[Q] Rooting a new droid ultra 4.4? - Droid Ultra Q&A, Help & Troubleshooting

Ok, so I have been scouring the interwebs for 4 hours now, and I am getting 100 conflicting stories. I am not sure if I can post youtube links, but one says That I can use Kingo (didn't work for me) another was from FrenchGrape100 Neither worked for me, downloaded everything they said, did it all OTA. If anyone has any information, please reply.
Thank you in advance!
~Kevin D.

Okay, here's a TL;DR on the Droid lineup root situation. Essentially, you're out of luck at this point. No root for you! (Or for me, or for a lot of other annoyed users out there. You're not alone.)
Let me reiterate: if you currently have a brand new Droid running 4.4, no root is possible at the moment.
That being said, you're probably getting mixed accounts of this because of the following. Droid Maxx/Ultra/Mini sounds a lot like the Moto X--and they're very similar phones. However, the Moto X DOES have root on 4.4. It's a complicated process that involves downgrading to 4.2, installing a backdoor, and upgrading again to 4.4, then using the backdoor to regain root access. However, as the Droid Maxx/Ultra/Mini have locked bootloaders, it is not possible to downgrade after accepting the OTA upgrade to KitKat 4.4, and most new phones in the lineup are being shipped out with 4.4 already installed.
The first inkling of possible root was when noted dev and exploit-master jcase mentioned, tangentially and on twitter, that he HAD found an exploit for our phones. However, the exploit is not suitable for casual user usage, and still doesn't unlock write protection on the phone, making it essentially useless. Oh, and as a result of the locked write protection, root would be lost any time you restarted the phone. Jcase will be revealing the exploit at the blackhat conference this coming August as a teaching tool, but don't expect it to turn into anything we'll be seeing a solution out of.
The next glimmer of hope came a few weeks ago; remember how I said we couldn't downgrade because of our locked bootloaders? Some Motorola employee started selling bootloader unlock codes for the Droid lineup. You could send the guy 40 bucks and your IMEI number and he'd send you back a device-specific code to unlock your bootloader. Which through an even more complicated process, does eventually allow for root. However, as of about 2ish (?) weeks, the guy selling the codes has stopped; it seems like he/she/them/it/whatever no longer has access to the database containing the unlock codes. A few lucky people got codes before that happened--the process seemed sketchy, and those of us like myself who hesitated are now left with locked down phones.
So yeah, at various points, it's been possible to get root--which, when trying to read up on this stuff, makes it a tad hard to follow.
No root now, though, not if you're already on KitKat 4.4.
Sorry for the disappointment. Keep your ear to the ground in case someone offering codes pops up again and is legit--but I wouldn't hope too hard.

I am one among those few lucky people who got code and unlocked the BL and enjoying root now in 4.4.
@Jumnhy
However, the Moto X DOES have root on 4.4. It's a complicated process that involves downgrading to 4.2, installing a backdoor, and upgrading again to 4.4, then using the backdoor to regain root access. However, as the Droid Maxx/Ultra/Mini have locked bootloaders, it is not possible to downgrade after accepting the OTA upgrade to KitKat 4.4,
Click to expand...
Click to collapse
I want to add only one extra info to make things more clear. Actually BigRed's Moto X is also coming with locked / encrypted BootLoaders like DroidMini/Maxx/Ultra, but since its 4.4 update came first and without signature verification / check and hence downgrading was possible in its case. But in 4.4 of Droid series, the mistake was corrected and downgrade was IMPOSSIBLE.
So Droid users with 4.4 and NO root has to live without root in the future, unless any wonder occurs (like the earlier code purchase).
Moral of the Story:
If you want root access in Droid or other BigRed's phones, buy their Dev edition in future.

Good clarification. Missed that point myself!

This is really disheartening. I had one Droid Maxx back before the update and like an idiot, I updated without researching first. Now I got my insurance to replace the phone hoping that they'd send me one which hasn't been updated yet and instead they sent me one with 4.4 pre-installed. So I started researching and I thought it was possible because I saw a thread where an XDA user... Einstein something or other... said he got the downgrade to work. I think I'm just going to sell the phone and either try to buy one without the update or get a different phone.

ThunderWulf said:
This is really disheartening. I had one Droid Maxx back before the update and like an idiot, I updated without researching first.
Click to expand...
Click to collapse
my dear thunder, you are not alone.... i miss tethering my internet....

nerdyplayer said:
my dear thunder, you are not alone.... i miss tethering my internet....
Click to expand...
Click to collapse
Tethering does not require root. Now if you want wireless hotspot no frills then yes you need root.
You could use easy tether pro to tether just fine without root. But if you wanted to share that connection with more devices the first one would have to remain on. You can bridge the connection to your wireless card and share it.
Sent from my Nexus 7 using Tapatalk

kanagadeepan said:
I am one among those few lucky people who got code and unlocked the BL and enjoying root now in 4.4.
@JumnhyI want to add only one extra info to make things more clear. Actually BigRed's Moto X is also coming with locked / encrypted BootLoaders like DroidMini/Maxx/Ultra, but since its 4.4 update came first and without signature verification / check and hence downgrading was possible in its case. But in 4.4 of Droid series, the mistake was corrected and downgrade was IMPOSSIBLE.
So Droid users with 4.4 and NO root has to live without root in the future, unless any wonder occurs (like the earlier code purchase).
Moral of the Story:
If you want root access in Droid or other BigRed's phones, buy their Dev edition in future.
Click to expand...
Click to collapse
Do you mind sort of breaking down the process you did once you got the code and how the code was styled. Alpha-numeric? 10 digits? Things like that. I am considering that since there is a code and method for unlocking the device in an offline setting, that could be bruteforced using strong hardware GPU. (Which I tend to have these days thanks to virtual currencies.)
I am going to run on the assumption Motorola won't lock out a user for multiple incorrect attempts but who knows.

