Better Mobile App

[GUIDE] Official OP2 Stock Reset to OOS 2.2.0 [STOCK|RESET|UNTAMPER|UNBRICK]

OFFICIAL ONEPLUS 2 STOCK RESET​
SOURCE : OnePlus L2 Support Team
VERSION : OxygenOS 2.2.0
DOWNLOADS
1. OnePlus2 Stock Reset Oxygen OS 2.2.0 Google Drive | Mediafire
2. Qualcomm Drivers Version 1.00.11 Google Drive | Mediafire
INSTRUCTIONS
You are doing this on your own responsibility. I take no responsibility whatsoever.
(THIS WILL WIPE YOUR ONEPLUS INCLUDING INTERNAL SD)
Download both the files from above and extract them (WinRAR, WinZIP, 7ZIP etc). You should have 2 folders: "OnePlus2_14_A.11_151211" and "qc"
A. Install the Certificates followed by the Qualcomm drivers.
1. Restart your computer with Driver Signature Enforcement Disabled (Advanced Startup) Let me Google it For You
2. Open the folder "qc" and install the Test Certificate in the following Stores: Trusted Root, Trusted Publisher, Third-Party Root and Personal
3. Run the Qualcomm setup wizard (also located in the qc folder)
4. When completed, restart your PC again with Driver Signature Enforcement Disabled (Advanced Startup)
5. Turn off your phone and disconnect the USB cable from the phone.
6. Hold vol-up and plug in the USB(Do not press Power button). The screen will stay black but you will hear a sound from windows that a device is attached.
7. The driver should now automatically install. If not, go to device manager and right click "Unknown Device" and click "Update Driver" Search up the QC folder and press ok. The driver should now install. (Got the RELINK issue? Take a look here: http://forum.xda-developers.com/show...1&postcount=46)
B. Flashing Process
1. Open the OnePlus2_14_A.11_151211 folder and open "MSM8994DownloadTool.exe"
2. Look if your phone is detected in the list. everything is Chinese but you will see one row with different chinese text from the rest within the list. If not, recheck if driver is detected in Device Manager (If not, go back to Step A - Line 4).
3. First click the right square Chinese button. This will perform an integrity check on the downloaded files by verifying the MD5 hash values.
4. The system will seem to hang for a bit but should give you a pop up with the results of the above verification. When everything is ok. Press the start button. and let the progress finish. (If something is not ok, you will have to re-download the images. Google Drive can help extract only the necessary files.)
5. When it's done. Disconnect the USB cable and turn on the device.
C. Reset TAMPER Flag (Optional)
(This may potentially change your SmartPhone to a rather large paperweight and I will just laugh at you bearing no responsibility)
+ This part of the guide is not an Official Procedure and is in no way affiliated to OnePlus
+ It is advisable to do this before any of the above mentioned operations.
+ Prerequisites:
Root
HEX Editor with root features
Root File Manager
+ BEWARE: You are modifying partitions which cannot be restored regardless of what you flash. You have been warned AGAIN
1. In File Manager browse to the devinfo partition (dev/block/bootdevice/by-name/)
2. Open devinfo using the HEX Editor.
3. Modify the TamperBit (attached screenshot) from 01 to 00.
4. Save and reboot to fastboot.
5. Type fastboot oem device-info to confirm.
CREDITS
OnePlus Team for the Files.
@paultje162 for adaptation of Instructions. Refer his thread here if you are looking for an older version of stock reset (2.1.1).
@thedropdead for his work on Tamper Reset
If this thread has helped you, do press the THANKS button. Should you have issues, questions or doubts, write in this thread.

Just need to confirm that these files are actually official
Pm me the s3 support link
---------- Post added at 13:14 ---------- Previous post was at 13:10 ----------
And my friend
You need to install the test certificate first !
Edit:- file confirmed legit ! Totally official, way to go, @fareed_xtreme !

[email protected] said:
Just need to confirm that these files are actually official
Pm me the s3 support link
---------- Post added at 13:14 ---------- Previous post was at 13:10 ----------
And my friend
You need to install the test certificate first !
Click to expand...
Click to collapse
Thanks for spotting the error. I have fixed the heading. S3 Link PMed.

fareed_xtreme said:
Thanks for spotting the error. I have fixed the heading. S3 Link PMed.
Click to expand...
Click to collapse
Whenever you get drivers like this, dig into their folders and you'll find important documents and instructions to use
That is how I found out about this certificate

Is there any similar process por ONEPLUS ONE?
I only have fastboot mode, without recovery and bootloader locked (fastboot oem unlock doesn't work)

http://forum.xda-developers.com/showthread.php?t=2970390
@xbit

xbit said:
Is there any similar process por ONEPLUS ONE?
I only have fastboot mode, without recovery and bootloader locked (fastboot oem unlock doesn't work)
Click to expand...
Click to collapse
Quick search and: http://forum.xda-developers.com/oneplus-one/general/guide-unbrick-oneplus-one-t3013732

beaverhead said:
http://forum.xda-developers.com/showthread.php?t=2970390
@xbit
Click to expand...
Click to collapse
This didn't work for me:
fastboot oem unlock didn't work because I had a corrupt bootloader.
Spannaa said:
Quick search and: http://forum.xda-developers.com/oneplus-one/general/guide-unbrick-oneplus-one-t3013732
Click to expand...
Click to collapse
But this was great! My OPO is alive now. Thanks

Thank you!!!! this worked.
I was eventually able to get the restore program to recognize it and restore it so it could boot normally. Thank you!

Download from your Link
https://drive.google.com/folderview?id=0BxFd4Zc3_d1CWDdOSFFIVG42VTg&usp=sharing
the File:
OnePlus2_14_A.11_151211.rar
Extract it.
But where is the "QC Folder"
found only "OnePlus2_14_A.11_151211"
Your Link to:
http://forum.xda-developers.com/show...1&postcount=46
is wrong. (Not complete) Error 404

Wagi99 said:
Download from your Link
https://drive.google.com/folderview?id=0BxFd4Zc3_d1CWDdOSFFIVG42VTg&usp=sharing
the File:
OnePlus2_14_A.11_151211.rar
Extract it.
But where is the "QC Folder"
found only "OnePlus2_14_A.11_151211"
Your Link to:
http://forum.xda-developers.com/show...1&postcount=46
is wrong. (Not complete) Error 404
Click to expand...
Click to collapse
Yep, the qc folder is missing from the zip.
The link should be: http://forum.xda-developers.com/showpost.php?p=64674951&postcount=46
I suspect these are both down to copying & pasting the instructions from @paultje162's thread and I'm sure @fareed_xtreme will sort it out when he gets the chance.

Wagi99 said:
Download from your Link
https://drive.google.com/folderview?id=0BxFd4Zc3_d1CWDdOSFFIVG42VTg&usp=sharing
the File:
OnePlus2_14_A.11_151211.rar
Extract it.
But where is the "QC Folder"
found only "OnePlus2_14_A.11_151211"
Your Link to:
http://forum.xda-developers.com/show...1&postcount=46
is wrong. (Not complete) Error 404
Click to expand...
Click to collapse
Thanks for spotting the errors. I have updated them. It is indeed a miss on my part in regards to the QC. Hence I have uploaded it separately and updated the instructions.
Spannaa said:
Yep, the qc folder is missing from the zip.
The link should be: http://forum.xda-developers.com/showpost.php?p=64674951&postcount=46
I suspect these are both down to copying & pasting the instructions from @paultje162's thread and I'm sure @fareed_xtreme will sort it out when he gets the chance.
Click to expand...
Click to collapse
Yup, A copy paste is not the right way to copy a link. Haven't been around these threads for quite some time and guess i did not remember that the links are trimmed down. Thanks for the correct link.

