So I've tinkered a lot with this device, as well as the RAZR M. You may not recall my username, but I am the one that found out that the LG G3s Clockworkmod Recovery works on our locked devices. That being said, I've made several other side attempts at unlocking the bootloader on these devices, all of course to no avail. There are a few odd things I've found in an attempt to downgrade to 183.46.10. First of all, you CAN downgrade to 183.46.10 easily from 183.46.15 obviously if you are unlocked OR if you replace the gpt.bin, tz.mbn, and boot.img from 183.46.15 and run the flashing script. I've also noticed that devices that are on 182.46.15 also are running with an updated "sbl3.mbn" . So if you have RSD Flashed to 183.46.15 (or are just running that firmware), the only three updated files you're dealing with are the kernel (boot.img), trust zone (tz.mbn), and partition graph (gpt.bin). I've tried to flash a downgraded boot.img (the May 2nd) kernel via this "FlashBackToKK" script from droidrzr.com, and the kernel flashed successfully from the CWM recovery, but of course when I booted the device, I got a fastboot error boot failed: Downgraded security version. So the kernel successfully flashed, but some other part of the boot chain, presumably the trust zone, knows that the kernel image has been downgraded, so WHAT IF all three updated partitions are flashed via that CWM Recovery script? I need everyone who has experience in this kind of thing to please respond..
Honestly however way you try to work around I really don't believe will work. I really think some reverse engineering and code are needed for this to work. There way of bootloader locking on the razrs helped pathed the way of success in them keeping the Galaxy S5 and Other Phones BL Locked! Once one of them are unlocked I believe the s5 phones will be just as easy or similar. Maybe some hex editing and some file checksums need to be patch. Just my thought. I'll leave it to the experts.
Related
6.0 Marshmallow with insecure modded kernel and TWRP recovery
This needs testing by someone else. It has been flashed on my own personal phone with no issues.
Requirements- Unlocked bootloader, Draken FX's Bootstack -the fixed version by Turbo2012 found in DrakenFX's thread for the flashable 6.0 update. Must be currently on an LG based ROM NOT CM. After install flash SuperSU install zip, post any issues. You will be able to ADB and Fastboot even if you can only boot splash screen with this kernel so you should be able to recover from almost anything multiple ways. When time allows I will put up a source built 6.0 along the lines of Game Theory's Katana ROM. Everybody is welcome to everything I post and I strongly encourage the young crowd to get involved, these phones don't support their selves.
Downloads:
Tested SuperSU
Working Bootstack for 6.0 MM
Update.zip
Instructions:
Flash Bootstack
Flash Update
Flash Beta SuperSU from link
New debloated version with insecure kernel and init.d support, rooted with Chainfire's Beta 2.71 SuperSU credit to SuperR for the help with the updater perms.
FIXED DOWNLOAD ALL APOLOGIES
Skinny Stylo Alpha version
Credits:
DrakenFX for his flashable zips and kdz files
Turbo2012 fixing and contributing
Chainfire for his SuperSU and he's been here since it started
Saved
Requirements- Unlocked bootloader
Click to expand...
Click to collapse
Does that mean a fastboot oem unlock, or the OEM unlock in the developers tools. If you mean fastboot oem unlock, is that available once you flash stock MM, since it is not in LP?
PS - thank you very much for taking the time to pick this up. Back in the days of the Galaxy S1, I had a build environment setup, and a lot more knowledge (it is amazing that if you don't use it, you lose it), but I have a son now, so I don't have the time to invest in all the hobbies that I want anymore. I will definitely be a guinea pig for you. I am not actually aware of a way to brick the Metro or TMO versions of this phone since we have a kdz -- it is not possible to blow up firmware download mode.
runningnak3d said:
Does that mean a fastboot oem unlock, or the OEM unlock in the developers tools. If you mean fastboot oem unlock, is that available once you flash stock MM, since it is not in LP?
