[ROOT]Samsung Note 5 Verizon SM-N920V 6.0.1 - Verizon Samsung Galaxy Note5

Mod Edit

So this is BS right? I've been out of the phone rooting game for a bit.
Sent from my SM-N920V using Tapatalk

Mod Edit

MrMike2182 said:
Why are you trying to get people to do this when it's not FULL ROOT?! You basically took the same exact console root eng kernel that is listed here https://forum.xda-developers.com/verizon-galaxy-note5/general/root-n920v-t3538192 and just renamed it..
Do not do this it's simply console root and nothing else!!
Click to expand...
Click to collapse
Lol at the if you see SuperSU you're rooted. I mean, if the CF auto works cool, but I'm gonna wait to see how many people don't read first and try to flash this.

tylerlawhon said:
Lol at the if you see SuperSU you're rooted. I mean, if the CF auto works cool, but I'm gonna wait to see how many people don't read first and try to flash this.
Click to expand...
Click to collapse
LOL there isn't even a CF auto root for the N920V!! He seriously just took the same one we already have for console root and renamed it! They're even the same exact size, haha. Besides, where does he think the SuperSU app is coming from? It sure ain't from the file he has posted because that's just the console root kernel and that doesn't install/ flash SuperSU it only flashes the boot.img..

tylerlawhon said:
..
Click to expand...
Click to collapse
There's to many inexperienced people claiming root and cluttering the hell out the forums!! Even on the easy-firmware website he posted this same exact thing and when a user asked him a question he didn't even know the answer and told the user to flash and report back with his findings.. This thread is totally not needed at all!!

Stuck in the boot interface

tylerlawhon said:
Lol at the if you see SuperSU you're rooted. I mean, if the CF auto works cool, but I'm gonna wait to see how many people don't read first and try to flash this.
Click to expand...
Click to collapse
Well there goes 1 who didn't read first lol.

please remove this threade Please .
it's worng from inexperienced someone

I know this website, easy firm ware listed above, to be a scam site. I've seen a lot of different angles they've tried INCLUDING a download manager quote unquote that is supposed to help you finish downloading. But this is a trojan app. While I never fired it up I can tell you it doesn't look like something a windows user should execute on their system. I use linux.
(mods I promise I know this site is a scam site I've watched them work over the past couple months as I researched my studies)
Regards to root. If you are patched for dirtycow good luck getting root on this phone. (see below for dirtycow patch details) The AT&T / Verizon variants of the Note 5 are extremely well coded you can't get root on them without a powerful exploit. With dirtycow available the days are numbered for any phones not patched, of course not patching your phone in the meantime means you are very vulnerable to a nasty exploit.
So how long right? I dunno but it could be awhile.
Patch details:
Google says the fix is called CVE-2016-5195 patched 11-05-2016, however my security patch level is Nov 1st, 2016. The Samsung SVE-2016-7504 is stated to be included in November's patches and there are 14 patches in that set. AT&T N920AUCS4CPK1 has a note about 14 patches from Samsung, the exact number. (so I seem to be patched if I follow the logic even though Google responded on 11/05/2016 but I dunno how to confirm what's in this Nov 1 2016 security patch in the PK1 firmware.)

It doesn't really matter if they've patched it, you can still downgrade your firmware and security level - even on this variant. I used to go between Marshmallow and Lollipop, as it was required by the ps3 controller app.

Turbine1991 said:
It doesn't really matter if they've patched it, you can still downgrade your firmware and security level - even on this variant. I used to go between Marshmallow and Lollipop, as it was required by the ps3 controller app.
Click to expand...
Click to collapse
Which part are you saying you can downgrade? You can't take the Lollipop firmware and flash it if you're currently on the latest firmware update. It will just fall in odin.

That's just not true. The Verizon model can be flashed in Odin, I've done it a few times myself. Here's someone elses word: https://forum.xda-developers.com/verizon-galaxy-note5/general/downgrade-to-lollipop-5-1-1-verizon-t3368250
It's not impossible, you just need to use an official firmware and may need to downgrade the bootloader.

Turbine1991 said:
That's just not true. The Verizon model can be flashed in Odin, I've done it a few times myself. Here's someone elses word: https://forum.xda-developers.com/verizon-galaxy-note5/general/downgrade-to-lollipop-5-1-1-verizon-t3368250
It's not impossible, you just need to use an official firmware and may need to downgrade the bootloader.
Click to expand...
Click to collapse
Uh, Sir, the link you just posted.. *I* am the original poster of that and I'm telling you with official firmware you still CANNOT go from the latest firmware update of Marshmallow back to Lollipop! I even stated in my OP that it's not going to once you accept the BPI3 firmware update you're done and stuck on Marshmallow with no way to go back not even if you follow my original instructions it won't work!! The bootloader is no longer downgradeable thanks to Verizon!

Dirty cow or not is irrelevant. We can upgrade or downgrade and we're able to root this phone just like any other variant.
The only issue is the bootloader's signature checking.

so this is crap, thanks for the further investigation

There's a simply check for a value that they are calling a binary number. What is that? Certain versions will work together but past a certain point something changes. (most often the security storage binaries) .. So the bootloader checks to see if binary # >= current firmware binaries ... If you are on S3 binary and you attempt to flash S2 binaries the bootloader newly rejects this.
I can and have written a tool to over come this problem but there is one catch. system.img is too large for me to hack into place in this way. If I can't rewrite system.img then we are still stuck. ;*(
So what am I doing? I need root so I can just dd write system.img from /sdcard/ to the partition. that's it..
Stop listening to people who are not spending all their free time looking at the Note 5.. I already have too much access for the Note 5 to survive now.. It's going down, it is not the super secure device that will refuse to boot 'ever again' if you modify stuff that Samsung tried to claim.. that was lies and nonsense (don't hack BOTA0 or BOTA1 though)... I haven't tested changes to this partitions, all others have suffered a beating from me. (if you disable certain packages without disabling other packages it will refuse to boot, no wiping will help, reflash time)

droidvoider said:
There's a simply check for a value that they are calling a binary number. What is that? Certain versions will work together but past a certain point something changes. (most often the security storage binaries) .. So the bootloader checks to see if binary # >= current firmware binaries ... If you are on S3 binary and you attempt to flash S2 binaries the bootloader newly rejects this.
I can and have written a tool to over come this problem but there is one catch. system.img is too large for me to hack into place in this way. If I can't rewrite system.img then we are still stuck. ;*(
So what am I doing? I need root so I can just dd write system.img from /sdcard/ to the partition. that's it..
Stop listening to people who are not spending all their free time looking at the Note 5.. I already have too much access for the Note 5 to survive now.. It's going down, it is not the super secure device that will refuse to boot 'ever again' if you modify stuff that Samsung tried to claim.. that was lies and nonsense (don't hack BOTA0 or BOTA1 though)... I haven't tested changes to this partitions, all others have suffered a beating from me. (if you disable certain packages without disabling other packages it will refuse to boot, no wiping will help, reflash time)
Click to expand...
Click to collapse
I tried to tell everyone that this was straight up BS back when I was asking for help and no one wanted to risk it nor did they believe me.. Instead they chose to believe this instead of me..
http://www.idigitaltimes.com/samsung-galaxy-note-5-galaxy-s6-edge-specs-and-features-att-and-verizon-models-wont-468357

Would flashing the tar file in the OP give me the ability with ADB to delete, rename or change the bootsamsung.qmg and bootsamsungloop.qmg files? All I want to do is swap those out for another set. Would I then need to flash something else to bring it back to normal?

MrMike2182 said:
I tried to tell everyone that this was straight up BS back when I was asking for help and no one wanted to risk it nor did they believe me.. Instead they chose to believe this instead of me..
http://www.idigitaltimes.com/samsung-galaxy-note-5-galaxy-s6-edge-specs-and-features-att-and-verizon-models-wont-468357
Click to expand...
Click to collapse
You seem to have a good grasp on the situation and seem to talk sense, so I'll just ask a question. I'm only passing through because I needed some info, but got interested in the thread.
It seems you have the eng boot for the device, but not able to get system to mount rw? Strange because I have checked it and it is a bonafide eng boot.
Anyway I don't own this device, but I thought I'd just share some info that allowed others to get root on a few recent ATT devices with locked bootloaders on MM.
Using Kingroot on the said devices would not work, no matter how many times or which version was used. However flashing the eng boot from the combination firmware (so not even full eng boot as no root shell with adb) and then using Kingroot, Kingroot was able to successfully root these devices even though with some it took several tries. Kingroot was then used to convert to Supersu.
This may have been tried already, but I couldn't see it. Someone tried it with stock, but not using the eng binary.
The combination eng binary allows the device to boot in permissive mode with no dm-verity, but doesn't have a root shell or any write access with adb. The full eng boot you have should do the same obviously with the addition of adb root shell.
It's just for info and I'm not claiming it will work on Verizon devices, but it seems to be pretty successful on ATT and Tracfone devices.

Related

Its time exploit some dirty, dirty cows.

