Hi,
Here an one-click application to install Superuser and su binary on phone. Look at the compatibility list here to see if this application can be useful for you.
Feedbacks on supported devices will be greatly appreciated in order to update the compatibility list. Post your feedback here
Superuser and su binary include in application work from android 2 to 4.
!! Important !!
Success with this application void warranty on your device.
If you need help, read the FAQ first before posting your question in the help thread
If you like my work, you can buy Framaroot donation app
Many many thanks to all donors
Installation
Download it on your device (links are available at the end of this post)
Install it with a file explorer or directly from your internet browser, if android warn you about security risk, say OK and check Unknown sources to allow install of applications outside of Play Store.
Usage
Open Framaroot and select one of the following action: Install SuperSU, Unroot or Execute script (for advanced users)
Possible case once application is launched
A popup saying "Your device seems not vulnerable to exploit included in Framaroot", in this case you can uninstall app
You seeing one or more exploit name, also click on one after you have selected an action and you will see one of the above messages
Possible case once exploit is selected
"Success ... Superuser and su binary installed. You have to reboot your device"
"Failed ... Exploit work but installation of Superuser and su binary have failed"
"Half-Success :-/ ... system partition is read-only, use local.prop trick. Reboot your device and use adb to see if it run as root", happen when the filesystem in use on system partition is a read only filesystem (ex: squashfs)
"Failed ... Try another exploit if available"
Framaroot crash or freeze, in this case relaunch Framaroot a second time and select the same action and exploit
Advanced usage
Click here
Release:
Version 1.9.3: Update SuperSU to 1.99r4. Add Czech translation thanks to efIT^cz™.
Version 1.9.2: Update SuperSU to 1.94. Fix error #15.
Version 1.9.1: New action (Execute script) added which will allow you to execute a custom script. Ukrainian language added thanks to Bogdan.
Version 1.9.0: Add Barahir exploit (potentially affect Mediatek based devices).
Version 1.8.1: Another attempt to fix crashes.
Version 1.8.0: Add Faramir exploit, little brother of Boromir (potentially affect Mediatek based devices).
Version 1.7.1: Link to Framaroot donation added (it does nothing as this kind of application are forbidden on play store ... but it could do something someday)
Version 1.7.0: Due to a mistake, Pippin exploit didn't appear in exploit list, its fixed now (Huawei device owners welcome). Add Gollum exploit for AMLogic based devices.
Version 1.6.1: Remove Superuser as it fail to install. Add execution support from adb command line.
Version 1.6.0: Add Pippin exploit (potentially affect Huawei K3V2 based devices)
Version 1.5.3: An attempt to fix Gandalf error#10
Version 1.5.2: Revert to exploitation fix included in 1.4.1. Add Slovakian and Italian languages. Error # added in toast message when exploit failed (report the error number in this thread so I could give you the reason of failure). Previously fix for Framaroot crash was a dirty hack, with this version you shouldn't encounter crash.
Version 1.5.1: Should fix Framaroot crashes.
Version 1.5.0: Add Boromir exploit (potentially affect many Mediatek based devices).
Version 1.4.3: Update SuperSU to 1.34. Rewrote the fix include in 1.4.1 for better but slower exploitation.
Version 1.4.2: Add Russian and French languages. Add scrollbar for exploit list. Update SuperSU to 1.30
Version 1.4.1: Fix a bug in exploitation due to the different kernel data alignement between version and devices, so if exploits didn't work before it "may" work with this version if your device is vulnerable
Version 1.4: Add Gandalf exploit (potentially affect Qualcomm based devices, tested on Nexus 4, as always feedbacks are welcome)
Version 1.3: Add Aragorn and Legolas exploits (could affect wide range of samsung devices including non exynos devices, please give feedbacks for your devices. Thanks)
Version 1.2.1: Fix unroot bug. Improvements for exploitation. Embed SuperSU 1.25
Version 1.2: Add possibility to Install Superuser, Install SuperSU and Unroot
Version 1.1: Frodo exploit added
Version 1.0: Initial release
Supported devices:
Click here
FAQ
Is framaroot work on my device ?
If your device is in the compatibility list above, the short answer is : yes but it depends of your firmware version, latest firmware have less chance to be rooted.
If your device is not in the compatibility list and it embed one of the processor mentionned above, the answer is : try it and see.
Why framaroot doesn't root anymore after I update my device ?
Because framaroot exploit security holes present in several devices which has been patched with update you have done, so exploits can't root your device anymore. Framaroot's exploits have a very short life to keep your device "less exposed" to others malicious application. Keep in mind that framaroot is not a permanent rooting application.
I loose root after update, what I can do to root my device now ?
An advice : if you want to have a chance to keep root after update, don't update with Kies or ODIN for samsung devices or don't flash system partition, prefer OTA update and use OTA survival feature in Superuser or SuperSU.
And if you have no choice, you can use the traditional method : flash tools specific to your device
Will framaroot include more exploits ?
Yes, but don't ask when since I don't know myself, it depend of the vendors fix response.
Framaroot crash when I select Gandalf exploit ?
Often the first time you launch Framaroot by selecting Gandalf as exploit, it crash Framaroot. Don't worry, in this case you have to re-launch Framaroot and select Gandalf again, the second time it should work.
What means error# on result ?
All errors less or equal to 9 mean your device is not vulnerable.
If you get error#10, give a try with Framaroot 1.5.3.
All other errors need some investigation about your kernel image.
Framaroot say Success but SuperSU is not installed after reboot ?
Maybe there is some additional protection on your device or something goes wrong with SuperSU version embedded in Framaroot.
In this case, I recommend to use "Execute script" action and put your own shell script commands in /sdcard/custom (use at your own risk, all commands are executed with root privileges). Look at this post to know how to use custom script.
What can I do when the result is Half-success ?
You see this message when the /system partition on your device is a read-only filesystem (eg: SquashFS). To handle this case Framaroot try to use a trick by adding "ro.kernel.qemu=1" in file /data/local.prop. To test if this trick work you have to reboot your device and connect to it with adb shell. Once connected type the "id" command to see if you are root.
If you are not root, your last chance is to select "Execute script" action and put your own shell script commands in /sdcard/custom (use at your own risk, all commands are executed with root privileges). Look at this post to know how to use custom script.
Re: [ROOT] Framaroot, a one-click application to root some devices
Samsung Galaxy S II Epic 4G Touch - SPH-D710
Android 4.1.2
Build GA10
Exynos4 processors
Results: Exploit failed
Possible Reason: Samsung has patched the kernel in this build.
I post these results to avoid future questions and comments. I suspect this will be successful on prior builds where the exploit is left unpatched.
EDIT: and BTW, FIRST!!!! LOL!
Bugging up my phone, so you don't have to!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
TrayLunch said:
Samsung Galaxy S II Epic 4G Touch - SPH-D710
Android 4.1.2
Build GA10
Exynos4 processors
Results: Exploit failed
Possible Reason: Samsung has patched the kernel in this build.
I post these results to avoid future questions and comments. I suspect this will be successful on prior builds where the exploit is left unpatched.
EDIT: and BTW, FIRST!!!! LOL!
Bugging up my phone, so you don't have to!
Click to expand...
Click to collapse
Framaroot 1.1 released, Frodo exploit has been added. Give it a try
Re: [ROOT] Framaroot, a one-click application to root some devices
alephzain said:
Framaroot 1.1 released, Frodo exploit has been added. Give it a try
Click to expand...
Click to collapse
Success!
Bugging up my phone, so you don't have to!
Re: [ROOT] Framaroot, a one-click application to root some devices
Confirmation.
It worked on JB 4.1.2 GA10 SGSII E4GT. :beer:
Sent from my SPH-D710 using Tapatalk 2
Is there an app similar to how easy this app is to root if we want to unroot? Besides flashing an unrooted one click of course. I have insurance on my E4GT and just want to know if I can reverse this if I need to bring in phone for repair or replacement.
