Hey guys,
I couldn't find it anywhere and I don't really know if this is the right place to ask, but I'll give it a try...
I wonder how does the CF-Auto-Root for the nexus 5 works?
I can see in the windows batch file that it unlocks the bootloader (that's the easy part) and than boot with some image file.
It seems that this tool is not installing any custom recovery which I always saw is a necessary tool for rooting.
What exactly is this image file? what does it do? Where does it come from? What it contains?
Why it's device related (different image files for different nexus devices running the same stock version).
Thanks,
Casteel.
Casteel said:
Hey guys,
I couldn't find it anywhere and I don't really know if this is the right place to ask, but I'll give it a try...
I wonder how does the CF-Auto-Root for the nexus 5 works?
I can see in the windows batch file that it unlocks the bootloader (that's the easy part) and than boot with some image file.
It seems that this tool is not installing any custom recovery which I always saw is a necessary tool for rooting.
What exactly is this image file? what does it do? Where does it come from? What it contains?
Why it's device related (different image files for different nexus devices running the same stock version).
Thanks,
Casteel.
Click to expand...
Click to collapse
Unlocking and rooting is a piece of cake with CF Auto Root for the N5, i never xperienced issues with it. Download CF Root for the Nexus 5, unzip it with 7-zip. Enable usb debugging in developer options, then go into bootloader/fastboot mode, open the uznipped CF Root folder and press Root_windows.bat and follow instructions. Takes 30 seconds - 1 minute all in all.
Thanks, but...
gee2012 said:
Unlocking and rooting is a piece of cake with CF Auto Root for the N5, i never xperienced issues with it. Download CF Root for the Nexus 5, unzip it with 7-zip. Enable usb debugging in developer options, then go into bootloader/fastboot mode, open the uznipped CF Root folder and press Root_windows,bat and follow instructions. Takes 30 seconds - 1 munute all in all.
Click to expand...
Click to collapse
First, thanks for your response.
I don't have a problem with making it work.
As you said, it is super simple and no question it's a great tool.
My question is about how it works? What exactly does it do behind the scene?
Casteel said:
First, thanks for your response.
I don't have a problem with making it work.
As you said, it is super simple and no question it's a great tool.
My question is about how it works? What exactly does it do behind the scene?
Click to expand...
Click to collapse
It unlocks the BL and injects superSU in one go without having to flash a seperate superSU.zip with a custom recovery. Thats all.
gee2012 said:
It unlocks the BL and injects superSU in one go without having to flash a seperate superSU.zip with a custom recovery. Thats all.
Click to expand...
Click to collapse
What do you mean by "injects SuperSU" ?
It sounds very simple from the way you say it. Why can't I do this myself?
I believe it doesn't just mean copy it to the right place.
Does it also include putting the su binary in the right system path with the right permissions?
How does the root privilage is gained?
Does only unlocking the BL let me write to the system partition?
I would really appreciate some technical details to understand this rooting process and what this image file contains.
Thanks again!
Read this http://forum.xda-developers.com/showthread.php?t=2507211 and this http://forum.xda-developers.com/showthread.php?t=1980683. You can also do the root yourself manualy if that more comfortable for you.
gee2012 said:
Read this http://forum.xda-developers.com/showthread.php?t=2507211 and this http://forum.xda-developers.com/showthread.php?t=1980683. You can also do the root yourself manualy if that more comfortable for you.
Click to expand...
Click to collapse
gee2012, I really appreciate your help.
I've already read (most of) these two threads before posted here, and couldn't find an answer to my questions,
only general explanations about how to make it work and how to solve problems,
nothing about HOW it works and what it actually does.
I have already rooted my device with this tool, I don't have any discomfort with is,
just pure technological curiosity about how it works.
Sure, I can also root myself manually, but all the guides I read about it mentioned installing custom recovery, and that tool does it with out it.
Casteel said:
gee2012, I really appreciate your help.
I've already read (most of) these two threads before posted here, and couldn't find an answer to my questions,
only general explanations about how to make it work and how to solve problems,
nothing about HOW it works and what it actually does.
I have already rooted my device with this tool, I don't have any discomfort with is,
just pure technological curiosity about how it works.
Sure, I can also root myself manually, but all the guides I read about it mentioned installing custom recovery, and that tool does it with out it.
Click to expand...
Click to collapse
Look here https://www.google.com/search?q=how+root+works&ie=utf-8&oe=utf-8&aq=t and other sites how root works http://stackoverflow.com/questions/...hat-are-the-pre-requisites-for-it-to-work-wha.
With Google you can find anything
Actually, I read this also...
It only talks about gaining root privilage using some system exploit.
So, you're telling that CF-Auto-Root is running some script in its bootable image file that is using some kind of exploit to gain root access?
Shouldn't it be less "hacky" thing in nexus devices?
And how can it be that the image file is related to specific devices and not to specific stock versions?
What prevents from other apps to use this so called "exploit"?
This is probably what you are looking for...
Embedded in the boot image a folder cfroot with the SuperSU apk file, the su binary and the necessary init scripts and there is a binary under sbin does the remaining steps of copying the files to the respective places. It is not an exploit, it merely uses the boot image and the boot process to "install" SuperSU. You do not need a custom recovery to root your phone, merely the capability to copy the superuser files to the /system partition.
In more detail:
1. Embedded in the ramdisk is a folder "cfroot" with "99SuperSUDaemon, install-recovery.sh, su and Superuser.apk".
2. In the sbin folder in the ramdisk is a binary "cfautoroot" which does stuff like copy the above files to the correct locations and set the appropriate permissions, etc.
3. This file is called through the "recovery" script/binary in the sbin folder
4. The "recovery" script/binary is executed as a startup server via the init system in "init.rc" within the ramdisk
The result:
When you boot up, the superuser files are copied to the respective locations with the right permission, thereby rooting the system
OK! Now we're getting closer
Thank you very much.
But I still have some confusions...
You said:
craigacgomez said:
there is a binary under sbin does the remaining steps of copying the files to the respective places.
You do not need a custom recovery to root your phone, merely the capability to copy the superuser files to the /system partition.
Click to expand...
Click to collapse
How did the "cfautoroot" got to my phone sbin folder?
How do I get the capability to copy the superuser files to the system partition?
Putting things in these folders and set their appropriate permissions doesn't require root from the first place?
How is the init.rc calling the recovery script to run the cfautoroot? shouldn't I need root access to modify init.rc?
[Is the CF-Auto-Root source code available somewhere to see all these files you're talking about?]
It sounds like only unlocking the bootloader is giving me some sort of "root" capabilities to do all these stuff. is it true?
Will this method work in non Nexus devices either?
And what are all those "exploits" that so many rooting guides are talking about?
I'm guessing it desn't have anything with rooting Nexus devices since rooting them is kind of part of their existence, isn't it?
Thanks again! :good:
Casteel said:
OK! Now we're getting closer
Thank you very much.
But I still have some confusions...
You said:
How did the "cfautoroot" got to my phone sbin folder?
How do I get the capability to copy the superuser files to the system partition?
Putting things in these folders and set their appropriate permissions doesn't require root from the first place?
How is the init.rc calling the recovery script to run the cfautoroot? shouldn't I need root access to modify init.rc?
[Is the CF-Auto-Root source code available somewhere to see all these files you're talking about?]
It sounds like only unlocking the bootloader is giving me some sort of "root" capabilities to do all these stuff. is it true?
Will this method work in non Nexus devices either?
And what are all those "exploits" that so many rooting guides are talking about?
I'm guessing it desn't have anything with rooting Nexus devices since rooting them is kind of part of their existence, isn't it?
Thanks again! :good:
Click to expand...