Alright, so as most of you know, (or not) there has been a MAJOR exploit for not just our device, but the ENTIRE android base as a whole. This is very exciting for us at this time, for as you know, Marshmallow for our phone gets near to no developer support. It goes by the name, the myth, the legend, Dirty Cow (CVE-2016-5195). How it works, is it uses a very old, 7-9 year old exploit that was overlooked a long time, but was patched on some Linux desktop systems. However, Android is running on a different kernel, and we can take advantage of CoW (Copy on Write). This is great news once again, if you want to know more, feel free to Google it. So, we don't really need to do much. Just sit back, and wait for people like J Case and Chainfire to release a tool that is verified to work.
(Or don't wait and try to make a tool of your own, each to their own)
Once we obtain root for our devices on 6.0 I will start to work on this device again and develop for it. I will port Cyanogenmod Mod 13 over, or whatever the latest is). Very excited to possibly start working on this device again, great device, just recently got wireless charging for it, +1 . Whatever you do, do NOT take any patches from AT&T if you can avoid it (reason why I say "if you can avoid it" is because AT&T has been known to automatically update your device in the past, and has happened countless times. Also, try not to download anything that isn't verified or from a source you trust, this can also be used for malicious purposes obviously.
-ZVNexus
ZVNexus said:
Alright, so as most of you know, (or not) there has been a MAJOR exploit for not just our device, but the ENTIRE android base as a whole. This is very exciting for us at this time, for as you know, Marshmallow for our phone gets near to no developer support. It goes by the name, the myth, the legend, Dirty Cow (CVE-2016-5195). How it works, is it uses a very old, 7-9 year old exploit that was overlooked a long time, but was patched on some Linux desktop systems. However, Android is running on a different kernel, and we can take advantage of CoW (Copy on Write). This is great news once again, if you want to know more, feel free to Google it. So, we don't really need to do much. Just sit back, and wait for people like J Case and Chainfire to release a tool that is verified to work.
(Or don't wait and try to make a tool of your own, each to their own)
Once we obtain root for our devices on 6.0 I will start to work on this device again and develop for it. I will port Cyanogenmod Mod 13 over, or whatever the latest is). Very excited to possibly start working on this device again, great device, just recently got wireless charging for it, +1 . Whatever you do, do NOT take any patches from AT&T if you can avoid it (reason why I say "if you can avoid it" is because AT&T has been known to automatically update your device in the past, and has happened countless times. Also, try not to download anything that isn't verified or from a source you trust, this can also be used for malicious purposes obviously.
-ZVNexus
Click to expand...
Click to collapse
Jcase doesn't work on LG devices at all anymore. (That's what he told me) Chainfire is occupied with working on a systemless root for the google Pixel! Think you could try it?
abine45 said:
Jcase doesn't work on LG devices at all anymore. (That's what he told me) Chainfire is occupied with working on a systemless root for the google Pixel! Think you could try it?
Click to expand...
Click to collapse
Nonono, the thing is this exploit will work on ALL Android devices, so even if one person creates a tool for another device that does not yet have root, that tool will instantly work on ALL devices. (at least to my knowledge) So it doesn't matter if he works on LG devices or not, any tool he makes can be used on our devices.
ZVNexus said:
Once we obtain root for our devices on 6.0 I will start to work on this device again and develop for it. I will port Cyanogenmod Mod 13 over, or whatever the latest is).
-ZVNexus
Click to expand...
Click to collapse
The root has nothing to do with custom roms. Root won't let you to unlock bootloader.
rascal0pl said:
The root has nothing to do with custom roms. Root won't let you to unlock bootloader.
Click to expand...
Click to collapse
With a certain method, we won't need one. I was thinking, once you boot /system, it will automatically trigger which will send you into CM13.
It would be very similar to Safestrap, but not.
i have unlocked bootloader on MM, meybe someday I learn how to port rom V10 is poor in unofficial soft
I dont understand ????
Excuse me can u say it in simple way ? ???
Are u wanna say with Our locked bootloader we can install root and Twrp on Our device ? On MM or Nougat or any system? Do u mean that ?!
₪HuEx₪
HuEx said:
I dont understand
Excuse me can u say it in simple way ?
Are u wanna say with Our locked bootloader we can install root and Twrp on Our device ? On MM or Nougat or any system? Do u mean that ?!
₪HuEx₪
Click to expand...
Click to collapse
Installing TWRP is IMPOSSIBLE without unlocked bootloader so no. Although, systemless root is very much possible, just we have no devs that will work on it. Although I do work on minor root applications, I myself am no where at the level of where people like Chainfire are. So yes, root possibility, bootloader nope. (Until further notice at least)
The T-Mobile varient already has root + TWRP on MM ......
ZVNexus said:
Installing TWRP is IMPOSSIBLE without unlocked bootloader so no. Although, systemless root is very much possible, just we have no devs that will work on it. Although I do work on minor root applications, I myself am no where at the level of where people like Chainfire are. So yes, root possibility, bootloader nope. (Until further notice at least)
Click to expand...
Click to collapse
But i see they could Unlock bootloader with Nougat system with Fastboot on V20 without a bin file or any thing .. So is there a hope with Nougat For us ? To get TWRP in V10? All Variants?
₪HuEx₪
This exploit is not specific to this phone. Once someone releases root via this method it should work on all phones, all firmwares.
ZVNexus said:
Installing TWRP is IMPOSSIBLE without unlocked bootloader so no. Although, systemless root is very much possible, just we have no devs that will work on it. Although I do work on minor root applications, I myself am no where at the level of where people like Chainfire are. So yes, root possibility, bootloader nope. (Until further notice at least)
Click to expand...
Click to collapse
This is both true and untrue. There is a way around this, if you can use Android itself as a bootloader, then you don't actually need the usual sort of unlocked bootloader. The idea is similar to Linux's KEXEC functionality. Alas I'd bet KEXEC won't be available on Android kernels any time soon, but if you can inject code into kernel space you can get the same effect.
beavis5706 said:
This exploit is not specific to this phone. Once someone releases root via this method it should work on all phones, all firmwares.
Click to expand...
Click to collapse
I've read there are some already out and people have been successfully experimenting.
I am SO excited. This forum has been so barren for so long I just never even imagined CM on my phone
when will we be able to unlock bootloader for v10 H960a middle east version. i had two option, go with sony z5 premium dual or LG V10, i regret choosing LG v10 over z5. i wish if i knew that you cant unlock the bootloader!!
Has there been someone that has been able to permanently root marshmallow yet (non t-mobile v10) ?
Permanent root may not be necessary. But no one has replied to my questions on the functionality of temporary root. Questions are... With temp root...
1. Can I replace mobile hotspot APK and use my hotspot after reboot (no root) unlimited data user.
2. Would ad blocking still work after reboot (no root)
3. Would viper4android still work after reboot (i could live with out this one)
4. Would I be able to use Titanium Backup while temporary rooted?
Hello
I'm new to LG V10 so I don't know in detail.
But can we use VIKIROOT??
It looks work on this device and we can get temporal root?
I'm sorry for my bad English.
I tried to use it but it says "Permission denied."
iptr9 said:
Hello
I'm new to LG V10 so I don't know in detail.
But can we use VIKIROOT??
It looks work on this device and we can get temporal root?
I'm sorry for my bad English.
I tried to use it but it says "Permission denied."
Click to expand...
Click to collapse
I just saw VIKIROOT and looks promising!
You probably did not make "exploit" executable. I pushed "exploit" through adb to /data/local/tmp, then opened an adb shell, cd to /data/local/tmp and made it executable (by chmod +x exploit). Then I ran it, and seemed to execute fine. However it stuck on "waiting for reverse connect shell". I don't know what to do now; I opened up the device, toggled Bluetooth etc as the developer suggests but nothing happens. Anybody to take it further?
ftaios said:
I just saw VIKIROOT and looks promising!
You probably did not make "exploit" executable. I pushed "exploit" through adb to /data/local/tmp, then opened an adb shell, cd to /data/local/tmp and made it executable (by chmod +x exploit). Then I ran it, and seemed to execute fine. However it stuck on "waiting for reverse connect shell". I don't know what to do now; I opened up the device, toggled Bluetooth etc as the developer suggests but nothing happens. Anybody to take it further?
Click to expand...
Click to collapse
Thank you for reply!!!
It also stuck on "Waiting for reverse connect shell"...
iptr9 said:
Thank you for reply!!!
It also stuck on "Waiting for reverse connect shell"...
Click to expand...
Click to collapse
I'm in contact with the developer, we will have to wait a bit. Let's keep fingers crossed

How to Update to 7.1.1 on a Rooted, Unlocked Bootloader, Google Play Pixel?

