Related
I am just jumping into the android moding world, and I just can't seem to find clarification on a particular issue. It seems that most phones are rootable but many have a locked bootloader. From what I can glean through reading many posts here and searching the web, the geekish options that you give up on a phone with a locked bootloader is the ability to flash the ROM. However, this is contradicted by examples here on this site of ROMs for phones with locked bootloaders. (Moto Atrix for example.) Is it that custom ROMs can only go so far with rooting alone, like the inability to replace the kernel? What exactly do you give up by only achieving root with a locked bootloader vs a rooted phone with an unlocked bootloader? Is it ROM related at all?
notmuchpastnothing said:
I am just jumping into the android moding world, and I just can't seem to find clarification on a particular issue. It seems that most phones are rootable but many have a locked bootloader. From what I can glean through reading many posts here and searching the web, the geekish options that you give up on a phone with a locked bootloader is the ability to flash the ROM. However, this is contradicted by examples here on this site of ROMs for phones with locked bootloaders. (Moto Atrix for example.) Is it that custom ROMs can only go so far with rooting alone, like the inability to replace the kernel? What exactly do you give up by only achieving root with a locked bootloader vs a rooted phone with an unlocked bootloader? Is it ROM related at all?
Click to expand...
Click to collapse
You can't flash a custom rom without root. Root is needed to write to system partition etc.
But you can get root without a custom rom.
A locked bootloader means you will have to stay on stock rom. Means no custom kernels, no custom firmware.
Someone correct me if im wrong.
still confused
As mentioned there seem to be custom ROMs for for phones with a locked bootloader. The new Motorola Atrix is an example. While there is complaining that the bootloader is locked there are custom ROMs (2, I believe, so far) available from members of this forum. What is it that can't be done with a locked bootloader?
I'm still confused, but I appreciate the reply.
I need to root, unlock, and install CWM right? How exactly do I do this? I tried to locate a how to without any luck.
The dev section is filled with all the info you need to know.
Also, not trying to be a **** but saying you searched when it is obvious that you didn't will get you nowhere.
OK I've read some more and had a couple more questions...
I noticed that the roms I've looked at don't require an unlocked phone. What's the point of unlocking the phone then? Can I just root and install CWM?
Some roms say "needs the 1.85 base." What does this mean and how do I get it before flashing a rom?
Thanks!
johnl199 said:
OK I've read some more and had a couple more questions...
I noticed that the roms I've looked at don't require an unlocked phone. What's the point of unlocking the phone then? Can I just root and install CWM?
Some roms say "needs the 1.85 base." What does this mean and how do I get it before flashing a rom?
Thanks!
Click to expand...
Click to collapse
Some of the roms, prior to the unlock discovery, were executable as an RUU. All the updated versions require recovery which you need the bootloader unlocked to get in to. It's a painless process and there's even a 1-Click script method for those who dont want to take chances.
Will I be able to get the phone back to COMPLETELY stock should I decide to sell it in the future?
From what I know it will say relocked or tampered but maybe I'm wrong
Sent from my HTC One X using xda premium
After unlocking your phone, there will be no way to get back to 100% stock unless we can get S-OFF (which hopefully may be in the near future due to a few devices already being S-OFF).
However, you can root your device and not unlock it (1.82 and prior as of now) and still be able to revert to 100% stock as if it came right out of the box.
Most of the ROMs currently do not require an unlocked bootloader.
However, this will definitely change as we begin to see custom kernels (hopefully soon with the release of the source by HTC Dev) and more complex ROMs (such as those based on AOSP, such as CM9 and AOKP).
So in short, you can still use most of the ROMs in the dev section. Just be aware however that if you do not unlock then you cannot install CWM (limiting the number of ROM options) and also if you update past 1.82.502.3 then you cannot root (at this time, other root exploits are being explored).
Is unlocking your bootloader the same as carrier unlocking your phone?
Does this mean that say, AT&T phones could be used on Tmobile?
lamenramen said:
Is unlocking your bootloader the same as carrier unlocking your phone?
Does this mean that say, AT&T phones could be used on Tmobile?
Click to expand...
Click to collapse
Nope. You are thinking of SIM unlock.
Bootloader unlock lets you load custom ROMs and change recovery, that's all.
