Related
Can we use CVE-2019-2215 exploit to gain root?
Here is a list of Phones affected by the hack.
A “non-exhaustive list” of vulnerable phones include:
Pixel 1
Pixel 1 XL
Pixel 2
Pixel 2 XL
Huawei P20
Xiaomi Redmi 5A
Xiaomi Redmi Note 5
Xiaomi A1
Oppo A3
Moto Z3
Oreo LG phones
Samsung S7
Samsung S8
Samsung S9
See the ars article for more details. I wonder if we have a dev willing to turn this into a root app? And what's the eta for that!
https://arstechnica.com/information...ty-that-gives-full-control-of-android-phones/
looks promising from what im reading about it, i have yet to find an application using it to look at though, also, i hardly know how to make a root so dont expect anything from me
There's a POC on the google thread...just need someone to provide the means to root...and/or just write a bit to the correct partition or whatever to enable OEM unlocking:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
POC: https://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=414885
Looks promising, sounds like we still need a dev to pick this up. It's all there just needs a properly setup root app and we can gain root.
Here is the poc compiled:
https://drive.google.com/file/d/10kJ9LvWq1AH1wdourLszXDMPSPbMMNXp/view?usp=drivesdk
You have to use an untrusted app i.e android terminal, termux, connectbot etc.. from the app copy it over to the apps home directory.. chmod +x poc3... then ./poc3.. itll tell you kernel was exploited if ur device is vulnerable..
i can confirm p2xl isvulnerable on latest firmware (will be patched in october updates on the pixels)
Dont know if it's possible or not, but I find kinda nonsense to root a device without unlocking bootloader. If you modify something inside the /system partition you need to disable dm-verity as well, for which you also need to flash non-samsung-signed kernel (thats the reason to unlock the bootloader), otherwise the device wont boot.
Also, forget about flashing twrp without UB
bamsbamx said:
Dont know if it's possible or not, but I find kinda nonsense to root a device without unlocking bootloader. If you modify something inside the /system partition you need to disable dm-verity as well, for which you also need to flash non-samsung-signed kernel (thats the reason to unlock the bootloader), otherwise the device wont boot.
Also, forget about flashing twrp without UB
Click to expand...
Click to collapse
I hear you, but if I can just get apps like adaway, titanium backup, etc I'll be happy. There are a lot of apps that need root that I don't also need a custom kernel and don't as far as I know alter the system partition. This limited root was available for many generations of galaxy and note phones.
Front page xda now...
https://www.xda-developers.com/zero...it-google-pixel-huawei-xiaomi-samsung-others/
Confirmed. My kernel is clear and root is planted. I am Verizon Pixel 2 android 10, different device but same. will post the process when i have a moment.
can't wait bought pixel 2 just because posted this
i think the POC is specific to Pixel 2. I tried it on a Pixel and Samsung S8 Active and no go. That said, this looks promising. I'm working on a version that will work with Samsung S8 Active. Wrt to root being useless without an unlocked bootloader - not so. There are ways to persist as root without an unlocked bootloader and writing to /system. Will post more if I get anywhere.
Does anyone know or can help with step by step process of using poc zip.I have pixel 2 and don't know how about using poc zip or process of flashing it,thank you Sean.
petiolarissean said:
Does anyone know or can help with step by step process of using poc zip.I have pixel 2 and don't know how about using poc zip or process of flashing it,thank you Sean.
Click to expand...
Click to collapse
push it to your phone using adb and run it in the shell. if you're vulnerable you should see "Exploited" if you run uname. this is an exploit that can be used to develop a root, but it needs development.
Yup, I was thinking of the same to use this as a root vulnerability..
I tried to use Qu1ckr00t to root the 955u on pie and it didn't work. The POC needs to be modified to support the s8 and its samsung kernel.
The PoC of Hernandez manipulates kernel data structures, the user process credentials, that are protected by Samsung real time kernel protection (RKP). Normally, the PoC should therefore not work on Samsung devices, or am I wrong with that?
The original PoC was reported to work on S8 and S9. But i fear this was only due to the PoC did not trigger RKP. Will have a look at the original PoC, to assess that ...
So mine ends on writev() returns 0x1000 which means I'm not vulnerable correct? Is that just because the poc isn't made to work with my device or am I not vulnerable in general.
We have https://github.com/grant-h/qu1ckr00t
AFAIK It needs to be modified for S8, currently only working for Pixel 2.
@elliwigy can you help here..
updesh94 said:
We have https://github.com/grant-h/qu1ckr00t
AFAIK It needs to be modified for S8, currently only working for Pixel 2.
@elliwigy can you help here..
Click to expand...
Click to collapse
many ppl have already made and posted the poc used there.. u just gotta look around.. but chances r it wont work unless ur device is vulnerable and the poc is tailored to ur kernel/device
i dont own any vulnerable devices so im not working on it personally..
This seems to only be exploitable on Oreo bootloaders.
"ANDROID: binder: remove waitqueue when thread exits." patched the exploit and was added to the G950U kernel when Pie was released.
Therefore, Pie is not exploitable and it seems that anyone running a V6 bootloader will not be able to use this exploit either.
The good news is, if you're running a V5 bootloader, it is theoretically possible to use this exploit. The bad news is I'm using a V6 bootloader. :/
pixlone said:
This seems to only be exploitable on Oreo bootloaders.
"ANDROID: binder: remove waitqueue when thread exits." patched the exploit and was added to the G950U kernel when Pie was released.
Therefore, Pie is not exploitable and it seems that anyone running a V6 bootloader will not be able to use this exploit either.
The good news is, if you're running a V5 bootloader, it is theoretically possible to use this exploit. The bad news is I'm using a V6 bootloader. :/
Click to expand...
Click to collapse
Wow, Thanks for clearing this up, I am on Pie but not sure If I am on the new bootloader or older one as I Never updated when the update mentioned you wont be able to downgrade. ?
Hiee Guys ! I have used lots of android phones since 10 years and also familiar with them . I always try to root every phone but a problem is that every android phone cannot be rooted . So, please anyone tell me that how i can make root for any device and how i can make twrp for any device .
Thank You in Advance......
As far as compiling TWRP, you can start with this thread. Any device such as pixels upgraded to A10 don't have TWRP so because recovery has changed drastically and development of TWRP had not yet caught up.
Root is available for any device that is rootable. Magisk does a pretty good job of covering the bases and is under active development so properly reported issues are generally addressed.
Finding an exploit to be able to root a device is a different matter. Some, like pixels, are straightforward to root since if bought from Google (not a carrier directly) they have unlockable bootloaders allowing the installation of non-stock images. On a device that does not allow the bootloader to be unlocked, an exploit to achieve root must be found. That is often the issue combined with many of these devices do not attract developers to purchase them and thus no attempts are made.
Animesh._.Mamgain said:
Hiee Guys ! I have used lots of android phones since 10 years and also familiar with them . I always try to root every phone but a problem is that every android phone cannot be rooted . So, please anyone tell me that how i can make root for any device and how i can make twrp for any device .
Thank You in Advance......
Click to expand...
Click to collapse
If the device is a device that has a locked bootloader that can not be unlocked, you will not be able to use TWRP. These devices can only be rooted if there is a rooting app or rooting program available for PC or android that has an exploit that works on the device.
If the bootloader is locked, you won't be able to install TWRP or use TWRP to root the device and you will not be able to flash a Magisk patched boot.img to achieve root.
If there are no exploits available that are proven to work on the device, you won't be able to root the device.
Sent from my SM-S767VL using Tapatalk
Greetings. It seems the AT&T subforum for the Galaxy S4 might be dead. I was trying to look for an up-to-date way to root this phone with Magisk, but it seems that step one isn't possible since apparently the bootloader isn't unlockable, or might not be one of the ones listed as usable. I can't check which one I have because neither adb shell nor terminal emulator recognize getprop, with the latter not allowing the punctuation. I want to see if I can use the sd card as internal storage, since apparently the Google Play app writes a lot of garbage until the available storage is only 1GB. I found that out by uninstalling its updates. What's the current modern way to use the SD card as internal storage for Android versions older than M?