netuoso said:
Do you mind sort of breaking down the process you did once you got the code and how the code was styled. Alpha-numeric? 10 digits? Things like that. I am considering that since there is a code and method for unlocking the device in an offline setting, that could be bruteforced using strong hardware GPU. (Which I tend to have these days thanks to virtual currencies.)
I am going to run on the assumption Motorola won't lock out a user for multiple incorrect attempts but who knows.
Click to expand...
Click to collapse
It's a 20 digit Alpha numeric code. You enter the code in fastboot mode using the command fastboot oem unlock <code> Since there are 36^20 possible combinations good luck bruteforcing THAT

I think the BL unlock is no longer available from what I have been reading. If anyone has had success lately please correct me.
Sent from my DROID MAXX using Tapatalk

BladeRunner said:
It's a 20 digit Alpha numeric code. You enter the code in fastboot mode using the command fastboot oem unlock <code> Since there are 36^20 possible combinations good luck bruteforcing THAT
Click to expand...
Click to collapse
I know that this question is rhetorical, as reverse engineering this is probably not possible, but is it full alphabet, or only the hex characters a-f for the alpha characters? That's a smaller alphabet. (Also, if it is upper and lower case letters, that's at least a 62 character alphabet, so 62^20. If they are just hex digits, that's "just" 16^20.)

doogald said:
I know that this question is rhetorical, as reverse engineering this is probably not possible, but is it full alphabet, or only the hex characters a-f for the alpha characters? That's a smaller alphabet. (Also, if it is upper and lower case letters, that's at least a 62 character alphabet, so 62^20. If they are just hex digits, that's "just" 16^20.)
Click to expand...
Click to collapse
full alphabet and I have only seen upper case letters

unlock code
an21281 said:
I think the BL unlock is no longer available from what I have been reading. If anyone has had success lately please correct me.
Sent from my DROID MAXX using Tapatalk
Click to expand...
Click to collapse
I just tried to purchase the code. Be guy says no more 2013 codes. Only 2014 production

JarMagic said:
I just tried to purchase the code. Be guy says no more 2013 codes. Only 2014 production
Click to expand...
Click to collapse
Very interesting...

JarMagic said:
I just tried to purchase the code. Be guy says no more 2013 codes. Only 2014 production
Click to expand...
Click to collapse
Some late '13 are getting it anyway...

Related

Major Security Bug, or Universal Root?

http://www.huffingtonpost.co.uk/2013/07/04/bluebox-android-security-bug_n_3545216.html
So we have a bug present in virtually all of the Androids. Everyone's talking about the security risks, but all I can think of is that it would be an excellent method to root my otherwise unrootable phone (Softbank 201M; Japanese Razr M).
I imagine some slight tailoring may be required to get this to work on different phones (changing which App is replaced, version numbers, etc), but that would be basic, compared to the code base itself.
Has anyone actually started exploiting this for good instead of evil? I'm wondering if this is something I should try to do myself, or if it'd be better to just let someone with more free time do it first.
Omegaclawe said:
http://www.huffingtonpost.co.uk/2013/07/04/bluebox-android-security-bug_n_3545216.html
So we have a bug present in virtually all of the Androids. Everyone's talking about the security risks, but all I can think of is that it would be an excellent method to root my otherwise unrootable phone (Softbank 201M; Japanese Razr M).
I imagine some slight tailoring may be required to get this to work on different phones (changing which App is replaced, version numbers, etc), but that would be basic, compared to the code base itself.
Has anyone actually started exploiting this for good instead of evil? I'm wondering if this is something I should try to do myself, or if it'd be better to just let someone with more free time do it first.
Click to expand...
Click to collapse
Vulnerabilities leading to root are always a security risk. Problem with this one, is it can be possible to pull off without the user directly knowing what is going on. Bluebox security has not released details, but as soon as they do I am sure we will start seeing some roots based off it.
Now, what is this about Softbank 201M and Japanese Razr M not being rootable? Do you have either of these phones or their firmware?
jcase said:
Bluebox security has not released details, but as soon as they do I am sure we will start seeing some roots based off it.
Click to expand...
Click to collapse
This. I'm sure we'll be seeing a flood of rooting methods based off the Bluebox discovery, given that they say this flaw is present as far back as Donut.
The Thanks button is just to avoid "THANKS" posts in threads. Nothing more. Don't defeat the purpose of why it was introduced.
jcase said:
Vulnerabilities leading to root are always a security risk. Problem with this one, is it can be possible to pull off without the user directly knowing what is going on. Bluebox security has not released details, but as soon as they do I am sure we will start seeing some roots based off it.
Now, what is this about Softbank 201M and Japanese Razr M not being rootable? Do you have either of these phones or their firmware?
Click to expand...
Click to collapse
The 201M is the Japanese Razr M. I do indeed own the phone, and the firmware (at least the old version) is available in the Razr M forum. I've spent a lot of time trying and modifying different root methods to work with it, and nothing has worked so far. Haven't gone far enough to really risk bricking my phone, though (like trying to install the Verizon firmware and root that). No one has yet found a root for it, though. Possibly due to a lack of developers; possibly due to Softbank waiting months after the release of updates in the US to find the root methods and break them before release (such as destroying the entire ADB backup to make that root method fail). As you might imagine, it's somewhat frustrating. Doesn't help that there's a lack of developers with the specific version that know much about rooting at all.
Even tried the Japanese sites. No luck.
Omegaclawe said:
The 201M is the Japanese Razr M. I do indeed own the phone, and the firmware (at least the old version) is available in the Razr M forum. I've spent a lot of time trying and modifying different root methods to work with it, and nothing has worked so far. Haven't gone far enough to really risk bricking my phone, though (like trying to install the Verizon firmware and root that). No one has yet found a root for it, though. Possibly due to a lack of developers; possibly due to Softbank waiting months after the release of updates in the US to find the root methods and break them before release (such as destroying the entire ADB backup to make that root method fail). As you might imagine, it's somewhat frustrating. Doesn't help that there's a lack of developers with the specific version that know much about rooting at all.
Even tried the Japanese sites. No luck.
Click to expand...
Click to collapse
if u can get the recovery out then it is possible to root the device