I have an AT&T HOX. Came stock with 1.85.
I rooted it using the "redbend" method described here (http://forum.xda-developers.com/showthread.php?t=1709296)
(More or less, the pulling SIM card business wasn't part of the steps when I used it, but the root was successful).
I am using SuperSU to manage root access by apps.
I have not done anything beyond that.
Now, I understand, at some point, AT&T is going to force a 2.20 update on me.
My primary concern is to avoid losing root.
(I have enabled the "preserve root across OTA" in SuperSU, but not sure if its effective or not)
I've looked at the howto's for SuperCID, unlocking the bootloader, etc, and I'm not sure which I NEED, and which are optional, and/or what the pros/cons are of each...
I'd like to stay as close to "stock" as possible, but I want to ensure that I can keep root.
I'm still within my AT&T contract, and would really prefer to avoid bricking the phone.
I'm wondering what the recommendations are as to the minimum steps I should take to keep root in the event the OTA is forced on me?
Can I pre-empty the OTA by installing this? ( http://forum.xda-developers.com/showthread.php?t=1812459 )
If so, what is the safest method for installing it?
FWIW, I am a linux user, and I am comfortable with adb as well as the command line on the phone itself.
I have no windows systems, so any special tools I'd need other than adb I'd have to find a linux version.
I don't need "one click" methods, in fact I'd prefer to see/perform the individual steps and understand what they are doing.
unlock your bootloader using this method http://forum.xda-developers.com/showthread.php?t=1672284 if you don't you wont get root again afterwards.
Dont have to unlock to flash roms?
This document,
http://onexroot.com/one-x-root/root-any-htc-one-x-windowsmaclinuxattinternationalone-click-method/
Near the very bottom, suggests:
For AT&T HTC One XL and alike, if you want to install custom ROMs, you don’t have to unlock your bootloader but simply flash custom recovery in fastboot.
Is this accurate?
My ATT HOX is currently rooted, and I now have SuperCID. I assumed I would need to unlock my bootloader, but I havent done that yet.
Can I install this:
https://play.google.com/store/apps/details?id=com.s0up.goomanager
and then use it to install the "Stock Rooted AT&T 2.20.502.7" here?
http://forum.xda-developers.com/showthread.php?t=1812459
And if I do that, will this avoid AT&T OTA'ing me?
On a relatated note, would the SuperCID survive the OTA, allowing me to unlock the bootloader afterward, even if I hadnt done so already?
Megadave123 said:
This document,
http://onexroot.com/one-x-root/root-any-htc-one-x-windowsmaclinuxattinternationalone-click-method/
Near the very bottom, suggests:
For AT&T HTC One XL and alike, if you want to install custom ROMs, you don’t have to unlock your bootloader but simply flash custom recovery in fastboot.
Is this accurate?
Click to expand...
Click to collapse
Completely false. You cannot install custom recovery without unlocked bootloader. For the safety of your device, I'd suggest sticking with XDA, and not Googling random websites. That website obviously has incorrect information.
Megadave123 said:
and then use it to install the "Stock Rooted AT&T 2.20.502.7" here?
http://forum.xda-developers.com/showthread.php?t=1812459
And if I do that, will this avoid AT&T OTA'ing me?
Click to expand...
Click to collapse
AT&T isn't going to "OTA" you by force. You have to accept the download, then accept the installation. Cancelling either of those will prevent the OTA from being installed.
If you want to update to the stock 2.20 firmware without running the OTA or RUU (and therefore keep the ability to flash kernels and radios), than yes, the ROM you linked is the method I would suggest. But you would need to unlock the bootloader, then install TWRP before you can flash the rooted 2.20. Also keep in mind there are newer (than 2.20) firmwares already posted in Development (2.23, 2.29, etc.) in similar pre-rooted form. Not to mention custom ROMs based on 2.20 or newer.
Megadave123 said:
On a relatated note, would the SuperCID survive the OTA, allowing me to unlock the bootloader afterward, even if I hadnt done so already?
Click to expand...
Click to collapse
SuperCID survives OTA. But the 2.20 OTA has a new hboot, which fixes the hole by which kernels and radios can be flashed from recovery, so my recommendation would be not to install the OTA.
redpoint73 said:
Completely false. You cannot install custom recovery without unlocked bootloader. For the safety of your device, I'd suggest sticking with XDA, and not Googling random websites. That website obviously has incorrect information.
