{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This method is based on Amazing Temp Root for MediaTek ARMv8 by diplomatic
Clever work that give MTK-soc devices a bootless root ( Root remains until reboot ). And lucky enough it works on our Nokia 5.1 Plus
So to begin :
-Grab diplomatic lastest mtk-su.zip in Amazing Temp Root for MediaTek ARMv8
- Follow instructions from Bootless root with Magisk and MTK-SU
#You can install Magisk Manager from the magisk 18.1 package, or any version below 7.1.2. Lastest version of MM doesn't work.
And your device should have root permission.
Hi stizzir,
Great post I've tried it and it works.
The only problem I had is that you can't use the latest version of Magisk Manager you
need to use the 7.0.0 version if not Magisk manager won't open after running the suboot.sh script.
I was wondering if with this we may be able to get full root and also turn the notch on and
off on devices that don't have the Full Bezel option in Display Settings or Developer Options.
Best regards,
voidRunner
I tried it as well and it works. Thanks for letting us know I've been checking these forums every week waiting for something like this. I also used Magisk 7.0.0 inside the 18.1 Magisk zip. Latest version didn't work.
@vddrnnr
The only problem I had is that you can't use the latest version of Magisk Manager you
need to use the 7.0.0 version if not Magisk manager won't open after running the suboot.sh script.
Click to expand...
Click to collapse
Wow good to know, i encountered that problem too, and you figure it out !
I was wondering if with this we may be able to get full root and also turn the notch on and
off on devices that don't have the Full Bezel option in Display Settings or Developer Options.
Click to expand...
Click to collapse
I don't think full root can be acquired since there are still no Bootloader unlock solution yet, really looking for that. N-tool devs are working on it and they said X5 unlock is coming soon. But the bootless root work fine ! couldn't complain anything, it's basically a rooted device.
I tried Adaway it didn't work first time but worked second time, After that it would not work again no matter what I tried, says not enough space on partition. I checked host file when it worked and it had changed. Titanium backup worked, SD maid worked. Looks like I was wrong you can't edit or delete anything in system folder.
@rustdroid
I tried it as well and it works. Thanks for letting us know I've been checking these forums every week waiting for something like this. I also used Magisk 7.0.0 inside the 18.1 Magisk zip. Latest version didn't work.
Click to expand...
Click to collapse
No problems, but again, all the credits go to diplomatic for his work, I'm just lucky enough to come across his thread.
Yes latest Magisk doesn't work, diplomatic had already mentioned it the original thread.
rustdroid said:
I tried Adaway it didn't work first time but worked second time, After that it would not work again no matter what I tried, says not enough space on partition. I checked host file when it worked and it had changed. Titanium backup worked, SD maid worked. Mixplore root worked I deleted Google drive app from system/apps but took a few tries and reboots for it to be uninstalled, the folder always restores after reboot.
Click to expand...
Click to collapse
This is just a temporary solution so don't expect much out of it.
The doors will be open once the Bootloader can be unlock
Yes I know and I'm happy with it until we can unlock bootloader. Hopefully they can find a way soon but this will do until then.
Can someone else with this phone try Adaway to see if it can edit host file or delete a system app like Google drive (move the app file in system/apps replace it after tested) ? Just want to see if I'm only one that can't edit system folder.
Edit: It's okay I just read that you can't modify System/Vendor partition unless boot image modified. Will have to wait until bootloader unlocked.
vddrnnr said:
Hi stizzir,
Great post I've tried it and it works.
The only problem I had is that you can't use the latest version of Magisk Manager you
need to use the 7.0.0 version if not Magisk manager won't open after running the suboot.sh script.
I was wondering if with this we may be able to get full root and also turn the notch on and
off on devices that don't have the Full Bezel option in Display Settings or Developer Options.
Best regards,
voidRunner
Click to expand...
Click to collapse
rustdroid said:
Can someone else with this phone try Adaway to see if it can edit host file or delete a system app like Google drive (move the app file in system/apps replace it after tested) ? Just want to see if I'm only one that can't edit system folder.
Edit: It's okay I just read that you can't modify System/Vendor partition unless boot image modified. Will have to wait until bootloader unlocked.
Click to expand...
Click to collapse
Man i just can't wait for the Bootloader unlock. Nokia obviously doesn't want to offer a official unlock service ( at least for now ) since the android one line-up is meant to be as stock as possible. The company also promised to support new Android One devices in the next 3 years, so allowing Bootloader unlock will work agains their product course i think.
I have seen many attempts from the community however, and i have trust in them, many devices get unlocked by a unofficial method so.... Wait for the good news.
@stizzie I can't wait, hate having a device that I don't have full control. I've asked Nokia on there forums and signed a partition that is closed now, That's all I can do and just wait. I read somewhere that Nokia will allow it soon but who knows how long. Hopefully someone finds another way soon.
Doing this won't kill OTA, right?
Rajeel911 said:
Doing this won't kill OTA, right?
Click to expand...
Click to collapse
Absolutely not
stizzie said:
This method is based on Amazing Temp Root for MediaTek ARMv8 by diplomatic
Clever work that give MTK-soc devices a bootless root ( Root remains until reboot ). And lucky enough it works on our Nokia 5.1 Plus
So to begin :
-Grab diplomatic lastest mtk-su.zip in Amazing Temp Root for MediaTek ARMv8
- Follow instructions from Bootless root with Magisk and MTK-SU
#You can install Magisk Manager from the magisk 18.1 package, or any version below 7.1.2. Lastest version of MM doesn't work.
And your device should have root permission.
Click to expand...
Click to collapse
Can I give permission to es file file explorer if yes than how??
And can I modify this partition Device/data/nvram/APCFG/APRDEB
Ranjhag said:
Can I give permission to es file file explorer if yes than how??
And can I modify this partition Device/data/nvram/APCFG/APRDEB
Click to expand...
Click to collapse
Just follow instructions in the provided links, you should have root permission. Applications working or not really depends on your device so it won't hurt if you try it yourself.
Device is Nokia 5.1 plus?
And sir can u tell me where I have to paste mku-su file? In the pc
I got OTA update today while this thing was running so no OTA issues.
Just 2 warnings:
1) Don't write even a single byte to system partition or boot partition.
2) Don't expect Netflix etc to work since it breaks CTS profile and basic integrity. Banking apps etc will whine for rightful reasons too.
Ilgazc said:
I got OTA update today while this thing was running so no OTA issues.
Just 2 warnings:
1) Don't write even a single byte to system partition or boot partition.
2) Don't expect Netflix etc to work since it breaks CTS profile and basic integrity. Banking apps etc will whine for rightful reasons too.
Click to expand...
Click to collapse
It doesn't let you do anything to system or boot partition. I tried editing and deleting and doesn't work. Have to wait until bootloader unlocked.
Rajeel911 said:
Doing this won't kill OTA, right?
Click to expand...
Click to collapse
rustdroid said:
It doesn't let you do anything to system or boot partition. I tried editing and deleting and doesn't work. Have to wait until bootloader unlocked.
Click to expand...
Click to collapse
If you (by chance) are able to write a single byte to system or boot partition on this dm-Verity enabled device, it won't boot and will need service center.
That changes if bootloader can be unlocked of course.
Ilgazc said:
If you (by chance) are able to write a single byte to system or boot partition on this dm-Verity enabled device, it won't boot and will need service center.
That changes if bootloader can be unlocked of course.
Click to expand...
Click to collapse
Okay thanks for the info. Guess I was lucky that you can't do anything. I tired to delete a few pre installed apps and edit the host file. Looks like this is as good as it gets until we can unlock bootloader.