[Q] Droid Ultra/Maxx - Is there a way to root my device and unlock the bootloader?

Hello all!
I am using the Droid Ultra forum because I can't find or there doesn't seem to be one specifically for the Maxx. I assume they are they same phone but one just has a better battery.
I recently bought my new Droid Maxx using an upgrade. When it arrived, I tried using FoxFi for wifi tethering since LTE is faster than my house internet. I found out it won't work since I have the 4.4. To anybody that is curious, 4.4 came with my phone, I didn't use the OTA update.
After looking around on the internet, I am unable to find a guide that can root my phone. Has anybody made a bootstrap?
I am wondering if there is a way to root my phone with the 4.4 kitkat, whether 4.4 root method is still in development, or people have given up on trying to root it.
Something else. I tried to root my device with two programs, each have failed in the process. Kingo and OneClickRoot.
There is no working root for Android 4.4 on the Ultra/MAXX/Mini, you're stuck like everyone else.
There was "a Chinese guy" doing bootloader unlocks for ~$40 in the recent past few weeks but he/she/it has since stopped doing so (probably unable to access Motorola's database anymore or simply got caught doing it, who knows).
So again, you're stuck with stock 4.4 like everyone else is. The info is all over this subforum...
br0adband said:
There is no working root for Android 4.4 on the Ultra/MAXX/Mini, you're stuck like everyone else.
There was "a Chinese guy" doing bootloader unlocks for ~$40 in the recent past few weeks but he/she/it has since stopped doing so (probably unable to access Motorola's database anymore or simply got caught doing it, who knows).
So again, you're stuck with stock 4.4 like everyone else is. The info is all over this subforum...
Click to expand...
Click to collapse
Ah, that is quite unfortunate. I just needed to get caught up in the news. Thanks and I hope to see some root hacks soon.
Garret27 said:
Ah, that is quite unfortunate. I just needed to get caught up in the news. Thanks and I hope to see some root hacks soon.
Click to expand...
Click to collapse
You could try easy tether pro
I've been thinking. I was reading the forums quite abit recently. The Chinese guy might of had access to the Motorola database with the IMEI or he might have developed a serial-cracker. I remember using keygens to unlock copies of Microsoft Office along time ago. This guy might have done the same but kept it for himself to make a profit. I am wondering if we might see a keygen that uses a person's IMIE.
Just an idea I had.
Sent from my XT1080 using xda app-developers app
So for the sake of getting a more informed is this piece of crap ultra worth keeping in the hope of a root solution in the near future, or is anybody really even working on one?
It's a good phone that could be great (not as great as the MAXX 'cause of that battery life and no wireless charging) - I would say don't hold your breath for an unlock for the bootloader or even root nowadays, it's getting way too tough to root and bootloaders are pretty much... well, locked up I suppose. I don't know of any devs that are seriously working on the Droid devices anymore, it's kind of a crapshoot if you find one I guess.
IF I had gotten either of them before that "Chinese guy" stopped providing the bootloader unlock codes I may have developed a different opinion, but I missed that window of opportunity and so I decided holding onto those phones wasn't feasible given my requirements.
As I said in another post, I did like the MAXX and Mini when I owned them recently, but the fact that I wanted a bit more capability meaning root access because I use some apps that require it as well as the option of potentially using some customized ROM or doing customization that might require something like the Xposed framework means you're dead in the water with the Ultra/MAXX/Mini.
I sold both, picked up a Samsung Galaxy Express for $80 and it's unlocked (for T-Mobile, did that in 2 minutes), rooted and of course running CyanogenMod 11 aka Android 4.4.2 without a single issue so far except the camera FCs often but that's a well known bug that persists and likely will always be problematic (except on those new CyanogenMod phones I suppose since they're designed to run that OS 100% without problems).
The Ultra, the MAXX, and the Mini are damned nice devices if you like "pure stock" and pretty much zero chance of them ever being anything else - the fact that they're GSM unlocked from the factory is a plus, so is the wireless charging for the MAXX and Mini, but that's about it for me and not enough to keep them for the long haul.
Good luck...
Thank you very much for an honest opinion. Fortunately I just signed on with Verizon and received this phone only a couple of days ago and have the option of retuning it and canceling the service with only a minimal restocking fee to deal with. I guess I will have to exercise that option because root access to the device is critical for use at work.
SOSDD said:
Thank you very much for an honest opinion. Fortunately I just signed on with Verizon and received this phone only a couple of days ago and have the option of retuning it and canceling the service with only a minimal restocking fee to deal with. I guess I will have to exercise that option because root access to the device is critical for use at work.
Click to expand...
Click to collapse
Exchange for a gs5. It has root. As does the HTC one m8. The m8 looks well built. And the dot view case is sweet.
Sent from my unlocked consumer edition Motorola Droid Maxx xt1080m.

