Finding kernel/chipset exploits for android rooting - Android Q&A, Help & Troubleshooting

I've been trying to root my Huawei y6 prime for a while now, and after getting to know that bootloader unlocking is a mandatory intermediary process, which itself requires a code during the unlocking process, thus i had to resort to bruteforcing the code but it just doesn't work properly. After some research, i come to realize that some privilege escalation exploits that affects vulnerabilities at the android kernel or the chipsets i.e. android-dirty-pipe and mtk-su, can be used to gain root privileges instead of the "typical" aforementioned one or ready-made android applications.
The question is -if i'm understanding it correctly- How can i find the respective exploits that works for my phone? Is there an index or a more feasible way of aggregating possible exploits that can work with my phone's kernel/android build/chipset/model?
I was skeptic about the fact that being unable to obtain bootloader unlock token is the end of the road as most previous threads claim!

polendina said:
I've been trying to root my Huawei y6 prime for a while now, and after getting to know that bootloader unlocking is a mandatory intermediary process, which itself requires a code during the unlocking process, thus i had to resort to bruteforcing the code but it just doesn't work properly. After some research, i come to realize that some privilege escalation exploits that affects vulnerabilities at the android kernel or the chipsets i.e. android-dirty-pipe and mtk-su, can be used to gain root privileges instead of the "typical" aforementioned one or ready-made android applications.
The question is -if i'm understanding it correctly- How can i find the respective exploits that works for my phone? Is there an index or a more feasible way of aggregating possible exploits that can work with my phone's kernel/android build/chipset/model?
I was skeptic about the fact that being unable to obtain bootloader unlock token is the end of the road as most previous threads claim!
Click to expand...
Click to collapse
Hello and good morning, @polendina
Welcome to XDA. I hope you'll always find and get the support you require.
However, prior to your next posting please read the guidances that are stuck on top of every forum like
Note: Questions go in Q&A Forum
If you are posting a Question Thread post it in the Q&A forum. Technical discussion of Android development and hacking. No noobs, please. Device-specific releases should go under the appropriate device forum...
forum.xda-developers.com
and the others. I've moved the thread to Android Q&A.
Thanks for your cooperation!
Regards
Oswald Boelcke
Senior Moderator

I'd like to know more about this. In bootloader locked phones, what is keeping it locked? Any way to use hashcat or something to crack the bootloader lol

mnemesis said:
I'd like to know more about this. In bootloader locked phones, what is keeping it locked? Any way to use hashcat or something to crack the bootloader lol
Click to expand...
Click to collapse
I can't tell if you're for real or not, but anyhow i have no clue.

