Database Info

Rooting the Eris

Has anyone been able to root thier Erie yet? If so how did you do it? Or can anyone point me in the right direction to get started. Thanks for the help.

I think it'll be at least a few weeks. Someone needs to get the recovery image and mod it as they did with the Hero. I think.

so is anyone working on this? if you give me instuctions i will dump my phone and post it, if that will help? i would really just like to be able to tether over wifi when needed without having to pay out the ear for it.

Is it that different from the Sprint's Hero? Try the current method...

herzzreh said:
Is it that different from the Sprint's Hero? Try the current method...
Click to expand...
Click to collapse
I'm concerned that the image from the Hero will cause problems since it's different carrier etc

The method used to root isn't carrier dependent. You probably won't want to load MoDaCo's current ROM as it is Sprint specific, but assuming the kernel build is the same you may be able to gain root with the asroot2 script.
To clarify, 'rooting' is not the same as loading a custom ROM. One begets the other, but loading a custom ROM isn't a requirement, just a door that gets opened when you gain root access to your phone.
Assuming everything else is the same on the phone, the Amon_Ra recovery bootloader should work as well.

If asroot2 works then we can flash a new recovery image, you can dump your ROM, and I can do a MCR version.
P

would i still use the recovery image that is posted for the hero? or would i stop at that step when rooting?

binny1007 said:
would i still use the recovery image that is posted for the hero? or would i stop at that step when rooting?
Click to expand...
Click to collapse
If you use the recovery image for the hero and it doesn't work, it's not usually a big deal.
Just pull out the battery to restart your phone normally. Since the recovery image is separate from the rom, replacing the first does not affect the latter.

binny1007 said:
would i still use the recovery image that is posted for the hero? or would i stop at that step when rooting?
Click to expand...
Click to collapse
Follow the rooting instructions to the letter, all the way through. Just don't flash a new rom if successful.

You can use the recovery image posted for the Hero.

ok i am following the instructions and this is what i am getting? what is going wrong?
C:\AndroidSDK\tools>adb shell
$ chmod 0755 /data/local/asroot2
chmod 0755 /data/local/asroot2
$ /data/local/asroot2 /system/bin/sh
/data/local/asroot2 /system/bin/sh
[1] Killed /data/local/asro
$ mount -o remount,rw -t yaffs2 /dev/block/mtd
mount -o remount,rw -t yaffs2 /dev/block/mtdbl
mount: Operation not permitted
$ cd /system/bin
cd /system/bin
$ cat sh > su
cat sh > su
cannot create su: read-only file system
$ chmod 4755 su
chmod 4755 su
Unable to chmod su: No such file or directory

The eris and droid can't use that exploit unfortunately, you'll have to wait until there's another way in

binny1007 said:
ok i am following the instructions and this is what i am getting? what is going wrong?
C:\AndroidSDK\tools>adb shell
$ chmod 0755 /data/local/asroot2
chmod 0755 /data/local/asroot2
$ /data/local/asroot2 /system/bin/sh
/data/local/asroot2 /system/bin/sh
[1] Killed /data/local/asro
$ mount -o remount,rw -t yaffs2 /dev/block/mtd
mount -o remount,rw -t yaffs2 /dev/block/mtdbl
mount: Operation not permitted
$ cd /system/bin
cd /system/bin
$ cat sh > su
cat sh > su
cannot create su: read-only file system
$ chmod 4755 su
chmod 4755 su
Unable to chmod su: No such file or directory
Click to expand...
Click to collapse
You guys and Bell South...sounds like Sprint had the only vulnerable CDMA version.
You guys will have to wait for a new "asroot" type file...a new exploit to get you guys access.

well that sucks, so there is no other way around this right now? Or if anyone needs a ginnie pig i am more than happy to help.

thecodemonk said:
You guys and Bell South...sounds like Sprint had the only vulnerable CDMA version.
You guys will have to wait for a new "asroot" type file...a new exploit to get you guys access.
Click to expand...
Click to collapse
That's what I thought. Hopefully since the hardware is so similar it wont take long.