Click to collapse
"cfautoroot" is a binary created by Chainfire which is embedded in the sbin folder in the kernel ramdisk. It's in the CF Auto Root boot image. Android kernels are essentially Linux kernels and have an init process which is basically a bootstrap/startup process. init.rc is part of this process. It is run when the kernel boots up. Anything within the init process is low-level and essentially run as "root". It kick-starts various other processes like zygote which is the Android process management system. This will help you understand the init process a bit better (http://www.mekya.com/blog/2012/03/android-initialization-from-init-rc-to-third-party-code/). In the init.rc file is a line which "executes" the file /sbin/recovery (which is embedded in the ramdisk along with cfautoroot). This in turn "executes" cfautoroot which takes care of copying the superuser files to the correct locations and setting the correct permission. All this is done within the init process and has elevated (root) permission.
Unlocking the bootloader does not root your phone. It simply allows you to flash "unsigned" (custom) boot images.
Any phone with the ability to flash a custom boot image can make use of this process.
Exploits make use of holes or workarounds to either flash a custom boot image or inject files into the system partition without unlocking the bootloader and are only needed if you cannot unlock the phone bootloader.
Hope this helps!
Casteel said:
Hey guys,
I couldn't find it anywhere and I don't really know if this is the right place to ask, but I'll give it a try...
I wonder how does the CF-Auto-Root for the nexus 5 works?
I can see in the windows batch file that it unlocks the bootloader (that's the easy part) and than boot with some image file.
It seems that this tool is not installing any custom recovery which I always saw is a necessary tool for rooting.
What exactly is this image file? what does it do? Where does it come from? What it contains?
Why it's device related (different image files for different nexus devices running the same stock version).
Thanks,
Casteel.
Click to expand...
Click to collapse
Thank you for asking the question and being polite yet persistent about getting your answer. I have been trying to get to this answer myself for some time now.
Sent from my Nexus 5 using Tapatalk
Great! now we're even closer :victory:
So in the boot process I have elevated privilages, that basically what I was missing.
But this bootable image file is not an image of the OS, isn't it?
It is an image of the kernel?
It is some sort of pre-handled file system that the device is booted into and than startup the OS?
Or something like that...?
Thanks for your patient and the very quiqc responses!
We're almost there...
Casteel said:
Great! now we're even closer :victory:
So in the boot process I have elevated privilages, that basically what I was missing.
But this bootable image file is not an image of the OS, isn't it?
It is an image of the kernel?
It is some sort of pre-handled file system that the device is booted into and than startup the OS?
Or something like that...?
Thanks for your patient and the very quiqc responses!
We're almost there...
Click to expand...
Click to collapse
The boot image is not the OS image. It contains the kernel and the ramdisk. The ramdisk is the basically the root filesystem (/) which the kernel mounts, after which the init process begins and init.rc is called. Nothing is ever persisted or modified in the root filesystem unless it is done during the init process or it is embedded in the ramdisk
craigacgomez said:
The boot image is not the OS image. It contains the kernel and the ramdisk. The ramdisk is the basically the root filesystem (/) which the kernel mounts, after which the init process begins and init.rc is called. Nothing is ever persisted or modified in the root filesystem unless it is done during the init process or it is embedded in the ramdisk
Click to expand...
Click to collapse
Nice.
I thought the root file system is part of the OS image.
So basically, I can have the same OS installed on my devices with different file systems according to what is defined in boot?
One last question and I will stop bother you
Why is the image file device related?
Meaning, why nexus 4, 5 and 7 have different CF-Auto-Root?
(Nexus 7 even got several).
Thanks again!
Casteel said:
Nice.
I thought the root file system is part of the OS image.
So basically, I can have the same OS installed on my devices with different file systems according to what is defined in boot?
One last question and I will stop bother you
Why is the image file device related?
Meaning, why nexus 4, 5 and 7 have different CF-Auto-Root?
(Nexus 7 even got several).
Thanks again!
Click to expand...
Click to collapse
Yes, you could theoretically change the way your filesystem is defined via the boot image, but Android as an OS expects some things.
And each device has different autoroot files because they have different kernels and some differences in some init scripts specific to the hardware. Some devices like the Nexus 7 have multiple version (LTE & non-LTE for example) and there are hardware differences and different kernels.
craigacgomez said:
Yes, you could theoretically change the way your filesystem is defined via the boot image, but Android as an OS expects some things.
And each device has different autoroot files because they have different kernels and some differences in some init scripts specific to the hardware. Some devices like the Nexus 7 have multiple version (LTE & non-LTE for example) and there are hardware differences and different kernels.
Click to expand...
Click to collapse
A thousand thanks, Craig Gomez!
You really helped.
I truely appreciate the patient and the kindful responses.
It was a nice first experience in this forum.
Thank you very much!
Casteel said:
A thousand thanks, Craig Gomez!
You really helped.
I truely appreciate the patient and the kindful responses.
It was a nice first experience in this forum.
Thank you very much!
Click to expand...
Click to collapse
Glad I could help you... It's what communities are all about... Sharing knowledge and experiences.
Sent from my Nexus 5
Excellent thread. Thanks to OP and members who responded.
Related
Hi all,
I am trying to make sense of how the android system is made up w.r.t to boot/kernel.
I have been looking at the .img files in the build (I built for the "passion" device), and have been googling around to find some more information about the various .img files.
I ran into a nice HOWTO in android-dls.com 's WIKI, titled HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images (I'm sorry, I'm a new user so XDA won't allow me to post links. I will try to modify my post a soon as I'm granted permission for that)
but I am afraid it is a little outdated:
I have several questions, but I will try to be brief, so I'll focus on
one of them, and if that works I'll proceed to the next questions, all related to "Android bringup for dummy embedded linux kernel experts".
I am fairly aware of differences between different linux
configurations, and I am very familiar with linux bringup concepts, so I will just use common examples from the linux world as my terminology. Hope it will be clear enough.
I understood that boot.img a combination of a kernel (e.g. bzImage in linux) and an initial ramdisk (e.g. initrd.gz), wrapped by some header, as in common linux kernel loading practice (piggy.o etc.).
Now, the aforementioned HOWTO says that the "recovery" image is built on
the same way, and that it is stored on the target's /system/
recovery.img .
I would assume that this would be compound of the ramdisk-
recovery.img, and some other kernel.
Now, the problem is that:
1. This /system/recovery.img does not exist from what I saw (on my
Motorola XOOM tablet)
2. What does exist is /system/boot-from-recovery.p , which is
created during the boot process in obj/PACKAGING/
recovery_patch_intermediates/recovery_from_boot.p .
I saw tons of posts referring to the files, all said that "in order to
replace the rescue disk image, this file needs to be renamed" - but I
am looking for a way to figure out what it is, and how to extract its
contents.
I assume /system/recovery.img is deprecated, is that correct?
3. I did not see any flash devices in /proc/mtd (which is strange).
I searched for hours before sending this post, so I would appreciate
your help. I also posted a similar message at the google android-building group, but it has not been answered yet, and I got the impression that these forums are more active and can help me get where I need.
If it is not the right place to ask the question please let me know -
I just assume this is a general android concept and not device
specific.
Thanks,
Ron
I meant of course /system/recovery-from-boot.p , and not recovery-from.boot.p
-R
Hi,
I don't know if you managed to find out what "recovery-from-boot.p" is, since this is quite an old post, but I think I'll try to help anyway.
recovery.img is not deprecated at all. From my own experience, it looks like "recovery-from-boot.p" is a protection measure introduced in Gingerbread, but not the recovery itself. What it does is replacing any recovery currently installed on the phone with the default one on every boot.
I discovered it after flashing a custom recovery on my Android 2.3.4 phone. It worked, but just during the first boot. The next time I rebooted the phone, the default recovery image was there again. After browsing several sites, I found that "recovery-from-boot.p" is responsible for that.
