.....
I'm going to decrypt my phone tonight and try again tomarrow....
When you hit a brick wall, use a sledgehammer.
My phone is encrypted, too, so I guess it would have given you the same issue had you tried with it.
Well, I am taking a diffrent approach completely from what I originally thought I needed someone for.
I am trying to get the symbols from the kernel itself, I have gotten boot.img from the firmware, I have gotten zImage from boot.img. I am currently trying to get the goodies from zImage but having trouble getting at them. I am very confused because the gzip magic headers are there... When I use dd to get that saved and try to gunzip it I get an error about corruption... I need an uncompressed kernel to get the symbols for the qcom cve...
Once I get those I just plug those symbol values into poc code I found on GitHub, build the binary with ndk, then take that binary and put it In a folder from the other part of the poc, build the app using android studio, test it, then boom. Everyone with the same kernel *SHOULD* have root
If any of you devs with reverse engineering know how could point me in the direct for getting the uncompressed kernel binary, please point me in the right direction.
Google simply isn't helping at this point.
Basically, fire off cve 7911.
With system privileges, execute the binary and GG
I created a thread asking for help in the dev section, hope I get this going.
https://github.com/android-rooting-tools/libmsm_vfe_read_exploit
...
This is probably useful, going to try it later.
When did NF5 come out?
Is there a new radio I can flash?
LLStarks said:
When did NF5 come out?
Is there a new radio I can flash?
Click to expand...
Click to collapse
He's speaking of the prepaid VZW S3 not the contract version
Sent from my Nexus 5
Reversing the kernel doesn't seem possible to me at all at this point with my limited knowledge of this....However I have been digging and it may be possible to get root by taking the Odin flash able OTA, extracting the files, deleting the bootloader and recovery files, unpacking or mounting system.img and adding an SU binary (and setting permissions?), Repack, put it all together and then flashing it via Odin. If I can obtain root this way, I'll be able to get what I need to try to make a 1 click root for others on mf5(only the i535pp phones I believe) and then I can die happily.
I'm not much of a "developer" but I am determined to get this.
I have successfully built a flash able tar.md5 with a modified system.img.ext4 containing a su binary that I chowne as root under linux & chmoded
Also have supersu.apk chmoded and I'm the apps.
I am currently moving the tar.md5 to my sdcard from my pc and I am about to boot windows to see if I can no flash via Odin
If all goes well, I will be very happy indeed.
Well, I managed to soft bring my device.
I'm not entirely sure how I managed to do that...
I am about to flash stock again via odin, i should have backed up some files xD