Updated Information with UnTamper Guide

Hello
Doing the anti tamper method you did. Shouldn't this be easier by doing "fastboot oem lock" ?
I think it should have the same effects. Of course, this command must be done when an official ROM is on the phone, doing this in a custom ROM can cause unexpected behaviour, including bricking.

albertocastillo2001 said:
Hello
Doing the anti tamper method you did. Shouldn't this be easier by doing "fastboot oem lock" ?
I think it should have the same effects. Of course, this command must be done when an official ROM is on the phone, doing this in a custom ROM can cause unexpected behaviour, including bricking.
Click to expand...
Click to collapse
From my personal experience, if the Tamper Flag trips, then no matter how official you go it will not go back to Device Tamper= False.
The files in my First Post restores your phone back to an out of box phone state even locking the bootloader but it will not change the tamper flag. Those files are used by OnePlus Support to fix OS issues. Also the fastboot oem lock has not managed for me personally to get the tamper flag back to default (Same as in OPO once down, its down). So the only way for now for the OPT is by modifying the bit that handles the tamper flag.
You are right. Tamper Flag usually trips when you try to relock the bootloader when having root and other non-stock partitions (custom kernel, recovery etc). (Learned the hard way with my old OnePlus 2. Got it swapped for a new one though as the old one was faulty )
Hope this helps.

fareed_xtreme said:
From my personal experience, if the Tamper Flag trips, then no matter how official you go it will not go back to Device Tamper= False.
The files in my First Post restores your phone back to an out of box phone state even locking the bootloader but it will not change the tamper flag. Those files are used by OnePlus Support to fix OS issues. Also the fastboot oem lock has not managed for me personally to get the tamper flag back to default (Same as in OPO once down, its down). So the only way for now for the OPT is by modifying the bit that handles the tamper flag.
You are right. Tamper Flag usually trips when you try to relock the bootloader when having root and other non-stock partitions (custom kernel, recovery etc). (Learned the hard way with my old OnePlus 2. Got it swapped for a new one though as the old one was faulty )
Hope this helps.
Click to expand...
Click to collapse
Thanks for your reply. I noticed that these are the files that OnePlus team sends you when they want to remote into your device to flash the system. I noticed these are password encrypted. I have a session with them on Monday 6th.
I sent the files they sent me to decryption to get the password to a website that does this. However, they couldn't. My other plan was just to catch the password when having the remote session with them.
Since you already posted the files here, this is no longer needed. Seems you did this earlier than me.
The reason they want to do a full flash on my phone is due to the fact that I have a dual SIM issue. At the beginning both SIMs worked until I had to do a change on the second SIM network (it's an international SIM card that works in every country so you must set up the network manually). Since I tried to change the network. Something got messed up and now only one SIM works at a time. I tried restoring the network settings to automatic with no go. And I also tried to do hard restore on the phone to start over to ensure this would solve the issue.
This didn't solve the issue. So it probably means the settings were done in a partition which is not "/data". So a hard reset obviously wouldn't work. But a full flash surely will.
I asked them if I could do this myself by just sending me the files. I have a good expertise on fastboot, ADB and Linux, and I also understand the partition list and partition images. However, since the phone is not rooted or modified in anyway. I decided I will let them do it for me.
I do have a question thought. How did you find about the anti tamper thing? I assume you had remote session with them, and this is why you have those files. Did they "relock" this for you?
I assume they look at this when they get defective devices returned.
Thanks

albertocastillo2001 said:
Thanks for your reply. I noticed that these are the files that OnePlus team sends you when they want to remote into your device to flash the system. I noticed these are password encrypted. I have a session with them on Monday 6th.
I sent the files they sent me to decryption to get the password to a website that does this. However, they couldn't. My other plan was just to catch the password when having the remote session with them.
Since you already posted the files here, this is no longer needed. Seems you did this earlier than me.
The reason they want to do a full flash on my phone is due to the fact that I have a dual SIM issue. At the beginning both SIMs worked until I had to do a change on the second SIM network (it's an international SIM card that works in every country so you must set up the network manually). Since I tried to change the network. Something got messed up and now only one SIM works at a time. I tried restoring the network settings to automatic with no go. And I also tried to do hard restore on the phone to start over to ensure this would solve the issue.
This didn't solve the issue. So it probably means the settings were done in a partition which is not "/data". So a hard reset obviously wouldn't work. But a full flash surely will.
I asked them if I could do this myself by just sending me the files. I have a good expertise on fastboot, ADB and Linux, and I also understand the partition list and partition images. However, since the phone is not rooted or modified in anyway. I decided I will let them do it for me.
I do have a question thought. How did you find about the anti tamper thing? I assume you had remote session with them, and this is why you have those files. Did they "relock" this for you?
I assume they look at this when they get defective devices returned.
Thanks
Click to expand...
Click to collapse
Please note that the Tamper part of the guide is NOT done by OnePlus. Please note that OnePlus is in no way affiliated to the Tamper part of the guide. The Tamper guide is a result of comprehensive research conducted by thedropdead (information provided in the First Post). The guide is an easier interpretation of all the research that went in there.
OnePlus will only reflash this package which will re-lock the Bootloader only. Tamper Flag is not modified. So sit tight and let them reflash it for you.
You are right to assume I had a session with them earlier and that's how i have the files.

Thanks for your reply.
I would say that if the remote support doesn't untamper the device then it might mean they don't even look at it if the device is returned.
Thanks!

albertocastillo2001 said:
Thanks for your reply.
I would say that if the remote support doesn't untamper the device then it might mean they don't even look at it if the device is returned.
Thanks!
Click to expand...
Click to collapse
Remote Support didn't look into mine. However, not very sure about whether it is checked on returning it. Mine went untampered.

fareed_xtreme said:
Remote Support didn't look into mine. However, not very sure about whether it is checked on returning it. Mine went untampered.
Click to expand...
Click to collapse
Oh, then what happened? I thought the remote support tried to fix your phone. Since you said they didn't untamper the device after I expected they remoted to your phone. What happened then?
Thanks

Closed

Don't forget to hit the thanks button.
http://superstarmobility.weebly.com/
New thread: http://forum.xda-developers.com/android/development/twrp-m1-lg-k7-t3462130.

(Above TWRP can be flashed with Flashify from Playstore)
Instructions from video:
With phone powered off, hold POWER and VOLUME DOWN buttons until LG logo shows. Release POWER then quickly press and hold again until factory reset menu comes up. Select YES and you will be booted into recovery instead of a factory reset ; )
Thanks @czarsuperstar!

V2 with the proper cmd line from m1 aka LG K7
Reserved.

