NF5 Rooting Progress(GS3 Prepaid) - Verizon Samsung Galaxy S III

I believe this section is dead for the most part...
As many of you should know, those of us who took the OTA update have no way of rooting if towel root does not work... (Futex patched)
However there is hope!
I am not very knowledgable about exploits or reverse engineering...
There are two exploits that may be able to get us root when combined.
CVE-2014-7911(gets us system uid)
Cve-2014-4322(goes from system to root)
There is public poc code to do this...
However we need something...
I am working on getting the kernel symbols

When you get started please consider creating a thread in the Developers ONLY area which is heavily moderated. Good luck in this endeavor!!!

KennyG123 said:
When you get started please consider creating a thread in the Developers ONLY area which is heavily moderated. Good luck in this endeavor!!!
Click to expand...
Click to collapse
I figured that this may get more attention here....
I really do hope we can get root ASAP
I dunno if 4.3 kernel will work, I don't see why the addresses would of been changed but I am not a devloper nor an experienced hacker. (After some research this is probably incorrect)
Just need someone with stock kernel and root so we can get the addresses for cve 4322 and gg
Can you move this post or should I just create another thread in the developers section?

I'm rooted with Towelroot, on the Superliterom developed by mohammad.afaneh
http://forum.xda-developers.com/galaxy-s3-verizon/development/rom-superliterom-v1-0-i535vrudne1-t2805797
Not sure if that qualifies as stock kernel. I'd love to help as long as you can give me detailed instructions. If necessary I'm willing to go back to true stock if it helps unlock the bootloader so I can find a rom that's easier on the battery.
What do the commands yoh postes do, and what do you mean by "drop a link"? You can see I don't have much experience "under the hood".

IWellHeThanks said:
I'm rooted with Towelroot, on the Superliterom developed by mohammad.afaneh
http://forum.xda-developers.com/galaxy-s3-verizon/development/rom-superliterom-v1-0-i535vrudne1-t2805797
Not sure if that qualifies as stock kernel. I'd love to help as long as you can give me detailed instructions. If necessary I'm willing to go back to true stock if it helps unlock the bootloader so I can find a rom that's easier on the battery.
What do the commands yoh postes do, and what do you mean by "drop a link"? You can see I don't have much experience "under the hood".
Click to expand...
Click to collapse
If you're able to be on 4.4.2 that is rootable via towel root, it's not the exact kernel that I and others are on because futex is patched on the latest OTA. If you're able to boot into the stock rom (don't update if possible, may lose root?) and those commands (from my understanding) get us the addresses we need for the root on latest OTA. I remeber reading that they get randomized after every time it's compiled so it may not help. If someone more knowledgeable about this can help that would be great. No hurt in trying though. Just need you to do those commands then upload kallsyms and leave a link. Open it with a text editor and make sure it's not all 0's then words ect. Needs to be numbers then text, which is why root is required to do that... If we can get those adresses for the updated kernel we can get root on latest. I doubt we're getting lollipop....

Ok guys I have the boot.img for my device, the prepaid on nf5
I will get kernel from it when I can and then we are close...

Today I upgraded to an S5, so I can now afford to get locked into a stock rom on the S3. So if someone more knowledgeable can help me get this phone to the point wherr it gets you the data you need, I'll do it. In fact, I may be willing to send you this phone in a few weeks and you can borrow it for development if you promise to eventually return it with Cyanogenmod 10.x or another AOSP rom on it If it needs to be connected to get the latest OTA "up"grades then I'll get those going. My plan for the S3 is now to keep it as a backup. Saves me from paying for insurance on the new one.
Just to clarify on the commands; each line is a separate command, right? Right now kallsyms is 000000 textetc. . . I inputted the commands assuming each line was a separate command, hit the "enter" key after each line. It definitely accessed SU to do it as well.
I don't have a file upload account but if it's possible to upload it here or e-mail it I'm happy to do so.

What firmware build.are you on and whata your model? If you're not on a locked bl yet then don't lock it...
To clarify I am on nf5 on the I535PP. I think that after each tike tge kernel is compiled the adresses aee randomized... I have the compressed kernel binary from an update.tar.md5... I need to figure out how to decompress it... could I load in in qemu and do a ram dump? We basiclly just need the kernel symbols for the exploit to modify poc to work for our devices. The build date on mine is jul 22, futex(towelroot) is a nogo. I don't know if I535 and I535PP use the same kernel, I'll test when I get a chance.... If a mod could move this to devlopment and change the title to "NF5 root progress" or something like thay, woupd be great.

Ok guys, I am working on extracting.the kernel.then the kernel.adresses ahould.be easily obtainable, then I can build.the binary for 7911 to run as system and GG
When I get home I will begin I really hope I dont run into any issues...
Btw, I am not wanting/expencting donations/bountys nor am I promising anything other than mabey a "thanks". I am not a devloper and using publiC exploits and poc makes me nothing .special

OpenSourcererSweg said:
What firmware build.are you on and whata your model? If you're not on a locked bl yet then don't lock it...
To clarify I am on nf5 on the I535PP. I think that after each tike tge kernel is compiled the adresses aee randomized... I have the compressed kernel binary from an update.tar.md5... I need to figure out how to decompress it... could I load in in qemu and do a ram dump? We basiclly just need the kernel symbols for the exploit to modify poc to work for our devices. The build date on mine is jul 22, futex(towelroot) is a nogo. I don't know if I535 and I535PP use the same kernel, I'll test when I get a chance.... If a mod could move this to devlopment and change the title to "NF5 root progress" or something like thay, woupd be great.
Click to expand...
Click to collapse
I'm pretty sure the bootloader is locked; that's why I'm interested in what you're doing I was very disappointed to learn that I couldn't install an AOSP ROM after I repaired my phone.
When I replaced the motherboard and booted up, it was running 4.4.2 (and everything was in Spanish lol). The SKU on the sticker of the phone I got the motherboard from is SCHI535ZKB so does that make it the I535ZK? The concept of hardware version is new to me (and causing me frustration with my new S5).
I think the firmware is NE1, but as I said I've got the Superliterom, so under build number it says
SUPERLITEROM! V2.0
KOT49H.I535VRUDNE1
But as I said, if it helps you (and therefore helps me) I can flash it back to stock and take the OTA upgrades til it's at the NF5 firmware. But as you said I expect I would lose root, and then be unable to get the info you wanted. Seems like a real catch-22, at least at the skill level I'm at.
Glad you're making progress and let me know if you think there's anything I can do to help.

Don't risk losing root in a case I fail. You should be able to flash ne1 but don't flash nf5 or whatever. I don't think I will need someone who's already rooted since I am taking a diffrent approach to getting the symbols. I hate using hex editors... Especially ones from market and not on a pc....

I seem to have hit a brick wall... Great....
I don't seem to be able to decompress the kernel :/
I thought that most kernels on android used gzip but binwalk says its LOZ and some stuff about encryption... My device storage is encrypted and I did copy the update from it.....
I'm going to decrypt my phone tonight and try again tomarrow....

When you hit a brick wall, use a sledgehammer.
My phone is encrypted, too, so I guess it would have given you the same issue had you tried with it.