[Q] Can I root my device if I have the latest OTA update?

HTC One M8 on Verizon. Android version 5.0.1. I did a lot of research yesterday, and could not find any working solution to root the phone. It's hard to find anything on Google because generally the information will be outdated (from last year or the year before). So can someone fill me in on what exactly I'd need to do? This is my first smartphone and I've never rooted an Android device before.
ziddy5 said:
HTC One M8 on Verizon. Android version 5.0.1. I did a lot of research yesterday, and could not find any working solution to root the phone. It's hard to find anything on Google because generally the information will be outdated (from last year or the year before). So can someone fill me in on what exactly I'd need to do? This is my first smartphone and I've never rooted an Android device before.
Click to expand...
Click to collapse
Assuming you are still S-On and locked then you are stuck without root for now.
BladeRunner said:
Assuming you are still S-On and locked then you are stuck without root for now.
Click to expand...
Click to collapse
This is what I was afraid of. How can I keep track of when there is an update to the situation?
ziddy5 said:
This is what I was afraid of. How can I keep track of when there is an update to the situation?
Click to expand...
Click to collapse
keep checking these forums and/or follow @teamandIRC on twitter
Rooting the already updated HTC One M8
It's going to be difficult. I've been scouring the webs for weeks looking for the answer to that one. The Sunshine S-off didn't work for me. The only way I can find right now to do this requires finding somone that has purchaced the elusive "HTC java card" sometimes called the HTC S-off card. They can s-off your phone in a heartbeat. Wish I had one, I just can't see forking over 375.00 to get one.
So if your S-off there is a root method available ? I haven't found it if there is.
I'm running 5.0.1 Verizon S-off
Thanks in advance
jjmstang said:
So if your S-off there is a root method available ? I haven't found it if there is.
I'm running 5.0.1 Verizon S-off
Thanks in advance
Click to expand...
Click to collapse
If you're already s-off then just install twrp and flash, reboot recovery and it should ask you if you want to install root
BladeRunner said:
If you're already s-off then just install twrp and flash, reboot recovery and it should ask you if you want to install root
Click to expand...
Click to collapse
It seems you have to be rooted to install TWRP........at least what found
You only have to be rooted to install it with their app. If you are s-off you can download it from their site and flash it with fastboot.
mpappas87 said:
You only have to be rooted to install it with their app. If you are s-off you can download it from their site and flash it with fastboot.
Click to expand...
Click to collapse
I followed this method and I have re-gained root
http://forum.xda-developers.com/ver...ow-to-root-ota-pc-s-off-t3048604#post59750567
Now I'm going to try and flash the Dragon ROM with Sense 7
Thanks again for the help
same boat ; old filmware?
just received this HTC One M8 thru verizon, lollipop 5.0.1 after day 2 OTA update. I've been rooting every device i've owned since 08. Busy with daily tasks I haven't had a chance to sit and try unlocking bootloader until this weekend. I hit a wall when HTCdev returned an error after entering the identifier token \(^~^)/ . I did some reading, couldn't find anything.
I'm coming from a xt912 I've pretty much squeezed all I can get out of it since I got that brand new. I put CM12 on that just recently this HTC makes that the moto seem primitive. After bricking that (moto)spyder a few times flashing bad zips or doing things out of sequence I've put it thru the ringer and used RSDlite to just start from scratch. I have also found these device can put up with a lot and still bounce back. Geeze, I have three years of continuous text and data backed up on SD, lol . Something I haven't tried and wonder, does anyone know, is there any old VZW filmware for this M8 maybe 4.4.2 and try un locking from that point or Does the token id stay the same no matter what filmware?
Htcdev won't work on our phone because it's blocked by Verizon. Also, it's not possible to downgrade firmware or the OS without having s-off. At this time there's no way to get s-off on lollipop so you're pretty much stuck where you're at until an exploit is found by someone. Sunshine works for anything up to 4.4.4 but it won't work on a Verizon phone that's running 5.0.1. About all you can do right now is wait to see if Jcase and Beaups come up with a way to make it work on a Verizon phone too. I know that's not what you want to hear but that's how it is at the moment.
benjdevel said:
I've been rooting every device i've owned since 08. weekend. I hit a wall
Click to expand...
Click to collapse
Okay, glad I didn't spend too much time trying to figure this out, never rooted a device before
Gotcha . ...Stupid vzw ? I glanced at a procedure to unlock SIM. Have no idea if that would help anything. Havent tried it. Ill have to keep a watch out for something. Really compaired to that spider this thing is like a ferrari. Not too much bloatware. Lollipop rocks and knowing Im up to date for the most part calms me a little. I still dont like the idea of not having complete control of my device. I've already received a few notification marketing related from verizon that i could not close unless i looked at it. I did notice control over saving things to my ext sd i do like. I am a student just getting into the ist world.wish there was something i could help with. 5 classes is killing me at the moment though. I did also try to install an imsi catcher apk updates version and it seemed like it ran fine. I could of swore that app needed root access. I could be wrong with the newest version though.
Joint Java Card?
Same boat (Verizon, htc one m8) . . . For some reason I was thinking Lollipop was the update which was still able to be handled by Weaksauce 2. So I accepted the OTA, without thinking. -hadn't gotten around to s-off, etc., before this time around.
