Related
I've rooted my GT 10.1 but I have two questions that I can't find the answer.
1. Has anyone discovered how to unroot back to stock?
2. If rooted, will I be able to get the OTA of touchwiz by checking for updates under settings?
PS I flashed the TouchWiz UX found in this forum. Got to say it is really nice and I can't wait to get the version from Sammy. I then restored a backup using Rom Manager and restored fine except when checking for software updates. It used to say no update available, but today it says failed to connect to servers. Anyone else getting this error?
I guess that is actually 3 questions.
Thanks
1. Unrooting is pretty simple. Just flash the 3.1 OTA in the dev forum, after doing a full wipe. If you feel the need to go back to full stock, you'll also want to nvflash back to the original retail recovery, which you undoubtedly saved when you first rooted.
2. No one knows yet, but rest assured, within a day (less probably) of the update being released, it'll be available here as a rooted flashable ROM. If you learn one thing from your time on XDA, it should be "never accept an OTA update." Let the devs pull it apart and repackage it in a nice root-safe download.
Undoubtedly! (I wish) I wasn't planning to root but while playing with Odin, I thought I was locked at the downloading screen while testing odin. (Didn't hold down the power button long enough to shut off tab) I thought my only solution was to continue and root. No problems rooting, it was easy. I just wanted to make sure I get the TouchWiz update. Now I learned my lesson I will never do an OTA update.
Glad you told me that, otherwise I probably would have screwed up my GT. I don't know how I missed the post about backing up the stock image first. I try to read a lot of posts (heck I even use the search box) before trying something new. Anyway, I'm sure it is posted in the forums somewhere if I need to find it.
Thanks!
pmsrefugee said:
Glad you told me that, otherwise I probably would have screwed up my GT.
Click to expand...
Click to collapse
It's not so much that you'll screw up your device by accepting an OTA, but rather that you might lose root and/or your custom recovery (perhaps permanently). Nevertheless, there are some cases of OTAs screwing up devices when accepted over non-stock installs, so IMHO its always best to wait for a flashable ROM.
pmsrefugee said:
I don't know how I missed the post about backing up the stock image first. I try to read a lot of posts (heck I even use the search box) before trying something new. Anyway, I'm sure it is posted in the forums somewhere if I need to find it.
Thanks!
Click to expand...
Click to collapse
Yes, I believe the stock retail recovery is posted in the CWM recovery download package here: http://forum.xda-developers.com/showthread.php?t=1130574. You'll note that Step 3 is where you were advised to backup your original stock recovery, although the step is (correctly) noted as optional. No big deal, in any event. Glad I could help.
I'm just wondering, I purchased a phone on ebay (not knowing it was flashed/rooted). The boot animation says "clean rom" so after researching this site and the forums for this device, I see that it's probably a rom you guys are familiar with and it seems to be ICS based (from what I can see). With that being said, does this mean when they actually RELEASE the stock ICS that I probably won't get the update to my phone? Because I really would like to see what their stock version will be like. Can anyone answer that question or has it even been asked before?
you can't take the OTA rooted or while unlocked but you can flash the RUU once it gets posted after relocking your phone. hopefully by then we will have s-off.
mighty_markus12 said:
you can't take the OTA rooted or while unlocked but you can flash the RUU once it gets posted after relocking your phone. hopefully by then we will have s-off.
Click to expand...
Click to collapse
So does this mean I will no longer be able to receive updates to my phone with this "s-off" or what ever? That sucks, and I can't seem to follow the steps that have been given to get it back to a stock rom or "ruu" what ever THAT means. lol ****that moment when you realize you might look dumb or "newbish" for posting what you just posted****
Your phone has been hacked a little bit, and it's always going to have tell-tale signs.
The worst case scenario is that you have to manually install the next official update and manually relock the phone, which will always say "Relocked" in the boot menu. But if you do everything by the book you should be able to get it back to stock in every other way, including taking subsequent updates over the air normally.
If they get s-off working and you're willing to experiment, it may be possible to completely revert the phone to stock. But that's quite a bit more hackage in order to get your phone "unhacked."
cpurick said:
Your phone has been hacked a little bit, and it's always going to have tell-tale signs.
The worst case scenario is that you have to manually install the next official update and manually relock the phone, which will always say "Relocked" in the boot menu. But if you do everything by the book you should be able to get it back to stock in every other way, including taking subsequent updates over the air normally.
If they get s-off working and you're willing to experiment, it may be possible to completely revert the phone to stock. But that's quite a bit more hackage in order to get your phone "unhacked."
Click to expand...
Click to collapse
To be honest, the only thing I really want is to be able to get it stock on the basis of the apps, getting system updates etc. I'm not concerned with it having evidence of being "tampered with" "hacked" or "rooted". lol It already says "re-locked" The problem is the instructions I've gotten on here seem to go over my head. I might have to be walked through it like a little 3 or 4 year old being taught to sound out little words for the first time. lol Hey, I'm just saying..... No seriously though, I have a MAC and all of the instructions here seem to be based on having a PC
This can be done. But you're going to need to have somebody who knows what they're doing relock and reset your phone from the official ICS RUU after it's released, probably from a PC. There's nothing can be done before then.
cpurick said:
This can be done. But you're going to need to have somebody who knows what they're doing relock and reset your phone from the official ICS RUU after it's released, probably from a PC. There's nothing can be done before then.
Click to expand...
Click to collapse
So this means I'll need to basically need to take or send it to someone to get this done? I don't know why all of these instructions seem like their in spanish to me now, about 3 years ago I used to flash and unlock WM devices almost every other day. I guess I should've never stopped, but once the g1 came out and switched to android devices I stopped flashing and now I'm lost because I need to "tamper with" my phone again, but can't seem to get going at all. I mean SERIOUSLY, I used to flash WM devices so often that if a certain period of time went by without me finding a rom worth "flashing" I'd start having withdrawals. Now i'm feeling like an absolute IDIOT when it comes to getting into these android devices. I think part of that has to do with the fact that I only had PC's and now not only am I trying to tamper with android for my first time, but I only have mac computers as well.
Go to settings, about phone, software information, more, and write what your baseband version is.
http://forum.xda-developers.com/showthread.php?t=1417839
This thread may help you getting osx and fastboot going so you can relock and run an ruu. As was stated above, what is your baseband? If the previous owner flashed the leaked ics you will not be able to go all the way back to stock until either an official ics is released or the s-off tool is released. Good luck!
Sent from my ADR6425LVW using XDA
Unless you have issues, I would leave it as is for the time being. Take time to learn how to do all the stuff you need to do.
The custom ROMs really do make the phone better, you may find you want to keep it in the end. Battery life is much better on a good ROM.
When the official update comes out, we will have a new ROM based on the update within a day or two at most of the release anyway.
The baseband (the radio firmware) is also important. And unfortunately we can not downgrade to older basebands due to not having S=off. So if you are on the newest leaked version then you can run the old stock software.
BTW S=off (or S=on) is a security flag located in the firmware. S=on limits what parts of the phone you can flash and change. S=off gives you full access, it will allow you to downgrade as well. S=off also makes it easier to brick your phone because it does let you change software that is bootstrap essential, the baseband and hboot (sort of like BIOS) for example.
