Alright, so as most of you know, (or not) there has been a MAJOR exploit for not just our device, but the ENTIRE android base as a whole. This is very exciting for us at this time, for as you know, Marshmallow for our phone gets near to no developer support. It goes by the name, the myth, the legend, Dirty Cow (CVE-2016-5195). How it works, is it uses a very old, 7-9 year old exploit that was overlooked a long time, but was patched on some Linux desktop systems. However, Android is running on a different kernel, and we can take advantage of CoW (Copy on Write). This is great news once again, if you want to know more, feel free to Google it. So, we don't really need to do much. Just sit back, and wait for people like J Case and Chainfire to release a tool that is verified to work.
(Or don't wait and try to make a tool of your own, each to their own)
Once we obtain root for our devices on 6.0 I will start to work on this device again and develop for it. I will port Cyanogenmod Mod 13 over, or whatever the latest is). Very excited to possibly start working on this device again, great device, just recently got wireless charging for it, +1 . Whatever you do, do NOT take any patches from AT&T if you can avoid it (reason why I say "if you can avoid it" is because AT&T has been known to automatically update your device in the past, and has happened countless times. Also, try not to download anything that isn't verified or from a source you trust, this can also be used for malicious purposes obviously.
-ZVNexus
ZVNexus said:
Alright, so as most of you know, (or not) there has been a MAJOR exploit for not just our device, but the ENTIRE android base as a whole. This is very exciting for us at this time, for as you know, Marshmallow for our phone gets near to no developer support. It goes by the name, the myth, the legend, Dirty Cow (CVE-2016-5195). How it works, is it uses a very old, 7-9 year old exploit that was overlooked a long time, but was patched on some Linux desktop systems. However, Android is running on a different kernel, and we can take advantage of CoW (Copy on Write). This is great news once again, if you want to know more, feel free to Google it. So, we don't really need to do much. Just sit back, and wait for people like J Case and Chainfire to release a tool that is verified to work.
(Or don't wait and try to make a tool of your own, each to their own)
Once we obtain root for our devices on 6.0 I will start to work on this device again and develop for it. I will port Cyanogenmod Mod 13 over, or whatever the latest is). Very excited to possibly start working on this device again, great device, just recently got wireless charging for it, +1 . Whatever you do, do NOT take any patches from AT&T if you can avoid it (reason why I say "if you can avoid it" is because AT&T has been known to automatically update your device in the past, and has happened countless times. Also, try not to download anything that isn't verified or from a source you trust, this can also be used for malicious purposes obviously.
-ZVNexus
Click to expand...
Click to collapse
Jcase doesn't work on LG devices at all anymore. (That's what he told me) Chainfire is occupied with working on a systemless root for the google Pixel! Think you could try it?
abine45 said:
Jcase doesn't work on LG devices at all anymore. (That's what he told me) Chainfire is occupied with working on a systemless root for the google Pixel! Think you could try it?
Click to expand...
Click to collapse
Nonono, the thing is this exploit will work on ALL Android devices, so even if one person creates a tool for another device that does not yet have root, that tool will instantly work on ALL devices. (at least to my knowledge) So it doesn't matter if he works on LG devices or not, any tool he makes can be used on our devices.
ZVNexus said:
Once we obtain root for our devices on 6.0 I will start to work on this device again and develop for it. I will port Cyanogenmod Mod 13 over, or whatever the latest is).
-ZVNexus
Click to expand...
Click to collapse
The root has nothing to do with custom roms. Root won't let you to unlock bootloader.
rascal0pl said:
The root has nothing to do with custom roms. Root won't let you to unlock bootloader.
Click to expand...
Click to collapse
With a certain method, we won't need one. I was thinking, once you boot /system, it will automatically trigger which will send you into CM13.
It would be very similar to Safestrap, but not.
i have unlocked bootloader on MM, meybe someday I learn how to port rom V10 is poor in unofficial soft
I dont understand ????
Excuse me can u say it in simple way ? ???
Are u wanna say with Our locked bootloader we can install root and Twrp on Our device ? On MM or Nougat or any system? Do u mean that ?!
₪HuEx₪
HuEx said:
I dont understand
Excuse me can u say it in simple way ?
Are u wanna say with Our locked bootloader we can install root and Twrp on Our device ? On MM or Nougat or any system? Do u mean that ?!
₪HuEx₪
Click to expand...
Click to collapse
Installing TWRP is IMPOSSIBLE without unlocked bootloader so no. Although, systemless root is very much possible, just we have no devs that will work on it. Although I do work on minor root applications, I myself am no where at the level of where people like Chainfire are. So yes, root possibility, bootloader nope. (Until further notice at least)
The T-Mobile varient already has root + TWRP on MM ......
ZVNexus said:
Installing TWRP is IMPOSSIBLE without unlocked bootloader so no. Although, systemless root is very much possible, just we have no devs that will work on it. Although I do work on minor root applications, I myself am no where at the level of where people like Chainfire are. So yes, root possibility, bootloader nope. (Until further notice at least)
Click to expand...
Click to collapse
But i see they could Unlock bootloader with Nougat system with Fastboot on V20 without a bin file or any thing .. So is there a hope with Nougat For us ? To get TWRP in V10? All Variants?
₪HuEx₪
This exploit is not specific to this phone. Once someone releases root via this method it should work on all phones, all firmwares.
ZVNexus said:
Installing TWRP is IMPOSSIBLE without unlocked bootloader so no. Although, systemless root is very much possible, just we have no devs that will work on it. Although I do work on minor root applications, I myself am no where at the level of where people like Chainfire are. So yes, root possibility, bootloader nope. (Until further notice at least)
Click to expand...
Click to collapse
This is both true and untrue. There is a way around this, if you can use Android itself as a bootloader, then you don't actually need the usual sort of unlocked bootloader. The idea is similar to Linux's KEXEC functionality. Alas I'd bet KEXEC won't be available on Android kernels any time soon, but if you can inject code into kernel space you can get the same effect.
beavis5706 said:
This exploit is not specific to this phone. Once someone releases root via this method it should work on all phones, all firmwares.