This the real deal?

goitalone said:
This the real deal?
Click to expand...
Click to collapse
Of course. You looked at the video?

goitalone said:
This the real deal?
Click to expand...
Click to collapse
I've used it and can confirm, first tested it with fastboot without flashing of course(use adb to get to the bootloader: adb reboot bootloader , then fastboot:fastboot boot "twrp.img file, tested then rebooted into bootloader, then flashed via fastboot:fastboot flash "twrp.img file") instructions are for any random person that come by i know you know how to do all this

concerned xda citizen
what are the boardconfig.mk file contents that you used to compile this recovery?
the fact youre using a ghetto hacked twrp that works is fine, but id prefer an actual device specific twrp version that will reliably work - theres no telling what this twrp can do to your device, and the fact youre using another devices ramdisk scares the hell out of me.
ramdisks arent something you play around with - you can seriously ruin someones device like that.
also requesting the twrp fstab file youve used.
youre literally just throwing files at users that have perviously bricked their devices and not explaining in detail what they consist of.
if you seriously damage any of these user's device partitions by overwriting the wrong partition, are you going to pay for the devices when theyre hardbricked and no longer responsive to the oem flashing?
not once have a even seen a warning on these files yet youre just posting forum to forum; not to mention youre inexperienced at rom/kernel/recovery compiling for the fact you think its okay to just throw a different devices ramdisk in there " because it just works." when we have readily available source for our device.
legally- youre held responsible for these files youre distributing.
and to those just flashing this twrp file to their device, yes its reversible - but would you want to find out it doesnt work when its too late? IE backing up partitions in the wrong order, and restoring them into the wrong partitions? the video shows it backs up and restores, but is it doing so in the right order? in the right places. i may be ranting but id rather be careful/safe then sorry.
not one detail of this compile/build has been released, just a link that is claimed to work.
"left sock fits on right, doesnt feel right - but my feet aren't cold!" is how this feels to me.
i was sketched to even test this twrp version considering you need to tell the factory reset "yes, i want to wipe" twice, in order to boot to twrp.
idk about you but ive never seen any recovery warrant those options. normally twrp would just boot upon button combo - which is why im sharing this post. recoveries arent supposed to be functioning that way.

NASSTYROME said:
what are the boardconfig.mk file contents that you used to compile this recovery?
the fact youre using a ghetto hacked twrp that works is fine, but id prefer an actual device specific twrp version that will reliably work - theres no telling what this twrp can do to your device, and the fact youre using another devices ramdisk scares the hell out of me.
ramdisks arent something you play around with - you can seriously ruin someones device like that.
also requesting the twrp fstab file youve used.
youre literally just throwing files at users that have perviously bricked their devices and not explaining in detail what they consist of.
if you seriously damage any of these user's device partitions by overwriting the wrong partition, are you going to pay for the devices when theyre hardbricked and no longer responsive to the oem flashing?
not once have a even seen a warning on these files yet youre just posting forum to forum; not to mention youre inexperienced at rom/kernel/recovery compiling for the fact you think its okay to just throw a different devices ramdisk in there " because it just works." when we have readily available source for our device.
legally- youre held responsible for these files youre distributing.
and to those just flashing this twrp file to their device, yes its reversible - but would you want to find out it doesnt work when its too late? IE backing up partitions in the wrong order, and restoring them into the wrong partitions? the video shows it backs up and restores, but is it doing so in the right order? in the right places. i may be ranting but id rather be careful/safe then sorry.
not one detail of this compile/build has been released, just a link that is claimed to work.
"left sock fits on right, doesnt feel right - but my feet aren't cold!" is how this feels to me.
i was sketched to even test this twrp version considering you need to tell the factory reset "yes, i want to wipe" twice, in order to boot to twrp.
idk about you but ive never seen any recovery warrant those options. normally twrp would just boot upon button combo - which is why im sharing this post. recoveries arent supposed to be functioning that way.
Click to expand...
Click to collapse
The first twrp was from a htc phone. This is from lg leon lte. Same manufacturer. I used my boot.img dumped on my sdcard and used the ramdisk from Twrp Leon aka c50 the leon twrp is missing the options seen on this one. Don't use it. But I'm working on cm_m1 so continue to use the old one and when your phone can't come on have fun getting in recovery. Make it better.

Recovery log
Make a log.

NASSTYROME said:
what are the boardconfig.mk file contents that you used to compile this recovery?
the fact youre using a ghetto hacked twrp that works is fine, but id prefer an actual device specific twrp version that will reliably work - theres no telling what this twrp can do to your device, and the fact youre using another devices ramdisk scares the hell out of me.
ramdisks arent something you play around with - you can seriously ruin someones device like that.
also requesting the twrp fstab file youve used.
youre literally just throwing files at users that have perviously bricked their devices and not explaining in detail what they consist of.
if you seriously damage any of these user's device partitions by overwriting the wrong partition, are you going to pay for the devices when theyre hardbricked and no longer responsive to the oem flashing?
not once have a even seen a warning on these files yet youre just posting forum to forum; not to mention youre inexperienced at rom/kernel/recovery compiling for the fact you think its okay to just throw a different devices ramdisk in there " because it just works." when we have readily available source for our device.
legally- youre held responsible for these files youre distributing.
and to those just flashing this twrp file to their device, yes its reversible - but would you want to find out it doesnt work when its too late? IE backing up partitions in the wrong order, and restoring them into the wrong partitions? the video shows it backs up and restores, but is it doing so in the right order? in the right places. i may be ranting but id rather be careful/safe then sorry.
not one detail of this compile/build has been released, just a link that is claimed to work.
"left sock fits on right, doesnt feel right - but my feet aren't cold!" is how this feels to me.
i was sketched to even test this twrp version considering you need to tell the factory reset "yes, i want to wipe" twice, in order to boot to twrp.
idk about you but ive never seen any recovery warrant those options. normally twrp would just boot upon button combo - which is why im sharing this post. recoveries arent supposed to be functioning that way.
Click to expand...
Click to collapse
Check out the LG L70 it's the same way to get in recovery. This must be your first LG phone.

i dont care whether its the same way to enter recovery, my care is youre using another phone's ramdisk in this device.
"I used my boot.img dumped on my sdcard and used the ramdisk from Twrp Leon aka c50 the leon"
post twrp.fstab and boardconfig.mk youve used for this "twrp" build.
this must be your first posting for development on an unsupported device.
as for anyone using another device's files when we have access to source of our own device - i wouldnt trust them to build anything, let alone CM. thats just pure shortcutting and laziness .. and at what expense?
as for twrp making this official, they wont - as you cannot provide SOURCE.
So, now, hopefully you've compiled TWRP for your device and gotten it working. Now, you'd like to know how to get TWRP officially supported for your device so that it can be installed automatically with GooManager. In order for us to add "official support" for your device we'll need the following:
1) Device configuration files to compile TWRP from source for your device. This means that you cannot have repacked a recovery.img by hand to get it working. We need to be able to compile it from source so that we can easily release future updates.
2) A copy of a build prop for your device (it's in /system/build.prop) so that we can add the correct device information to GooManager
3) We'll build a copy of TWRP and send it to you for validation. Once you've validated that we can build a working image for your device, we'll add it to GooManager.

Go spam the other thread. Over 200 downloads and no problems but there was problems right away with the first version. For your info download Twrp c50 from the Twrp site examine it and ask why it's incomplete. That's why I linked the video of the Twrp from the site and same problems. Bye and leave me be. Hd2 check it out. Czarsuperstar's HTC HD2 android custom roms. Check it out and leave me alone. Thanks for your concern. Oh and for your info we have the same keyboard configuration as the LG Leon. There's a device tree. Google it. Google is your friend bro.