I separate the idea of bootstrap from boot. Most people associate booting with the OS, but bricking effects the firmware initializing the hardware that allows the OS to load and boot. So you get to see the old school term used.
Kennnny1 said:
http://forum.xda-developers.com/showthread.php?t=1417839
This thread may help you getting osx and fastboot going so you can relock and run an ruu. As was stated above, what is your baseband? If the previous owner flashed the leaked ics you will not be able to go all the way back to stock until either an official ics is released or the s-off tool is released. Good luck!
Sent from my ADR6425LVW using XDA
Click to expand...
Click to collapse
The baseband is 1.22.10.0310r, 1.22.10.0308r It also says clean rom 4.1. I don't mind waiting until an offcial ics is released, but I will I be able to receive THAT instead having to have a "dev equivalent" version is what I'm wondering....
It's like I said. Those radios are new, and part of a firmware upgrade that can't be completely backed out. Your simplest bet is to wait for the official ICS release, and then you (or someone more technical) can apply it manually. After doing that and relocking your phone, it should start to take updates automatically again. You'll also have the full factory-installed "bloatware" suite of software.
It's possible to downgrade all the other parts of your software manually back to the latest stock release, but it's expected that your current upgraded firmware version will continue to prevent you from taking OTA releases. It would be good training, actually, though you'll get better results and more support from a PC than on a Mac. If you figured out how to do all this, then you could get your phone back on the HTC software track yourself.
Depending on your flexibility, maybe you can find someone here you could send your phone to who can put it back on the official release track. But even they won't be able to put a permanent fix on it until the official ICS release comes out and somebody uploads it as a manually-installable package.
---------- Post added at 10:08 AM ---------- Previous post was at 09:29 AM ----------
EDIT:
So did the seller not mention on eBay that the phone had been customized?
Some of the responses lean toward telling you how to flash your phone for yourself. Is that something you'd have any interest in? Do you really want to go back to stock, or do you just want to see the difference?
Are you having any problems with the phone?
The custom ROMs are better, overall, but they usually have one or two bugs that you have to learn to live with. (Which is not to say that stock ROMS are bug-free, though the final versions of stock ROMs tend to be very, very stable.) But if you are on custom ROMs, then you're completely off the automatic update path, and everything will have to be done manually.
So unless you want to learn how to flash your own phone, the only way to get updates is to set it back to stock so HTC and Verizon can handle the updates for you. And therein lies the dilemma, because that in itself is something which must be flashed manually from where you're currently at.
(Oh, and you're probably going to end up losing any of your own customizations in the process, though the data on your SD card should be safe.)
cpurick said:
It's like I said. Those radios are new, and part of a firmware upgrade that can't be completely backed out. Your simplest bet is to wait for the official ICS release, and then you (or someone more technical) can apply it manually. After doing that and relocking your phone, it should start to take updates automatically again. You'll also have the full factory-installed "bloatware" suite of software.
It's possible to downgrade all the other parts of your software manually back to the latest stock release, but it's expected that your current upgraded firmware version will continue to prevent you from taking OTA releases. It would be good training, actually, though you'll get better results and more support from a PC than on a Mac. If you figured out how to do all this, then you could get your phone back on the HTC software track yourself.
Depending on your flexibility, maybe you can find someone here you could send your phone to who can put it back on the official release track. But even they won't be able to put a permanent fix on it until the official ICS release comes out and somebody uploads it as a manually-installable package.
---------- Post added at 10:08 AM ---------- Previous post was at 09:29 AM ----------
EDIT:
So did the seller not mention on eBay that the phone had been customized?
Some of the responses lean toward telling you how to flash your phone for yourself. Is that something you'd have any interest in? Do you really want to go back to stock, or do you just want to see the difference?
Are you having any problems with the phone?
The custom ROMs are better, overall, but they usually have one or two bugs that you have to learn to live with. (Which is not to say that stock ROMS are bug-free, though the final versions of stock ROMs tend to be very, very stable.) But if you are on custom ROMs, then you're completely off the automatic update path, and everything will have to be done manually.
So unless you want to learn how to flash your own phone, the only way to get updates is to set it back to stock so HTC and Verizon can handle the updates for you. And therein lies the dilemma, because that in itself is something which must be flashed manually from where you're currently at.
(Oh, and you're probably going to end up losing any of your own customizations in the process, though the data on your SD card should be safe.)
Click to expand...
Click to collapse
Well, I've kind of decided to just keep what I have. I don't have any issues other and it seems to run smoothly. What I REALLY want to see is what the official update will be like as being "stock released" when it comes out and was concerned that I might not be able to get the update because of the "clean rom" I have now being ICS based (as far as I can see). Other than that, I'm fine until then.
You really should consider leaving negative feedback if they ebay seller did not state in the auction that the phone was rooted and running a custom rom. If I sell a phone and im too lazy to revert it to stock ill ALWAYS state its rooted and what its running in the auction etc
mdunn1066 said:
You really should consider leaving negative feedback if they ebay seller did not state in the auction that the phone was rooted and running a custom rom. If I sell a phone and im too lazy to revert it to stock ill ALWAYS state its rooted and what its running in the auction etc
Click to expand...
Click to collapse
Good point, I mentioned it in the feeback portion and rated him low on the "item described accurately" portion
I would just wait til offiical ics is released. I am sure there will be instructions here on xda on how to relock and flash the new official ics ruu. It will involve downloading some files and entering items into command prompt from PC.
sent from my Rezound
stelv said:
I would just wait til offiical ics is released. I am sure there will be instructions here on xda on how to relock and flash the new official ics ruu. It will involve downloading some files and entering items into command prompt from PC.
sent from my Rezound
Click to expand...
Click to collapse
The problem is I don't HAVE a PC. It's already "re-locked" though. I just want to be able to receive the update without having to deal with any other flashing etc. But from what I was told, I should be able to since the current flashed rom is nearly stock (clean rom) and I'm already re-locked. But I guess we'll just see....
refuse2bstopped said:
The problem is I don't HAVE a PC. It's already "re-locked" though. I just want to be able to receive the update without having to deal with any other flashing etc. But from what I was told, I should be able to since the current flashed rom is nearly stock (clean rom) and I'm already re-locked. But I guess we'll just see....
Click to expand...
Click to collapse
seems like people are giving you information that is kinda all over the place.
Lemme try and help clear this up, since you are in a odd scenario.
You are running cleanrom 4.1 on a re-locked phone. For starters, cleanrom 4.1 is based off the current ics LEAK and is not an official OTA update. Chances are high you won't be able to get the OTA if the rom is not a stock rom, and also because chances are you don't have a stock recovery even though it is relocked. Since you are currently on the latest leaked firmware, not an official firmware, you can run the RUU for the phone and go back to stock. In your case, your kinda lucky with this, as you don't technically need a computer to run it. You would need someone to extract the PH98IMG.zip file from the RUU.EXE file for you to run when the OTA comes out through Hboot.
Be for warned, doing it like this, will wipe all data.
I would say you should run the leaked RUU on the phone, as since it is a beta testing Leak, you should still get the OTA, and that way the phone will think it is completely stock and get the latest update.
If you wanna do this, ask and we can help you.
nosympathy said:
seems like people are giving you information that is kinda all over the place.