I think in the exploit repair/root app that you or chainfire made had the ability to remove the repair but not sure about unrooting, think that would be a great app feature to unroot.
Thanks
Raistlin1 said:
Is there an app similar to how easy this app is to root if we want to unroot? Besides flashing an unrooted one click of course. I have insurance on my E4GT and just want to know if I can reverse this if I need to bring in phone for repair or replacement.
I think in the exploit repair/root app that you or chainfire made had the ability to remove the repair but not sure about unrooting, think that would be a great app feature to unroot.
Thanks
Click to expand...
Click to collapse
Superuser have a temp unroot feature. It certainly exists many apps which does unroot.
I think I will include an unroot possibility in Framaroot.
Now, I have an s3 SGH-1747m.
Not sure if its and exynos device or not, but would love to know if this would word on my device
Re: [ROOT] Framaroot, a one-click application to root some devices
cheesynacho said:
Now, I have an s3 SGH-1747m.
Not sure if its and exynos device or not, but would love to know if this would word on my device
Click to expand...
Click to collapse
You can look here, or here to help answer your question. Hope that helps! :thumbup:
Bugging up my phone, so you don't have to!
TrayLunch said:
You can look here, or here to help answer your question. Hope that helps! :thumbup:
Bugging up my phone, so you don't have to!
Click to expand...
Click to collapse
I take it it wont work for my phone :silly:
Thanks for the help!
Re: [ROOT] Framaroot, a one-click application to root some devices
cheesynacho said:
I take it it wont work for my phone :silly:
Thanks for the help!
Click to expand...
Click to collapse
If you're still unsure, you can try it and post your results. Worst case scenario, the app will tell you that root failed and you can uninstall it.
Bugging up my phone, so you don't have to!
Does it work for the Verizon galaxy nexus?
fyi,
got A popup saying "Your device seems not vulnerable to exploit included in Framaroot", now i will uninstall app
this is on LG P769 tmobile us.
Doesn't work for the Verizon galaxy nexus.
No go for the Rogers Note SGH-I717R. Bummer, but awesome work here. People who will be able to use it should thank the eff out of yer help!
Any software glitches
I will be getting a Verizon version, and I was wondering if there is any ill effects from this method. Such as camera malfunction or a similar issue. I have heard of root solutions that break certain functionality of certain parts of the software. Anyone having any of these issues?
I've used it on my Samsung Note 2 NT7100 4.1.2 stock
It worked fine for a while but after some hours i tried to chat in whatsapp (as i did before) and it froze and kept spamming a popup with "radio has been granted superuser permissions" after a while it completely froze trying to reboot it got it stuck in the "Samsung" boot log.
I had to take out the battery to get it running again, lets see for how long it will stay like that.
shadoom23 said:
I've used it on my Samsung Note 2 NT7100 4.1.2 stock
It worked fine for a while but after some hours i tried to chat in whatsapp (as i did before) and it froze and kept spamming a popup with "radio has been granted superuser permissions" after a while it completely froze trying to reboot it got it stuck in the "Samsung" boot log.
I had to take out the battery to get it running again, lets see for how long it will stay like that.
Click to expand...
Click to collapse
Hmm, your chat app require root permission ? Its a strange behaviour. Did you already root your device before using your chat app ?
Seeing "radio has been granted superuser permissions" if your application doesn't mention it require root is not normal.
Works on EU Samsung Galaxy Note 2 GT-N7100, Android 4.1.1, Build JRO03C.N7100XXALJ3.
Installed APK, selected SAM then rebooted.
no joy
did not work with ATT Galaxy Note SGH-I717
Related
Credits:
birbeck for the usual random java guidance, slushpupie for his previous java guidance, dodgejcr for extreme amounts of testing, and one_love_420 and shift for some great graphics!
testers: JT-, couga6442, happytweak and many others I might have forgot in the last three days of late nights and no sleep plus full day of work!
Thanks to SDX !!
Requires:
Unlocked bootloader and root access!
Background:
flash_image (bmlwrite) is an extremely useful utility for flashing custom kernels, boot logos and recoveries. This binary has made it possible to easily flash all these items and is used almost everywhere behind the scenes (i.e. in custom recoveries, packaged into kernel /sbin, etc).
Description:
This android application, FlashImageGUI, is basically a GUI interface for the linux binary, flash_image provided by google in AOSP for loading custom kernels and recovery images onto the phone. No recovery or adb needed! Flash a custom kernel, boot logo (some devices) and custom recovery all from android w/o rebooting into recovery mode!
The application displays current kernel version information!
Current Device Support:
Full Kernel (Anykernel and boot.img) Flashing and Recovery (zip file or image) flashing: Sprint Galaxy S4, International HTC One, T-Mobile HTC One, Sprint HTC One, HTC EVO 4G LTE, HTC One S, HTC EVO 3D CDMA and GSM, HTC One XL, HTC Droid DNA, HTC Amaze, HTC Vivid/Holiday, HTC EVO 4G, HTC EVO Shift, Google Nexus 4, Google Nexus 10, Google Nexus 7, Samsung Google Galaxy Nexus, Nexus S/Nexus S 4G & LG Optimus
Full Kernel, Logo and Recovery flashing: Samsung Moment, Transform, Intercept and Acclaim - the s3c6410 series of devices
Full Kernel (zImage) Flashing: Samsung Epic
Check application version for updates
Future Support:
The current phone support limitation is due to hardware manufacturer differences and their software implementations. This process can be very dangerous and I'm being very caution by thoroughly testing before releasing. I've started with the phones I am most familiar and hope to cover all those who request it!
I have a personal list of features I am going to be adding over the coming days and weeks in addition to support for other phones. Please feel free to leave feedback here and requests for phone support. If you have any information on flash_image or bmlwrite for your phone, that'll help get me started researching on your phone support request. Thanks!
Install Directions:
Install process is the same as any other .apk. Download to computer and adb push or mount sdcard on computer and copy over. Use any file manager, adb, connectbot/terminal emulator to install.
My preferred method, maybe a bit technical: adb install c:\downloads\FlashImageGUI.apk
Download Locations
Market (99 cents!): Flash Image GUI
Release versions (free from my personal hosting): Flash Image GUI
Contact:
Any questions, comments, concerns, or issues, please post in this thread or send me an email! Thanks for all the help and support!
http://twitter.com/joeykrim
http://joeykrim.com
Screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Feedback:
Please post any helpful feedback. I'm always looking to improve the application!
Users Guide for flashing ONLY a Kernel (zip file):
1) Ensure the bootloader is unlocked and root access is properly setup
2) Make sure the selected Kernel is compatible with the currently loaded ROM. If not, this will result in a lot of frustration!!! See troubleshooting steps below.
3) Download kernel zip file to /sdcard.
4) Open Flash Image GUI, browse and select kernel zip file, downloaded/loaded to sdcard in previous step.
5) Flash Image GUI will validate the kernel zip file is contains the minimum required files
6) Select the Flash Image button and Flash Image GUI will load the kernel and the kernel modules from the source kernel zip file.
7) Reboot
Troubleshooting after Rebooting:
First step, when experiencing issues flashing is to RE FLASH the files again. Many times, re flashing again will clear up any issues. If not, see the issues/solutions below.
Issue #1: If the device hangs or reboots while on the splash screen, the kernel itself or the ramdisk packaged in the kernel is NOT compatible with your device!!!
Solution for #1: Have to boot into fastboot (or directly into the custom recovery) and load the custom recovery to flash a known good kernel or restore a previously known good nandroid backup. Command: fastboot boot c:\downloads\cwm-recovery.img
Issue #2: If the device hangs or reboots while on the boot animation, the ROM is likely NOT compatible with the kernel!!!
Solution for #2: Have to boot into fastboot and load the custom recovery to flash a known good ROM/kernel combination either from a zip file or restore from a nandroid backup.
Im curious, why does this only work on certain phones? I need a way to flash a recovery to my Tmobile Comet (Huawei Ideos U8150). Thanks
jdyates said:
Im curious, why does this only work on certain phones? I need a way to flash a recovery to my Tmobile Comet (Huawei Ideos U8150). Thanks
Click to expand...