NASSTYROME said:
i dont care whether its the same way to enter recovery, my care is youre using another phone's ramdisk in this device.
"I used my boot.img dumped on my sdcard and used the ramdisk from Twrp Leon aka c50 the leon"
post twrp.fstab and boardconfig.mk youve used for this "twrp" build.
this must be your first posting for development on an unsupported device.
as for anyone using another device's files when we have access to source of our own device - i wouldnt trust them to build anything, let alone CM. thats just pure shortcutting and laziness .. and at what expense?
as for twrp making this official, they wont - as you cannot provide SOURCE.
So, now, hopefully you've compiled TWRP for your device and gotten it working. Now, you'd like to know how to get TWRP officially supported for your device so that it can be installed automatically with GooManager. In order for us to add "official support" for your device we'll need the following:
1) Device configuration files to compile TWRP from source for your device. This means that you cannot have repacked a recovery.img by hand to get it working. We need to be able to compile it from source so that we can easily release future updates.
2) A copy of a build prop for your device (it's in /system/build.prop) so that we can add the correct device information to GooManager
3) We'll build a copy of TWRP and send it to you for validation. Once you've validated that we can build a working image for your device, we'll add it to GooManager.
Click to expand...
Click to collapse
not saying a official twrp isn't preferable, but man you got to learn how to talk to people, you were just short of cursing the dude out, and as far as the recovery the thing is solid(tested backup, flash and restore/ anyhow we got LGUP if you **** up so its not a huge deal), but anyone on this site shouldn't take someones word for things like recovery's and you should always test boot before you flash, also you don't seem to understand the first rule of xda-whatever happens to your device is on you, been that way since the og day's- talking politely to others is the way to go about things, people wont listen if you combative.

Kernel
Im building the kernel from source right now check out the video on Twitter. Anyone that wants to join the development I am down with it.

Didn't work, after selecting yes twice, my phone just starts like normal, doesn't go to TWRP or factory restore, it is there though because I can boot to it from the flashify app, ah well.
wait...my bad, I was highlighting the wrong one, lol, works great, thanks

Assuming it ever worked right it should work better now because you can always get to it.
As for concerns about the ramdisk I don't see any issues with that, it's just being used to boot and run recovery on if I'm not mistaken and apparently where the buttons get enabled so a necessity.
Considering many phones have such hacked together recoverys and many more have no custom recovery I'm thankful to have it particularly since most of my work is done away from my pc.

callihn said:
Assuming it ever worked right it should work better now because you can always get to it.
As for concerns about the ramdisk I don't see any issues with that, it's just being used to boot and run recovery on if I'm not mistaken and apparently where the buttons get enabled so a necessity.
Considering many phones have such hacked together recoverys and many more have no custom recovery I'm thankful to have it particularly since most of my work is done away from my pc.
Click to expand...
Click to collapse
Thanks for report. The other Twrp w/o the button combo was from a HTC phone lol and I am getting blasted. HTC or LG? LG K7. ... LG.

[email protected] said:
Thanks for report. The other Twrp w/o the button combo was from a HTC phone lol and I am getting blasted. HTC or LG? LG K7. ... LG.
Click to expand...
Click to collapse
Right and that's why the buttons didn't work. Great job! Best discovery yet for this phone, so happy that we can restore now withoit adb and withoit having to worry about debugging getting turn off, very essential find. Don't let those that don't understand get you down.

callihn said:
Right and that's why the buttons didn't work. Great job! Best discovery yet for this phone, so happy that we can restore now withoit adb and withoit having to worry about debugging getting turn off, very essential find. Don't let those that don't understand get you down.
Click to expand...
Click to collapse
I'm working on building it from source but keep getting errors and I'm trying it with another device that has Twrp (Moto E 2015) and followed the directions to the T and no luck. So I am trying......... Will let everyone know how it's going.

[email protected] said:
Im building the kernel from source right now check out the video on Twitter. Anyone that wants to join the development I am down with it.
Click to expand...
Click to collapse
kernel??????????????????????????
im down!

Question Moto G Pure - XT2163-4 vs XT2163-2 - LTE bands

New here. Didn't see a forum for the Moto G Pure XT2163. Mods - I am sorry. Please move wherever's best.
Discovered that the version Verizon is selling (notably the slickdeals thread on the one from Visible) is different. It's -2 vs. -4.
Looks like VZW disabled most of the bands that T-Mobile/Sprint use - 25, 41, 71, for example.
Looking to see if it's possible to enable those bands. One report on SD thread says they bricked their device trying RETUS version but IDK if the bootloader needs to be unlocked first, or if it would even help. Probably more work to unlock these bands if it's even possible.
Downloads look available here https://mirrors.lolinet.com/firmware/moto/ellis/official/
Haven't messed with flashing a phone in years. May be able to try later but hoping anyone else here can look into this.

I'm going to guess as is the case with most other Android devices branded by Verizon that the bootloader will be restricted from being unlocked. There is really no way around this as it's an OEM based policy. If you want to play with custom ROMs or root based modding, I would highly recommend ditching the Verizon or any other carrier branded variant with the exception of T-Mobile/Metro and Google Fi (there are others) that actually allow OEM unlock. Not only that, but if you're looking for certain connectivity bands, you don't want to settle for a carrier device variant designed to use a particular set of bands which don't include the ones you need. No sense getting a Verizon variant to run on T-Mobile/Sprint bands when you can, you know, get the T-Mobile variant in the first place. Get the global unlocked variant model if you can and start from there. Far easier than the headaches you'll get trying to transform VZW to TMUS.

Cross-flashing is not going to unlock bands, you need to change modem configuration. Throw your SoC(Mediatek) followed by "unlock bands" into Google and see if you have any luck.

I also didn't see a forum for the Moto G Pure and was wondering if anyone knows of a custom bootloader like TWRP or CWM for it? I think I have enough understanding of how to sideload the app, I just need something to send the phone. I tried using a random TWRP mod on it but it fails, invalid signature. I haven't tried doing the phone rooting thing in years now, but I have this Moto G Pure phone without any service on it that I'm willing to experiment on. It can be used as a test bed or data extraction device to put code from it on the internet if someone needs it to help custom rom makers for example by testing stuff on it. Perhaps that's why no one has a custom recovery for it yet.
I don't know exactly how to extract the phones current ROM data so all I've done so far is unlock the bootloader. The phone's carrier based on the unactivated sim card shows it's a T-Mobile branded device, but the T-Mobile and other carrier software is inactive other than the few Moto apps. An article on XDA say's the phone's suck, but that's just not true at least not to me. It's a fine phone like it is, but if I can format it's SSD and only install what I want it to have on it that would be great. It's just a spare sim locked phone that I can't use my active sim card in. So with that it's now a project phone. I would like to mainly just unbloat it and free up all that used space occupied by the recovery partition. I don't necessarily need a whole new ROM, just want to root it. That's the only way to erase those factory files that I know of.
For me unlocking the bootloader wasn't to hard to do. You have to make sure the drivers from Motorola are installed and have a current version of ADB available on a computer. I still had a version of ADB tools that was almost a decade old now so I had to update that for the fastboot oem_unlock_unlockcode (automated code from Motorola support) command to work. To find out if it can be unlocked or not go here:
https://motorola-global-portal.custhelp.com/app/standalone%2Fbootloader%2Funlock-your-device-b
At the Moto site they will guide you on how to generate the code they want you to send them. You have to sign in to their site to use that function though. After I finally figured out what to type in the CMD window it generated that code and I edited it down to one long line of numbers and give it to the page. In seconds I had an email with the unlock code inside.
Unlocking it seems to help with uninstalling some of the built in stuff, before I could only disable most of the apps that come with it. The apps are still probably on there I just have to factory reset it and they'll come back. Now however the removed apps don't show as using any internal storage, all the apps info numbers go to 0 bytes, but still even doing that it's still over 10GB of unmovable data. When it should really be more like 2-3 GB for the entire system. I hate how Google just inserts itself in your life even when you don't want it at all.
I anyone passing by reading this post needs more details please let me know and I'll try to get the information or even data files from the phone. Would a copy of it's stock firmware be of any help? If so let me know how I would go about saving a copy of it. I'll keep looking for answers but it seems this phone is not high on the priority list or is new or something. So there is only scam guides trying to tell you "How to unlock your phone" or "Install TWRP on Motorola devices" and other clearly click bait sites. I can't even find the stock rom for it on Motorola's site, just outdated versions from 2016, with different build numbers, that can't be right.
All I know is unlocking the bootloader was the first step on all the guides and I've done that. Got a warranty voided notice and everything. There currently isn't a custom recovery mod for this model as far I can tell. If I can ever find that then I can try Linage or just debloat Android 11 which is probably the safer and easier option provided I can find that Custom Covery'.
When it boots up now, it has to tell me it's unlocked and all the dangers it poses. Dangerous if you cared about what was on it I suppose. There is nothing on it I can't just copy back over to it, other than the stock operating system.
Oh yeah, it's model number and other side of the box information is:
Model Name: Moto G PURE
SKU: MO-XT21634-AJB (MOXT21634AJB)
Software Version RRH31.Q3-46-20
Production date was 12/15/2021
I'm not sure what other information to include.