PS - thank you very much for taking the time to pick this up. Back in the days of the Galaxy S1, I had a build environment setup, and a lot more knowledge (it is amazing that if you don't use it, you lose it), but I have a son now, so I don't have the time to invest in all the hobbies that I want anymore. I will definitely be a guinea pig for you. I am not actually aware of a way to brick the Metro or TMO versions of this phone since we have a kdz -- it is not possible to blow up firmware download mode.
Click to expand...
Click to collapse
@runningnak3d
I would prefer to be bootloader unlocked through fastboot oem unlock before doing any mods in 6.0. Every single time I did not I got secure boot error. If you make any system change on 6.0 with locked boot it will not boot.
Thank you for taking the time to do this.
:good::good:
So it's still not possible to update from Lollipop to rooted Marshmallow without unlocking the bootloader via fastboot? A secure boot error might as well be a brick to me. Oh well.
Revenant Ghost said:
So it's still not possible to update from Lollipop to rooted Marshmallow without unlocking the bootloader via fastboot? A secure boot error might as well be a brick to me. Oh well.
Click to expand...
Click to collapse
The main reason I made this was because I can never boot recovery or fastboot manually ( ex. w/hardware buttons) when you have the insecure kernel adb works when at the splash screen so it's easier to recover if you have any problems.
Sent from my LG-H631 using XDA-Developers mobile app
Revenant Ghost said:
So it's still not possible to update from Lollipop to rooted Marshmallow without unlocking the bootloader via fastboot? A secure boot error might as well be a brick to me. Oh well.
Click to expand...
Click to collapse
If you used Draken's guide to root and install TWRP on lollipop, your bootloader will be unlocked.
wrenchman76 said:
If you used Draken's guide to root and install TWRP on lollipop, your bootloader will be unlocked.
Click to expand...
Click to collapse
You only need a "soft" unlock (enable oem unlock in developer mode) to root / install TWRP on lolipop -- no PC required. MM however, requires a "hard" OEM unlock, and that requires a PC.
runningnak3d said:
You only need a "soft" unlock (enable oem unlock in developer mode) to root / install TWRP on lolipop -- no PC required. MM however, requires a "hard" OEM unlock, and that requires a PC.
Click to expand...
Click to collapse
I am currently on lollipop rooted and TWRP installed off of Draken's guide. Do I need to do something else to the bootloader before I flash this ROM?
wrenchman76 said:
I am currently on lollipop rooted and TWRP installed off of Draken's guide. Do I need to do something else to the bootloader before I flash this ROM?
Click to expand...
Click to collapse
Yes, you have to unlock your bootloader with fastboot oem unlock. If you flash this without unlocking your bootloader you will get a secure boot error, and you will have to flash a KDZ and start all over.
Lolipop doesn't come with fastboot. So you have to follow Draken's thread to get stock MM on your device. There is NO other way. Once you have stock MM you can unlock your boot loader with fastboot. Once you have an unlocked boot loader -- THEN you can flash this if you want.
Waiting on the debloated version.
Sent from my LGMS631 using Tapatalk
runningnak3d said:
Yes, you have to unlock your bootloader with fastboot oem unlock. If you flash this without unlocking your bootloader you will get a secure boot error, and you will have to flash a KDZ and start all over.
Lolipop doesn't come with fastboot. So you have to follow Draken's thread to get stock MM on your device. There is NO other way. Once you have stock MM you can unlock your boot loader with fastboot. Once you have an unlocked boot loader -- THEN you can flash this if you want.
Click to expand...
Click to collapse
I can vouch for this. That's exactly what happened to me when I tried to flash this without unlocking the bootloader with fastboot. At least I finally managed to ship my device to LG for repairs today. I'll just chalk it up as another lesson learned.
Revenant Ghost said:
I can vouch for this. That's exactly what happened to me when I tried to flash this without unlocking the bootloader with fastboot. At least I finally managed to ship my device to LG for repairs today. I'll just chalk it up as another lesson learned.
Click to expand...