Related
Root Transmission
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Root Transmission: the ONLY app that allows you to root other phones straight from your own device!
Inspired by Kos's p2p-adb hacking toolkit (http://hak5.org/episodes/hak5-1205), this app is a pleasant, easy way to root other phones while away from your computer! Just two buttons, Root and Unroot! Connect the cable and root away! It couldn't be simpler!
Even has its own terminal window so you can see exactly what's going on while your phone does its thing!
You will need a ROOTED device capable of USB hosting (USB On The Go), a USB OTG cable and one-click root scripts for the devices you wish to root.
Scripts and their associated files should be placed in /sdcard/RootTransmission/*devicename*/*version*/, otherwise it will not be available for use. *devicename* and *version* can be whatever you want.
Note that this is an UNSTABLE version, and you use this app at your own risk. Occasional force closes are to be expected (though they will most likely not break the phone you are trying to root). Incorrectly written scripts can permanently damage or brick both devices involved, so only use trusted 3rd party root scripts and at your own risk.
Click to expand...
Click to collapse
Screenshots
Changelog
1.01unstable
fixed bug that sometimes caused crashing when user closed app
fixed bug that caused app to crash if scripts directory did not exist
Much smaller size (166k)
made it for Android 4.0 and up (accidentally had it for 3.1 and up in Play Store, will re-add Honeycomb support if I find that it works reliably with it)
1.0unstable
initial public release
Click to expand...
Click to collapse
Planned features
Downloading scripts within the app
Nicer GUI
In-app help text
??? Suggest some!
Click to expand...
Click to collapse
(Removed from Play Store because Google said it was "dangerous")
Please do not mirror this apk, it is to be downloaded exclusively from XDA-Developers. Failure to comply will result in the removal of this app from XDA.
I've attached a zip with the files needed to root a Verizon Galaxy S3 (SCH-I535), extract it to /sdcard/RootTransmission/ to use.
Note that since I only have one USB host-capable device (my own S3), no warranty is provided over the functionality of this zip since I am unable to fully test it. (It is a repackaged version of the DebugFS one-click root found at http://forum.xda-developers.com/showthread.php?t=1883984 and thus will only work if the device to be rooted is running ICS, which shouldn't be a problem as of yet.)
Again, this is an unstable test version. It should mostly work, but no guarantees on its functionality.
Reserved for future use
Reserved for future use.
what device is supported? what device supported that can be rooted?
chev said:
what device is supported? what device supported that can be rooted?
Click to expand...
Click to collapse
In order to run the app, your device (the device that is already rooted) must support USB hosting/USB OTG. Most newer devices have this.
This app uses adb and scripts (which you must provide) to root devices. If there is a root method for the device that uses adb, then it will work.
In the case of the Verizon Galaxy S3 (my primary device), the root method for a stock ROM is to use adb to push an exploit that will allow us to install Superuser and the su binary. I believe the Asus Transformer Prime uses a similar method.
If the only root method available involves using a program such as Odin/Heimdall or a manufacturer's phone flashing utility, or a zip must be flashed in recovery in order to gain root, it will definitely not work. In the case of the HTC Sensation, you must flash a recovery and boot into it, then flash a zip containing the su binary as well as a controller app such as Superuser in order to gain root. So the HTC Sensation could NOT be rooted with this.
In the future I plan on building a compatibility chart within the app to determine which phones can run this app and which phones can be rooted with it, as well as downloads for the rooting process. In the meantime, if there is a phone you are looking to root with this, let me know and if possible, I'll craft a zip to use with this.
Updated Root Transmission to 1.01unstable.
Following changes were made:
-bugfix: app occasionally FC'd when closing app
-bugfix: app crashed if scripts directory did not exist
-smaller size (166k, old version was 1.62mb)
-made it available only for 4.0 and up (had it set to 3.1 and up by accident)
Available in first post or in the Play Store.
Keep sending in those bug reports, it really helps!
Also, if you have any new features you want to suggest, let me know.
I'm considering the following so far:
-Downloading scripts in-app
-Nicer GUI
-Help text
Added script for the Asus Transformer tablets (TF101/TF201/TF300T/TF700T) to the first post. It will only root tablets on 4.0 or below.
This app looks promising, keep it up this great work, :fingers-crossed:
Theoretically could this run any script over adb on another device. not just a root one?
one x
Hey does this work with the one x international version?
I believe that in order for the app to work properly, adb must be running as root, so no. It's not possible to use this with a non rooted phone.
HTC One X should be able to be rooted (as well as other devices relying on fastboot), but I haven't added support for it yet. A fastboot binary for ARM is available, so I'll package that into the app for next release. Stay tuned. However, I don't know about unlocked bootloaders and all that on HTC devices, so beware.
I'm also going to take a look at the Heimdall source code later so that you can perform Odin flashes over USB. This means that basically any Samsung phone should be able to be rooted, even without a one click root script.
All this stuff will take time though, and with school still going on it might take some time. But I'm definitely working on it!
Sent from my SCH-I535 using Tapatalk 2
Would it be possible to use this app to flash unsecured boot.img and then recoveries? Basically have it set up to download the recoveries and boot.img from a ftp or something? Can we basically just use the host phone as a standard ADB and Fastboot commander? Using regular commands?
root tranmission
i download the file, and recive the next error while unstalling:
parse error
there is a problem parsing the package
there´s any fix?
thanks in advance
Draciel882 said:
Would it be possible to use this app to flash unsecured boot.img and then recoveries? Basically have it set up to download the recoveries and boot.img from a ftp or something? Can we basically just use the host phone as a standard ADB and Fastboot commander? Using regular commands?
Click to expand...
Click to collapse
This is on my to-do list. I might also include a terminal emulator with access to the app's adb/fastboot binaries.
teran220 said:
i download the file, and recive the next error while unstalling:
parse error
there is a problem parsing the package
there´s any fix?
thanks in advance
Click to expand...
Click to collapse
Try installing from Play Store.
wchill said:
This is on my to-do list. I might also include a terminal emulator with access to the app's adb/fastboot binaries.
Click to expand...
Click to collapse
That would be awesome, let me know if you need some help testing. I've been wanting to be able to do this for awhile. It would pretty much eliminate the need for a computer when flashing roms on devices that have their bootloader already unlocked.
how to check my device is usb otg/host capable ?
anazhd said:
how to check my device is usb otg/host capable ?
Click to expand...
Click to collapse
Use this app by Chainfire
https://play.google.com/store/apps/details?id=eu.chainfire.usbhostdiagnostics
Sent from my SCH-I535 using Tapatalk 2
Wow, the idea behind your software is brillant!
I yet see a future world in which handset liberation is achieved and spread among users in dark corners of the streets! :silly: :laugh:
Hey there wchill , seems like you are an app dev rookie as I seen some stuff , well you aren't so different from me , PM me , I will help you in your project , btw I have seen a small thing , that the Settings button does nothing , to remove it remove in your mainActivity the lines that say onCreateOptionsMenu , as long as you don't need an options menu !
EDIT : No offence for calling you a rookie , I may have underestimated you , because your work is amazing , but I was talking the Java side of your knowledge , sorry if I offended you !
seaskyways said:
Hey there wchill , seems like you are an app dev rookie as I seen some stuff , well you aren't so different from me , PM me , I will help you in your project , btw I have seen a small thing , that the Settings button does nothing , to remove it remove in your mainActivity the lines that say onCreateOptionsMenu , as long as you don't need an options menu !