Click to expand...
Click to collapse
FWIW, I didnt google that site. It was linked to from an XDA post. I't didnt seem right to me, which is why I asked here
AT&T isn't going to "OTA" you by force. You have to accept the download, then accept the installation. Cancelling either of those will prevent the OTA from being installed.
If you want to update to the stock 2.20 firmware without running the OTA or RUU (and therefore keep the ability to flash kernels and radios), than yes, the ROM you linked is the method I would suggest. But you would need to unlock the bootloader, then install TWRP before you can flash the rooted 2.20. Also keep in mind there are newer (than 2.20) firmwares already posted in Development (2.23, 2.29, etc.) in similar pre-rooted form. Not to mention custom ROMs based on 2.20 or newer.
Click to expand...
Click to collapse
Ok, that is VERY good to hear.
BTW, thank you very much. I read somewhere that ATT could/might force the OTA, and I've been worried about losing root ever since, but not quite ready to (presumably) completely void my warranty with a bootloader unlock.
Megadave123 said:
BTW, thank you very much. I read somewhere that ATT could/might force the OTA, and I've been worried about losing root ever since, but not quite ready to (presumably) completely void my warranty with a bootloader unlock.
Click to expand...
Click to collapse
I think bypassing the user acceptance dialogues for the OTA install would be a violation of how Android fundamentally works. It would be a serious security issue, as it might allow rogue software to be installed on your device without your interaction. I seriously doubt AT&T would institute such a thing.
The user confirmation of the OTA might be a liability thing, too. If the performance of the device is adversely affected by the OTA (happens to some people) and the OTA was forced by AT&T without the owner having a choice, it would seem to me that AT&T has to accept the responsibility. People can claim its AT&T's fault, and demand a replacement device (since AT&T technically installed the software remotely). By making you confirm the OTA installation (and giving you the chance to opt out), you pretty much are volunteering to install the software and accept the consequences.
In theory, unlocking the bootloader voids you warranty. But more than a few folks on here have gotten warranty replacements from AT&T (after unlocking the bootloader), without issue. Sometimes in-store (within the first 30 days) without them even checking for the bootloader unlock. No guarantee that this will always be the case. But just throwing it out there. Its still up to you whether unlocking the BL is worth the risk in your own case.
I dont remember but isnt hoxl supported by goomanager? As long as your rooted you can install a recovery from it with a locked bootloader. I always reccomend unlocking but im pretty sure its not a total necessity to get twrp recovery
18th.abn said:
I dont remember but isnt hoxl supported by goomanager? As long as your rooted you can install a recovery from it with a locked bootloader. I always reccomend unlocking but im pretty sure its not a total necessity to get twrp recovery
Click to expand...
Click to collapse
The hoxl is officially supported by twrp and can be downloaded from goomanager. I do not know if you can install a custom recovery without an unlocked bootloader. I would be interested to know if this can be done as well.
Sent from my Nocturnalized One XL using Forum Runner
when you try to push a recovery via fastboot with a locked bootloader it will fail due to invalid signature I don't see how goomanager would be any different.
Is there any harm in trying it?
If I install "goo manager", and let it do its thing, and the locked bootloader prevents it from doing so, there wont be any other side effects, will there?
If I come off as a complete noob at this - its because I am..
This is my first Android phone, and I *really* want to avoid bricking it, so I want to make sure I understand as much as possible before I go
trying to do anything to it.
Also I'm still wary of unlocking, mainly because of the whole "will erase your phone" bit.
I'm not yet fully comfortable that I know how/what to fully backup all of "my" data on the phone so as to facilitate easily putting it all back.
I'll answer some q's here.
1.) you cannot flash a custom recovery from hboot with a locked bootloader
2.) you CAN dd a custom recovery with a locked bootloader. However your device will be soft-bricked.
3.) you CAN install custom ROM's via dd right from android. This is how we did it back "in the day".
4.) you "might" be able to get away with dd'ing a custom kernel with locked BL, not not sure. In fact, I'd bet it will softbrick now that I think about it.