Unfortunately hardware is barely a glimmer in this equation - the expliots used to gain root are software, usually kernel bugs.
Something will turn up soon.hopefully.

binny1007 said:
well that sucks, so there is no other way around this right now? Or if anyone needs a ginnie pig i am more than happy to help.
Click to expand...
Click to collapse
Just remember, while it's unlikely, any of these actions could theoretically brick your phone...be aware of the risks!
Have you attempted the flashrec method?
Drop the Recovery Image from here onto your sd card
http://forum.xda-developers.com/showthread.php?t=581521
Download the apk from here and install it on your phone:
http://zenthought.org/content/project/flashrec (download it from your phone's webbrowser and open the file...if that doesn't work, download astro file explorer from the market and try again).
Once you open flashrec, click on the "backup" link and then type in the path to your recovery image (most likely: /sdcard/recovery-RA-heroc-v1.2.3.img)
Then flash and try to reboot into recovery mode (power off, then either home+power, volume down+power, or camera+power...depends on who you ask, one of those should get you into the recovery image where you'll see an option for nandroid, that's how you'll know it was a success).
If you reboot and it doesn't work or it freezes, pop out the battery and boot normally...shouldn't hurt anything (though if you want to be more safe, I'd wait until we got the RUU for whatever carrier you're on (Verizon/Telus/etc)). Currently the Sprint RUU is the "get out of jail" card that's saved a bunch of people.
Just remember, while it's unlikely, any of these actions could theoretically brick your phone...be aware of the risks!

thecodemonk said:
You guys and Bell South...sounds like Sprint had the only vulnerable CDMA version.
Click to expand...
Click to collapse
Cellular South
thecodemonk said:
Have you attempted the flashrec method?
Click to expand...
Click to collapse
It doesn't use the same exploit as asroot2?

markachee said:
Cellular South
It doesn't use the same exploit as asroot2?
Click to expand...
Click to collapse
Sorry, Cell South, Bell south...(can you tell I'm not from around there? )
I have no idea if it does...but I figured it can't hurt to try eh? Because if it works, wouldn't that be awesome?

[GUIDE] Safer way to unroot and revert to stock myTouch 3G 1.2

This method we will use nandroid's recovery option in ClockworkMod
Requirements:
Rooted myTouch 3G 1.2 with USB Debugging
ClockworkMod Recovery Installed (can be install from ROM Manager)
Universal Androot apk saved to your AndroidSDK tools folder
(I will be doing this in adb)
Create the recovery folders
Code:
mkdir /sdcard/clockworkmod
mkdir /sdcard/clockworkmod/backup
mkdir /sdcard/clockworkmod/backup/Stock
Mount the SD card so you can access it on your computer.
Now extract SAPPIMG_Sapphire_T-Mobile_US_2.10.531.4_release_signed.zip (from shipped-roms) [FYI: I had to use 7zip for this] into clockworkmod/backup/Stock.
Now we are down with that unmount it and return to adb.
Once your phone has remounted the SD card do:
Code:
cd /sdcard/clockworkmod/backup/stock
md5sum * > nandroid.md5
cd ../../../
cat /system/bin/flash_image > flash_image
(If you do not have flash_image post here in this thread and I will pm you a link to it)
Reboot the phone and boot into recovery mode (hold home when powering on)
Once in there
**DO A FULL WIPE**
then restore the "Stock" backup from the restore menu,
It should get past boot and system then fail on /data THIS IS NORMAL
It is not safe to reboot your phone
Set up your phone and all that good stuff, then re-enable adb debugging.
in a command prompt cd to your androidsdk/tools folder and run
Code:
adb install UniversialAndroot.apk
and reroot your phone (bare with me)
once that is done do
Code:
adb shell
su
be sure to click allow on the Superuser Permission pop up that shows up on the phone
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/app
rm Superuser.apk
cd ..
cat /sdcard/flash_image > flash_image
chmod 0700 flash_image
./flash_image recovery /sdcard/clockworkmod/backup/Stock/recovery.img
rm flash_image
mount -o ro,remount -t yaffs2 /dev/block/mtdblock3 /system
exit
unroot your phone via universal androot and uninstall it via the applications menu
reboot and done!
I have done this a couple times and every time it worked like a charm.

Hey there, I get to inputting the md5 command, but I get cannot create nandroid.md5: permission denied
What am I doing wrong?