So, if you flash a custom recovery image on a Gingerbread phone and want to keep it forever, you must delete this "recovery-from-boot.p" from /system, or at least rename it. That way, your new custom recovery will never get overwritten buy the default one, unless you do it yourself.
I hope this helps you and clarifies this question.
Well, it helped me. I'm new to rooting and just came across mention of this file. I am trying to learn 'why' as well as 'how'', so your post was informative.
Was going to ask a dumb question but I figured it out
i need to delet those files
bigrammy said:
Was going to ask a dumb question but I figured it out
Click to expand...
Click to collapse
Hello
can't delete those files >> i am rooted but every time i delete or rename it take permission then nothing happen >> how i can delete them plsssssssssssssssssssssssssssssssssssssss
recovery from boot p
ahmed morsy said:
Hello
can't delete those files >> i am rooted but every time i delete or rename it take permission then nothing happen >> how i can delete them plsssssssssssssssssssssssssssssssssssssss
Click to expand...
Click to collapse
Hey good day. Did you get your problem fixed...? I have an xt912 it has the same file. For days I've been trying to wipe the phone. Tryed rooting it. I tryed reprogramming it. And I got through with all of that. But everytime the phone boots up it goes back to the same state. Then I used a root browser and while exploring I saw this recovery from boot file. I need help. And I don't think I can downgrade the Motorola phones. Thanks in advance.
jman0 said:
Hi,
I don't know if you managed to find out what "recovery-from-boot.p" is, since this is quite an old post, but I think I'll try to help anyway.
recovery.img is not deprecated at all. From my own experience, it looks like "recovery-from-boot.p" is a protection measure introduced in Gingerbread, but not the recovery itself. What it does is replacing any recovery currently installed on the phone with the default one on every boot.
I discovered it after flashing a custom recovery on my Android 2.3.4 phone. It worked, but just during the first boot. The next time I rebooted the phone, the default recovery image was there again. After browsing several sites, I found that "recovery-from-boot.p" is responsible for that.
So, if you flash a custom recovery image on a Gingerbread phone and want to keep it forever, you must delete this "recovery-from-boot.p" from /system, or at least rename it. That way, your new custom recovery will never get overwritten buy the default one, unless you do it yourself.
I hope this helps you and clarifies this question.
Click to expand...
Click to collapse
i have deleted it . then flash recovery ,, but it failed .. it wont even now go to stock recovery itself.. any help..
Does recovery from boot has to do anything with ota update applying ? or it will cause issues in system update ?
I have recovery-from-boot.p in my system and i cant root my phone i cant change the recovery img ... Help?
I hadn't had to deal with this for some time, perhaps because I've updated my devices (Nexus 4, Nexus 5, Nexus 7 '13) with the factory images, with "-w" removed from flash-all, then flashing CWM's recovery, ensure SuperSU was installed, then continuing. Today, I used the new OTA image on my Hammerhead/N5, and recovery-from-boot.p seems to be up to its old tricks again.
Solution is simple.
Flash your alternate Recovery in fastboot, fastboot flash recovery [recovery image file] . Boot into Recovery. Apply/install root app (typically via sideload). Mount /system. adb shell mv /system/recovery-from-boot.p /system/recovery-from-boot.p.bak. Reboot. Done. (If you're unfamiliar with fastboot, adb, and flashing new recovery partitions, you have some reading to do. Commence RTFM.)
I also used to have to move /system/etc/install-recovery.sh but that seems to be gone in Marshmallow. :} Or moved...?
well, after following a guide I have extracted the system.img from a pure-nexus ROM(The ROM I'm currently using), now I can see that "recovery-from-boot.p" file is responsible for recovery lock in my phone. I'll keep it short and straight to the question
"Can I remove this file and rebuild the .dat file and flash it?, so that I won't have any other problems at all"
I want to know if recovery-from-boot.p file is linked to anything other than just locking the recovery or re-flashing it innumerable times.
Hi there,
I am new to xda and new to Android hacking.
What I wanna ask is, (I guess it's of most newbies concern as well), can we have a 100% backup of our system (stock ROM)? Obviously, it is important because:
If we perform an official (OTA) update to a new Android version. And we don't like it. It is possible to get back to the old original one which we are used to. (not everybody likes new things, and/or not every new thing is good)
If our phones are having some problems. And we have to give it back to the company for a fix. In most cases they will flash a new ROM for us. If we wanna keep using the old one (explained in #1), we have to keep a copy of it by ourselves.
If we want to try new custom ROMs, we may want to switch it back after trying.
Whenever we do any modifications, it's always better to keep a backup/roll-back point. In case anything goes wrong, we have a safeguard.
For the official warranty issue.
Yup I do see there are some official stock ROMs downloads for some particular phones. But those are not really a backup of our original ROMs. And it's always hard to verify if those downloads are the original official releases. And, if those downloads are 100% stock ROMs, this means some guys out there could make it, so what is the way to do so?
Or, how those mobile phone companies do it in their labs?
I have been doing researches on this topic for a few days. Some posts claim that their methods are "backup stock ROM" or "backup before rooting". But after digging into it, they requires rooting and/or flashing CWM. Here comes a few questions:
Questions
Rooting will in fact changes some files/data of the system. So backup after root is NOT getting the original stock ROM. Is it?
Is there a method to "un-root", so ALL the changes are TOTALLY reverted?
Installing/flashing things like CWM in phone requires rooting, which would make the ROM not original. Is there a way to extract the system backup from a computer externally?
In addition, I have found some related pieces. which could be useful to anyone viewing this post, and might be useful for you to solve this (my) question. :fingers-crossed:
* as I'm a new user, I can't post links directly. Please delete the blank spaces in between.
ht tp://www .modaco .com/topic/351269-backup-original-rom/
In reply #5, user C3C0 raised a method of backing up the original stock ROM without root. But it seems he is flashing CWM and that method is only for ZTE Skate.
adb backup tool of Android SDK
At the first sight i came across this approach, I thought it is the official method to do whole system (ROM) backup (WOW - how nice!). But after studying for a few more posts, I think adb backup can only backup app+app_data, and possibly some system settings only. Am I correct? And also, adb backup is only for ICS (Android 4.0), isn't it?
adb backup usage: ht tp://forum.xda-developers .com/showthread.php?t=1420351
(But mentioned in the bottom of #1 the poster is having some issues on using adb backup. Perhaps there are some bugs and not reliable(?)
One more question on adb backup: Can it backup just one app+app_data, and restore just one app+app_data, without affecting other things? If yes, we don't need to root and don't need Titanium Backup (which requires root) for backup app+app_data. Isn't it?
** In case I have said anything or any terms wrongly in this thread, please DO correct me, for helping me and helping others.
P.S. i am using LG Optimus 3D.
Thanks a lot, wholeheartedly,
midnite_
Backup phone before root
Hello all this is my first post here...woohoo!:fingers-crossed: This forum is amazing as to the amount of information available. I just wish that in looking for what I need to do I did not need to look in so many places. I feel that if I want to root my T-Mobile GS3 that all the information should be in one subsection of the forum, but it is not that simple I guess....lol Anyway any help would be greatly appreciated.
I have a Samsung GS3 with T-Mobile that I want to root. Everyone says to back up the phone before you do it but I am not really seeing how to make a backup before I start. It appears that most of the guides to root just say to backup without telling you how to fo it. Another thing (correct me if I am wrong) I see the nandroid backup that I think is a backup of the phone however it seems to be done after you make changes to the phone and I thought the backup was supposed to be done before you do anything. Is it that there is not a way to make a complete backup with an unrooted phone?