BrittonCBurton said:
I also didn't see a forum for the Moto G Pure and was wondering if anyone knows of a custom bootloader like TWRP or CWM for it? I think I have enough understanding of how to sideload the app, I just need something to send the phone. I tried using a random TWRP mod on it but it fails, invalid signature. I haven't tried doing the phone rooting thing in years now, but I have this Moto G Pure phone without any service on it that I'm willing to experiment on. It can be used as a test bed or data extraction device to put code from it on the internet if someone needs it to help custom rom makers for example by testing stuff on it. Perhaps that's why no one has a custom recovery for it yet.
I don't know exactly how to extract the phones current ROM data so all I've done so far is unlock the bootloader. The phone's carrier based on the unactivated sim card shows it's a T-Mobile branded device, but the T-Mobile and other carrier software is inactive other than the few Moto apps. An article on XDA say's the phone's suck, but that's just not true at least not to me. It's a fine phone like it is, but if I can format it's SSD and only install what I want it to have on it that would be great. It's just a spare sim locked phone that I can't use my active sim card in. So with that it's now a project phone. I would like to mainly just unbloat it and free up all that used space occupied by the recovery partition. I don't necessarily need a whole new ROM, just want to root it. That's the only way to erase those factory files that I know of.
For me unlocking the bootloader wasn't to hard to do. You have to make sure the drivers from Motorola are installed and have a current version of ADB available on a computer. I still had a version of ADB tools that was almost a decade old now so I had to update that for the fastboot oem_unlock_unlockcode (automated code from Motorola support) command to work. To find out if it can be unlocked or not go here:
https://motorola-global-portal.custhelp.com/app/standalone%2Fbootloader%2Funlock-your-device-b
At the Moto site they will guide you on how to generate the code they want you to send them. You have to sign in to their site to use that function though. After I finally figured out what to type in the CMD window it generated that code and I edited it down to one long line of numbers and give it to the page. In seconds I had an email with the unlock code inside.
Unlocking it seems to help with uninstalling some of the built in stuff, before I could only disable most of the apps that come with it. The apps are still probably on there I just have to factory reset it and they'll come back. Now however the removed apps don't show as using any internal storage, all the apps info numbers go to 0 bytes, but still even doing that it's still over 10GB of unmovable data. When it should really be more like 2-3 GB for the entire system. I hate how Google just inserts itself in your life even when you don't want it at all.
I anyone passing by reading this post needs more details please let me know and I'll try to get the information or even data files from the phone. Would a copy of it's stock firmware be of any help? If so let me know how I would go about saving a copy of it. I'll keep looking for answers but it seems this phone is not high on the priority list or is new or something. So there is only scam guides trying to tell you "How to unlock your phone" or "Install TWRP on Motorola devices" and other clearly click bait sites. I can't even find the stock rom for it on Motorola's site, just outdated versions from 2016, with different build numbers, that can't be right.
All I know is unlocking the bootloader was the first step on all the guides and I've done that. Got a warranty voided notice and everything. There currently isn't a custom recovery mod for this model as far I can tell. If I can ever find that then I can try Linage or just debloat Android 11 which is probably the safer and easier option provided I can find that Custom Covery'.
When it boots up now, it has to tell me it's unlocked and all the dangers it poses. Dangerous if you cared about what was on it I suppose. There is nothing on it I can't just copy back over to it, other than the stock operating system.
Oh yeah, it's model number and other side of the box information is:
Model Name: Moto G PURE
SKU: MO-XT21634-AJB (MOXT21634AJB)
Software Version RRH31.Q3-46-20
Production date was 12/15/2021
I'm not sure what other information to include.
Click to expand...
Click to collapse
hey i just came up on one of these today, nice phone considering... Any luck with trying to find a custom recovery? I have been looking as well but development seems pretty sparse right now. I am in the same boat as you, unlocked bootloader, locked everything else lol. I cant even find a way to root it without TWRP! I am curious if one of the other moto G series phones would have the same TWRP? Also check this out. It sounds legit but IDK...https://www.getdroidtips.com/root-motorola-g-pure-xt2163/

Agent_Orange1488 said:
hey i just came up on one of these today, nice phone considering... Any luck with trying to find a custom recovery? I have been looking as well but development seems pretty sparse right now. I am in the same boat as you, unlocked bootloader, locked everything else lol. I cant even find a way to root it without TWRP! I am curious if one of the other moto G series phones would have the same TWRP? Also check this out. It sounds legit but IDK...https://www.getdroidtips.com/root-motorola-g-pure-xt2163/
Click to expand...
Click to collapse
Well I was able to use Magisk to "root" it with the patched boot file trick, but still that's not the same thing as I did before with a Samsung phone and the CWM recovery deal. That gave the user all the control they wanted. Even though the phone claims I have root access, I'm not sure what to do with Magisk's root trick. I still don't see a way to backup or install a different operating system or just a blank Android 11 OS. My knowledge there is limited and there isn't a custom recovery for this model as far as I can tell.
So I still can't wipe the drive or remove the OEM partition that contains the installers for the bundled stuff. I'd still need some form of interface that has more features than the stock Fastboot and Bootloader modes offer I guess, or I just don't know how to use the software tools correctly. It's still locked even with root as far as I can tell but if there is something more I'm missing or an additional app to install for example, like SU. Is that still a thing? If I'm on the right track let me know.

BrittonCBurton said:
Well I was able to use Magisk to "root" it with the patched boot file trick, but still that's not the same thing as I did before with a Samsung phone and the CWM recovery deal. That gave the user all the control they wanted. Even though the phone claims I have root access, I'm not sure what to do with Magisk's root trick. I still don't see a way to backup or install a different operating system or just a blank Android 11 OS. My knowledge there is limited and there isn't a custom recovery for this model as far as I can tell.
So I still can't wipe the drive or remove the OEM partition that contains the installers for the bundled stuff. I'd still need some form of interface that has more features than the stock Fastboot and Bootloader modes offer I guess, or I just don't know how to use the software tools correctly. It's still locked even with root as far as I can tell but if there is something more I'm missing or an additional app to install for example, like SU. Is that still a thing? If I'm on the right track let me know.
Click to expand...
Click to collapse
Thanks for the reply!!! I am speaking from a place of semi-ignorance here but I would thing that you could install SuperSU from inside the system, right? As long as the root binary is there...idk though and from what I hear, chainfire is not responsible for SuperSU anymore so it has become somewhat sketchy. I saw a post (about this phone, I think) that mentioned having to install terminal emulator and running root command from there to achieve legit root after flashing the patched boot.img. I will see if I can find the post again and update you. Is there anyway you could post the boot.img? Or give me a link for it?