Click to collapse
great question. I've updated the OP to answer this better.
essentially each hardware manufacturer is able to use their own type of drivers in dealing with the phones internal memory and in formatting the phones internal file system.
this allows for many different variations. the specific phones I support are the ones I was able to obtain a flash_image binary for (hence the name flash_image) and was able to extensively test.
if you any information to the flash_image binary for your phone, i'd be more than happy to research it and adding support to the app!
i've worked day/night the last three days to put this app together and had a ton of testing. i do hope to continue to add support for more phones! thanks for the feedback and phone support suggestion! i will definitely look into it and any help you can provide would be great!
Here is the flash_image binary for Tattoo,
please add it to supported devices, thanks.
How soon before the Epic 4G gets some love?
Samsung galaxy spica gt-i5700 also use same s3c6410 chip. Will this work on it??
Sent from my GT-I5700 using Tapatalk
I have a viewsonic gtab and I HATE the splash screen - would love to see it supported. My 2c... great tool! Thanks!
joeykrim said:
great question. I've updated the OP to answer this better.
essentially each hardware manufacturer is able to use their own type of drivers in dealing with the phones internal memory and in formatting the phones internal file system.
this allows for many different variations. the specific phones I support are the ones I was able to obtain a flash_image binary for (hence the name flash_image) and was able to extensively test.
if you any information to the flash_image binary for your phone, i'd be more than happy to research it and adding support to the app!
i've worked day/night the last three days to put this app together and had a ton of testing. i do hope to continue to add support for more phones! thanks for the feedback and phone support suggestion! i will definitely look into it and any help you can provide would be great!
Click to expand...
Click to collapse
Thanks for the detailed reply, you dont see that alot from app devs these days.
Unfortunately, i have no idea what a flash binary is for my phone or how to get it. Oh well. Thanks again
dancer_69 said:
Here is the flash_image binary for Tattoo,
please add it to supported devices, thanks.
Click to expand...
Click to collapse
perfect! recovery image support should be simple.
kernel flashing methods seem to vary quite a bit between devices. could you post links up to two/three popular kernels so i can see the format they're using?
mattallica76 said:
How soon before the Epic 4G gets some love?
Click to expand...
Click to collapse
great question! i hope to get this supported within the next week as ill be on my honeymoon the next 5 days w/o internet...i know, tough but worth it
if you have the information handy, could you post links to two/three top kernels so I can examine their format?
lovleshgarg said:
Samsung galaxy spica gt-i5700 also use same s3c6410 chip. Will this work on it??
Sent from my GT-I5700 using Tapatalk
Click to expand...
Click to collapse
yes, i had thought about this but didn't know anybody with the phone. supporting this phone should be very simple as it uses that same chip set. could you post a link to a pastebin of this command:
adb shell ls -l /
to double check, flash_image on the spica also does zImage (kernel), logo.png (boot logo) and recovery.rfs (recovery) right?
thanks!
austontatious said:
I have a viewsonic gtab and I HATE the splash screen - would love to see it supported. My 2c... great tool! Thanks!
Click to expand...
Click to collapse
great, this seems to be popular. i have been looking into this and will keep you updated! i hope to get support added for this soon!
for you
hi joeykrim. you do good work man.
attatched is 3 things.
1.flash_image binary for the Epic 4g SPH-D700
2.redband_ua, the method we use to flash kernels
3.zImage, i compiled from source and use
we run on EXT4 mostly these days
I and a few other developers use a scripting process to flash kernels without recovery. if want these pm me.
joeykrim said:
perfect! recovery image support should be simple.
kernel flashing methods seem to vary quite a bit between devices. could you post links up to two/three popular kernels so i can see the format they're using?
great question! i hope to get this supported within the next week as ill be on my honeymoon the next 5 days w/o internet...i know, tough but worth it
if you have the information handy, could you post links to two/three top kernels so I can examine their format?
Click to expand...
Click to collapse
Here are some links to some popular kernels on the Epic-
http://forum.xda-developers.com/showthread.php?t=961614
http://forum.xda-developers.com/showthread.php?t=976197
Congrats and have fun on your Honeymoon.
can i use this with my samsung galaxy apollo????
yea joeykrim!!! i just saw the release! \o/
congrats, buddy!!
Looks like an awesome utility
Support for HTC Desire would be perfect, as i can't seem to get fastboot working, so i'm stuck with Clockworkmod 2.5.1.8 at the moment..
I'm not sure how to get the flash_image file, is it the one contained in /system/bin?
Kernel links:
AOSP - http://forum.xda-developers.com/showthread.php?t=782875&highlight=vork
AOSP - http://forum.xda-developers.com/showthread.php?t=1031909
Sense - http://forum.xda-developers.com/showthread.php?t=849002
Sense - http://forum.xda-developers.com/showthread.php?t=801915&highlight=vork
Stock ROM support
Will this work on galaxy S stock ROM...or do I need to have a third party ROM installed. Most of the other flashing softwares do not support the stock ROM and I hope this is not amongst them.
mattallica76 said:
Here are some links to some popular kernels on the Epic-
http://forum.xda-developers.com/showthread.php?t=961614
http://forum.xda-developers.com/showthread.php?t=976197
Congrats and have fun on your Honeymoon.
Click to expand...
Click to collapse
released an update - version 1.0.3 - supports kernel flashing on Samsung Epic!
tested recovery flashing on the Samsung Epic but it seems too unstable to support
thanks to DRockstar, skeeterslint and MeatMcBadass for testing and feedback!
links in OP updated with new version!
Released version 1.0.5 - Fixing a few minor bugs
** Updated boot logo flashing support on S3C6410 series devices (moment, transform, intercept and acclaim)
** Cleaned up code on the back end for efficiency
** Clarified wording in the prompts
Links in OP have updated versions! Thanks for all the support!
SU Access
Hey I could really use some help, I rooted my Samsung Moment yesterday using the Z4Root program yesterday, but when I try to use Flash Image_GUI I get the following error:
"Root Access Denied
This device has not granted root access to this application. Please root this device to allow this application root access. This application can not run without root access. Sorry!"
Can anyone please help me? I did root the phone accurately, I have the SU icon, but this app (flash image) won't open for me...
WDeamz said:
Hey I could really use some help, I rooted my Samsung Moment yesterday using the Z4Root program yesterday, but when I try to use Flash Image_GUI I get the following error:
"Root Access Denied
This device has not granted root access to this application. Please root this device to allow this application root access. This application can not run without root access. Sorry!"
Can anyone please help me? I did root the phone accurately, I have the SU icon, but this app (flash image) won't open for me...
Click to expand...
Click to collapse
After reading through the z4root thread,
http://forum.xda-developers.com/showthread.php?t=833953 , it appears they install the superuser.apk after rooting.
After you run z4root, and it is a permanent root, I would reboot the device to make sure the SuperUser apk appears in the app draw/tray.
After you can confirm z4root gave you permanent root and installed the superuser apk, then install my app. When you first open my app, the SuperUser app should ask whether or not you want to grant my app root access.
If you've already said no, you can open the SuperUser app from the app draw/tray and change your preference. My application will require root access to run properly.
If you don't see the superuser app in your app draw/tray it would seem z4root did not work properly.
Hope this helps!
Thanks for getting back to me
Hey I appreciate the fast reply, I uninstalled your app and re-installed it, but unfortunately I am still getting the same error. SU is on the tray, but I get no option to allow root for your app...any help you could give me is really, really, appreciated.
Root Transmission
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Root Transmission: the ONLY app that allows you to root other phones straight from your own device!
Inspired by Kos's p2p-adb hacking toolkit (http://hak5.org/episodes/hak5-1205), this app is a pleasant, easy way to root other phones while away from your computer! Just two buttons, Root and Unroot! Connect the cable and root away! It couldn't be simpler!