Click to expand...
Click to collapse
I've read there are some already out and people have been successfully experimenting.
I am SO excited. This forum has been so barren for so long I just never even imagined CM on my phone
when will we be able to unlock bootloader for v10 H960a middle east version. i had two option, go with sony z5 premium dual or LG V10, i regret choosing LG v10 over z5. i wish if i knew that you cant unlock the bootloader!!
Has there been someone that has been able to permanently root marshmallow yet (non t-mobile v10) ?
Permanent root may not be necessary. But no one has replied to my questions on the functionality of temporary root. Questions are... With temp root...
1. Can I replace mobile hotspot APK and use my hotspot after reboot (no root) unlimited data user.
2. Would ad blocking still work after reboot (no root)
3. Would viper4android still work after reboot (i could live with out this one)
4. Would I be able to use Titanium Backup while temporary rooted?
Hello
I'm new to LG V10 so I don't know in detail.
But can we use VIKIROOT??
It looks work on this device and we can get temporal root?
I'm sorry for my bad English.
I tried to use it but it says "Permission denied."
iptr9 said:
Hello
I'm new to LG V10 so I don't know in detail.
But can we use VIKIROOT??
It looks work on this device and we can get temporal root?
I'm sorry for my bad English.
I tried to use it but it says "Permission denied."
Click to expand...
Click to collapse
I just saw VIKIROOT and looks promising!
You probably did not make "exploit" executable. I pushed "exploit" through adb to /data/local/tmp, then opened an adb shell, cd to /data/local/tmp and made it executable (by chmod +x exploit). Then I ran it, and seemed to execute fine. However it stuck on "waiting for reverse connect shell". I don't know what to do now; I opened up the device, toggled Bluetooth etc as the developer suggests but nothing happens. Anybody to take it further?
ftaios said:
I just saw VIKIROOT and looks promising!
You probably did not make "exploit" executable. I pushed "exploit" through adb to /data/local/tmp, then opened an adb shell, cd to /data/local/tmp and made it executable (by chmod +x exploit). Then I ran it, and seemed to execute fine. However it stuck on "waiting for reverse connect shell". I don't know what to do now; I opened up the device, toggled Bluetooth etc as the developer suggests but nothing happens. Anybody to take it further?
Click to expand...
Click to collapse
Thank you for reply!!!
It also stuck on "Waiting for reverse connect shell"...
iptr9 said:
Thank you for reply!!!
It also stuck on "Waiting for reverse connect shell"...
Click to expand...
Click to collapse
I'm in contact with the developer, we will have to wait a bit. Let's keep fingers crossed
I've made this thread to teach T337A owners how to root their device with SuperSU. Please note that this is a system-less root, meaning it's temporary, but can be re-applied. Rooting only takes about 5-7 minutes and brings numerous tweaks and advantages to your device. Just remember that every time you reboot or shut the device down, you will need to repeat the rooting process. This tutorial was designed for Lollipop 5.1.1, but it should work on KitKat as well.
Before beginning, you will need to download the following file, unzip it on your pc, then transfer it to your device's internal storage/external sd card.
T337AUCU2BOH4 (Lollipop) firmware can be found here
Root Files can be found here
Lets start!
1) Install both the APK files in the file on your device, If prompted, allow installation from unknown sources.
2) Make sure your device is connected to WiFi, then open Kingroot.
3) Once Kingroot is "Done searching for the best root strategy", click the "Try Now" button and wait about 3 minutes for KingRoot to give you a "Root Successfully" message.
4) This is where it gets kinda tricky, immediately after receiving the root success message, go into SuperSU-me, and grant root permissions when prompted.
5) Click on the big blue button in the middle of the frame and wait about 1 minute for the process to complete. DO NOT UPDATE THE SUPERSU BINARY, IT WILL CAUSE YOUR DEVICE TO BOOTLOOP.
6) IMMEDIATELY after the process has completed, go into Settings and make sure KingRoot or Purify is not installed! This is an important step because Kingroot and Kingroot adware tends to install itself in the system partition which can cause problems and frustration.
7 - Recommended) Download a root file explorer (such as ES File Explorer) and search "King" under /data and /system to ensure that the KingRoot app and its bloatware has been wiped from the system. This is to ensure that Kingroot still works properly after a reboot.
8) Enjoy root access!
If this tutorial helped you please be sure to hit the :good: button. If you had any issues or troubles during this process please feel free to let me know down below.
Cheers!
@KingOfTheNet
will flashfire work? bc it wont with kingroot
also, could itit.d be enabled and run these off of a script for example on startup so we don't have to do this after each reboot/shutdown
but i believe you would have to capture kingroots data somehow in the process of rooting
toolhas4degrees said:
@KingOfTheNet
will flashfire work? bc it wont with kingroot
also, could itit.d be enabled and run these off of a script for example on startup so we don't have to do this after each reboot/shutdown
but i believe you would have to capture kingroots data somehow in the process of rooting
Click to expand...
Click to collapse
FlashFire does work on SuperSU, I've tested that for myself. It does not work with KingRoot.
For the second question, I'm not sure. I haven't looked through that file myself and I might look through it later but right now, I would just avoid rebooting the tablet if you wanna keep root without repeating the process over and over again. It's what I do, repeating the process over and over again can get very tedious and annoying.
Cheers!