Using a SAPPIMG.zip is not at all unsafe and is faster and easier.

Well, I have been trying to use the sappimg.zip from unlockr's guide and on the t-mobile dev forums, but yet all of them end up giving me a Main version is older! error.
I cant seem to find the solution.

I've had the same problem. I have made the gold card a million times (worked rooting the phone) and now it tells me the older error. Thought it would be easier reverting back, guess that's not true.
Anyways, can I get the flash_image file?

getting past the "older version" error
what i did to get past the "older version" error, was this:
step1: re-use gold card and the 1.5 version sappimg.zip from unlockr.com
step2: reboot using the original sappimg for t-mobile (i wont link from the post but i found it on XDA aka use search)
this will reload EVERYTHING as stock MT3g1.2 including original splash, and recovery images.

if you want to revert it to stock, try this: http://forum.xda-developers.com/showthread.php?t=641174, it may help

The safer way is to NOT BOTHER.
The update schedule is to run from today through the 25th inclusive. That's 11 days. The average length of time that any particular user will have to wait is therefore 5.5 days. Chances are that the update will be posted by tonight or tomorrow (latest), and 10 minutes later, it will be fixed so that it doesn't rob you of root (keep your options open!).
So... you save about 5 days of waiting (average) and end up with your options wide open. OR, you can commit to the average and end up locked out, possibly forever.

I like the way you think...
Sent from my T-Mobile myTouch 3G using XDA App

Need eng spl
bartcrusades said:
well, i have been trying to use the sappimg.zip from unlockr's guide and on the t-mobile dev forums, but yet all of them end up giving me a main version is older! Error.
I cant seem to find the solution.
Click to expand...
Click to collapse
just got through doing the same thing tried goldcard method and still got main version older....then i got it right...flash eng spl i beleive it was 0010 then do the sappimg.zip it works and when you finish the update your 0013 spl is back...then used universal androot installed superuser then installed rom manager and made backup of stock then put my phone back the way it was hopefully when the update comes out and i do think it will be a long time before it does i can restore backup of stock unroot with universal androot and uninstall superuser. At least thats the plan. If you want to do this look for kennys posts in the sappimg thread his directions are what i used.

That is the correct way to do it. Eng spl then tmo stock image. When done its back to completely stock.
Sent from my T-Mobile myTouch 3G using XDA App

hey i do not have flash_image can u post up a link? thanks.

[ROOT] Easy Root, works with any Stock ROM (Including 2.31.651.7!)

Disclaimer: This is not one-click. However, it IS relatively short and straightforward, and does not require you to downgrade.
Credits: The 743C exploit, and ChainsDD for Superuser.
You need:
Android SDK installed and working.
The zip attached to this post.
If you're still on Cupcake (Android 1.5) you'll need su and Superuser from http://bit.ly/su2361cd
So, let's get down to business.
Unzip the attached file into your /android-sdk/tools/ directory, it'll make your life (and ours) easier.
Open up your command line, change to the SDK tools directory, and enter these commands:
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp
adb shell chmod 755 /data/local/tmp/rageagainstthecage-arm5.bin
Now execute the exploit:
Code:
adb shell
/data/local/tmp/rageagainstthecage-arm5.bin
Wait for the exploit to finish.
Code:
exit
If it doesn't exit cleanly, chances are it worked, just close your terminal or command prompt and open a new one.
Test that it worked:
Code:
adb kill-server
adb start-server
adb shell
If you see a $, it DID NOT work, execute the exploit again. (Step 3)
If you see a #, it WORKED, continue:
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
adb push su /system/xbin
adb shell chmod 4755 /system/xbin/su
adb install Superuser.apk
You may need to ctrl-c once it says Success!
Next time you 'su' in adb shell, make sure to click Allow in Superuser!
You may instead install Superuser from the Market if you wish.
Clean up the exploit:
Code:
adb shell rm /data/local/tmp/rageagainstthecage-arm5.bin
If you ever do a "Factory Reset", Superuser will go away, but you DO NOT lose root. Just reinstall Superuser.
What next? The choice is yours! Remove stock apps, get some good 'ol WiFi tethering, or flash something different!
*NOTE*
The above steps DO NOT put a recovery on your phone, though it is VERY EASY.
Once you're rooted, install ROM Manager by Koushik Dutta from the Market. Open it up, click "Flash ClockworkMod Recovery".
Select your model (Hero CDMA), and hit Allow when the Superuser Prompt shows up.
*NOTE*
The above steps DO NOT install Busybox on your phone.
Simply install Busybox from Stephen (Stericson), available on the market.
Start the app and click Allow when prompted by Superuser.
How To Uninstall
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
rm /system/xbin/su
rm /etc/passwd
rm /etc/group
Uninstall Superuser.apk then reboot, and you're set!