Even has its own terminal window so you can see exactly what's going on while your phone does its thing!
You will need a ROOTED device capable of USB hosting (USB On The Go), a USB OTG cable and one-click root scripts for the devices you wish to root.
Scripts and their associated files should be placed in /sdcard/RootTransmission/*devicename*/*version*/, otherwise it will not be available for use. *devicename* and *version* can be whatever you want.
Note that this is an UNSTABLE version, and you use this app at your own risk. Occasional force closes are to be expected (though they will most likely not break the phone you are trying to root). Incorrectly written scripts can permanently damage or brick both devices involved, so only use trusted 3rd party root scripts and at your own risk.
Click to expand...
Click to collapse
Screenshots
Changelog
1.01unstable
fixed bug that sometimes caused crashing when user closed app
fixed bug that caused app to crash if scripts directory did not exist
Much smaller size (166k)
made it for Android 4.0 and up (accidentally had it for 3.1 and up in Play Store, will re-add Honeycomb support if I find that it works reliably with it)
1.0unstable
initial public release
Click to expand...
Click to collapse
Planned features
Downloading scripts within the app
Nicer GUI
In-app help text
??? Suggest some!
Click to expand...
Click to collapse
(Removed from Play Store because Google said it was "dangerous")
Please do not mirror this apk, it is to be downloaded exclusively from XDA-Developers. Failure to comply will result in the removal of this app from XDA.
I've attached a zip with the files needed to root a Verizon Galaxy S3 (SCH-I535), extract it to /sdcard/RootTransmission/ to use.
Note that since I only have one USB host-capable device (my own S3), no warranty is provided over the functionality of this zip since I am unable to fully test it. (It is a repackaged version of the DebugFS one-click root found at http://forum.xda-developers.com/showthread.php?t=1883984 and thus will only work if the device to be rooted is running ICS, which shouldn't be a problem as of yet.)
Again, this is an unstable test version. It should mostly work, but no guarantees on its functionality.
Reserved for future use
Reserved for future use.
what device is supported? what device supported that can be rooted?
chev said:
what device is supported? what device supported that can be rooted?
Click to expand...
Click to collapse
In order to run the app, your device (the device that is already rooted) must support USB hosting/USB OTG. Most newer devices have this.
This app uses adb and scripts (which you must provide) to root devices. If there is a root method for the device that uses adb, then it will work.
In the case of the Verizon Galaxy S3 (my primary device), the root method for a stock ROM is to use adb to push an exploit that will allow us to install Superuser and the su binary. I believe the Asus Transformer Prime uses a similar method.
If the only root method available involves using a program such as Odin/Heimdall or a manufacturer's phone flashing utility, or a zip must be flashed in recovery in order to gain root, it will definitely not work. In the case of the HTC Sensation, you must flash a recovery and boot into it, then flash a zip containing the su binary as well as a controller app such as Superuser in order to gain root. So the HTC Sensation could NOT be rooted with this.
In the future I plan on building a compatibility chart within the app to determine which phones can run this app and which phones can be rooted with it, as well as downloads for the rooting process. In the meantime, if there is a phone you are looking to root with this, let me know and if possible, I'll craft a zip to use with this.
Updated Root Transmission to 1.01unstable.
Following changes were made:
-bugfix: app occasionally FC'd when closing app
-bugfix: app crashed if scripts directory did not exist
-smaller size (166k, old version was 1.62mb)
-made it available only for 4.0 and up (had it set to 3.1 and up by accident)
Available in first post or in the Play Store.
Keep sending in those bug reports, it really helps!
Also, if you have any new features you want to suggest, let me know.
I'm considering the following so far:
-Downloading scripts in-app
-Nicer GUI
-Help text
Added script for the Asus Transformer tablets (TF101/TF201/TF300T/TF700T) to the first post. It will only root tablets on 4.0 or below.
This app looks promising, keep it up this great work, :fingers-crossed:
Theoretically could this run any script over adb on another device. not just a root one?
one x
Hey does this work with the one x international version?
I believe that in order for the app to work properly, adb must be running as root, so no. It's not possible to use this with a non rooted phone.
HTC One X should be able to be rooted (as well as other devices relying on fastboot), but I haven't added support for it yet. A fastboot binary for ARM is available, so I'll package that into the app for next release. Stay tuned. However, I don't know about unlocked bootloaders and all that on HTC devices, so beware.
I'm also going to take a look at the Heimdall source code later so that you can perform Odin flashes over USB. This means that basically any Samsung phone should be able to be rooted, even without a one click root script.
All this stuff will take time though, and with school still going on it might take some time. But I'm definitely working on it!
Sent from my SCH-I535 using Tapatalk 2
Would it be possible to use this app to flash unsecured boot.img and then recoveries? Basically have it set up to download the recoveries and boot.img from a ftp or something? Can we basically just use the host phone as a standard ADB and Fastboot commander? Using regular commands?
root tranmission
i download the file, and recive the next error while unstalling:
parse error
there is a problem parsing the package
there´s any fix?
thanks in advance
Draciel882 said:
Would it be possible to use this app to flash unsecured boot.img and then recoveries? Basically have it set up to download the recoveries and boot.img from a ftp or something? Can we basically just use the host phone as a standard ADB and Fastboot commander? Using regular commands?
Click to expand...
Click to collapse
This is on my to-do list. I might also include a terminal emulator with access to the app's adb/fastboot binaries.
teran220 said:
i download the file, and recive the next error while unstalling:
parse error
there is a problem parsing the package
there´s any fix?
thanks in advance
Click to expand...
Click to collapse
Try installing from Play Store.
wchill said:
This is on my to-do list. I might also include a terminal emulator with access to the app's adb/fastboot binaries.
Click to expand...
Click to collapse
That would be awesome, let me know if you need some help testing. I've been wanting to be able to do this for awhile. It would pretty much eliminate the need for a computer when flashing roms on devices that have their bootloader already unlocked.
how to check my device is usb otg/host capable ?
anazhd said:
how to check my device is usb otg/host capable ?
Click to expand...
Click to collapse
Use this app by Chainfire
https://play.google.com/store/apps/details?id=eu.chainfire.usbhostdiagnostics
Sent from my SCH-I535 using Tapatalk 2
Wow, the idea behind your software is brillant!
I yet see a future world in which handset liberation is achieved and spread among users in dark corners of the streets! :silly: :laugh:
Hey there wchill , seems like you are an app dev rookie as I seen some stuff , well you aren't so different from me , PM me , I will help you in your project , btw I have seen a small thing , that the Settings button does nothing , to remove it remove in your mainActivity the lines that say onCreateOptionsMenu , as long as you don't need an options menu !
EDIT : No offence for calling you a rookie , I may have underestimated you , because your work is amazing , but I was talking the Java side of your knowledge , sorry if I offended you !
seaskyways said:
Hey there wchill , seems like you are an app dev rookie as I seen some stuff , well you aren't so different from me , PM me , I will help you in your project , btw I have seen a small thing , that the Settings button does nothing , to remove it remove in your mainActivity the lines that say onCreateOptionsMenu , as long as you don't need an options menu !
Click to expand...
Click to collapse
I know that the options menu is there, but I'm planning on adding to its functionality so there's no point in removing it yet. Don't worry, I didn't forget about it
Also, I only have one year of experience in Java, so my skills definitely are not the most top notch out there. I'd say not bad for being self taught though.
Anyway, in app downloads should be working by this weekend, depending on how much homework I get this week. Did a lot of it today, just need to make the frontend for it. After that I'll work on improving the GUI, because I really couldn't be bothered to spend more than 5 minutes making it what it looks like right now.
Expect an update in the next few days
Sent from my SCH-I535 using Tapatalk 2
Updated to March 16th 2014.
General Warning, read before doing anything to your tablet:
Whenever you try to do anything to your system ALWAYS back up everything since there is always the chance that something might go wrong.
If something goes wrong you have to download and install the boot images from HP support, HP Slate 7 2800 restore image and HP Slate 7 4600 restore image, the install instructions are in the same page in "How to install".