Click to collapse
You didn't need to ship it back to LG. Firmware download mode is always available (hold vol up while plugging in USB cable -- just vol up, not vol up + power). Continue holding vol up until FW DL mode displays). Then just use the LG flash tool to flash a KDZ. It is a PITA when you have to go back that far, but you can't brick these phones, not with software at least -- they would need to be physically altered
-- Brian
Revenant Ghost said:
I can vouch for this. That's exactly what happened to me when I tried to flash this without unlocking the bootloader with fastboot. At least I finally managed to ship my device to LG for repairs today. I'll just chalk it up as another lesson learned.
Click to expand...
Click to collapse
You sent your device in for a soft brick? You should set up the flash tool for our phone with a 10j.kdz before doing anything. Hope you get it back soon.
Debloated version
Fixing some force close problems on a debloated version now, should be up later today or tonight.
@runningnak3d
Flashing the KDZ seems easy enough. But how could I fix it without unrestricted access to a computer? And my stock charger is broken without a USB cable. I had no choice but to send it in for repairs. Guess I'll be stuck on Lollipop for a while longer, at least.
Edubyah said:
6.0 Marshmallow with insecure modded kernel and TWRP recovery
This needs testing by someone else. It has been flashed on my own personal phone with no issues.
Requirements- Unlocked bootloader, Draken FX's Bootstack -the fixed version by Turbo2012 found in DrakenFX's thread for the flashable 6.0 update. Must be currently on an LG based ROM NOT CM. After install flash SuperSU install zip, post any issues. You will be able to ADB and Fastboot even if you can only boot splash screen with this kernel so you should be able to recover from almost anything multiple ways. When time allows I will put up a source built 6.0 along the lines of Game Theory's Katana ROM. Everybody is welcome to everything I post and I strongly encourage the young crowd to get involved, these phones don't support their selves.
Downloads:
Tested SuperSU
Working Bootstack for 6.0 MM
Update.zip
Instructions:
Flash Bootstack
Flash Update
Flash Beta SuperSU from link
Credits:
DrakenFX for his flashable zips and kdz files
Turbo2012 fixing and contributing
Chainfire for his SuperSU and he's been here since it started
Click to expand...
Click to collapse
Can you post links to DrakenFx post and will this work with CDMA version (ie, Boost Mobile 770 version of hardware)
JBoever said:
Can you post links to DrakenFx post and will this work with CDMA version (ie, Boost Mobile 770 version of hardware)
Click to expand...
Click to collapse
Can the bootloader be unlocked on the CDMA versions (ex. Boost, Sprint, Verizon)? If you can I will make a variant for it. But if you can't NO.
I just found out that the unlocked bootloader in 6.0 survives even the .kdz flashtool. So once you unlock your boot in 6.0 with fastboot oem unlock you never have to do it again even survived kdz downgrade to lollipop and update to 6.0 stayed unlocked.
JBoever said:
Can you post links to DrakenFx post and will this work with CDMA version (ie, Boost Mobile 770 version of hardware)
Click to expand...
Click to collapse
works great on metro ms631 just need wifi to stop turning its self off can you guys fix it! h631/ms631 mm kernel works find no errors help needed fixing wifi connection thanks
My device is European L04, currently running North Africa release (the earliest Marshmallow build uploaded) - L04_2016_0316_0900 (B820)
I'd like to unlock the bootloader and root my Honor 6. I've never done it (on this particular device), because I've read enough here to know it's slightly more risky than on other devices, especially when you plan to update the stock rom soon, so I preferred to wait until I have the last important update the device is likely to receive - Android 6.0.
What I want to know (some of the answers are in the topics which I listed below):
MultiTool - I've seen reports of bricks when using MultiTool with EMUI4/Marshmallow - why does it happen? My understanding is that MultiTool is a bundle of adb/fastboot and some recovery images for older Android versions, so my theory is that instead of using MultiTool, I should simply get the proper recovery for Marshmallow and flash it manually with fastboot, right?
unlocking bootloader, rooting, flashing recovery - I think I understand the process; in a nutshell: 'fastboot oem unlock X', 'fastboot flash recovery imagename.img', then flash the proper SU.zip in recovery. Where do I find the code, the Marshmallow recovery image, the SU.zip file?
will recovery backup in TWRP work without any problems?
what is the procedure to go back to stock completely after rooting? Unroot, (then wipe if it's needed?) so I am able to safely flash stock firmware again (since, from what I know, flashing stock on a rooted phone makes itself brick permanently, right? or is it just a soft-brick and it can be fixed?)
is there anything else I should know before proceeding?