tehdarkknight said:
Disclaimer: This is not one-click. However, it IS relatively short and straightforward.
Credits: The 743C exploit, and ChainsDD for Superuser.
You need:
Android SDK installed and working.
The zip attached to this post.
So, let's get down to business.
Unzip the attached file into your /android-sdk/tools/ directory, it'll make your life (and ours) easier.
Open up your command line, change to the SDK tools directory, and enter these commands:
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp
adb shell chmod 755 /data/local/tmp/rageagainstthecage-arm5.bin
Now execute the exploit:
Code:
adb shell
/data/local/tmp/rageagainstthecage-arm5.bin
Wait for the exploit to finish.
Code:
exit
If it doesn't exit cleanly, chances are it worked, just close your terminal or command prompt and open a new one.
Test that it worked:
Code:
adb kill-server
adb start-server
adb shell
If you see a $, it DID NOT work, execute the exploit again. (Step 3)
If you see a #, it WORKED, continue:
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
adb push su /system/xbin
adb shell chmod 4755 /system/xbin/su
adb install Superuser.apk
You may need to ctrl-c once it says Success!
Next time you 'su' in adb shell, make sure to click Allow in Superuser!
That's it!
I won't give directions on installing a recovery or flashing another rom, there are plenty of threads detailing how to do so.
Click to expand...
Click to collapse
Pretty straightforward. This will probably help a lot of newer hero owners, because amazingly, people are still buying them every day!
If I get a chance to test it out, I will.

Nice job. Should be stickied so people don't run around searching through all the old rooting threads which aren't as compatible with the newer RUU versions.

Worked nicely on a refurb Hero that Sprint sent due to the dust problem.
Thanks!

Works great for me

Why am I having trouble doing this? I was able to do it on one Hero though not after many retries, but not on another.

tehdarkknight said:
Disclaimer: This is not one-click. However, it IS relatively short and straightforward, and does not require you to downgrade.
Credits: The 743C exploit, and ChainsDD for Superuser.
Click to expand...
Click to collapse
Great! I can't live without WiFi tethering my iPad which is why I haven't done the 2.31.651.7 HTC OTA update at all.
So, I take it that this exploit will root the Official RUU_Hero_C_Sprint_2.31.651.7_signed_release.exe file then too? I ask because I really don't like to do 'update patches'. I prefer to flash and start fresh so I'm planning on flashing the RUU and then doing this root exploit. Yes, No???

DaWeav said:
Great! I can't live without WiFi tethering my iPad which is why I haven't done the 2.31.651.7 HTC OTA update at all.
So, I take it that this exploit will root the Official RUU_Hero_C_Sprint_2.31.651.7_signed_release.exe file then too? I ask because I really don't like to do 'update patches'. I prefer to flash and start fresh so I'm planning on flashing the RUU and then doing this root exploit. Yes, No???
Click to expand...
Click to collapse
I tested it with the very same RUU, it works.

tehdarkknight said:
I tested it with the very same RUU, it works.
Click to expand...
Click to collapse
SUPER!
Because when I saw this post, I tried to download the latest OTA patch, but my phone just responds 'Your phone is up to date. There are no updates available for your phone'. Strange, because I'm on 2.27.651.6 and the OTAcerts.ZIP is in tact.
Oh well, FEAR NOT, because after I get back from the store this morning, then get the TV tuned to the split screen with football on one and the baseball playoffs on the other, and get Leo Laporte's TechGuy radio show screaming...it'll be the perfect time to flash my phone to factory fresh.
Thanks.