I assume you're talking about 5.1.1? It won't work with kingroot versions higher than 4.8. Also, flashfire will load, but if you try to flash a zip you're screwed. You can actually use replace kingroot with supersu zip in terminal emulator on any version kingroot. Same deal with su binary, don't update it. Wish I could figure out how I had permanent for with kingroot. I had to go messing with things and lost it. Nothing really special about this method, unless there's a dev out there that can do something with it.
xjimmy said:
I assume you're talking about 5.1.1? It won't work with kingroot versions higher than 4.8. Also, flashfire will load, but if you try to flash a zip you're screwed. You can actually use replace kingroot with supersu zip in terminal emulator on any version kingroot. Same deal with su binary, don't update it. Wish I could figure out how I had permanent for with kingroot. I had to go messing with things and lost it. Nothing really special about this method, unless there's a dev out there that can do something with it.
Click to expand...
Click to collapse
Sorry for the late response. Yes, somethings I forgot to mention in the original post:
1)Updating the SU Binary will put your device in a bootloop
2)Flashing anything with flashfire (based on what I've seen) results in a soft brick
3) I know you can replace kingroot with SuperSU in terminal, but when you reboot, you're unrooted again.
4) I'm trying to figure out how I could altar the boot.img so we can get permanent SuperSU on this thing the same way Chainfire did it with the US and Qualcomm Samsung Galaxy S7's.
Cheers!
Hi, @KingOfTheNet, thanks for helping out with this device, i rooted my device on KK nk2 build and now updated to 5.1.1, thanks to you! now i would like to root 5.1.1 (am aware it is a temp. root)
i have superSu Pro, do i need Super Sume for this to work?
KingOfTheNet said:
Sorry for the late response. Yes, somethings I forgot to mention in the original post:
1)Updating the SU Binary will put your device in a bootloop
2)Flashing anything with flashfire (based on what I've seen) results in a soft brick
3) I know you can replace kingroot with SuperSU in terminal, but when you reboot, you're unrooted again.
4) I'm trying to figure out how I could altar the boot.img so we can get permanent SuperSU on this thing the same way Chainfire did it with the US and Qualcomm Samsung Galaxy S7's.
Cheers!
Click to expand...
Click to collapse
Somehow I had it permanently rooted with kingroot a while back. I had the 4.9.6 apk on my tab at the time, is all I know. I could've updated from an earlier version, and maybe that was the cause. I've tried so many different versions of kingroot with no luck, but one peculiar occurrence; if I open kingroot, get into the settings and uninstall kingroot without saving a backup of root, then delete all the files in the tablet's main directory, and reinstall kingroot version 4.8.0, it somehow retains a partial permanent root. At least on my T337A running 5.1.1 BOH4 it will, as long as I get a fresh install of 4.8.0, let it root, then hit the optimize button right after. Then wait until it finally tells me that kingroot has been deployed as a system app. After that, when I try to open any root apps, the screen will darken as it does when the root permission tab pops up, but it never pops up. The app just freezes. I can kill it in the task manager screen to just go back to using my tablet. After I restart the tab, sometimes it'll tell me an app has been granted superuser permissions. If I open up terminal emulator, type in the 'su' command and hit enter, the screen will turn dark again like it's going to ask me to allow or deny superuser permission, but it just freezes like that again. I've tried all kinds of stuff with 4.8.0, but I still can't get it to stick. If you don't hit the optimize button in kingroot right after rooting, and just wait for kingroot to install as a system app, the allow/deny prompt comes up without freezing, but the partial permanent root glitch doesn't remain. ugh, tired of messing with it though. lol
Edit: I may be wrong. It might need to be rooted with 4.8.0, optimized, then rebooted right away for the partial root. I'll try to do it again and let you know what I find.
bklyndiaz said:
Hi, @KingOfTheNet, thanks for helping out with this device, i rooted my device on KK nk2 build and now updated to 5.1.1, thanks to you! now i would like to root 5.1.1 (am aware it is a temp. root)
i have superSu Pro, do i need Super Sume for this to work?
Click to expand...
Click to collapse
I'm happy to help out! You'd need king root installed, root the tab with king root, then use SuperSU me to replace the kingroot binaries with the SuperSU ones. It is an automatic process and should only take about 30 seconds or less. Pro version of SUPERSUme is not required, free version should work just fine.
Cheers!
xjimmy said:
Somehow I had it permanently rooted with kingroot a while back. I had the 4.9.6 apk on my tab at the time, is all I know. I could've updated from an earlier version, and maybe that was the cause. I've tried so many different versions of kingroot with no luck, but one peculiar occurrence; if I open kingroot, get into the settings and uninstall kingroot without saving a backup of root, then delete all the files in the tablet's main directory, and reinstall kingroot version 4.8.0, it somehow retains a partial permanent root. At least on my T337A running 5.1.1 BOH4 it will, as long as I get a fresh install of 4.8.0, let it root, then hit the optimize button right after. Then wait until it finally tells me that kingroot has been deployed as a system app. After that, when I try to open any root apps, the screen will darken as it does when the root permission tab pops up, but it never pops up. The app just freezes. I can kill it in the task manager screen to just go back to using my tablet. After I restart the tab, sometimes it'll tell me an app has been granted superuser permissions. If I open up terminal emulator, type in the 'su' command and hit enter, the screen will turn dark again like it's going to ask me to allow or deny superuser permission, but it just freezes like that again. I've tried all kinds of stuff with 4.8.0, but I still can't get it to stick. If you don't hit the optimize button in kingroot right after rooting, and just wait for kingroot to install as a system app, the allow/deny prompt comes up without freezing, but the partial permanent root glitch doesn't remain. ugh, tired of messing with it though. lol
Edit: I may be wrong. It might need to be rooted with 4.8.0, optimized, then rebooted right away for the partial root. I'll try to do it again and let you know what I find.
Click to expand...
Click to collapse
Kingroot does allow your device to retain permanent root after a certain time. However, Kingroot is not as powerful as SuperSU, is very limited in terms of what It can do, and has it's own 'bloatware' titled Purify. I'd honestly stick with SuperSU because it's (probably) the most powerful and efficient way to root your phone. I'd also suggest avoiding having to reboot the tablet at all with temp root because you would have to take 5 minutes to install it again, which was a pain in the butt for me.