Well, I am taking a diffrent approach completely from what I originally thought I needed someone for.
I am trying to get the symbols from the kernel itself, I have gotten boot.img from the firmware, I have gotten zImage from boot.img. I am currently trying to get the goodies from zImage but having trouble getting at them. I am very confused because the gzip magic headers are there... When I use dd to get that saved and try to gunzip it I get an error about corruption... I need an uncompressed kernel to get the symbols for the qcom cve...
Once I get those I just plug those symbol values into poc code I found on GitHub, build the binary with ndk, then take that binary and put it In a folder from the other part of the poc, build the app using android studio, test it, then boom. Everyone with the same kernel *SHOULD* have root
If any of you devs with reverse engineering know how could point me in the direct for getting the uncompressed kernel binary, please point me in the right direction.
Google simply isn't helping at this point.
Basically, fire off cve 7911.
With system privileges, execute the binary and GG
I created a thread asking for help in the dev section, hope I get this going.

https://github.com/android-rooting-tools/libmsm_vfe_read_exploit
...
This is probably useful, going to try it later.

When did NF5 come out?
Is there a new radio I can flash?

LLStarks said:
When did NF5 come out?
Is there a new radio I can flash?
Click to expand...
Click to collapse
He's speaking of the prepaid VZW S3 not the contract version
Sent from my Nexus 5

Reversing the kernel doesn't seem possible to me at all at this point with my limited knowledge of this....However I have been digging and it may be possible to get root by taking the Odin flash able OTA, extracting the files, deleting the bootloader and recovery files, unpacking or mounting system.img and adding an SU binary (and setting permissions?), Repack, put it all together and then flashing it via Odin. If I can obtain root this way, I'll be able to get what I need to try to make a 1 click root for others on mf5(only the i535pp phones I believe) and then I can die happily.
I'm not much of a "developer" but I am determined to get this.

I have successfully built a flash able tar.md5 with a modified system.img.ext4 containing a su binary that I chowne as root under linux & chmoded
Also have supersu.apk chmoded and I'm the apps.
I am currently moving the tar.md5 to my sdcard from my pc and I am about to boot windows to see if I can no flash via Odin
If all goes well, I will be very happy indeed.

Well, I managed to soft bring my device.
I'm not entirely sure how I managed to do that...
I am about to flash stock again via odin, i should have backed up some files xD

Related

{KERNEL-SOURCE} GoDmOdE-EVO-2.6.29 {Make Shift Kernel}[SENSORS-LIGHTS-PANEL-FIXED]

THIS SOURCE WILL WORK ON ALL CURRENT HTC EVO'S!!!
i found the board files for the EVO a while back but wanted to wait til we at least had the release RUU to release it. now the actual kernel itself isnt a EVO kernel. its actually an Incredible kernel source with the EVO board files in it. that said i had to mod the board files a little to get it to compile. anyhow link below and remember to fork as it helps github and everyone. thanx
GoDmOdE-EVO
Commit log:
Sat May 22, 2010 - First-commit-0_o = first commit
Sat Jun 19, 2010 - Fix the wimax LED, capella prox sensor. Add epson panel support for supersonic
(panel_type=0), which is present on
hardware revision 3. Implement 9bit spi. - by Joe Hansche (maejrep)
Sun Jun 20, 2010 - Add some more epson vs novatec fixes - by Joe Hansche (maejrep)
Mon Jun 21, 2010 - Fix proximity sensor and Implement wimax LED control. These commits also fixed issues with all other sensors, and enabling them to all work!!! - by Joe Hansche (maejrep)
THIS IS A UPDATE.ZIP THAT CAN BE USED WITH FRESH ROM, TO BOOT THIS KERNEL WITHOUT WIPING. PLEEEEEESE DO A NANDROID BACKUP BEFORE FLASHING THIS UPDATE.ZIP. SO U CAN JUST NANDROID RESTORE UR DEVICE BACK TO NORMAL AFTER UR DONE PLAYING . ANYHOW CAMERA IS NOT WORKING AND THERE SEEM TO BE WHATS THOUGHT TO BE VSYNC ISSUES. ANYHOW ENJOY!!!
http://link.geekfor.me/godmodefreshhh
of course dont turn this thread into a this is broke can u please fix it thread.
IF U WOULD LIKE TO HELP OUT OR BUILD UR OWN KERNEL FROM THIS SOURCE, PLEASE FORK. THIS IS ADVISED BY GITHUB AND ALSO BY ME. AS IT MAKE PULLING CHANGES TO AND FROM BRANCHES MUCH EASIER. THIS IS A GOOD THING FOR U AND ME. IF I MAKE A COMMIT U WANNA ADD U CAN EASILY SYNC UP WITH ME AND VICE VERSA. WORKS OUT GREAT FOR EVERYONE AND KEEPS US COMPLETELY OPEN, AFTER ALL WERE ALL ON THE SAME TEAM.
ToAsTcFh For MOD!!!! This is genius
Im a little too buzzed atm. What exactly is this and what does it mean for us? explain and ill understand it in the A.M.
Trying to take over the Evo forums already Toast? ha ha Good to know we are going to have good devs on this board. Still running your kernel on my Hero. That is until my Evo arrives today and I start trying to root it
chuckhriczko said:
Trying to take over the Evo forums already Toast? ha ha Good to know we are going to have good devs on this board. Still running your kernel on my Hero. That is until my Evo arrives today and I start trying to root it
Click to expand...
Click to collapse
how're you getting your evo today??
so far i know a lot of good devs coming over. im pre-ordered so as soon as it shows up at best buy ill be struggling for root again.
justinisyoung said:
how're you getting your evo today??
Click to expand...
Click to collapse
Ebay? Craglist?
ppl from the google i/o event selling them
YoungAceAtlanta said:
Ebay? Craglist?
ppl from the google i/o event selling them
Click to expand...
Click to collapse
Yep. eBay. It's a Google I/O device. Paid a HEFTY premium for it but it's worth it to get it two weeks early for me.
toastcfh said:
so far i know a lot of good devs coming over. im pre-ordered so as soon as it shows up at best buy ill be struggling for root again.
Click to expand...
Click to collapse
Awesome. Who else that you know of? I know I stopped devving for the Hero but I can't wait to start devving for this thing. This community is going to be epic!
Right on toast, this is awesome.
fantastic toast
can this kernel be loaded onto one of the google I/O event EVOs to test?
The device isn't root yet
toastcfh said:
The device isn't root yet
Click to expand...
Click to collapse
now i see the catch 22...sorry im new to all this and dont have an EVO to experiment with...
could this kernel be combined with the standard ramdisk into a boot.img, packaged into a signed update.zip and installed through the stock recovery?
joeykrim said:
now i see the catch 22...sorry im new to all this and dont have an EVO to experiment with...
could this kernel be combined with the standard ramdisk into a boot.img, packaged into a signed update.zip and installed through the stock recovery?
Click to expand...
Click to collapse
No. You can't flash anything worthwhile until the phone is rooted. Once this happens expect this forum to explode.