Click to expand...
Click to collapse
I know that the options menu is there, but I'm planning on adding to its functionality so there's no point in removing it yet. Don't worry, I didn't forget about it
Also, I only have one year of experience in Java, so my skills definitely are not the most top notch out there. I'd say not bad for being self taught though.
Anyway, in app downloads should be working by this weekend, depending on how much homework I get this week. Did a lot of it today, just need to make the frontend for it. After that I'll work on improving the GUI, because I really couldn't be bothered to spend more than 5 minutes making it what it looks like right now.
Expect an update in the next few days
Sent from my SCH-I535 using Tapatalk 2
NabiRootXD v2
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This is a tool for rooting, installing Gapps(Play Store, etc), and adding custom TWRP recovery on Nabi XD. It's written as a windows command line batch file, and is based off NabiLab I made for Nabi2.
It was an adventure to say the least. I include some of the hurdles for those that want to duplicate the root process or just to place my thoughts "on paper" because of the 100's of posts I read from those that posted detailed information and allowed me to gain useful insight in how I could adapt things for the XD, and explain in one swoop to the many PM's I have received about "when will we see root on the XD" why it took so freaking long. Those that just want the program can continue to the Overview section.
What started as an interesting avenue was TWRP using the Nabi2 kernel was booting the NabiXD to TWRP without video. I thought it possible to dd the recovery, or boot kernel. Unfortunately it was unable to recognize internal storage as a block device and that ended that. Like a few devices on Android 4.1.1 and above the standard once click program using Bin4ry's ADB restore exploit doesn't work. It doesn't work for a couple of reasons, when restoring fakebackup.ab in locks up writing the first file, and even if it did work placing ro.kernel.qemu=1 in local.prop doesn't work because Jelly Bean doesn't parse any property files to set the ownership of adb daemon. Searching the file system I found su2 in the xbin directory. This was promising as it is the su program but renamed, also unfortunate was its permissions had no setuid bit set and while it was executable it would not change uid to 0. I then foolishly went down the path of nvflash(forced recovery). I attempted a few different avenues here to try and possibly get the SBK to unlock nvflash, that proved uneventful, especially without root access. I tried extracting what "could" be the key from the Nabi2 it hope it was reused. That lead no where, it would be awesome to have access to it for many other reasons but it turned out to be an exercise in learning but ultimately a waste of time. Then on to other Android exploits... Tried Samba, debugfs, and vfat exploit. All of those are either patched or I'm not skilled enough. I finally returned to looking at the ADB restore exploit.
The "tabletS" exploitation showed promise as it takes the avenue of installing /dev/sh vs ro.kernel. A side effect of the failed ADB restore bug was leaving a directory with full permissions. Bads3ctor had an interesting fakebackup.ab that was more reliable at making a directory or file that you simlinked have full permissions. Now you can step through the tabletS script more effectively where you couldn't before by manually setting permissions for files/directories you need by doing the restore for each file and directory you need. The script installs VPNfaker and backs up the /data/app directory, then creates a new app directory. This however will cause the NabiXD to rerun the initial kidsmode setup and breaks everything. You can dance around that by not rebooting, and VPN faker will still give you a Term app with system uid. From there you can't symlink the sysfs links properly to data/property but that can be worked around by moving and then removing files. Finally you can makedev /dev/sh and run su from /data/local/tmp. The end result is that the exploits and bugs found by others are adequate when strung together in the right order on the NabiXD just not the one click solutions provided on the forums, they needed some modifications and done by hand to figure out for the NabiXD
Here is a nice publication I found in my searches that is more layman terms for older root methods. http://www.sourceconference.com/publications/bos12pubs/android-modding-source.pdf
Overview
Video Overview of NabiRootXD - a video tutorial of the use of NabiRootXD.
-Root the Nabi XD
-Install Gapps(Play Store, etc)
-Make a stock backup of unrooted device
-Install stock, or TWRP recovery
-NabiLab patching system to install updates to this program
Version 2
-Fixed scripting error causing early exit
-Added 7z for patching system
Download
Read the installation section below to determine which version you want.
File names:
NabiRootXD.zip 96MB (Version 2)
Download
Download Mirror
Installation
NEW INSTALLS
1) Download NabiRootXD
NabiRootXD.zip 96MB
2) Extract the zip files to a location of your choosing. Run the NabiRootXD.bat file.
Prerequisites
1) Script is for Windows
2) ADB enabled in Android. Enter Mommy/Daddy mode. Open settings->developer options->put a check mark in USB debugging.
3) ADB and Fastboot driver. Most popular are the PDAnet drivers. You can get them here: PDAnet drivers
Usage
Obviously using this script on your NabiXD voids the warranty and I take no responsibility for the damage you cause.
MENU 1 - Root, Gapps, Recovery
Menu Option 1 - Install Root, Recovery and Gapps
This option is best used if you have a brand new Nabi. At this point you should have met the prerequisites of enabling ADB in Android. Follow directions, most sticking points are pressing the volume + and then pressing the volume - button twice and making sure recovery kernel is the one highlighted. After its complete you should have a rooted Nabi, with Gapps and a backup of your unmodified Nabi in the folder TWRP/BACKUPS/YOURSERIAL/stockunrooted on your device. Not a bad idea to copy this off the Nabi to your computer if you need to free space or have it in a second location.
Menu Option 2 - Install Root and Recovery
Same as above but doesn't install Gapps. Some people have trouble with option 1 taking the Gapps install, I personally have never experienced it but the option is this one, or I guess if you are an elite hacker that just wants root.
Menu Option 3 - Install Gapps
Same Gapps installed in the Option 1. Useful for re-installing Gapps. This is Jelly Bean Gapps dated 10/11/2012 without Google Search. This makes NO backup of you Nabi. You will have to already have installed TWRP.
Menu Option 4 - Install Root
Installs root. Nothing fancy here, and likely unneeded but here for completeness if you find yourself in a strange situation. One that comes to mind is that you have a stock backup which you restored and don't want to do another backup so you would just run this and the gapps install. It makes NO backup. You will have to already have installed TWRP.
MENU 2 - Install Recoveries
Menu Option 1 - Install TWRP 2.3.3.0 for Nabi Version 1.2.3
Installs TWRP 2.4.4.0. This is the latest at this time. It has a screen timeout, if the screen goes black touch the screen to wake the screen, it's not locked up.
Menu Option 2 - Install Stock Recovery
Installs stock recovery. This is useful for taking an OTA, or completely returning Nabi to stock.
Notes: TWRP installs are based off my work in this thread if you want to read more.
MENU 3 - Patch NabiLab
Menu Option 1 - Install Patch
For any updates to NabiRootXD this is where you can automatically load them. Basically you will download NabiPatchXD.zip and place the entire zip in the patch folder. No unzipping just the single file. Then run this option.
Credits - If you see these guys buy them a beer.
jzmtaylor - Original Nabi2 script that this is based off of.
Bin4ry, Bads3ctor, HEXcube, drjbliss - all the bugs/exploits needed to accomplish root
Dees_Troy - TWRP build tutorial
Eric Karz - TWRP Theming and rooting assistance
TeamWin - They are the guys that make TWRP possible
Weeee more Easter goodies haha.
thanks aicjofs
Sir can i use this tool for installing Gapps for unrooted Galaxy Tab 7.0+ (wifi)? bcoz i updated my tablet for Honeycomb to Ice creamsandwich (China Firmware), everything is fine except that i cant open google playstore...
first of huge thank-you.. who do i send a bear donation to as a thank-you
there is a possible bug or its just me when pressing the menu button it will pull up a search, or say Google with a white back ground only way to get out isto press home if a menu appears then pressing back produces the same results
srgsng25 said:
first of huge thank-you.. who do i send a bear donation to as a thank-you
there is a possible bug or its just me when pressing the menu button it will pull up a search, or say Google with a white back ground only way to get out isto press home if a menu appears then pressing back produces the same results
Click to expand...