My question is basically the same as the OP here. I have been reading and reading and reading posts here in the forum. There is much information here and much of it is duplicated with slight variances in some of the duplicates. I am not certain as to which rooting method I should use. There seem to be so many choices. As a new person to this forum I will say that you can find just about everything about any phone which is awesome. The hard thing is sifting through the many options to pick one to use for your issue.
I do see that Mr. Robinson has a thread with backups of the original roms. The only thing is that they are default roms that are like an out of the box phone and not my phone with my apps and my settings. That is what I want to backup...My phone with my settings and my apps.
:good: Thank you in advance for any one that can shed some light on this for me and the OP'er
ASharpEdge said:
Hello all this is my first post here...woohoo!:fingers-crossed: This forum is amazing as to the amount of information available. I just wish that in looking for what I need to do I did not need to look in so many places. I feel that if I want to root my T-Mobile GS3 that all the information should be in one subsection of the forum, but it is not that simple I guess....lol Anyway any help would be greatly appreciated.
I have a Samsung GS3 with T-Mobile that I want to root. Everyone says to back up the phone before you do it but I am not really seeing how to make a backup before I start. It appears that most of the guides to root just say to backup without telling you how to fo it. Another thing (correct me if I am wrong) I see the nandroid backup that I think is a backup of the phone however it seems to be done after you make changes to the phone and I thought the backup was supposed to be done before you do anything. Is it that there is not a way to make a complete backup with an unrooted phone?
My question is basically the same as the OP here. I have been reading and reading and reading posts here in the forum. There is much information here and much of it is duplicated with slight variances in some of the duplicates. I am not certain as to which rooting method I should use. There seem to be so many choices. As a new person to this forum I will say that you can find just about everything about any phone which is awesome. The hard thing is sifting through the many options to pick one to use for your issue.
I do see that Mr. Robinson has a thread with backups of the original roms. The only thing is that they are default roms that are like an out of the box phone and not my phone with my apps and my settings. That is what I want to backup...My phone with my settings and my apps.
:good: Thank you in advance for any one that can shed some light on this for me and the OP'er
Click to expand...
Click to collapse
Hi ya,
It's so nice that you are having the same concern as I do.
As far as i know, the approaches of rooting differ from phones to phones. So we may have to find our own specific rooting method in the phone model sub-forums. It won't be hard for your popular S3
I would like to have a look at that Mr. Robinson's thread. If he can backup the stock ROM, those app+app_data wont a big issue (i guess).
cheers,
midnite_
midnite_ said:
Questions
Rooting will in fact changes some files/data of the system. So backup after root is NOT getting the original stock ROM. Is it?
Is there a method to "un-root", so ALL the changes are TOTALLY reverted?
Installing/flashing things like CWM in phone requires rooting, which would make the ROM not original. Is there a way to extract the system backup from a computer externally?
Click to expand...
Click to collapse
Hi midnight, welcome to a new and exciting world of Android and trying new things. First, let me assure you, what you want is NOT something new. People have been doing this type of thing for years. That is flashing and testing roms. As you will learn, it actually becomes quite addictive. We call those folks that get addicted to flashing: Flashaholics or crackflashers, lol
First let me talk about "root". This process consists of unlocking a lower level of the Android system known as the bootloader. Unlocking the bootloader of your device allows you to flash a custom recovery, flashing a custom recovery allows you to flash the Superuser binary and Superuser.apk, This is what allows you to use apps that require "root". The bootloader is not an OS file. So when you are unlocking your bootloader you are not modifying your stock rom. Only when you have flashed the Superuser package have you modified your stock rom. And even that isn't really modifying anything. When you flash the Superuser package, it adds two files to your rom at certain locations of the file system. It adds the Superuser.apk file to system/app and it adds the SU binary to system/bin. Basically you CAN have a totally S-OFF (unlocked) bootloader and still have an entirely stock rom if you want. But the real benifit is flashing a custom recovery like ClockworkMod Recovery and then flash the superuser package.
As far as extracting the stock system, you should try giving adb a go. Do it right now if you like. Ensure you have the android sdk installed and properly set up on your computer and your computer can recognize your phone. Ensure your phone is in debugging mode, connect your phone to your computer, open up a command window, and run this command:
Code:
adb pull \
This command will pull everything off your phone except for data which is where your market or Google Play apps are stored.
Beyond XDA there are aso more resources to learn from. For example, http://www.android.com is a good place to start, and to learn more about adb check out http://developer.android.com/tools/help/adb.html
If you need to learn how to setup the sdk here is the place to learn how: http://developer.android.com/sdk/index.html
I'm sure others will add to this as well which is the good thing about this community.
Welcome to XDA, I hope you have fun learning, and maybe share back someday things you learn along the way.
wildstang83 said:
Hi midnight, welcome to a new and exciting world of Android and trying new things. First, let me assure you, what you want is NOT something new. People have been doing this type of thing for years. That is flashing and testing roms. As you will learn, it actually becomes quite addictive. We call those folks that get addicted to flashing: Flashaholics or crackflashers, lol
First let me talk about "root". This process consists of unlocking a lower level of the Android system known as the bootloader. Unlocking the bootloader of your device allows you to flash a custom recovery, flashing a custom recovery allows you to flash the Superuser binary and Superuser.apk, This is what allows you to use apps that require "root". The bootloader is not an OS file. So when you are unlocking your bootloader you are not modifying your stock rom. Only when you have flashed the Superuser package have you modified your stock rom. And even that isn't really modifying anything. When you flash the Superuser package, it adds two files to your rom at certain locations of the file system. It adds the Superuser.apk file to system/app and it adds the SU binary to system/bin. Basically you CAN have a totally S-OFF (unlocked) bootloader and still have an entirely stock rom if you want. But the real benifit is flashing a custom recovery like ClockworkMod Recovery and then flash the superuser package.
As far as extracting the stock system, you should try giving adb a go. Do it right now if you like. Ensure you have the android sdk installed and properly set up on your computer and your computer can recognize your phone. Ensure your phone is in debugging mode, connect your phone to your computer, open up a command window, and run this command:
Code:
adb pull \
This command will pull everything off your phone except for data which is where your market or Google Play apps are stored.
Beyond XDA there are aso more resources to learn from. For example, ht tp://www .android .com is a good place to start, and to learn more about adb check out ht tp://developer .android .com/tools/help/adb.html
If you need to learn how to setup the sdk here is the place to learn how: ht tp://developer .android .com/sdk/index.html
I'm sure others will add to this as well which is the good thing about this community.
Welcome to XDA, I hope you have fun learning, and maybe share back someday things you learn along the way.
Click to expand...
Click to collapse
Hi Wildstang,
Thanks very much for your warm welcome and very informative reply. So are you a Flashaholics or Crackflashers yet?
As I am a newbie, please forgive me if I am asking dumb questions.
As far as I understand,
The steps of root is
1. Unlock the bootloader
2. Flash Superuser binary & Superuser.apk
** does "flash a custom recovery" means "flash Superuser binary & Superuser.apk"?
"Flash Superuser binary & Superuser.apk" is just "add SU binary to system/bin" and "add Superuser.apk to system/app". Then why not just copy them into place?
I just found on the web that "flashing" means replacing the OS of the phone with a new ROM. Would that still keeping the stock ROM?
To have a backup of the original stock ROM, can I
1. Unlock the bootloader
2. Flash Superuser binary & Superuser.apk
3. Perform the backup
And later, after I have flashed a new ROM, or whatever I do, as long as I didn't brick it, when I want to rollback my phone to its original, I can
1. Restore the backup
2. Delete "SU binary in system/bin" and "Superuser.apk in system/app"
3. re-lock the bootloader
Is this correct?
I don't mean to challenge you. But does adb pull \ really backup the system, or just all the files?