What I found so far:
http://forum.xda-developers.com/showpost.php?p=66615082&postcount=502 - two recovery images, TWRP and another one (stock?) for the Marshmallow release
http://forum.xda-developers.com/honor-6/general/honor6-multi-tool-t2963060/page50 some rooting instructions for the L02 beta, see posts 494 and 498; no idea whether this is applicable to final Marshmallow or L04 at all
http://forum.xda-developers.com/honor-6/general/huawei-honor-6-plus-unlock-bootloader-id-t3357259 an app to get the unlock code, seems a bit shady to me though on the first glance
http://forum.xda-developers.com/honor-6/development/honor-6-rooting-method-t2962795 alternate methods for bootloader (through a website or by email), in case the app won't work; also, detailed instructions on unlocking and rooting
Basically, I need to know whether my procedure is more or less right before I proceed. I think the information is quite hard to find and the risks are quite high, so I'd like to make a promise - when I'm done rooting it and I know the correct process, I'm going to make a "Update to Marshmallow, unlock, root" how-to thread for all the people that will need it in the future.
Another two questions...
1. Where do I get proper SuperSU for Marshmallow? I get a boot loop (yeah, I know I have to wait and I did, but it's a pretty obvious bootloop from watching the logcat content, and nothing new happens...) after flashing http://download.chainfire.eu/supersu-stable (2.65).
2. I have unlocked my bootloader and installed TWRP, so recovery and fastboot are functional. I didn't make a backup before flashing the zip and now I'm in a bootloop. How do I restore working Marshmallow? I assume I can either beg somebody to upload a TWRP backup for my H60-L04, or somehow flash the stock over what I have now. Can I simply use manual update from SD? Can I somehow flash Marshmallow again with fastboot? I'm too scared of bricking my device right now so I guess I'll brace myself for a few days without a phone until somebody helps me :/
I just flashed the Marshmallow release I had before the bootloop (I used Huawei Update Extractor and flashed boot, cust, system and recovery with fastboot; then open up Huawei recovery and factory reset for good measure, I'm not sure it was even needed) and the device is working. I'll restore my stuff, install TWRP, make a backup then try out your ZIP. Thanks
edit: thanks again - your zip works indeed. So after the initial hurdles, now I've got working root and a reasonable way of restoring in case I screw something up along the way.
Before making a new topic with the tutorial I have a few more questions.
First of all, why exactly we weren't supposed to update the rooted devices? I'm not currently interested in OTAs (it's pretty obvious that it needs a functional Huawei recovery, and you need to unroot cause an update can make a mess in a rooted system, making it bootloop for example), but can we flash extracted images with fastboot on rooted devices? Logically, we should be able to... How about sdcard update method?
Can we flash Marshmallow on Kitkat? (fastboot, sdcard, local update methods?) Or do we need to update to Lollipop along the way?
Can I flash stock roms in general (evenbetween different Android versions) by using fastboot with {boot, cust, recovery, system} images only? There's a lot of images that you can extract with Huawei Update Extractor - why there's so many if they're not needed?
OK so , I'm coming from having an HTC One M7 for the last 2 years to the Sprint A9, 1.60.651.4 , I've already unlocked the boot loader through htcdev, I've downloaded Captain Throwbacks most recent TWRP, but I'm new to Marshmallow,, and I'm seeing all these different things about system/ systemless root, patching boot.img, encryption, and it's all jumbling together and getting me all confused to say the least...