Click to collapse
The gapps removes the problem in system/app/quicksearchbox.apk you can rename it toquicksearchbox.bak
only other way I can think of is some how playstore added it to data/app
rename com.google.android.googlequicksearchbox.apk to com.google.android.googlequicksearchbox.bak
hth
ps: thank the op he spent hours and hours to make this happen = sacrificed his free time
Thanks for the feedback.
Perhaps we should have used the 7/26/2012 gapps? http://goo.im/gapps/gapps-jb-20120726-signed.zip 10/11/2012 is suppose to be 4.1.1 backward compatible, but perhaps there are some bugs with it on XD. Flash over the top of the current one. It will leave behind /system/app/thinkfree.apk, /system/app/microbes.apk and /system/lib/libmicrobes_jni.so, which you could remove manually. Wipe caches.
How about GPS stuff? Is that working?
i was looking at gapps-jb-20120810-JRO03C-Formula84-Custom
it has some things that sort of work like maps/local/ latitude /
I don't think gps is working
Even in the productions test it fails .
could it be a permissions problem ? I have not tried 20120726 .
Eric Karz said:
i was looking at gapps-jb-20120810-JRO03C-Formula84-Custom
it has some things that sort of work like maps/local/ latitude /
I don't think gps is working
Even in the productions test it fails .
could it be a permissions problem ? I have not tried 20120726 .
Click to expand...
Click to collapse
Do we know that the GPS works at all?
aicjofs said:
Do we know that the GPS works at all?
Click to expand...
Click to collapse
with gapps installed it doesn't seem to work .
maybe we are going to need a edited gapps ?
I'm just going to remove Google Search for now. That is highly annoying, I was messing around with ways to fix it, and got it to open in apps when you press the settings button, I was previously only getting it when pressing back button.. I updated the downloads. Until we figure out the fix, it's just too troublesome.
cool that did the trick renaming the file i do have a really stupid question is there a hiden proxy setting that makes the tablet able to bypass our DNS security filters with open dns just curious
srgsng25 said:
cool that did the trick renaming the file i do have a really stupid question is there a hiden proxy setting that makes the tablet able to bypass our DNS security filters with open dns just curious
Click to expand...
Click to collapse
I don't know if there is a hidden proxy. I'm not sure of your question. You could try going to settings-wifi. Long press the name of the network and a pop up will come up. Modify network, show advanced options. There is the proxy and DNS, for DNS you have to be static. I think there is 4.4.4.4 in there by default, plus what your router gives out.
If you are talking about something more underground I think you could use a getprop in adb shell or term.apk. I know I have seen stuff in there for DNS, something like dhcp.wlan0.dns there is stuff in there about "change" too. Should be able to set if you "su" and do a setprop. That would only be good until reboot, but could help you trouble shoot. I think it's set here /system/etc/dhcpcd/dhcpcd-hooks/20-dns.conf, maybe not in Jellybean. Anyway those are places to look if it's more then in settings that you are looking for.
ok it seems that this might be a work around to the quick search problem
edit the buildprop and change
ro.sf.lcd_density=160
to
ro.sf.lcd_density=145
I tried 149,150,59 and 120
120 does seem to fix it also but the screen makes every thing look smaller and some may not like that .(I do)
also I had to install BusyBox in order to get a few things to work including
build prop Editor by Nathan Campos (this tool seems to be a good test app to see if you have proper permissions)
note that the swipe screen will be a bit smaller under 160
maybe some one can use this info to edit quick search box we wouldn't have to change anything?
i am trying to get this tablet to use my network opendns settings and web filters
Can someone direct me to where I can get a Vista MTP driver for the Navi XD? I installed PdaNet as instructed but the tool wont connect, and I have a yellow exclamation mark by MTP Device. Can't seem to find anything else online.
EDIT: After rebooting a few times, then disabling my firewall, the tool connected. Thanks for the awesome tool.
Looks like an OTA was released for the Nabi XD today that bumbs the Nabi XD up to version 1.3.5. I tried doing the stock recovery option but the NabiRootXD app just closes out after selecting it. I looked into the NabiRootXD.bat file and I noticed on line 483 that it says to "GOTO Install_4" which doesn't seem to exist. I believe it should actually say "GOTO Install_2".
After making this change I was able to restore to the stock recovery to perform the OTA.
Now once I tried to install the OTA it appeared to atart the installs and then fails with the dead android symbol about a third of the way through. No idea what the problem is now so I'll just wait for others to try this and see what their results are.
yup getting the dead droid
Reinstall TWRP and "Install" this to update. Have a backup. Should work if you have made no system modifications, except what NabiRootXD did.
Download
TWRP may or may not ask you to reinstall superuser.
Also working on a patch to fix the exiting error in script.
EDIT: New links for a version 2. Fixed scripting error and patch system error. Easier to just download the whole program again then for me to explain fixing the patching system manually.
OTA procedure
srgsng25 said:
yup getting the dead droid [
BOOT into TWRP and perform and system restore to pre-root image
reboot
download and install the OTA
reapply root and gapps
Click to expand...
Click to collapse
aicjofs said:
Reinstall TWRP and "Install" this to update. Have a backup. Should work if you have made no system modifications, except what NabiRootXD did.
Download
TWRP may or may not ask you to reinstall superuser.
Also working on a patch to fix the exiting error in script.
EDIT: New links for a version 2. Fixed scripting error and patch system error. Easier to just download the whole program again then for me to explain fixing the patching system manually.
Click to expand...
Click to collapse
Thanks for the update aicjofs! I'll test this out shortly and let you know how everything goes.
One click root is showing h901 now available.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my LG-H901 using XDA-Developers mobile app
sabresfan said:
One click root is showing h901 now available.
Sent from my LG-H901 using XDA-Developers mobile app
Click to expand...
Click to collapse
@sabresfan Have you tried it?
No you gotta pay for it.
Sent from my LG-H901 using XDA-Developers mobile app
Really?
That's really ****ty. Charge for a root? I'm sure they would still make plenty by doing donations like all developers do. Take care of the community, community takes care of you. What crooks.
Why anyone would pay for root when they can find it on XDA for free is beyond me. One Click Root takes methods that the community has developed and given away, then sells them. That almost meets the definition of crook if you ask me (unless they publicly give credit). OCR mostly is for bootloader locked devices that can't get root any other way.
I tried installing KingRoot/KingoRoot on my v10 recently, just to see if it would work. Nope. It used to work on Lollipop but not on Marshmallow. Now I'm using systemless Magisk and systemless phh Superuser (Magisk version). Works really well for the most part.
We are all wrong.
The root statement on all kind of androed devices, needs to be IMPOSED BY LAW SUIT to Gogle Inc.
Creating os like a REAL OS IS (with adm and password and root)
And something more:
IMPOSE TOO, each device, HAVES OBLIGATION TO COME WITH ORIGINAL ROM OF THE DEVICE RECORDED ON A CD ROM FOR REINSTALL AGAIN.
We are all wrong PAYING BUMS AND DUMB DEVICES LIJE TODAY THESE SUPERPRICED CHITS ARE.