As for the kingroot app freezing, that's usually the result of a bad download or a bad root. Plus kingroot is very limited in terms of what you can do on your kingrooted device. SUPERSU is the equivalent of an IOS jailbreak. SUPERSU gives you full control of your device, with no bloatware and limits, unlike kingroot.
Kingroot does sometimes delete the su binaries upon rebooting, which is another reason I don't like it all that much.
Another theory I thought of is that it's not Kingroot that's deleting the binaries, it's actually something that's set to happen when the device boots up. Either the actual Android os or the bootloader searches for and deletes the su binaries to prevent root.
I don't know for sure, I've kinda slowed down work on this device mainly because of a project I've been working on with the Samsung Galaxy S7 AT&T (SM-G930A). I'll look into these things when I get the chance.
Cheers!
I understand the limitations of Kingroot, and certainly supersu by all means is better. In the case of flashfire with supersu in this scenario, it's merely the difference of being able to open and run it just enough to work improperly and brick your device vs. Kingroot not being able to open it at all. I posted in a thread long before this one, how to replace kingroot with supersu, only I use the zip file in terminal emulator. Pretty sure I went over flashfire as well. The terminal emulator method works with new versions of kingroot, unlike supersu me. Are you suggesting that the T337A running 5.1.1 BOH4 can achieve permanent root via kingroot after "a certain amount of time"? Because I'm the only one I've seen on xda who's ever posted that they had permanent root from kingroot, but I didn't know how I did it. After I messed with things, i softbricked and had to flash back to stock, which, no offense, the stock file was available way before you posted it. Anyway, it's not the kingroot app freezing per se, i was talking about after rebooting, and without re-rooting, when trying to use rooted apps, they actually start to engage in the kingroot request superuser permissions pop-up. So, no, it's not a bad download, etc. I believe an older version of kingroot somehow permanently rooted my tab, perhaps with the help of something I was messing with at the time, perhaps not. I've intentionally rebooted my tab an unimaginable amount of times, testing to see if I possibly regained permanent root to no avail, so I know how that works. And it's not about having a hard time deciding on kingroot or supersu for a temproot, it's the interest in permanent root, the possibility off something like safestrap, and/or flashing custom roms, etc. When people say temproot is better or safer, i say boo. How many custom roms include a root toggle in the settings? Anyway I wish I could've gotten hold of a developer while I had permanent root. Maybe I could've done a system dump, or even try replacing the permanent kingroot with supers and drying out that could've stuck. You say you slowed down on this device, do you mean you were pursuing permanent root for it? Are you a developer? I have the AT&T S7 Edge (G935A). What's your project on the 930? Is it something for rooted S7's? I still have my edge running the engboot with the echoRom. Anyway, thanks for your reply.
---------- Post added at 01:01 AM ---------- Previous post was at 12:51 AM ----------
https://forum.xda-developers.com/tab-4/help/t337a-temp-root-bootlp-fix-tar-official-t3473737
*https://forum.xda-developers.com/tab-4/general/permanent-root-t337a-5-1-1-kingroot-t3518334
A couple of threads I started a long time ago that may be of interest to you.
xjimmy said:
I understand the limitations of Kingroot, and certainly supersu by all means is better. In the case of flashfire with supersu in this scenario, it's merely the difference of being able to open and run it just enough to work improperly and brick your device vs. Kingroot not being able to open it at all. I posted in a thread long before this one, how to replace kingroot with supersu, only I use the zip file in terminal emulator. Pretty sure I went over flashfire as well. The terminal emulator method works with new versions of kingroot, unlike supersu me. Are you suggesting that the T337A running 5.1.1 BOH4 can achieve permanent root via kingroot after "a certain amount of time"? Because I'm the only one I've seen on xda who's ever posted that they had permanent root from kingroot, but I didn't know how I did it. After I messed with things, i softbricked and had to flash back to stock, which, no offense, the stock file was available way before you posted it. Anyway, it's not the kingroot app freezing per se, i was talking about after rebooting, and without re-rooting, when trying to use rooted apps, they actually start to engage in the kingroot request superuser permissions pop-up. So, no, it's not a bad download, etc. I believe an older version of kingroot somehow permanently rooted my tab, perhaps with the help of something I was messing with at the time, perhaps not. I've intentionally rebooted my tab an unimaginable amount of times, testing to see if I possibly regained permanent root to no avail, so I know how that works. And it's not about having a hard time deciding on kingroot or supersu for a temproot, it's the interest in permanent root, the possibility off something like safestrap, and/or flashing custom roms, etc. When people say temproot is better or safer, i say boo. How many custom roms include a root toggle in the settings? Anyway I wish I could've gotten hold of a developer while I had permanent root. Maybe I could've done a system dump, or even try replacing the permanent kingroot with supers and drying out that could've stuck. You say you slowed down on this device, do you mean you were pursuing permanent root for it? Are you a developer? I have the AT&T S7 Edge (G935A). What's your project on the 930? Is it something for rooted S7's? I still have my edge running the engboot with the echoRom. Anyway, thanks for your reply.
---------- Post added at 01:01 AM ---------- Previous post was at 12:51 AM ----------
https://forum.xda-developers.com/tab-4/help/t337a-temp-root-bootlp-fix-tar-official-t3473737
*https://forum.xda-developers.com/tab-4/general/permanent-root-t337a-5-1-1-kingroot-t3518334
A couple of threads I started a long time ago that may be of interest to you.
Click to expand...
Click to collapse
No offence taken on the firmware post, I was simply trying to spread the fact that the firmware for the device does exist but is very hard to find and is often posted on shady websites for money, unless you're looking in the right places. It only took me 5 minutes on Google to find one of those sites.