I have a rooted, bootloader unlocked Pixel from Google Play. I am currently on 7.1 (NDE63V) November 5th security patch. I have stock recovery and would like to keep it that way if possible.
Can someone please provide step-by-step instructions on how to update to 7.1.1 without losing root or the unlocked bootloader? I used adb and boot-to-root for my current root method if it matters.
Many thanks in advance for any assistance. If a thread with the requested info already exists, please feel free to just post a link to it.
spook2022 said:
I have a rooted, bootloader unlocked Pixel from Google Play. I am currently on 7.1 (NDE63V) November 5th security patch. I have stock recovery and would like to keep it that way if possible.
Can someone please provide step-by-step instructions on how to update to 7.1.1 without losing root or the unlocked bootloader? I used adb and boot-to-root for my current root method if it matters.
Many thanks in advance for any assistance. If a thread with the requested info already exists, please feel free to just post a link to it.
Click to expand...
Click to collapse
You will lose root, but you can re-root easily enough. Bootloader doesn't relock on its own. Plus, you have the Google Store version, so it's easy to unlock BL anyway. To me, the cleanest and easiest method is to use the flash-all method, with the -w switch removed. Download the 7.1.1 image from the Google developers site and go at it. You can search for 'flash-all google pixel' here or on the web in general to get directions. It's easy as pie.
quangtran1 said:
You will lose root, but you can re-root easily enough. Bootloader doesn't relock on its own. Plus, you have the Google Store version, so it's easy to unlock BL anyway. To me, the cleanest and easiest method is to use the flash-all method, with the -w switch removed. Download the 7.1.1 image from the Google developers site and go at it. You can search for 'flash-all google pixel' here or on the web in general to get directions. It's easy as pie.
Click to expand...
Click to collapse
I've got an unlocked Verizon Pixel running the non Verizon stock ROM (I know the bootloader won't relock itself with the non-Verizon ROM, right?). what if you are using a computer that can't use the ./flash-all.sh script? My only 2 computers are a Chromebook (1GB RAM) and a Raspberry Pi 3 (again, 1GB RAM). The flash-all script always gives an error saying it can't allocate enough memory, and with my old Nexus 6P, before I started using Custom ROMs, I'd just extract the image zip and manually flash the .img files inside it. With the Pixel however, there are a lot of img files (aboot.img, apdp.img, etc) and I'm not sure if I should try flashing these or not. I've read a couple less than reliable guides out there that basically said to just flash the same .img files as the Nexus 6P used, but I feel that those other ones are probably their for a reason and might need to be flashed too.
Also, should I flash both _a and _b partitions when updating, or just whichever is active? Seems that there is an _a and _b for almost every single partition on it.
lightmastertech said:
I've got an unlocked Verizon Pixel running the non Verizon stock ROM (I know the bootloader won't relock itself with the non-Verizon ROM, right?). what if you are using a computer that can't use the ./flash-all.sh script? My only 2 computers are a Chromebook (1GB RAM) and a Raspberry Pi 3 (again, 1GB RAM). The flash-all script always gives an error saying it can't allocate enough memory, and with my old Nexus 6P, before I started using Custom ROMs, I'd just extract the image zip and manually flash the .img files inside it. With the Pixel however, there are a lot of img files (aboot.img, apdp.img, etc) and I'm not sure if I should try flashing these or not. I've read a couple less than reliable guides out there that basically said to just flash the same .img files as the Nexus 6P used, but I feel that those other ones are probably their for a reason and might need to be flashed too.
Also, should I flash both _a and _b partitions when updating, or just whichever is active? Seems that there is an _a and _b for almost every single partition on it.
Click to expand...
Click to collapse
I have a ChromeBook but I've never used it to fastboot my phones. Sorry but I'll refrain from giving instructions on something with which I'm not familiar. I can say that the bootloader won't relock by itself. And the boot.img image should be all you need. Those points are universal. Also, you can just flash the 7.1.1 OTA, which is only 260mb.
quangtran1 said:
I have a ChromeBook but I've never used it to fastboot my phones. Sorry but I'll refrain from giving instructions on something with which I'm not familiar. I can say that the bootloader won't relock by itself. And the boot.img image should be all you need. Those points are universal. Also, you can just flash the 7.1.1 OTA, which is only 260mb.
Click to expand...
Click to collapse
If it rooted, and has modified system, doesn't the OTA update method fail?
And I actually use the Raspberry Pi for fastboot. Easier than trying to get my Chromebook's chroot to talk to talk to my phone's bootloader.
Hi
Whats about Flashfire? Can i download the Factory Image, deselect Boot and Recovery in Flashfire and flash it?
After this, can i flash the the SuperSU.zip with TWRP?
spook2022 said:
<snip>
Many thanks in advance for any assistance. If a thread with the requested info already exists, please feel free to just post a link to it.
Click to expand...
Click to collapse
Have you any idea how many threads there are regarding this? How many duplicate posts and the same question about 2 dozen times all in separate threads? And now we have another? Even if you can't search XDA for some unknown reason, here you go.
https://www.google.com/search?q=root+on+unlocked+pixel+7.1.1&ie=utf-8&oe=utf-8
Search terms from your OP ... root. on unlocked pixel 7.1.1
Can we please put an end to this question already?
bobby janow said:
Have you any idea how many threads there are regarding this? How many duplicate posts and the same question about 2 dozen times all in separate threads? And now we have another? Even if you can't search XDA for some unknown reason, here you go.
Search terms from your OP ... root. on unlocked pixel 7.1.1
Can we please put an end to this question already?
Click to expand...
Click to collapse
I went back and read my post again just to make sure I wasn't crazy, and sure enough I couldn't find where I asked how to root 7.1.1...
I did however ask "Can someone please provide step-by-step instructions on how to update to 7.1.1 without losing root or the unlocked bootloader?" So, posting a Google search on how to root 7.1.1 isn't exactly the help I was after. Regardless of your disgruntled, condescending reply to the whole matter, I did manage to achieve the end result I was originally after.
spook2022 said:
I went back and read my post again just to make sure I wasn't crazy, and sure enough I couldn't find where I asked how to root 7.1.1...
I did however ask "Can someone please provide step-by-step instructions on how to update to 7.1.1 without losing root or the unlocked bootloader?" So, posting a Google search on how to root 7.1.1 isn't exactly the help I was after. Regardless of your disgruntled, condescending reply to the whole matter, I did manage to achieve the end result I was originally after.
Click to expand...
Click to collapse
As far as I know you can not update without losing root.. You can however update without losing data and reroot just like you did the first time.
@spook2022 It's just so frustrating to see the same question over and over. It wasn't that condescending, but yes, it was disgruntled. I just like to search for these things myself because I learn a lot along the way. Might take me an hour or so for the answer but then I learned an hours worth of stuff. I do agree though that there should be a sticky like the Heisenberg thread in the n5x forum that gives step by step for everything. One thing I will say that perhaps a few people don't know is that the Pixel and the XL are basically the same regarding root, unlocking and updating. So if you don't find the answers here you might want to head over to that forum. There seems to be a dearth of information here.
Someone suggested that the forums be combined with separate sections for things specific to each device like battery life and display as well as Verizon vs Google brand differences. I originally thought not but I'm changing my mind. Nonetheless, take the frustration from whence it came. I'm sorry I insulted you, that was not my intention. If you found a link to your solution perhaps you can post it for others. There is bound to be a similar question within a day. (oh oh there I go again..)
edit: This is what I was talking about regarding the Pixel vs the XL forums. Anything by Chainfire regarding root is a must read if you are rooted and even if you are not as I am. http://forum.xda-developers.com/pixel-xl/development/root-supersu-t3490156
Download the 7.1.1 NMF260 image from Google.
Extract the zip file into the adb folder on the PC.
Edit the flash-all.bat file to remove the -w switch so user data won't be deleted. You'll find this -w switch easily enough.
Put your Pixel into fastboot mode, using either power+volume down or via adb command.
Plug phone to PC if not already done so. Execute the flash-all batch file.
When that's done, you have 7.1.1 on your phone, along with new radio and new kernel. (actually, I'm not sure if Google even put out a new kernel.)
Then you can go back to re-root with whatever method you used previously.
Konfuzion said:
Download the 7.1.1 NMF260 image from Google.
<snip>
Click to expand...
Click to collapse
Why not the OTA coming from 7.1? Stock recovery according to the OP. Why go thru all the hassle unless you want a dirty flash? I know you say reroot after the install. I haven't been rooted in a few months now but I always used to unroot first for some reason before flashing a new image whether it be full image as you describe or an OTA. I'm sure it's not needed at this point, I was always leery of a bootloop. But with an unlocked bl it probably wouldn't matter since you could always recover if needed.
Konfuzion said:
Download the 7.1.1 NMF260 image from Google.
Extract the zip file into the adb folder on the PC.
Edit the flash-all.bat file to remove the -w switch so user data won't be deleted. You'll find this -w switch easily enough.
Put your Pixel into fastboot mode, using either power+volume down or via adb command.
Plug phone to PC if not already done so. Execute the flash-all batch file.
When that's done, you have 7.1.1 on your phone, along with new radio and new kernel. (actually, I'm not sure if Google even put out a new kernel.)
Then you can go back to re-root with whatever method you used previously.
Click to expand...
Click to collapse
Thank you so much.
bobby janow said:
...I was always leery of a bootloop. But with an unlocked bl it probably wouldn't matter since you could always recover if needed.
Click to expand...
Click to collapse
That right there is why I always unlock my bootloader's and hack Verizon's phones to have unlocked bootloaders. Always great to have the assurance that you can easily fix it if something ever breaks.
Sorry if that's a little off topic.
bobby janow said:
Why not the OTA coming from 7.1? Stock recovery according to the OP. Why go thru all the hassle unless you want a dirty flash? I know you say reroot after the install. I haven't been rooted in a few months now but I always used to unroot first for some reason before flashing a new image whether it be full image as you describe or an OTA. I'm sure it's not needed at this point, I was always leery of a bootloop. But with an unlocked bl it probably wouldn't matter since you could always recover if needed.
Click to expand...
Click to collapse
He's on 7.1.0...63V..he can't apply the latest ota to 63V..he would have to apply each ota in order of their release.
kyle4269 said:
He's on 7.1.0...63V..he can't apply the latest ota to 63V..he would have to apply each ota in order of their release.
Click to expand...
Click to collapse
I don't believe that to be correct. I think the 7.1.1 is cumulative. I'll double check though and edit later.
edit: You can go directly to the latest without incremental OTA flashes. Just sideload the OTA from recovery. Easy, peasy.
---------- Post added at 03:50 PM ---------- Previous post was at 03:22 PM ----------
lightmastertech said:
That right there is why I always unlock my bootloader's and hack Verizon's phones to have unlocked bootloaders. Always great to have the assurance that you can easily fix it if something ever breaks.
Sorry if that's a little off topic.
Click to expand...
Click to collapse
I always, always unlocked first thing I did. I even unlocked the unlockable S4 before the VZW firmware update. But lately I've been running locked. I have a banking app that will not run without passing SafetyNet. I know there are a couple of kernels that will bypass that check but I believe they will close that too eventually. The only thing I miss at this point is what you describe above. But the Pixel even from vzw, which I now have with the O update and therefore totally locked for now, is not full of bloat and runs rather well. So although I do root around these threads (no pun intended) it's merely for entertainment now and general knowledge.
bobby janow said:
I don't believe that to be correct. I think the 7.1.1 is cumulative. I'll double check though and edit later.
edit: You can go directly to the latest without incremental OTA flashes. Just sideload the OTA from recovery. Easy, peasy.
.
Click to expand...
Click to collapse
That makes it so much easier then.. Download the latest ota zip from https://developers.google.com/android/ota then you need to flash the 63V boot. Reboot to recovery. Follow the directions on the Google ota site to sideload the ota. Reboot back to Bootloader and flash the twrp boot image to boot.. Reboot to recovery. Install the supersu zip and reboot.. All rooted and to the latest build.
bobby janow said:
I always, always unlocked first thing I did. I even unlocked the unlockable S4 before the VZW firmware update. But lately I've been running locked. I have a banking app that will not run without passing SafetyNet. I know there are a couple of kernels that will bypass that check but I believe they will close that too eventually. The only thing I miss at this point is what you describe above. But the Pixel even from vzw, which I now have with the O update and therefore totally locked for now, is not full of bloat and runs rather well. So although I do root around these threads (no pun intended) it's merely for entertainment now and general knowledge.
Click to expand...
Click to collapse
Luckily I'm with USAA and they are too slow with adopting new technology, just got chip debit cards 2 months ago, and they'd till don't have Android Pay, lol. If they did start using SafetyNet, I'd use the kernel patch in a heartbeat. It'll be a long time before Google fixes that since there's still a lot of devices that can't use verified boot, and Google doesn't want to become the new Apple, abandoning old device just to suit them.
Wife got the Verizon version of the Pixel as an early Xmas present from my parents, and I wouldn't let the Verizon sales person activate it for fear of getting 7.1.1 before I could unlock bootloader. Wouldn't let wife turn it on for a couple hours till I had the bootloader unlocked and had flashed Google's version of Android to keep Verizon from screwing with it. Viper4Android and all the awesome rooted featured are too good to give up. She'll be really happy when Xposed or custom ROMs start coming out for it cuz even the little features are great, like holding power button with screen off to turn on flashlight. (She's been stuck with locked phones for a while while I've had my Nexus 6P and is glad to finally get a rootable phone).
kyle4269 said:
That makes it so much easier then.. Download the latest ota zip from https://developers.google.com/android/ota then you need to flash the 63V boot. Reboot to recovery. Follow the directions on the Google ota site to sideload the ota. Reboot back to Bootloader and flash the twrp boot image to boot.. Reboot to recovery. Install the supersu zip and reboot.. All rooted and to the latest build.
Click to expand...
Click to collapse
Yep, that's about it. Personally I'd reboot right after the OTA flash then go back to bl and do the root process. Probably not needed though.
Sent from my Pixel using XDA-Developers mobile app
kyle4269 said:
That makes it so much easier then.. Download the latest ota zip from https://developers.google.com/android/ota then you need to flash the 63V boot. Reboot to recovery. Follow the directions on the Google ota site to sideload the ota. Reboot back to Bootloader and flash the twrp boot image to boot.. Reboot to recovery. Install the supersu zip and reboot.. All rooted and to the latest build.
Click to expand...
Click to collapse
How is that better or different than flashing the full image by using fastboot to flash bootloader and radio (if updated), then using
Code:
fastboot update <image>.zip
and leave off the -w to keep it from wiping.
Also, correct me if I'm wrong, but doesn't OTA updates fail if you've modified the system partition, like installing Viper4Android or other mods? I know that flashing the whole system image works no matter what which is why I use that method.