So, in some 2013 posts, I saw that some people had tried to pool resources and share a Java Card, etc. But sending phones to a "card keeper", is expensive, and unsafe (besides having to live without your phone for a few days.). jcase, on their company's IRC support channel, indicates that the card is more than just a simple microSD card, which one might be able to dd a filesystem image from (i.e. copy it for distribution). That's entirely possible, since all SD cards have micro-controllers for dealing with failed sectors, etc (check out "Bunnie's Blog"). Basically, the controller could make it tough/impossible to access part of the card, and can take care of decrimenting credits, encryption, signing, etc. Even if it were a basic SD card, the use of signed binaries, and external license/resource server, etc. could still make it tough . . . -although the card I found states it needs no internet connection. It would be much cheaper to send the card, rather than phones. But how to coordinate and pool the cost seems like it could be a pain?
So here's what I'm thinking about:
Someone (me?) could purchase a legit, new htc Java Card. After I use my 2 or 3 credits to s-off/unlock my phone, I could put the card on, say, ebay for maybe $5 less than what I bought it for. Then, another person could use some credits, then sell it again, for a little cheaper, etc. If we want to keep it "in-house", we could just send to each other and pay with PayPal or Google Wallet. But, with e-bay, one could just copy/build on the ad the first person started. Take a picture of your phone's screen, when the remaining credits are shown, and put it on the ad. With 2000 credits, my conservative estimate is that it could cost less than 72 cents, for each unlock. The $5 incremental discount might be close enough to cover re-shipping costs.
The Sunshine guys have, for free, helped many of us over the years. So I was planning to purchase their solution, if it worked for this situation. But their download page states that "Verizon 5.0.x users will have to wait until we update.". They indicate they could get us supported soon, but they also indicate that Lollipop is much more secure, with SELinux updated and better enforced., etc. So I am a little concerned about when that will actually happen. I see they've been posting updates for Motorola, and making sure people are able to pay them via PayPal, etc. But nothing yet for Verizon 5.0.x.
Does anyone know/recall how long after the last android update, someone came up with a root exploit? I'm just trying to get a rough guesstimate about the minimum time people will have to wait this time. -then add time because Lollipop is apparently significantly more secure. I guess I don't completely mind that my phone might be secure enough to not make it tougher for someone to get into the deepest parts of it, without specialized hardware (Java Card), if I were to lose it.
But, really, what Verizon and htc and others have done to these devices . . . They are, essentially, specialized computers. It would be like if Dell or another computer manufacturer sold you a computer, without allowing you access to your administrator account (and no clear/easy way to boot from another drive, to recover/fix things, etc.). That's crap.
I dunno. What do people think? I suppose I could just try it, and see.
Are new devices updated already? If I were to get a phone from verizon today will it already have the Lollipop update or would I get a still root-able device that I can deny the update?
libredroid said:
But, really, what Verizon and htc and others have done to these devices . . . They are, essentially, specialized computers. It would be like if Dell or another computer manufacturer sold you a computer, without allowing you access to your administrator account (and no clear/easy way to boot from another drive, to recover/fix things, etc.). That's crap.
I dunno. What do people think? I suppose I could just try it, and see.
Click to expand...
Click to collapse
I like the idea of that Java card:good: and I completely agree with you on how wrong it is restricting administrative rights, especially considering these things are comparable to a new computer.
dimsumx said:
Are new devices updated already? If I were to get a phone from verizon today will it already have the Lollipop update or would I get a still root-able device that I can deny the update?
Click to expand...
Click to collapse
No guarantees either way.
What is the status on SunShine for our device?
I got the Java Card.
@vazersecurity: still "Verizon 5.0.x users will have to wait until we update.", as of today.
I got the card, as previously proposed, and was able to get S-Off on my USA-Verizon HTC One M8 with the Lollipop OTA.
I needed to download and place two files in the root of the card (now done).
I then (CID changed) was able to use htcdev.com to unlock my bootloader, and ultimately gain root. I'm now happily running a current Cyanogenmod ROM. To regain some functionality from my camera, etc., I installed the htc camera, HTC Gallery, and Zoe apps from the Play store.
So I've already created a listing for the card on eBay. I assume the forum rules won't allow me to post the link. But I, honestly, always intended to use that as a way to make it more convenient to share with a community of people who wish to join in. -not to try and make any money off the card. Again, rather than have people ship phones to one person (with the shipping cost, and being without their phone), if figured it would be cheaper, and less disruptive, to ship the actual card. So, you'd purchase the card from the previous user, then re-list it for a bit less than what you paid for it. With the starting cost and credits, S-Off is about 30 cents, each. As the card credits get used up, it gets cheaper. Maybe each person would end up paying a few dollars for S-Off, when you factor in the shipping.
Maybe a moderator could chime in about whether it might be OK to post a link to this "community-intended" listing. -or suggest a better contribution/distribution method.
Also, since many users in our situations have been out of luck regarding S-Off, for a few months now, might a moderator or someone suggest/implement a way to post/place this information more prominently, in the forums?
Thanks.