You asked if I was saying that the Tab 4 BOH4 firmware allows you to retain permanent root after some time, and yes, that's exactly what I was saying. I rooted my tablet with Kingroot 4.8.0 a while back and after about 4 - 5 reboots (I counted how many times I rebooted it, but the numbers could vary), It retained root. All I do today is avoid rebooting the tablet at all costs. I prefer SuperSU because, like we've said, there are almost no limitations of what you can do in terms of being rooted. I'm trying to find out how I can make root permanent on the tab with SuperSU by using the eng-boot method used to root all Qualcomm variants of the Galaxy S7, but that may take a while. Since my S7 has the eng-boot root method, I can reboot it all I want and it stays rooted with SuperSU. But at this point, It's just an Idea. I mainly need to find out whether or not the bootloader or the os is wiping the binaries on boot. Some older and newer versions of kingroot can retain root after reboot, but I have yet to find a version of the app that can do so.
Actually, some versions of Cyanogenmod and other custom roms had root pre-installed (not like SuperSU, but close enough), and like CM specifically, there was a section in the settings app for this pre-baked root. Even if I still used CM today, I still would've flashed SuperSU. But on a small number of devices, temp root really is better. However, most of those devices that would be on that list have very little to no development on them. Thus, they are not yet (and may never be) supported for permanent root.
I am partially on the road to becoming a developer, but I don't know how far that's gonna go (my prediction is not that far at all). I was doing research on how I could make an eng-boot for the Tab 4, but I became interested in my Galaxy S7 (AT&T). By that, I mean I wanted to make my own custom version of the stock Marshmallow rom ("Custom but stock OS"). To shorten it up, I wanted to create a .zip flashable "super package" which included SuperSU v2.79, Viper4Android, Overclock tools, and other stuff. I've kinda been on and off in terms of motivation to make this idea a reality, primarily because most of the things I wanted to include in this "package", can easily be installed by you in like 3 minutes, or maybe less. The original motive behind the idea was to lessen the work for power users who wanted to free their device "from the shackles". I've been on and off on work between both devices, but It's hard for me to continue the work without proper motivation. These projects are merely just an Idea at this point, but some drafts and copies do exist on my computer.
Creating a custom Android rom straight from my own head is basically an impossible task for me, considering most of the devices I work with have locked bootloaders. I am still learning Java and other Android programming languages in some of my free time but, again, the motivation to continue is something I struggle to find.
Cheers!
Upgrading OS and rooting
I am currently running my t337a on 4.4.2 with build NK2. I was able to root with towel root awhile ago. I want to upgrade my os to 5.1.1 and root after but would like to make sure I go about it the right way.
Any help would be greatly appreciated. Thanks in advance!
loc626 said:
I am currently running my t337a on 4.4.2 with build NK2. I was able to root with towel root awhile ago. I want to upgrade my os to 5.1.1 and root after but would like to make sure I go about it the right way.
Any help would be greatly appreciated. Thanks in advance!
Click to expand...
Click to collapse
You can root on the latest Lollipop firmware, but it's systemless supersu/temporary, meaning it will go away if you shutdown or reboot the device (you can re-root it, of course, but It can be annoying). The option to upgrade is up to you, and once you do upgrade, you can't downgrade (Locked bootloader & different bootloader versions. Lollipop has the new bootloader.) If you are going to upgrade, you can flash the Lollipop firmware via Odin or upgrade via OTA. If upgrading, I recommend taking it over the air, mainly because I'm still working up Odin packages for them. The Odin packages that I do have available are the BOH4 (the previous and the initial Lollipop update) ones, so if you upgrade OTA, it'll take away one step in the upgrade process, making your life a tad bit easier. Reply back if you need further help or have any more questions.
Cheers!
KingOfTheNet said:
You can root on the latest Lollipop firmware, but it's systemless supersu/temporary, meaning it will go away if you shutdown or reboot the device (you can re-root it, of course, but It can be annoying). The option to upgrade is up to you, and once you do upgrade, you can't downgrade (Locked bootloader & different bootloader versions. Lollipop has the new bootloader.) If you are going to upgrade, you can flash the Lollipop firmware via Odin or upgrade via OTA. If upgrading, I recommend taking it over the air, mainly because I'm still working up Odin packages for them. The Odin packages that I do have available are the BOH4 (the previous and the initial Lollipop update) ones, so if you upgrade OTA, it'll take away one step in the upgrade process, making your life a tad bit easier. Reply back if you need further help or have any more questions.
Cheers!
Click to expand...
Click to collapse
I'm highly considering an upgrade for the feel and hopefully a better performance. Also, a few apps I have need updates but only compatible on Android 5 and up. I have the OTA ready to go. Would I need to unroot before upgrading the OS?
loc626 said:
I'm highly considering an upgrade for the feel and hopefully a better performance. Also, a few apps I have need updates but only compatible on Android 5 and up. I have the OTA ready to go. Would I need to unroot before upgrading the OS?
Click to expand...
Click to collapse
It would be best to unroot before installing to avoid any issues during the installation. Other then that, you're in the clear! Just remember, you cannot downgrade after the install!
Cheers!
KingOfTheNet said:
4) I'm trying to figure out how I could altar the boot.img so we can get permanent SuperSU on this thing the same way Chainfire did it with the US and Qualcomm Samsung Galaxy S7's.
Click to expand...
Click to collapse
I have always been under the assumption that the boot.img for the locked BL on the s7 was literally an engineering kernel from Samsung, and not something Chainfire created. The reason Im saying this is because if Chainfire created a boot image that can get around a locked bootloader, then logic should state that he cracked Sprint/ATT's signature for the BL. So my way of thinking is the success of even one locked boot loader ... it should apply across the board for all, correct? Or am I waaaaay off? lol
leeboski44 said:
I have always been under the assumption that the boot.img for the locked BL on the s7 was literally an engineering kernel from Samsung, and not something Chainfire created. The reason Im saying this is because if Chainfire created a boot image that can get around a locked bootloader, then logic should state that he cracked Sprint/ATT's signature for the BL. So my way of thinking is the success of even one locked boot loader ... it should apply across the board for all, correct? Or am I waaaaay off? lol
Click to expand...