Lemme try and help clear this up, since you are in a odd scenario.
You are running cleanrom 4.1 on a re-locked phone. For starters, cleanrom 4.1 is based off the current ics LEAK and is not an official OTA update. Chances are high you won't be able to get the OTA if the rom is not a stock rom, and also because chances are you don't have a stock recovery even though it is relocked. Since you are currently on the latest leaked firmware, not an official firmware, you can run the RUU for the phone and go back to stock. In your case, your kinda lucky with this, as you don't technically need a computer to run it. You would need someone to extract the PH98IMG.zip file from the RUU.EXE file for you to run when the OTA comes out through Hboot.
Be for warned, doing it like this, will wipe all data.
I would say you should run the leaked RUU on the phone, as since it is a beta testing Leak, you should still get the OTA, and that way the phone will think it is completely stock and get the latest update.
If you wanna do this, ask and we can help you.
Click to expand...
Click to collapse
Yes, I'm VERY interested, I'm not worried much about the data wipe, between what's backed up to my google account and my SD card, I'll be fine with a data wipe. My battery life is also HORRIBLE for some reason with this rom, but since I've not had it stock yet, I guess I can't REALLY say it's good or bad. But my Droid Bionic's battery life was at least twice as good as this phone's seem to be and I don't use it any more than I did the Bionic.
I will tell you right now the battery life will most likely get worse if you go to stock.
Now if the person who sold it installed a custom kernel rather than the one Scott includes in his ROM (scott makes clean ROM) then battery life could be worse than it should be.
Second, this is a 4.3 inch HD screen... it eats battery like a starving animal.
Third, try cleanROM developers edition (a very striped out cleaned up stock based ROM) or cleanROM senseless. I am running cleanROM developers edition and I get double to triple the battery life over stock.
Unless I actually use the phone... When I use it a lot, I do not get that big of a jump. When using the phone the battery life will be similar due to the screen and CPU use remains similar to what stock would be. (which you would expect, the screen will always use the same power, same for CPU) Its when the phone is in standby mode that you see the real gains. Because all the extra junk that is in the stock software is pulled out and isn't constantly running in the background, waking the phone, starting the cell radio to phone home, etc.
Senseless and the Developers edition have their quirks caused by removing so much of the stock sense based apps and functions and replacing with AOSP versions. Thinks like the caller ID not showing up on the screen until you unlock the phone because the sense phone/dialer can not talk to the AOSP lockscreen. Nothing major just different.
http://forum.xda-developers.com/showthread.php?t=2578566
I don't know if you guys know about this... This allows unsigned kernel modules to be loaded on the equivalent of MI1. If anyone wants to take the steps described by the OP and build for NC5, this would open the ability to work on Kexec and AOSP via Safestrap (with the actual AOSP Kernel!).
npjohnson said:
http://forum.xda-developers.com/showthread.php?t=2578566
I don't know if you guys know about this... This allows unsigned kernel modules to be loaded on the equivalent of MI1. If anyone wants to take the steps described by the OP and build for NC5, then work on Kexec and AOSP via Safestrap (with the actual AOSP Kernel!).
Click to expand...
Click to collapse
So are you basically making this thread not to offer anything new, just to tell people to do more work for you?
Most of the S4 devs already saw that 8 months ago and did what they could with it...
scryan said:
So are you basically making this thread not to offer anything new, just to tell people to do more work for you?
Most of the S4 devs already saw that and did what they could with it...
Click to expand...
Click to collapse
Wow. Way to overreact dude. NO I am not telling you or anyone to do work for me. The ATT and Verizon forums find different things, and therefore, sometimes there is a delay in the info being transferred back and forth. Did anywhere in my post did I say/insinuate that I was forcing people to do work for me? NO, I did not, I just shared some info from the other forum, and you replied by complaining about me cross posting. Thanks for that.
I know that they have probably seen the initial post, but there are some helpful posts later in the thread that seemed interesting about building for later firmwares.
I then even proceeded to try and have been debugging it for the last hour or so...
Update
I tried to follow the steps in the OP of the mentioned thread, but loading an unsigned test module on NC5 fails, although BypassKSLM is loading... More work required.
I think that the fix should be somewhere in the:
if (krsp->ret == 0) {
pr_warn("TIMA: lkmauth--verification succeeded.\n");
ret = 0; /* ret should already be 0 before the assignment. */
As I failed to get ret=0 before assignment.
npjohnson said:
Wow. Way to overreact dude. NO I am not telling you or anyone to do work for me. The ATT and Verizon forums find different things, and therefore, sometimes there is a delay in the info being transferred back and forth. Did anywhere in my post did I say/insinuate that I was forcing people to do work for me? NO, I did not, I just shared some info from the other forum, and you replied by complaining about me cross posting. Thanks for that.
I know that they have probably seen the initial post, but there are some helpful posts later in the thread that seemed interesting about building for later firmwares.
I then even proceeded to try and have been debugging it for the last hour or so...
Click to expand...
Click to collapse
Cross posting from 8 months ago, after the maker of safestrap (who has accepted a job and recently abandoned further development) has tried and moved on from getting a working kexec...
Its great your working on it. But before bringing it to the main forum and getting people worked up it might be good to make even some progress, otherwise we are just looping back to where we were 8 months ago.
Beyond that.... Hasn't this been patched?
jeboo said:
I got this idea after reading about CVE-2013-6282 and seeing the source for it.
Click to expand...
Click to collapse
Its based on get get_user put_user exploit yes?
Surge hints at the same fact later, when he discusses whether or not it could be run on a S3
Surge1223 said:
This depends on whether or not you are able to root using saferoot or not (since its dependent on the get/put_user exploit) and whether your stock kernel was compiled with support for loading modules. You can check your kernel source config file to see.
Click to expand...
Click to collapse
Mentioning being able to run saferoot as an easy method to check and see if the exploit is still avalible, which on NC5 it wasn't right?
scryan said:
Cross posting from 8 months ago, after the maker of safestrap (who has accepted a job and recently abandoned further development) has tried and moved on from getting a working kexec...
Its great your working on it. But before bringing it to the main forum and getting people worked up it might be good to make even some progress, otherwise we are just looping back to where we were 8 months ago.
Beyond that.... Hasn't this been patched?
Its based on get get_user put_user exploit yes?
Surge hints at the same fact later, when he discusses whether or not it could be run on a S3
Mentioning being able to run saferoot as an easy method to check and see if the exploit is still avalible, which on NC5 it wasn't right?
Click to expand...
Click to collapse
My apologies for the misunderstanding on the NC5 part, I am using Surges Downgrade to 4.3, which (4.3) still has the get_user put_user exploit. Still NC5 BL, but 4.3 on /system. Plus if we got kexec working on downgraded 4.3, it wouldn't matter that it was 4.3 because we could just load a 4.4 kernel and rom.
My goal was to try to revive (restart from scratch) the project and see where it got to. I currently got a test module loading (what others have already gotten to), now I want to take my own crack at kexec. It probably won't bear fruit, it could though, and thats the idea... but regardless it is a good learning process.