Works perfectly on latest and "greatest" stock ROM... excellent

DaWeav said:
SUPER!
Because when I saw this post, I tried to download the latest OTA patch, but my phone just responds 'Your phone is up to date. There are no updates available for your phone'. Strange, because I'm on 2.27.651.6 and the OTAcerts.ZIP is in tact.
Click to expand...
Click to collapse
Same thing happened to me, that's why I tested this method with the RUU

What are the advantages to ruu'ing to. 7 and rooting again? I rooted my .5 hero and have had no problems....is there something significant that makes the extra work worth it?
Sent from my HERO200 using XDA App

tehdarkknight said:
Same thing happened to me, that's why I tested this method with the RUU
Click to expand...
Click to collapse
Well, I just did the RUU, then did this root, then loaded WiFi Tether, and I'm back in business with my iPad tethering.
Vandelay007 said:
What are the advantages to ruu'ing to. 7 and rooting again? I rooted my .5 hero and have had no problems....is there something significant that makes the extra work worth it?
Click to expand...
Click to collapse
One reason is that when I tried to download the latest OTA update today, I could not. And another reason is before I RUU'd, I had less than 50MB of available memory, but now I have 96MB available with all of my programs loaded again. So for me, it just seems more and more that Android (or HTC Sense) is like Windows boxes since it seems I have to reload the Android OS every now and then to clean things out.

Vandelay007 said:
What are the advantages to ruu'ing to. 7 and rooting again? I rooted my .5 hero and have had no problems....is there something significant that makes the extra work worth it?
Sent from my HERO200 using XDA App
Click to expand...
Click to collapse
Well, if you're using Sprint's official stock .5 rom, with no tweaks applied, you gain the advantage of having an up-to-date rom with the latest bugfixes from Sprint, plus I would say my root method is less invasive and more transparent than other root methods. My personal opinion is that it feels like a root method that can't be abused easily.

SuperOneClick

But I don't need storage space with firerats custom mtd partition....I have over 200mb free with over 50 apps and zero of them on m SD card
Sent from my HERO200 using XDA App

this isnt working.... I can't get passed step 3... my phones just restarts, and then i can't get any further than that.

devonkosa said:
this isnt working.... I can't get passed step 3... my phones just restarts, and then i can't get any further than that.
Click to expand...
Click to collapse
Give us some info. What's your ROM version?

aosp said:
SuperOneClick
Click to expand...
Click to collapse
Is SuperOneClick the same method of rooting?

chiill said:
Is SuperOneClick the same method of rooting?
Click to expand...
Click to collapse
Yes it is....
Ok guyz, I'm going to help yall out !!!!
Look at this and this works I just did it.... any questions pm me then I will post up on here....
http://forum.xda-developers.com/showthread.php?t=803682
This is for rooting your hero and other android devices, even at .7 on the Hero.... I just did this and I laughed at out quick and easy this was... Just make sure you are charge only, and you unzip the downloaded file,.. then open up the SuperOneClickv1.3-ShortFuse.zip on your computer somewhere and open up the SuperOneClick program, and bam you are done....
http://forum.xda-developers.com/atta...5&d=1286657043

step-by-step guide how to unlock your Motorola Charm free of charge

Finally mr. yakk did it!!! I helped him a little bit and tested all on my own locked Charm.
It works on 2.60 firmware only. Not tested on 3.90.
1: flash phone using RSD and this firmware: http://simf.in/charm/T-Mobile_MB502_02.60.5_1FF_01.zip
2) root it using SuperOneClickRoot: http://simf.in/charm/SuperOneClickv2.1.1-ShortFuse.zip
3) download file and unzip it to SD card: http://forum.gsmhosting.com/vbb/atta...1&d=1323018502
4) go to shell (ADB shell or even use terminal emulator on the phone) and do next steps:
Code:
su
mount -o remount,rw -t yaffs2 /dev/mtdblock7 /system
cp /sdcard/telnetd /system/bin/
chmod 777 /system/bin/telnetd
reboot phone with any SIM and enloy your unlocked toy
Note: after reflashing your phone will be locked again.
Reposts or even usage of file which does unlock in any posts without links to topic where I am orgrinally posted this method ( http://forum.motofan.ru/index.php?showtopic=1730439 )are strictly prohibited.
Source: http://forum.gsmhosting.com/vbb/f606/unlock-motorola-charm-free-1393049/
Regards

I don't own a Charm no more, but I kinda don't see how that works. There is no command to 'execute' telnetd after 'chmod 777 /system/bin/telnetd'. Are you saying the phone will automatically recognize the file and unlock the sim?