Agent_Orange1488 said:
Thanks for the reply!!! I am speaking from a place of semi-ignorance here but I would thing that you could install SuperSU from inside the system, right? As long as the root binary is there...idk though and from what I hear, chainfire is not responsible for SuperSU anymore so it has become somewhat sketchy. I saw a post (about this phone, I think) that mentioned having to install terminal emulator and running root command from there to achieve legit root after flashing the patched boot.img. I will see if I can find the post again and update you. Is there anyway you could post the boot.img? Or give me a link for it?
Click to expand...
Click to collapse
Well I can try and learn how to extract the phones information to my computer. I don't know how to do that exactly. The way I was able to get a hold of the phones stock firmware data was by using Lenovo's Smart Rescue and Recovery software.
You have to enable usb debugging mode, attach the phone to the computer with the software running and make sure that you didn't disable/delete Device Help. That app is what makes the Lenovo software work, otherwise the Recovery software fails to see the phone. If it sees the phone correctly then you can see the preselected target firmware it wants you to download under the Rescue tab along the top.
So I did that and grabbed the files it created without actually applying them to the device. The whole thing is a little over 2GB and difficult to host but I put the stock boot.img file here for anyone who needs it. If anyone wants all the files I can try to upload the whole thing one file at at time. That's the way it was sent to me, an uncompressed folder. If I zip it all up and try to upload it most sites will say file size exceeded. Anyway here's the link...
boot
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com

Thanks I was able to patch it with Magisk and achieve root. It looks like Magisk is an SU manager anyway. I have never used it before so this is a first for me. The root and bootloader unlock seem a little pointless without any recovery or ROM though....I guess it's time to learn how to compile one lol

I just picked up the Moto G Pure (XT2163-4) Android 11 aka Red Velvet Cake *sounds yummy lol*....I've been searching around and not seen any info about any rooting method for this device....besides the "Root All Motorola Phones" crap...and I don't feel like risking making a paper weight with it. Even on here it doesn't show up in the...add device list....was going to add to my profile...but can't.

Agent_Orange1488 said:
Thanks I was able to patch it with Magisk and achieve root. It looks like Magisk is an SU manager anyway. I have never used it before so this is a first for me. The root and bootloader unlock seem a little pointless without any recovery or ROM though....I guess it's time to learn how to compile one lol
Click to expand...
Click to collapse
Yeah now we're on the same page then. I thought the same thing, not much use to have an unlocked boot loader and root access without software to make use of it. I gave the phone to my nieces to play with for now, but it's with in arms reach if I need it for instructions yet to be defined. I should receive updates to this post if anyone else responds.

Gamekeeper408 said:
I just picked up the Moto G Pure (XT2163-4) Android 11 aka Red Velvet Cake *sounds yummy lol*....I've been searching around and not seen any info about any rooting method for this device....besides the "Root All Motorola Phones" crap...and I don't feel like risking making a paper weight with it. Even on here it doesn't show up in the...add device list....was going to add to my profile...but can't.
Click to expand...
Click to collapse
Yeah appears it was produced in late 2021 or sold at that time so it's new and no one has made any custom firmware's or recoveries for it as far as I know. I don't know how to do that, requires computer programming skills. I don't have any of those.

Gamekeeper408 said:
I just picked up the Moto G Pure (XT2163-4) Android 11 aka Red Velvet Cake *sounds yummy lol*....I've been searching around and not seen any info about any rooting method for this device....besides the "Root All Motorola Phones" crap...and I don't feel like risking making a paper weight with it. Even on here it doesn't show up in the...add device list....was going to add to my profile...but can't.
Click to expand...
Click to collapse
I feel your pain! Had mine a few days and of course came to XDA immediately to find the DL on this joint but no luck... Ya I definitely don't recommend one click root method for this. If you want, I can post/link the patched boot.img i made with magisk. Mine boots with it and have confirmed root.

BrittonCBurton said:
Yeah now we're on the same page then. I thought the same thing, not much use to have an unlocked boot loader and root access without software to make use of it. I gave the phone to my nieces to play with for now, but it's with in arms reach if I need it for instructions yet to be defined. I should receive updates to this post if anyone else responds.
Click to expand...
Click to collapse
Excellent, it's nice to be caught up with everyone else haha!! I am going to do some digging and posting and whatnot to try to find some info on porting a recovery for this model. I feel like it can't be too different from at least one or two of the other G series phones. I will see updates as well so please post if you come up with anything!!
BTW does anyone know the process of creating a device page for this joint?! I think this phone is definitely worth some development...

Agent_Orange1488 said:
Excellent, it's nice to be caught up with everyone else haha!! I am going to do some digging and posting and whatnot to try to find some info on porting a recovery for this model. I feel like it can't be too different from at least one or two of the other G series phones. I will see updates as well so please post if you come up with anything!!
BTW does anyone know the process of creating a device page for this joint?! I think this phone is definitely worth some development...
Click to expand...
Click to collapse
Good luck finding anything that will load onto the phone. Seems like it would be possible to install LineageOS on it if nothing else. You'd think by now installing a phone's operating system would be similar to how operating systems are installed on other computers. All I get is invalid signature, way to much security (for them) on phone OS'es. With phones and PDA's apparently you can't just find the OS you want to use and install it. Where's the generic and bloat free Andriod 11 stock OS/firmware at? No such thing? It's either "Gaggles" way or nothing apparently. (It's ok if you don't know either, maybe someone else has more information about that.)

BrittonCBurton said:
Good luck finding anything that will load onto the phone. Seems like it would be possible to install LineageOS on it if nothing else. You'd think by now installing a phone's operating system would be similar to how operating systems are installed on other computers. All I get is invalid signature, way to much security (for them) on phone OS'es. With phones and PDA's apparently you can't just find the OS you want to use and install it. Where's the generic and bloat free Andriod 11 stock OS/firmware at? No such thing? It's either "Gaggles" way or nothing apparently. (It's ok if you don't know either, maybe someone else has more information about that.)
Click to expand...
Click to collapse
Ya I'm definitely not going to try anything on the actual device, (ESPECIALLY if I am trying to put it together myself) but I am pretty sure you can test that stuff on a virtual system. Some kind of android emulator or whatever. As for a stock/debloated/de-odexed ROM, I haven't seen one but that couldn't be all that difficult to put together, right? I mean as long as the patched boot.img is included anyway. I feel like a recovery would be a higher priority though...? BTW, I have never used Lineage before, how is it?

Agent_Orange1488 said:
I feel your pain! Had mine a few days and of course came to XDA immediately to find the DL on this joint but no luck... Ya I definitely don't recommend one click root method for this. If you want, I can post/link the patched boot.img i made with magisk. Mine boots with it and have confirmed root.
Click to expand...
Click to collapse
That would be great if you could share that patched boot.img......it is for the XT2163-4 MOTO G PURE correct?