Don't know what happened, but Retrial edited his post on "S4 Unified Collection!" such that the magisk rooting guide redirects to a guide for Xiaomi phones. Will that really work for the S4?
Forgive me for necro-ing but did you ever find a solution to this?
Edit: ok so I looked up (1337UCUEMK2)
which lead me to evilpenquin123's comment here
[ROOT[RECOVERY] Loki + TWRP + Motochopper CASUAL-R527b release:27May13
Update: This will not work on Build Number I337UCUAMF3 Thanks to Dan Rosenberg, aka djrbliss, this device can now be unlocked and CASUAL can make it easy as all get out. Introduction CASUAL will guide you through the process. Put...
forum.xda-developers.com
Under that was devildogs link to this thread
Safe (NOT vroot or kingo) root method for MK2
I saw this mentioned in passing on another thread and thought it was worth mentioning in its own thread. (Sorry if this has been posted in this forum already but I tried searching and couldn't find it.) K1mu has developed a safe root method...
forum.xda-developers.com
Which lead me here
Safe (NOT vroot or kingo) root method for MK2
I saw this mentioned in passing on another thread and thought it was worth mentioning in its own thread. (Sorry if this has been posted in this forum already but I tried searching and couldn't find it.) K1mu has developed a safe root method...
forum.xda-developers.com
here
[ROOT] Saferoot: Root for VRUEMJ7, MK2, and Android 4.3
Disclaimer: rooting your phone entails risk. You may brick it, cause it to catch fire, cause it to form the first node in the Skynet network, or otherwise render it inoperable. Please read the directions carefully to ensure that nothing...
forum.xda-developers.com
and here
[Q] 4.3 AT&T root
Hello all, I have a AT&T Samsung Galaxy S4 that just updated to 4.3. Can someone direct me to how I can gain root access? Also, I am assuming that noone has published a way to crack the bootloader as of yet? Thanks in advance for any help...
forum.xda-developers.com
I would like to have an unroot guide for this phone to.
Basically, what I've found in this forum is that you have to "DOWNGRADE" to NB1 (from OK3), and then you can use "SAFESTRAP" of somekind(?) to get a rom, but without unlocked bootloader. I believe, this is going back to Android 4.4.2 or something. Basically, it's forcing to downgrade significantly, which beats the purpose.
I wanted an unlocked bootloader, to get newer ROMs, to increase storage. i.e. use external SD as internal. However, it seems apps don't always allow it to be installed this way, and also causes much headaches - speed is one thing, and data corruption is another etc.
In short, there is NO existing way to circumvent unlocking bootloader. Maybe a professional hacker may do it? NSA? By that point, use that cash to get a new phone. LOL.
Disappointed that this phone is still like brand new, and has plenty more life left, like, 10 more years... it keeps working.
Somebody know how to root Galaxy M23? I can't find any solution on the internet.
How to Root Samsung Galaxy M23 5G using Magisk Without TWRP
Easy tutorial to Root Samsung Galaxy M23 5G SM-M236B/DS in easy steps using Magisk. For rooting, you we have described Magisk method, without installing TWRP.
www.androidweblog.com
We need a galaxy m23 forum!
mrsiri said:
We need a galaxy m23 forum!
Click to expand...
Click to collapse
*** New Device Forum Requests ***
Please post all your requests here. The forum admins choose new device forums carefully, based on several factors. There's no guarantee your device will have a forum created here, but feel free to posts your requests in this thread :) Please do...
forum.xda-developers.com
I recently bought an M23 5g, had a Moto g7 plus. I've never had a Samsung cell phone before. I don't know what happens to the phone after rooting. I saw that on other Samsung smartphones, because of the Knox protection, some apps and features stop working, so I was in doubt about the fingerprint, as it has the Knox logo when unlocking it. Can someone who rooted the M23 5g tell me if it continues to work normally the fingerprint? What other functions does it miss?
