disclaimer:
flash/boot twrp from here
either flash SuperSU by chainfire, or reboot system and accept installing supersu via TWRP.
we've experienced a bug on the first boot after flashing supersu, where there is no boot animation. instead the warning sign will stay up saying "you're unlocked".
Do not worry. It will still load, and supersu will prompt you to finish installing SU. do so, and everything will be back to normal.
A known issue happens, where root breaks the camera.
If this happens to you, then change SeLinux to permissive. I may look in to fixing it properly at a later point.
thank you to @fix-this for testing
previous post:
Please note this is a development thread. If something is said that is NOT constructive, I will have it deleted.
OK so this thread doesn't tell you how to root your device... yet.
in the process of rooting my device, I have essentially soft bricked it until I can get hold of either a boot/recovery image, or I find out the kernel base, ramdisk offset and tags offset.
long story short, I shouldn't have been messing about with the system while I was tired, so I forgot about dm-verity, and now it won't boot since the boot image contains a dm-verity key. hurrah for perma root prevention systems finally working.. sort of..
Motorola has implemented a nifty method in to their bootloaders. It essentially allows you to dump a partition. This is when I stumbled on yet another security measure. to allow you to do anything with the bootloader, you must flick a switch in the android dev settings to give full access... oh wait, I can't load the system I don't know if this switch is done by writing a value to memory, or is passed on with the reboot reason. I don't know Java that well, and I sure as hell don't know smali.
So far I have attempted:
so how can you help?
method failed. trying something else..
I need someone who doesn't mind unlocking their bootloader (or already has done), and doesn't need their hand holding. (request for hand holding isn't development, it will be deleted).
Hopefully, this will all go well. If not, I'll spend a few hours figuring out the values they've used for the kernel base and offsets.
If anyone else has any ideas (even if it's to get a temp root), then feel free to share them
Big thankyou to @PotatoJ who has donated a very generous $20
Code:
I take no responsibility for any devices that may be bricked,
or any bad things that will happen to you.
flash/boot twrp from here
either flash SuperSU by chainfire, or reboot system and accept installing supersu via TWRP.
we've experienced a bug on the first boot after flashing supersu, where there is no boot animation. instead the warning sign will stay up saying "you're unlocked".
Do not worry. It will still load, and supersu will prompt you to finish installing SU. do so, and everything will be back to normal.
A known issue happens, where root breaks the camera.
If this happens to you, then change SeLinux to permissive. I may look in to fixing it properly at a later point.
thank you to @fix-this for testing
previous post:
Please note this is a development thread. If something is said that is NOT constructive, I will have it deleted.
OK so this thread doesn't tell you how to root your device... yet.
in the process of rooting my device, I have essentially soft bricked it until I can get hold of either a boot/recovery image, or I find out the kernel base, ramdisk offset and tags offset.
long story short, I shouldn't have been messing about with the system while I was tired, so I forgot about dm-verity, and now it won't boot since the boot image contains a dm-verity key. hurrah for perma root prevention systems finally working.. sort of..
Motorola has implemented a nifty method in to their bootloaders. It essentially allows you to dump a partition. This is when I stumbled on yet another security measure. to allow you to do anything with the bootloader, you must flick a switch in the android dev settings to give full access... oh wait, I can't load the system I don't know if this switch is done by writing a value to memory, or is passed on with the reboot reason. I don't know Java that well, and I sure as hell don't know smali.
So far I have attempted:
- Dump a modified system image (Failed because dm-verity).
- Pull the boot image (Failed because SELinux)
- Dump the boot image via moto fastboot (failed because either outdated mfastboot, or security from [read above])
- Boot directly in to DLOAD mode. (Failed. seems with the msm8916, they've changed the method of accessing it, and having dload mode is now optional [which they disabled.. probably..]. I'm not going to risk wiping the bootloader to see if DLOAD mode will load as a fail safe).
so how can you help?
method failed. trying something else..
- unlock bootloader.
- get mfastboot
- go to settings, dev settings, and allow oem unlock
- boot to fastboot/bootloader
- run this command
Code:mfastboot oem partition dump recovery
- If this fails, then try this (with this fastboot) (Thank you @m1cha for this version of fastboot, sources here)
Code:fastboot_dump dump recovery.img oem partition moto-dump recovery
- send the results back to me
Hopefully, this will all go well. If not, I'll spend a few hours figuring out the values they've used for the kernel base and offsets.
If anyone else has any ideas (even if it's to get a temp root), then feel free to share them
Big thankyou to @PotatoJ who has donated a very generous $20
Attachments
Last edited: