Locked Bootloader Root Discussion (Developers Only) - Moto X Android Development

The point of this thread is to talk about possible vurnibilities we can use for a root exploit. This discussion should only include relevant information. Please do not spam this thread full of thanks you and questions. That will only cause problems.
The first vurn I would like to talk about is the second master key vurn as it is open. I have yet to see it included in an exploit.
The second one is a vurn jcase has posted in his security Google + community. I will go look for a link to include here.

Here is the second vurn. Too my knowledge we would need to alter it to use a Moto POC.
https://plus.google.com/110348415484169880343/posts/SRCN6JWxset
Sent from my XT1058 using Tapatalk 2

If someone can help me. I was talking with Mr. Root aka Jcase and he says to use his vurn we would need to find a system application that executes from the /data partition. This can be done by breaking down system apps and looking at the smali code. Mattlgroff helped me look at 3C check in apk and says it is calling from /com.motorola.data.event.api/ and similar named folders which should help the planned exploit.

My bad. That can not be used. We need a System User application that calls an executable script. That application only reads/writes.
Sent from my XT1058 using Tapatalk 2

Exploits that don't work
Motochopper
Impactor
Root Many (xperia exploit)

It's possible that a modified motochopper could do it

CNexus said:
It's possible that a modified motochopper could do it
Click to expand...
Click to collapse
Modified how? Guys If you wish to try and find an exploit first you need to understand what one is and how it works, second check source code against known vulnerabilities for the patches if you find something unpatched then you are on to something. BTW Motorola does more than make phones for example US military level security and encryption. I have not spent a ton of time looking but thus far every known vulnerability I have checked has been patched meaning it will take finding a new one .. If one exists. If one does not than hopefully we get lucky when we get updates. The more current the software the better chance we would have of an unpatched vulnerability being found... Hope this helps, good luck in your search

I wonder if the exploit geohot used to root the GS4 Active would work. His root method is an apk, which is different than any root method I have come across before. I wonder if it's an Android exploit and not one specific to the GS4 Active... both devices are on 4.2.2. I did try to use it on my Moto X but the apk checks to make sure you have an Active so it didn't work. Anyone here on "speaking" terms with him?
Here's a link to the apk download, not sure if it'll help or not- http://geohot.com/activeroot/

_MetalHead_ said:
I wonder if the exploit geohot used to root the GS4 Active would work. His root method is an apk, which is different than any root method I have come across before. I wonder if it's an Android exploit and not one specific to the GS4 Active... both devices are on 4.2.2. I did try to use it on my Moto X but the apk checks to make sure you have an Active so it didn't work. Anyone here on "speaking" terms with him?
Here's a link to the apk download, not sure if it'll help or not- http://geohot.com/activeroot/
Click to expand...
Click to collapse
We can strip the apk to remove the script to check for a s4 active an then try it. Probably can see the exploit in the script and try to use it. I'll take the apk apart after work and report back what I see if no one else beats me to it or is able to contact geohot.
Cole
Sent from my XT1060 using XDA Premium 4 mobile app
---------- Post added at 03:31 PM ---------- Previous post was at 02:51 PM ----------
So I ripped it apart on my phone to see what I could see. Basically the apk contains a lib.so file that I opened in hex reader. I'm to big of a noob to make since of hex especially from my phone but that is where we will find the root exploit used in this. I will look again tonight but I'm not promising to be able to decode it to where I can provide much. Jcase did challenge geohot over this and cited many links to where the exploit is a known exploit and not one he found himself. I am heading to find that info now and suggest the same for others that are looking for a exploit. Might be the best option since like said before it the same 4.2.2 on the active.
Sent from my XT1060 using XDA Premium 4 mobile app
---------- Post added at 03:57 PM ---------- Previous post was at 03:31 PM ----------
So upon research I found the S4 uses a Motorola boot loader and the exploit is the Loki exploit. I am attaching a link to explain the exploit for those extremely good with rooting to take and run with it. http://blog.azimuthsecurity.com/2013/05/exploiting-samsung-galaxy-s4-secure-boot.html?m=1
Hopefully we gain forward momentum with this.
Cole
Sent from my XT1060 using XDA Premium 4 mobile app