Related

Doubts regarding rooting my out-of-warranty Samsung Galaxy phone

Hi. I own a Samsung Galaxy A9 Pro (2016) (SM-A910F/DS) with Android 8.0 (August security patch). It is now out of warranty. I want to root it. I do have prior experience in rooting my secondary Android phone but this phone is my daily driver and hence want some doubts cleared before attempting to root it using Odin. Following are the questions I need answers for:-
I am just going to root my phone to do some small scale customisation. I don't want to flash a custom or stock ROM. Some sources on the internet say that simply rooting the phone won't trip its KNOX flag while others say it will. What is the truth?
If indeed the KNOX flag gets tripped, will I ever be able to use Samsung Pay on my phone again?
If the KNOX flag doesn't trip, will Samsung Pay work on a rooted phone?
The firmware.mobi site hasn't yet updated the SM-A910F's firmware version to that of Android 8.0. My phone had received the Oreo update on 18th October, 2018. Can I still root my phone using whatever latest CF-Auto-Root package I get from there?
How to know if my phone is encrypted? I am confused about this because I haven't manually enabled any kind of encryption on my phone but since there is so much caution regarding rooting an encrypted phone, I don't want to take any chance.
So, these are the 5 questions which I want satisfactory answers for before I root my phone. A good explanation which will ward off my anxiety will be highly appreciated. Thanks in advance!
Deepak_HK said:
Hi. I own a Samsung Galaxy A9 Pro...........
Click to expand...
Click to collapse
I don't have this device but, the following area of the forum has been where the majority of the A9 threads have been posted (even though it only goes up to the A8 device).
https://forum.xda-developers.com/samsung-a-series
With that guidance...
The following threads are only a few available but, it's a good start for this type of question your asking that's specific to your device. Don't be afraid to ask for some member guidance within one of them too.
https://forum.xda-developers.com/showthread.php?t=3859241
https://forum.xda-developers.com/showthread.php?t=3426701
Good Luck!
EDIT: I just wanted to let you know that I had just created the following post to ask the Admin to add the A9 Series to the above area of the forum. :thumbup:
https://forum.xda-developers.com/showthread.php?p=78061332
~~~~~~~~~~~~~~~
UNLESS asked to do so, PLEASE don't PM me regarding support. Sent using The ClaRetoX Forum App on my SM-G900T device.
Ibuprophen said:
I don't have this device but, the following area of the forum has been where the majority of the A9 threads have been posted (even though it only goes up to the A8 device).
https://forum.xda-developers.com/samsung-a-series
Click to expand...
Click to collapse
I have now posted this thread there as well. The lack of A9 in the list of devices had discouraged me from posting there.
Ibuprophen said:
With that guidance...
The following threads are only a few available but, it's a good start for this type of question your asking that's specific to your device. Don't be afraid to ask for some member guidance within one of them too.
https://forum.xda-developers.com/showthread.php?t=3859241
https://forum.xda-developers.com/showthread.php?t=3426701
Good Luck!
Click to expand...
Click to collapse
Thanks. But these threads are quite confusing and less appealing to trust.
Ibuprophen said:
EDIT: I just wanted to let you know that I had just created the following post to ask the Admin to add the A9 Series to the above area of the forum. :thumbup:
https://forum.xda-developers.com/showthread.php?p=78061332.
Click to expand...
Click to collapse
Thanks!
Deepak_HK said:
......... Thanks!
Click to expand...
Click to collapse
I understand your frustration but, please remember that developments for devices sometimes take a while before any developments begin to emerge. This is especially true for many Samsung devices too.
Also, the more members who request for a device the better. I can only encourage you to also request for the A9 Series device within the thread from the link that I had provided you with (the last one on my previous post).
Good Luck!
~~~~~~~~~~~~~~~
UNLESS asked to do so, PLEASE don't PM me regarding support. Sent using The ClaRetoX Forum App on my SM-G900T device.
Yes, rooting your phone with CF / TWRP will trip Knox and disable Samsung Pay. Google Pay however will work on a device that has been returned to stock, but not one that has active root. Since it's looking for root as opposed to a Knox bit, this can probably be masked pretty easily if you wanted to use it on a rooted device.
Looking on firmware.mobi, I see 3 releases already for CF on Android 8.0 for your phone.
And your phone most definitely is encrypted. Any Samsung with Android 7.0 from the factory is encrypted. The exception is devices that were running Android 6 or lower that have been upgraded to 7+ and weren't encrypted by the user beforehand.

Help needed to root Viewsonic VSD243 non-GMS device

Hi all,
I'm hoping one the XDA geniuses can help with a challenge I have!
I have a Viewsonic VSD243 I bought second hand to give to my kids but didn't realize it's a non-GMS device and therefore doesn't support playstore. Most of the apps the kids want need playstore so have been looking for a way to get playstore working without luck. Now I know why it was so cheap!
The bootloader is locked and I haven't been able to get to the bootloader to unlock as there are no physical volume buttons on the device and abd reboot bootloader just restarts the device...fastboot is not finding a device no matter what I try. I've been attempting various other workarounds for weeks with no luck (e.g. methods used for Huawei devices using apps like chat partner, ) but not had any luck
Please could someone recommend a method(s) to unlock the bootloader / root the device given the above (especially with the restriction of not having physical volume keys)? Ideally I'd like to create a dual boot on the device, one with existing ROM and one with custom (e.g. via Magisk) but can't get to root :-(
Your help would be really appreciated
Jaggedboy said:
Hi all,
I'm hoping one the XDA geniuses can help with a challenge I have!
I have a Viewsonic VSD243 I bought second hand to give to my kids but didn't realize it's a non-GMS device and therefore doesn't support playstore. Most of the apps the kids want need playstore so have been looking for a way to get playstore working without luck. Now I know why it was so cheap!
The bootloader is locked and I haven't been able to get to the bootloader to unlock as there are no physical volume buttons on the device and abd reboot bootloader just restarts the device...fastboot is not finding a device no matter what I try. I've been attempting various other workarounds for weeks with no luck (e.g. methods used for Huawei devices using apps like chat partner, ) but not had any luck
Please could someone recommend a method(s) to unlock the bootloader / root the device given the above (especially with the restriction of not having physical volume keys)? Ideally I'd like to create a dual boot on the device, one with existing ROM and one with custom (e.g. via Magisk) but can't get to root :-(
Your help would be really appreciated
Click to expand...
Click to collapse
@Jaggedboy
Welcome to XDA. I hope you'll always get the support you require.
However, prior to your next posting please read the guidances that are stuck on top of every forum like
Note: Questions go in Q&A Forum
If you are posting a Question Thread post it in the Q&A forum. Technical discussion of Android development and hacking. No noobs, please. Device-specific releases should go under the appropriate device forum...
forum.xda-developers.com
and the others. I've moved the thread to Android Q&A.
Thanks for your cooperation.
Regards
Oswald Boelcke
Senior Moderator
I successfully unlocked and rooted a VSD231 with KingoRoot.apk just say no to all the junk it tries to put on it. I am going from memory a long time ago.
thank you for responding and good to know you managed with a viewsonic device. I'll give it a go as don't have many other options...
I spoke to Viewsonic and was told the only way to get playstore was to jailbreak the device and put on an alternate ROM...when I asked how to unlock the bootloader to do it they said they couldn't / wouldn't tell me :-( !!
When I talked to them years ago, they were very surprised that I unlocked and rooted my VSD231.