Anyways, the SAFEST way to do it is via unlocking the bootloader and installing your roms from custom recovery.
gunnyman said:
when you try to push a recovery via fastboot with a locked bootloader it will fail due to invalid signature I don't see how goomanager would be any different.
Click to expand...
Click to collapse
Beaups pretty much already answered it. But this guy tried installing TWRP thru goomanager with a locked bootloader, and confirmed it doesn't work: http://forum.xda-developers.com/showthread.php?p=31220704#post31220704
I'm not sure if these questions have been answered before, but I can't find any information on them, so here I am.
1. How exactly is the bootloader "locked"? Is the kernel the only thing that can't be changed?
2. Is kexec possible on NE1?
I know that bootloaders were bypassed on some Motorola Droid devices via kexec. There was even an in-the-works kexec project for our device on an older firmware (that was abandoned only because someone figured out how to unlock the bootloader, or something along those lines). I also realize this is a biggish project, and most people still using the d2vzw didn't ever take the NE1 OTA and are able to flash custom kernels/ROMs. Knowing this, it could be possible that no one really wants to try, either because of time, apathy, etc. But I digress.
Sent from my SCH-I535 using Tapatalk
AluminumTank said:
I'm not sure if these questions have been answered before, but I can't find any information on them, so here I am.
1. How exactly is the bootloader "locked"? Is the kernel the only thing that can't be changed?
2. Is kexec possible on NE1?
I know that bootloaders were bypassed on some Motorola Droid devices via kexec. There was even an in-the-works kexec project for our device on an older firmware (that was abandoned only because someone figured out how to unlock the bootloader, or something along those lines). I also realize this is a biggish project, and most people still using the d2vzw didn't ever take the NE1 OTA and are able to flash custom kernels/ROMs. Knowing this, it could be possible that no one really wants to try, either because of time, apathy, etc. But I digress.
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
These questions have been beat into the ground, but I'll be happy to answer them again because they are interesting questions. Good ideas and discussion points anyway.
1) So the bootloader is locked by a series of signed boot sequences. These things can be easily researched on the internet in detail, but a general understanding of how the phone boots is helpful to understanding how this process works. Also every phone is unique, and every carrier has different implementations.
Samsung is especially a hugsePITA when it comes to these things. They allow no easy way to gain root access on your phone in any way. In comparison to HTC for instance, they allow nothing in terms of granting administrator access to anyone. HTC at least as an option for S-off, which allows full administrative usage for the device and turns off all boot checking features. This can't be patched in an easy way, and for an update to change this feature it would have to change the devices system information on an unreasonable level. All Samsung has to do is simply patch whatever vulnerability we find, because there is no way to turn S-off on a samsung phone, so all we do is look for bootchain exploits. If that makes any sense? Basically, samsung sucks, and that's the main reason I will never buy their phones ever again.
2) Any part of the boot sequence can be changed, but the signature affecting these things aren't really easy to trick. Kexec was a very easy exploit to use when it first came out, but the modules for it has thus been changed to disallow the command for kexec to load an insecure kernel. It simply can't work the same anymore since samsung released changes to their boot chain. This method won't be used on any future devices. Most recently we had the original root method and loki for the S4, which both affect the aboot sequence, and safestrap which is basically a modified recovery that uses the stock kernel to run a custom rom. Here's an example:
boot => sbl1 => sbl2 => sbl3 => whatever is here ==> maybe something else here ==> aboot => recovery mode or download mode or kernel => system rom
aboot = African canadian sock monkey exploit (basically an unlocked aboot file) and Loki exploits
recovery mode = safestrap exploit (tricks the kernel to boot a modified rom, but it has to work with the kernel)
As you can see in the chain, break any one of those sequences and it doesn't matter what follows, the phone is unlocked, problem is we've broken the chain about 2-3 times. Every time we find a vulnerability, the it gets patched and it makes it that much harder to find another exploit. Samsung does so much work patching the unlocking mechanism that it simply isn't even worth the effort to unlock it in the first place. We actually didn't even unlock the S3 in the first place. The aboot file was given to us by a Samsung employee and distributed quickly. This aboot file allowed us to change the kernel and recovery at will, without worrying about signature verifcation since the aboot file never asked for it. It was a full unlock for the phone. Once an update happened, it erased the modified boot image and disabled the unlocked bootloader.