Thanks very much again!
midnite_
Hey midnite_,
I am a newbie too and have a lot of blank spots in my understanding of what we can do with android. I also came here with same question. I found how to root, this isn't a secret. Like you, I want to know how do I fix it if I break it.
So, with regards to your questions.
1. Unlock the bootloader
Not clear on this one, as not every tutorial even mentions this part. My feeling is that this might be specific to some phones, like HTC.
2. Flash Custom Recovery (such as AmonRa, CWR, TWRP...)
Recovery is an intermediate stage of phone booting process after bootloader but before OS.
It is there to allow OTA (Over the air) updates. During those, the OS is halted and replaced with a newer one.
What this means for us is that the recovery is capable of replacing OS (ROM - are these terms interchangeable?).
Recovery is the same as hidden partition on windows, that is sometimes present on a PC. It has a limited interface.
It can replace one OS image with another. It probably checks the checksum and creates the new one after the update. It is probably the gatekeeper.
Stock recovery will not replace OS with an image from SD card or from PC through USB. Only OTA.
This is the reason for flashing the custom (hacked) recovery on.
Custom recovery is made to allow additional options, such as allowing image sources such as PC or SD card, and also a ROM backup (write OS image to PC).
3. Flash update file using "upgrade from SD card" function of custom recovery now in place.
In this step, the Superuser.apk and bin files are placed. Stock recovery will not let us do that.
Also, I think the reason we can't just use ADB to "copy" superuser package to phone is because the system is either running or exists as an image (compressed?), and is probably protective of its modification. (So, likely the superuser package also replaces the checksum that the OS uses to check if it has been compromised?) Yes, this modifies your rom.
I assume that unrooting could be done after this by updating again with a file that removes superuser package and that would make your rom stock again.
4 OR flash custom ROM, which usually includes superuser package. Of course using custom rom means you no longer have stock rom.
To have a backup of original ROM, you would :
1 Unlock bootloader,
2 Flash (install) custom recovery
3 superuser doesn't matter here
4 Use custom recovery function to back up your stock ROM.
I want to know the answers to the rest of your questions as well as some clarifications to mine.
Personally, I am looking for a way to backup the stock recovery as well.
I know there are some people asking about this. The procedure appears to be as follows:
(pieced together so don't take it as a tutorial)
1 Unlock bootloader (again, unclear on this. Also some mention S-OFF and others don't)
2 With USB debugging allowed (meaning connect as device requiring a driver), Connect to a PC with ABD, and a driver installed.
3 From ADB, issue a command "adb boot recoveryimage.name" instead of the usual "adb flash recoveryimage.name".
This will make the phone boot into a custom recovery image that is residing on PC, without first writing it to the phone.
4 Unclear how, but make that custom recovery now being live to back up stock rom to pc.
5 Unclear how, but make that custom recovery now being live to flash either root or custom rom to the phone.
6 Disconnect, reboot the phone. Once in OS, use root privileges to mount recovery partition ? (this makes it visible as drive)
7 Don't know how, but use root privileges to back up now visible stock recovery partition to PC as image.
( This should give you two out of three original parts.)
Keep in mind that even if my peace-by-peace "know-how" ever works, there is at least one clearly faulty step:
The back up of the original state of the boot loader has been never made. I do not know if it is easily can be toggled back and forth from lock to unlock and back without leaving any trace. Also, like yourself, I probably don't quite understand what am I talking about, but I have tried to make as much sense of what I have read here and there.
This is my first smart phone, and my experience with linux is limited to building a minecraft server on MineOS, which was pre-made so that not much was required to make it run. I have "mounted" a partition for the first time last week, trying to break Win7recovery, booting it with Knoppix. This is why I think this is probably will come in play here too, as the recovery partition on W7 was hidden. Until then I didn't understand what mounting means, as windows always does it for you. So, take everything I say with a bunch of salt.
Please, let me know too, if you find out more. I want to flash the hell out of my Prism, but I want to be smart about it.
bump... midnite_ r u still around?
Hi Descent2,
Yes i am still around but i am busy with other stuffs at this moment. Thanks very much for your reply. You have studied a lot and you really did good summarisations. Very informative and I learnt a lot from it. Hope some of the masters or experienced ones would come by and bring us out of the mist
cheers,
midnite_
Descent2 said:
Hey midnite_,
I am a newbie too and have a lot of blank spots in my understanding of what we can do with android. I also came here with same question. I found how to root, this isn't a secret. Like you, I want to know how do I fix it if I break it.
So, with regards to your questions.
1. Unlock the bootloader
Not clear on this one, as not every tutorial even mentions this part. My feeling is that this might be specific to some phones, like HTC.
2. Flash Custom Recovery (such as AmonRa, CWR, TWRP...)
Recovery is an intermediate stage of phone booting process after bootloader but before OS.
It is there to allow OTA (Over the air) updates. During those, the OS is halted and replaced with a newer one.
What this means for us is that the recovery is capable of replacing OS (ROM - are these terms interchangeable?).
Recovery is the same as hidden partition on windows, that is sometimes present on a PC. It has a limited interface.
It can replace one OS image with another. It probably checks the checksum and creates the new one after the update. It is probably the gatekeeper.
Stock recovery will not replace OS with an image from SD card or from PC through USB. Only OTA.
This is the reason for flashing the custom (hacked) recovery on.
Custom recovery is made to allow additional options, such as allowing image sources such as PC or SD card, and also a ROM backup (write OS image to PC).
3. Flash update file using "upgrade from SD card" function of custom recovery now in place.
In this step, the Superuser.apk and bin files are placed. Stock recovery will not let us do that.
Also, I think the reason we can't just use ADB to "copy" superuser package to phone is because the system is either running or exists as an image (compressed?), and is probably protective of its modification. (So, likely the superuser package also replaces the checksum that the OS uses to check if it has been compromised?) Yes, this modifies your rom.
I assume that unrooting could be done after this by updating again with a file that removes superuser package and that would make your rom stock again.
4 OR flash custom ROM, which usually includes superuser package. Of course using custom rom means you no longer have stock rom.
To have a backup of original ROM, you would :
1 Unlock bootloader,
2 Flash (install) custom recovery
3 superuser doesn't matter here
4 Use custom recovery function to back up your stock ROM.
I want to know the answers to the rest of your questions as well as some clarifications to mine.
Personally, I am looking for a way to backup the stock recovery as well.
I know there are some people asking about this. The procedure appears to be as follows:
(pieced together so don't take it as a tutorial)
1 Unlock bootloader (again, unclear on this. Also some mention S-OFF and others don't)
2 With USB debugging allowed (meaning connect as device requiring a driver), Connect to a PC with ABD, and a driver installed.
3 From ADB, issue a command "adb boot recoveryimage.name" instead of the usual "adb flash recoveryimage.name".
This will make the phone boot into a custom recovery image that is residing on PC, without first writing it to the phone.
4 Unclear how, but make that custom recovery now being live to back up stock rom to pc.
5 Unclear how, but make that custom recovery now being live to flash either root or custom rom to the phone.
6 Disconnect, reboot the phone. Once in OS, use root privileges to mount recovery partition ? (this makes it visible as drive)
7 Don't know how, but use root privileges to back up now visible stock recovery partition to PC as image.
( This should give you two out of three original parts.)
Keep in mind that even if my peace-by-peace "know-how" ever works, there is at least one clearly faulty step:
The back up of the original state of the boot loader has been never made. I do not know if it is easily can be toggled back and forth from lock to unlock and back without leaving any trace. Also, like yourself, I probably don't quite understand what am I talking about, but I have tried to make as much sense of what I have read here and there.