Some users have had problems with the alternative rooting method using Bin4ry's tool, since it is some I will asume it is something someone is not doing correctly, because other users with the same slate model have been able to root, if it is your case where you can't actually root post here I'll try to help you in any way I can.
To end this sort of disclaimer, my Slate 7 is the model 4600 so I'm not actually able to try the method with other slate models, anyhow other users have had no problem but as always this could be your case and I'm not responsible in any way if you brick your device.
Cydia's Impactor tool has been updated and it's working with all versions of the roms (Confirmed by users).
Bin4ry's rooting tool has been updated, chances are it's more friendly user and won't throw any errors, up to you to try it out.
Just as a side note, the screenshots below are just for reference, they are not the same drivers/devices, they are only meant for you to know where to click.
Step 1: Download Tool Package (this is an old package, the drivers in the package works but you NEED TO ALSO DOWNLOAD Cydia's Impactor (Link to home page in case you are interested in reading a bit) and Googles ADB Drivers with a little modification in the ini file so it installs the driver for our HP Slate 7 tablet). If your Slate 7 model is 2800, you have to also download Moborobo that will find and install the drivers for you. I've received messages from users who have had both good luck and no luck installing the drivers, this must be dependant on your operative system and administrative rights, I did all this steps on a Windows 8 64bits machine with administrative privileges.
Download latest Cydia's impactor tool from the link above. The one in the package won't help you if you are trying to root v9 and above.
Step 2: Unzip the package anywhere you like, meanwhile go to your tablet and set it to USB Debugging.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
YOU MUST SET IT ON USB DEBUGGING MODE, else nothing that you try will work.
Step 3 OPTIONAL: Just in case if your computer doesnt realize there is a device connected you need to copy the file in "\.android\adb_usb.ini" over to your user path "%USERPROFILE%\.android\" and reboot the computer (Just in case it wont recognize a device as connected).
Step 4: Now open the computers Device Manager and you will see something similar to this picture
Step 5: Right click the HP Device and choose to update driver, search for drivers in the computer (2nd option), then "let me pick from a list of device" as follows:
Step 6: Next click in "have disk" and navigate to where you unpacked the file downloaded earlier and choose the ini file.
Pictures for reference only.
Step 7:All you have left is open Cydia's Impactor tool, you will see a small window with a default command on screen which is the following:
Code:
# drop SuperSU su to /system/xbin/su
Just click Start next to it aaaaand you are done!
(PS: If this worked you are done, skip Step 7B. If you were unable to root your device try Step 7B)
Step 7B (ONLY IF Cydia's tool did not work): Warning: I've received messages from some users that this exploit has left them on bootloops, this method is tested on the 4600 model, if you have another and it works please do post your results, if you have problems all you have to do is download your model ROM from HP support and boot it through your microSD card to restore factory settings, also check in Bin4ry's thread for information if it is your case, if you find another method please do let us know . DO THIS ONLY IF STEP 7 FAILED, you will have to download the following rooting tool from Bin4ry's XDA thread, execute "RunMe.bat" and use method 1 and follow the on-screen instructions (This method will reboot your tablet 3 times if I remember correctly, after 2 reboots it will be stuck in a black screen for a couple of minutes (or more, it took me around 10 minutes) this is as it pushes the files for superuser, don't panic).
You can check your build version as it's shown in the following picture.
Just open an app like Titanium Backup which needs root to see if it worked.
This method is simple plus you don't have to download anything chinese or unnecesary software into your computer, the tutorial is really long because I tried to be as detailed as posible but in the end you shouldnt take more than 5 minutes (The downloads might take a bit longer though for the SDK), I would take screenshots of the process but my computer runs on a Spanish version of Windows (The same reason why you might see things with different names I was just trying to guess the device manager label part).
If you have any question feel free to ask (of course... as long as it hasn't been asked again and again in the thread ) and if it worked for you a thanks would be awesome so more users will try
PS: My Slate 7 model is the 4600 but it should work with others slates and for that matters, with any tablet as long as the adb driver is recognized.
PS2: If you could upload the package into a new mirror that might help more people.
PS3: Updated to March 16th 2014.
PS4: I just realized the screenshots facilitated by another user have been deleted, will try to find new ones.
PS5: If this helped you, please do thank, this way more users will benefit from it.
Universal Root
Ok people, I've used pretty much the same method to unlock 2 different tablets, if you see my other guide with rooting MSI Windpad 71 it's almost the same thing.
Once you get ADB running all you have to do is run Cydia's impactor and you are good to go.
If this helped anyone please tell your experience and with which devices you have tried this.
It's working guys!
It works perfectly, even better.
Also does anybody know how to make GT Racing Academy work on it?
My HP its Slate7 2800 your thread its for 4600 its diferent i think? I cant install the driver from device manger.
mastertempo said:
My HP its Slate7 2800 your thread its for 4600 its diferent i think? I cant install the driver from device manger.
Click to expand...
Click to collapse
Please do reply to the questions I asked you earlier, if you don't give out information I don't know what you are not doing right.
Dont wory man,i root my slate 7. How? I told you now. First i intall this: https://www.dropbox.com/s/0jg872o2armnntt/ADBDrivers.exe and strart it and install drivers. Then i run cydia impactor and everyting its done for few seconds. But i have one question now: is the cydia its universal for all android deviceses?
mastertempo said:
Dont wory man,i root my slate 7. How? I told you now. First i intall this: https://www.dropbox.com/s/0jg872o2armnntt/ADBDrivers.exe and strart it and install drivers. Then i run cydia impactor and everyting its done for few seconds. But i have one question now: is the cydia its universal for all android deviceses?
Click to expand...
Click to collapse
Yes, Cydia's main goal is to be a universal rooting tool.
I will check on the drivers you found, it could shorten the guide.
For everyone else I know it looks like a lot of steps, but it's really download software, modify a couple of ini files, install driver and run Cydia Will check on the drivers MasterTempo installed maybe I can make a package for a single small download.
Ok guide updated to v2.0 with single package download.
As long as the computer recognizes the ADB drivers for the phone/tablet Cydia's Impactor tool should root any device.
Worked on my slate. Thank you very much for your help
Sent from my GT-I9100 using XDA Premium 4 mobile app
what about unroot?
hi still i didnt root but i want to know how to unroot it : as my HP Slate is very new
OTA update
kibaruk said:
Ok guide updated to v2.0 with single package download.
As long as the computer recognizes the ADB drivers for the phone/tablet Cydia's Impactor tool should root any device.
Click to expand...
Click to collapse
My tablet is asking to update, if I do the OTA will I lose root?
wasim9283 said:
hi still i didnt root but i want to know how to unroot it : as my HP Slate is very new
Click to expand...
Click to collapse
No idea here mate sorry.
dalethefarmer said:
My tablet is asking to update, if I do the OTA will I lose root?
Click to expand...
Click to collapse
Nope, I've updated mine and it's still rooted.
kibaruk said:
No idea here mate sorry.
Nope, I've updated mine and it's still rooted.
Click to expand...
Click to collapse
I just updated mine and lost root...
dalethefarmer said:
I just updated mine and lost root...
Click to expand...
Click to collapse
Really?? That's odd... well you could always just re-run Cydia and go ahead with the push of files again and voila rooted again.
kibaruk said:
Really?? That's odd... well you could always just re-run Cydia and go ahead with the push of files again and voila rooted again.
Click to expand...
Click to collapse
Doesn't work. When I run Impactor I get an error: Signature bugs unavailable.
I tried updating impactor and I have the latest version.
I can factory reset and root again, but how do I stop the OTA update prompts from popping up?
dalethefarmer said:
Doesn't work. When I run Impactor I get an error: Signature bugs unavailable.
I tried updating impactor and I have the latest version.
I can factory reset and root again, but how do I stop the OTA update prompts from popping up?
Click to expand...
Click to collapse
Ok it seems the latest OTA which was a big one over 250mb changed something, I lost root access too, will have to see how to get this one rooted.