COLJ04 said:
We can strip the apk to remove the script to check for a s4 active an then try it. Probably can see the exploit in the script and try to use it. I'll take the apk apart after work and report back what I see if no one else beats me to it or is able to contact geohot.
Cole
Sent from my XT1060 using XDA Premium 4 mobile app
---------- Post added at 03:31 PM ---------- Previous post was at 02:51 PM ----------
So I ripped it apart on my phone to see what I could see. Basically the apk contains a lib.so file that I opened in hex reader. I'm to big of a noob to make since of hex especially from my phone but that is where we will find the root exploit used in this. I will look again tonight but I'm not promising to be able to decode it to where I can provide much. Jcase did challenge geohot over this and cited many links to where the exploit is a known exploit and not one he found himself. I am heading to find that info now and suggest the same for others that are looking for a exploit. Might be the best option since like said before it the same 4.2.2 on the active.
Sent from my XT1060 using XDA Premium 4 mobile app
---------- Post added at 03:57 PM ---------- Previous post was at 03:31 PM ----------
So upon research I found the S4 uses a Motorola boot loader and the exploit is the Loki exploit. I am attaching a link to explain the exploit for those extremely good with rooting to take and run with it. http://blog.azimuthsecurity.com/2013/05/exploiting-samsung-galaxy-s4-secure-boot.html?m=1
Hopefully we gain forward momentum with this.
Cole
Sent from my XT1060 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Good find Cole. I'm no developer, but I had a S4 at one point and Loki is basically an extra zip you flash at the recovery level to "trick" the phone into thinking the bootloader is unlocked so the rom or kernel flash can proceed. So....first we would have to be able to get a custom recovery. Also, I'm pretty sure Motochopper was used to gain root first on the S4 and it's said not to be working on the X. Loki can be built into the custom recovery as well so you don't have to flash it every time.
I'm pretty sure that Samsung and Motorola read these forums and patch any exploit found. Still no root for the latest update on the AT&T S4 and the update was pushed out at least 2 months ago. I think that unless we get Motorola and/or AT&T to add the Moto X to the bootloader unlock program, we're screwed. That's just my opinion though. Maybe someone will come through! Here's to hoping.

From what I can tell the S4 Active uses an exploit that can be found here https://github.com/android-rooting-tools/android_run_root_shell. It requires something called the remap_pfn_range addresses to be able to use the exploit. I suspect what it does is remaps the exploit code directly into memory at a specific location to be able to run the exploit. Unfortunately, I have no idea how to find the proper range addresses for the Moto X. I have sent an email to one of the people that work on the git code, and hopefully will get a response soon. I know that the Moto X source code is available for the open source components, so hopefully it will be located in there. If anyone else can figure anything out regarding that, let me know, or just take a crack at making it work yourself.
Edit: Apparently to get the memory address, you need a kernel dump. Can anyone figure out how to get one for both the at&t and Verizon models?

I'll try for the Verizon and use the git and see what I can do.
Cole
Sent from my XT1060 using XDA Premium 4 mobile app

http://www.xda-developers.com/android/easily-perform-common-root-level-tasks-with-androotkit/ this seems promising

FeaR_x_KhAoS said:
http://www.xda-developers.com/android/easily-perform-common-root-level-tasks-with-androotkit/ this seems promising
Click to expand...
Click to collapse
have u tried it yet?
Sent from my XT1058 using XDA Premium 4 mobile app

kornklown69 said:
have u tried it yet?
Sent from my XT1058 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I tried it a few nights ago. No luck.
Sent from my Moto X

kornklown69 said:
have u tried it yet?
Sent from my XT1058 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I did. It is a no go. Requires unlocked bootloader and it cant do anything without it. Not sure if that kid really understands how the carriers work in locking us down.
Cole

My moto was assembled in China ( rogers) and we all know we have the ability to unlocking our bootloader.
I assume when they assemble our devices the bootloader and firmware is also installed, that being said is it safe to assume that the units manufactured in China have a non ecrypted bootloader? Does the fxz firmware have any files pertaining to the bootloader or such?
Sent On my Rooted Moto X

AT&T and Rogers
Just a random thought here. I noticed that the AT&T and Rogers Xs are the same model number. Anyone think there might be a way of tricking the bootloader unlock tool into thinking the AT&T version is a Rogers. Perhaps something like what was done to unlock the Droid DNA.

I am pretty sure that takes root, the same was accomplished in the HTC One X by changing the Cid. But we need root for that process, I believe.
Sent from my XT1058 using Tapatalk 4

If AT&T and Rogers truely are the same device then what about tricking the factory restore images to thinking the AT&T phone is Rogers. Then restoring as a Rogers to make the unlock code sent to Moto look like a Rogers unlock code. After that the bootloader is unlocked and it's very easy to restore your AT&T image.
Just thinking out loud mostly, I don't actually have the expertise to do this.

Related

How to remove "tampered" tag from bootloader mode?