Plus kexec isn't out only option... It works well with safestrap, but there are many other pieces that when put together can function alike kexec, one being ksplice.
npjohnson said:
My apologies for the misunderstanding on the NC5 part, I am using Surges Downgrade to 4.3, which (4.3) still has the get_user put_user exploit. Still NC5 BL, but 4.3 on /system. Plus if we got kexec working on downgraded 4.3, it wouldn't matter that it was 4.3 because we could just load a 4.4 kernel and rom.
My goal was to try to revive (restart from scratch) the project and see where it got to. I currently got a test module loading (what others have already gotten to), now I want to take my own crack at kexec. It probably won't bear fruit, it could though, and thats the idea... but regardless it is a good learning process.
Click to expand...
Click to collapse
I think part of the issue was something along the lines that the kernel is checked and if it does not pass the phone is shutdown/crippled/set into some mode.
Kexec may be slightly more relevant now that there is some access to the trusted zone, but I really have no idea what I am talking about on that one.
But before you worry too much about "Kexec" make sure you are aware of and understand checks on the kernels validity, if they are performed by the tz, and what/how much access to the tz there is now with Dan's latest... at least that my 2 cents.
It seemed the whole kexec thing kind of dead ended because the issue is a bit deeper then just getting a working kexec module and loading a new kernel.
scryan said:
I think part of the issue was something along the lines that the kernel is checked and if it does not pass the phone is shutdown/crippled/set into some mode.
Kexec may be slightly more relevant now that there is some access to the trusted zone, but I really have no idea what I am talking about on that one.
But before you worry too much about "Kexec" make sure you are aware of and understand checks on the kernels validity, if they are performed by the tz, and what/how much access to the tz there is now with Dan's latest... at least that my 2 cents.
It seemed the whole kexec thing kind of dead ended because the issue is a bit deeper then just getting a working kexec module and loading a new kernel.
Click to expand...
Click to collapse
I know. The main reason I posted this was to work in tandem with Dan's new TZ Exploit. It allows running unsigned code at TZ level, and the possibility of turning off TIMA almost altogether, with TIMA disabled, and low level unsigned code, writing a kexec module would the be the next step.
scryan said:
Cross posting from 8 months ago, after the maker of safestrap (who has accepted a job and recently abandoned further development) has tried and moved on from getting a working kexec...
Its great your working on it. But before bringing it to the main forum and getting people worked up it might be good to make even some progress, otherwise we are just looping back to where we were 8 months ago.
Beyond that.... Hasn't this been patched?
Its based on get get_user put_user exploit yes?
Surge hints at the same fact later, when he discusses whether or not it could be run on a S3
Mentioning being able to run saferoot as an easy method to check and see if the exploit is still avalible, which on NC5 it wasn't right?
Click to expand...
Click to collapse
Well back when I typed that the get_user/put_user exploit was the only exploit we had that could overwrite kernel memory. Now that we have towelroot its also theoretically possible to re-implement bypasslkm on NC5 depending on how they mightve patched it.
I tried doing this but since not many cared or even tried to make use of bypasslkm the first time around I didnt post my findings, nonetheless this info might be useful to future individuals trying to do the same. I really hope someone makes use of what im about to type.
So the first time around jeboo had an error log and was able to find the address to patch since we had kernel source and he probably decompressed the zimage and found the relevent lkmauth address.
There is another way to enable insecure module loading (using the same approach and address as bypasslkm) by using objdump on the vmlinux produced from compiling the kernel from source, then finding the following
1a000002 bne <copy_and_check.isra.22+xxx>
then by doing some math, and guess checking you can use devmem2 to write 0x0 to whatever address returned the ARM opcode 1a000002, for mk2 this address is 0x802c9d58 (may seem familiar if you have looked at bypasslkm.c)
I confirmed by manually writing writing 0x0 at 0x802c9d58 = modules verified and returning the value to 0x1a000002 = modules modified.
I tried to find <copy_and_check.isra.22+xxx> in NC5 kernel source however it is non-existant. I have not yet tried to decompress the zimage and search for the relevant lkmauth messages to see if bypasslkm is still able to be implemented or to see how it may have/may not have been patched. This is probably the first step I should have done, so anyone starting now should start with that step, decompressing the zimage and searching for the lkmauth messages and see how the check is implemented.
Surge1223 said:
Well back when I typed that the get_user/put_user exploit was the only exploit we had that could overwrite kernel memory. Now that we have towelroot its also theoretically possible to re-implement bypasslkm on NC5 depending on how they mightve patched it.
I tried doing this but since not many cared or even tried to make use of bypasslkm the first time around I didnt post my findings, nonetheless this info might be useful to future individuals trying to do the same. I really hope someone makes use of what im about to type.
So the first time around jeboo had an error log and was able to find the address to patch since we had kernel source and he probably decompressed the zimage and found the relevent lkmauth address.
There is another way to enable insecure module loading (using the same approach and address as bypasslkm) by using objdump on the vmlinux produced from compiling the kernel from source, then finding the following
1a000002 bne <copy_and_check.isra.22+xxx>
then by doing some math, and guess checking you can use devmem2 to write 0x0 to whatever address returned the ARM opcode 1a000002, for mk2 this address is 0x802c9d58 (may seem familiar if you have looked at bypasslkm.c)
I confirmed by manually writing writing 0x0 at 0x802c9d58 = modules verified and returning the value to 0x1a000002 = modules modified.
I tried to find <copy_and_check.isra.22+xxx> in NC5 kernel source however it is non-existant. I have not yet tried to decompress the zimage and search for the relevant lkmauth messages to see if bypasslkm is still able to be implemented or to see how it may have/may not have been patched. This is probably the first step I should have done, so anyone starting now should start with that step, decompressing the zimage and searching for the lkmauth messages and see how the check is implemented.
Click to expand...
Click to collapse
I lack the knowledge to even attempt this but I do hope another tries at least. I miss aosp. I'm coming from a HTC with s-off and I'm not used to the restrictions placed on such a locked down phone. I do hope that some work around for running an unsecured kernel will be found at least. Thanks for the information and hopefully it will be put to good use
Sent from my SCH-I545 using Xparent Skyblue Tapatalk 2
Surge1223 said:
Well back when I typed that the get_user/put_user exploit was the only exploit we had that could overwrite kernel memory. Now that we have towelroot its also theoretically possible to re-implement bypasslkm on NC5 depending on how they mightve patched it.
I tried doing this but since not many cared or even tried to make use of bypasslkm the first time around I didnt post my findings, nonetheless this info might be useful to future individuals trying to do the same. I really hope someone makes use of what im about to type.
So the first time around jeboo had an error log and was able to find the address to patch since we had kernel source and he probably decompressed the zimage and found the relevent lkmauth address.
There is another way to enable insecure module loading (using the same approach and address as bypasslkm) by using objdump on the vmlinux produced from compiling the kernel from source, then finding the following
1a000002 bne <copy_and_check.isra.22+xxx>
then by doing some math, and guess checking you can use devmem2 to write 0x0 to whatever address returned the ARM opcode 1a000002, for mk2 this address is 0x802c9d58 (may seem familiar if you have looked at bypasslkm.c)
I confirmed by manually writing writing 0x0 at 0x802c9d58 = modules verified and returning the value to 0x1a000002 = modules modified.