This is my first smart phone, and my experience with linux is limited to building a minecraft server on MineOS, which was pre-made so that not much was required to make it run. I have "mounted" a partition for the first time last week, trying to break Win7recovery, booting it with Knoppix. This is why I think this is probably will come in play here too, as the recovery partition on W7 was hidden. Until then I didn't understand what mounting means, as windows always does it for you. So, take everything I say with a bunch of salt.
Please, let me know too, if you find out more. I want to flash the hell out of my Prism, but I want to be smart about it.
Click to expand...
Click to collapse
check here
All your answers can be found here: [REF] [GUIDE] Welcome to your device, the Galaxy S III. For more XDA related issues check here: [GUIDE] - XDA New User Guide - Getting started on XDA
Good Luck!
mf2112
XDA Moderator
ASharpEdge said:
Hello all this is my first post here...woohoo!:fingers-crossed: This forum is amazing as to the amount of information available. I just wish that in looking for what I need to do I did not need to look in so many places. I feel that if I want to root my T-Mobile GS3 that all the information should be in one subsection of the forum, but it is not that simple I guess....lol Anyway any help would be greatly appreciated.
I have a Samsung GS3 with T-Mobile that I want to root. Everyone says to back up the phone before you do it but I am not really seeing how to make a backup before I start. It appears that most of the guides to root just say to backup without telling you how to fo it. Another thing (correct me if I am wrong) I see the nandroid backup that I think is a backup of the phone however it seems to be done after you make changes to the phone and I thought the backup was supposed to be done before you do anything. Is it that there is not a way to make a complete backup with an unrooted phone?
My question is basically the same as the OP here. I have been reading and reading and reading posts here in the forum. There is much information here and much of it is duplicated with slight variances in some of the duplicates. I am not certain as to which rooting method I should use. There seem to be so many choices. As a new person to this forum I will say that you can find just about everything about any phone which is awesome. The hard thing is sifting through the many options to pick one to use for your issue.
I do see that Mr. Robinson has a thread with backups of the original roms. The only thing is that they are default roms that are like an out of the box phone and not my phone with my apps and my settings. That is what I want to backup...My phone with my settings and my apps.
:good: Thank you in advance for any one that can shed some light on this for me and the OP'er
Click to expand...
Click to collapse
Thanks mf2112. But those resources are seem only for GS3. And it seems it is not teaching us to backup our stock ROMs, it provides stock ROMs for us to download instead. Is there a general way to backup our stock ROMs?
Thanks,
midnite_
mf2112 said:
All your answers can be found here: [REF] [GUIDE] Welcome to your device, the Galaxy S III. For more XDA related issues check here: [GUIDE] - XDA New User Guide - Getting started on XDA
Good Luck!
mf2112
XDA Moderator
Click to expand...
Click to collapse
You must unlock your bootloader then flash a custom recovery. You will then use that custom recovery to make a backup of your rom. That backup will be stored on your sd card.
Now, I have tried to help you and so have a couple other folks. You expect us to just give you answers step by step. I am sorry but this is simply not how XDA works. XDA is set up in a way which makes it for any users to find quickly what they want to know. Use the search feature on the site and you will find many answers. I tell you to go do your own research now and be proud of what you learn on your own. And if you cannot, please do not try to modify your phone further, you may just brick it if you aren't careful.
midnite_ said:
Thanks mf2112. But those resources are seem only for GS3. And it seems it is not teaching us to backup our stock ROMs, it provides stock ROMs for us to download instead. Is there a general way to backup our stock ROMs?
Thanks,
midnite_
Click to expand...
Click to collapse
I put in the GS3 links since the OP was using that phone. Every phone will be different so I don't think a general way or guide would be practical.
Sent from my HTC Sensation 4G using xda premium
As the title states, I need help with understanding the basic steps on rooting the ASUS TF300.
I am not a programmer, I do not know the lingo or terms, and searching on the site has yielded very confusing results.
Basic steps?
1. Unlock boot loader - Why? What does this do?
2. TWRP? I have no clue, but I see references all over the place
3. Custom Recovery - What does this do? Do I need it?
4. Kernel - What is this?
5. ROM - What is this?
6. Install Super SU or SuperUser (what's the difference?, what does this do?
7. Install a root check app (to check if rooted I presume)
8. Install some form of file explorer (I have Fx File Explorer) and backup/control app (I have Titanium backup)- both paid forms
9. De-bloat with caution!
Where does the OEM firmware/software fit in this scheme? Does it exist as a backup or is it over-written? Do I have a choice?
As you can guess I'm lost. Reading threads after searching for "root TF300" or even the guides or the very good index, I have more questions than answers. How does one know what to do if the acronyms used are cryptic? (example TWRP~ what does this even stand for?)
I believe that not all steps are required, but I also believe the order I do things is important, and I'm concerned about bricking my TF300 by doing something wrong. I also don't want to assume that this is the same for every device or phones. (what steps work for a phone may not be the best for a tablet)
All I want to do is root and remove bloat. After I get this, I may consider upgrading the OS (kernel? Rom?) to something better.
Any links would be greatly appreciated. Please just bear in mind I'm so noob to this I don't know a ROM from a Kernel yet. (When I search, all answers are overly complicated developer definitions.)
Thank you!
Here is a "simple Step by Step" with notes in red as to how my mind tries to grasp this:
1. Upgrade your tablet to the desired firmware: 4.1 or 4.2 I assume they mean any OTA upgrade~ my tablet is current with JB 4.2.1 and I do not believe ASUS will plan on upgrading this anytime soon)
2. Be sure the correct drivers for your tablet are installed!! Installed where? on my PC? How do I know what are the correct drivers? Where can I get them?
3. Download the updated rooting toolkit: Updated Motochopper rooting toolkit -OK, I can do this!
4. Download TWRP for your firmware version:
- 4.1: TWRP 2.5.0.0 for Jellyeban 4.1
- 4.2: TWRP 2.5.0.0 for Jellybean 4.2 -This makes sense to me, as I am jellybean 4.2.1
5. Rename the downloaded TWRP blob file to twrp.blob and copy it to the root of your sdcard -what is a blob file? Is there a size requirement for the SD card? Does the SD have to be blank?
5. Extract the rooting toolkit to a place you like. -I assume the above mentioned motochopper? Does this answer my question above about the SD card?
== Part 2 - Rooting ==
1. Open up the folder where you placed the rooting toolkit. - with what program? A simple file explorer I assume?
2. Open the run file and follow the instructions -I hope there aren't any cryptic/over my head choices to make!
After installation the tablet should reboot and you should be rooted. -Does this install all the SuperSu stuff or is this it? What about customer recovery? Can I go back? what are the limitations of doing it this way assuming it works....
And this is just PART of the process!
I'll answer in logical order:
broderp said:
5. ROM - What is this?
Click to expand...
Click to collapse
That's the Operating System that's running on your tablet, i.e. what is called Lollipop or KitKat, or even further what makes the difference between Android and iOS.
Your ROM may come with some preinstalled apps, but with some ROMs they are separate (i.e. the Google apps).
broderp said:
1. Unlock boot loader - Why? What does this do?
2. TWRP? I have no clue, but I see references all over the place
3. Custom Recovery - What does this do? Do I need it?
Click to expand...
Click to collapse
On your ASUS tablet you can, by default, only install ASUS supplied ROMs (i.e. updates).
In order to install a new ROM you need to unlock your device. You do that by unlocking the boot loader. Once you have unlocked the boot loader, you can install a custom recovery, such as TWRP (there are many custom recoveries, but for your device TWRP is recommended).
Once you have a custom recovery, installing a new ROM, or rooting your device, becomes a lot easier. No need to type in commands, but you can now use touch.
broderp said:
4. Kernel - What is this?
Click to expand...
Click to collapse
Your kernel is the most important part of your ROM. It's the software between apps and your actual hardware, the lowest level actually. The kernel determines if you can talk to certain pieces of hardware or not. If the kernel does not support certain hardware, that's it, you can't use it.
