Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,811,404 Members 48,514 Now Online
XDA Developers Android and Mobile Development Forum

Universal Root Method for Motorola Qualcomm Android 2.x.x Phones

Tip us?
 
rootdefyxt320
Old
(Last edited by rootdefyxt320; 24th July 2013 at 12:43 PM.)
#1  
Senior Member - OP
Thanks Meter 371
Posts: 395
Join Date: Oct 2012
Location: Sydney, NSW, Australia
Default Universal Root Method for Motorola Qualcomm Android 2.x.x Phones

NOTE: This exploit only exists in Qualcomm chipsets due to eFuse in the TI OMAP chipsets. Sorry, for disappointing users with TI OMAP chipsets.

Exploit has been patched. Thanks to mattlgroff. This exploit only exists in Motorola Qualcomm phones with Gingerbread
Quote:
Originally Posted by mattlgroff View Post
This is not for all Moto Qualcomms, either. It has been patched for a very long time and is the opposite of far reaching as the OP suggests.

Sent from my SGH-M919 using Tapatalk 2

Requirements/Prerequisites:

-Motorola Android 2.x.x Phone
-Motorola Drivers installed
-USB Cable
-Device must have fastboot protocol support in the bootloader otherwise this method won't work.

Tools Required:

-Motorola Android firmware Depacker by Skrilax_CZ
-UPDATE-SuperSU-v1.41.zip by Chainfire
-ADB and Fastboot
-Stock SBF/fastboot files.

Method 1: Firmware is in SBF format and packed in CG2.smg format. Examples of phones that has firmware packed in CG2.smg format are Motorola Defy Mini, Motorola Fire XT, Motorola Motoluxe. This method is for Windows. It will also work for Linux if you have the Linux version of Motorola Android Firmware Depacker.


I have tested this method on my Motorola Defy Mini XT320 which is a Gingerbread phone. It also works on Motorola Fire XT311,XT316,XT530,XT531 and Motorola Motoluxe XT615 (not Canadian XT615).

1. Make sure all drivers are installed.
2. Download the SBF file for your phone.
3. Download Motorola Android Depacker. MotoAndroidDepacker-1.2alpha3.zip
4. Download UPDATE-SuperSU-v1.41.zip Please don't extract the zip file for this one.
5. Make sure you have ADB and Fastboot setup if don't have it setup you can download adb&fastboot.zip and extract the zip file making sure everything is in the same location
6. Open Motorola Android Depacker and select the button 'Open From file' and select the SBF file for your phone and open it.
7. Click on the button 'Split to folder' to split SBF file.
8. Now select the button 'Open from File' and change the selection of file type to 'MOTOBLUR mbn image (*CG2.smg)' go to the folder called nameofsbf-extracted which contains CG2.smg and open it.

NOTE: nameofsbf-extracted this means the name of the SBF file with the word extracted at the end. Here's an example: TNBST_4_0A.1F.0ERPS_flex_WE_Orange_Spain-extracted

9. Minimize Motorola Android Firmware Depacker and go to the folder named 'CG2-extracted' and navigate to a file named 'recoverysec.mbn' OR 'emmc_recovery.mbn' and rename it to 'recovery.img'
10. Go to builder.clockworkmod.com and upload your recovery.img and select build.
11. Once it finishes building CWM Recovery, there will be a few files that are ready to be downloaded, download the file named 'recovery.img' NOT 'inputrecovery.img'
12. Place recovery.img in the same location where ADB and fastboot are.
13. Place UPDATE-SuperSU-v1.41.zip in the root of your sdcard.
14. Enable USB Debugging on your phone.
15. Reboot the device into fastboot mode by typing this command in cmd:
Code:
adb reboot-bootloader
16. Boot into temporary CWM Recovery by typing this command in cmd:
Code:
fastboot boot recovery.img
17. Now using Volume keys to navigate and power button to select option. Select 'install zip from sdcard' then select UPDATE-SuperSU-v1.41.zip and it will ask you to confirm install and select yes.
18. Select 'reboot system now' and if it asks you to fix any permissions select yes.
19. Your device should be rooted.

NOTE: METHOD 1 WILL ONLY WORK IF THE SBF FILE IS PACKED IN CG2.SMG FORMAT!


Method 2: TESTED the first 7 steps and it worked. I need some testers please to test the rest of the steps. This is when your firmware is packed in fastboot.xml.zip or .xml.zip format such as Motorola RAZR XT910 firmware. I don't own a phone that has a firmware of fastboot.xml.zip, so I just downloaded XT910 firmware so I could test the first 7 steps. This method should work both in Windows and Linux.