Hey everyone, the HTC Droid DNA is my first android phone ever. I've had several years' experience jailbreaking and developing on the ipod touch, so I rooted my phone after exploring it and becoming familiar with the operating system and its features. Everything went smoothly, except that now there's a headline in bootloader mode that says **TAMPERED**, I guess as a quick way for Verizon to find out if the phone's been rooted or not.
Well, I do know about unrooting, but my question is, will unrooting my phone remove the **TAMPERED** line from bootloader mode?
No the tampered notice is permanent until we get s-off.
Sent from my HTC6435LVW using xda app-developers app
From my understanding, rooting is pretty much you performing a privilege escalation attack on your phone.
So is getting s-off the same thing, just to a deeper level?
It's not the same. S-on means security is On and you cannot make chanes to the system files while booted in android.
The Cube kernel allows writing to the system while booted in android but it's not the same as S-off though the effect is similar.
So, how do programs like Unrevoked Forever get s-off?
And I haven't heard about the phone's radio, which is apparently where the flag is stored. Can someone explain that to me, or link to an article that does? I'll try to find one in the meantime...
edit: Found a question on stackexchange.com explaining what the radio firmware is.
(I know it can't be this easy, but...) If you can't change it while booted into Android, then wouldn't you have to connect the phone to the computer, turn it off, and run an assembly program on it that flips the S flag, provided that you know where it is? Or flash a new radio to it, with a flipped S flag?
orangechoochoo said:
It's not the same. S-on means security is On and you cannot make chanes to the system files while booted in android.
The Cube kernel allows writing to the system while booted in android but it's not the same as S-off though the effect is similar.
Click to expand...
Click to collapse
This isn't true. It was a kernel issue that prevented us from writing to the system. This has been resolved with dsbs newest kernel as you said but that had nothing to do with s-on. S-off means we can't write to the parts of our phones that could potentially leave us with sexy paper weights
Sent from my HTC6435LVW using Tapatalk 2
---------- Post added at 08:14 PM ---------- Previous post was at 08:11 PM ----------
M0rtiferrimus said:
So, how do programs like Unrevoked Forever get s-off?
And I haven't heard about the phone's radio, which is apparently where the flag is stored. Can someone explain that to me, or link to an article that does? I'll try to find one in the meantime...
Click to expand...
Click to collapse
S-off is like root in the sense that we have parts of the system we can't touch until we achieve such. S-off is different depending on the device because it requires a different exploit. Its a shame Cyanogen doesnt work for HTC instead of Samsung haha.
Sent from my HTC6435LVW using Tapatalk 2
Chyrux said:
This isn't true. It was a kernel issue that prevented us from writing to the system. This has been resolved with dsbs newest kernel as you said but that had nothing to do with s-on. S-off means we can't write to the parts of our phones that could potentially leave us with sexy paper weights
Sent from my HTC6435LVW using Tapatalk 2
---------- Post added at 08:14 PM ---------- Previous post was at 08:11 PM ----------
S-off is like root in the sense that we have parts of the system we can't touch until we achieve such. S-off is different depending on the device because it requires a different exploit. Its a shame Cyanogen doesnt work for HTC instead of Samsung haha.
Sent from my HTC6435LVW using Tapatalk 2
Click to expand...
Click to collapse
That's where I'm confused. I've only dealt with Moto phones that have locked bootloaders. Once rooted and the bootloader is circumvented we could install any Rom as long as a developer ported one over . With the S thing, I'm not 100% clear on it even though I've read a few articles on it, and now a kernel was made that allows writing to the system while booted there is an additional wrinkle to my comprehension of all this.
How do you find an exploit in the radio? Is the code in it ever readable to the user?
orangechoochoo said:
That's where I'm confused. I've only dealt with Moto phones that have locked bootloaders. Once rooted and the bootloader is circumvented we could install any Rom as long as a developer ported one over . With the S thing, I'm not 100% clear on it even though I've read a few articles on it, and now a kernel was made that allows writing to the system while booted there is an additional wrinkle to my comprehension of all this.
Click to expand...
Click to collapse
The s on/s off status if your phone doesn't effect roms at all. Just deeper level stuff.
Sent from my HTC6435LVW using xda app-developers app
orangechoochoo said:
That's where I'm confused. I've only dealt with Moto phones that have locked bootloaders. Once rooted and the bootloader is circumvented we could install any Rom as long as a developer ported one over . With the S thing, I'm not 100% clear on it even though I've read a few articles on it, and now a kernel was made that allows writing to the system while booted there is an additional wrinkle to my comprehension of all this.
Click to expand...
Click to collapse
I understand lol. I've owned three HTC phones and can attest that that's not how s-on usually works. That's why it was never really that bad because you still had a lot of control over your phone.
Sent from my HTC6435LVW using Tapatalk 2

Stupid Questions Thread- No Question too stupid! I promise!