Marcus4agenT said:
I recently bought an M23 5g, had a Moto g7 plus. I've never had a Samsung cell phone before. I don't know what happens to the phone after rooting. I saw that on other Samsung smartphones, because of the Knox protection, some apps and features stop working, so I was in doubt about the fingerprint, as it has the Knox logo when unlocking it. Can someone who rooted the M23 5g tell me if it continues to work normally the fingerprint? What other functions does it miss?
Click to expand...
Click to collapse
i don't have M23 but i have another samsung, i can tell you my experience. After flashing Magisk, you'll need to wipe you data (knox **** will block your phone otherwise), i didn't lost any features, except Payment apps, and fingerprint work. Don't worry your phone will work normally if you root it
F-Google said:
i don't have M23 but i have another samsung, i can tell you my experience. After flashing Magisk, you'll need to wipe you data (knox **** will block your phone otherwise), i didn't lost any features, except Payment apps, and fingerprint work. Don't worry your phone will work normally if you root it
Click to expand...
Click to collapse
I came back here to tell my experience rooting the M23 5g. Yes, the fingerprint works great with the root and face unlock too, but some apps of Samsung dont work anymore like: Samsung pay/wallet, secure folder, health and all other's. So i find a module Lsposed called: Knox Patch. With this module, only samsung pass and pay dont became to work, other work great. The bank apps i recomend use magisk module call shamiko, all my bank apps work with this, but you will need put the apps on negation list of magisk before and resetart the smartphone. Puting google wallet on magisk negation list you can use this app and dont need anymore the samsung pay. So, the unic apps you realy lose with the root is the samsung pass.
OBS: For me, when i'm installing the root file on ODIN, the M23 dont boot without factory reset. I have a botloop and stuck at screen with factory reset option, after the reset magisk app apper for me normaly and work's great, so remember backup your files before rooting.
For all user's.
the price for this one is nice for its specs, considering to buy it and install TWRP and some custom rom like lineageos or something, can I pm anyone who did it?
simplydroiding said:
the price for this one is nice for its specs, considering to buy it and install TWRP and some custom rom like lineageos or something, can I pm anyone who did it?
Click to expand...
Click to collapse
There is no custom tom for this phone
Found some great tools for generating device trees, I want to make sure flashing TWRP, and/or Lineage OS is possible before buying this phone (In my case the SM-M236B/DS). Can someone please try it out for me? Luckily it's based of the Snapdragon 750G 5G, so it should be easier than making a device tree for an Exynos. (thanks Samsung).
Here are the things I found:
Firmware:
https://www.sammobile.com/samsung/galaxy-m23/firmware/#SM-M236B or
https://samfw.com/firmware/SM-M236B
There is a database of already dumped device trees but I doubt there is a device tree for SM-M236B/DS
https://dumps.tadiphone.dev/dumps
You could always try to download it straight from Samsung, but I don't know how to do that.
Tutorials:
Found this really easy to follow tutorial about using Dumpyara a device tree dumping tool.
https://baalajimaestro.me/posts/extract-vendor-2/
TWRP build guides, this is the best guide I found, kind of complicated but still realy useful
https://gist.github.com/rokibhasansagar/15c8e728d94a6bd35a687aac73ef79a5
Haven't found any Lineage OS build guides for unsupported devices but I've found a build guide for /e/ os, it should be similar (/e/ os is based of Lineage). (if you find one pleaaase tell me)
https://doc.e.foundation/support-topics/build-e
a question, is there a proper section of this phone?
haky 86 said:
a question, is there a proper section of this phone?
Click to expand...
Click to collapse
I don't think so.
Firmino Neto said:
I don't think so.
Click to expand...