If anyone could confirm before trying to update to big OTA their versions? Mine is after OTA Android Version 4.1.1 compilation numbre v1.05.10_user.
It seems that for version 1.05.10 they have fixed the master key vulnerability of android.
"If you are having problems using Cydia Impactor (it crashes, doesn't work on your device, or simply doesn't make any sense) please join #android on irc.saurik.com and ask a question.
The Android "Master Key" vulnerability was found by Bluebox Security. For more information on how this bug works, I have done an overly-detailed article on the exploit technique.
If that bug is not available, Impactor will instead attempt to use a different signature verification bug. For more information on how that bug works, I have done another article on the new exploit.
It is possible that your device has been patched against both bugs; Impactor will inform you of this. If you'd like to check before spending time working with Impactor, you can try either the Bluebox Security Scanner or the alternative SRT AppScanner (which I have found to provide fewer false positives than Bluebox's tool).
Some devices are also patched against the second stage now used to get root; devices that are patched will show "link failed file exists". (This second stage was made possible due to help from @giantpune.)".
dalethefarmer said:
Doesn't work. When I run Impactor I get an error: Signature bugs unavailable.
I tried updating impactor and I have the latest version.
I can factory reset and root again, but how do I stop the OTA update prompts from popping up?
Click to expand...
Click to collapse
Ok I found a working root for latest 1.05.10 patch you can download here.
Once you download the tool you have to run the "RunMe.bat" file and follow the instructions, the method that worked was method 1 "New Standard-Root", it seems to also come with an unroot option for those who have asked for it, havent tried it though.
PS: Be careful when "press a key to continue now" because you can make it a double tap and miss a step, it won't brick the device but you will take longer.
Guide updated for latest OTA pushed 1.05.10_user that won't accept Cydia's vulnerability. It seems that the alternative rooting tool has the option to unroot for all of those who have asked for it, I havent tried it yet though.
mastertempo said:
My HP its Slate7 2800 your thread its for 4600 its diferent i think? I cant install the driver from device manger.
Click to expand...
Click to collapse
I've found out other HP Slate 7 2800 users are having problems with the drivers I put in the package, they have found Moroboro useful for that matter
Hi,
This is a list (incomplete) of all the ROMs, mods, hacks, guides, etc. available for the Fire HD 8 (2017).
This was a root progress discussion thread, and I think there's too much valuable information here to just let it get buried. So, following @Rortiz2's suggestion this thread was transformed to a master thread with the aim of providing a complete guide for anyone wanting to mod their tablet.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Device Codename: douglas
Specifications:
SoC: Mediatek MT8163
CPU: Cortex-A53 (Quad Core 4x1.3Ghz)
GPU: Mali 720
RAM: 1.5GB
Android: 5.1 (FireOS 5.x.x.x)
Storage: 16/32GB
Includes a MicroSD slot
Battery: 3210mAh
Display: 8"
Front Camera: 2MP
Rear Camera: 2MP
The italicized text below are my comments/clarifications.
The root method was patched in 5.6.4.0 (some versions of 5.6.4.0 still work so you could try) It is advisable to disable OTA updates or unlock the bootloader immediately. It is still possible to unlock by a different method, check the bootloader unlocking thread.
Bootloader Unlock and TWRP:
[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2017 (douglas)
This is an excellent and complete guide which has everything you need for this. Requires Linux, so you'll have to either install it as dual-boot or use a live system if you are not using it already. You don't need to downgrade if you are on 5.6.4.0.
Rooting:
You can flash Magisk using TWRP after bootloader unlock. Using Magisk is recommended because SuperSU is no longer supported, and Magisk has modules, Magisk Hide, and the root prompt is working (In SuperSU it's not working so you have to always grant root permissions which is a major security loophole)
Rapid Temporary Root for HD 8 & HD 10
This is the first software root method discovered for this tablet and is a really easy and quick method of getting a root shell, and the link has a complete guide on it. Refer here for installing SuperSU for permanent root, and here for an automated script for Windows.
[ROOT] Hardmod Root Your Amazon Fire HD 8 (7th Gen)
This is first root method ever discovered for this tablet and is a hardware root. This link has a complete step-by-step guide, assuming you have some soldering experience.
ROMs:
[ROM][unlocked]Lineage-12.1 for Amazon Fire HD8 2017 (douglas)
The first (and currently only) ROM for this device and it works great!
Miscellaneous:
Amazon Fire Toolbox, I have never tried this but it looks awesome!
Without root:
Removing accounts and viewing Usage Access settings which are hidden.
Debloating guide without root
With root:
A debloating guide made for HD 10, but works fine on the HD 8.
You can install apps as system apps just as on any other device, and you can use the app Link2SD for converting user apps to system apps. Refer to this StackExchange post for a guide on how to install apps as system.
Flashing GApps works well with TWRP, but the 16GB version doesn't have enough space in the system for even the pico version. Probably using pm uninstall on some system apps would work.
General Tips:
To return to stock or recover from a soft brick:
(Don't use this if you have already unlocked your bootloader: if you want just stock FireOS flash it through TWRP, and if complete stock follow the guide in the unlock thread)
(This assumes that you have ADB installed, I would not advise you on how here, there are numerous guides waiting for a Google search. This will erase your data.)
Download your current FireOS or a later firmware version. You can find the latest over at Amazon's website.
Boot to the recovery mode of your tablet, and use the volume and power buttons to select "Apply Update via ADB".
Now connect the tablet to a PC with a USB cabke, open a command prompt or shell on the directory where you downloaded the firmware BIN, enter the command adb sideload X.bin (replace X with the name of the BIN) and wait until finished (DON'T disconnect your device from the PC)
Now select "Wipe Data/Factory Reset" and "Yes" to wipe data (you can skip doing this if you want your data, but note that the tablet may bootloop or complain about corrupted data)
Select "Reboot system now"
The firmware BINs are just renamed ZIP files: you can rename it from .bin to .zip and treat it as such.
Amazon employs an anti-rollback mechanism which could permanently brick your device if you flash an older version through adb sideload. If you really want an older FireOS, you can rename .bin to .zip and flash them through TWRP after unlocking.
The stock launcher AppID is com.amazon.firelauncher, the stock keyboard is com.amazon.redstone, and the OTA update apps are com.amazon.device.software.ota and com.amazon.kindle.otter.oobe.forced.ota.
Again, this list is incomplete, so please suggest any additions in the comments! (don't hesitate to suggest your own work-the target of this thread to be a comprehensive and complete guide on everything about this tablet)
Good luck modding this tablet!
Thread before changing to a master thread (for historical purposes )
NOW WE HAVE AN UNLOCKING METHOD WITH TWRP! THE CONTENT BELOW IS OUTDATED.
Hi,
Now, I'm sick of Amazon's bloat slowing my tablet, and the frustration of not being able to use root apps. Fire HD 10 got rooted, but HD 8 and HD 7 are still in dark. HD 7 users can at least downgrade their devices and hope for a root exploit, but HD 8 users can't. If anyone else wanting to root this tablet and make it super fast, get rid of Fire Launcher, use Xposed, remove bloat, etc., let's collaborate with this!
LATEST RELEASE - Fire OS 5.3.6.4/Fire OS 5.6.3.4
SECURITY PATCH - ???
KERNEL VERSION - 3.18.19
List of possible software root methods:
1.) eMMC overwriting
Thanks to the hardware root method, we have a full eMMC dump so using the loophole in the flash unlock process which causes overwriting partitions next to it, we could overwrite on all the way, flashing original things, to the system partition and then flash a modified system partition.
Additions to the list are welcome!
List of possible exploits
Additions to list are welcome!
1.)CVE-2017-8890
Status: Confirmed possible.
Description: As I think, this is the most exploitable currently. Running the PoC results in 'somewhat unnatural' Use-After-Free s but the PoC fails to orient them to escalate privileges.