Click to collapse
(1st question) Actually yeah, lol. It was an engineering kernel, he didn't make it . I'm assuming that was used during the development of the phone so Samsung and AT&T could construct the OS without running into any issues with the phones locked bootloader. At the time, I thought that Chainfire thought of some "mad science" to altar the boot.img so that it wont check the signatures of any of the files on boot.
Now I'm thinking:
1) He found a way to obtain all the phones signatures so that way he knows what signature the desired files (like a build of TWRP, or instance) would have to have so it can flash and boot properly.
--OR--
2) He somehow obtained or reproduced the engineering kernel that, like I said, was most likely used during software development for the phone (constructing the OS and the rest of the software).
I've done a little research on what engineering kernels actually do and why they are so useful now (to most people, the name is enough, lol). Apparently, they completely skip some of the signature checks on boot, primarily for /SYSTEM (The OS), which is why we were able to achieve permanent root the Qualcomm Galaxy S7 & S7 edge models. I do not think they skip signature checks for /RECOVERY or /BOOT, but we know that if we either reproduce or obtain the engineering kernel for this tablet, we can achieve permanent root the exact same way. I could be wrong, as I do not know for certain the Ins and outs of engineering kernels and how to get them, but It is very possible.
(2nd question) Now, I do not have much knowledge of bootloaders and signature checks, but I would go to the best assumption that since Sprint & AT&T, for example, are 2 completely different companies and are not affiliated (as of writing this), their bootloaders and updates would not have the same signatures. If they did, then Sprint would have to go to AT&T to sign their updates and such, and AT&T would have to do the same thing for Sprint. It just wouldn't really make sense. Lets think of it this way, If Target wants to sell a product in their stores that's already sold at Walmart, then should Target have to go to Walmart to get that approved? Or if Walmart wanted to sell something that's already sold at Target, then should Walmart have to go to Target for approval? Absolutely not, that wouldn't make any sense. Once again, I could be wrong, but it would make the most sense.
Please, anyone, correct me if I'm wrong.
Cheers!
KingOfTheNet said:
(1st question) Actually yeah, lol. It was an engineering kernel, he didn't make it . I'm assuming that was used during the development of the phone so Samsung and AT&T could construct the OS without running into any issues with the phones locked bootloader. At the time, I thought that Chainfire thought of some "mad science" to altar the boot.img so that it wont check the signatures of any of the files on boot.
Now I'm thinking:
1) He found a way to obtain all the phones signatures so that way he knows what signature the desired files (like a build of TWRP, or instance) would have to have so it can flash and boot properly.
--OR--
2) He somehow obtained or reproduced the engineering kernel that, like I said, was most likely used during software development for the phone (constructing the OS and the rest of the software).
I've done a little research on what engineering kernels actually do and why they are so useful now (to most people, the name is enough, lol). Apparently, they completely skip some of the signature checks on boot, primarily for /SYSTEM (The OS), which is why we were able to achieve permanent root the Qualcomm Galaxy S7 & S7 edge models. I do not think they skip signature checks for /RECOVERY or /BOOT, but we know that if we either reproduce or obtain the engineering kernel for this tablet, we can achieve permanent root the exact same way. I could be wrong, as I do not know for certain the Ins and outs of engineering kernels and how to get them, but It is very possible.
(2nd question) Now, I do not have much knowledge of bootloaders and signature checks, but I would go to the best assumption that since Sprint & AT&T, for example, are 2 completely different companies and are not affiliated (as of writing this), their bootloaders and updates would not have the same signatures. If they did, then Sprint would have to go to AT&T to sign their updates and such, and AT&T would have to do the same thing for Sprint. It just wouldn't really make sense. Lets think of it this way, If Target wants to sell a product in their stores that's already sold at Walmart, then should Target have to go to Walmart to get that approved? Or if Walmart wanted to sell something that's already sold at Target, then should Walmart have to go to Target for approval? Absolutely not, that wouldn't make any sense. Once again, I could be wrong, but it would make the most sense.
Please, anyone, correct me if I'm wrong.
Cheers!
Click to expand...
Click to collapse
No that makes perfect sense and thanks for clearing it up.
The whole thing about the signature being the means by which the bootloader is locked is important. Atleast to me it is, so thank you for clearing that up. :good: And so, it makes sense that the System partitions Signature check being skipped IS what allows access to root. But where my opinion differs on this is the Boot and Recovery implementation of the Signatures. I believe that it IS the carriers implementation that does not allow the Recovery and Boot partitions to be modified. If it were Samsungs then how is Samsung going to incorporate a Universal bootloader that knows how to load all carriers data, policy, etc?
And possibly this is what you were saying above and I am misreading it...
***EDIT*** I see you said that the signatures would NOT be the same between carriers, so I am in line with your theory there as well.
leeboski44 said:
No that makes perfect sense and thanks for clearing it up.
The whole thing about the signature being the means by which the bootloader is locked is important. Atleast to me it is, so thank you for clearing that up. :good: And so, it makes sense that the System partitions Signature check being skipped IS what allows access to root. But where my opinion differs on this is the Boot and Recovery implementation of the Signatures. I believe that it IS the carriers implementation that does not allow the Recovery and Boot partitions to be modified. If it were Samsungs then how is Samsung going to incorporate a Universal bootloader that knows how to load all carriers data, policy, etc?
And possibly this is what you were saying above and I am misreading it...
***EDIT*** I see you said that the signatures would NOT be the same between carriers, so I am in line with your theory there as well.
Click to expand...