[ROOT][TUTORIAL] How to root your SM-T337A with SuperSU (Temporary root)

I've made this thread to teach T337A owners how to root their device with SuperSU. Please note that this is a system-less root, meaning it's temporary, but can be re-applied. Rooting only takes about 5-7 minutes and brings numerous tweaks and advantages to your device. Just remember that every time you reboot or shut the device down, you will need to repeat the rooting process. This tutorial was designed for Lollipop 5.1.1, but it should work on KitKat as well.
Before beginning, you will need to download the following file, unzip it on your pc, then transfer it to your device's internal storage/external sd card.
T337AUCU2BOH4 (Lollipop) firmware can be found here
Root Files can be found here
Lets start!
1) Install both the APK files in the file on your device, If prompted, allow installation from unknown sources.
2) Make sure your device is connected to WiFi, then open Kingroot.
3) Once Kingroot is "Done searching for the best root strategy", click the "Try Now" button and wait about 3 minutes for KingRoot to give you a "Root Successfully" message.
4) This is where it gets kinda tricky, immediately after receiving the root success message, go into SuperSU-me, and grant root permissions when prompted.
5) Click on the big blue button in the middle of the frame and wait about 1 minute for the process to complete. DO NOT UPDATE THE SUPERSU BINARY, IT WILL CAUSE YOUR DEVICE TO BOOTLOOP.
6) IMMEDIATELY after the process has completed, go into Settings and make sure KingRoot or Purify is not installed! This is an important step because Kingroot and Kingroot adware tends to install itself in the system partition which can cause problems and frustration.
7 - Recommended) Download a root file explorer (such as ES File Explorer) and search "King" under /data and /system to ensure that the KingRoot app and its bloatware has been wiped from the system. This is to ensure that Kingroot still works properly after a reboot.
8) Enjoy root access!
If this tutorial helped you please be sure to hit the :good: button. If you had any issues or troubles during this process please feel free to let me know down below.
Cheers!
@KingOfTheNet
will flashfire work? bc it wont with kingroot
also, could itit.d be enabled and run these off of a script for example on startup so we don't have to do this after each reboot/shutdown
but i believe you would have to capture kingroots data somehow in the process of rooting
toolhas4degrees said:
@KingOfTheNet
will flashfire work? bc it wont with kingroot
also, could itit.d be enabled and run these off of a script for example on startup so we don't have to do this after each reboot/shutdown
but i believe you would have to capture kingroots data somehow in the process of rooting
Click to expand...
Click to collapse
FlashFire does work on SuperSU, I've tested that for myself. It does not work with KingRoot.
For the second question, I'm not sure. I haven't looked through that file myself and I might look through it later but right now, I would just avoid rebooting the tablet if you wanna keep root without repeating the process over and over again. It's what I do, repeating the process over and over again can get very tedious and annoying.
Cheers!
I assume you're talking about 5.1.1? It won't work with kingroot versions higher than 4.8. Also, flashfire will load, but if you try to flash a zip you're screwed. You can actually use replace kingroot with supersu zip in terminal emulator on any version kingroot. Same deal with su binary, don't update it. Wish I could figure out how I had permanent for with kingroot. I had to go messing with things and lost it. Nothing really special about this method, unless there's a dev out there that can do something with it.
xjimmy said:
I assume you're talking about 5.1.1? It won't work with kingroot versions higher than 4.8. Also, flashfire will load, but if you try to flash a zip you're screwed. You can actually use replace kingroot with supersu zip in terminal emulator on any version kingroot. Same deal with su binary, don't update it. Wish I could figure out how I had permanent for with kingroot. I had to go messing with things and lost it. Nothing really special about this method, unless there's a dev out there that can do something with it.
Click to expand...
Click to collapse
Sorry for the late response. Yes, somethings I forgot to mention in the original post:
1)Updating the SU Binary will put your device in a bootloop
2)Flashing anything with flashfire (based on what I've seen) results in a soft brick
3) I know you can replace kingroot with SuperSU in terminal, but when you reboot, you're unrooted again.
4) I'm trying to figure out how I could altar the boot.img so we can get permanent SuperSU on this thing the same way Chainfire did it with the US and Qualcomm Samsung Galaxy S7's.
Cheers!
Hi, @KingOfTheNet, thanks for helping out with this device, i rooted my device on KK nk2 build and now updated to 5.1.1, thanks to you! now i would like to root 5.1.1 (am aware it is a temp. root)
i have superSu Pro, do i need Super Sume for this to work?
KingOfTheNet said:
Sorry for the late response. Yes, somethings I forgot to mention in the original post:
1)Updating the SU Binary will put your device in a bootloop
2)Flashing anything with flashfire (based on what I've seen) results in a soft brick
3) I know you can replace kingroot with SuperSU in terminal, but when you reboot, you're unrooted again.
4) I'm trying to figure out how I could altar the boot.img so we can get permanent SuperSU on this thing the same way Chainfire did it with the US and Qualcomm Samsung Galaxy S7's.
Cheers!
Click to expand...
Click to collapse
Somehow I had it permanently rooted with kingroot a while back. I had the 4.9.6 apk on my tab at the time, is all I know. I could've updated from an earlier version, and maybe that was the cause. I've tried so many different versions of kingroot with no luck, but one peculiar occurrence; if I open kingroot, get into the settings and uninstall kingroot without saving a backup of root, then delete all the files in the tablet's main directory, and reinstall kingroot version 4.8.0, it somehow retains a partial permanent root. At least on my T337A running 5.1.1 BOH4 it will, as long as I get a fresh install of 4.8.0, let it root, then hit the optimize button right after. Then wait until it finally tells me that kingroot has been deployed as a system app. After that, when I try to open any root apps, the screen will darken as it does when the root permission tab pops up, but it never pops up. The app just freezes. I can kill it in the task manager screen to just go back to using my tablet. After I restart the tab, sometimes it'll tell me an app has been granted superuser permissions. If I open up terminal emulator, type in the 'su' command and hit enter, the screen will turn dark again like it's going to ask me to allow or deny superuser permission, but it just freezes like that again. I've tried all kinds of stuff with 4.8.0, but I still can't get it to stick. If you don't hit the optimize button in kingroot right after rooting, and just wait for kingroot to install as a system app, the allow/deny prompt comes up without freezing, but the partial permanent root glitch doesn't remain. ugh, tired of messing with it though. lol
Edit: I may be wrong. It might need to be rooted with 4.8.0, optimized, then rebooted right away for the partial root. I'll try to do it again and let you know what I find.
bklyndiaz said:
Hi, @KingOfTheNet, thanks for helping out with this device, i rooted my device on KK nk2 build and now updated to 5.1.1, thanks to you! now i would like to root 5.1.1 (am aware it is a temp. root)
i have superSu Pro, do i need Super Sume for this to work?
Click to expand...
Click to collapse
I'm happy to help out! You'd need king root installed, root the tab with king root, then use SuperSU me to replace the kingroot binaries with the SuperSU ones. It is an automatic process and should only take about 30 seconds or less. Pro version of SUPERSUme is not required, free version should work just fine.
Cheers!
xjimmy said:
Somehow I had it permanently rooted with kingroot a while back. I had the 4.9.6 apk on my tab at the time, is all I know. I could've updated from an earlier version, and maybe that was the cause. I've tried so many different versions of kingroot with no luck, but one peculiar occurrence; if I open kingroot, get into the settings and uninstall kingroot without saving a backup of root, then delete all the files in the tablet's main directory, and reinstall kingroot version 4.8.0, it somehow retains a partial permanent root. At least on my T337A running 5.1.1 BOH4 it will, as long as I get a fresh install of 4.8.0, let it root, then hit the optimize button right after. Then wait until it finally tells me that kingroot has been deployed as a system app. After that, when I try to open any root apps, the screen will darken as it does when the root permission tab pops up, but it never pops up. The app just freezes. I can kill it in the task manager screen to just go back to using my tablet. After I restart the tab, sometimes it'll tell me an app has been granted superuser permissions. If I open up terminal emulator, type in the 'su' command and hit enter, the screen will turn dark again like it's going to ask me to allow or deny superuser permission, but it just freezes like that again. I've tried all kinds of stuff with 4.8.0, but I still can't get it to stick. If you don't hit the optimize button in kingroot right after rooting, and just wait for kingroot to install as a system app, the allow/deny prompt comes up without freezing, but the partial permanent root glitch doesn't remain. ugh, tired of messing with it though. lol
Edit: I may be wrong. It might need to be rooted with 4.8.0, optimized, then rebooted right away for the partial root. I'll try to do it again and let you know what I find.
Click to expand...
Click to collapse
Kingroot does allow your device to retain permanent root after a certain time. However, Kingroot is not as powerful as SuperSU, is very limited in terms of what It can do, and has it's own 'bloatware' titled Purify. I'd honestly stick with SuperSU because it's (probably) the most powerful and efficient way to root your phone. I'd also suggest avoiding having to reboot the tablet at all with temp root because you would have to take 5 minutes to install it again, which was a pain in the butt for me.
As for the kingroot app freezing, that's usually the result of a bad download or a bad root. Plus kingroot is very limited in terms of what you can do on your kingrooted device. SUPERSU is the equivalent of an IOS jailbreak. SUPERSU gives you full control of your device, with no bloatware and limits, unlike kingroot.
Kingroot does sometimes delete the su binaries upon rebooting, which is another reason I don't like it all that much.
Another theory I thought of is that it's not Kingroot that's deleting the binaries, it's actually something that's set to happen when the device boots up. Either the actual Android os or the bootloader searches for and deletes the su binaries to prevent root.
I don't know for sure, I've kinda slowed down work on this device mainly because of a project I've been working on with the Samsung Galaxy S7 AT&T (SM-G930A). I'll look into these things when I get the chance.
Cheers!
