Question about system modifications to Rooted T-Mo S7 - T-Mobile Samsung Galaxy S7 Questions & Answers

Hi all,
I know the bootloader on the S7 is locked but we can gain root access by flashing the ENGboot file. I have downloaded Flashfire and have successfully flashed the Echoe rom (which appears to run so much smoother than stock root). I would like to flash a zip that would install a system application (Pixel Launcher specifically) but I don't have a complete understanding of what our locked bootloader allows or disallows. Would flashing a system application through flashfire work with a locked bootloader? Or would I get a boot loop because of some hash mismatch? Can simple system modifications be made without royally screwing up the phone?

Hi i have s7 edge g935r4 i rooted with twrp and i have flashed many apps with no issues using flashfire.
Could you add a link to the rom you used i would love to compare it to the ones i used, kt would be much appreciated

Related

Help with nandroid backup

I have rooted my V10 H900 and want to do a full backup of the phone before I attempt to unlock the bootloader, install TWRP, and then install a custom ROM. I have installed Titanium Backup...what a piece of garbage, It's like the UI was written by a 5 year old with ADD. I decided to try Helium instead but it throws a SuperUser error "non zero result 1" (I am using SuperSU and BusyBox). I have checked the permissions in SuperSU and it looks right. Does anyone know what to do to get past this? Is there a better app/method to backup my phone?
Also i would love some input into which recovery to use as well as which ROM's work well with the V10 H900.
There are no custom ROMs for the AT&T V10. The bootloader is locked and no one has been able to unlock it yet. Only the European version and the T-Mobile version are allowed to unlock the bootloader. I gained root for Lollipop and then used the FlashFire app to do a NAND backup. There is not a rooted version of Marshmallow for this phone yet.

Current status of Locked Bootloader root for E6653

Hi guys,
Just wondering if anyone has an update on the availability or possibility of root for LB Xperia Z5s on Marshmallow?
Also, can I assume that because root is not available on Marshmallow, then it will be equally unavailable on Nougat?
Just a quick thought for the more technically minded - Would it not be possible to deconstruct a valid stock .ftf file and insert a modified kernel, allowing root, before recompiling it and flashing it? I know the locked bootloader stops us from flashing a custom kernel, but is there no way to spoof an .ftf file into using a modified kernel?
Sorry for the n00bish questions, just wondering aloud.
Cheers!
As far as I know you need to disable some security settings in the kernel to have permanent root access. But a locked bootloader won't let the system boot with this modified kernel.
I don't think there will come a method to have root without unlocking the bootloader in the near future.
Nope. No root without unlocked the BL as far as I am informed.
ianrobbie said:
Hi guys,
Just wondering if anyone has an update on the availability or possibility of root for LB Xperia Z5s on Marshmallow?
Also, can I assume that because root is not available on Marshmallow, then it will be equally unavailable on Nougat?
Just a quick thought for the more technically minded - Would it not be possible to deconstruct a valid stock .ftf file and insert a modified kernel, allowing root, before recompiling it and flashing it? I know the locked bootloader stops us from flashing a custom kernel, but is there no way to spoof an .ftf file into using a modified kernel?
Sorry for the n00bish questions, just wondering aloud.
Cheers!
Click to expand...
Click to collapse
Short answer: not possible without unlocking the bootloader.
Long answer:
There are two possible methods for acquiring permanent root on Marshmallow on the Z5:
Conventional root - you provide root by modifying certain /system files on the phone. The problem with this is that you are modifying the system partition on the phone. The stock kernels on the Z5 (and most other phones) have something called dm-verity which basically checks everything on the system partition against what it expects to be there. If the kernel notices that something in the system partition has changed, the phone will fail to boot. You can install a modified kernel that has dm-verity disabled, but then you run into the issue described with systemless root.
Systemless root - you modify the kernel to allow for root either with Systemless SuperSU or through Magisk. This allows for you to have an unmodified system partition and pass any potential system checks, however you have to modify and flash a new kernel. Herein lies the problem with a locked bootloader. A locked bootloader checks the file signature for the file you're trying to flash. These files are typically signed by the phone manufacturer or carrier, so when the bootloader checks the file signature and it matches what it expects, then it allows the flash, if the signature doesn't match, then it aborts the flash. If you modify a stock kernel to disable dm-verity or try to flash a custom kernel, you will be prevented doing so because your signature won't match what the bootloader expects. By unlocking the bootloader you are essentially disabling that signature check process.
So basically permanent root on Marshmallow isn't possible unless somebody can exploit a vulnerability in the boot chain.
As for modifying a stock ftf package. You again run into issues with the bootloader signature checks. The ftf files is basically a special zip container that contains a bunch of files. Most of these files if not all of them are signed by either the manufacturer or carrier so you are able to flash it because all of these files pass the bootloader signature checks. Once you modify one of those files within the ftf, you destroy the signature and flashing of the ftf file will abort.
In summary, you need to unlock the bootloader so that you can flash a modified kernel that has dm-verity disabled.
Thanks very much for all the replies. Looks like I'm stuck with stock for the time being.
Ever since TA backup and bypassing the TA checks was possible since MM or whatever, unlocking the bootloader is not a big deal. Very easy to backup, unlock, root, re-lock, restore.
xasbo said:
Ever since TA backup and bypassing the TA checks was possible since MM or whatever, unlocking the bootloader is not a big deal. Very easy to backup, unlock, root, re-lock, restore.
Click to expand...
Click to collapse
Yeah, but unfortunately I'm not allowed to unlock my bootloader.
ianrobbie said:
Yeah, but unfortunately I'm not allowed to unlock my bootloader.
Click to expand...
Click to collapse
Ahhh, sure, forgot that some carriers lock these phones. I had that same problem on my Z1, but fortunately they found a LB root exploit.
How long have you had your phone? If the upcoming Nokia offering looks good, I'll sell you my mint condition UB Z5