All credit goes to Shadyace80 at AT&T Samsung Galaxy S3 for starting this.
This thread is for those who have what they may feel is a stupid or simple question. Please read through the thread and use the search first. I know Google doesn't always like to make it easy to find answers, so lets work together to give answers where we can. And please remember you will be reported for flaming others.
Remember, the only stupid questions are the ones you don't ask.
colemac said:
All credit goes to Shadyace80 at AT&T Samsung Galaxy S3 for starting this.
This thread is for those who have what they may feel is a stupid or simple question. Please read through the thread and use the search first. I know Google doesn't always like to make it easy to find answers, so lets work together to give answers where we can. And please remember you will be reported for flaming others.
Remember, the only stupid questions are the ones you don't ask.
Click to expand...
Click to collapse
I feel like a better title for this thread would be beginner or "noob" thread since many people feel their questions aren't stupid even if they are. Just a suggestion
Sent from my HTC One using Tapatalk 2
colemac said:
All credit goes to Shadyace80 at AT&T Samsung Galaxy S3 for starting this.
This thread is for those who have what they may feel is a stupid or simple question. Please read through the thread and use the search first. I know Google doesn't always like to make it easy to find answers, so lets work together to give answers where we can. And please remember you will be reported for flaming others.
Remember, the only stupid questions are the ones you don't ask.
Click to expand...
Click to collapse
If I unlocked my bootloader is that enough to get the updates direct from HTC? or do I need to get a unlock code from ATT? or would I have had to buy a unlocked one straight from HTC?
First post! Thanks for starting a stupid question thread!
@ the poster above me, from what I've read so far, any unlocking of the bootloader will disable the OTA HTC updates. But I might have misread, I'm just learning about all this too and have read way too many pages of posts already. I'm sure someone in the know will chime in to confirm.
Now, my turn! I Just switched from iPhone to the HTC one and have really started considering flashing cleanRom 2.5. I have a kindle fire that I managed to root and get jelly bean on, so I'm not a total noob, but I wanna ask a few noob questions. Here goes:
I have spent a long time getting my phone setup the way I like it and when I flash cleanrom, is there a way to carry over the apps and things I've installed? No biggie if not, but I've got some saved game data on here already and some other stuff I'd rather not lose if there was an easy way to save. And is everything working correctly in the cleanrom to where I can still make zoes and use the camera, gallery, etc?
Also, any tips for getting this thing rooted? I was planning on downloading that "noob-proof" toolkit and going from there. I've read about people getting freezes and install issues using twrp, which scares me a bit because I have no idea what that other thing is (starts with a c) that people are using. and I read something Scott said that you should never do a system wipe or you could lose your backup?? I know I used to wipe the system, cache, and something else when I rooted my kindle but I never tried to go back to stock or even look to see if I had a backup file somewhere. maybe if there's a step by step guide you could point me to that I might have missed?
Thanks for the help, I'm glad I joined the forum!
Sent from my HTC One using xda app-developers app
No, unlocking the bootloader won't allow that. If we get s-off then changing the cid and flashing a stock developer edition Rom with a relocked bootloader should allow that if one so desired.
---------- Post added at 01:31 AM ---------- Previous post was at 01:17 AM ----------
There is no "easy" way perse' to back that stuff up and carry over. There is a way I saw sometime back to root without unlocking the bootloader. Theoretically one could do that and use titanium backup... But I don't really know if it will save your game progress... And you will have to offload your titanium backup data to a computer or something before unlocking the bootloader because it will erase everything. The thing about not wiping system came about because of all the problems people have been having with aroma freezing. Some people seem to have it worse then others but the idea is if aroma screws up over and over you still have an os to boot into. I personally (cross my fingers) have had little trouble with that (maybe 1 freeze or 2 then it runs through all the way). I'd suggest leaving the system folder alone until you know how your phone reacts to aroma installs.