YA 4.4.2 Bootloader Discussion

Hey there remaining Verizon S3 users!
Coming from my favorite device the T959V this has been quite a trip. This device's bootloader is seemingly impossible to unlock on the 4.4.2 NE1 firmware.
I've got a slightly modified Superlite rom rolling with SafeStrap already strapped. And it is great to say the least. Added some initd and utilities. Evie launcher is pretty nice btw- recommend a try :good:
However. I still really want this thing to be unlocked. The T959V has multiple working Fro, GB, ICS, JB, KK, L, M, AND Nougat ROMS. Totally different devices yes but-- even the newer S4-S6 have cracked loaders now.
There has to be a special way to change this things firmware.
Right now I have 2 ideas to throw out to the wind-
1- Would be that there could be a way to trick the device into thinking it is receiving a new update. Maybe somehow with CSC or something. Also I saw a file named authorized.xml and was reading through to find traces of knox. Would unauthorizing knox strings somehow render it useless?
2- I was reading a suggested post about AVB boots and how they can be resigned on devices such as the Google Pixel and allows the newer patches to still install. Including what was described as a forced re-sign method.
--- Could we somehow resign the bootloader on our device so as to gain control of it? Has anybody tried anything like this since around 2015?
I'll gladly talk about all of this more whenever I feel like popping on- and atm I have no web besides this service. :silly: so no DOS updates and no shiny linux for now.
Gladly tell me that it is "impossible" but I'm not asking that. I'm trying to add some ideas to possibly do the impossible.
Edit: This seems to be an interesting lead on emmc cracking this device. It's probably why people in other threads were in search of a "dev" edition.
http://forum.gsmhosting.com/vbb/f777/unlock-samsung-devices-bootloader-emmc-backdoor-2142981/
graycow9 said:
Hey there remaining Verizon S3 users!
Coming from my favorite device the T959V this has been quite a trip. This device's bootloader is seemingly impossible to unlock on the 4.4.2 NE1 firmware.
I've got a slightly modified Superlite rom rolling with SafeStrap already strapped. And it is great to say the least. Added some initd and utilities. Evie launcher is pretty nice btw- recommend a try :good:
However. I still really want this thing to be unlocked. The T959V has multiple working Fro, GB, ICS, JB, KK, L, M, AND Nougat ROMS. Totally different devices yes but-- even the newer S4-S6 have cracked loaders now.
There has to be a special way to change this things firmware.
Right now I have 2 ideas to throw out to the wind-
1- Would be that there could be a way to trick the device into thinking it is receiving a new update. Maybe somehow with CSC or something. Also I saw a file named authorized.xml and was reading through to find traces of knox. Would unauthorizing knox strings somehow render it useless?
2- I was reading a suggested post about AVB boots and how they can be resigned on devices such as the Google Pixel and allows the newer patches to still install. Including what was described as a forced re-sign method.
--- Could we somehow resign the bootloader on our device so as to gain control of it? Has anybody tried anything like this since around 2015?
I'll gladly talk about all of this more whenever I feel like popping on- and atm I have no web besides this service. :silly: so no DOS updates and no shiny linux for now.
Gladly tell me that it is "impossible" but I'm not asking that. I'm trying to add some ideas to possibly do the impossible.
Edit: This seems to be an interesting lead on emmc cracking this device. It's probably why people in other threads were in search of a "dev" edition.
http://forum.gsmhosting.com/vbb/f777/unlock-samsung-devices-bootloader-emmc-backdoor-2142981/
Click to expand...
Click to collapse
I've been around this and many many other forums for years now. If there was an unlock method it would of been found years ago. Devs have long moved on from the old S3. I still have my S3 lying around, bootloader unlocked but I really haven't messed around with it for quite a long time now
And yes the dev edition would of been nice had someone actually had one, it would of of course made it easier to crack the bootloader option maybe. I don't know much about the ins and outs of the device but I know many are permanently locked and will probably never be unlocked.
As far as certain other Samsung devices being unlocked those are far and few between. VZW got smart and started just locking them from the start. This is a huge reason why I left Verizon. The S3 was my last device on big red. I since have had a Nexus 5 and 6 and now a oneplus 3t. I really don't like locked devices and the ability to unlock them and customize them just intrigues me to no end. Good luck however in finding something that may work, but I highly doubt it will ever be cracked
Sent from my OnePlus 3T
Ya I expected your negatude Shapes. Already seen that you have been searching but it isn't just some application you run. It's an unknown exploit that I'm sure exists. There are exploits right now that can be considered viral potentially exploiting my device as we speak. Maybe not granted my semi-precautious take on things.
Quadrooter and dirty cow could be used to exploit the S3 and gain access to a quoted "all" physical memory. So I find it hard to believe that things can't work in our favor.
Being open minded here. After all, this is technically hacking your own device. Which--
Got me thinking the other day, becausr I was setting up my laptop proper- could we run a nix distro and poke through the bootloader's parameters via exploitation tools? Referencing Kali or it's elder BTrack. But I think it is possible and I just haven't gotten around this loop mounting issue.
To be clear, running a distro ON the device. My flat is already running square.
Sent from my SCH-I535 using XDA-Developers Legacy app
Also a purposely separate post- I'm building a ROM for this locked firmware and the goal is to have some specific updated apps and yet trim it nicely so as to save space and RAM it's mostly stock style-wise but it'd be cool to re-theme it. I haven't gotten things deodexed yet- being I haven't gotten my apktools working proper yet.