I tried to find <copy_and_check.isra.22+xxx> in NC5 kernel source however it is non-existant. I have not yet tried to decompress the zimage and search for the relevant lkmauth messages to see if bypasslkm is still able to be implemented or to see how it may have/may not have been patched. This is probably the first step I should have done, so anyone starting now should start with that step, decompressing the zimage and searching for the lkmauth messages and see how the check is implemented.
Click to expand...
Click to collapse
I though about TowelRoots ability to do the same as get_put, but understanding exactly how it (TR) works is tough due to llvm-obfuscator. After reading a theoretical writeup of TR, I found this:
Source: http://tinyhack.com/2014/07/07/exploiting-the-futex-bug-and-uncovering-towelroot/
I thought that due ti the nature of the Futex bug that our best bet was a 4.3 downgrade... though what you are saying makes sense... So, your saying that the memory address to be written to 0x0 has merely changed location? (Im probably misunderstanding you...) I thought that they they had moved that flag out of memory to prevent writing...
How are you decompressing zimage? I tried using instructions like these https://github.com/xiaolu/galaxys2_kernel_repack (obviously changed for our model), but I am having some issues..
npjohnson said:
I though about TowelRoots ability to do the same as get_put, but understanding exactly how it (TR) works is tough due to llvm-obfuscator. After reading a theoretical writeup of TR, I found this:
Source: http://tinyhack.com/2014/07/07/exploiting-the-futex-bug-and-uncovering-towelroot/
I thought that due ti the nature of the Futex bug that our best bet was a 4.3 downgrade... though what you are saying makes sense... So, your saying that the memory address to be written to 0x0 has merely changed location? (Im probably misunderstanding you...) I thought that they they had moved that flag out of memory to prevent writing...
How are you decompressing zimage? I tried using instructions like these https://github.com/xiaolu/galaxys2_kernel_repack (obviously changed for our model), but I am having some issues..
Click to expand...
Click to collapse
Do you have the kernel compiled?
Surge1223 said:
Do you have the kernel compiled?
Click to expand...
Click to collapse
I am doing what you were talking about first to learn... Im doing it from an MK2 JB device. So I have the kernel compiled for that one. But I haven't begun on my NC5 KK device yet. We don't have kernel source for NC5 yet, do we?
npjohnson said:
I am doing what you were talking about first to learn... Im doing it from an MK2 JB device. So I have the kernel compiled for that one. But I haven't begun on my NC5 KK device yet. We don't have kernel source for NC5 yet, do we?
Click to expand...
Click to collapse
http://opensource.samsung.com/reception/receptionSub.do?method=search&searchValue=SCH-I545
I've been reading articles on kexec being used for Linux fast reboots, which sounds a lot like our Fastboot. BUT, I have a Fast Reboot option on my phone. Can someone ELI5 the difference bw Linux Fast Reboot, Android Fastboot, and Android Fast Reboot?
FYI, I *know* the S4 doesn't support Fastboot that's why I'm asking about fast reboot and if it is different.
sokrboot said:
I've been reading articles on kexec being used for Linux fast reboots, which sounds a lot like our Fastboot. BUT, I have a Fast Reboot option on my phone. Can someone ELI5 the difference bw Linux Fast Reboot, Android Fastboot, and Android Fast Reboot?
FYI, I *know* the S4 doesn't support Fastboot that's why I'm asking about fast reboot and if it is different.
Click to expand...
Click to collapse
I'll let someone more experienced explain any relevance, if there is any, but as far as the "fast reboot" or "hot reboot" option in your power menu... its a method of rebooting that only restarts the GUI.
http://www.xda-developers.com/windows-mobile/reboot-the-shell-only-with-hot-reboot-for-android/
sokrboot said:
I've been reading articles on kexec being used for Linux fast reboots, which sounds a lot like our Fastboot. BUT, I have a Fast Reboot option on my phone. Can someone ELI5 the difference bw Linux Fast Reboot, Android Fastboot, and Android Fast Reboot?
FYI, I *know* the S4 doesn't support Fastboot that's why I'm asking about fast reboot and if it is different.
Click to expand...
Click to collapse
Fastboot and fast reboot are in no way related, or even similar.
RuggedHunter said:
I'll let someone more experienced explain any relevance, if there is any, but as far as the "fast reboot" or "hot reboot" option in your power menu... its a method of rebooting that only restarts the GUI.
http://www.xda-developers.com/windows-mobile/reboot-the-shell-only-with-hot-reboot-for-android/
Click to expand...
Click to collapse
@RuggedHunter thanks for replying with helpful information, I appreciate it.
Surge1223 said:
http://opensource.samsung.com/reception/receptionSub.do?method=search&searchValue=SCH-I545
Click to expand...
Click to collapse
Kernel Compiled
Hello everyone,
Right now I have another thread for the root over ADB with DirtySanta, I've that far. I have a potential method but I need more information on it from somebody else so I am waiting on a response from him, once i have that I'll work on it. If you guys have any other potential ideas that'd be great.
Thanks,
Abine45
This is my link to the root on ADB. I will be updating it tonight or tomorrow for the convenience of others. Thanks for waiting.
http://forum.xda-developers.com/verizon-lg-v10/general/temporary-root-adb-t3523538
NEW INFORMATION FOUND! I GOT SIGNIFICANT ROOT ACCESS WITH DIRTYSANTA!!!
SO i used the DirtySanta fearing for my life I wouldn't ruin my device, well the v10 failed it. rebooted and it didn't do anything but reboot back into the normal bootloader and stuff. But what i found is that he go the dirty cow to just work under root, so maybe from there we could do something, anybody have any ideas?
people care but it seems kind of like you expect people who have no clue to do any of this to assist. Hence the reason they are willing to pay a rather large sum of money for a bounty.
1. You cannot repackage a TOT file, well you can but, because it is digitally signed so that the locked boot loader will recognize it and allow it access to image the system. Repacking a rooted version on MM or Nougat will brick the phone if it is not digitally signed by LG.
2. You can pull a copy of the boot image with dirty cow but you can do that from the TOT or KDZ. You cannot put a new one in with dirty cow with out bricking the phone.
3. Most likely not. SELINUX policies combined with updates and fixes have removed most of the previous exploits.
4. Nothing personal but if you are asking us where the boot image resides... that does not inspire anyone here to give you a hand. You need to be in the android devs forum asking these questions.
http://forum.xda-developers.com/android/software-hacking
Haxcid said:
people care but it seems kind of like you expect people who have no clue to do any of this to assist. Hence the reason they are willing to pay a rather large sum of money for a bounty.
1. You cannot repackage a TOT file, well you can but, because it is digitally signed so that the locked boot loader will recognize it and allow it access to image the system. Repacking a rooted version on MM or Nougat will brick the phone if it is not digitally signed by LG.
2. You can pull a copy of the boot image with dirty cow but you can do that from the TOT or KDZ. You cannot put a new one in with dirty cow with out bricking the phone.
3. Most likely not. SELINUX policies combined with updates and fixes have removed most of the previous exploits.
4. Nothing personal but if you are asking us where the boot image resides... that does not inspire anyone here to give you a hand. You need to be in the android devs forum asking these questions.
http://forum.xda-developers.com/android/software-hacking
Click to expand...
Click to collapse
How did Tungkick manage to repackage it then? The dirty cow exploit can exchange recovery though on an unlocked bootloader so shouldn't I be able to replace the boot image if done correctly wouldn't it work? I could possibly unpack everything and modify it all and test it but the issue comes back to repacking and flashing?