No we need root and the ability. To flash a custom recovery. Basically. The catch 22 is we need root before we can do anything custom
By flashing an updated NBH, doesn't that overwrite both the Kernel and the OS on the NAND? If so, couldn't we replace the Kernel with one with root, and also provide for our own (AOSP, etc.) builds of Android?
Essentially, I'm wondering what the breakdown process is for recovery. The bootloader (Power + Volume on boot) is stored on the ROM, so regardless of "bricking" your device, you should always be able to get back to the bootloader to recover, correct?
If that's the case, what stops us from simply building an NBH with the current (locked) Kernel, but with modified system files for our own ROM?
Shidell said:
By flashing an updated NBH, doesn't that overwrite both the Kernel and the OS on the NAND? If so, couldn't we replace the Kernel with one with root, and also provide for our own (AOSP, etc.) builds of Android?
Essentially, I'm wondering what the breakdown process is for recovery. The bootloader (Power + Volume on boot) is stored on the ROM, so regardless of "bricking" your device, you should always be able to get back to the bootloader to recover, correct?
If that's the case, what stops us from simply building an NBH with the current (locked) Kernel, but with modified system files for our own ROM?
Click to expand...
Click to collapse
we're thinking alike here. some of this terminology is new to me and some isnt. hopefully this makes sense. im gonna reword but ask the same question as above (at least i think same question) plus another question. im doing a lot of research and tryin to word things correctly...
this might be the same question as above, are we able to trick the supersonic RUU released here into loading our own rom.zip file (NBH)? (we were able to do this with the samsung moment)
if not, are we able to use the fastboot-bootloader mode (samsung moment doesnt have this) to install a custom recovery? if so, we are then waiting on a custom recovery to be developed?
I think we are heading down the same path.
My understanding is that flashing a new "ROM" via NBH will replace both the Kernel and the OS (Android) files on the NAND, as both live there. The only item that lives in the ROM itself is the bootloader, which should always persist. With this understanding, even if you totally destroy your Kernel and/or Android OS, you should always be able to power the device to bootloader mode (Power + Volume) to flash (and therefore replace/restore) a new Kernel/OS to your phone.
If that's the case, then root access isn't necessary. All root access will allow us to do is some fancy side operations, like running a ROM (OS) manager inside Android--and who really wants to do that? Most of us want to be able to load a single custom build of Android, optimized and designed the way we want, right?
My thought process is this:
HTC should be releasing the EVO Kernel source on developer.htc.com by the official launch. With that, we can compile the Kernel ourselves (if we can't otherwise find it compiled) and theoretically bundle that with our own OS compilation of Android into a .NBH. This .NBH could then be flashed via the bootloader, replacing both the stock OS and the Kernel with what we've bundled.
This would seem to mean we wouldn't have root access, but we wouldn't need it, as we could simply update the OS files, build an .NBH, and provide it to users to flash. This could mean that custom distros would be a single contained file--one file to flash and that's it, you're updated.
Thoughts? Is this accurate?
If this is the case, we should start looking at the Kernel and the .NBH format rather than obtaining root, because once we understand the .NBH, we can load whatever we want (including a Kernel with root access, if desired.)
Shidell said:
I think we are heading down the same path.
My understanding is that flashing a new "ROM" via NBH will replace both the Kernel and the OS (Android) files on the NAND, as both live there. The only item that lives in the ROM itself is the bootloader, which should always persist. With this understanding, even if you totally destroy your Kernel and/or Android OS, you should always be able to power the device to bootloader mode (Power + Volume) to flash (and therefore replace/restore) a new Kernel/OS to your phone.
If that's the case, then root access isn't necessary. All root access will allow us to do is some fancy side operations, like running a ROM (OS) manager inside Android--and who really wants to do that? Most of us want to be able to load a single custom build of Android, optimized and designed the way we want, right?
My thought process is this:
HTC should be releasing the EVO Kernel source on developer.htc.com by the official launch. With that, we can compile the Kernel ourselves (if we can't otherwise find it compiled) and theoretically bundle that with our own OS compilation of Android into a .NBH. This .NBH could then be flashed via the bootloader, replacing both the stock OS and the Kernel with what we've bundled.
This would seem to mean we wouldn't have root access, but we wouldn't need it, as we could simply update the OS files, build an .NBH, and provide it to users to flash. This could mean that custom distros would be a single contained file--one file to flash and that's it, you're updated.
Thoughts? Is this accurate?
If this is the case, we should start looking at the Kernel and the .NBH format rather than obtaining root, because once we understand the .NBH, we can load whatever we want (including a Kernel with root access, if desired.)
Click to expand...
Click to collapse
ok.. the bootloader isnt gonna let us flash anything that isnt for the phone that ive heard of at least. the bootloader is only gonna let us flash rom.zips signed by htc unless we have a engineering spl. if we had that we could fastboot whatever we want. but it is also my understanding that the new engineering spls will not let us flash to certain major partitions (ie rocovery, and boot) anyhow this i think was an issue for the desire that modaco rooted and he found a way around it. we need a recovery for sure. as starting a new with no backups and such would be nothing more then a pain. we should focus i think on obtaining a engineering SPL from someone nice who wants to hook us up or a exploit of some sort. we need to gain read/write access to system, boot and recovery partitions. we do that and we can do what we want with the device. were not gonna be able to just flash a kernel, boot.img, system, or update.zip thats not official without the ability to gain access to the recovery partition.
in an exploit we would have root user status and we would have write perms on system at that point we could possible add flash_image to bin, chmod it and use that to flash a new recovery. write access is all we need. if ur idea was possible all we would need to do is flash a distro with root access and then flash the recovery partition with a custom recovery. a custome recovery will give us the ability to flash, backup and restore whatever we want. so long story short we need root user status in any event so we can gain access to recovery partition.