Combination Firmware for Samsung Galaxy J4 (SM-J400F) - Binary version U9

Hi guys. There seems to be no thread for Galaxy J4 despite requests to put it up so my sincere apologies if I've missed it. Got my sister's J4 on FRP lock. She hadn't enabled USB debugging nor OEM unlock in Developer options. I've watched tons of tutorials on how to unlock but it's dawned on me that none of these methods can work with the bootloader locked. The only way I think I can do that is by flashing the exact combination firmware then enabling USB debugging and OEM unlock then attempting FRP unlock. Problem is, the available combination firmware I've come across are binary versions U1 to U7. This phone is binary version U9. I've scoured the internet for this specific combination firmware to no avail. Anyone knows where I can find it? It's been a long 3 months of searching am almost giving up.
seya90210 said:
Hi guys. There seems to be no thread for Galaxy J4 despite requests to put it up so my sincere apologies if I've missed it. Got my sister's J4 on FRP lock. She hadn't enabled USB debugging nor OEM unlock in Developer options. I've watched tons of tutorials on how to unlock but it's dawned on me that none of these methods can work with the bootloader locked. The only way I think I can do that is by flashing the exact combination firmware then enabling USB debugging and OEM unlock then attempting FRP unlock. Problem is, the available combination firmware I've come across are binary versions U1 to U7. This phone is binary version U9. I've scoured the internet for this specific combination firmware to no avail. Anyone knows where I can find it? It's been a long 3 months of searching am almost giving up.
Click to expand...
Click to collapse
Hello and good afternoon, @seya90210
Welcome to XDA although you're already a long time member. I hope you'll always find and get the support you require.
However, prior to your next posting please read the guidances that are stuck on top of every forum like
Note: Questions go in Q&A Forum
If you are posting a Question Thread post it in the Q&A forum. Technical discussion of Android development and hacking. No noobs, please. Device-specific releases should go under the appropriate device forum...
forum.xda-developers.com
and the others. I've moved the thread to Android Q&A.
Thanks for your cooperation!
Regards
Oswald Boelcke
Senior Moderator
Thanks for that. An oversight on my part.. Will adhere to the guides.

What makes Bootloader locked again?

id like to root my phone but i have to pay for the bootloader unlock service as im using huawei devices
so to be precise i dont want to pay again if i somehow locked it again
so i need what causes bootloader to locked again
nabil321 said:
id like to root my phone but i have to pay for the bootloader unlock service as im using huawei devices
so to be precise i dont want to pay again if i somehow locked it again
so i need what causes bootloader to locked again
Click to expand...
Click to collapse
If you're asking whether the bootloader can be automatically or inadvertently locked, the answer is no.
Unlocking and locking the bootloader are intended to be deliberate acts requiring specific commands. Once your bootloader is unlocked, the only way you can lock it is by using fastboot commands, the same way you unlocked it.
Keep in mind that if the software on your device is not absolutely 100% genuine OEM, locking the bootloader will most likely render the device unusable.
nabil321 said:
id like to root my phone but i have to pay for the bootloader unlock service as im using huawei devices
so to be precise i dont want to pay again if i somehow locked it again
so i need what causes bootloader to locked again
Click to expand...
Click to collapse
Hello and good afternoon, @nabil321
Welcome to XDA! I hope you'll alawys get the support your require.
However, prior to your next posting please read the guidances that are stuck on top of every forum like
Note: Questions go in Q&A Forum
If you are posting a Question Thread post it in the Q&A forum. Technical discussion of Android development and hacking. No noobs, please. Device-specific releases should go under the appropriate device forum...
forum.xda-developers.com
and the others. I've moved your thread to Android Q&A.
Thanks for your cooperation!
Regards
Oswald Boelcke
Senior Moderator
nabil321 said:
id like to root my phone but i have to pay for the bootloader unlock service as im using huawei devices
so to be precise i dont want to pay again if i somehow locked it again
so i need what causes bootloader to locked again
Click to expand...
Click to collapse
depending on your device, you do not need unlock service, use hardware testpoint (requires dissassembly the phone)
the software you can use is potatonv