Is there anybody left to be interested in this? I haven't posted anything I've made before- usually just keep them lying around for emergency flashes.
Sent from my SCH-I535 using XDA-Developers Legacy app
graycow9 said:
Ya I expected your negatude Shapes. Already seen that you have been searching but it isn't just some application you run. It's an unknown exploit that I'm sure exists. There are exploits right now that can be considered viral potentially exploiting my device as we speak. Maybe not granted my semi-precautious take on things.
Quadrooter and dirty cow could be used to exploit the S3 and gain access to a quoted "all" physical memory. So I find it hard to believe that things can't work in our favor.
Being open minded here. After all, this is technically hacking your own device. Which--
Got me thinking the other day, becausr I was setting up my laptop proper- could we run a nix distro and poke through the bootloader's parameters via exploitation tools? Referencing Kali or it's elder BTrack. But I think it is possible and I just haven't gotten around this loop mounting issue.
To be clear, running a distro ON the device. My flat is already running square.
Click to expand...
Click to collapse
I don't think shapes was trying to act negative at all, just stating the obvious. Nobody is going to try to unlock the Verizon S3, it's pretty much a dead end.
The unlock method used on the S5 will most likely work on this phone, but we need a developer CID to rewrite to the emmc as the series chip used on the S3 likely has the same vulnerability. This is what happened on the S5.
If you read some of the other posts (sounds like you have), we looked for an S3 developer edition but had no luck in tracking one down. For one, it's an incredibly old device. Secondly, you'd have to be semi retarded to purchase one as the original unlock method was around before the developer edition was released.
So yes, if you can find a developer S3 this will likely be an unlock method. It tricks the S3 into thinking it's a developer phone and unlocks the bootloader if the method to write it works the same as in the S5.
As for your questions,
1. I think you're underestimating the amount of security that goes into the bootloader itself. If you want to learn a lot about Android security in general, in the Android security discussion section located under general forums, there's tons of info regarding how complex this all is. But basically, in order to send an update patch, it needs to be signed (you can't just fake the signature) and it must agree with the current bootloader. The way the bootloader is written, it simply won't allow a reversion back to earlier versions or it'll abort the boot.
An easier way to think of this is understanding that the changes made are preinstalled before the actual boot. There's no way for us to change this through normal methods as the emmc has to be written to directly. There is no way to do this from download or recovery mode. Wouldn't matter if you flashed it or used and update package, they are essentially the same thing.
So the only way to actually change the bootloader is to write to the emmc directly through use of the JTAG port. This changes the code of the entire bootloader before the boot and the phone will boot up with any version of the S3 bootloader you write.
2. I think I kind of answered that?
Hope it's clear.
BadUsername said:
I don't think shapes was trying to act negative at all, just stating the obvious. Nobody is going to try to unlock the Verizon S3, it's pretty much a dead end.
The unlock method used on the S5 will most likely work on this phone, but we need a developer CID to rewrite to the emmc as the series chip used on the S3 likely has the same vulnerability. This is what happened on the S5.
If you read some of the other posts (sounds like you have), we looked for an S3 developer edition but had no luck in tracking one down. For one, it's an incredibly old device. Secondly, you'd have to be semi retarded to purchase one as the original unlock method was around before the developer edition was released.
So yes, if you can find a developer S3 this will likely be an unlock method. It tricks the S3 into thinking it's a developer phone and unlocks the bootloader if the method to write it works the same as in the S5.
As for your questions,
1. I think you're underestimating the amount of security that goes into the bootloader itself. If you want to learn a lot about Android security in general, in the Android security discussion section located under general forums, there's tons of info regarding how complex this all is. But basically, in order to send an update patch, it needs to be signed (you can't just fake the signature) and it must agree with the current bootloader. The way the bootloader is written, it simply won't allow a reversion back to earlier versions or it'll abort the boot.
An easier way to think of this is understanding that the changes made are preinstalled before the actual boot. There's no way for us to change this through normal methods as the emmc has to be written to directly. There is no way to do this from download or recovery mode. Wouldn't matter if you flashed it or used and update package, they are essentially the same thing.
So the only way to actually change the bootloader is to write to the emmc directly through use of the JTAG port. This changes the code of the entire bootloader before the boot and the phone will boot up with any version of the S3 bootloader you write.
2. I think I kind of answered that?
Hope it's clear.
Click to expand...
Click to collapse
Truthfully after being around the forums for as long as I have I'm really surprised there is any interest in unlocking this device at this point in time. There are just so many other options and unlocked vzw s3s are not that hard to come by.
And I wasn't being negative it's about being realistic. Thanks for sticking up for me brother
Sent from my OnePlus 3T
Are there any updates to this by any chance, I am interested :C
any hope?