Can anybody point me in the direction of the best / most up to date guide on how to root my Sprint A9? I'm used to just flashing TWRP and then flashing SuperSU, I may be over-analyzing things, but it all seems so much more complicated now, any help would be appreciated!
need some help too
same here
For the sprint model, I booted into bootloader and flashed latest twrp recovery. After that format a couple times to remove encryption than I flashed the custom sprint rom that is rooted in this thread http://forum.xda-developers.com/one...roms-recovery-flashable-t3282335/post67484685
Hello there,
About year ago I've done an update to 6.0 android. Battery was charged near full and everything seemed okey. But, after update I faced a bootloop. So I tried to flash stock firmware and... failed. Many times. I'm unable to boot into recovery mode. Factory mode also isnt working. So, I tried to unlock my bootloader and flash another image, but when I try to unlock, I get a: "Check allow oem unlock in developer options". Sadly, I cant boot to check this option Is there any way to unlock oem without running android? What can I do? :crying:
Jaszka said:
Hello there,
About year ago I've done an update to 6.0 android. Battery was charged near full and everything seemed okey. But, after update I faced a bootloop. So I tried to flash stock firmware and... failed. Many times. I'm unable to boot into recovery mode. Factory mode also isnt working. So, I tried to unlock my bootloader and flash another image, but when I try to unlock, I get a: "Check allow oem unlock in developer options". Sadly, I cant boot to check this option Is there any way to unlock oem without running android? What can I do? :crying:
Click to expand...
Click to collapse
You can flash the /persist partition from a device which has had OEM Unlock previously enabled in Developer Options.
MotoJunkie01 said:
You can flash the /persist partition from a device which has had OEM Unlock previously enabled in Developer Options.
Click to expand...
Click to collapse
How can you flash the /persist partition in a device with a locked bootloader? Doesn't this contain other information as well?
I think the real problem here is either the OP is not using the correct factory firmware image, or incorrect user procedure.
acejavelin said:
How can you flash the /persist partition in a device with a locked bootloader? Doesn't this contain other information as well?
I think the real problem here is either the OP is not using the correct factory firmware image, or incorrect user procedure.
Click to expand...
Click to collapse
You are probably correct. Even with a locked bootloader, certain partitions can be flashed as long as downgrading is not detected. Example, if I have an xt1548 Moto G3 running on stock 5.1.1 firmware, and I have a locked bootloader, I can flash either an updated 6.0.1 stock firmware package or I can reflash the 5.1.1 firmware with the same build as the one already installed. The bootloader will, however, prevent downgrading. In flashing the /persist partition, the .img being flashed would need to be from an equal or newer build as well.
But again, your statement regarding the correct firmware procedure and/or correct firmware package is likely correct.
MotoJunkie01 said:
You are probably correct. Even with a locked bootloader, certain partitions can be flashed as long as downgrading is not detected. Example, if I have an xt1548 Moto G3 running on stock 5.1.1 firmware, and I have a locked bootloader, I can flash either an updated 6.0.1 stock firmware package or I can reflash the 5.1.1 firmware with the same build as the one already installed. The bootloader will, however, prevent downgrading. In flashing the /persist partition, the .img being flashed would need to be from an equal or newer build as well.
But again, your statement regarding the correct firmware procedure and/or correct firmware package is likely correct.
Click to expand...
Click to collapse
You can't flash anything except a bootloader. I was in this situation as MotoJunkie knows and nothing works. I did have a full backup of every partition on the phone and none flashed. Today I bricked it so badly that it doesn't even turn on anymore. My tip is to not mess with the bootloader and stuff and just use the phone normally as many things are encrypted on this phone.
purplefruity said:
You can't flash anything except a bootloader. I was in this situation as MotoJunkie knows and nothing works. I did have a full backup of every partition on the phone and none flashed. Today I bricked it so badly that it doesn't even turn on anymore. My tip is to not mess with the bootloader and stuff and just use the phone normally as many things are encrypted on this phone.
Click to expand...
Click to collapse
Yes I recall your situation and your hard brick. I'm saying that under normal circumstances you can flash full firmware packages with a locked bootloader, as long as downgrading is not attempted.
MotoJunkie01 said:
Yes I recall your situation and your hard brick. I'm saying that under normal circumstances you can flash full firmware packages with a locked bootloader, as long as downgrading is not attempted.
Click to expand...
Click to collapse
You can't flash regular ones too. It has to be a newer firmware for the locked bootloader to let it pass
purplefruity said:
You can't flash regular ones too. It has to be a newer firmware for the locked bootloader to let it pass
Click to expand...