S918N is possible rooting with out know security issues

Hello, I am a person who lives in South Korea and wants to root. Perhaps because of s918n's n, all community methods fail frequently. Even the installation of twrp has not been successful yet, but the note 9 that is playing at home succeeds in less than an hour after starting work..
I'm too beginner, so the current factor I figured out is that each region in the world has a different model, and as an identifier, n means South Korea, that is, it's impossible until twrp and rom suitable fo
r phones with n come out..
I am wondering if my analysis is correct. Oh, and currently, as far as I know, my model does not have a rooting method.. Is this correct?
korbyhygy said:
Hello, I am a person who lives in South Korea and wants to root. Perhaps because of s918n's n, all community methods fail frequently. Even the installation of twrp has not been successful yet, but the note 9 that is playing at home succeeds in less than an hour after starting work..
I'm too beginner, so the current factor I figured out is that each region in the world has a different model, and as an identifier, n means South Korea, that is, it's impossible until twrp and rom suitable fo
r phones with n come out..
I am wondering if my analysis is correct. Oh, and currently, as far as I know, my model does not have a rooting method.. Is this correct?
Click to expand...
Click to collapse
Hello and good afternoon, @korbyhygy Welcome to XDA! I hope you'll always get the support you require.
However, prior to your next posting please read the guidances that are stuck on top of every forum like
Note: Questions go in Q&A Forum
If you are posting a Question Thread post it in the Q&A forum. Technical discussion of Android development and hacking. No noobs, please. Device-specific releases should go under the appropriate device forum...
forum.xda-developers.com
and the others. I've moved your thread to Android Q&A.
Thanks for your cooperation!
Regards
Oswald Boelcke
Senior Moderator
korbyhygy said:
Hello, I am a person who lives in South Korea and wants to root. Perhaps because of s918n's n, all community methods fail frequently. Even the installation of twrp has not been successful yet, but the note 9 that is playing at home succeeds in less than an hour after starting work..
I'm too beginner, so the current factor I figured out is that each region in the world has a different model, and as an identifier, n means South Korea, that is, it's impossible until twrp and rom suitable fo
r phones with n come out..
I am wondering if my analysis is correct. Oh, and currently, as far as I know, my model does not have a rooting method.. Is this correct?
Click to expand...
Click to collapse
Are you trying to root your phone or install a custom ROM?
I have failed all the methods on the s23ultra bulletin board. Please give me the address where I can download the twrp and rom files that have been verified to work on the current s918n..
ethical_haquer said:
Are you trying to root your phone or install a custom ROM?
Click to expand...
Click to collapse
yep i want..
korbyhygy said:
yep i want..
Click to expand...
Click to collapse
I don't quite understand what you want (Sorry, language barrier), but to root your device follow Magisk's official Installation Instructions. I beleive there are currently no custom ROMs for your device because your device is so new. Let me know if you have any questions!
korbyhygy said:
I have failed all the methods on the s23ultra bulletin board. Please give me the address where I can download the twrp and rom files that have been verified to work on the current s918n..
Click to expand...
Click to collapse
If you are trying to flash the stock OneUI, follow the directions here. Once again, please let me know if you have any questions.
AnswerThank you so much, I finally succeeded. I'm still not sure what exactly happened, so I don't even know why it happened, but...
First of all, I succeeded in obtaining superuser privileges, and I am enjoying all the privileges after rooting, such as installing the Majisk module. First of all, I was determined, but in the end, the point that the banking app and the Korean multifinancial integration app called TOS are not open after rooting is more difficult and nerve-wracking than I thought... First of all, since I have entered the world of rooting, I will enjoy a little and identify the cause later...
Thank you so much for your interest and help
Translated with DeepL
korbyhygy said:
AnswerThank you so much, I finally succeeded. I'm still not sure what exactly happened, so I don't even know why it happened, but...
First of all, I succeeded in obtaining superuser privileges, and I am enjoying all the privileges after rooting, such as installing the Majisk module. First of all, I was determined, but in the end, the point that the banking app and the Korean multifinancial integration app called TOS are not open after rooting is more difficult and nerve-wracking than I thought... First of all, since I have entered the world of rooting, I will enjoy a little and identify the cause later...
Thank you so much for your interest and help
Translated with DeepL
Click to expand...
Click to collapse
Nice! As for banking apps, there are plenty of threads here on XDA about getting those to work. Good luck!

Categories

Resources