viperlox said:
No, unlocking the bootloader won't allow that. If we get s-off then changing the cid and flashing a stock developer edition Rom with a relocked bootloader should allow that if one so desired.
---------- Post added at 01:31 AM ---------- Previous post was at 01:17 AM ----------
There is no "easy" way perse' to back that stuff up and carry over. There is a way I saw sometime back to root without unlocking the bootloader. Theoretically one could do that and use titanium backup... But I don't really know if it will save your game progress... And you will have to offload your titanium backup data to a computer or something before unlocking the bootloader because it will erase everything. The thing about not wiping system came about because of all the problems people have been having with aroma freezing. Some people seem to have it worse then others but the idea is if aroma screws up over and over you still have an os to boot into. I personally (cross my fingers) have had little trouble with that (maybe 1 freeze or 2 then it runs through all the way). I'd suggest leaving the system folder alone until you know how your phone reacts to aroma installs.
Click to expand...
Click to collapse
Good to know, would it effect anything if i got a unlock code? Also if i were to reflash the 1.26 RUU could i then grab them using the update in the menu section that is not labled att update?
Can I flash roms from other HTC one carriers?
Sent from my HTC One using xda app-developers app
Not sure about the unlock code but I suspect it would only be a SIM unlock to use on other carriers. Not sure it changes the cid. The other software update your talking about won't grab firmware updates from HTC... There was a software update pushed through that recently for the HTC media thing I read it was so media sharing could be turned on without having mobile hotspot activated.
Driggity420 said:
Can I flash roms from other HTC one carriers?
Sent from my HTC One using xda app-developers app
Click to expand...
Click to collapse
Except for Sprint and dual SIM Chinese models,yes.
This also should get stickied lol
Sent from my HTC One using Tapatalk 2
Nick281051 said:
This also should get stickied lol
Sent from my HTC One using Tapatalk 2
Click to expand...
Click to collapse
Yes it should. Who is able to do that?
Sent from my HTC One using Tapatalk 2
colemac said:
Yes it should. Who is able to do that?
Sent from my HTC One using Tapatalk 2
Click to expand...
Click to collapse
The mods
Sent from my HTC One using Tapatalk 2
Hi! I´ve noticed that there´s one forum for the HTC ONE and another for the AT&T HTC ONE, I´ve checked the descritpion of both models and seems to be the same thing, what is the difference?, Can I flash HTC One roms on my At&t Htc One???
ferluci said:
Hi! I´ve noticed that there´s one forum for the HTC ONE and another for the AT&T HTC ONE, I´ve checked the descritpion of both models and seems to be the same thing, what is the difference?, Can I flash HTC One roms on my At&t Htc One???
Click to expand...
Click to collapse
Yes you can. I'm using Trickdroid currently, and my HTC One is an ATT version.
Sent from my HTC One using xda app-developers app
darkstarinc said:
Yes you can. I'm using Trickdroid currently, and my HTC One is an ATT version.
Sent from my HTC One using xda app-developers app
Click to expand...
Click to collapse
OK! Thank you, Trickdroid is the one I wanted to flash!. :good:
I am unable to see flags in outlook when I flag message in email for exchange. I used to use touchdown but I like the native app on here..Does anyone know what setting needs to be changed so the flag will sync with my outlook.
Thanks in advance,
Root Help
I am having some issues rooting my phone.
I unlocked my bootloader successfully on the HTCdev site
I created a folder on my desktop called android, the folder has the fastboot application and "twrp.img" file
i boot my phone into fastboot (? sorry 100% new to this not sure if i said that correctly)
connect usb cable
command prompt cd desktop\android
then ....android>fastboot flash recovery twrp.img
then it reads...
C:\Users\Owner\Desktop\ANDROID>fastboot flash recovery twrp.img
error: cannot load 'twrp.img': Unknown error
Im not sure what im doing wrong, its probably something very stupid. Any help will be greatly appreciated.
Probably a bad download of twrp
I did a back up and want to know if I need to flash the boot img and what I need to get the latest update?
Sent from my HTC One using xda app-developers app
Obie911 said:
I did a back up and want to know if I need to flash the boot img and what I need to get the latest update?
Sent from my HTC One using xda app-developers app
Click to expand...
Click to collapse
Afaik you don't need to flash a boot.img on this phone at all
Sent from my HTC One using Tapatalk 4 Beta