D2G Security

Hello wonderful people of XDA! This is my first post, so I apologize in advance if I am asking obvious questions.
So everyone is talking about the "locked" bootloaders present on several of the new Droid phones, including my beloved new D2G. This has been cited as the reason that the bootloader, recovery menu, and android kernel on these phones cannot be replaced with unofficial code. I was wondering if anyone here knew the exact technical details of the security systems that actually make up this so called "lock".
One thread I read vaguely mentioned RSA keys, so I can only assume that something somewhere is signed. Is it the typical setup, with a bootloader that is signed with a key that is burned into the CPU, and a kernel that is signed with a key in the bootloader? Clearly the code on the /system partition is not signed, since I was able flash a custom ROM over it (not to mention install the bootstrap recovery).
Also, how much control does a root process really have? If it is possible to inject root code into the boot process just by modifying some things in init.rc (as the bootstrap recovery does), then shouldn't it be possible to manually load whatever we want into memory after that point, including a new kernel? If so, then couldn't we leave the (presumably) signed stock kernel in place, put our kernel in /system, and write some root code that copies it into memory and executes it (without checking any sigs)?
Forgive me if I have no idea what I am talking about. Like I said, I am new to the forum, and I just got my first Android phone a few months ago.
Thanks!
A guy by the name of Matthew Veety (aliasxerog on droidforums) is working on a kexec module to reboot a custom kernel after all the security checks. He has gotten it to boot, however, most of the hardware doesn't function as he needs drivers built for the new kernel. For now the project is focused on the DX, but they have mentioned the D2G as a "planned project."
More info at freemymoto.com
buryboi said:
A guy by the name of Matthew Veety (aliasxerog on droidforums) is working on a kexec module to reboot a custom kernel after all the security checks. He has gotten it to boot, however, most of the hardware doesn't function as he needs drivers built for the new kernel. For now the project is focused on the DX, but they have mentioned the D2G as a "planned project."
More info at freemymoto.com
Click to expand...
Click to collapse
Thanks for the info! I checked out that site and PMed the guy you mentioned on Droid Forums. We'll see if there is something I can do to help.
Any extra info anyone has is still appreciated!
Hi,
Punmaster did you find any more information concerning the locked bootloader. Any ideas to put another kernel?
If i understand well, the roms can only modify the application layer.
You seem to know linux dev, maybe you can help me with the usbnet problem?
Sent from my MotoA953 using XDA App

[Q] Samsung Galaxy Gio (S5660M, not S5660)