Custom ROMs on S8+ Verizon Model

Hi,
I have purchased a Galaxy S8+ Verizon version, I want to know if I could install custom ROMs on it from the stock galaxy s8+ page. I am a little confused about this as I want to try out different ROMs, Also will installing different ROMs unlock the device?
Thanks
LOL. You purchased the wrong device if you wanted custom ROMs. You can only flash stock official ROMs via Odin on the North American Snapdragon S8. There is no unlock for us.
All you can do is root it: https://forum.xda-developers.com/galaxy-s8/development/samsung-galaxy-s8-root-snapdragon-t3659305
Maybe??
https://forum.xda-developers.com/ga...root-partcyborgrom-aqk3-samfail-odin-t3717702
So I understand that the bootloader verification and lock is why we can install TWRP, but I swear on my Razr(XT912) or Bionic or G3 had a locked bootloader but they had a way to boot the ROM after initial boot you would have a way to boot the regular system or boot to custom Rom. Killing me right now what name of it was, is it just that there was an exploit or is the security much stricter
bmxmike said:
So I understand that the bootloader verification and lock is why we can install TWRP, but I swear on my Razr(XT912) or Bionic or G3 had a locked bootloader but they had a way to boot the ROM after initial boot you would have a way to boot the regular system or boot to custom Rom. Killing me right now what name of it was, is it just that there was an exploit or is the security much stricter
Click to expand...
Click to collapse
It was probably exploit like safestrap No exploits have been found obviously for our devices yet

Flashing stock recovery only

Hi there, I'm having no luck finding a solution to my problem anywhere.
I'm using a Galaxy S7 running Oreo (I know, old school), and like many phones, it came with a bunch of apps that can't be uninstalled unless you have root access. So, I installed TWRP, and then Magisk v23, and then I installed a root uninstaller in order to remove the apps in question.
However, I use Revolut and an app for the bank I'm with, and so while my device is rooted, I am locked out of both.
What I want is to have the disable-only apps gone, and my device unrooted and back to normal so I can use Revolut and said banking app.
I believe uninstalling Magisk should unroot the device, but without Magisk installed, I can't boot into the system because of TWRP and the whole dm-verity thing. So, I want to replace TWRP with the stock recovery, which, if I'm correct, should achieve the desired outcome.
I downloaded the exact firmware for my phone from sammobile, and the recovery file can be extracted from it easily, but I don't really know how to go about flashing said file, or even if I can. Odin isn't working for me.
I tried flashing the whole "AP" file via Odin (the latest version), but that restored the device back to it's factory state, disable-only apps and all.
So can anyone help me with this? Or is what I want to do here even possible? I'd really appreciate some input / advice. Thanks!
P.S. maybe you can tell, but I'm kind of a noob, so apologies if I'm overlooking something obvious.
Android's recovery where it doesn't matter whether it's Stock or Custom can't be used to unroot Android if it got rooted by TWRP and/or Magisk this because phone's boot.img got tampered by those: you'ld have to completely re-flash phone's Stock ROM to get rid off of all modifications you applied so far.
Okay then, thanks for explaining.
Just to be clear, what you're saying is that it isn't possible to unroot a device and then restore just its stock recovery (to replace TWRP). You cannot undo modifications made to boot.img and therefore must re-flash the stock firmware?
What I do with unwanted system apps on other android phones is to remove the .apk from /system by booting into recovery and using the shell/adb with u**x commands (actually move them somewhere they can't be seen by the O/S with mv command).
Also when faced with dm-verity, Magisk just modified the boot.img
and changes fstab to take out verify from system mount & patches init and removed /verity_key.
I was able to uninstall Magisk (only phone mod was unlocked boot loader allowing custom boot over usb).

Question Custom rom for A32 5G

any update on any custom roms for Samsung SM-A326B 5g
i cant find any online and its taken my a while to unlock the oem lock, root and install twrp but again im in a boot loop as cant find a custom os to flash.
Any recommendations and links please?
as i dont have a os, and if there are no stable custom roms, is it possible and safe to flash stock BTU-A326BXXS3AUH3-20210830165820.zip from TWRP and if that is would i keep magisk root or need to install stock and then root (magisk apk) again ?
Thanks
Some GSI can work with some bugs.
You can not flash stock firmware through TWRP. You should have Odin on a PC, extract original firmware and follow stock firmware instructions.
Once you flash stock, you have to check whether OEM is unlocked and flash recovery again and obtain root if you prefer.
Flash U1 XAA with Odin mod if you havent, and make your own custom rom by careful debloating. Make incremental TWRP backups every change.
I gained about 500mb more available memory. Totally debranded. Tons of mods and tweaks. Then use kernel manager like Franco to use per app settings so you can change governor per app. Runs Gamecube 3ds and PS2, even booted a Switch game if you like emulators (they are a pretty good benchmark regardless).
Always make backups, especially when you dont want to, and keep a base on your pc, and whatever you do:
DO NO ROOT WITH NEWEST MAGISK. Use 23.x.
*I have a post where I debloated. Look at the last post for a debloat Ive been running for months now.

Categories

Resources