[ROOT][Surnia]Moto E 2015 root all the things!

Search This thread

cybojenix

Retired Forum Mod / Retired Recognized Developer
Apr 7, 2012
801
1,864
disclaimer:
Code:
I take no responsibility for any devices that may be bricked,
or any bad things that will happen to you.

flash/boot twrp from here
either flash SuperSU by chainfire, or reboot system and accept installing supersu via TWRP.

we've experienced a bug on the first boot after flashing supersu, where there is no boot animation. instead the warning sign will stay up saying "you're unlocked".
Do not worry. It will still load, and supersu will prompt you to finish installing SU. do so, and everything will be back to normal.

A known issue happens, where root breaks the camera.
If this happens to you, then change SeLinux to permissive. I may look in to fixing it properly at a later point.

thank you to @fix-this for testing

previous post:

Please note this is a development thread. If something is said that is NOT constructive, I will have it deleted.

OK so this thread doesn't tell you how to root your device... yet.
in the process of rooting my device, I have essentially soft bricked it until I can get hold of either a boot/recovery image, or I find out the kernel base, ramdisk offset and tags offset.
long story short, I shouldn't have been messing about with the system while I was tired, so I forgot about dm-verity, and now it won't boot since the boot image contains a dm-verity key. hurrah for perma root prevention systems finally working.. sort of..

Motorola has implemented a nifty method in to their bootloaders. It essentially allows you to dump a partition. This is when I stumbled on yet another security measure. to allow you to do anything with the bootloader, you must flick a switch in the android dev settings to give full access... oh wait, I can't load the system ;) I don't know if this switch is done by writing a value to memory, or is passed on with the reboot reason. I don't know Java that well, and I sure as hell don't know smali.

So far I have attempted:
  • Dump a modified system image (Failed because dm-verity).
  • Pull the boot image (Failed because SELinux)
  • Dump the boot image via moto fastboot (failed because either outdated mfastboot, or security from [read above])
  • Boot directly in to DLOAD mode. (Failed. seems with the msm8916, they've changed the method of accessing it, and having dload mode is now optional [which they disabled.. probably..]. I'm not going to risk wiping the bootloader to see if DLOAD mode will load as a fail safe).

so how can you help?

method failed. trying something else..
I need someone who doesn't mind unlocking their bootloader (or already has done), and doesn't need their hand holding. (request for hand holding isn't development, it will be deleted).

  1. unlock bootloader.
  2. get mfastboot
  3. go to settings, dev settings, and allow oem unlock
  4. boot to fastboot/bootloader
  5. run this command
    Code:
    mfastboot oem partition dump recovery
  6. If this fails, then try this (with this fastboot) (Thank you @m1cha for this version of fastboot, sources here)
    Code:
    fastboot_dump dump recovery.img oem partition moto-dump recovery
  7. send the results back to me

Hopefully, this will all go well. If not, I'll spend a few hours figuring out the values they've used for the kernel base and offsets.


If anyone else has any ideas (even if it's to get a temp root), then feel free to share them


Big thankyou to @PotatoJ who has donated a very generous $20
 

Attachments

  • patch14.zip
    904.6 KB · Views: 14,189
Last edited:

cybojenix

Retired Forum Mod / Retired Recognized Developer
Apr 7, 2012
801
1,864
more updates. just been told that those commands are for internal use only.

had an idea though.. will get back to you
 

fix-this!

Senior Member
Apr 15, 2012
4,263
736
midwest
if im correct i think the system images are now available. ill help with what i can to obtain root. id hope rooting this wont be too hard considering we can unlock the bootloader via moto.

i also messaged jcase to see if he might be able to help us.
 
Last edited:

cybojenix

Retired Forum Mod / Retired Recognized Developer
Apr 7, 2012
801
1,864
if im correct i think the system images are now available. ill help with what i can to obtain root. id hope rooting this wont be too hard considering we can unlock the bootloader via moto.

i also messaged jcase to see if he might be able to help us.

No need for jcase now. the boot image is out. I can patch it, and talk with chainfire about how to best handle dm-verity
 

cybojenix

Retired Forum Mod / Retired Recognized Developer
Apr 7, 2012
801
1,864
so some bad news. the GB and EU variants have different camera blobs it seems.

unless I get decent testers, I will not be supporting the different variants.
 

fix-this!

Senior Member
Apr 15, 2012
4,263
736
midwest
so some bad news. the GB and EU variants have different camera blobs it seems.

unless I get decent testers, I will not be supporting the different variants.

how would i know if i have a gb or eu variant? and yes that's sad indeed for users. ill test whatever you need. i have an unlocked lte gsm model from moto.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 26
    disclaimer:
    Code:
    I take no responsibility for any devices that may be bricked,
    or any bad things that will happen to you.

    flash/boot twrp from here
    either flash SuperSU by chainfire, or reboot system and accept installing supersu via TWRP.

    we've experienced a bug on the first boot after flashing supersu, where there is no boot animation. instead the warning sign will stay up saying "you're unlocked".
    Do not worry. It will still load, and supersu will prompt you to finish installing SU. do so, and everything will be back to normal.