When your tablet boots up, the first thing it loads its the kernel, the kernel loads all other programs. Another responsibility of the kernel is to allow you to run multiple programs at once.
broderp said:
6. Install Super SU or SuperUser (what's the difference?, what does this do?
Click to expand...
Click to collapse
They allow you to execute programs with root privileges (i.e. no limit to privileges, can do anything), but also give you some protection so malicious programs cannot become root: you have to give explicit permissions for every app.
broderp said:
7. Install a root check app (to check if rooted I presume)
Click to expand...
Click to collapse
Yes.
broderp said:
8. Install some form of file explorer (I have Fx File Explorer) and backup/control app (I have Titanium backup)- both paid forms
Click to expand...
Click to collapse
Optional, pick whatever you like.
broderp said:
9. De-bloat with caution!
Click to expand...
Click to collapse
No clue!
broderp said:
Where does the OEM firmware/software fit in this scheme? Does it exist as a backup or is it over-written? Do I have a choice?
Click to expand...
Click to collapse
Firmware often is part of the hardware: it gets written to special memory, and "sticks", i.e. when you reboot it stays there. If you get a T300 you should let ASUS run all the updates as it installs new firmware. Some firmware gets written when your device boots, meaning the special program, the kernel, starts, and at some point writes updated firmware to hardware.
So firmware is software that makes hardware a bit more flexible: else everything is hard-wired, if there's a problem you can't fix it, but with software you sometimes can fix a hardware issue.
Hope this helps!
First, to unlock the bootloader, you need to go the asus site and register your tablet. Then you can download the unlock app from the asus site as well. Next, move the unlock app from where ever it downloaded on your pc to your tablet. You can put it on the tablet RAM or on an SD card, it doesn't matter. On your tablet, go into the settings menu. under security(I think it is there) and enable 'unknown sources' for app installation. I haven't had the stock ROM for so long, I can't recall where that option is. Run the unlock app. It may take a couple times to unlock the tablet. WARNING! this will void your warrenty! So if your tablet is relatively new, think hard about this. Once your tablet is unlocked, then you can worry about TWRP and ROMS
TWRP is a custom recovery. It is officially Team Win Recovery Project, hence TWRP. It is a program that will allow you to back up your tablet before you make changes(very important in case you screw something up) and a host of other things including flashing custom ROMs. If you go into the LP 5.1 for the TF300 thread in the development area, it will have all the links for stuff like the current TWRP, Gapps packages and the newest LP ROM. It is great for our tablets and really wakes it up. Oh yeah, the TWRP site will have instructions for flashing TWRP on your newly unlocked tablet as well.
All this seems very intimidating for noobs, I was one about 4 months ago. I now feel sort of not-noobish. To install TWRP you will need either Fastboot or ADB on your computer. Google Fastboot or ADB and you should find plenty of answers. There are also 'lite' versions of Fastboot out there too. If you are on Windows 8 or 8.1 you will need one of those. Windows doesn't like fastboot or ADB for some reason
HTH
Dear Friends,
About to pull a trigger on an AT&T LG G4, can someone give me a short answer, ASAP?
Is it possible to have permanent Root and Xposed on the AT&T variant WITHOUT ridiculous bugs like a "green dot" in the camera of the phone? (what does the green dot even mean? It's on every picture? Is it a watermark? Just on the GUI?)
If possible, how? And should I buy the phone?
Appreciate any QUICK responses, about to buy now! Thanks so much in advance!
I just bought the G4 a couple of days ago. I was able to root, but there is no twrp or xposed as far as I know. I also don't have the green dot and everything is working fine!
Thanks for the quick response, my friend. Can you share the method/thread/image you used to Root?
I think you can install Xposed without TWRP via FireFlash? Can someone please confirm?
Thanks guys!
Just got my G4 two days ago. You can root and you can install Xposed with FireFlash. Root requires pushing a rooted version of whatever software version you are currently running. If you can't find one you can inject root into your own system.img using Ubuntu. After root get FireFlash and the right xposed zip and be patient, it can sit black screen, appearing dead for 20-30 minutes. Over all not too hard. Took me a couple hours from The un-boxing to Xposed. Definitely do it. The green dot on camera comes from the PR system.img. I'd stay clear of that. Everything is working great on mine!
@Nowak4G - Thanks bud, that's what I read too. Can you point me to the guide and img file you used that worked for you? I doubt I'd prefer the Ubuntu way...
One other question... Is there a way/app/Xposed module that's kind of like G3TweaksBox for us? Letting us change the Status bar icon colors and toggle colors?
I highly doubt themes work for us since we can't Flash them without custom recovery?
Thanks again!
GravityBox works for status bar stuff and yeah here are the threads I used. Good luck bud!
http://forum.xda-developers.com/showthread.php?p=62028519
http://forum.xda-developers.com/g4/general/lg-g4-100-root-success-directives-root-t3180586
http://forum.xda-developers.com/showthread.php?p=62664473
I'm not totally sure what stuff can and can't be flashed using FireFlash. But for applying icon themes with Xposed I use this module, Unicon:
https://drive.google.com/file/d/0B1nrydqmmOBUdFoyV0FBLUM1OVE/view?usp=docslist_api
I've had my LG G4 rooted and running Xposed with a lot of modules enabled.
If the phone you buy is on the 10G software version (and want to stay on that version), you should be able to root it following the method in the LG G4 Low Effort Root thread. Follow it to the dot and enjoy partial freedom.
If the phone you buy is on 10I, there is a rooted image floating around. So you could take the 10I update (or make sure your phone's on the 10I version), and root it using the Low Effort Root method.
I would also recommend the following:
1. keeping a copy of your untouched fresh system image in your internal memory (as early as possible after buying the phone). In case of a bad flash you have something to possibly go back to - otherwise you'll end up with the PR ROM and the green dot. The method and commands to extracting the system image is very similar to rooting, except instead of dd'ing into the system partition from SD, you do the opposite (from system partition to SD)
2. disabling system apps and system updates using the debloater tool and a tutorial here on the forums
Regarding flashing files via recovery, I usually extract the files and place them in the correct directory with the right permissions. Usually most files use 0644 permissions, but I would first check the existing permissions with ES File Explorer.
Hello @Nowak4G and @mu3g,
Guys thank you for your response. I can confirm that the seller I bought the phone from took the 10l upgrade. I have little to no experience rooting locked bootloader phones, and I have to be honest, I am more confused than I have the answers. Now that I have confirmed that I will end up with 10l update, can you guys give me a noob boost and give me step by step on how to root, Xposed, and possibly back up my stock image, since I do NOT want to end up with the PR build, with the green dot, in case things go wrong?
Am I correct that the right answer to my problem is, Low Effort Root with the floating 10l rooted img file, located here: https://drive.google.com/file/d/0B54ceS-n3ZAiaVAxMkJFLXNMYmM/view?pli=1
Please help me out guys, would even appreciate more if we can maybe connect on Google Hangouts for some dynamic help? Please let me know and thank you again for your wonderful so far !
Yes, exactly. Use the floating around 10I rootedsystem.img with the Low Effort Root instructions. But definitely keep a unrooted system.img on the internal storage as a backup. Instructions are in the LER thread. Just read carefully and follow the steps and you should be fine. All copy and pasting.
You have the correct 10I rooted system img file. I would recommend following the LER steps and backing up the system image for 10I (see post 2 of the LER thread). This would give you the stock image for later use. Then follow the LER steps to the dot using the rooted system image file you have from the google drive link. The LER thread has pretty clear instructions on backup and flashing system image files for the G4. Just make sure to rename your downloaded file as "system.rooted.h81010i.img" and use it in the command...the file name here is the most important!