Hello,
I have bought a North American (Canadian, to be exact) Galaxy Gio (S5660M, with an additional "M" from the European model).
There are lots of tutorials about S5660 rooting and unlocking, but none for S5660M. There has been some reports that flashing S5660 firmware on S5660M to root and unlock made their phones unusable (randomly changing screen brightness, etc).
I tried searching on google and XDA, but could not find any relating to S5660M.
Is it too early to see any rooting/unlocking on S5660M?
Thank you very much!
Hello,
After some reading on here to compare unlock methods, I decided to take the leap into the unknown. I used the one published in this thread. (EDIT: Check out this one instead, perfectly safe.) (It turns out that the Gravity Smart, Galaxy Q, 551, 550, Mini, Ace, Fit, and Gio are siblings in a few respects. They all share Qualcomm 7x27 family SoCs.)
One deviation from the above linked thread is that SuperOneClick does not work on the 2.3.4 MUGK3 firmware. Updated versions of SuperOneClick do work with the firmware. Worst case scenario the program won't finish gracefully, but you'll have a root shell and you can work from there.
I've uploaded my modified superuser zip that'll work with the 5660M. Install through recovery mode. Removed - the superuser files within were long obsolete. Get the current ones through proper channels.
I wouldn't risk flashing the ROMs posted here until we can get a complete backup ROM, either from samfirmware.com (they don't have one yet) or through efforts here. I'll be starting another thread here for that purpose. Backup made a long time ago and SamMobile has had an official Odin image for some time as well.
There's been some issues reported with the 5660M, ranging from odd screen brightness behavior to bricking. (Many ROMs initially posted for the 5660, left "as is" also flash both the kernel and radio: not good.)
Goodbye,
Darkshado
Thank you for the reply! I have successfully rooted & unlocked using the modified zip. I am not sure if it was your's (I have done it prior to looking at your reply... ), but it worked!
thank you!
Darkshado said:
Hello,
After some reading on here to compare unlock methods, I decided to take the leap into the unknown. I used the one published in this thread. (It turns out that the Mini, Ace and Gio are siblings in a few respects.) Make extra sure to follow the steps intelligently, especially the bit right after you get your code.
One deviation from the above linked thread is that SuperOneClick does not work on the 2.3.4 MUGK3 firmware.
I've uploaded my modified superuser zip that'll work with the 5660M. Install through recovery mode.
I wouldn't risk flashing the ROMs posted here until we can get a complete backup ROM, either from samfirmware.com (they don't have one yet) or through efforts here. I'll be starting another thread here for that purpose.
There's been some issues reported with the 5660M, ranging from odd screen brightness behavior to bricking. (The ROMs posted for the 5660, left "as is" also flash both the kernel and radio: not good.)
Goodbye,
Darkshado
Click to expand...
Click to collapse
could you tell me how I could unlock my phone too.
New tonight
Just picked up a GIO here tonight.
BTW Future Shop in Canada has these on for $80 right now.
I think this is a great deal, for a very responsive 2.3 android phone.
OK,
So S5660m - is the version in canada it would seem.. I think there are going to be quite a lot of owners because of the pricing.
We should use this thread or another to setup a difinitive list of what works.
1. How to root the phone.
2. Unlocks that work - I have heard some methods brick Ms very easy. What is the best unlock method specific to the M
3. What ROMs can we use? do we need to have our own set of modified roms because of the modem portion?
4. Overclocking.. I have heard these can clock up to 1100 and run awsome!!
This is my wish list.
James
Hello James. Welcome to XDA.
Whoa there early thread starter! Use the search engine before even thinking of starting another thread. We don't have a dedicated Gio forum at the moment so things are scattered all over. Advanced search is handy as it outputs threads instead of posts.
Biker1bob said:
1. How to root the phone.
Click to expand...
Click to collapse
Same as a lot of other phones, apply a zip file through CWM. You could also flash an already rooted ROM with Odin.
2. Unlocks that work - I have heard some methods brick Ms very easy. What is the best unlock method specific to the M
Click to expand...
Click to collapse
The bml5 method is safe. I noticed I had left a link to the older and unsafe stl5 method in my post above and removed it.
And keep your unlock code accessible somewhere on the phone. This phone is known to relock itself to Bell in some specific scenarios.
3. What ROMs can we use? do we need to have our own set of modified roms because of the modem portion
Click to expand...
Click to collapse
Yes, and no. If you only flash system.rfs, and maybe boot.img, it should work based on what others have reported.
I've cooked up a ROM for the 5660M that's called ArpegGioMod if you want to have a look.
Another point to consider if you want to run your phone in French: the Eurasian ROMs may or may not have that locale, and will likely have an AZERTY keyboard instead of a QWERTY one.
Do not flash radio (AMSS) or the other bootloaders from the Euro 5660. The former will make you lose all cellphone connection, the latter is unnecessary and increases your chances of bricking.
4. Overclocking.. I have heard these can clock up to 1100 and run awsome!!
Click to expand...
Click to collapse
Where'd you get that? The only kernel mods I've seen so far for any Gio are all ramdisk modifications that left the stock kernel untouched.
Just to clairify darkshadow, by "bml5 method" you mean this ?
0) brand new locked GT-S5660M phone frome the store
1A) root the device using this zip
http://forum.xda-developers.com/showpost.php?p=16962635&postcount=2
simplest method :
1.1 To begin, download the zip file from the link above and copy it to the root of your SD card.
1.2 Power the phone off.
1.3 Boot into recovery mode by holding the middle button and pressing the power button.
1.4 Once in recovery mode, select update from sdcard and choose the update.zip that you copied to your SD card.
1.5 Let the file flash and once done, reboot your phone.
OR
1B Follow EDIT2, for temp rooting on same URL below
2. Follow exact instructions as per here:
http://forum.xda-developers.com/showpost.php?p=17148825&postcount=334
(with the slight modification for HEX code to search specified here http://forum.xda-developers.com/showpost.php?p=17311381&postcount=358 )
Question: Does it matter if there is a SIM card in the phone when following these instructions ?
Any thoughts about "Network Lock Control Key" ?? ( ... would appear that this shows up as a separate issue for some users some time after unlocking see:
http://forum.xda-developers.com/showthread.php?t=992564 )
THANK YOU so much for confirming I got this right....I just want to make sure I am not missing anything, and these instructions are really safe as far as you know before attempting anything.
Darkshado said:
Hello James. Welcome to XDA.
Whoa there early thread starter! Use the search engine before even thinking of starting another thread. We don't have a dedicated Gio forum at the moment so things are scattered all over. Advanced search is handy as it outputs threads instead of posts.
Same as a lot of other phones, apply a zip file through CWM. You could also flash an already rooted ROM with Odin.
The bml5 method is safe. I noticed I had left a link to the older and unsafe stl5 method in my post above and removed it.
And keep your unlock code accessible somewhere on the phone. This phone is known to relock itself to Bell in some specific scenarios.
Yes, and no. If you only flash system.rfs, and maybe boot.img, it should work based on what others have reported.
I've cooked up a ROM for the 5660M that's called ArpegGioMod if you want to have a look.
Another point to consider if you want to run your phone in French: the Eurasian ROMs may or may not have that locale, and will likely have an AZERTY keyboard instead of a QWERTY one.
Do not flash radio (AMSS) or the other bootloaders from the Euro 5660. The former will make you lose all cellphone connection, the latter is unnecessary and increases your chances of bricking.
Where'd you get that? The only kernel mods I've seen so far for any Gio are all ramdisk modifications that left the stock kernel untouched.
Click to expand...
Click to collapse
so i'm pretty new here... i have a gio n my usb port is messed up.. i wiped tha phone the other day n the network lock came back on.. so seeing that i can't use any usb what should i do?
thanks in advance
IMEI: Mod Edit: IMEI # Removed...not a great idea to post them on a public forum
Let me start with things you shouldn't do:
-Resurrect two year old, stale, threads.
-Post your IMEI for everyone to see.
Exactly *how* is your USB port messed up? Just not talking to the computer or not working at all?
Are you rooted? If not, get that sorted out by using one of the exploits that worked on Gingerbread. You'll have to do it manually, no SuperOneClick for you. (Although the binaries included might come in handy.)
It is possible to do the commands to get bml5 via a terminal emulator app, and then transfer that file over wi-fi. (Samba, WebDAV, FTP, Dropbox, etc...)
I'm not sure anymore if this is possible in GB, look into using ADB over wi-fi instead of USB. I've sold my Gio months ago, and all of my current devices run 4.1+.