This problem is unique to samsung btw, other phones aren't nearly as difficult to figure out and test.
BadUsername said:
These questions have been beat into the ground, but I'll be happy to answer them again because they are interesting questions. Good ideas and discussion points anyway.
1) So the bootloader is locked by a series of signed boot sequences. These things can be easily researched on the internet in detail, but a general understanding of how the phone boots is helpful to understanding how this process works. Also every phone is unique, and every carrier has different implementations.
Samsung is especially a hugsePITA when it comes to these things. They allow no easy way to gain root access on your phone in any way. In comparison to HTC for instance, they allow nothing in terms of granting administrator access to anyone. HTC at least as an option for S-off, which allows full administrative usage for the device and turns off all boot checking features. This can't be patched in an easy way, and for an update to change this feature it would have to change the devices system information on an unreasonable level. All Samsung has to do is simply patch whatever vulnerability we find, because there is no way to turn S-off on a samsung phone, so all we do is look for bootchain exploits. If that makes any sense? Basically, samsung sucks, and that's the main reason I will never buy their phones ever again.
2) Any part of the boot sequence can be changed, but the signature affecting these things aren't really easy to trick. Kexec was a very easy exploit to use when it first came out, but the modules for it has thus been changed to disallow the command for kexec to load an insecure kernel. It simply can't work the same anymore since samsung released changes to their boot chain. This method won't be used on any future devices. Most recently we had the original root method and loki for the S4, which both affect the aboot sequence, and safestrap which is basically a modified recovery that uses the stock kernel to run a custom rom. Here's an example:
boot => sbl1 => sbl2 => sbl3 => whatever is here ==> maybe something else here ==> aboot => recovery mode or download mode or kernel => system rom
aboot = African canadian sock monkey exploit (basically an unlocked aboot file) and Loki exploits
recovery mode = safestrap exploit (tricks the kernel to boot a modified rom, but it has to work with the kernel)
As you can see in the chain, break any one of those sequences and it doesn't matter what follows, the phone is unlocked, problem is we've broken the chain about 2-3 times. Every time we find a vulnerability, the it gets patched and it makes it that much harder to find another exploit. Samsung does so much work patching the unlocking mechanism that it simply isn't even worth the effort to unlock it in the first place. We actually didn't even unlock the S3 in the first place. The aboot file was given to us by a Samsung employee and distributed quickly. This aboot file allowed us to change the kernel and recovery at will, without worrying about signature verifcation since the aboot file never asked for it. It was a full unlock for the phone. Once an update happened, it erased the modified boot image and disabled the unlocked bootloader.
This problem is unique to samsung btw, other phones aren't nearly as difficult to figure out and test.
Click to expand...
Click to collapse
Thanks for the info. This is very informative. I had already in my own mind decided that Samsung sucked, but hearing someone else say it is refreshing!
Sent from my SCH-I535 using Tapatalk
Good afternoon people of XDA,
Today is the dawn of a new day. A day where we begin the road to unlocking the bootloader to something that many believe is unlockable. Me and a few other users are starting a bounty to bring the incentive to life for all active developers. You can find my previous thread here. Now, when I say progress has been made, I mean that we have gotten into fastboot, we have donation incentives and we already have root so our tools are there we just have to find the exploit. Every day people are finding new exploits furthering our cause into reaching our goal. Now to the developers who want to pursue this, I've very much so tried to get active commands in fastboot but basically its just a dead fastboot for right now. The board on this phone and technologies behind it are so similar to its predecessors that somethings got to give. If you are interested in this cause, i.e. donating or deving on it, please contact me here, or email me at [email protected]
This is in our grasps friends. Spread the word, grab your fellow developers and lets get this thing to be a free wad of cash for whoever can bust it. Lets do this.
Attached is the spreadsheet for the current donations.
this kind of things never work...i mean, you make a donation and the people or the persons behind the scenes when getting high values like 400-500$ then buy a new phone and move on letting the desired phone to get development in the trash!!
Noooo, people should see, if a year old phone never came to life in development in the first 6-8 months then the development for it is dead and if you like to custumize the phone and flash things you need to move to a more flashable-friend device!