Click to collapse
I was interested to get one for aosp developments, but idk if it has an active developments
I tried to install crDroid gsi with no luck. Bootloop on start
haky 86 said:
I was interested to get one for aosp developments, but idk if it has an active developments
Click to expand...
Click to collapse
I am developing LineageOS for the M23. If you have knowledge and are willing to help me out, send me a dm and I'll send you details
Isitiah said:
I tried to install crDroid gsi with no luck. Bootloop on start
Click to expand...
Click to collapse
make a patched magisk boot image and flash it. Then flash vbmeta_disabled. Lastly, go to lineage recovery and wipe data and fastboot flash the GSI.
{Mod edit: Drag to Telegram removed. Oswald Boelcke, Senior Moderator}
mrsiri said:
make a patched magisk boot image and flash it. Then flash vbmeta_disabled. Lastly, go to lineage recovery and wipe data and fastboot flash the GSI.
{Mod edit: Drag to Telegram removed. Oswald Boelcke, Senior Moderator}
Click to expand...
Click to collapse
Where i can get vbmeta disabler? And how I can flash this via fastboot? Through TWRP?
Okay so i succesfully flashed crDroid gsi. Here is a tutorial:
1. Unlock Bootloader
2. Using Odin flash a13_5g_fastbootd-recovery.tar
in AP slot in odin
3. After restart immediately go to recovery and you should see option "enter fastboot", select this and your phone should go into fastbootd mode
4. Now launch fastboot on your PC type fastboot devices if it shows your device that's good.
5. Copy your gsi to adb/fastboot directory and type: fastboot flash system <name of gsi>.IMG
Now flashing should start.
If flashing complete succesfully FIRST go to recovery and select FORMAT DATA. After data is formatted reboot your phone.
Now your phone should boot up with your gsi tom.
RECOVERY FILE (i cant attach it to post): https://t.me/SamsungGalaxyF23/49136
Hi guys, I'm lookin to root my A525F with One UI 5.0
Also looking for necessary files to disable encryption.
Also I've received November Update for my country.
I have done root my A52 4G android 13 with magisk method.
llranga said:
I have done root my A52 4G android 13 with magisk method.
Click to expand...
Click to collapse
Nice.
Can you please share the exact method you carried on?
Follow the guide here to install TWRP and disable force encryption: https://forum.xda-developers.com/t/recovery-official-twrp-3-7-for-galaxy-a52-4g-and-a72-4g.4405751/
After that just flash Magisk.
Greetings to the XDA Team and all the other good people,
I want to root my Samsung Galaxy A52 4G, and just wanted to ask where should I start so I do it successfully, without upside-down moments. I already updated my phone to the latest, so now the phone is running Android 13.
I am a beginner in this, I educated myself from some videos online and on the XDA forum and saw that I can make my device more secure with root, I can disable system and apps trackers.
So my first question is, do I need to downgrade to Android 12 so the success rate becomes higher or I can stick with Android 13 and still get success for the end goal?
My second question is if what I wrote above this is a truth.
The third question is, how do I get my device running again if rooting fails?
The forth question is, can I unroot my device if I want it at some moment?
My fifth and last question is, is rooting worthy and needed so I can achieve my goals?
I still think I know nothing and want to expand my knowledge, so I ask people who are masters in this field to help me out with this, so I can become happier.
Thanks for considering my request.
- your dear noobie user epeu.
You can do root your phone. But you should not be panic. carefully read instructions and do it with patient without skipping none of the steps.
I'm also not an expert. but i have done rooting of more than 10 phones without failing.
you have to unlock your boot loader before rooting.
I doubt about your statement about device becomes more secure with root. it depends on what you do alter followed by root. yes you can improve privacy.
also your banking apps may stop work after rooting. so you have to apply necessary modules (security fixes) before get them start working again.
if rooting failed provided phone is not hard bricked, you can flash your original firmware to restore the phone. what i always do is keeping all the original firmware ready with me before doing any rooting.
yes. you can unroot by flashing original firmware.
last question is difficult to answer. majority of people use their phones without rooting. if you want to be different, it's up to you.