[Q] Casio Commando G'zOne 4G LTE C811

So, the first Casio Commando G'zOne was a very tough phone. Came stock with Gingerbread 2.3 and no recovery, only a hard reset option. Surprisingly it was quite popular.
Now, the new Casio Commando G'zOne 4G LTE is available stock with ICS 4.0 and will be attracting many consumers. Unfortunately, I don't know if it has it's own recovery or not.
Wanted to know if anyone has got one and if it has it's own recovery or not (aside from the stock hard reset option).
Also, any devs looking into creating a custom ROM for this device? I'd be highly interested in any information on a custom ROM for this device! Thanks!!
Lprchn said:
So, the first Casio Commando G'zOne was a very tough phone. Came stock with Gingerbread 2.3 and no recovery, only a hard reset option. Surprisingly it was quite popular.
Now, the new Casio Commando G'zOne 4G LTE is available stock with ICS 4.0 and will be attracting many consumers. Unfortunately, I don't know if it has it's own recovery or not.
Wanted to know if anyone has got one and if it has it's own recovery or not (aside from the stock hard reset option).
Also, any devs looking into creating a custom ROM for this device? I'd be highly interested in any information on a custom ROM for this device! Thanks!!
Click to expand...
Click to collapse
I'm using one right now. There is no button combination to get into recovery. However if you do get into recovery via commands or toolkit you cant navigate to any options.
Sent from my C811 4G using xda app-developers app
AGoogleUser said:
I'm using one right now. There is no button combination to get into recovery. However if you do get into recovery via commands or toolkit you cant navigate to any options.
Sent from my C811 4G using xda app-developers app
Click to expand...
Click to collapse
Well snap, I was anxious to see some custom ROMs for the device.
I did I quick Google search and found some links to people fining a way to root but since they cant navigate in recovery they cant load a ROM. Maybe someone can flash a recovery with fastboot or adb.
Sent from my C811 4G using xda app-developers app
Although I do love the wallpapers on the phone!
Sent from my C811 4G using xda app-developers app
Well I hope someone can figure this out. I would myself, unfortunately I've got limited experience.
I'll pass along the information you provided. Much obliged!
Sent from my SAMSUNG-SGH-T989 using xda app-developers app
I found a root method on another forum. If rules allow I can link them here. I'm looking at getting the commando 4g too. I root all my phones so searched endlessly. However the phone has few threads. Since most devs have high end phones like Galaxy S4 and Note 2 etc.
Sent from my (Verizon) Samsung Galaxy S4 using the XDA app!
If I had the phone, I'd root it myself and create an informative thread. Should have it by next year if my buddy gets it and allows me to tinker with it lol.
Looking forward to more insight on the matter!
Sent from my SAMSUNG-SGH-T989 using xda app-developers app
Just saw this phone on the VZW site and droooooooled. I'm in construction, so the rugged phone appeals to me far more than all the high end hardware phones do.
Is stock ICS on it functional, or buggy? I'm thinking about picking it up on the EDGE pay as you go plan, but I was curious about usability during the time when I'm trying to root/recovery/flash the thing. It's been a while since I've done much custom ROM building, but if I can get a working recovery, it would be worth trying to build CM10.2 for this
RandomPooka said:
Just saw this phone on the VZW site and droooooooled. I'm in construction, so the rugged phone appeals to me far more than all the high end hardware phones do.
Is stock ICS on it functional, or buggy? I'm thinking about picking it up on the EDGE pay as you go plan, but I was curious about usability during the time when I'm trying to root/recovery/flash the thing. It's been a while since I've done much custom ROM building, but if I can get a working recovery, it would be worth trying to build CM10.2 for this
Click to expand...
Click to collapse
Its got its visual lag but overall it preforms well. It has great battery life and takes neat slow motion videos. Camera is a bit grainy for 8mp.
Sent from my Galaxy Nexus using xda app-developers app
Thanks for the heads up
ICS OK but how about jelly bean
AGoogleUser said:
Its got its visual lag but overall it preforms well. It has great battery life and takes neat slow motion videos. Camera is a bit grainy for 8mp.
Sent from my Galaxy Nexus using xda app-developers app
Click to expand...
Click to collapse
Got one for my wife and it is OK but wifi is buggy, Love to see CWM port and some custom roms with jelly bean.
Easy to root I have seen but need recovery. Hopefully CASIO comes out with a OTA.
Koush used to have a generic recovery cooker on his website. Plug in the mount points for system, data, cache, and boot along with some other stuff (I can't remember what offhand) and it spits out a recovery for your device. Might be worth looking into
AGoogleUser said:
I did I quick Google search and found some links to people fining a way to root but since they cant navigate in recovery they cant load a ROM. Maybe someone can flash a recovery with fastboot or adb.
Sent from my C811 4G using xda app-developers app
Click to expand...
Click to collapse
I'm a noob to the world of all things root I have the original commando the is the m140 root impossible. I'm considering the C811 Commando2 is it root capable All I really want is to be able to remove the bloatware Verizon is likely to put on there. Would that be possible?
http://builder.clockworkmod.com/
This is the one I was thinking of. If any of you are rooted and have the information required here, make a backup up the recovery partition and give it a shot. What's the worst that could happen, you restore the backup? This is assuming you CAN read and write to the recovery with adb/fastboot.
I bought c811 as a second phone to use it in a gsm network, everything works perfectly out of the box but phone is rejecting all incoming calls, I've read exactly the same is happening to people using phone in Canada gsm networks and with at&t sim cards. I've rooted the phone and I've disabled all Verizon bloatware but no luck.
Any clue about this will be highly appreciated.
Sent from my GT-I9295 using XDA Premium 4 mobile app
Can anyone please share stock C811 ROM or Clockworkmod backup?
Edit: no longer I need it.
Please read the entire thread, where it's discussed that there are no known recoveries or roms for this device. I don't have the means to buy one outright, so I can't actually attempt anything with it
---------- Post added at 02:03 PM ---------- Previous post was at 02:02 PM ----------
And that's not even a guarantee that I'd end up producing results. It just means that there's someone willing to attempt dev work on it
casio commando 4g lte italy
RandomPooka said:
Please read the entire thread, where it's discussed that there are no known recoveries or roms for this device. I don't have the means to buy one outright, so I can't actually attempt anything with it
---------- Post added at 02:03 PM ---------- Previous post was at 02:02 PM ----------
And that's not even a guarantee that I'd end up producing results. It just means that there's someone willing to attempt dev work on it
Click to expand...
Click to collapse
I i'm new on this forum and i need some help on how to root a casio commando 4g lte to use it in italy or whit another operator.
Can some one help me ??
tnx to all
RandomPooka said:
Please read the entire thread, where it's discussed that there are no known recoveries or roms for this device. I don't have the means to buy one outright, so I can't actually attempt anything with it
---------- Post added at 02:03 PM ---------- Previous post was at 02:02 PM ----------
And that's not even a guarantee that I'd end up producing results. It just means that there's someone willing to attempt dev work on it
Click to expand...
Click to collapse
I'm running rooted C811.
Clockworkmod can be downloaded here. Note: don't flash root from that page.
Obtain root from UnlockRootPro.
CA-201L Root and Recovery