Cons: This exploit is based on obsolete IPv4 sockets, unlike it's cousin CVE-2017-9077, which is based on IPv6, but rather the same exploitation as this. That 'may' make this harder to exploit, but of course there's no evidence.
I, really only added this to cons because you should have a con.
2.)CVE-2017-15868
Status: Unsure
Description: NP Hardass said that this vulnerability is present on the source,I haven't explored it yet.
Cons: ¯\_(ツ)_/¯
If you tried these exploits, please notify me in below and I'll update the status. UPDATE: No point on keeping on trying these kernel exploits as no one (please correct me) who knows to write exploits in C comes here anymore. If someone wants to try though I will start maintaining this list again. Come on, let's collaborate on this!!! :laugh:
Thanks!
Download the eMMC dump from here: https://www.androidfilehost.com/?w=files&flid=282721
PS: You can download original kernel sources from Amazon, just search for it.
Original Thread:
Hi,
Now, I'm sick of Amazon's bloat slowing my tablet, and the frustration of not being able to use root apps. Fire HD 10 got rooted, but HD 8 and HD 7 are still in dark. HD 7 users can at least downgrade their devices and hope for a root exploit, but HD 8 users can't. If anyone else wanting to root this tablet and make it super fast, get rid of Fire Launcher, use Xposed, remove bloat, etc., let's collaborate with this!
LATEST RELEASE - Fire OS 5.6.0.1
SECURITY PATCH - 2017/08/01
KERNEL VERSION - 3.18.19*
*a quite old release it is.
List of possible exploits
Additions to list are welcome!
1.)CVE-2017-12762
Status: Unsure
Description: A super likely-to-work great exploit. If you want you can go look at the kernel source (link included below the thread) 3.18.19 for proof, it starts in line 2640. Looks like a stack buffer overflow.
Cons: ASLR may be an absolute game killer in this case. And some skill is required to exploit, very less-known around the internet. And Amazon may have removed the ISDN support up from the roots of kernel, because it's VERY deprecated.
2.)CVE-2017-16939
Status: Unsure
Description: A nice attack vector. A PoC is available in SecuriTeam blogs, which triggers use-after-free. I tried contacting them for some help, but they almost instantly replied that they don't provide support for their reported vulnerabilities. Sad.
Cons: ¯\_(ツ)_/¯
3.)CVE-2017-15868
Status: Unsure
4.)CVE-2017-10661
Status: Unsure
5.)CVE-2017-7541
Status: Unsure
6.)CVE-2017-6074
Status: Unsure
If you tried these exploits, please notify me in below and I'll update the status. Come on, let's collaborate on this!!! :laugh:
Thanks!
I added the link to the vulnerable code, in case anyone was wondering.
I'm glad to see this thread. Since recently rediscovering the potential of an old Fire 6 and rooting it, removing the bloat and Googlizing it, I wanted to get something a little bigger. I just got my 7th gen HD 8 in the mail yesterday and was devastated to see it was 5.4.0.1. I've blocked OTA, deleted the update it had downloaded, installed Google Play et al., and used NoRoot Data Firewall to block all Amazon apps. Unfortunately, I do not have the expertise to contribute much toward an effort to root this device but would like to help in any way. I appreciate seeing others are out there working on it.
if i knew how to develop the exploits i would honestly try these
Thank you so much for making this thread but I hope I never have to come back here and help, but if i get some extra time in the future I do plan on running all my binaries + servers on the tablet as well. Not to mention just looking at that version number made me want to vomit.
[/COLOR]What steps should I take to increase performance on the hd 8 while we wait for root?
rawfullz said:
[/COLOR]What steps should I take to increase performance on the hd 8 while we wait for root?
Click to expand...
Click to collapse
Hello rawfullz!
Try Greenify. You can use a workaround to grant it Usage Access.
1) Download Activity Launcher and Greenify from Play Store.
2) Launch Activity Launcher.
3) Notice the "Recent" text in the task-bar, press it, and select "All" from the drop-down list.
4) Scroll all the way below until you find "Settings", and press it.
5) Again, scroll below until you find "Apps with usage access", and press it.
6) The hidden "Apps with usage access" menu will pop up.
7) Grant Greenify usage access there. (You can turn off usage access for all Amazon apps if you want, to increase performance but it's recommended to leave out "Storage Management" intact, just in case.)
8) Launch Greenify, and continue with the setup.
9) :laugh::laugh::laugh::laugh:
If you ever want to grant any other app Usage Access, do this procedure, but, remember that "Activity Launcher" is kind of dangerous, if you just launch random activities. I learned that the hard way.
REMOVED
Thank you for making this thread, im looking forward to this become real.
What I dont get is you can download the firmware.bin as well as the source code from amazon, Whats the problem devs should be able to root ?
derwoodbones said:
What I dont get is you can download the firmware.bin as well as the source code from amazon, Whats the problem devs should be able to root ?
Click to expand...
Click to collapse
Hello!
Yes, we definitely can get the firmware. But there are some troubles,
1. Amazon devices are not very well known among the community.
2. Devs don't want to spend their time on our devices, even if we root this thing, no custom ROMs because of the locked bootloader.
3. Amazon didn't leave any loopholes on their OS, they are too clever.
And, I don't think that Amazon will open source their firmware until they checked throughly for any exploits.
We'll have to find exploits the rough way. :crying:
Hey, what about the Janus vulnerability? If some dev is reading this, please help us, because it doesn't require the device.
Supersonic27543 said:
Hello!
Yes, we definitely can get the firmware. But there are some troubles,
1. Amazon devices are not very well known among the community.
2. Devs don't want to spend their time on our devices, even if we root this thing, no custom ROMs because of the locked bootloader.
3. Amazon didn't leave any loopholes on their OS, they are too clever.
And, I don't think that Amazon will open source their firmware until they checked throughly for any exploits.
We'll have to find exploits the rough way. :crying:
Click to expand...
Click to collapse
You don't need an unlocked bootloader to flash a ROM.
Take a look at the BT stack with BlueBorne.
Sent from my iPhone using Tapatalk
Supersonic27543 said:
Now, I'm sick of Amazon's bloat slowing my tablet
Click to expand...
Click to collapse
You forgot to add: "and I wanna to fill my tablet by the Google's bloatware (2 times slower than Amazon's), and also add some rootkits and spyware masked as "super-duper tools for young hackars"
Great to see this thread. Hope some devs collaborate and find a way. Can't wait.
Meanwhile, do you guys have any cool mod to try in the tab.
I have installed playstore and adfree iytb YouTube and bunch of usual apps.
Hello!
DragonFire1024 said:
You don't need an unlocked bootloader to flash a ROM.
Click to expand...
Click to collapse
Yes, you don't need an unlocked bootloader to flash a ROM, theoretically, if the ROM is signed by Amazon. But considering custom ROMs, Lineage, Resurrection Remix, Stock Android, is it possible to compile and flash them without an unlocked bootloader? I thought that you need a custom recovery = unlocked bootloader. Thanks!
sensboston said:
You forgot to add: "and I wanna to fill my tablet by the Google's bloatware (2 times slower than Amazon's), and also add some rootkits and spyware masked as "super-duper tools for young hackars"
Click to expand...
Click to collapse
Hah. :laugh::laugh::laugh:
Robius said:
Take a look at the BT stack with BlueBorne.
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
Great idea, gotta try this! Thanks!
EDIT: Not very confident though. Anyway, likely to work because the security patch of HD 8 is in August.
http://www.androidpolice.com/2017/0...atch-fixes-blueborne-bluetooth-vulnerability/
Someone got a bluetooth adapter handy?
Supersonic27543 said:
Hello!
Yes, you don't need an unlocked bootloader to flash a ROM, theoretically, if the ROM is signed by Amazon. But considering custom ROMs, Lineage, Resurrection Remix, Stock Android, is it possible to compile and flash them without an unlocked bootloader? I thought that you need a custom recovery = unlocked bootloader. Thanks!
Hah. :laugh::laugh::laugh:
Great idea, gotta try this! Thanks!