I understand the limitations of Kingroot, and certainly supersu by all means is better. In the case of flashfire with supersu in this scenario, it's merely the difference of being able to open and run it just enough to work improperly and brick your device vs. Kingroot not being able to open it at all. I posted in a thread long before this one, how to replace kingroot with supersu, only I use the zip file in terminal emulator. Pretty sure I went over flashfire as well. The terminal emulator method works with new versions of kingroot, unlike supersu me. Are you suggesting that the T337A running 5.1.1 BOH4 can achieve permanent root via kingroot after "a certain amount of time"? Because I'm the only one I've seen on xda who's ever posted that they had permanent root from kingroot, but I didn't know how I did it. After I messed with things, i softbricked and had to flash back to stock, which, no offense, the stock file was available way before you posted it. Anyway, it's not the kingroot app freezing per se, i was talking about after rebooting, and without re-rooting, when trying to use rooted apps, they actually start to engage in the kingroot request superuser permissions pop-up. So, no, it's not a bad download, etc. I believe an older version of kingroot somehow permanently rooted my tab, perhaps with the help of something I was messing with at the time, perhaps not. I've intentionally rebooted my tab an unimaginable amount of times, testing to see if I possibly regained permanent root to no avail, so I know how that works. And it's not about having a hard time deciding on kingroot or supersu for a temproot, it's the interest in permanent root, the possibility off something like safestrap, and/or flashing custom roms, etc. When people say temproot is better or safer, i say boo. How many custom roms include a root toggle in the settings? Anyway I wish I could've gotten hold of a developer while I had permanent root. Maybe I could've done a system dump, or even try replacing the permanent kingroot with supers and drying out that could've stuck. You say you slowed down on this device, do you mean you were pursuing permanent root for it? Are you a developer? I have the AT&T S7 Edge (G935A). What's your project on the 930? Is it something for rooted S7's? I still have my edge running the engboot with the echoRom. Anyway, thanks for your reply.
---------- Post added at 01:01 AM ---------- Previous post was at 12:51 AM ----------
https://forum.xda-developers.com/tab-4/help/t337a-temp-root-bootlp-fix-tar-official-t3473737
*https://forum.xda-developers.com/tab-4/general/permanent-root-t337a-5-1-1-kingroot-t3518334
A couple of threads I started a long time ago that may be of interest to you.
xjimmy said:
I understand the limitations of Kingroot, and certainly supersu by all means is better. In the case of flashfire with supersu in this scenario, it's merely the difference of being able to open and run it just enough to work improperly and brick your device vs. Kingroot not being able to open it at all. I posted in a thread long before this one, how to replace kingroot with supersu, only I use the zip file in terminal emulator. Pretty sure I went over flashfire as well. The terminal emulator method works with new versions of kingroot, unlike supersu me. Are you suggesting that the T337A running 5.1.1 BOH4 can achieve permanent root via kingroot after "a certain amount of time"? Because I'm the only one I've seen on xda who's ever posted that they had permanent root from kingroot, but I didn't know how I did it. After I messed with things, i softbricked and had to flash back to stock, which, no offense, the stock file was available way before you posted it. Anyway, it's not the kingroot app freezing per se, i was talking about after rebooting, and without re-rooting, when trying to use rooted apps, they actually start to engage in the kingroot request superuser permissions pop-up. So, no, it's not a bad download, etc. I believe an older version of kingroot somehow permanently rooted my tab, perhaps with the help of something I was messing with at the time, perhaps not. I've intentionally rebooted my tab an unimaginable amount of times, testing to see if I possibly regained permanent root to no avail, so I know how that works. And it's not about having a hard time deciding on kingroot or supersu for a temproot, it's the interest in permanent root, the possibility off something like safestrap, and/or flashing custom roms, etc. When people say temproot is better or safer, i say boo. How many custom roms include a root toggle in the settings? Anyway I wish I could've gotten hold of a developer while I had permanent root. Maybe I could've done a system dump, or even try replacing the permanent kingroot with supers and drying out that could've stuck. You say you slowed down on this device, do you mean you were pursuing permanent root for it? Are you a developer? I have the AT&T S7 Edge (G935A). What's your project on the 930? Is it something for rooted S7's? I still have my edge running the engboot with the echoRom. Anyway, thanks for your reply.
---------- Post added at 01:01 AM ---------- Previous post was at 12:51 AM ----------
https://forum.xda-developers.com/tab-4/help/t337a-temp-root-bootlp-fix-tar-official-t3473737
*https://forum.xda-developers.com/tab-4/general/permanent-root-t337a-5-1-1-kingroot-t3518334
A couple of threads I started a long time ago that may be of interest to you.
Click to expand...
Click to collapse
No offence taken on the firmware post, I was simply trying to spread the fact that the firmware for the device does exist but is very hard to find and is often posted on shady websites for money, unless you're looking in the right places. It only took me 5 minutes on Google to find one of those sites.
You asked if I was saying that the Tab 4 BOH4 firmware allows you to retain permanent root after some time, and yes, that's exactly what I was saying. I rooted my tablet with Kingroot 4.8.0 a while back and after about 4 - 5 reboots (I counted how many times I rebooted it, but the numbers could vary), It retained root. All I do today is avoid rebooting the tablet at all costs. I prefer SuperSU because, like we've said, there are almost no limitations of what you can do in terms of being rooted. I'm trying to find out how I can make root permanent on the tab with SuperSU by using the eng-boot method used to root all Qualcomm variants of the Galaxy S7, but that may take a while. Since my S7 has the eng-boot root method, I can reboot it all I want and it stays rooted with SuperSU. But at this point, It's just an Idea. I mainly need to find out whether or not the bootloader or the os is wiping the binaries on boot. Some older and newer versions of kingroot can retain root after reboot, but I have yet to find a version of the app that can do so.
Actually, some versions of Cyanogenmod and other custom roms had root pre-installed (not like SuperSU, but close enough), and like CM specifically, there was a section in the settings app for this pre-baked root. Even if I still used CM today, I still would've flashed SuperSU. But on a small number of devices, temp root really is better. However, most of those devices that would be on that list have very little to no development on them. Thus, they are not yet (and may never be) supported for permanent root.
I am partially on the road to becoming a developer, but I don't know how far that's gonna go (my prediction is not that far at all). I was doing research on how I could make an eng-boot for the Tab 4, but I became interested in my Galaxy S7 (AT&T). By that, I mean I wanted to make my own custom version of the stock Marshmallow rom ("Custom but stock OS"). To shorten it up, I wanted to create a .zip flashable "super package" which included SuperSU v2.79, Viper4Android, Overclock tools, and other stuff. I've kinda been on and off in terms of motivation to make this idea a reality, primarily because most of the things I wanted to include in this "package", can easily be installed by you in like 3 minutes, or maybe less. The original motive behind the idea was to lessen the work for power users who wanted to free their device "from the shackles". I've been on and off on work between both devices, but It's hard for me to continue the work without proper motivation. These projects are merely just an Idea at this point, but some drafts and copies do exist on my computer.
Creating a custom Android rom straight from my own head is basically an impossible task for me, considering most of the devices I work with have locked bootloaders. I am still learning Java and other Android programming languages in some of my free time but, again, the motivation to continue is something I struggle to find.
Cheers!
Upgrading OS and rooting
I am currently running my t337a on 4.4.2 with build NK2. I was able to root with towel root awhile ago. I want to upgrade my os to 5.1.1 and root after but would like to make sure I go about it the right way.
Any help would be greatly appreciated. Thanks in advance!
loc626 said:
I am currently running my t337a on 4.4.2 with build NK2. I was able to root with towel root awhile ago. I want to upgrade my os to 5.1.1 and root after but would like to make sure I go about it the right way.
Any help would be greatly appreciated. Thanks in advance!
Click to expand...
Click to collapse
You can root on the latest Lollipop firmware, but it's systemless supersu/temporary, meaning it will go away if you shutdown or reboot the device (you can re-root it, of course, but It can be annoying). The option to upgrade is up to you, and once you do upgrade, you can't downgrade (Locked bootloader & different bootloader versions. Lollipop has the new bootloader.) If you are going to upgrade, you can flash the Lollipop firmware via Odin or upgrade via OTA. If upgrading, I recommend taking it over the air, mainly because I'm still working up Odin packages for them. The Odin packages that I do have available are the BOH4 (the previous and the initial Lollipop update) ones, so if you upgrade OTA, it'll take away one step in the upgrade process, making your life a tad bit easier. Reply back if you need further help or have any more questions.
Cheers!
KingOfTheNet said:
You can root on the latest Lollipop firmware, but it's systemless supersu/temporary, meaning it will go away if you shutdown or reboot the device (you can re-root it, of course, but It can be annoying). The option to upgrade is up to you, and once you do upgrade, you can't downgrade (Locked bootloader & different bootloader versions. Lollipop has the new bootloader.) If you are going to upgrade, you can flash the Lollipop firmware via Odin or upgrade via OTA. If upgrading, I recommend taking it over the air, mainly because I'm still working up Odin packages for them. The Odin packages that I do have available are the BOH4 (the previous and the initial Lollipop update) ones, so if you upgrade OTA, it'll take away one step in the upgrade process, making your life a tad bit easier. Reply back if you need further help or have any more questions.
Cheers!
Click to expand...
Click to collapse
I'm highly considering an upgrade for the feel and hopefully a better performance. Also, a few apps I have need updates but only compatible on Android 5 and up. I have the OTA ready to go. Would I need to unroot before upgrading the OS?
loc626 said:
I'm highly considering an upgrade for the feel and hopefully a better performance. Also, a few apps I have need updates but only compatible on Android 5 and up. I have the OTA ready to go. Would I need to unroot before upgrading the OS?
Click to expand...
Click to collapse
It would be best to unroot before installing to avoid any issues during the installation. Other then that, you're in the clear! Just remember, you cannot downgrade after the install!
Cheers!
KingOfTheNet said:
4) I'm trying to figure out how I could altar the boot.img so we can get permanent SuperSU on this thing the same way Chainfire did it with the US and Qualcomm Samsung Galaxy S7's.