Ad Blocking

I have always used adaway on my devices but it does not seem to work properly for me on this device. I am running Verizon One Max stock rom, Rooted, S-off, bootloader is relocked. Should it be working with these settings.
as far as i know there is no relation between your rom/s-off/bootloader or anything else. it should work if you have it installed and running properly.
Its not. I'm not sure what's going on. A little more info. If I try to open the host file from the adaway app nothing happens. When using any root app that wants to reboot the phone it just closes and I have to reboot manually. Not sure if this is related but it is what I have found.
Sent from my HTC6600LVW using xda app-developers app
bender6681 said:
Its not. I'm not sure what's going on. A little more info. If I try to open the host file from the adaway app nothing happens. When using any root app that wants to reboot the phone it just closes and I have to reboot manually. Not sure if this is related but it is what I have found.
Sent from my HTC6600LVW using xda app-developers app
Click to expand...
Click to collapse
I had the same issue with the Sprint variant until I install an unsecure boot.img. Without the unsecure boot.img root was not functioning correctly. Not sure if this is the exact same issue or not, but its worth looking into, and before you ask: No I don't have a unsecure boot.img for the Vzw device, and no the one for Sprint should not work on the Vzw device.
Thanks for the info. I know the sprint version is no good to me. I have been all over Google and am guessing a Verizon unsecured boot.IMG is just not available right now. If anyone out there knows a link please help.
Sent from my HTC6600LVW using xda app-developers app
bender6681 said:
Thanks for the info. I know the sprint version is no good to me. I have been all over Google and am guessing a Verizon unsecured boot.IMG is just not available right now. If anyone out there knows a link please help.
Sent from my HTC6600LVW using xda app-developers app
Click to expand...
Click to collapse
I believe one or two people are working on providing the Verizon files and/or an ruu. Not sure what issue you might be having as I am on Verizon and don't seem to be having issues with adblock plus. I have not relocked my bootloader since running rumrunner though. So for now you may have to do without fingerprint and leave bootloader unlocked until the files come out.
Jiggity Janx said:
I believe one or two people are working on providing the Verizon files and/or an ruu. Not sure what issue you might be having as I am on Verizon and don't seem to be having issues with adblock plus. I have not relocked my bootloader since running rumrunner though. So for now you may have to do without fingerprint and leave bootloader unlocked until the files come out.
Click to expand...
Click to collapse
I unlocked it again and rerooted just to be safe. Still no good. The only thing I see that has changed is ad away now shows me the host file when I tell it to. It is full of blocked things but it is not blocking. I added a site manually and rebooted. I can still get to the site. I will try ad block plus. Maybe it will work better.
bender6681 said:
I unlocked it again and rerooted just to be safe. Still no good. The only thing I see that has changed is ad away now shows me the host file when I tell it to. It is full of blocked things but it is not blocking. I added a site manually and rebooted. I can still get to the site. I will try ad block plus. Maybe it will work better.
Click to expand...
Click to collapse
Last post I care to make on this issue. I am just going to deal with it. Someone released the insecure boot.img for verizon but it still does not solve my issue. No ads are blocked.
My device also face that problem like after reboot device the adblock app disable itself again.
Sent from my GT-P5100 using XDA Premium 4 mobile app

Native root method found! Towelroot.com (CVE-2014-3153)