Thank you guys, couple of follow up questions:
1. Do I run the backup command to copy my Non Rooted image, right after the step that gives us the DIAG Port Number? Or do I do it after the "id" step?
2. The generated back up, I assume will be done as an .img file in the root of my phone, correct? I assume I just back this up on my computer and/or External HD?
3. This is the scariest step. When I am running the step for flashing the rooted img, I need to rename the downloaded file to, "system.rooted.h81010i.img" as @mu3g recommended? Why not, "system.rooted.h81010m.img" for example?
4. I just use the exact file name we determined above for my downloaded rooted 10l image file, in the flash command when following the LER guide? Exactly that file name, correct?
Thank you again for all your help and excuse me for my continuous noobness!
Answers:
1. Run the backup command in Step 7 of the LER root ("Run the command specified in the section below titled 'Commands to Run' to flash the rooted system image.") <<---replace the commands to run with the command to backup your unrooted clean system image to your internal memory ---- if you compare the commands, it will become obvious on how the data is being moved (pushed or pulled from the phone).
2. The generated backup will be on the root of the internal memory of the phone. Yes, you can then move it to your computer or any other location for safekeeping AFTER you've booted your phone up properly - don't do any of this while you're still in the LER state.
3. I just gave you a recommendation on the name..you can name the rooted system image file whatever you want - you can even leave it as the way it is....just make sure to use the EXACT file name for the image in the commands to run (also 10I, 10M etc. are software version numbers..I'm not aware of a 10M version being released for AT&T. In any case, just use the EXACT file name for the rooted image.
Thank you @mu3g! I think I am now ready to go through the process myself with confidence.
I am, however, still a bit confused about the file name of the rooted image that I will be flashing. If the phone already has 10l installed, and I leave the name of the rooted image intact, that is, "system.rooted.h81010l" would the phone still accept/get tricked into, thinking that it's getting an "update"? Or did you mean that the file name could literally be anything like, "filename.img" and if the commands match it, all will be installed correctly? As in, when the system boots, it will have all the correct build and software information with it being a 10l update and etc?
Please forgive the annoying, detailed questions, but I want to not mess this up, since every guide triple emphasizes the importance of the command being absolutely right! Thank you!
You can literally name it blahblahblah.img as long as you use blahblahblah.img in the commands to run for the rooted system image. The file naming scheme has nothing to do with the acceptance or rejection of a system image. When you're in the bootloader mode ready to download files (which is the mode for LER), you can inject any file into any partition, anywhere on the phone...it's just whether the phone can use it or not properly and whether or not it ends up being a brick
Your file name for the system has nothing to do with the build number showing on the phone after booting up.
EDIT: The only reason I gave you that file naming scheme is because you don't seem to be too comfortable with the command line, thats all..that way you could copy paste the command from the LER guide and just replace "g" with "i" - that's all..if you're good with the command line and careful, you'll be fine..just make sure the file name is correct..you can't get much else wrong.
Understood brother, just needed that clarity. I am not an absolute noob with cmd line, but you know how it goes when you're rooting your phone, the perpetual fear of an expensive paperweight!
I cannot find the thanks button here, wish I could, so I could thank you over and over and @Nowak4G, but either way, thank you so so much @mu3g!!
good luck!
How did it go? Were you able to go through with it?
While the green dot does usually appear on 810 phones running the PR KDZ, I have heard reports of it on some 815 ...its pretty random. I just did a warranty exchange for my 810 so I will likely be staying on the ATT software.
Hi Guys, wanted to update this thread with my results...:
I successfully rooted on H810l (AT&T) with 0 issues, following the Low Effort Root. Per the recommendations of the process, I also backed up my Stock, Unrooted, .img file for restoration to Stock, if it were needed. Well, I might be moving on from this phone and need to return to stock. Can someone advise the exact steps/commands to return to stock using the unrooted .img file I backed up before pushing the rooted .img? And can you confirm that you did this successfully as well?
I would really appreciate it! Thank you!
I have not done it myself, but if you uninstall all your root apps completely, make sure to enable any and every disabled app you may have (like for example AT&T apps etc.) using the debloater software and then follow LER to install the stock image on it, it should come back to bone stock. Remember, the key here to to ensure that no root apps exist on the phone - I guess SU will get wiped out, but its better to do it clean. And secondly, any disabled apps need to be re-enabled for a smooth process. These are just my $0.02...so proceed with caution.
Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
@jcadduono - For recowvery, and pointing me in the right direction on IRC.
@brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Very cool work! Glad to see people putting my shell (such as it is) to good use. Wish I had a V20 to try it out
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
jcadduono said:
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
Click to expand...
Click to collapse
if system_server can read init then thats a serious flaw.... Question for you. you said it would be very device specific. does that mean its unique for each individual phone or each model?
EDIT:Unfortunately we only have access to the init.rc not the binary it self.
@jcadduono I appreciate your input and direction in this matter another idea we have been toying with is
We have the aboot boot recovery and system dump. From the tmob variant would it be possible to make a tot from that for our devices changing the props to match our device, build, and carrier info? We can also pull apks from /system/apps and /privapps to our ext sdcard
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
roosta said:
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
Click to expand...
Click to collapse
It should work on all models. I personally use a sprint model(LS997). I think it MAY have been tested on VZW as well.
I can confirm that work on H990DS
Sent from my MI PAD using XDA-Developers mobile app
We know from earlier LG phone releases that the laf partition when bypassed in some way (corrupted, etc) aboot will boot to fastboot when going into download mode. It was my thought that the bootloader could be unlocked from there. However corrupting laf eliminates device recovery. Catch-22.
I think the best way to proceed is to get a working .TOT first which is just a waiting game. That would ensure device recovery and replacing the bootloader in the .TOT and signing it with something unlockable.
This is a great way to explore the locked phones in the meantime, thanks.
ATT Pretty Please
me2151 said:
Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
@jcadduono - For recowvery, and pointing me in the right direction on IRC.
@brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Click to expand...
Click to collapse
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
NRadonich said:
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
Click to expand...
Click to collapse
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
elliwigy said:
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
Click to expand...
Click to collapse
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
markbencze said:
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
Click to expand...
Click to collapse
Unfortunately its a tcp shell. not a pure adb shell. so we cannot push or pull to those directories
Wow great progress keep up the good work. You guys are helping those assholes from LG sell more phones. Obviously some people have not made the switch because the lack of root. Root users are very influential leaders to get others to try out a new device.
Sent from my LG-LS997 using XDA-Developers mobile app
Works on the LG G5 also...
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
roosta said:
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
Click to expand...
Click to collapse
it shouldnt be an expectation as weve made it clear we do not have root and are hitting hurdles.. we have been advised we need to atack selinux and or the bl but at this point were wanting to try to use debug firmware which hoprfully would allow a bl unlock..
unfortunately nobody can creat a .tot with the debug firmware at al and theres no way at all to flash the images..
we need to somehow leverage an exploit to gain a temp adb root shell before we could even attempt anything and this has not been done in a way thats useful to us..
unfortunately we need more experienced devs at this point.
LG Australia (and as such, Taiwan) have effectively confirmed their H990DS v20 mobile phone's bootloader is confirmed as being unlockable. However (and for no apparent reason) they will not confirm why one region have released a variant of the phone with the bootloader unlock and why they are refusing this to others phones/regions. Because of course, they have zero training and information about anything related to their company expect for goods released in a specific region. That comes from a 'product expert'
Titanium Backup
Howdy,
Just reading through the thread, I understand that it's not quite a "full" root, but would it be enough to run Titanium Backup? I'm hoping to move away from root access with my V20 but it would be really helpful if I could do it temporarily, restore some application and data backups, reboot and uninstall Titanium.
Tim