Click to expand...
Click to collapse
I have always been under the assumption that the boot.img for the locked BL on the s7 was literally an engineering kernel from Samsung, and not something Chainfire created. The reason Im saying this is because if Chainfire created a boot image that can get around a locked bootloader, then logic should state that he cracked Sprint/ATT's signature for the BL. So my way of thinking is the success of even one locked boot loader ... it should apply across the board for all, correct? Or am I waaaaay off? lol
leeboski44 said:
I have always been under the assumption that the boot.img for the locked BL on the s7 was literally an engineering kernel from Samsung, and not something Chainfire created. The reason Im saying this is because if Chainfire created a boot image that can get around a locked bootloader, then logic should state that he cracked Sprint/ATT's signature for the BL. So my way of thinking is the success of even one locked boot loader ... it should apply across the board for all, correct? Or am I waaaaay off? lol
Click to expand...
Click to collapse
(1st question) Actually yeah, lol. It was an engineering kernel, he didn't make it . I'm assuming that was used during the development of the phone so Samsung and AT&T could construct the OS without running into any issues with the phones locked bootloader. At the time, I thought that Chainfire thought of some "mad science" to altar the boot.img so that it wont check the signatures of any of the files on boot.
Now I'm thinking:
1) He found a way to obtain all the phones signatures so that way he knows what signature the desired files (like a build of TWRP, or instance) would have to have so it can flash and boot properly.
--OR--
2) He somehow obtained or reproduced the engineering kernel that, like I said, was most likely used during software development for the phone (constructing the OS and the rest of the software).
I've done a little research on what engineering kernels actually do and why they are so useful now (to most people, the name is enough, lol). Apparently, they completely skip some of the signature checks on boot, primarily for /SYSTEM (The OS), which is why we were able to achieve permanent root the Qualcomm Galaxy S7 & S7 edge models. I do not think they skip signature checks for /RECOVERY or /BOOT, but we know that if we either reproduce or obtain the engineering kernel for this tablet, we can achieve permanent root the exact same way. I could be wrong, as I do not know for certain the Ins and outs of engineering kernels and how to get them, but It is very possible.
(2nd question) Now, I do not have much knowledge of bootloaders and signature checks, but I would go to the best assumption that since Sprint & AT&T, for example, are 2 completely different companies and are not affiliated (as of writing this), their bootloaders and updates would not have the same signatures. If they did, then Sprint would have to go to AT&T to sign their updates and such, and AT&T would have to do the same thing for Sprint. It just wouldn't really make sense. Lets think of it this way, If Target wants to sell a product in their stores that's already sold at Walmart, then should Target have to go to Walmart to get that approved? Or if Walmart wanted to sell something that's already sold at Target, then should Walmart have to go to Target for approval? Absolutely not, that wouldn't make any sense. Once again, I could be wrong, but it would make the most sense.
Please, anyone, correct me if I'm wrong.
Cheers!
KingOfTheNet said:
(1st question) Actually yeah, lol. It was an engineering kernel, he didn't make it . I'm assuming that was used during the development of the phone so Samsung and AT&T could construct the OS without running into any issues with the phones locked bootloader. At the time, I thought that Chainfire thought of some "mad science" to altar the boot.img so that it wont check the signatures of any of the files on boot.
Now I'm thinking:
1) He found a way to obtain all the phones signatures so that way he knows what signature the desired files (like a build of TWRP, or instance) would have to have so it can flash and boot properly.
--OR--
2) He somehow obtained or reproduced the engineering kernel that, like I said, was most likely used during software development for the phone (constructing the OS and the rest of the software).
I've done a little research on what engineering kernels actually do and why they are so useful now (to most people, the name is enough, lol). Apparently, they completely skip some of the signature checks on boot, primarily for /SYSTEM (The OS), which is why we were able to achieve permanent root the Qualcomm Galaxy S7 & S7 edge models. I do not think they skip signature checks for /RECOVERY or /BOOT, but we know that if we either reproduce or obtain the engineering kernel for this tablet, we can achieve permanent root the exact same way. I could be wrong, as I do not know for certain the Ins and outs of engineering kernels and how to get them, but It is very possible.
(2nd question) Now, I do not have much knowledge of bootloaders and signature checks, but I would go to the best assumption that since Sprint & AT&T, for example, are 2 completely different companies and are not affiliated (as of writing this), their bootloaders and updates would not have the same signatures. If they did, then Sprint would have to go to AT&T to sign their updates and such, and AT&T would have to do the same thing for Sprint. It just wouldn't really make sense. Lets think of it this way, If Target wants to sell a product in their stores that's already sold at Walmart, then should Target have to go to Walmart to get that approved? Or if Walmart wanted to sell something that's already sold at Target, then should Walmart have to go to Target for approval? Absolutely not, that wouldn't make any sense. Once again, I could be wrong, but it would make the most sense.
Please, anyone, correct me if I'm wrong.
Cheers!
Click to expand...
Click to collapse
No that makes perfect sense and thanks for clearing it up.
The whole thing about the signature being the means by which the bootloader is locked is important. Atleast to me it is, so thank you for clearing that up. :good: And so, it makes sense that the System partitions Signature check being skipped IS what allows access to root. But where my opinion differs on this is the Boot and Recovery implementation of the Signatures. I believe that it IS the carriers implementation that does not allow the Recovery and Boot partitions to be modified. If it were Samsungs then how is Samsung going to incorporate a Universal bootloader that knows how to load all carriers data, policy, etc?
And possibly this is what you were saying above and I am misreading it...
***EDIT*** I see you said that the signatures would NOT be the same between carriers, so I am in line with your theory there as well.
leeboski44 said:
No that makes perfect sense and thanks for clearing it up.
The whole thing about the signature being the means by which the bootloader is locked is important. Atleast to me it is, so thank you for clearing that up. :good: And so, it makes sense that the System partitions Signature check being skipped IS what allows access to root. But where my opinion differs on this is the Boot and Recovery implementation of the Signatures. I believe that it IS the carriers implementation that does not allow the Recovery and Boot partitions to be modified. If it were Samsungs then how is Samsung going to incorporate a Universal bootloader that knows how to load all carriers data, policy, etc?
And possibly this is what you were saying above and I am misreading it...
***EDIT*** I see you said that the signatures would NOT be the same between carriers, so I am in line with your theory there as well.
Click to expand...
Click to collapse
I'm glad I could be of help, however I don't see where I stated that the signature implementations on the BOOT and RECOVERY partitions was Samsung's idea not the carriers, if you could point that out for me that would be great.:good:
The engineering kernels skip SOME signature checks, both when flashing and booting into partitions, but I do not know exactly which ones they skip. We know it skips some of the signatures for /SYSTEM, but it does not do the same for the 2 other main ones, those being /BOOT & /RECOVERY. We know because "one of our own" attempted to flash their own build of TWRP recovery to the device (SM-G930A to be specific) only to get a signature check fail when booting the phone, which of course means that the phone has a locked bootloader and that the signatures for the /RECOVERY partition are still checked, but I do not know for certain about /BOOT. If I had to assume I'd say that /BOOT isn't checked, given the fact that if your phone is rooted then you would have had to flash the engineering kernel, which, like I said, skips some signature checks.
I hope I've cleared most things up for you.
Cheers!
KingOfTheNet said:
I've made this thread to teach T337A owners how to root their device with SuperSU. Please note that this is a system-less root, meaning it's temporary, but can be re-applied. Rooting only takes about 5-7 minutes and brings numerous tweaks and advantages to your device. Just remember that every time you reboot or shut the device down, you will need to repeat the rooting process. This tutorial was designed for Lollipop 5.1.1, but it should work on KitKat as well.
Before beginning, you will need to download the following file, unzip it on your pc, then transfer it to your device's internal storage/external sd card.
Root File: https://mega.nz/#!74Jl0ZqY!knlHuexbYGFkk1f4wHxq16u3L38EtfR9scQ0H7hISTA
Lets start!
1) Install both the APK files in the file on your device, If prompted, allow installation from unknown sources.
2) Make sure your device is connected to WiFi, then open Kingroot.
3) Once Kingroot is "Done searching for the best root strategy", click the "Try Now" button and wait about 3 minutes for KingRoot to give you a "Root Successfully" message.
4) This is where it gets kinda tricky, immediately after receiving the root success message, go into SuperSU-me, and grant root permissions when prompted.
5) Click on the big blue button in the middle of the frame and wait about 1 minute for the process to complete. DO NOT UPDATE THE SUPERSU BINARY, IT WILL BOOTLOOP.
6) IMMEDIATELY after the process has completed, go into Settings and make sure KingRoot or Purify is not installed! This is an important step because Kingroot and Kingroot adware tends to install itself in the system partition which can cause problems and frustration.
7 - Recommended) Download a root file explorer and search "King" under /data and /system to ensure that the KingRoot app and its bloatware has been wiped from the system.
8) Enjoy root access!
If this tutorial helped you please be sure to hit the :good: button. If you had any issues or troubles during this process please feel free to let me know down below.
Need T337A firmware? Check out my thread here: https://forum.xda-developers.com/tab-4/general/download-sm-t337a-lollipop-firmware-t3536509
Cheers!
Click to expand...
Click to collapse
The firmware you provided saved my sm-t337A tablet from being soft bricked. Although I was able to gain temp root from this method, king root tried to disable the SELinux on my device and after trying to temp root again caused the app to implant itself as bloatware into the /systems folder and was non functional when using the app. Do you happen to know of a custom recovery (TWRP or CWM) which would work for this device?