>..............http://forum.gsmhosting.com/vbb/f606...-free-1393049/

I am having trouble with the code in terminal
I am having trouble typing in the terminal code and I am a big noob at that kind of stuff so if u could reply to my post and make it a bit simpler for me that would be amazing thanks.

sprint/att locked bootloaders root discussion

**moderators if this in wrong place feel free to move it**
as we know sprint and att variants have locked bootloaders I am posting this for a knowledge base, and hopefully to have some devs jump aboard and help get root and or recovery for us as well.
Here is what I have so far
Default.prop lines:
ro.oem_unlock_supported=1
ro.secure=1
security.perf_harden=1
ro.adb.secure=1
ro.allow.mock.location=0
ro.debuggable=0
persist.sys.usb.config=boot
pm.dexopt.install=speed
pm.dexopt.first-boot=speed
Adb getprop output lines:
ro.boot.authorized_kernel]: [true]
[ro.boot.baseband]: [msm]
[ro.boot.bootdevice]: [624000.ufshc]
[ro.boot.console]: [ttyHSL0]
[ro.boot.ddr_info]: [0x6]
[ro.boot.ddr_size]: [4294967296]
[ro.boot.dlcomplete]: [0]
[ro.boot.flash.locked]: [1]
[ro.boot.hardware]: [elsa]
[ro.boot.revision]: [12]
[ro.boot.rpmb_state]: [1]
[ro.boot.serialno]: [LGLS997e5161ca]
[ro.boot.svelte]: [1]
[ro.boot.verifiedbootstate]: [green]
[ro.boot.veritymode]: [enforcing]
I have experimented with @jcandduo dirty cow exploit for the tmob devices and get error when tryimg to execute
Chmod 0777 *
and
Chmod 0777*
also dont know if its related or not but the last command
$ ./dirtycow /system/bin/run-as recowvery-run-as $ run-as exec ./recowvery-applypatch boot "<wait for it to flash your boot image this time>"
Did not work the rest of the steps flashed succesfully
And get enforce was enforcing as well
My hopes behind this thread is to get some help and maybe get a root for this device.
UPDATE: we have found two win32 binaries called Push_File.exe and Send_Command.exe that work with this device in download mode I have confirmed both of them work.....
At this point we are needing busybox binaries for our phone and Root.sh for our device
As of Nov 06th a bounty thread has been created to help assist with this
http://forum.xda-developers.com/v20/how-to/bounty-thread-lg-v20-devices-locked-t3495200/page1
We now have osc for our devices
Sprint
https://www.dropbox.com/s/owthb42l7gah9ey/LGLS997_Nougat_Android.zip?dl=0
Att
https://www.dropbox.com/s/mwm438oktxce9es/LGH910PR_Android_Nougat.zip?dl=0

Reserved

Reserved. I wish I was smarter and could help you guys more. I love the phone without root but that bloat is killing me.

Ryuk359 said:
Reserved. I wish I was smarter and could help you guys more. I love the phone without root but that bloat is killing me.
Click to expand...
Click to collapse
Thats the point behind the thread hopefully if we all put our heads together we can figure a work around out or find a dev that write the code for us

Alright. So, with the bootloader locked, it will not load the custom recovery (temp Permissive boot). It will try to load it, says the error I posted before, then reboots normally. If I hold Power + Vol Down, it'll try to boot recovery, giving the error again, until I let it boot normally. When it gets to Android OS, it's Enforcing, and recovery is flashed back to stock. There are my notes!

pro_granade said:
Alright. So, with the bootloader locked, it will not load the custom recovery (temp Permissive boot). It will try to load it, says the error I posted before, then reboots normally. If I hold Power + Vol Down, it'll try to boot recovery, giving the error again, until I let it boot normally. When it gets to Android OS, it's Enforcing, and recovery is flashed back to stock. There are my notes!
Click to expand...
Click to collapse
Were you able to get chmod 0777 to work?
What if we chown 0777 ?