Click to collapse
That's what I was saying. An equal or newer one. Downgrading isn't permitted.
MotoJunkie01 said:
That's what I was saying. An equal or newer one. Downgrading isn't permitted.
Click to expand...
Click to collapse
Mine was on marshmallow and it wouldn't want to flash marshmallow stock so what I was saying is that you can't go anywhere unless stock nougat is released for this device.
purplefruity said:
Mine was on marshmallow and it wouldn't want to flash marshmallow stock so what I was saying is that you can't go anywhere unless stock nougat is released for this device.
Click to expand...
Click to collapse
You obviously developed corrupt partitions some way or another. I flash stock firmware packages with a locked bootloader on a regular basis. You should always be able to flash the same firmware build that is currently installed on your device.
MotoJunkie01 said:
You obviously developed corrupt partitions some way or another. I flash stock firmware packages with a locked bootloader on a regular basis. You should always be able to flash the same firmware build that is currently installed on your device.
Click to expand...
Click to collapse
O well I guess my device was different then. Won't turn on at all now . Gonna sell it for parts so at least I get some money back.
Hi Everybody,
the last days I was reading several threats and posts about backing up TA-Partition (using iovyroot), repacking the Stock Kernel (with RootKernel) and how to root my Z5 Dual (E6633). But I still have some questions.
First of all: I backed up my TA-Partition, my BL is still locked and my phone isn't rooted till now.
Now my questions:
1) What is the difference between including the TA-Partition into my repacked Kernel and flashing it with FlashTool (creating a FTF from my TA-Partition with Top-RootKernel)? And what is the better option?
2) If the TA-Partition is included in the repacked Kernel (created with RootKernel), do I still have to flash the TA-Partition (as a FTF) afterwards? I think “no“ but I'm not sure.
3) Is there any way I can root my Z5 Dual using a repacked Kernel and flashing my TA-Partition back without losing SU-Privileges and/or BL getting relocked? If yes, ... how can I do this?
Would be great if someone can help me
https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605
Checked this?
What I previously did ...
Let me show you, what I previously did.
I downgraded to Lollipop and backed up my TA-Partition using iovyroot. After backing up my TA-Partition, I upgraded again to Android Nougat 7.1.1 using Flashtool.
Afther this, I made my own Kernel for Android Nougat (32.4.A.1.54_1309-3895) using the latest Version of RootKernel (which I downloaded from here).
Everything worked fine up till now. But when I was reading the following threats, I got confused.
iovyroot - (temp) root tool
[ROOT][Kernel][TWRP] repack of the stock kernel with dm-verity and SONY RIC off
As far as I know, the Bootloader will be relocked and I will loose Root-Privilegs if I flash back the TA-Partition. If I flash back the TA-Partition using Flashtool as described in the RootKernel-Threat, do I still have unlocked Bootloader and Root-Privilegs?
I am also not sure, when I have to flash back the TA-Partition. If I am using this guide to root my phone, do I have to flash back the TA-Partition as the final step (after flashing the kernel, twrp, and rooting my phone)? Or do I have to flash back the TA-Partition after flashing the kernel and twrp but before rooting my device?
https://twigstechtips.blogspot.com/2016/04/sony-z5-compact-root-without-losing-ta.html?m=1
Check this. You did it right.
I've done it many times
Duvel999 said:
https://twigstechtips.blogspot.com/2016/04/sony-z5-compact-root-without-losing-ta.html?m=1
Check this. You did it right.
I've done it many times
Click to expand...
Click to collapse
Tanks for the link. Now everything has become clear to me and I know what I have to do
Nevertheless I still have some questions.
I know that RootKernel gives me the option to include SuperSU and TWRP directly into a patched kernel.
However, I wonder what would be the better option (perhaps for performance reason or whatever). Is it better to include SuperSU/TWRP into the patched kernel using RootKernel? Or is it better to flash SuperSU/TWRP separately? And what exactly is the difference between the two methods (apart from the obvious)? Anyone who can explain it to me?