[ROOT][MAGISK] For Asus ZenPad 10 3s[P027]

Just goot this device rooted! Just gonna test the script a few times so there isent any bugs and i will upload it!
EDIT: Systemless Root methods like Magisk resets after root(I Think SuperSu works if u tweak dm-verity in the kernel). But using system-root both breaks saftynet and is boring
So im gonna try to edit the boot img to work with magisk or SuperSU even if the bootloader is locked.
If none of theese things works there is a way to Re-root after each reboot but its ofc much easyer just to edit the boot.img or unlock the BL
EDIT 2: I will also try to reverse engineer the bootloader to try to find a weak point where we can unlock it, for easyer rooting and creating custom roms
EDIT 3: Also forgot to mention xposed works because you dont "need" root. If anyone want xposed just reply in the thread and il upload the script "as is" even though it resets after each reboot, but root works perfect have tested multiple apps.
And as i said before, before i release the root method publicly i want to check if its the BL who "resets" the kernel like on some HTC devices or if its a simple dm-verity problem , if it is the dm-verity thing its easy to fix.
More info:
Flashing kernel,system,recovery works because the only partitions that are protected are the BL and FRP partions but not for long
So far:
Magisk: Works
Bootloader: Locked
Saftynet: Passes
Proof:
https://i.imgur.com/8uABTSl.jpg
Download:
Code:
Comming in an hour! Just gotta check the updatescript for errors before posting :)
j wait for your script to root my Z500 m thanks to you.
Wow, finally there's a method to root. I own the device since august and I really want to get it rooted due to all bloatware I want to uninstall and to install 3rd party apps.:good:
super thanks to you me too and thanks to you I could root the tablet with all s is unnecessary thank you for your work:good::good::good:
Cant wait
Wow.... time is ticking to bring root to the P027
I can't wait for an update on this.
There must be another way to get a rooted ASUS P027. I tried much but don't have any success. I think that there is a way to push some files manually to /data/local/tmp. Setting right permissions using adb. Finally executing a root-shell-script from one of many should do the rest. Problem is not to get the files inside the system, you have to do it again after each reboot.
I'm a bit nervous to modify bootloaders and flash them on the go with no oem support. If some support for this device comes available from ASUS it should be a lot easyer to do.
I cant upload photo's till i'm no longer seem like a robot. I also got some kind of root on my P027. only for a moment. After reboot it is gone.
I can't wait for that!
Will it come out soon..... so excited ^_^
BigThanh said:
Will it come out soon..... so excited ^_^
Click to expand...
Click to collapse
here too...the hour is over
That would be great
hey, very good news!! I am waiting a long time for this. It would also be nice, if you can give us your xposed script. Thnkas!!
Is p207 the model number? I'm only finding it listed as Z500M.
joshnat said:
Is p207 the model number? I'm only finding it listed as Z500M.
Click to expand...
Click to collapse
Yes
Ok guy's where do we stand on root as of 5pm Wednesday 10.04.2017 ??
I bought the ASUS Zenpad 3S 10 [P027] off Amazon on Saturday on a flash sale for $265, knowing it didn't have root, and that's a shame because it's a beautiful & buttery smooth tablet.
Today, as I was pondering boxing it up for a return, I figured I'd look for myself once more for the hell-of-it, AND BOOM! I found this thread!
So where are we guys? I'll test it for ya or whatever! So friggin' pumped ROOT has been established! Dare I say -Vanilla Oreo ROM with onscreen softkeys??? YEAH!
Really looking forward to this! I don't mind getting my hands dirty, but just waiting for the script I'm very happy to have stumbled upon this thread, can't wait to have root on this tablet!!
Fortunately we will get to see the script. I own the P027 since auust 17. A very good hardware. But without root its only worth half. So, me too is awaiting the script but so far I guess we still have to wait. Til now, no root app works (iRoot, Kingo, e.g.) Very sad because I think that once we rooted it and get rid of all the OEM bloatware, this tab may rocks a lot more.
Prinz069 said:
Fortunately we will get to see the script. I own the P027 since auust 17. A very good hardware. But without root its only worth half. So, me too is awaiting the script but so far I guess we still have to wait. Til now, no root app works (iRoot, Kingo, e.g.) Very sad because I think that once we rooted it and get rid of all the OEM bloatware, this tab may rocks a lot more.
Click to expand...
Click to collapse
to remove bloatware, i followed this guide. I can confirm ist works.
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
Can you go ahead and upload the script for those of us brave enough to try it? Thank you for all your hard work!
I got root and xposed. But I don't have a way to get it in that device
At my next post will I upload a photo or link of my own (semi) rooted P027. The Magic of rooting a device which is unsupported is far away from easy as flashing chainfire's zips or something possible using Odin or what. Most likely if there was a custom recovery for the P027 root would be easy because of all possibilities you have.
I've tried a lot of other ways to get in to try modify something in that locked system. It is hard to get there without losing patients! I also lose social networks I belong to. Even if days counts 48 hour instead of 24, root wasn't there with the success I had hope to. Sometimes only after manually redirecting some files with adb and manually setting right permissions to every file. It becomes possible to get accessing "su" in terminal app. Only sometimes, after each modifying something, you're device needs to reboot for applying that modification. At that point you lose everything before you can use it.
If someone can post latest boot.img I will try to patch it with Magisk. If that is possible it will get easier to activate systemless xposed. A few weeks ago on note 8 launch day... It took at least 1 hell of a day before root came available on xda. Also twrp and custom roms are available.
Hope soon to make it happening for real.
hi I would buy this tablet but wanted to understand root situation. can you run the root on this device? you can install Rom?
toineh said:
At my next post will I upload a photo or link of my own (semi) rooted P027. The Magic of rooting a device which is unsupported is far away from easy as flashing chainfire's zips or something possible using Odin or what. Most likely if there was a custom recovery for the P027 root would be easy because of all possibilities you have.
I've tried a lot of other ways to get in to try modify something in that locked system. It is hard to get there without losing patients! I also lose social networks I belong to. Even if days counts 48 hour instead of 24, root wasn't there with the success I had hope to. Sometimes only after manually redirecting some files with adb and manually setting right permissions to every file. It becomes possible to get accessing "su" in terminal app. Only sometimes, after each modifying something, you're device needs to reboot for applying that modification. At that point you lose everything before you can use it.
If someone can post latest boot.img I will try to patch it with Magisk. If that is possible it will get easier to activate systemless xposed. A few weeks ago on note 8 launch day... It took at least 1 hell of a day before root came available on xda. Also twrp and custom roms are available.
Hope soon to make it happening for real.
Click to expand...
Click to collapse
Here is the boot.img from WW_V14.0210.1709.27: https://mega.nz/#!4bQExBTB!5fyivXxvP4aYAxCDjsYRJ1X7o1wMXYGBLf1TO0ns-z4
I downloaded the WW_V14.0210.1709.27 firmware from ASUS Support then unzip the package to get this file.
Hope it will be helpful to you. I am really looking forward to root this device!
Thank you for your hard work!