Just found this thread that confirms root for the vzw and att s5.
http://forum.xda-developers.com/showthread.php?t=2780319
Would this vulnerability work on the s4 with kitkat?
Here's info on the exploit (CVE-2014-3153):
http://seclists.org/oss-sec/2014/q2/467
http://www.reddit.com/r/netsec/comments/27fl04/another_linux_kernel_exploit_this_time_reachable/
http://www.securelist.com/en/advisories/59029
Edit @geohot has made a root method that works. All you have to do is go to http://towelroot.com and click the icon in the center to download tr.apk . Install the tr.apk after allowing installation from unknown sources. The click the button to root and the phone will reboot and you will have root. I recommend you download the updatesupersu1.99 zip and install the supersu from the common folder after extracting.
joshuabg said:
Just found this thread that confirms root for the vzw and att s5.
http://forum.xda-developers.com/showthread.php?t=2780319
Would this vulnerability work on the s4 with kitkat
Here's info on the exploit.
http://seclists.org/oss-sec/2014/q2/467
http://www.reddit.com/r/netsec/comments/27fl04/another_linux_kernel_exploit_this_time_reachable/
http://www.securelist.com/en/advisories/59029
Click to expand...
Click to collapse
That vulnerability is going to be like Cube's getroot - it's going to work on a huge number of devices.
I've been looking on how to exploit it but haven't had much time to devote to it, but apparently it's been cracked for at least one phone.
We'll have native root on the S4/S5 and who knows what else pretty soon if I'm not mistaken. Good news.
Any devs willing to work on this? @k1mu @Surge1223 @ryanbg
Sent from my SCH-I545 using Tapatalk
After reading the linked post it seems this is more a "nah-na-nah-na boo-boo" thing. It's not released, but it does give me hope that we can get a native root method like JB had.
My question is, to what end? Surge's pre - rooted functions well and is effectively stock, would this make any functionality differences vs a pre rooted rom?
Sent from Tapatalk on my rooted Verizon NC5 Galaxy S4
ffchampmt said:
After reading the linked post it seems this is more a "nah-na-nah-na boo-boo" thing. It's not released, but it does give me hope that we can get a native root method like JB had.
My question is, to what end? Surge's pre - rooted functions well and is effectively stock, would this make any functionality differences vs a pre rooted rom?
Sent from Tapatalk on my rooted Verizon NC5 Galaxy S4
Click to expand...
Click to collapse
It would be easier to do, and for example, if you dont flash SuperSu before a reboot after installing a rom, you will lose root and have to start the downgrade and upgrade process all over again. If there was a native root method all you would have to do would be to probably run a script on your computer with your phone plugged in and you will have root back. I'd imagine it would be safer and have less chance of bricking.
I actually prefer the more difficult hacks...less likely to be exploited for malware. Not saying this one will be or even could be, but easy root is not necessarily good. I'm sure jcase is shaking his finger at everyone somewhere, lol.
Sent from my SCH-I545 using Tapatalk
brizey said:
I actually prefer the more difficult hacks...less likely to be exploited for malware. Not saying this one will be or even could be, but easy root is not necessarily good. I'm sure jcase is shaking his finger at everyone somewhere, lol.
Sent from my SCH-I545 using Tapatalk
Click to expand...
Click to collapse
I think jcase liked that a guy got root from this on the att s5. But jcase isn't working on this because he is on break.
Sent from my OtterX running SlimKat 4.4.3 using Tapatalk
joshuabg said:
Any devs willing to work on this? @k1mu @Surge1223 @ryanbg
Sent from my SCH-I545 using Tapatalk
Click to expand...
Click to collapse
As I said above, I'm already working on it. Been on travel all week and very busy, but I do intend to try to exploit this.
k1mu said:
As I said above, I'm already working on it. Been on travel all week and very busy, but I do intend to try to exploit this.
Click to expand...
Click to collapse
I for one would love this as I have had zero ability to use any of the other ways for rooting my s4...I have had every problem trying every method so I have just given up and would love this...thanks anyone for working on it...
It's already worked out question is how the bounty is going to be paid and or split. It's not just one persons work but a bunch of contribute used info being used and who will get full credit. The bounty is what's holding up release because now yall want to pay
Sent from my SAMSUNG-SM-N900A using Tapatalk
joshuabg said:
Any devs willing to work on this? @k1mu @Surge1223 @ryanbg
Sent from my SCH-I545 using Tapatalk
Click to expand...
Click to collapse
@joshuabg @k1mu @Surge1223 @ryanbg
count me in for testing....[emoji41][emoji106]
☆Swyped From California Chrome Custom☆
Cod3L1ne said:
It's already worked out question is how the bounty is going to be paid and or split. It's not just one persons work but a bunch of contribute used info being used and who will get full credit. The bounty is what's holding up release because now yall want to pay
Sent from my SAMSUNG-SM-N900A using Tapatalk
Click to expand...
Click to collapse
As I've said before, bounties aren't my motivation. I post what I find and make it public.
This particular vulnerability is an interesting one, with a good potential for exploit. It is not going to be easy to exploit across a large number of phones.
Cod3L1ne said:
It's already worked out question is how the bounty is going to be paid and or split. It's not just one persons work but a bunch of contribute used info being used and who will get full credit. The bounty is what's holding up release because now yall want to pay
Sent from my SAMSUNG-SM-N900A using Tapatalk
Click to expand...
Click to collapse
Easy first one to post the root or a stock rooted image... if someone has it but another puts it up for public use, then they should get the whole bounty not one who shows it but does not share... JMO.
Sent from my SAMSUNG-SM-G900A
k1mu said:
As I've said before, bounties aren't my motivation. I post what I find and make it public.
This particular vulnerability is an interesting one, with a good potential for exploit. It is not going to be easy to exploit across a large number of phones.
Click to expand...
Click to collapse
I was told by someone on another forum that's been looking at it for the RAZR HD/M that it needs to be able to directly access memory, which as we know, can't be done in Java. Are you looking at doing it in C? Just a curiosity is all.
Would this method allow custom kernels? Or just root?
Sent from my SCH-I545 using Tapatalk
sherdog16 said:
Would this method allow custom kernels? Or just root?
Sent from my SCH-I545 using Tapatalk
Click to expand...
Click to collapse
Just root. Unlocked bootkoader is needed for custom kernels.
Sent from my white SM G900V on XDA Premium 4
Probably Safestrap recovery by @Hashcode just like ATT S4 and Note 3..... per my buddy @Surge1223 we might able to use Note3 Kitkat Safestrap Recovery v3.72.... time would tell.
☆Swyped From California Chrome Custom☆
I couldn't care or less if they release this root method. We already have several pre rooted ROMs with kitkat. I understand the exploit could be easier to root but I don't care how long it takes to root. I just want an unlocked bootloader. If anything we need to get more people to add to the bounty to maybe attract attention. And get as many devs working on it as possible. I am sure surge is probally getting tired of working on this for so long. It's been close to a year and nothing since loki. I bought my s4 because I thought it could be unlocked but I bought it just around the time Verizon patched loki which sucks
Sent from my SCH-I545 using XDA Free mobile app
Im just curious. Will this exploit trip the Knox counter?
Sent from my white SM G900V on XDA Premium 4
I hate to burst everyone's bubble, but this vulnerability is very difficult to exploit, and even if done correctly, will not be stable on the majority of devices. @jcase has already taken a look at this since the day it came out, and if he says it's not worth the time, it's not worth the time. Geohot may have been able to exploit it, but you only have access to a root shell for 15-20 seconds before the device becomes unstable and shuts down. SEAndroid is also an obstacle after the vulnerability has been exploited. While it's certainly possible, it's a bit far out of the ballpark to be feasible at this point in time.

Categories

Resources