Current ROOT Progress for G950U/G955U Snapdragon

***if using XDA labs app, please stop, select the 3 dot menu button in the top right, and view this thread from browser because of formatting issues with the labs app. This is to help make the OP easier to follow along with. ***
**Please Read First**
This will be the main, and ONLY thread we will keep updated for the progress of root on the Snapdragon variants of these phones from here on out.
As the other few threads are multi topic and confusing for people anticipating root, as well as for us working on it trying to sift through comments to keep each other updated. Those will be cleaned up to avoid confusion as well. This will make it easier for everyone to check back to see any new progress as I will be updating the OP whenever we make movement
**First, and foremost, I would like to recognize and thank @STF_TimelessGoD for his work on the initial post R&D Carrier Switch/Root Snapdragon. Without his time and effort putting that thread together and maintaining it, there would still be a lot of unanswered questions and we probably would not be as far as we are**
That thread will still continue for the Carrier Switching and a full guide is available at this link
[HOW TO] Carrier Switch For S8 Snapdragon
---------------------------------------------------​
Current Root Progress
We are currently working on 2 main possible methods for this. Refer to each method in RED below the Key Notes.
Please, if you do not know what terms are, or what files are, Google search them to avoid filling the thread with easily answered questions​
*UPDATE* 1 - 6-19_2:34pm CST
We are looking for relevant files to properly flash from EDL Mode. IF anyone can get their hands on these 3 files, specific for our chipset, PLEASE let us know.
The first 2 are the main needed, as the provisioning can possibly be made from provisioning info already on the phone.
- prog_ufs_firehose_8998_ddr.elf
- prog_ufs_firehose_8998_lite.elf
- provision_samsung.xml
*UPDATE* 2 - 6-19_9:00pm CST
We have aquired the necessary Elf files from above. Now doing more research on proper ways to use them as they are qualcomm/device specific
*UPDATE* 3 - 6-22_1:34am CST
Much much time spent combing through code of these files and tools that are able to handle them. As well as the verification process andriod uses in conjunction with qualcomm between all 3 bootloaders and the Learned a lot tonight.
We learned enough to be able to begin some new tests tomorrow that is not the same as either of the methods below. However I cannot at this time divulge the method being used and for that I am sorry!
*UPDATE* 4 - 6-28_4:35pm CST
We studied up a lot on our selinux and the way that Nougat 7.0 has changed how security works and are currently working on adb permissive with *a debuggable user* kernel. Refer to Update in key notes for more info.
-METHODS UPDATED WITH METHOD 3
Key Notes
In general order of them happening/being found out.
- Pre Release Combo Firmware is only known Firm to contain Allow OEM Unlock and have SELinux set to permissive by default. However, @elliwigy went through this thoroughly and found that permissive did literally nothing to help elevate privileges as it should have, and that the OEM unlock check box didn't seem to have any effect on secureboot.
[*]- Received multiple ENG Boot files, none of them contained system write capabilities as they should have. So they were no help. Someone (leaving names out) said they had ENG Boot with full root access that he would share, but stopped all involvement in the thread and we never heard back from him. Generally, just about always, an ENG Boot has system write capabilities, as that's the point of an Engineering Kernel.
[*]- SELinux Permissive was acheived on Stock firmware by @STF_TimelessGoD but it caused the phone to not charge past 80%. Trying to get into su shell from adb says it is started as root, but doesn't actually enter root shell. @elliwigy tested this out as well with the same results. Otherwise same problems as above.
[*]- @elliwigy got ahold of an actual ENG Boot, however, trying to flash from Odin and phone returned "This is ENG binary. Please use USER binary! (boot.img)". Meaning 2 things. 1, it is a true ENG Boot with system access, and 2, Samsung really stepped up their security
[*]- Chainfire Auto root does NOT work on our devices. To be clear, Chainfire's website has a bot that auto-compiles for all new devices regardless of it being capable or not. He did take a look at our device, but decided he wasn't going to spend the mass amount of time on it that is needed, like we currently are!
[*]- Next we looked at multiple security vulnerabilities that would allow escalated privileges(access to the system) Ended up deciding against this as we do not have a dev on the project with exploit building knowledge.
[*]- I brought up EDL mode as a possibility. Which is not suppose to be supported on Samsung as it needs fastboot, normally. Without fastboot, you are suppose to use a proprietary edl cable(easily made) to force your phone into it. Which still was thought to be unaccessable on Samsung. After a lot of research on how it SHOULD be done, we had mixed results. Until @BotsOne by chance found you could get into EDL from adb command line with the phone on. So this is part of one of our methods below.
[*]- I'm looking at modifying a serial flash tool to know the partition table of our devices, to make EDL mode properly work for us. This is so we can flash individual partitions and not the whole system.
[*]*UPDATE* 2 - No need to modify a serial flash tool, as using the Elf files from earlier takes care of that work. Working with them now to fully understand and operate with them
[*]*UPDATE* 4 - With the help of a fellow dev , @akiraO1 that has much more selinux experience than us, we were able to get a foot in on changing things and making our selinux fully permissive. There is a prop setting that made it kind of tight. but changing persist.security.ams.enforcing *AND security.perf_harden* to 0 fixed most of this. But there is still much more as the fstab inside the boot.img has system set to ro. We are working on this, but things are looking up
METHOD 1
Flashing Modified Bootloader Via EDL Mode
Modify a current serial flashing tool (such as the Mi flash tool) to include our partition table and options to flash to certain partitions individually
Modifying the bootloader source code to to be unlocked, then flashing unlocked bootloader via EDL
At that point we could Odin Twrp and then flash whatever we wanted
METHOD 2
Flashing True ENG Boot Via EDL Mode
- As the first method, would need to modify a serial flashing tool for this.
- First check would be to flash the True ENG Boot to the device via EDL.
- Then check if it boots because you can't Odin the Eng Boot without it failing as stated in key notes above. Because EDL has elevated privileges, it will flash to the device, but we have to see upon starting, if it will still binary check and stop from booting.
- If it boots, we should then be able to access su shell, and run a batch to obtain system root as usual.
METHOD 3 - Update 4
Modifying Boot Parameters with SELinux
- Using the permissive boot that we figured out proper capabilities
- Gain access to proper partitions to make the phone load a custom selinux profile that allows rw to system
- Mount system r/w and install su binaries via adb
- Modify remaining parameters needed within boot.img and create a runnable script for everyone!
^^EVERYTHING ABOVE WILL BE UPDATED AS PROGRESS IS MADE, WITH EDIT DATES. JUST LOOK FOR THE WORD *UPDATE* NEAR RELEVANT AREAS.^^
All Relevant Files, Hosted Courtesy Of @Maltego
- CLICK HERE -
------------------------------------------------------------------------------------------​
Current Contributors
@elliwigy
@Maltego
@STF_TimelessGoD
@BotsOne
@mweinbach
+ @akira01
+ @Harry44
**If you would like to help or contribute in any way, please message me.**
It may take a bit to get back to you, and for that I apologize
---------------------------------------------------------------------------------------------​
**Please be patient with us as this is not a simple task and it is not a standard root method that has ever been used on Samsung as EDL was not previously available**
.
**reserved**
IF YOU ARE LOOKING AT THIS FROM THE XDA LABS APP, YOU WILL OF COURSE NOTICE THE LACK OF COLORS AND SLIGHTLY AWKWARD FORMATTING.
-This is an issue with the apps ability to parse bb code format. And I cannot fix that. So just try to look for the update tags or use web browser. Sorry for the inconvenience
We will keep working on root guys. Do not worry. We are as close as you will get to professionals.
Nice job claryfing where we are and seperating the 2 threads, I think this was greatly needed.
Nicely constructed thread showing our progress, good job!
Also this came to my mind, what about flashing those ENG files @elliwigy got through EDL mode?
Interceptor777 said:
Nicely constructed thread showing our progress, good job!
Also this came to my mind, what about flashing those ENG files @eliwigly got through EDL mode?
Click to expand...
Click to collapse
We thought of that. We are missing 3 files we need.
mweinbach said:
We thought of that. We are missing 3 files we need.
Click to expand...
Click to collapse
Ah, I'm assuming those are EDL programmer files?
Interceptor777 said:
Ah, I'm assuming those are EDL programmer files?
Click to expand...
Click to collapse
Correct!
Interceptor777 said:
Ah, I'm assuming those are EDL programmer files?
Click to expand...
Click to collapse
Yep. We need $3500 to get into Samsung GSPN. So we are working on alternative methods.
mweinbach said:
Yep. We need $3500 to get into Samsung GSPN. So we are working on alternative methods.
Click to expand...
Click to collapse
Not necessarily that was just that one person i got a reply from another last night waiting to see the price
STF_TimelessGoD said:
Not necessarily that was just that one person i got a reply from another last night waiting to see the price
Click to expand...
Click to collapse
well, for now. thats what we need.
Glad to know that brilliant brains are working on the root. This rooting procedure will only be for G950U/G955U, and not for the Canadian variant G950W?
sky66high said:
Glad to know that brilliant brains are working on the root. This rooting procedure will only be for G950U/G955U, and not for the Canadian variant G950W?
Click to expand...
Click to collapse
It should work for Canadian Varient. We will update everyone when we get root.
Interceptor777 said:
Ah, I'm assuming those are EDL programmer files?
Click to expand...
Click to collapse
STF_TimelessGoD said:
Correct!
Click to expand...
Click to collapse
Do EDL programmer files from same chipset is enough?
If you can get use edl programme files from msm8998 chipset we will be golden
Yay new post to follow. Thanks.
yxexy said:
Do EDL programmer files from same chipset is enough?
Click to expand...
Click to collapse
Do you have access to said files? If so please pm the op.
Interceptor777 said:
Ah, I'm assuming those are EDL programmer files?
Click to expand...
Click to collapse
I was going to add those to the OP. Spent like 4 hours on the OP because I had to scroll the original thread. And still work on everything at the same time. I got burnt out and slightly forgot. Will add those within the next few hours
sky66high said:
Glad to know that brilliant brains are working on the root. This rooting procedure will only be for G950U/G955U, and not for the Canadian variant G950W?
Click to expand...
Click to collapse
As stated above, this should theoretically be for all snapdragon variants. Minus the g9500 which is the Chinese "duo" version. As they aren't compatible with Google play *as far as I know*
Things may change and we may end up needing extra testers for verification
Acoustichayes said:
As stated above, this should theoretically be for all snapdragon variants. Minus the g9500 which is the Chinese "duo" version. As they aren't compatible with Google play *as far as I know*
Things may change and we may end up needing extra testers for verification
Click to expand...
Click to collapse
Wait what? You have something in the works that works?