updating if rooted

My rooted moto G7 is still on stock android 9, security level 1 October 2019, build PPOS29.114-134-4. My wife has the identical Moto G7 phone, but unrooted, and I know she has received several OTA system updates since then.
My rooted phone is so far behind in updates because every non-OTA update method I've read about results in losing root. I know that regaining root is a simple thing to the experts but every time *I* attempt to root this (or any other phone) I end up getting into trouble. I don't even remember how rooting was originally done on this phone and obviously I am not doing things correctly.
Could a kind expert please give me step by step instructions suitable for a newbie on how to update the system on this rooted phone and then simply regain root?
My phone has twrp installed and I do have recent nandroid backups. If my memory is correct, I originally used twrp to root this phone but my memory may or may not be correct.
Thank you.
(To explain, the only reason I root this phone is
1) to use Titanium Backup which I've used many times to restore apps
2) for easy nandroid backups in case I mess something up
3) to hopefully install a Google free rom one day. I used lineageos on another phone but understand it still has problems on this phone)
maybeme2 said:
My rooted phone is so far behind in updates because every non-OTA update method I've read about results in losing root.
Click to expand...
Click to collapse
EVERY update of your firmware requires a new installation of Magisk.
New firmware = new boot.img => Magisk will be deinstalled
Thank you
Actually I cannot get any updates unless I unrooted first. When I tell the phone to look for updates it does and tells me I'm up-to-date. Which I'm obviously not.
So it seems something is preventing update. I assumed it's because I'm rooted. What do I need to do to receive ota updates and after updates how do I regain root?
maybeme2 said:
Thank you
Actually I cannot get any updates unless I unrooted first. When I tell the phone to look for updates it does and tells me I'm up-to-date. Which I'm obviously not.
So it seems something is preventing update. I assumed it's because I'm rooted. What do I need to do to receive ota updates and after updates how do I regain root?
Click to expand...
Click to collapse
You have to manually flash the firmware via fastboot. There're a lot of tutorials here in this forum for that.
Do It manually
https://forum.xda-developers.com/moto-g7/how-to/manually-update-g7-using-fastboot-t3917381
Just pay attention to not erase user data and it won't wipe anything
maybeme2 said:
Thank you
Actually I cannot get any updates unless I unrooted first. When I tell the phone to look for updates it does and tells me I'm up-to-date. Which I'm obviously not.
So it seems something is preventing update. I assumed it's because I'm rooted. What do I need to do to receive ota updates and after updates how do I regain root?
Click to expand...
Click to collapse
Theres a magisk module called Safety Net something-another and if you install hat module, reboot, go back to magislk-settings and towards the mid to bottom check the box that says Hide Magisk to protect from various forms of detection
Then you can reboot again or just wait awhile and you should be able to update BUT, as stated above, you'll have to reinstall magisk every update.
Thanks. It is hard to know what to believe anymore. In my searches I also read that accepting ota updates on a rooted Moto G7 will brick the phone.
maybeme2 said:
Thanks. It is hard to know what to believe anymore. In my searches I also read that accepting ota updates on a rooted Moto G7 will brick the phone.
Click to expand...
Click to collapse
Because some people also tell a lot of nonsense!
An ota.zip is a block based update process. You MUST verify the partitions before doing any changes! Otherwise it could lead to a fully damaged device.
"Hide the manager..." Thanks a lot!!
@maybeme2 flash the correct firmware to update your device.
WoKoschekk said:
Because some people also tell a lot of nonsense!
Click to expand...
Click to collapse
Very true. But .....it takes knowledge (which I am slowly acquiring) to tell the difference. And, if the person asking already had enough 'knowledge' to know it is nonsense, they would not need to search for information. A classic Catch-22 dilemma for a newbie. That's why searching for help is so dangerous.
QUOTE=WoKoschekk;82901585]An ota.zip is a block based update process. You MUST verify the partitions before doing any changes! Otherwise it could lead to a fully damaged device.[/QUOTE]
What do you mean by "a block based update process". I think I know, but it is dangerous to guess. If you have the time, could you explain?
Also, what do you mean by "verify the partitions before doing any changes!"? Verify for what? And after verifying the partitions, do what with that knowledge?
These are summary statements. Similar to "you must do the correct thing". It does not tell me what the correct thing is.
What people asking for help need is
1. Click on. ....
2. Copy. .. to. ... because. ..
etc.
3. Be sure to. ....
HTA123's answer was helpful that way.
"There are plenty of tutorials" is not helpful because some of these tutorials are incorrect and will brick your phone.
QUOTE=WoKoschekk;82901585]"Hide the manager..." Thanks a lot!!.[/QUOTE]
What do you mean by ""Hide the manager..."?
maybeme2 said:
What do you mean by "a block based update process". I think I know, but it is dangerous to guess. If you have the time, could you explain?
Also, what do you mean by "verify the partitions before doing any changes!"? Verify for what?
Click to expand...
Click to collapse
Android uses a ext4 filesystem that allocates storage space in units of "blocks". Your system partition is read only and Android will not change anything on it. So Motorola's developers know the block address of each file. Instead of replacing a updated file they replace an updated block.
But on a modified partition the block addresses may have changed for each file. While an update replaces a block with the correct address, this block could stored incorrect files/data.
block based OTA
To avoid such problems an OTA verifies your whole system. The easiest way to verify a partition is to build hashes/checksums.
Hide Magisk Manager
This option is helpful to hide root for some apps that check your device for root. But it's not for a device update/OTA.
WoKoschekk, that is very informative. Thank you so much! I've learned a lot and it explains a lot of things about ota's, and other things.
Excellent. I will copy and keep in my notes.
Thank you again.
maybeme2 said:
WoKoschekk, that is very informative. Thank you so much! I've learned a lot and it explains a lot of things about ota's, and other things.
Excellent. I will copy and keep in my notes.
Thank you again.
Click to expand...
Click to collapse
Attached you find a system log of a failed OTA update process grabbed from my Moto G6 plus. I know there are more interesting things in life than that. But it shows you what I have explained in my post before.
After trying to verify the partitions it fails due to a mismatched hash and the update process exits with a error (time: 04:34:25, somewhere in the middle of the log).

Categories

Resources