EDIT: Not very confident though. Anyway, likely to work because the security patch of HD 8 is in August.
http://www.androidpolice.com/2017/0...atch-fixes-blueborne-bluetooth-vulnerability/
Click to expand...
Click to collapse
Ask @ggow how he does it. But you don't need a unlocked bootloader. With root, FlashFire helps to get by the bootloader.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This method is based on Amazing Temp Root for MediaTek ARMv8 by diplomatic
Clever work that give MTK-soc devices a bootless root ( Root remains until reboot ). And lucky enough it works on our Nokia 5.1 Plus
So to begin :
-Grab diplomatic lastest mtk-su.zip in Amazing Temp Root for MediaTek ARMv8
- Follow instructions from Bootless root with Magisk and MTK-SU
#You can install Magisk Manager from the magisk 18.1 package, or any version below 7.1.2. Lastest version of MM doesn't work.
And your device should have root permission.
Hi stizzir,
Great post I've tried it and it works.
The only problem I had is that you can't use the latest version of Magisk Manager you
need to use the 7.0.0 version if not Magisk manager won't open after running the suboot.sh script.
I was wondering if with this we may be able to get full root and also turn the notch on and
off on devices that don't have the Full Bezel option in Display Settings or Developer Options.
Best regards,
voidRunner
I tried it as well and it works. Thanks for letting us know I've been checking these forums every week waiting for something like this. I also used Magisk 7.0.0 inside the 18.1 Magisk zip. Latest version didn't work.
@vddrnnr
The only problem I had is that you can't use the latest version of Magisk Manager you
need to use the 7.0.0 version if not Magisk manager won't open after running the suboot.sh script.
Click to expand...
Click to collapse
Wow good to know, i encountered that problem too, and you figure it out !
I was wondering if with this we may be able to get full root and also turn the notch on and
off on devices that don't have the Full Bezel option in Display Settings or Developer Options.
Click to expand...
Click to collapse
I don't think full root can be acquired since there are still no Bootloader unlock solution yet, really looking for that. N-tool devs are working on it and they said X5 unlock is coming soon. But the bootless root work fine ! couldn't complain anything, it's basically a rooted device.
I tried Adaway it didn't work first time but worked second time, After that it would not work again no matter what I tried, says not enough space on partition. I checked host file when it worked and it had changed. Titanium backup worked, SD maid worked. Looks like I was wrong you can't edit or delete anything in system folder.
@rustdroid
I tried it as well and it works. Thanks for letting us know I've been checking these forums every week waiting for something like this. I also used Magisk 7.0.0 inside the 18.1 Magisk zip. Latest version didn't work.
Click to expand...
Click to collapse
No problems, but again, all the credits go to diplomatic for his work, I'm just lucky enough to come across his thread.
Yes latest Magisk doesn't work, diplomatic had already mentioned it the original thread.
rustdroid said:
I tried Adaway it didn't work first time but worked second time, After that it would not work again no matter what I tried, says not enough space on partition. I checked host file when it worked and it had changed. Titanium backup worked, SD maid worked. Mixplore root worked I deleted Google drive app from system/apps but took a few tries and reboots for it to be uninstalled, the folder always restores after reboot.
Click to expand...
Click to collapse
This is just a temporary solution so don't expect much out of it.
The doors will be open once the Bootloader can be unlock
Yes I know and I'm happy with it until we can unlock bootloader. Hopefully they can find a way soon but this will do until then.
Can someone else with this phone try Adaway to see if it can edit host file or delete a system app like Google drive (move the app file in system/apps replace it after tested) ? Just want to see if I'm only one that can't edit system folder.
Edit: It's okay I just read that you can't modify System/Vendor partition unless boot image modified. Will have to wait until bootloader unlocked.
vddrnnr said:
Hi stizzir,
Great post I've tried it and it works.
The only problem I had is that you can't use the latest version of Magisk Manager you
need to use the 7.0.0 version if not Magisk manager won't open after running the suboot.sh script.
I was wondering if with this we may be able to get full root and also turn the notch on and
off on devices that don't have the Full Bezel option in Display Settings or Developer Options.
Best regards,
voidRunner
Click to expand...
Click to collapse
rustdroid said:
Can someone else with this phone try Adaway to see if it can edit host file or delete a system app like Google drive (move the app file in system/apps replace it after tested) ? Just want to see if I'm only one that can't edit system folder.
Edit: It's okay I just read that you can't modify System/Vendor partition unless boot image modified. Will have to wait until bootloader unlocked.
Click to expand...
Click to collapse
Man i just can't wait for the Bootloader unlock. Nokia obviously doesn't want to offer a official unlock service ( at least for now ) since the android one line-up is meant to be as stock as possible. The company also promised to support new Android One devices in the next 3 years, so allowing Bootloader unlock will work agains their product course i think.
I have seen many attempts from the community however, and i have trust in them, many devices get unlocked by a unofficial method so.... Wait for the good news.
@stizzie I can't wait, hate having a device that I don't have full control. I've asked Nokia on there forums and signed a partition that is closed now, That's all I can do and just wait. I read somewhere that Nokia will allow it soon but who knows how long. Hopefully someone finds another way soon.
Doing this won't kill OTA, right?
Rajeel911 said:
Doing this won't kill OTA, right?
Click to expand...
Click to collapse
Absolutely not
stizzie said:
This method is based on Amazing Temp Root for MediaTek ARMv8 by diplomatic
Clever work that give MTK-soc devices a bootless root ( Root remains until reboot ). And lucky enough it works on our Nokia 5.1 Plus
So to begin :
-Grab diplomatic lastest mtk-su.zip in Amazing Temp Root for MediaTek ARMv8
- Follow instructions from Bootless root with Magisk and MTK-SU
#You can install Magisk Manager from the magisk 18.1 package, or any version below 7.1.2. Lastest version of MM doesn't work.
And your device should have root permission.
Click to expand...
Click to collapse
Can I give permission to es file file explorer if yes than how??
And can I modify this partition Device/data/nvram/APCFG/APRDEB
Ranjhag said:
Can I give permission to es file file explorer if yes than how??
And can I modify this partition Device/data/nvram/APCFG/APRDEB
Click to expand...
Click to collapse
Just follow instructions in the provided links, you should have root permission. Applications working or not really depends on your device so it won't hurt if you try it yourself.
Device is Nokia 5.1 plus?
And sir can u tell me where I have to paste mku-su file? In the pc
I got OTA update today while this thing was running so no OTA issues.
Just 2 warnings:
1) Don't write even a single byte to system partition or boot partition.
2) Don't expect Netflix etc to work since it breaks CTS profile and basic integrity. Banking apps etc will whine for rightful reasons too.
Ilgazc said:
I got OTA update today while this thing was running so no OTA issues.
Just 2 warnings:
1) Don't write even a single byte to system partition or boot partition.
2) Don't expect Netflix etc to work since it breaks CTS profile and basic integrity. Banking apps etc will whine for rightful reasons too.
Click to expand...
Click to collapse
It doesn't let you do anything to system or boot partition. I tried editing and deleting and doesn't work. Have to wait until bootloader unlocked.
Rajeel911 said:
Doing this won't kill OTA, right?
Click to expand...
Click to collapse
rustdroid said:
It doesn't let you do anything to system or boot partition. I tried editing and deleting and doesn't work. Have to wait until bootloader unlocked.
Click to expand...
Click to collapse
If you (by chance) are able to write a single byte to system or boot partition on this dm-Verity enabled device, it won't boot and will need service center.
That changes if bootloader can be unlocked of course.
Ilgazc said:
If you (by chance) are able to write a single byte to system or boot partition on this dm-Verity enabled device, it won't boot and will need service center.
That changes if bootloader can be unlocked of course.
Click to expand...
Click to collapse
Okay thanks for the info. Guess I was lucky that you can't do anything. I tired to delete a few pre installed apps and edit the host file. Looks like this is as good as it gets until we can unlock bootloader.