Options for SM-P905V

I was able to pick up a 4G/LTE-enabled Galaxy NotePRO (SM-P905V) with official Samsung keyboard case and book cover, 64 GB SD card, and two chargers and USB cables on Craig's List for $200. Pretty good price.
Anyway, I'm excited to try out this tablet, particularly the S Pen features.
The latest Android version for this tablet is 5.1.1, which is a bit old. I believe I read somewhere on this forum that the specific SM-P905V model (Verizon) can now be rooted, and I may install a custom ROM based on Android 7.x or even 8.x, if available. A couple of questions:
1) Can anyone confirm that it is indeed possible to install custom ROMs on the SM-P905V?
2) If I install a custom ROM (say, LineageOS), do I lose any of the specific S Pen capabilities provided by the stock ROM?
3) I'm not on Verizon, and I currently have no plans to use the 4G/LTE capabilities (wifi only). However, if I did, can this tablet be used with a GSM provider, such as AT&T? Is this tablet unlocked and does it support both CDMA and GSM?
4) Anything else I should think of before I dive into this tablet?
Thanks!
--Ron
Still locked bootloader...for now!
Unfortunately, this device still has a locked bootloader. I am NOT a developer, but I am looking into trying to figure out how to take care of that.
I HAVE been able to achieve root on the latest build (basically the last official firmware released -- 5.1.1 P905VVRUBOH1 -- I have been stuck without root since I bought this thing a coupla years back as that update ruined the previous exploit).
To get root, I used a paid windoze app (after trying a bunch of other stuff and other free exploits, like towelrooot, kingroot, and kingoroot and a couple other paid ones) by iSkysoft which ran me about 30-35 bux for a "lifetime" (root 5 device) membership. To me that cost is worth it for root alone (even having to boot into windows....long time linux user). My long term goal is indeed to unlock the bootloader so I can build AOSP for this thing. To my knowledge I am the first to get root on that firmware (at least I haven't seen any other posts about it here) -- not that I consider this a real contribution, just found a method that worked for me and should work for others.
Bootloader unlock has been achieved on the Galaxy S5 which is a device contemporary to this one, so it should THEORETICALLY be possible. Thread on that is here: https://forum.xda-developers.com/ve...t/rd-unlocking-galaxys-s5-bootloader-t3337909
Creator of the above thread, xda user @beaups has hosted the files for S5 bootloader unlock here: https://github.com/beaups/SamsungCID
He indicates somewhere that this should work for other CID 15 devices (my P905V is indeed CID 15 EMMC...your mileage may vary -- check out his S5 unlock thread to find out how to verify what EMMC your tablet has once you have achieved root)
Aside from that all that remains is to build a version of TWRP for this thing and the ROM development can finally get rolling.
I look forward to seeing AOSP on this thing, but I am a grad student and don't have too much time to truly knock this thing out...perhaps you (or someone else) wants to take a crack at it now that root is back.
SM
SurfRodder said:
Unfortunately, this device still has a locked bootloader. I am NOT a developer, but I am looking into trying to figure out how to take care of that.
I HAVE been able to achieve root on the latest build (basically the last official firmware released -- 5.1.1 P905VVRUBOH1 -- I have been stuck without root since I bought this thing a coupla years back as that update ruined the previous exploit).
To get root, I used a paid windoze app (after trying a bunch of other stuff and other free exploits, like towelrooot, kingroot, and kingoroot and a couple other paid ones) by iSkysoft which ran me about 30-35 bux for a "lifetime" (root 5 device) membership. To me that cost is worth it for root alone (even having to boot into windows....long time linux user). My long term goal is indeed to unlock the bootloader so I can build AOSP for this thing. To my knowledge I am the first to get root on that firmware (at least I haven't seen any other posts about it here) -- not that I consider this a real contribution, just found a method that worked for me and should work for others.
Bootloader unlock has been achieved on the Galaxy S5 which is a device contemporary to this one, so it should THEORETICALLY be possible. Thread on that is here: https://forum.xda-developers.com/ve...t/rd-unlocking-galaxys-s5-bootloader-t3337909
Creator of the above thread, xda user @beaups has hosted the files for S5 bootloader unlock here: https://github.com/beaups/SamsungCID
He indicates somewhere that this should work for other CID 15 devices (my P905V is indeed CID 15 EMMC...your mileage may vary -- check out his S5 unlock thread to find out how to verify what EMMC your tablet has once you have achieved root)
Aside from that all that remains is to build a version of TWRP for this thing and the ROM development can finally get rolling.
I look forward to seeing AOSP on this thing, but I am a grad student and don't have too much time to truly knock this thing out...perhaps you (or someone else) wants to take a crack at it now that root is back.
Click to expand...
Click to collapse
……………………………
i have also SM-P905V and i live in Germany. Rooting with iSkysoft can help to make call and use the Note.???
SurfRodder said:
To get root, I used a paid windoze app (after trying a bunch of other stuff and other free exploits, like towelrooot, kingroot, and kingoroot and a couple other paid ones) by iSkysoft which ran me about 30-35 bux for a "lifetime" (root 5 device) membership.
Click to expand...
Click to collapse
I'm trying to find the software that you used to get root. I've googled iSkysoft, but they don't show any rooting software. Can you be more specific about what Windows app you used? Can you link to it?
I'll have to double check when I get home to that machine, but I'm pretty sure this is it:
https://toolbox.iskysoft.com/android-root.html
IIRC, it was ~30 bux to get credits to root 1-5 devices..
Thanks! I'll give it a shot.
SurfRodder said:
I'll have to double check when I get home to that machine, but I'm pretty sure this is it:
https://toolbox.iskysoft.com/android-root.html
IIRC, it was ~30 bux to get credits to root 1-5 devices..
Click to expand...
Click to collapse
Tom2112 said:
Thanks! I'll give it a shot.
Click to expand...
Click to collapse
Any luck with this if you tried it? I'm really looking to just enable more apps in the multi-window split screen app drawer so i can use any app in split screen mode, some aren't available when only stock.
dmxoneIuv said:
Any luck with this if you tried it? I'm really looking to just enable more apps in the multi-window split screen app drawer so i can use any app in split screen mode, some aren't available when only stock.
Click to expand...
Click to collapse
Sorry, I did not try it.

Categories

Resources