Sent from Somefon
It's not illegal to root, but I doubt any court would ever order Google to preroot Android devices. Google would claim it's a security risk, and quite frankly, they would be right. This would open up the masses to all kinds of vulnerabilities. Most people can't handle a rooted device, not because they're dumb, but because they don't understand what root is, the responsibilities it entails, etc. But I personally still prefer to root. I'm willing to take a little less security in exchange for the power to do things I couldn't do otherwise.
Ha, security risk?
Windows have root, and is a security risk?
Linux and Unix-like haves root, and are security risk?
These mobiles are LINUX AND MICRO PC.
If this haves not root, is not mine!
The goglepleyservices is malware that "administry" remotely.
I hate apple untill DEATH!
HATE!
PROBABLY I WIL REPUDIE GOGLE SOON LIKE I DO WITH THIS DEVIL'S COMPANY APPLE INC.
Sent from Somefon
---------- Post added at 10:41 PM ---------- Previous post was at 10:37 PM ----------
Doing any kind of operational computer system where, these OS haves not root, it sounds like a Bum amateur pig (that uses JAVA AND LINUX) AND CREATE THEIR OWN DUMB OS WITH THINGS THAT ARE PROPERTY FROM OTHERS, AND WORST MORE: FURTHED BY THE PROPIETARY.
THIS IS ANDROID.
Sent from Somefon
Will this work on the 6.0.1 update?
@linsalata28: Most likely, no, since the One Click Root people usually root the device with KingRoot/KingoRoot. Last time I tried those on the v10 running MM 6.0.1, they failed. I tried with theirs apps as well as connecting my phone to PC. Your best best is to unlock your bootloader, install TWRP, then flash either systemless SuperSU, Magisk, phh's Superuser, any of those will work and are far superior to OCR. Why pay for OCR when you can get a superior root solution for free? They take methods developed by the Android community (oftentimes here at XDA), then charge money for this "service" that you can easily do yourself. Screw that crap.
AnonVendetta said:
@linsalata28: Most likely, no, since the One Click Root people usually root the device with KingRoot/KingoRoot. Last time I tried those on the v10 running MM 6.0.1, they failed. I tried with theirs apps as well as connecting my phone to PC. Your best best is to unlock your bootloader, install TWRP, then flash either systemless SuperSU, Magisk, phh's Superuser, any of those will work and are far superior to OCR. Why pay for OCR when you can get a superior root solution for free? They take methods developed by the Android community (oftentimes here at XDA), then charge money for this "service" that you can easily do yourself. Screw that crap.
Click to expand...
Click to collapse
Thanks I didn't even think of doing it that way. I was only asking because a few people had asked me. I rooted mine before the update. I tried the 20L but went back to 20J. I was having issues with the update.
Please help?!
I am new to this whole rooting thing, and I was wondering if I could get your expert advice on how exactly to root my LG v10, vs990, running 6.0 marshmallow. What are the first....to.....last steps I should take. There are a lot of pay-sites out there, like OCR, but I was hoping somebody here could walk me through how to do it myself. You seem to be extremely knowledgeable on the topic, so I thought I would reach out for your expertise. This will be my first phone that I root, and I don't want to brick it. Would you please advise and help teach a new student?
AnonVendetta said:
@linsalata28: Most likely, no, since the One Click Root people usually root the device with KingRoot/KingoRoot. Last time I tried those on the v10 running MM 6.0.1, they failed. I tried with theirs apps as well as connecting my phone to PC. Your best best is to unlock your bootloader, install TWRP, then flash either systemless SuperSU, Magisk, phh's Superuser, any of those will work and are far superior to OCR. Why pay for OCR when you can get a superior root solution for free? They take methods developed by the Android community (oftentimes here at XDA), then charge money for this "service" that you can easily do yourself. Screw that crap.
Click to expand...
Click to collapse
AnonVendetta said:
@linsalata28: Most likely, no, since the One Click Root people usually root the device with KingRoot/KingoRoot. Last time I tried those on the v10 running MM 6.0.1, they failed. I tried with theirs apps as well as connecting my phone to PC. Your best best is to unlock your bootloader, install TWRP, then flash either systemless SuperSU, Magisk, phh's Superuser, any of those will work and are far superior to OCR. Why pay for OCR when you can get a superior root solution for free? They take methods developed by the Android community (oftentimes here at XDA), then charge money for this "service" that you can easily do yourself. Screw that crap.
Click to expand...
Click to collapse
I'm coming from a Nexus 5X which suddenly died on me so I had to use this V10 I had as a replacement. I am a long time Nexus user so I am familiar with TWRP and rooting and all that. But this is the first phone I have used in a while that isn't as straight forward as the Nexus phones when it came to rooting. So I just have a couple questions about the V10. Is it as easy as you mention? Unlock bootloader, flash TWRP, then flash root. That's it? And I assume so but I'll ask anyway to make sure, doing this wipes the phone?
I may not even root this thing but just in case I get curious enough to do it, I'd like to know if that's all it takes.
EDIT: I see there is no official TWRP for the V10 though.
I no longer own a v10, but I'll still try to help.
First, flash a stock Marshmallow KDZ via PC. v20L was the last KDZ I had used. Maybe Nougat is available for the v10 now? Either way, go with 20L, or else my steps might not work.
Next, Google for something called Dirty Cow exploit
Instructions here: https://github.com/jcadduono/android_external_dirtycow
Download all 4 files from here: https://build.nethunter.com/android-tools/dirtycow/arm64/
Install the latest LG United Mobile Driver
Install ADB drivers (Google for "15 seconds ADB")
Connect phone to PC, open CMD prompt as admin, then type "adb devices" (no quotes). USB debugging needs to be enabled for this to work. Check your phone, something should pop up about accepting an RSA fingerprint, say yes. Then type "adb devices" again, see if your phone is in the list, then make sure it doesn't say unauthorized.
Run through the steps for the DC exploit, I advise using Linux for this, but Windows should work (no luck for me, I booted into a live Fedora Linux distro on a USB stick, then installed android-tools via the commands "su" and then "dnf install android-tools" packages to get ADB and fastboot). If you did everything correctly you should have a modded boot image with SELinux set to permissive by default, as well as temp root. From here you can use the dd command in a terminal emulator (on the phone) to flash a TWRP img into the recovery partition. I forgot the exact command to type for that but it's not a long one. It should be on the Dirty Cow GitHub page.
Once done you can just reboot into recovery via the button combo, from there you can flash a systemless SuperSU zip for permanent root. Magisk will also work. I know most people use SuperSU or Magisk these days. But honestly, I don't use either anymore, SuperSU is still closed-source and is now owned by some shady Asian company. And Magisk, I had too many issues with it. So I'm going to take the time out to give a recommendation for my current fave root solution, called Phh's Superuser. It's very simple and elegant, you can find the download link for it in a thread here on XDA. And it's 100% open source and just works, and well at that. I had no issues with it on the v10. Grab the zip from the Phh thread, then boot to TWRP and flash it, simple as that. It will patch your boot image. Then wipe cache and dalvik cache, reboot back into Android, download the Phh's Superuser app from Play Store. You need this or it won't work. Once done just open the app, you'll see it's very simple as I've said. Nice and clean and uses next to no resources. Test some root apps with it, I think you'll like what you see. From here you can remove bloatware or mess with kernel settings, whatever you want, pretty much anything that needs root should work.
Hope this helped someone!
This tool is out of date. See the main R9S thread for an updated tool by Wu Xianlin which gives you an improved TWRP recovery and access to more ROMs.
Original post is below for historical purposes only.