Ask him, but if you attempt to do this on a locked and encrypted boot loader then you will brick the phone. I mean think about it, if it was really just that simple every phone would be rooted and rom'd. Most phones running 6 or above have had the security vastly increased to make the phone secure so they can be used by government employees. Hence the introduction to SELINUX polices into the kernel which is why getting root is so unbelievably difficult. The locked boot loader resets everything at boot so getting root and maintaining is so hard combined with SELINUX does not allow standard root to perm. write anything to the system partition and then good old hboot kills anything you did mange to write on reboot... you can start to see how difficult this really is.
Tungkick did this on 5.1 Lollipop not 6.0 Marshmallow. The above mentioned difficulties with increased SELunix security plus 6.0 and up requires systemless root.
Still would love to know why no dev will go near this Phone. Does XDA have some deal with LG to not hack their phones? Very fishy why every dev avoids this device like it has the plague.
beavis5706 said:
Tungkick did this on 5.1 Lollipop not 6.0 Marshmallow. The above mentioned difficulties with increased SELunix security plus 6.0 and up requires systemless root.
Still would love to know why no dev will go near this Phone. Does XDA have some deal with LG to not hack their phones? Very fishy why every dev avoids this device like it has the plague.
Click to expand...
Click to collapse
LG are just not popular devices for hacking due to they make if extremely difficult. LG is a Corp. friendly company it is why Verizon loves them where companies like HTC are a bit more user sympathetic.
Funny you say that
beavis5706 said:
Tungkick did this on 5.1 Lollipop not 6.0 Marshmallow. The above mentioned difficulties with increased SELunix security plus 6.0 and up requires systemless root.
Still would love to know why no dev will go near this Phone. Does XDA have some deal with LG to not hack their phones? Very fishy why every dev avoids this device like it has the plague.
Click to expand...
Click to collapse
Funny you say that! Tungick said to me, and i quote "[email protected]#$g you" and blocked me from Facebook. He also told me that he wouldn't tell me because it's a secret. He didn't speak very great English, that's why there is an ing at the end of the F-bomb. I asked Jcase through XDA and he said he wouldn't and so i put it better explanation of help through an email and he said I was harassing him... In which case before hand he said he doesn't develop for LG because he says basically we are A-holes sadly and that we don't live up to our donation pledges.
That's what I'm saying though. It's like no dev will go anywhere near an LG device, at least the newer ones anyway.
They can't be much harder to crack than Samsung and those are getting cracked.
The person who rooted 5.1 on V10 basically tells you to F off. Yeah there is nothing odd about that.
beavis5706 said:
That's what I'm saying though. It's like no dev will go anywhere near an LG device, at least the newer ones anyway.
They can't be much harder to crack than Samsung and those are getting cracked.
The person who rooted 5.1 on V10 basically tells you to F off. Yeah there is nothing odd about that.
Click to expand...
Click to collapse
True, that's why I'm going to try to do it. If you know anything and want to help could use it.
Wish I could help. All I know here is you need systemless root on 6.0+. This has nothing to do with the v10 in particular. Systemless root should work on all devices 6.0+. It has already been achieved on the Galaxy s7 and it has locked bootloader. I don't see any reason why this can't work on the v10.
I just installed Linux on my computer gonna try somethings this weekend... We need to keep in touch
qujuanmiller said:
I just installed Linux on my computer gonna try somethings this weekend... We need to keep in touch
Click to expand...
Click to collapse
For sure, message me on xda.
beavis5706 said:
Wish I could help. All I know here is you need systemless root on 6.0+. This has nothing to do with the v10 in particular. Systemless root should work on all devices 6.0+. It has already been achieved on the Galaxy s7 and it has locked bootloader. I don't see any reason why this can't work on the v10.
Click to expand...
Click to collapse
Anybody can help! Do some research and send it and whatever you would like to do. Try different things, Try to modify bits of code and see what you can do! Always gotta start somewhere!
Modify code? You just went way above my head. I know about root, certainly don't know how to achieve it. That's why I count on the folks at XDA. I only have one v10, can't afford to brick it. Plus I already have root on 5.1.1 and I heard that 6.0 causes this phone to have problems.
Many, many v10's were offered up in order to attain root. Not one was taken by any dev. Maybe you can still get your hands on one of those.
You need to find someone that knows about systemless root. Without that you aren't getting anywhere.
beavis5706 said:
Modify code? You just went way above my head. I know about root, certainly don't know how to achieve it. That's why I count on the folks at XDA. I only have one v10, can't afford to brick it. Plus I already have root on 5.1.1 and I heard that 6.0 causes this phone to have problems.
Many, many v10's were offered up in order to attain root. Not one was taken by any dev. Maybe you can still get your hands on one of those.
You need to find someone that knows about systemless root. Without that you aren't getting anywhere.
Click to expand...
Click to collapse
The thing with that is the fact that even if I know how systemless root works, I still have no way to install it, so first I need to find a way to get in the system.
Think I might have a way though
From what I understand systemless root will modify the boot image to attain root. Super SU will decide how to flash based on firmware version. Will automatically root normal with Lollipop and down, will automatically modify boot image on Marshmallow and up. How you will be able to modify the boot image on a VS990 without bricking it I don't know.
In order to do system less root we need a unlocked bootloader... It says that everywhere I'm reading
Hi abine45,
Please read this post completely, the guys here are close to obtain the perma root on android 6, using dirty cow.
https://github.com/timwr/CVE-2016-5195/issues/9
Sent from my E2006 using Tapatalk
I looked at this thread... a bit more technical than I am able to do... did it end up working? Looks like no, but I might have missed something.
Thanks!
DEPRECATED
This firmware is old and deprecated.
See the below link for new firmware and a better root method.
https://forum.xda-developers.com/galaxy-s8/development/root-partcyborgrom-aqi6-deodexed-t3702988
You can just flash the BL_ tarball if you don't want to install a new system
but want the better screen and modem drivers.
PART 2: FIRMWARE RELOADED
I have done extensive research into the issues reported by those of you who are still experiencing screen issues.
I was unable to reproduce the screen issue on my then-current firmware with this update.
Not being content to leave people with buggy screens, I learned as much as I could about the s8 firmware.
This is what I did with that information.
Flashable Custom Firmware Package For ALL SM-G950U/U1 ON US CARRIERS
If you have a non-us G950U and want to install this pm me or ask in the thread and ill make one. Its very simple but I wanted to get this out to everyone else ASAP
​
NOTICE!
This an UPDATE (and More) to the Green/Garbled Screen Issue firmware.
There is NEW firmware to download below, and everyone who is rooted should read on, even if you installed the previous version.
Background
At the core of the issue with the garbled screen, modem panics, and sd card issues are two central themes: Bugs, and Incompatibilities. The S8 family of phones was fraught with issues early in its release, including the infamous "Red Tint', Fingerprint scanner malfunctions, mysteriously poor battery life, and surely a bunch of smaller others. Many of these bugs were caused by issues in the device's underlying firmware. Like most devices, Samsung has worked to fix these bugs and improve device performance throughout the phones lifetime for sale in public.