I believe that the chmod command works you just receive an error when changing the ownership of the 2 files flatland and flatland64 (I think that's what the file names are).
But yeah you never are put into a root shell and therefore the scripts do not change your SELinux to permissive.

What would be a good way to set up a bounty for this? I. E. Kickstarter, gofundme, etc? I think it could help garner support and most folks are willing to kick in a few bucks for it. I know I am.

Ryuk359 said:
What would be a good way to set up a bounty for this? I. E. Kickstarter, gofundme, etc? I think it could help garner support and most folks are willing to kick in a few bucks for it. I know I am.
Click to expand...
Click to collapse
Probably gofund me however i dont know how we would get people to see it i was thinking the same thing

twistedvip said:
I believe that the chmod command works you just receive an error when changing the ownership of the 2 files flatland and flatland64 (I think that's what the file names are).
But yeah you never are put into a root shell and therefore the scripts do not change your SELinux to permissive.
Click to expand...
Click to collapse
Right i was hoping there would be a workaround for that i am going to try chown tonight

rickberg said:
Right i was hoping there would be a workaround for that i am going to try chown tonight
Click to expand...
Click to collapse
Thing is, those files (I believe) should have no effect to the actual dirtycow exploit binaries for the Tmobile variant.

twistedvip said:
Thing is, those files (I believe) should have no effect to the actual dirtycow exploit binaries for the Tmobile variant.
Click to expand...
Click to collapse
He said he updated the binaries yesterday i have not tried with the updated binaries i will try layer

Ok so i tried and this time cant get past the reboot part just hangs the chown 0777 * does do something without that command it says access denied

Did someone grab the root shell from this post? I didn't grab it originally and now it's 404. It would save me some trouble of building my own.
http://forum.xda-developers.com/showpost.php?p=69307743&postcount=109
Basically, the story here is that at this point unless we can get the bootloader unlocked we can't boot into a permissive mode. Bypassing the ATT bootloader seems to be a no-op unless someone has some brilliant idea.
That means your best hope at this point is somehow finding a way to do something really permissive on the system to mod with the dirtycow exploit that could lead to a temp root that would have to be reapplied every boot.
A fully permissive exploit could, in theory, allow you to run 'setenforce 0' to just turn off selinux at runtime. Currently using run-as on my device with the cow exploit does not allow to me to turn off enforcing.

Well I'm posting to follow this thread. I have a sprint lg v20 and I'm highly interested in getting root on this device.

so if we have a locked bootloader, what's the point in having the "Enable OEM unlock" option under Dev options? I'm talking the Sprint model..

maybe u guys should look at something similar to depixel8

elliwigy said:
maybe u guys should look at something similar to depixel8
Click to expand...
Click to collapse
With the VZW pixel, I believe they were able to get into the fastboot screen still - they just were getting error messages of not being allowed to run commands on fastboot.
With our variant of the V20 - the bootloader is locked down. Only way in is through either an eng image or by reverse engineering the SHA keys to allow us into the bootloader screen.
I think it will be much harder to get this bootloader unlocked than how they did depixel8.

Guide that could help us figure out how to enable fastboot.
1. Plug phone in
2. Open CMD as administrator
3. cd to your android sdk platform-tools section
4. Make sure you have USB Debuggin on
5. type adb shell
6. type ls
This allows you to view everything of the phone and I mean everything. If we could compare bootloader section and or fastboot sections with T-Mobile variant we might be able to figure out how to enable these!

SaintZ93 said:
Guide that could help us figure out how to enable fastboot.
1. Plug phone in
2. Open CMD as administrator
3. cd to your android sdk platform-tools section
4. Make sure you have USB Debuggin on
5. type adb shell
6. type ls
This allows you to view everything of the phone and I mean everything. If we could compare bootloader section and or fastboot sections with T-Mobile variant we might be able to figure out how to enable these!
Click to expand...
Click to collapse
I'm going to be quite honest here. Getting into your shell as a regular user is not going to do literally anything for you without an exploit. Currently the dirtycow exploit that is used for root privileges on T-Mobile variant does not work.
Even if there was a way to look at the bootloader section (theres not as a regular user) - you cant modify anything.
When you go into the shell, you're placed into the root directory ('/'). It only shows files on the phone inside that root directory. Most important folders you cannot even go into (or list).