Oppo R9S (Chinese version) TWRP installation tool
Only works on Chinese OS release 005 which can be downloaded here and flashed in stock recovery.
Earlier versions will not work, nor will later versions. It has to be this specific version.
P̶r̶o̶b̶a̶b̶l̶y̶ doesn't work on international editions either.
DOWNLOAD - R9S_TWRP.zip - V1.01
DOWNLOAD - R9S_TWRP.zip - V1.0
Changelog
1.01 - Tweaked timings to try and improve success rate
1.01 - Changed how text is output to hopefully improve appearance on Windows 7
This script uses an exploit by Chinese developer Wu Xianlin to gain temp root, then it flashes his TWRP build that works on the R9S despite the locked bootloader.
From there you can attempt to perma-root your phone, install a custom ROM etc. etc.
Thanks to the following XDA members, without whom this would not have been possible:
jacksmack
celoxocis
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Antivirus issues
Some AV's may complain about this file containing a Trojan. They are technically correct. It's called "dirtycow" and is being used in the wild to hack into Linux systems. It cannot affect Windows systems, but I use it to hack a linux-based system (your phone)
If your AV refuses to let my script run you will have to disable it temporarily. Feel free to read through my script (root1.bat) to check what it is doing.
Useful things to flash in TWRP
CyanogenMod13 - by Wu Xianlin
Stock Recovery - by Wu Xianlin
GApps (ARM64) - by opengapps.org
Updated basebands, ripped from ColorOS
Use these only if you have issues with phone/GPS/etc. after installing CM. Otherwise leave alone.
[2017-01-11 v0180] - released ROM (China) - by me!
[2017-01-24 v1470] - ALPHA ROM (China) - by me!
Note: The version number on basebands stays the same, but the MD5s are different. No idea what has changed, but they work!
Unbrick instructions:
Does not work in Windows 10. Tested working in Windows 7
Download this unbrick package
Install the quallcommmtkdriver package
Run daanav-enabler as administrator
Run msmdownloadtool as administrator
Click through any timeout error you get
Click on the titlebar of MSMDownloadTool and press F6 to enable the options
Fully power down your phone by holding vol-, vol+ and power for 10 seconds
Hold vol- and vol+ while connecting the USB cable (use the stock Oppo cable)
MSM should now show your phone.
Press F5 to decide what to flash. For the first attempt choose "All except userdata".
Click the start button.
After 5 minutes your phone should reboot into ColorOS.
If ColorOS hangs on boot, then repeat the above staps and this time flash all, including userdata. This will wipe your photos etc. sorry!
This will leave you on V004 of the OS. You will need to upgrade to 005 before attempting to root again.
Can I request a version of this that stops at permanent rooting? Unless you think there would be a problem with the fact that I intend on using it on a r9s plus.
Or a link to what I maybe overlooked, in case it already exists.
Unfortunately this program doesn't perma-root. It gains a temp root and uses that to flash TWRP. TWRP can then be used to flash a custom ROM or a rooting tool.
It also doesn't unlock the bootloader. Wu Xianlin somehow managed to make a version of TWRP that the locked bootloader is happy with!
however if you edit root1.bat and scroll down to line 181. Change it from:
Code:
type root3.txt | adb shell /data/local/tmp/root2.sh
to:
Code:
adb shell /data/local/tmp/root2.sh
Then the script will just drop you to a root shell. Unfortunately you are then on your own as to how you get perma-root.
I have no idea whether this method will work on the R9SPlus. In theory it should do but I've not tried it. I won't be held responsible if you brick your phone and probably won't be able to help, though you should be able to do a three-finger reboot and then boot into recovery and reflash ColorOS.
Optional modifications you can make that will make the script neater:
You can also remove lines 178 and 179
Code:
echo Copying TWRP
adb push r9s-twrp-3.0.2.0-20170107.img /sdcard/twrp.img
and change line 184 from
Code:
pause
REM ---- CHINESE TWRP HELP ----
to
Code:
pause
exit
REM ---- CHINESE TWRP HELP ----
I will take your "I have no idea if this will work fo r9s+" at face value and try to be patient for something more certain, thanks for your contribution nonetheless
I saw the translation you posted and am a bit depressed Wu recommended to return the phone...
Oppo make amazing hardware but terrible software that is never updated. I used to be ok with this because they actively encouraged rooting and custom ROMs but this change in attitude from them makes it very hard to recommend the phone.
I would be interested to know if this exploit does gain root on the Plus. In theory it should work, and there's also a decent chance that TWRP will too as the hardware is very similar, but will require someone very brave/stupid to try it
BTW. Anyone who is going to try this on the Plus. Ensure you have a flashable .ozip of a working ColorOS (full install, not OTA) saved to internal storage as the stock Oppo recovery is a POS that doesn't provide ADB, MTP or USB.
If you end up wrecking your OS and don't have that image in place ready to flash from recovery you are screwed.
Likewise do not flash TWRP until you are sure that your OS is still bootable, and also take a dump of the stock recovery first! (and post it in the other thread as it's bloody useful to have!)
Sent from my OPPO R9s using XDA Labs
Hi the Unbrick pack RAR is corrupted and can not unzip.
Also there is Trojan in DOWNLOAD - R9S_TWRP.zip - V1.0 - Dirtycow file and the NOD Antivirus is deleting this file.
Please advice how to proceed ?
NOD is correctly detecting that this is a hacking tool using a well known exploit (dirtycow).
Since you actually want to do that, you're going to have to disable NOD until you're done.
Sent from my OPPO R9s using XDA Labs
Lum_UK said:
NOD is correctly detecting that this is a hacking tool using a well known exploit (dirtycow).
Since you actually want to do that, you're going to have to disable NOD until you're done.
Sent from my OPPO R9s using XDA Labs
Click to expand...
Click to collapse
Hi I got to somewhere but I am stuck now...
Please check the pic and advice how to install the CyangenMode. (I have uploaded the pic in your thread in Oppo Community forum please check it there because I am new here and can not post with external links..)
Sorry for the inconvenience. Looks like I am few steps away to finish the job but something is missing...
Goro1234’s image: http://s27.postimg.org/8usudi9g3/IMG_20170207_133854.jpg
You need to do a wipe data/cache/dalvik as CM won't install on top of incompatible data.
Note that this will wipe your installed apps, settings, app data, saved games etc. but will not wipe your photos, music, downloads or anything else saved to internal storage.
You may wish to take a backup from within TWRP first. Apps like Titanium Backup and Nandroid Manager are reasonably good at restoring apps and data from a TWRP backup.
Also don't forget to install GApps
Sent from my OPPO R9s using XDA Labs
For the unbrick package you need 7-Zip to extract it.
Lum_UK said:
`Also don't forget to install GAaps`
Hi I am on Cyanogen now !!! Thanks for the help. Can you please tell me now which is the correct gapps version for our device. I have installed random one which does not make connection with google. I have tried to install ARM 64, but cant flash because systems says that is incompatible... Thanks
Click to expand...
Click to collapse
Select ARM64, android 6.0 and whichever variant you like (I recommend the Pico version)
Sent from my OPPO R9s using XDA Labs
Sorry for the English, I made a mess with the phone, after unlocking everything, and held the phone for several days with CM13, I saw that GPS was not working, so vovelo return to the origin, but now I can not installing Stock Recovery more to put the stock rom, I tried to do unbrick, but when I press start of msmdownloadtool, the program stops and closes. If some kind soul gives me some advice. Done everything under win 7 reset. Thank you so much Gianfranco.