I have to agree with this. The Tmobile version has unlocked bootloader yet barely no development. What would make me that unlocking VS990 bootloader would all of a sudden spur development.
beavis5706 said:
I have to agree with this. The Tmobile version has unlocked bootloader yet barely no development. What would make me that unlocking VS990 bootloader would all of a sudden spur development.
Click to expand...
Click to collapse
I personally (and I think many other users) don't really need cooked roms. With gravity box, xposed and some other apps, I can "cook" my own rom (and believe me, it won't be that hard). All we need is a method for rooting. Using an android without rooting is even worse than an iphone without jailbreaking since iphones are undoubtedly smoother
presariohg said:
I personally (and I think many other users) don't really need cooked roms. With gravity box, xposed and some other apps, I can "cook" my own rom (and believe me, it won't be that hard). All we need is a method for rooting. Using an android without rooting is even worse than an iphone without jailbreaking since iphones are undoubtedly smoother
Click to expand...
Click to collapse
Indeed, a rooting method for version above MM is the most importing thing for us rather than flashing custom rom. However, system-less root is need to root MM or above and this is required modifying boot.img, therefore, bootloader unlocking is need. Unless, we have found a way to sign the modified boot.img to deceive the offical bootloader.
ivangundampc said:
Indeed, a rooting method for version above MM is the most importing thing for us rather than flashing custom rom. However, system-less root is need to root MM or above and this is required modifying boot.img, therefore, bootloader unlocking is need. Unless, we have found a way to sign the modified boot.img to deceive the offical bootloader.
Click to expand...
Click to collapse
What did you mean by "unless"? Have you found an evidence that MM bootloader is unlockable or not?..
presariohg said:
What did you mean by "unless"? Have you found an evidence that MM bootloader is unlockable or not?..
Click to expand...
Click to collapse
I mean even if the bootloader is not unlockable, somethings can be done to let us perform the same things just like bootloader is unlocked.
For example, some dev in G2 and G3 have released a tool called "Bump!" before that can sign any third party image and let it able to be run on offical locked LG bootloader.
source: http://forum.xda-developers.com/lg-g3/orig-development/bump-sign-unlock-boot-images-lg-phones-t2935275
But of course, since LG have fixed the bug, we can no longer do the same tricks now.
In China, there is name ???he has lg tool, this tool can unpack repack kdz tot, add root in tot.
This is weibo id http://m.weibo.cn/u/1684239753
Need help
andy_zhang said:
In China, there is name ???he has lg tool, this tool can unpack repack kdz tot, add root in tot.
This is weibo id
Click to expand...
Click to collapse
Hey, So I've been working to be able to get root, so far I have added root to the system.img and that's all done, I need this tool to be able to repack. Can anyone, or you, contact him and get this tool? This would be so helpful for me to get root and release it!!!!
abine45 said:
Hey, So I've been working to be able to get root, so far I have added root to the system.img and that's all done, I need this tool to be able to repack. Can anyone, or you, contact him and get this tool? This would be so helpful for me to get root and release it!!!!
Click to expand...
Click to collapse
What version of Android you are going to add root? I wonder that you cannot simply add root in /system after Android 6.0.
ivangundampc said:
What version of Android you are going to add root? I wonder that you cannot simply add root in /system after Android 6.0.
Click to expand...
Click to collapse
I'm trying different things but still i need to figure out how to repack a tot to find out what's going to work!! Does anybody know how to get that application?
abine45 said:
I'm trying different things but still i need to figure out how to repack a tot to find out what's going to work!! Does anybody know how to get that application?
Click to expand...
Click to collapse
For MM, unless you've found a way to get the SELinux context needed, repacking the system image will not work.
anyone having any luck with rooting MM?
I think at this point what we really need is a small set of testers who have a good insurance policy on their phones and are willing to risk bricking their phones. We've got the outline of a method which looks viable, but the details haven't been worked out and is hence likely to produce a few bricks before we get it working.
Sorry for dropping of the face of the planet for the past two months. In testing with my device it ended up being FUBAR after wiping my aboot completely and with that the phone would not boot to anything but a black screen. I sent it into LG and after some time they finally just replaced my motherboard. But the absolute sad part is that they have me upgraded to 6.0 which absolutely is crushing my world. SO until further notice I will not be testing the unlocking of the bootloader anymore but I will make efforts here in a few weeks to start work on rooting the device. @alvislee[email protected]