Click to collapse
I'm glad I could be of help, however I don't see where I stated that the signature implementations on the BOOT and RECOVERY partitions was Samsung's idea not the carriers, if you could point that out for me that would be great.:good:
The engineering kernels skip SOME signature checks, both when flashing and booting into partitions, but I do not know exactly which ones they skip. We know it skips some of the signatures for /SYSTEM, but it does not do the same for the 2 other main ones, those being /BOOT & /RECOVERY. We know because "one of our own" attempted to flash their own build of TWRP recovery to the device (SM-G930A to be specific) only to get a signature check fail when booting the phone, which of course means that the phone has a locked bootloader and that the signatures for the /RECOVERY partition are still checked, but I do not know for certain about /BOOT. If I had to assume I'd say that /BOOT isn't checked, given the fact that if your phone is rooted then you would have had to flash the engineering kernel, which, like I said, skips some signature checks.
I hope I've cleared most things up for you.
Cheers!
KingOfTheNet said:
I've made this thread to teach T337A owners how to root their device with SuperSU. Please note that this is a system-less root, meaning it's temporary, but can be re-applied. Rooting only takes about 5-7 minutes and brings numerous tweaks and advantages to your device. Just remember that every time you reboot or shut the device down, you will need to repeat the rooting process. This tutorial was designed for Lollipop 5.1.1, but it should work on KitKat as well.
Before beginning, you will need to download the following file, unzip it on your pc, then transfer it to your device's internal storage/external sd card.
Root File: https://mega.nz/#!74Jl0ZqY!knlHuexbYGFkk1f4wHxq16u3L38EtfR9scQ0H7hISTA
Lets start!
1) Install both the APK files in the file on your device, If prompted, allow installation from unknown sources.
2) Make sure your device is connected to WiFi, then open Kingroot.
3) Once Kingroot is "Done searching for the best root strategy", click the "Try Now" button and wait about 3 minutes for KingRoot to give you a "Root Successfully" message.
4) This is where it gets kinda tricky, immediately after receiving the root success message, go into SuperSU-me, and grant root permissions when prompted.
5) Click on the big blue button in the middle of the frame and wait about 1 minute for the process to complete. DO NOT UPDATE THE SUPERSU BINARY, IT WILL BOOTLOOP.
6) IMMEDIATELY after the process has completed, go into Settings and make sure KingRoot or Purify is not installed! This is an important step because Kingroot and Kingroot adware tends to install itself in the system partition which can cause problems and frustration.
7 - Recommended) Download a root file explorer and search "King" under /data and /system to ensure that the KingRoot app and its bloatware has been wiped from the system.
8) Enjoy root access!
If this tutorial helped you please be sure to hit the :good: button. If you had any issues or troubles during this process please feel free to let me know down below.
Need T337A firmware? Check out my thread here: https://forum.xda-developers.com/tab-4/general/download-sm-t337a-lollipop-firmware-t3536509
Cheers!
Click to expand...
Click to collapse
The firmware you provided saved my sm-t337A tablet from being soft bricked. Although I was able to gain temp root from this method, king root tried to disable the SELinux on my device and after trying to temp root again caused the app to implant itself as bloatware into the /systems folder and was non functional when using the app. Do you happen to know of a custom recovery (TWRP or CWM) which would work for this device?
Mod Edit
So this is BS right? I've been out of the phone rooting game for a bit.
Sent from my SM-N920V using Tapatalk
Mod Edit
MrMike2182 said:
Why are you trying to get people to do this when it's not FULL ROOT?! You basically took the same exact console root eng kernel that is listed here https://forum.xda-developers.com/verizon-galaxy-note5/general/root-n920v-t3538192 and just renamed it..
Do not do this it's simply console root and nothing else!!
Click to expand...
Click to collapse
Lol at the if you see SuperSU you're rooted. I mean, if the CF auto works cool, but I'm gonna wait to see how many people don't read first and try to flash this.
tylerlawhon said:
Lol at the if you see SuperSU you're rooted. I mean, if the CF auto works cool, but I'm gonna wait to see how many people don't read first and try to flash this.
Click to expand...
Click to collapse
LOL there isn't even a CF auto root for the N920V!! He seriously just took the same one we already have for console root and renamed it! They're even the same exact size, haha. Besides, where does he think the SuperSU app is coming from? It sure ain't from the file he has posted because that's just the console root kernel and that doesn't install/ flash SuperSU it only flashes the boot.img..
tylerlawhon said:
..
Click to expand...
Click to collapse
There's to many inexperienced people claiming root and cluttering the hell out the forums!! Even on the easy-firmware website he posted this same exact thing and when a user asked him a question he didn't even know the answer and told the user to flash and report back with his findings.. This thread is totally not needed at all!!
Stuck in the boot interface
tylerlawhon said:
Lol at the if you see SuperSU you're rooted. I mean, if the CF auto works cool, but I'm gonna wait to see how many people don't read first and try to flash this.
Click to expand...
Click to collapse
Well there goes 1 who didn't read first lol.
please remove this threade Please .
it's worng from inexperienced someone
I know this website, easy firm ware listed above, to be a scam site. I've seen a lot of different angles they've tried INCLUDING a download manager quote unquote that is supposed to help you finish downloading. But this is a trojan app. While I never fired it up I can tell you it doesn't look like something a windows user should execute on their system. I use linux.
(mods I promise I know this site is a scam site I've watched them work over the past couple months as I researched my studies)
Regards to root. If you are patched for dirtycow good luck getting root on this phone. (see below for dirtycow patch details) The AT&T / Verizon variants of the Note 5 are extremely well coded you can't get root on them without a powerful exploit. With dirtycow available the days are numbered for any phones not patched, of course not patching your phone in the meantime means you are very vulnerable to a nasty exploit.
So how long right? I dunno but it could be awhile.
Patch details:
Google says the fix is called CVE-2016-5195 patched 11-05-2016, however my security patch level is Nov 1st, 2016. The Samsung SVE-2016-7504 is stated to be included in November's patches and there are 14 patches in that set. AT&T N920AUCS4CPK1 has a note about 14 patches from Samsung, the exact number. (so I seem to be patched if I follow the logic even though Google responded on 11/05/2016 but I dunno how to confirm what's in this Nov 1 2016 security patch in the PK1 firmware.)