Temp root on 7.0 N920VVRS3CRH1

I mean its with SuperSU and of course doesn't survive a reboot and still can't figure out anyway to write to /system..
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
How did you manage this? Was it with just installing SuperSU?
https://github.com/gfunkmonk/N920V_7_TMPROOT
Hey man @gfunkmonk, thank you so much for continuing development on this phone because I lost all hope recently. I saw your link to github.com and downloaded the files. Flashed the first folder using Odin but couldn't figure out what to do with the second folder. I would love if you could assist me in getting it done. I know it's tempting root but at least I could remove bloatware and run certain software. Looking forward to a reply and hopefully full root could actually be a possibility. I'll also volunteer to test anything you come up with if you continue development.
Oh yeah, the second folder is a linux script.. i'll add something for windows. Unfortunately you aren't going to be able to do that anyways. If you try to remount /system read/write the phone will lock up and reboot. I believe this is due to dm-verity which would require patching the kernel. Not possible since the bootloader is locked.
gfunkmonk said:
Oh yeah, the second folder is a linux script.. i'll add something for windows. Unfortunately you aren't going to be able to do that anyways. If you try to remount /system read/write the phone will lock up and reboot. I believe this is due to dm-verity which would require patching the kernel. Not possible since the bootloader is locked.
Click to expand...
Click to collapse
I saw different options on different threads, Would something like this be possible on marshmallow 6.0.1? Or maybe flashing a different firmware such as one for the N920T beacause they use the same processor after flashing a combination file? Full root is possible on 5.1.1 for the N920V but because we cant downgrade if you didn't have an old device without updates it's impossible. So I think the best bet is working with marshmallow for now. I've seen people say they get temp root without crashing using mobilego so maybe applying what you have here would have better luck on MM. Maybe dm-verity could be bypassed and maybe we can use safestrap to flash files that could help.
You most certainly can downgrade to 5.1.1. I did it a couple days ago myself. But yes you do have to flash a combination firmware and use safestrap, Now, I'm not much of a dev but I did make some pretty cool roms for my Moto Droid and later my Droid 3... Now, I remeber we had a safestrap on it, I almost swear it had some nifty was to boot other kernels... but that was just 2012 and I can't remeber.
As far as MM if you had a engboot kernel that gives root in adb, it would work exactly the same. Sorry I don't know much about the N920V, I have a N920T.. I got the Verizon one as a cheap whim on ebay. Plus it was gold lol.
I've got a way to get perm root but its so complicated and still can't touch /system or it reboots so not even worth it,
Either way, I found MM firmware that should flash, I might mess with it later.
Oh, and I certainly wouldn't flash another models anything. Like with Note8s they literally are all the same... I *think* I read something about the N920P being close enough it could boot our kernel or the other way around... something like that. But I think any of that stuff would just end badly.
gfunkmonk said:
You most certainly can downgrade to 5.1.1. I did it a couple days ago myself. But yes you do have to flash a combination firmware and use safestrap, Now, I'm not much of a dev but I did make some pretty cool roms for my Moto Droid and later my Droid 3... Now, I remeber we had a safestrap on it, I almost swear it had some nifty was to boot other kernels... but that was just 2012 and I can't remeber.
As far as MM if you had a engboot kernel that gives root in adb, it would work exactly the same. Sorry I don't know much about the N920V, I have a N920T.. I got the Verizon one as a cheap whim on ebay. Plus it was gold lol.
I've got a way to get perm root but its so complicated and still can't touch /system or it reboots so not even worth it,
Either way, I found MM firmware that should flash, I might mess with it later.
Oh, and I certainly wouldn't flash another models anything. Like with Note8s they literally are all the same... I *think* I read something about the N920P being close enough it could boot our kernel or the other way around... something like that. But I think any of that stuff would just end badly.
Click to expand...
Click to collapse
Hey man could you maybe give me a link to the combination file and safestrap as well as instructions on how to downgrade? There's permanent root on 5.1.1 and I'd rather have a rooted phone on lollipop than a stock one on nougat.
Hopefully you can mess around the MM firmware and figure something out. I think we're about the only two persons still interested in root on the version note 5 so we gotta stick together lol.
I'm definitely no dev or anything but I can contribute with info as I've searched every thread on XDA and other sides and I will help you test etc. Thanks again for everything you're doing man, you've stopped me from giving up on this device XD .
Yeah, so this is the combonation file I used: https://drive.google.com/file/d/1FEU3Msz3MQTCv5DnMe6zc8PlZERa2y6x/edit
So flash it in Odin and let it boot up all the way and whatnot.
use wondershare/mobilego to root from your computer or kingoroot or Kingroot 5.3.7, but you'll want to switch their junk for SuperSU. There's a script for that. Search "replace kingroot with supersu" the file is usually called mrw.zip
Go to the play store and install 'flashfire' If you have trouble with it crashing when you start it manually change the date on the phone to 2012, it'll work then, just believe me.
get safestrap 4.08 here https://forum.xda-developers.com/verizon-galaxy-note5/recovery-locked-safestrap-recovery-v4-t3915714
in flashfire click install zip, select the safestrap and when it asks hit mount system rw. Then hit flash, screen will go dark stuff will scroll by it'll reboot. when it does you'll have an option to enter recovery.
NOBLEROM is pre-rooted 5.1.1 it's here https://forum.xda-developers.com/verizon-galaxy-note5/rom-noble-rom-aoj3-v1-0-t3940543
flash that into recovery and then reflash safestrap before you leave, cause it'll be overwritten by that rom
and uhhh that's it. when you reboot you should be greeted with rooted 5.1.1
gfunkmonk said:
Yeah, so this is the combonation file I used: https://drive.google.com/file/d/1FEU3Msz3MQTCv5DnMe6zc8PlZERa2y6x/edit
So flash it in Odin and let it boot up all the way and whatnot.
use wondershare/mobilego to root from your computer or kingoroot or Kingroot 5.3.7, but you'll want to switch their junk for SuperSU. There's a script for that. Search "replace kingroot with supersu" the file is usually called mrw.zip
Go to the play store and install 'flashfire' If you have trouble with it crashing when you start it manually change the date on the phone to 2012, it'll work then, just believe me.
get safestrap 4.08 here https://forum.xda-developers.com/verizon-galaxy-note5/recovery-locked-safestrap-recovery-v4-t3915714
in flashfire click install zip, select the safestrap and when it asks hit mount system rw. Then hit flash, screen will go dark stuff will scroll by it'll reboot. when it does you'll have an option to enter recovery.
NOBLEROM is pre-rooted 5.1.1 it's here https://forum.xda-developers.com/verizon-galaxy-note5/rom-noble-rom-aoj3-v1-0-t3940543
flash that into recovery and then reflash safestrap before you leave, cause it'll be overwritten by that rom
and uhhh that's it. when you reboot you should be greeted with rooted 5.1.1
Click to expand...
Click to collapse
Hey man I got it to work and i just want to say thank you so much! My error before was that flashify wasn't flashing the zip properly. Flashfire did the trick and the ROM works now and everything. However I'm noticing a few bugs such as the WiFi password is forgotten after a reboot and the fingerprint sensor option no longer works. I know you weren't on development of Noble ROM but any idea on how to fix this?
Also I saw this customn rom - : Samsung OneUI Running Full Android 9.0 For the Exynos7420 Family! . Here's the link if you have time to have a look [ https://forum.xda-developers.com/note5/development/rom-floyd-n7fe-port-v1-0-t3882804 ] Do you think I would be able to flash it now that I have safestrap installed?
Also if there are any updates regarding getting permanent root on Marshmallow or ultimately Nougat think we could be kept in the loop on this thread? I'll probably just check in every few days. Once again thanks for everything you've helped me with.
Jherane said:
Hey man I got it to work and i just want to say thank you so much! My error before was that flashify wasn't flashing the zip properly. Flashfire did the trick and the ROM works now and everything. However I'm noticing a few bugs such as the WiFi password is forgotten after a reboot and the fingerprint sensor option no longer works. I know you weren't on development of Noble ROM but any idea on how to fix this?
Also I saw this customn rom - : Samsung OneUI Running Full Android 9.0 For the Exynos7420 Family! . Here's the link if you have time to have a look [ https://forum.xda-developers.com/note5/development/rom-floyd-n7fe-port-v1-0-t3882804 ] Do you think I would be able to flash it now that I have safestrap installed?
Also if there are any updates regarding getting permanent root on Marshmallow or ultimately Nougat think we could be kept in the loop on this thread? I'll probably just check in every few days. Once again thanks for everything you've helped me with.
Click to expand...
Click to collapse
Again the only kernels we can use are flashed through odin and have to pass secure boot check, So stock or engboot. Now I used to run that rom on my t-mobile version, till it bugged me so much that the camera is broken in the S8/N8 ports past Nougat. As for the wifi pass and biometrics, never checked it. Now, same thing happens when you root a Note8 (which is a similar process) and I believed it's fixed by flashing a Nougat bootloader. Unfortunatley, we don't have one, so basically both will be forever broken.