GPS should be working. I'm using it all the time on CM13 as my phone is my satnav.
Maybe wipe and reflash, or try one of the baseband updates?
Sent from my OPPO R9s using XDA Labs
Now, the problem is more to do so that I can not leave,
I installed through the files Stock TWRP Recovery as a boot, and I hand the boot source and installing the original rom, after the reboot remains on oppo screen. what can I do. Thank you so much Gianfranco.
hold all three buttons for 10 seconds to forceibly power off the phone and then try to boot to recovery.
If you get the Oppo recovery then try to do a factory reset and then flash the stock ROM,
if you get TWRP then try to flash Cyanogen.
If you can't do either then you're going to have to run the unbrick tool. Do you have another PC you can try it on?
Thanks, but I have tried various solutions, when I install the boot ROM from stock, is successful, the reboot hangs installation applications. I wanted to know if you can other software for unlocking. Thank you very much for giving me some advice, thanks ancora.Gianfranco.
Hi,
This is a list (incomplete) of all the ROMs, mods, hacks, guides, etc. available for the Fire HD 8 (2017).
This was a root progress discussion thread, and I think there's too much valuable information here to just let it get buried. So, following @Rortiz2's suggestion this thread was transformed to a master thread with the aim of providing a complete guide for anyone wanting to mod their tablet.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Device Codename: douglas
Specifications:
SoC: Mediatek MT8163
CPU: Cortex-A53 (Quad Core 4x1.3Ghz)
GPU: Mali 720
RAM: 1.5GB
Android: 5.1 (FireOS 5.x.x.x)
Storage: 16/32GB
Includes a MicroSD slot
Battery: 3210mAh
Display: 8"
Front Camera: 2MP
Rear Camera: 2MP
The italicized text below are my comments/clarifications.
The root method was patched in 5.6.4.0 (some versions of 5.6.4.0 still work so you could try) It is advisable to disable OTA updates or unlock the bootloader immediately. It is still possible to unlock by a different method, check the bootloader unlocking thread.
Bootloader Unlock and TWRP:
[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2017 (douglas)
This is an excellent and complete guide which has everything you need for this. Requires Linux, so you'll have to either install it as dual-boot or use a live system if you are not using it already. You don't need to downgrade if you are on 5.6.4.0.
Rooting:
You can flash Magisk using TWRP after bootloader unlock. Using Magisk is recommended because SuperSU is no longer supported, and Magisk has modules, Magisk Hide, and the root prompt is working (In SuperSU it's not working so you have to always grant root permissions which is a major security loophole)
Rapid Temporary Root for HD 8 & HD 10
This is the first software root method discovered for this tablet and is a really easy and quick method of getting a root shell, and the link has a complete guide on it. Refer here for installing SuperSU for permanent root, and here for an automated script for Windows.
[ROOT] Hardmod Root Your Amazon Fire HD 8 (7th Gen)
This is first root method ever discovered for this tablet and is a hardware root. This link has a complete step-by-step guide, assuming you have some soldering experience.
ROMs:
[ROM][unlocked]Lineage-12.1 for Amazon Fire HD8 2017 (douglas)
The first (and currently only) ROM for this device and it works great!
Miscellaneous:
Amazon Fire Toolbox, I have never tried this but it looks awesome!
Without root:
Removing accounts and viewing Usage Access settings which are hidden.
Debloating guide without root
With root:
A debloating guide made for HD 10, but works fine on the HD 8.
You can install apps as system apps just as on any other device, and you can use the app Link2SD for converting user apps to system apps. Refer to this StackExchange post for a guide on how to install apps as system.
Flashing GApps works well with TWRP, but the 16GB version doesn't have enough space in the system for even the pico version. Probably using pm uninstall on some system apps would work.
General Tips:
To return to stock or recover from a soft brick:
(Don't use this if you have already unlocked your bootloader: if you want just stock FireOS flash it through TWRP, and if complete stock follow the guide in the unlock thread)
(This assumes that you have ADB installed, I would not advise you on how here, there are numerous guides waiting for a Google search. This will erase your data.)
Download your current FireOS or a later firmware version. You can find the latest over at Amazon's website.
Boot to the recovery mode of your tablet, and use the volume and power buttons to select "Apply Update via ADB".
Now connect the tablet to a PC with a USB cabke, open a command prompt or shell on the directory where you downloaded the firmware BIN, enter the command adb sideload X.bin (replace X with the name of the BIN) and wait until finished (DON'T disconnect your device from the PC)
Now select "Wipe Data/Factory Reset" and "Yes" to wipe data (you can skip doing this if you want your data, but note that the tablet may bootloop or complain about corrupted data)
Select "Reboot system now"
The firmware BINs are just renamed ZIP files: you can rename it from .bin to .zip and treat it as such.
Amazon employs an anti-rollback mechanism which could permanently brick your device if you flash an older version through adb sideload. If you really want an older FireOS, you can rename .bin to .zip and flash them through TWRP after unlocking.
The stock launcher AppID is com.amazon.firelauncher, the stock keyboard is com.amazon.redstone, and the OTA update apps are com.amazon.device.software.ota and com.amazon.kindle.otter.oobe.forced.ota.
Again, this list is incomplete, so please suggest any additions in the comments! (don't hesitate to suggest your own work-the target of this thread to be a comprehensive and complete guide on everything about this tablet)
Good luck modding this tablet!
Thread before changing to a master thread (for historical purposes )
NOW WE HAVE AN UNLOCKING METHOD WITH TWRP! THE CONTENT BELOW IS OUTDATED.
Hi,
Now, I'm sick of Amazon's bloat slowing my tablet, and the frustration of not being able to use root apps. Fire HD 10 got rooted, but HD 8 and HD 7 are still in dark. HD 7 users can at least downgrade their devices and hope for a root exploit, but HD 8 users can't. If anyone else wanting to root this tablet and make it super fast, get rid of Fire Launcher, use Xposed, remove bloat, etc., let's collaborate with this!
LATEST RELEASE - Fire OS 5.3.6.4/Fire OS 5.6.3.4
SECURITY PATCH - ???
KERNEL VERSION - 3.18.19
List of possible software root methods:
1.) eMMC overwriting
Thanks to the hardware root method, we have a full eMMC dump so using the loophole in the flash unlock process which causes overwriting partitions next to it, we could overwrite on all the way, flashing original things, to the system partition and then flash a modified system partition.
Additions to the list are welcome!
List of possible exploits
Additions to list are welcome!
1.)CVE-2017-8890
Status: Confirmed possible.
Description: As I think, this is the most exploitable currently. Running the PoC results in 'somewhat unnatural' Use-After-Free s but the PoC fails to orient them to escalate privileges.
Cons: This exploit is based on obsolete IPv4 sockets, unlike it's cousin CVE-2017-9077, which is based on IPv6, but rather the same exploitation as this. That 'may' make this harder to exploit, but of course there's no evidence.
I, really only added this to cons because you should have a con.
2.)CVE-2017-15868
Status: Unsure
Description: NP Hardass said that this vulnerability is present on the source,I haven't explored it yet.
Cons: ¯\_(ツ)_/¯
If you tried these exploits, please notify me in below and I'll update the status. UPDATE: No point on keeping on trying these kernel exploits as no one (please correct me) who knows to write exploits in C comes here anymore. If someone wants to try though I will start maintaining this list again. Come on, let's collaborate on this!!! :laugh:
Thanks!
Download the eMMC dump from here: https://www.androidfilehost.com/?w=files&flid=282721
PS: You can download original kernel sources from Amazon, just search for it.