    A known issue happens, where root breaks the camera.
    If this happens to you, then change SeLinux to permissive. I may look in to fixing it properly at a later point.

    thank you to @fix-this for testing

    previous post:

    Please note this is a development thread. If something is said that is NOT constructive, I will have it deleted.

    OK so this thread doesn't tell you how to root your device... yet.
    in the process of rooting my device, I have essentially soft bricked it until I can get hold of either a boot/recovery image, or I find out the kernel base, ramdisk offset and tags offset.
    long story short, I shouldn't have been messing about with the system while I was tired, so I forgot about dm-verity, and now it won't boot since the boot image contains a dm-verity key. hurrah for perma root prevention systems finally working.. sort of..

    Motorola has implemented a nifty method in to their bootloaders. It essentially allows you to dump a partition. This is when I stumbled on yet another security measure. to allow you to do anything with the bootloader, you must flick a switch in the android dev settings to give full access... oh wait, I can't load the system ;) I don't know if this switch is done by writing a value to memory, or is passed on with the reboot reason. I don't know Java that well, and I sure as hell don't know smali.

    So far I have attempted:
    • Dump a modified system image (Failed because dm-verity).
    • Pull the boot image (Failed because SELinux)
    • Dump the boot image via moto fastboot (failed because either outdated mfastboot, or security from [read above])
    • Boot directly in to DLOAD mode. (Failed. seems with the msm8916, they've changed the method of accessing it, and having dload mode is now optional [which they disabled.. probably..]. I'm not going to risk wiping the bootloader to see if DLOAD mode will load as a fail safe).

    so how can you help?

    method failed. trying something else..
    I need someone who doesn't mind unlocking their bootloader (or already has done), and doesn't need their hand holding. (request for hand holding isn't development, it will be deleted).

    1. unlock bootloader.
    2. get mfastboot
    3. go to settings, dev settings, and allow oem unlock
    4. boot to fastboot/bootloader
    5. run this command
      Code:
      mfastboot oem partition dump recovery
    6. If this fails, then try this (with this fastboot) (Thank you @m1cha for this version of fastboot, sources here)
      Code:
      fastboot_dump dump recovery.img oem partition moto-dump recovery
    7. send the results back to me

    Hopefully, this will all go well. If not, I'll spend a few hours figuring out the values they've used for the kernel base and offsets.


    If anyone else has any ideas (even if it's to get a temp root), then feel free to share them


    Big thankyou to @PotatoJ who has donated a very generous $20
    4
    Is the solution for the camera fix only flash custom kernel?
    When I flash the @squid2 kernel, there are always bootloop. :(

    The camera probably works with my kernel because I set SELinux to permissive at boot time. I'm wondering why your phone bootloops with my kernel. Does it reach the boot animation (planet spinning with Motorola logos), or does it reboot before that (at the unlocked bootloader warning screen)? I'm wondering if XT1527 kernels don't work on XT1523 stock ROMs for some reason. Have you tried the stock XT1527 kernel on my stock kernels thread? I expect the XT1527 stock kernel to break the camera since it has enforcing SELinux, but if it boots, you can use modified versions of the stock kernel with permissive SELinux to fix the camera.

    I'll post modified stock kernel images with permissive SELinux when I find time so that people can fix their cameras without needing my kernel.
    3
    more updates. just been told that those commands are for internal use only.

    had an idea though.. will get back to you

    Whatever you need, let me know. I've got the phone waiting for commands.
    2
    i realize the dev may be taking a break but ive done a bit of experimenting before i go back to stock for now as i need to have a working camera. SuperSU seems to be the reason of the broken camera . the dev suggested setting selinux to permissive but that doesn't fix the issue. i did an experiment and uninstalled the latest superSU then used the beta 2.43 and the camera works every time but you have a slower boot time and i loose audio. was wondering if anybody has an ideas or solutions? im going to assume the issue we are having is from superSU and nothing more. as i said previously i know were early in development but we may need a custom kernel to help us along in solving this.

    EDIT: i totally unrooted but kept twrp and my camera is fully working now. can even flash zips through twrp. its better than nothing until this can be resolved.
    2
    if im correct i think the system images are now available. ill help with what i can to obtain root. id hope rooting this wont be too hard considering we can unlock the bootloader via moto.

    i also messaged jcase to see if he might be able to help us.

    No need for jcase now. the boot image is out. I can patch it, and talk with chainfire about how to best handle dm-verity