It doesn't really matter if they've patched it, you can still downgrade your firmware and security level - even on this variant. I used to go between Marshmallow and Lollipop, as it was required by the ps3 controller app.
Turbine1991 said:
It doesn't really matter if they've patched it, you can still downgrade your firmware and security level - even on this variant. I used to go between Marshmallow and Lollipop, as it was required by the ps3 controller app.
Click to expand...
Click to collapse
Which part are you saying you can downgrade? You can't take the Lollipop firmware and flash it if you're currently on the latest firmware update. It will just fall in odin.
That's just not true. The Verizon model can be flashed in Odin, I've done it a few times myself. Here's someone elses word: https://forum.xda-developers.com/verizon-galaxy-note5/general/downgrade-to-lollipop-5-1-1-verizon-t3368250
It's not impossible, you just need to use an official firmware and may need to downgrade the bootloader.
Turbine1991 said:
That's just not true. The Verizon model can be flashed in Odin, I've done it a few times myself. Here's someone elses word: https://forum.xda-developers.com/verizon-galaxy-note5/general/downgrade-to-lollipop-5-1-1-verizon-t3368250
It's not impossible, you just need to use an official firmware and may need to downgrade the bootloader.
Click to expand...
Click to collapse
Uh, Sir, the link you just posted.. *I* am the original poster of that and I'm telling you with official firmware you still CANNOT go from the latest firmware update of Marshmallow back to Lollipop! I even stated in my OP that it's not going to once you accept the BPI3 firmware update you're done and stuck on Marshmallow with no way to go back not even if you follow my original instructions it won't work!! The bootloader is no longer downgradeable thanks to Verizon!
Dirty cow or not is irrelevant. We can upgrade or downgrade and we're able to root this phone just like any other variant.
The only issue is the bootloader's signature checking.
so this is crap, thanks for the further investigation
There's a simply check for a value that they are calling a binary number. What is that? Certain versions will work together but past a certain point something changes. (most often the security storage binaries) .. So the bootloader checks to see if binary # >= current firmware binaries ... If you are on S3 binary and you attempt to flash S2 binaries the bootloader newly rejects this.
I can and have written a tool to over come this problem but there is one catch. system.img is too large for me to hack into place in this way. If I can't rewrite system.img then we are still stuck. ;*(
So what am I doing? I need root so I can just dd write system.img from /sdcard/ to the partition. that's it..
Stop listening to people who are not spending all their free time looking at the Note 5.. I already have too much access for the Note 5 to survive now.. It's going down, it is not the super secure device that will refuse to boot 'ever again' if you modify stuff that Samsung tried to claim.. that was lies and nonsense (don't hack BOTA0 or BOTA1 though)... I haven't tested changes to this partitions, all others have suffered a beating from me. (if you disable certain packages without disabling other packages it will refuse to boot, no wiping will help, reflash time)
droidvoider said:
There's a simply check for a value that they are calling a binary number. What is that? Certain versions will work together but past a certain point something changes. (most often the security storage binaries) .. So the bootloader checks to see if binary # >= current firmware binaries ... If you are on S3 binary and you attempt to flash S2 binaries the bootloader newly rejects this.
I can and have written a tool to over come this problem but there is one catch. system.img is too large for me to hack into place in this way. If I can't rewrite system.img then we are still stuck. ;*(
So what am I doing? I need root so I can just dd write system.img from /sdcard/ to the partition. that's it..
Stop listening to people who are not spending all their free time looking at the Note 5.. I already have too much access for the Note 5 to survive now.. It's going down, it is not the super secure device that will refuse to boot 'ever again' if you modify stuff that Samsung tried to claim.. that was lies and nonsense (don't hack BOTA0 or BOTA1 though)... I haven't tested changes to this partitions, all others have suffered a beating from me. (if you disable certain packages without disabling other packages it will refuse to boot, no wiping will help, reflash time)
Click to expand...
Click to collapse
I tried to tell everyone that this was straight up BS back when I was asking for help and no one wanted to risk it nor did they believe me.. Instead they chose to believe this instead of me..
http://www.idigitaltimes.com/samsung-galaxy-note-5-galaxy-s6-edge-specs-and-features-att-and-verizon-models-wont-468357
Would flashing the tar file in the OP give me the ability with ADB to delete, rename or change the bootsamsung.qmg and bootsamsungloop.qmg files? All I want to do is swap those out for another set. Would I then need to flash something else to bring it back to normal?
MrMike2182 said:
I tried to tell everyone that this was straight up BS back when I was asking for help and no one wanted to risk it nor did they believe me.. Instead they chose to believe this instead of me..
http://www.idigitaltimes.com/samsung-galaxy-note-5-galaxy-s6-edge-specs-and-features-att-and-verizon-models-wont-468357
Click to expand...
Click to collapse
You seem to have a good grasp on the situation and seem to talk sense, so I'll just ask a question. I'm only passing through because I needed some info, but got interested in the thread.
It seems you have the eng boot for the device, but not able to get system to mount rw? Strange because I have checked it and it is a bonafide eng boot.
Anyway I don't own this device, but I thought I'd just share some info that allowed others to get root on a few recent ATT devices with locked bootloaders on MM.
Using Kingroot on the said devices would not work, no matter how many times or which version was used. However flashing the eng boot from the combination firmware (so not even full eng boot as no root shell with adb) and then using Kingroot, Kingroot was able to successfully root these devices even though with some it took several tries. Kingroot was then used to convert to Supersu.
This may have been tried already, but I couldn't see it. Someone tried it with stock, but not using the eng binary.
The combination eng binary allows the device to boot in permissive mode with no dm-verity, but doesn't have a root shell or any write access with adb. The full eng boot you have should do the same obviously with the addition of adb root shell.
It's just for info and I'm not claiming it will work on Verizon devices, but it seems to be pretty successful on ATT and Tracfone devices.