Original Thread:
Hi,
Now, I'm sick of Amazon's bloat slowing my tablet, and the frustration of not being able to use root apps. Fire HD 10 got rooted, but HD 8 and HD 7 are still in dark. HD 7 users can at least downgrade their devices and hope for a root exploit, but HD 8 users can't. If anyone else wanting to root this tablet and make it super fast, get rid of Fire Launcher, use Xposed, remove bloat, etc., let's collaborate with this!
LATEST RELEASE - Fire OS 5.6.0.1
SECURITY PATCH - 2017/08/01
KERNEL VERSION - 3.18.19*
*a quite old release it is.
List of possible exploits
Additions to list are welcome!
1.)CVE-2017-12762
Status: Unsure
Description: A super likely-to-work great exploit. If you want you can go look at the kernel source (link included below the thread) 3.18.19 for proof, it starts in line 2640. Looks like a stack buffer overflow.
Cons: ASLR may be an absolute game killer in this case. And some skill is required to exploit, very less-known around the internet. And Amazon may have removed the ISDN support up from the roots of kernel, because it's VERY deprecated.
2.)CVE-2017-16939
Status: Unsure
Description: A nice attack vector. A PoC is available in SecuriTeam blogs, which triggers use-after-free. I tried contacting them for some help, but they almost instantly replied that they don't provide support for their reported vulnerabilities. Sad.
Cons: ¯\_(ツ)_/¯
3.)CVE-2017-15868
Status: Unsure
4.)CVE-2017-10661
Status: Unsure
5.)CVE-2017-7541
Status: Unsure
6.)CVE-2017-6074
Status: Unsure
If you tried these exploits, please notify me in below and I'll update the status. Come on, let's collaborate on this!!! :laugh:
Thanks!
I added the link to the vulnerable code, in case anyone was wondering.
I'm glad to see this thread. Since recently rediscovering the potential of an old Fire 6 and rooting it, removing the bloat and Googlizing it, I wanted to get something a little bigger. I just got my 7th gen HD 8 in the mail yesterday and was devastated to see it was 5.4.0.1. I've blocked OTA, deleted the update it had downloaded, installed Google Play et al., and used NoRoot Data Firewall to block all Amazon apps. Unfortunately, I do not have the expertise to contribute much toward an effort to root this device but would like to help in any way. I appreciate seeing others are out there working on it.
if i knew how to develop the exploits i would honestly try these
Thank you so much for making this thread but I hope I never have to come back here and help, but if i get some extra time in the future I do plan on running all my binaries + servers on the tablet as well. Not to mention just looking at that version number made me want to vomit.
[/COLOR]What steps should I take to increase performance on the hd 8 while we wait for root?
rawfullz said:
[/COLOR]What steps should I take to increase performance on the hd 8 while we wait for root?
Click to expand...
Click to collapse
Hello rawfullz!
Try Greenify. You can use a workaround to grant it Usage Access.
1) Download Activity Launcher and Greenify from Play Store.
2) Launch Activity Launcher.
3) Notice the "Recent" text in the task-bar, press it, and select "All" from the drop-down list.
4) Scroll all the way below until you find "Settings", and press it.
5) Again, scroll below until you find "Apps with usage access", and press it.
6) The hidden "Apps with usage access" menu will pop up.
7) Grant Greenify usage access there. (You can turn off usage access for all Amazon apps if you want, to increase performance but it's recommended to leave out "Storage Management" intact, just in case.)
8) Launch Greenify, and continue with the setup.
9) :laugh::laugh::laugh::laugh:
If you ever want to grant any other app Usage Access, do this procedure, but, remember that "Activity Launcher" is kind of dangerous, if you just launch random activities. I learned that the hard way.
REMOVED
Thank you for making this thread, im looking forward to this become real.
What I dont get is you can download the firmware.bin as well as the source code from amazon, Whats the problem devs should be able to root ?
derwoodbones said:
What I dont get is you can download the firmware.bin as well as the source code from amazon, Whats the problem devs should be able to root ?
Click to expand...
Click to collapse
Hello!
Yes, we definitely can get the firmware. But there are some troubles,
1. Amazon devices are not very well known among the community.
2. Devs don't want to spend their time on our devices, even if we root this thing, no custom ROMs because of the locked bootloader.
3. Amazon didn't leave any loopholes on their OS, they are too clever.
And, I don't think that Amazon will open source their firmware until they checked throughly for any exploits.
We'll have to find exploits the rough way. :crying:
Hey, what about the Janus vulnerability? If some dev is reading this, please help us, because it doesn't require the device.
Supersonic27543 said:
Hello!
Yes, we definitely can get the firmware. But there are some troubles,
1. Amazon devices are not very well known among the community.
2. Devs don't want to spend their time on our devices, even if we root this thing, no custom ROMs because of the locked bootloader.
3. Amazon didn't leave any loopholes on their OS, they are too clever.
And, I don't think that Amazon will open source their firmware until they checked throughly for any exploits.
We'll have to find exploits the rough way. :crying:
Click to expand...
Click to collapse
You don't need an unlocked bootloader to flash a ROM.
Take a look at the BT stack with BlueBorne.
Sent from my iPhone using Tapatalk
Supersonic27543 said:
Now, I'm sick of Amazon's bloat slowing my tablet
Click to expand...
Click to collapse
You forgot to add: "and I wanna to fill my tablet by the Google's bloatware (2 times slower than Amazon's), and also add some rootkits and spyware masked as "super-duper tools for young hackars"
Great to see this thread. Hope some devs collaborate and find a way. Can't wait.
Meanwhile, do you guys have any cool mod to try in the tab.
I have installed playstore and adfree iytb YouTube and bunch of usual apps.
Hello!
DragonFire1024 said:
You don't need an unlocked bootloader to flash a ROM.
Click to expand...
Click to collapse
Yes, you don't need an unlocked bootloader to flash a ROM, theoretically, if the ROM is signed by Amazon. But considering custom ROMs, Lineage, Resurrection Remix, Stock Android, is it possible to compile and flash them without an unlocked bootloader? I thought that you need a custom recovery = unlocked bootloader. Thanks!
sensboston said:
You forgot to add: "and I wanna to fill my tablet by the Google's bloatware (2 times slower than Amazon's), and also add some rootkits and spyware masked as "super-duper tools for young hackars"
Click to expand...
Click to collapse
Hah. :laugh::laugh::laugh:
Robius said:
Take a look at the BT stack with BlueBorne.
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
Great idea, gotta try this! Thanks!
EDIT: Not very confident though. Anyway, likely to work because the security patch of HD 8 is in August.
http://www.androidpolice.com/2017/0...atch-fixes-blueborne-bluetooth-vulnerability/
Someone got a bluetooth adapter handy?
Supersonic27543 said:
Hello!
Yes, you don't need an unlocked bootloader to flash a ROM, theoretically, if the ROM is signed by Amazon. But considering custom ROMs, Lineage, Resurrection Remix, Stock Android, is it possible to compile and flash them without an unlocked bootloader? I thought that you need a custom recovery = unlocked bootloader. Thanks!
Hah. :laugh::laugh::laugh:
Great idea, gotta try this! Thanks!
EDIT: Not very confident though. Anyway, likely to work because the security patch of HD 8 is in August.
http://www.androidpolice.com/2017/0...atch-fixes-blueborne-bluetooth-vulnerability/
Click to expand...
Click to collapse
Ask @ggow how he does it. But you don't need a unlocked bootloader. With root, FlashFire helps to get by the bootloader.