As for MM, you gotta remember I'm one guy and I'm simply doing this for fun. I don't always know what I'm doing exactly 100%, some of its straight trial and error. I'll probably try flashing stock MM and playing around a bit tomorrow maybe, but I wouldn't have high hopes for anything there either tbh.
I got a little excited because I found an engboot kernel for MM, but unfortunately, it's exactly like nougat. root is temp and trying to modify or remount /system leaves phone unresponsive and eventually reboots. However, I haven't noticed any random reboots like nougat.
gfunkmonk said:
I got a little excited because I found an engboot kernel for MM, but unfortunately, it's exactly like nougat. root is temp and trying to modify or remount /system leaves phone unresponsive and eventually reboots. However, I haven't noticed any random reboots like nougat.
Click to expand...
Click to collapse
Haha the journey continues, I figured it would be a huge task since most people said it was impossible XD. It's a little more stable than Nougat I guess because it's closer to 5.1.1 I think the issue is always gonna lie with getting system to mount r/w without freezing. Whatever code they inserted as soon as the system is altered the kernel panics unfortunately.
Btw Completely get you regarding the development. I didn't mean any disrespect, just meant in the event you had a breakthrough, wasn't so much out of expectation ?
I see you mentioned a S8/N8 port, I'm not the most advanced in the custom rom section so are you saying that the the noble rom you mentioned to me earlier today is an s8 or n8 port or is that another rom? If I can ask you to clarify?
Lastly about the Wi-Fi and Fingerprint, it sucks but I can live with that with everything that root offers. I'm gonna do a complete wipe and repeat the process to see if it goes away or search the noble rom thread to see if anyone had the same error.
Jherane said:
Haha the journey continues, I figured it would be a huge task since most people said it was impossible XD. It's a little more stable than Nougat I guess because it's closer to 5.1.1 I think the issue is always gonna lie with getting system to mount r/w without freezing. Whatever code they inserted as soon as the system is altered the kernel panics unfortunately.
Btw Completely get you regarding the development. I didn't mean any disrespect, just meant in the event you had a breakthrough, wasn't so much out of expectation
I see you mentioned a S8/N8 port, I'm not the most advanced in the custom rom section so are you saying that the the noble rom you mentioned to me earlier today is an s8 or n8 port or is that another rom? If I can ask you to clarify?
Lastly about the Wi-Fi and Fingerprint, it sucks but I can live with that with everything that root offers. I'm gonna do a complete wipe and repeat the process to see if it goes away or search the noble rom thread to see if anyone had the same error.
Click to expand...
Click to collapse
No, the Floyd rom you linked me is an N8 port. The Note8 came up because they way you root it is similar. Flash combination, flashfire, all that.
Now interestingly, 6.0.1 let me make a backup of /system without rebooting, 7.0 would not. So I got one idea here that could work, but it's going to take me a minute to test it.
gfunkmonk said:
No, the Floyd rom you linked me is an N8 port. The Note8 came up because they way you root it is similar. Flash combination, flashfire, all that.
Now interestingly, 6.0.1 let me make a backup of /system without rebooting, 7.0 would not. So I got one idea here that could work, but it's going to take me a minute to test it.
Click to expand...
Click to collapse
Well that actually sounds like progress. There was another thread on here about rooting the N920V, Idk if you've seen it for maybe situations where you get stuck. All the best.
Can you send me/post a link? I have learned a couple things today, its progress but I don't know how much.
gfunkmonk said:
Can you send me/post a link? I have learned a couple things today, its progress but I don't know how much.
Click to expand...
Click to collapse
Long story short: can we flash normal system.img over ENG bootloaders? I got "SYSTEM REV. CHECK FAIL DEVICE:1, BINARY:0" after reboot, so instead we can flash it as flashable zip. yes this work but we end up with bootloop. so what to do to pass this situation.
digging in ENG boot.img ramdisk I can see "export LD_PRELOAD libsigchain.so:liblptcp.so" and system/lib/liblptcp.so nor system/lib64/liblptcp.so is not there in stock 5.1.1, So take them from ENG firmware you will get fully working system over combo bootloader.
Attached Files
File Type: zip LD_PRELOAD-NOBLELTEVZW-SS-FF-flashable.zip
@gfunkmonk I'm trying to post the links here but it won't allow me. I'm gonna private message them to you. Also what do you get from this? I'm seeing on another thread where a DEV said this could fix the Wi-Fi and fingerprint issue because it would be a stock system image but the binary would be bootloader would be unlocked. Any help please. I know this maybe not your area of expertise but I asked on the thread and it seems to be dead. Thanks in advance.
---------- Post added at 03:59 AM ---------- Previous post was at 03:58 AM ----------
gfunkmonk said:
Can you send me/post a link? I have learned a couple things today, its progress but I don't know how much.
Click to expand...
Click to collapse
Long story short: can we flash normal system.img over ENG bootloaders? I got "SYSTEM REV. CHECK FAIL DEVICE:1, BINARY:0" after reboot, so instead we can flash it as flashable zip. yes this work but we end up with bootloop. so what to do to pass this situation.
digging in ENG boot.img ramdisk I can see "export LD_PRELOAD libsigchain.so:liblptcp.so" and system/lib/liblptcp.so nor system/lib64/liblptcp.so is not there in stock 5.1.1, So take them from ENG firmware you will get fully working system over combo bootloader.
Attached Files
File Type: zip LD_PRELOAD-NOBLELTEVZW-SS-FF-flashable.zip
@gfunkmonk I'm trying to post the links here but it won't allow me. I'm gonna private message them to you. Also what do you get from this? I'm seeing on another thread where a DEV said this could fix the Wi-Fi and fingerprint issue because it would be a stock system image but the bootloader would be changed. Any help please. I know this maybe not your area of expertise but I asked on the thread and it seems to be dead. Thanks in advance.
Jherane said:
Long story short: can we flash normal system.img over ENG bootloaders? I got "SYSTEM REV. CHECK FAIL DEVICE:1, BINARY:0" after reboot, so instead we can flash it as flashable zip. yes this work but we end up with bootloop. so what to do to pass this situation.
digging in ENG boot.img ramdisk I can see "export LD_PRELOAD libsigchain.so:liblptcp.so" and system/lib/liblptcp.so nor system/lib64/liblptcp.so is not there in stock 5.1.1, So take them from ENG firmware you will get fully working system over combo bootloader.
Attached Files
File Type: zip LD_PRELOAD-NOBLELTEVZW-SS-FF-flashable.zip
@gfunkmonk I'm trying to post the links here but it won't allow me. I'm gonna private message them to you. Also what do you get from this? I'm seeing on another thread where a DEV said this could fix the Wi-Fi and fingerprint issue because it would be a stock system image but the binary would be bootloader would be unlocked. Any help please. I know this maybe not your area of expertise but I asked on the thread and it seems to be dead. Thanks in advance.
---------- Post added at 03:59 AM ---------- Previous post was at 03:58 AM ----------
Long story short: can we flash normal system.img over ENG bootloaders? I got "SYSTEM REV. CHECK FAIL DEVICE:1, BINARY:0" after reboot, so instead we can flash it as flashable zip. yes this work but we end up with bootloop. so what to do to pass this situation.
digging in ENG boot.img ramdisk I can see "export LD_PRELOAD libsigchain.so:liblptcp.so" and system/lib/liblptcp.so nor system/lib64/liblptcp.so is not there in stock 5.1.1, So take them from ENG firmware you will get fully working system over combo bootloader.
Attached Files
File Type: zip LD_PRELOAD-NOBLELTEVZW-SS-FF-flashable.zip
@gfunkmonk I'm trying to post the links here but it won't allow me. I'm gonna private message them to you. Also what do you get from this? I'm seeing on another thread where a DEV said this could fix the Wi-Fi and fingerprint issue because it would be a stock system image but the bootloader would be changed. Any help please. I know this maybe not your area of expertise but I asked on the thread and it seems to be dead. Thanks in advance.
Click to expand...
Click to collapse
Ahhh, I get it but no. That's what we did. used the ENG bootloader and kernel (combination files) then re-wrote the system image. Which speaking of, I've got to test out the new nougat image I made earlier.
Okay so what I'm asking is, the issue with the Wi-Fi and biometrics seems to be with the Kernel that's included in noble rom. I read somewhere where you can flash a system image from an earlier 5.1.1 firmware. Say AOJ3 and it should still work since it's close enough to stock and that should fix the Wi-Fi issue. My problem is I have the system image extracted but I don't know how to create a flashible Zip from the system.img so I can use flashify or safetrap to flash it. I saw the kitchen stuff but it's a little complicated for me.
The Dev for noble rom also created a script that would remove the parts of the system that wouldn't allow the normal system image to boot over the ENG bootloader so I'm wondering if this would work. I'm really just desperately searching for a fix to the wifi password being forgotten after reboot so if you have any ideas or workaround it would be greatly appreciated. I can live without the fingerprint scanner.
I saw something about maybe using Tasker to move the file containing the saved password to somewhere safe at shutdown and restoring it on reboot but I'm not sure of proof of concept so I thought I'd ask here first if it sounds feasible.
either flashfire or the safestrap twrp lets you flash an 'img' file... But remeber if it doesn't work you have to redo the entire process and flash & root the combo again

Categories

Resources