Root Bugs
The problem was unfortunately worse for users of one of the rooting methods for the S8. The biggest reason for this is that in order to relax security constraints enough to make rooting possible, a "non-user oriented", "factory" combination firmware was used. This firmware, being designed apparently for configuration/repair processes inside a factory, was not tuned to the normal level as the public firmware, likely did not go through the same testing, and ultimately any bugs unique to this "Combination" firmware that did not directly affect basic functionality or also stock were probably largely initially ignored.
This is where most of the issues that you all have had come from.
Finding a Solution
As I was unable to reproduce the issue on my device without resorting to the original firmware shipped out with the root method I used, I decided to think about what made my device different than the other devices reporting these issues. While sure we may have slightly varying hardware and that may contribute to these issues as well. What I am absolutely certain of is that most of us have different releases of software from each other. Not only have people essentially ad-hoc upgraded from the original firmware they rooted with until now, many have not upgraded at all or, only partially upgraded (such as with the pervious version of this).
While I could have simply packaged up my firmware/bootloader flashfire backup, I decided to take it a step further.
THE GOODS
Without further ado, I present to you:
S8Root Improved: A SM-G950U1 Custom Firmware Package for Root Users
This package contains a custom mix of the latest AQH3 STOCK (not combination) firmware used wherever possible with the Necessary boot/kernel images from the combination firmware necessary to keep root working with permissive SELinux. It contains all of the improvements from the previous version, and many more.
RESULTS
I can only speak for myself, but the results I experienced were amazing:
- Better UI Responsiveness.
Things surprise me how they move
- Sharper/brighter screen colors
I thought it couldn't get better than the last version but it has! Everything just looks crisper and are super bright without being oversaturated like with the Adaptie Mode.
- POSSIBLY Improved LTE network connectivity.
Note I said POSSIBLY. I personally regularly experienced 8-10Mb/s download bumps and 2-3Mb/s upload bumps in LTE while moving back and forth from this new firmware. I have my LTE radio locked to a specific channel (there are two i pick up at my place and one is terrible) and I carefully measured -107 to -112 dBm RSRP and -13 to -14 dB RSRQ prior to each measurement. I almost left this out but I figured it would be better to give you the information with no conclusion either way. It ABSOLUTELY could be Atmospheric changes, Traffic level changes, or any other of a million thins. YMMV
- Could POTENTIALLY still any remaining fix long-standing SDCard issues
I did not experience this, but had a few reports from users that did. The same pieces used in that version that would touch SDcard usage are used here, so that fix/improvement will carry over.
DISCLAIMER
Unfortunately proving beyond any shadow of a doubt that this package fixes the issue was impossible . I have TRIED AND TRIED AND TRIED to trigger the screen issues, including tweaking on and off every setting (auto brightness, multiple DPIs, different graphs modes, etc) I could get my hands on and it just was not happening. I used every software/systems trick I could think of to break this again, and I was completely unable to tickle the bug on this firmware, despite being able to reliably trigger it almost on command using my previous firmware.
The only thing left to do is either:
- Get the source from samsung, fix the bug myself, and get them to sign my new kernel image with their key so our locked bootloaders would allow it (HAHA I DOUBT IT)
- Acquire a large fleet of S8s (and S8+s) to run distributed integration testing (like the kind Android use at Google). Well if someone wants to buy me a few dozen s8s and s8+s (each) sure I'll take a month off work and squash this, but otherwise not gonna happen either.
If it STILL happens for you, I'm sorry.
I have done everything I can think of, and if it happens to you and you have suggestions, I'm all ears.
BUT HEY, but this is XDA right? Land of mods like Xposed which will brick one persons device and work flawlessly on the identical one next to it. And we love Xposed don't we?
Despite absolutely hilarious comments to the contrary, this package absolutely meets the (aka "BugFix") as well as just about any android update ever does, given the wide variety of environments, usecases and software configurations out there. I surely hope that this works for you.
Instructions
1) Download the package from the link above.
- Here it is Again for good measure.
2) Reboot into download mode and flash using Comsy Odin
Thats it! I packaged this in a way to make the process as smooth as possible.
There is NO reinstall, NO wipe of any kind, nor ANY further work on your part needed to install and use this.
The file size is small so the download is fast, and again, there is NO WIPE or config change needed.
if (for some inexplicable reason) you want to roll back, or go to 100% stock sans root, that process should not be made any more difficult as well.
Legacy Information
If you were here before and either looked at or downloaded the previous version, AND YOU HAVE NO QUESTIONS you can skip this part.
If you have questions, please read through to the end of the post before asking them, as I tried to answer as many as I could before hand and all of this information still applies.
WHAT IT IS NOT:
I wanted to outline a few things it is NOT about, to make a valliant effort to stem off the flow of questions before they begin (ha!):
NOT: A new Stock ROM for Your Phone
THIS IS NOT A FULL OS BUILD! DO NOT DOWNLOAD THE WHOLE THING AND FLASH IT EXPECTING AN ENTIRELY UPGRADED OS.
There is no full stock AQI1 image I have found. Believe me I looked a bunch of places after I found it
NOT: Oreo Early Preview
Given the predictions that the next release from Samsung would likely be Oreo, there was some initial over excitement. This wound up being NOT the case and if you read at least current Samsung Oreo projections they are predicting AQB now.
NOT: A Fix for the 80% Battery Issue
I know this is completely futile to hope for but:
THIS DOES NOT FIX THE 80% BATTERY ISSUE!!!!
NO WE DO NOT HAVE A FIX FOR THAT OR ONE COMING ANY TIME SOON!
YES SOME PEOPLE ARE STILL TRYING!
PLEASE DO NOT ASK! OFF TOPIC FOR THS THREAD
NOT: Currently Tested by ANYONE but ME
Since the moment I installed this I have not had ONE SINGLE screen issue, where previously I would have them several times throughout the day (at least 3 sometimes upwards of 6). For the case of ME and MY device, I am confident in declaring that this boot ROM does not have the same kernel bug that was causing the issue on the boot.img provided as part of your traditional root method.
NOTE: This is for the s8 G950 US Snapdragon models ONLY! Do NOT Flash this on your exynos, your Chinese/HK S8, your N8, your MOTO RAZR flip phone, whatever else you have. Kernels/boot.img files are very device specific and you will surely break it if not completely brick it.
DISCLAIMER:
YOUR WARRANTY IS ALREADY VOID if you are paying attention and are doing this to fix bugs with the existing sampwnd root.
HOWEVER IT IS EVEN VOIDER NOW. FLASH THUS TO YOUR DEVICE AT YOUR OWN RISK!
and if you break it I AM NOT RESPONSIBLE! FLASH AT YOUR OWN RISK!
As I said I have not tested this anywhere but my phone as I dont have any other s8s nor do I have access to any locally. I hope it works for you as well as it has for me.
STEPS
Download Boot Image
Use the URL here to Download the AQI1 boot.img file: Go Download the New Hotness
Prepare Phone for Flashing in FlashFire
If you did not download it on your phone, copy it somewhere FlashFire can see it.
Flash it
Open up FlashFire
Hit the "+" button
Select the "Flash Firmware Package" option, NOT the "Flash Zip or OTA" option!
You should see a popup window thing that has a checkbox next to the word BOOT, with "boot.img, 22MiB" underneath.