Gamekeeper408 said:
That would be great if you could share that patched boot.img......it is for the XT2163-4 MOTO G PURE correct?
Click to expand...
Click to collapse
Agent_Orange1488 said:
I feel your pain! Had mine a few days and of course came to XDA immediately to find the DL on this joint but no luck... Ya I definitely don't recommend one click root method for this. If you want, I can post/link the patched boot.img i made with magisk. Mine boots with it and have confirmed root.
Click to expand...
Click to collapse
I would also like the patched boot.img if it is for the XT2163-4. Thanks

Hey boys I actually got rid of the moto g pure...for now at least lol! GREAT phone and I would be willing to get it back once there is some dev work done on it...will definitely be watching the threads on it. Good luck boys!!!

Hi
I read the above posts, and it seems like even if I am able to root it using Magisk, I won't be able to flash it with custom rom?
Thank you Agent_Orange1488 for the posts.

Could I use the leaked Samsung platform key to hack my own phone?

Please be kind if this is a stupid question - I'm very new to this and learning fast.
Would it be possible to add a signature to aromafm or to a lock pattern removal script, using the leaked Samsung platform certificate (as recently reported), and if so would that allow it to be sideloaded to stock recovery in a Galaxy S9?
I recently had to add a pattern lock - which I somehow managed to immediately forget. Even though it was a simple pattern specifically chosen to fall naturally under the hand so that I wouldn't forget it... I've tried so many variations that it's now making me wait 24 hours between attempts. It also turns out that data that I thought was backing up externally was actually only going to internal storage, so I really don't want to do a factory reset without trying absolutely everything else first.
Galaxy S9
Not rooted
Bootloader is locked
USB debugging is enabled
ADB can see the phone but it's not authorised
ADB sideload does work - but of course any scripts need the Samsung signature.
The phone is not registered with Samsung, so I can't unlock it through my Samsung account.
I realise it's clutching at straws but would the leaked platform key be a way in?

missmilla said:
Please be kind if this is a stupid question - I'm very new to this and learning fast.
Would it be possible to add a signature to aromafm or to a lock pattern removal script, using the leaked Samsung platform certificate (as recently reported), and if so would that allow it to be sideloaded to stock recovery in a Galaxy S9?
I recently had to add a pattern lock - which I somehow managed to immediately forget. Even though it was a simple pattern specifically chosen to fall naturally under the hand so that I wouldn't forget it... I've tried so many variations that it's now making me wait 24 hours between attempts. It also turns out that data that I thought was backing up externally was actually only going to internal storage, so I really don't want to do a factory reset without trying absolutely everything else first.
Galaxy S9
Not rooted
Bootloader is locked
USB debugging is enabled
ADB can see the phone but it's not authorised
ADB sideload does work - but of course any scripts need the Samsung signature.
The phone is not registered with Samsung, so I can't unlock it through my Samsung account.
I realise it's clutching at straws but would the leaked platform key be a way in?
Click to expand...
Click to collapse
While XDA prides itself on being hacker friendly, we shy away from anything that could result in legal liability, which is why we do not permit the sharing of any proprietary material, even if it's already in the public domain.
So in a nutshell....I imagine that if one did have a valid key, and signed an update package using that key, they could potentially use it to exploit their device, such as changing the props to allow bootloader unlocking, thereby permitting custom recoveries. Samsung as far as I know does not protect the system image with Verified Boot, so it is possible to modify /system without incurring a boot failure.
All that being said, the point is pretty moot, because as I pointed out we do not allow sharing anything that is licensed intellectual property, so any discussions on the topic would have to be rather...vague.

V0latyle said:
While XDA prides itself on being hacker friendly, we shy away from anything that could result in legal liability, which is why we do not permit the sharing of any proprietary material, even if it's already in the public domain.
So in a nutshell....I imagine that if one did have a valid key, and signed an update package using that key, they could potentially use it to exploit their device, such as changing the props to allow bootloader unlocking, thereby permitting custom recoveries. Samsung as far as I know does not protect the system image with Verified Boot, so it is possible to modify /system without incurring a boot failure.
All that being said, the point is pretty moot, because as I pointed out we do not allow sharing anything that is licensed intellectual property, so any discussions on the topic would have to be rather...vague.
Click to expand...
Click to collapse
Thank you, that's really helpful. I was thinking more whether simply adding a signature to a script would let that script be used directly with stock recovery, rather than unlocking the bootloader to flash a custom recovery (which I suspect would be beyond me), but it sounds as though in theory it might be worth a try. At this stage I probably have nothing left to lose as I'll have to to a full reset anyway if I can't find anonther way in.

missmilla said:
Thank you, that's really helpful. I was thinking more whether simply adding a signature to a script would let that script be used directly with stock recovery, rather than unlocking the bootloader to flash a custom recovery (which I suspect would be beyond me), but it sounds as though in theory it might be worth a try. At this stage I probably have nothing left to lose as I'll have to to a full reset anyway if I can't find anonther way in.
Click to expand...
Click to collapse
I'm honestly no expert on this kind of thing, but if I'm correct in my assumption that Samsung does not protect the system image, then yes - you could, in theory, use the leaked key to sign an update package that could patch /system to gain root. This would require knowledge of exactly how Samsung signs their updates. However, if the system image is protected, this would cause a boot failure, as AVB would detect the modification.
But.
If the above were possible, then the best course of action would be to create a script that would set ro.oem_unlock_ability=1 and sys.get_unlock_ability=1, after which the user would immediately reboot to download mode and unlock the bootloader, because once you've unlocked the bootloader, you've removed a lot of restrictions - you can flash a custom recovery, flash a root patch, flash anything you damn well pleased.

I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.

V0latyle said:
I'm honestly no expert on this kind of thing, but if I'm correct in my assumption that Samsung does not protect the system image, then yes - you could, in theory, use the leaked key to sign an update package that could patch /system to gain root. This would require knowledge of exactly how Samsung signs their updates. However, if the system image is protected, this would cause a boot failure, as AVB would detect the modification.
But.
If the above were possible, then the best course of action would be to create a script that would set ro.oem_unlock_ability=1 and sys.get_unlock_ability=1, after which the user would immediately reboot to download mode and unlock the bootloader, because once you've unlocked the bootloader, you've removed a lot of restrictions - you can flash a custom recovery, flash a root patch, flash anything you damn well pleased.
Click to expand...
Click to collapse
Thank you, I will do some more digging around. Would unlocking the bootloader that way not wipe the data?

blackhawk said:
I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.
Click to expand...
Click to collapse
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.

missmilla said:
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.
Click to expand...
Click to collapse
If in the US try a Samsung Experience center at a Best buy.
I never set locks on my phones, bios's or use encryption on data backup drives because you are always the one most likely to be locked out, sometimes through no fault of your own
Digital data is fragile unless it's redundantly backed up.

blackhawk said:
I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.
Click to expand...
Click to collapse
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.
blackhawk said:
If in the US try a Samsung Experience center at a Best buy.
I never set locks on my phones, bios's or use encryption on data backup drives because you are always the one most likely to be locked out, sometimes through no fault of your own
Digital data is fragile unless it's redundantly backed up.
Click to expand...
Click to collapse
Thank you. I'm in the UK but we do have a couple of Samsung Experience Centres here so I'll try asking. Oh I will definitely be making multiple, unencrypted backups from now on! I will also be rooting the phone and installing a custom recovery just in case.

If you start playing with the firmware bricking the device is always a real possibility especially if you don't follow the protocols correctly. I never had to flash any of my Samsung's in 12 years, all are still working today. I don't do OTA updates either, ever, the potential to brick them like that is higher with you having zero control.
Samsung would really love to sell you a new expensive phone...
Some lessons you end up learning the hard way. I lost a 30yo database that is irreplaceable
Learn from your mistakes and press on. It's a lot easier though to learn from other's mistakes.

missmilla said:
Thank you, I will do some more digging around. Would unlocking the bootloader that way not wipe the data?
Click to expand...
Click to collapse
Unlocking the bootloader will always require a data wipe.
missmilla said:
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
Click to expand...
Click to collapse
The stock recovery will refuse any packages that are not signed, or are signed with an unrecognized key. There's other measures in place as well.

blackhawk said:
If you start playing with the firmware bricking the device is always a real possibility especially if you don't follow the protocols correctly. I never had to flash any of my Samsung's in 12 years, all are still working today. I don't do OTA updates either, ever, the potential to brick them like that is higher with you having zero control.
Samsung would really love to sell you a new expensive phone...
Some lessons you end up learning the hard way. I lost a 30yo database that is irreplaceable
Learn from your mistakes and press on. It's a lot easier though to learn from other's mistakes.
Click to expand...
Click to collapse
Probably not something to be messing around with when I don't know what I'm doing then.
Ouch! No wonder you're so careful with backing up... as I will be too from now on. Lesson learned

V0latyle said:
Unlocking the bootloader will always require a data wipe.
The stock recovery will refuse any packages that are not signed, or are signed with an unrecognized key. There's other measures in place as well.
Click to expand...
Click to collapse
It's sounding like I'd probably better count my losses and leave it alone. And be more careful in future. All this has got me itching to try stuff out though. Possibly not on my one and only phone, but maybe if I can get a cheap second hand one to play with, or the S9 once I eventually upgrade - it sounds so much fun!

You can use the key to sideload an update, if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures, but the problem on this is where you can find the certificate? Nobody will tell you where you can find it because who has it remains silent and also communities do not allow this kind of sharing.

Skorpion96 said:
You can use the key to sideload an update, if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures, but the problem on this is where you can find the certificate? Nobody will tell you where you can find it because who has it remains silent and also communities do not allow this kind of sharing.
Click to expand...
Click to collapse
Thank you. Yeah, I thought I had seen someone publish the certificate, but I misunderstood. So wouldn't be able to get hold of it what with not being familiar with the dark web!

Skorpion96 said:
if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures
Click to expand...
Click to collapse
you can always flash blank vbmeta on low level (such as usbdl, edl or bootrom mode) but that's not how it works.

aIecxs said:
you can always flash blank vbmeta on low level (such as edl or bootrom mode) but that's not how it works.
Click to expand...
Click to collapse
Depends, if your device is made in USA you can't. I was only suggesting a way to bypass flashing restrictions hoping that bootloader lock don't block you. Normally bootloader lock blocks unsigned flashing but if you are able to bypass it during flash maybe you can boot unsigned firmware, I'm not sure though. To flash stuff you can use an exploit or escalate privileges with a signed app that updates a system one to become uid 1000 and after that you can do setenforce 0 or setenforce permissive to set kernel permissive

No no, locked bootloader prevents booting unsigned boot, vbmeta, etc (not flashing in first place)

@missmilla just realized you wanna break into your device? this was always possible for S9 (encrypted with default_password) but it's not easy
https://www.forensicfocus.com/news/samsung-exynos-support-in-oxygen-forensic-detective

aIecxs said:
@missmilla just realized you wanna break into your device? this was always possible for S9 (encrypted with default_password) but it's not easy
https://www.forensicfocus.com/news/samsung-exynos-support-in-oxygen-forensic-detective
Click to expand...
Click to collapse
Apparently the Qualcomm variants aren't suspectable to this hack. Only Exynos models are listed.

Question Rooting I need opinions from Android enthusiasts and developers

So I'll try to keep this as short as possible I'm highly highly but I almost did it minutes ago but I'm going to get feedback first I'm like 99% sure I can recover my phone if it bricks I really want to root my phone and run a custom rom now that won't be the first step if I do this I'm going to stay in stock first and then after a while I was going to then go to the full process and switch to a custom but I need to know if other people have tried that on this phone if it was difficult if they had problems if they couldn't recover via fastboot and if anyone could help me compile TWRP recovery I don't know how to do that I've never done that yet I'm going to use the MSM tool to backup all files on my phone so if I had to I can just write a script really quick to custom flash every partition back and if someone knew how to make or convert all the partition files into a flashable file from the MSM tool that would be appreciated but I don't think there is a way. Also if people need to know I have figured out a way to find all of your phones the ussd codes inside of the phone you just have to dig pretty deep no this is only for one plus two places that I know how to do this for but if you can answer or help me with anything ever talked about you can ask me a question or something you need help with and I will see what I can do I have a lot of information with Android it's basically all I do on my free time besides for a play one game anyways I'm going to show up thank you guys Reading Post and as always never settle

AkayamiShurui said:
So I'll try to keep this as short as possible I'm highly highly but I almost did it minutes ago but I'm going to get feedback first I'm like 99% sure I can recover my phone if it bricks I really want to root my phone and run a custom rom now that won't be the first step if I do this I'm going to stay in stock first and then after a while I was going to then go to the full process and switch to a custom but I need to know if other people have tried that on this phone if it was difficult if they had problems if they couldn't recover via fastboot and if anyone could help me compile TWRP recovery I don't know how to do that I've never done that yet I'm going to use the MSM tool to backup all files on my phone so if I had to I can just write a script really quick to custom flash every partition back and if someone knew how to make or convert all the partition files into a flashable file from the MSM tool that would be appreciated but I don't think there is a way. Also if people need to know I have figured out a way to find all of your phones the ussd codes inside of the phone you just have to dig pretty deep no this is only for one plus two places that I know how to do this for but if you can answer or help me with anything ever talked about you can ask me a question or something you need help with and I will see what I can do I have a lot of information with Android it's basically all I do on my free time besides for a play one game anyways I'm going to show up thank you guys Reading Post and as always never settle
Click to expand...
Click to collapse
Unfortunately MSM requires authentication to work on this device. I don't know if the readback feature works without authentication though.

TheNewHEROBRINE said:
Unfortunately MSM requires authentication to work on this device. I don't know if the readback feature works without authentication though.
Click to expand...
Click to collapse
The password is "oneplus" am in rooting my phone tonight I have access to the full OTA backed up and the full MSM read back backed up

AkayamiShurui said:
The password is "oneplus" am in rooting my phone tonight I have access to the full OTA backed up and the full MSM read back backed up
Click to expand...
Click to collapse
I don't mean that authentication. I mean username and password of an OPPO account that it asks on start-up.

TheNewHEROBRINE said:
I don't mean that authentication. I mean username and password of an OPPO account that it asks on start-up.
Click to expand...
Click to collapse
You can use a hex Editor to bypass it but still even then it wouldn't work because it communicates with the oppo servers so you can oppo token however I actually know a way around this if I can get the ofp file or the XML file or the ops file I know of seven different methods that are quite common tools that let you flash your phone

AkayamiShurui said:
You can use a hex Editor to bypass it but still even then it wouldn't work because it communicates with the oppo servers so you can oppo token however I actually know a way around this if I can get the ofp file or the XML file or the ops file I know of seven different methods that are quite common tools that let you flash your phone
Click to expand...
Click to collapse
I don't think any of those tools can bypass the authentication enforced by the only firehose loader publicly available.