Make sure the checkbox is checked.
Make sure that it says BOOT above boot.img.
I have no idea if its possible for this to get messed up, but BOOT implies flashing the BOOT partition so if it says something else you are headed towards brick town, abort immediately.
Press the Check mark at the top right corner once you have confirmed the two things above.
MAKE SURE EVER ROOT IS DISABLED!!!
Click on the "Reboot" box, and choose "Recovery". MAKE SURE PRESERVE RECOVERY IS NOT CHECKED!
Back at the main menu, click the lightening bolt next to the word FLASH. Confirm.
Wait for FlashFire to do its thing. Sometimes it takes a minute for FF to wake up and start flashing. Occasionally for me it never happens, if this happens DO NOT PANIC ITS FINE. Hold down power+volDown until you eventually wind up in upload mode, then just reboot normally and everything will come back fine.
When FlashFire finishes (it will go really fast, the image is only 22MB we arent flashing a 5GB system here), it will auto-reboot your device into the recovery men
Select Wipe Cache and Confirm
This will wipe cache which is fine and safe. Again maybe not needed, feel free to skip if you know what you are doing. If you mess up and accidentally click factory reset instead, please tell me so I can laugh at you.
Reboot into a Clear New World
Select reboot and boot the system normally. If you formatted the cache partition above, it will take a little longer to start your phone. This is just the first time per normal.
Thats it! Welcome to the world of clear screens and bright colors. It could be a total placebo effect but I actually think this kernel drives the display better sometimes.
Please let me know what you think, and if this works for you. I wi;; be here for a while to answer questions or fix anything i typoed above or whatever.
FYI: A s8+ thread is coming too, as I sprung for purchasing both downloads to be an equal opportunity XDAer (at least with US flagship Samsung devices lol) but since I have an s8 and thus had the files locally already I made this one first
@jhofseth for nerding out with me the last few nights on trying crazy **** to get a bootloader unlock which prompted me to dig at this in the first place
Most of all, all of the tons of you who have made so many aewesome mods, themes, apps, what have you that I use every day and that make me enjoy my device all the more. I could not be happier to have the opportunity to give back a little.
Here is the restof the s8 combo firm if you are interested, but don't just flash this as its not a full OS:
EDIT: DOWNLOAD THE NEW ONE ABOVE
Can I Get The Link To The S8+ Boot im willing to try it
Mark805 said:
Can I Get The Link To The S8+ Boot im willing to try it
Click to expand...
Click to collapse
Coming very soon I promise! 10m max
Ok thanks
Mark805 said:
Can I Get The Link To The S8+ Boot im willing to try it
Click to expand...
Click to collapse
Its up now! https://forum.xda-developers.com/ga...sampwnd-root-green-screen-corruption-t3673815
whats the bootloader verison? it can be found by booting into download mode manually.
Cameron581 said:
whats the bootloader verison? it can be found by booting into download mode manually.
Click to expand...
Click to collapse
This isn't a bootloader change, it's boot.img which is the kernel and root filesystem essentially
Hey, btw this does not void warranty. I understand it's a standard disclaimer but it doesn't void it. It doesn't trip knox, so warranty is still very intact.
mweinbach said:
Hey, btw this does not void warranty. I understand it's a standard disclaimer but it doesn't void it. It doesn't trip knox, so warranty is still very intact.
Click to expand...
Click to collapse
Uh just because their service does not catch you does not mean that technically you are not violating your warranty contract thus making using technically illegal
That would be like saying "it's not murder if you leave no forensics!" Lol
wildermjs8 said:
Uh just because their service does not catch you does not mean that technically you are not violating your warranty contract thus making using technically illegal
That would be like saying "it's not murder if you leave no forensics!" Lol
Click to expand...
Click to collapse
i mean legally a warranty can not be void through software modifications unless it causes physical damage to the device. Since the efuse was not tripped no physical damage has been caused and no warranties have legally been void.
I had the green screen/graphics corruption after flashing this still...
goliath714 said:
I had the green screen/graphics corruption after flashing this still...
Click to expand...
Click to collapse
Apparently this happens to some people. I am fairly certain it is a firmware combination issue but I haven't been able to track it down. One thing you can do to eliminate it if you have the issue still (please let me know if this does not work) is to disable auto brightness.
wildermjs8 said:
Apparently this happens to some people. I am fairly certain it is a firmware combination issue but I haven't been able to track it down. One thing you can do to eliminate it if you have the issue still (please let me know if this does not work) is to disable auto brightness.
Click to expand...
Click to collapse
I have auto brightness off and still get it here and there.
goliath714 said:
I had the green screen/graphics corruption after flashing this still...
Click to expand...
Click to collapse
Please check out the OP again and download/flash the new version. Rather than just a few files, its a whole new entire bootloader/kernel package that I assembled piece by piece to have as much latest stock firmware as possible while maintaining what we need for root.
My primary suspect for why some people experience this regression is having older parts of their system. Rather than push everyone to upgrade, I made a painless upgrade process for all of their firmware instead
This includes the Radio drivers and bootloaders, kernels and flash layer libraries. Its all either latest stock or its AQI1 Combination because it was absolutely necessary.
wildermjs8 said:
Please check out the OP again and download/flash the new version. Rather than just a few files, its a whole new entire bootloader/kernel package that I assembled piece by piece to have as much latest stock firmware as possible while maintaining what we need for root.
My primary suspect for why some people experience this regression is having older parts of their system. Rather than push everyone to upgrade, I made a painless upgrade process for all of their firmware instead
This includes the Radio drivers and bootloaders, kernels and flash layer libraries. Its all either latest stock or its AQI1 Combination because it was absolutely necessary.
Click to expand...
Click to collapse
We flash the tar in the AP slot correct?
CloudyxVision13 said:
We flash the tar in the AP slot correct?
Click to expand...
Click to collapse
Yep
---------- Post added at 08:29 PM ---------- Previous post was at 08:28 PM ----------
Seems to be running better to me. Thanks bro
CloudyxVision13 said:
We flash the tar in the AP slot correct?
Click to expand...
Click to collapse
It actually does not matter, as Odin will do the right thing no matter what.
Sorry I should have made that clear. I will update the op to make that clear
Just wanna make sure of something. First, I flash the first download files through modded doin, then afterwards, flash the second file in ff?
AngelIsL33T said:
Just wanna make sure of something. First, I flash the first download files through modded doin, then afterwards, flash the second file in ff?
Click to expand...
Click to collapse
Nope, only need the tar file bud. The old boot.img file is just basically the previous version of this.
AngelIsL33T said:
Just wanna make sure of something. First, I flash the first download files through modded doin, then afterwards, flash the second file in ff?
Click to expand...
Click to collapse
The old image is actually part of the new tar, do you will have it anyway . I packaged it in Odin this time because there are some pieces of firmware FF either can't or warns against using it for. Plus one clean simple tar seemed easier, no?
Do you see the boot.img in the op? I thought I nixed all the instances of the link but I may have missed one.
I almost rewrote all the old text to reflect now but it felt like editing history so I tried to preserve what made the most sense still. It sounds like it's still a little confusing sobrskr another crack at it shortly.
Please let me know if you have any trouble! I'll be here to help all evening