1. Make sure all drivers are installed.
2. Download the fastboot files for your phone.
3.Download UPDATE-SuperSU-v1.41.zip Please don't extract the zip file for this one.
4. Make sure you have ADB and Fastboot setup otherwise you can download adb&fastboot.zip and extract the zip file making sure everything is in the same location.
5. Using a file manager, extract the file named 'recovery_signed' and rename it to recovery.img
6. Go to builder.clockworkmod.com and upload your recovery.img and select build.
7. Once it finishes building CWM Recovery, there will be a few files that are ready to be downloaded, download the file named 'recovery.img' NOT 'inputrecovery.img'
8. Place recovery.img in the same location where ADB and fastboot are.
9. Now place UPDATE-SuperSU-v1.41.zip in the root of your sdcard.
10. Enable USB Debugging on your phone.
11. Reboot the device into fastboot mode by typing this command in cmd:
Code:
adb reboot-bootloader
12. Boot into temporary CWM Recovery by typing this command in cmd:
Code:
fastboot boot recovery.img
13. Now using Volume keys to navigate and power button to select option. Select 'install zip from sdcard' then select UPDATE-SuperSU-v1.41.zip and it will ask you to confirm install and select yes.
14. Select 'reboot system now' and if it asks you to fix any permissions select yes.
15. Your device should be rooted.
Attached Thumbnails
Click image for larger version

Name:	4143d1357236401-defy-mini-root-success-alin-razvan-droidevelopers-xt320-install-recovery.img.jpg
Views:	230
Size:	26.3 KB
ID:	2120330  
Attached Files
File Type: zip MotoAndroidDepacker-1.2alpha3.zip - [Click for QR Code] (46.1 KB, 712 views)
File Type: zip UPDATE-SuperSU-v1.41.zip - [Click for QR Code] (1.05 MB, 642 views)
File Type: zip adb&fastboot.zip - [Click for QR Code] (373.4 KB, 563 views)
File Type: img sample-XT910-ICS-recovery.img - [Click for QR Code] (6.23 MB, 180 views)
Devices:
Motorola Defy Mini XT320- Stock 2.3.6 Rooted.
Sony Xperia X10 Mini Pro U20i- Cyanogenmod 10.

Press the thanks button if I helped you instead of saying thanks

The Following 6 Users Say Thank You to rootdefyxt320 For This Useful Post: [ Click to Expand ]
 
rootdefyxt320
Old
(Last edited by rootdefyxt320; 16th July 2013 at 12:42 AM.)
#2  
Senior Member - OP
Thanks Meter 371
Posts: 395
Join Date: Oct 2012
Location: Sydney, NSW, Australia
Here's Superuser for x86 and ARM devices.
This is Superuser by koush.
Attached Files
File Type: zip superuser-2.zip - [Click for QR Code] (1.10 MB, 63 views)
Devices:
Motorola Defy Mini XT320- Stock 2.3.6 Rooted.
Sony Xperia X10 Mini Pro U20i- Cyanogenmod 10.

Press the thanks button if I helped you instead of saying thanks

The Following 2 Users Say Thank You to rootdefyxt320 For This Useful Post: [ Click to Expand ]
 
rootdefyxt320
Old
#3  
Senior Member - OP
Thanks Meter 371
Posts: 395
Join Date: Oct 2012
Location: Sydney, NSW, Australia
NOTE: This method works on both locked and unlocked bootloaders.
Devices:
Motorola Defy Mini XT320- Stock 2.3.6 Rooted.
Sony Xperia X10 Mini Pro U20i- Cyanogenmod 10.

Press the thanks button if I helped you instead of saying thanks

The Following 2 Users Say Thank You to rootdefyxt320 For This Useful Post: [ Click to Expand ]
 
open1your1eyes0
Old
#4  
open1your1eyes0's Avatar
Senior Member
Thanks Meter 3,324
Posts: 2,194
Join Date: Dec 2010
Location: New York City

 
DONATE TO ME
Any ideas if this will work on the new Droid RAZR HD and DROID RAZR M update that broke the bootloader unlock method? http://www.droid-life.com/2013/07/10...g-bootloaders/




 
adlx.xda
Old
#5  
adlx.xda's Avatar
Retired Recognized Developer
Thanks Meter 783
Posts: 1,008
Join Date: Feb 2010
Location: Madrid

 
DONATE TO ME
I find it weird that a bootloader locked Motorola phone would let you "fastboot boot". That's not what I would expect...

Sent from my Galaxy Nexus using Tapatalk 4 Beta
Like my work, use my roms daily? Consider donating for a beer/redbull -- Follow me on Twitter

Phones: Galaxy Nexus, Motorola RAZR UMTS XT910, HTC Chacha, Atrix (hard bricked), Defy, 2 Dext, CliqXT
 
dagoban
Old
(Last edited by dagoban; 15th July 2013 at 08:56 PM.)
#6  
Senior Member
Thanks Meter 33
Posts: 169
Join Date: Nov 2012
Does UPDATE-SuperSU-v1.41 also works on x86 devices such as the Razr I or would we need to use the su file from here: http://forum.xda-developers.com/show....php?t=2123369

I'm asking since they also have different updater-scripts...

Update:
Tried it 5 times now to build a CWM Recovery via the website, failed every time
my id's
e3fc4f10d5e026b4fbb33cc6969d339c
0d2ebce8165bd84fefa20129caf925d6
1ef2ceba6ed2298cdacf677c1a158a71
800b2c95ba9068b30f4e79e905cda0e8
6897f97da88ee7db655f8d1d90816aef

CFC_9.8.2I-50_SMI-26_S7_USASMIJBRTEU.xml.zip
Razr I XT890
 
rootdefyxt320
Old
#7  
Senior Member - OP
Thanks Meter 371
Posts: 395
Join Date: Oct 2012
Location: Sydney, NSW, Australia
Quote:
Originally Posted by adlx.xda View Post
I find it weird that a bootloader locked Motorola phone would let you "fastboot boot". That's not what I would expect...

Sent from my Galaxy Nexus using Tapatalk 4 Beta
Yeah, it worked on a Motorola Defy Mini XT320, it's the fastboot exploit that's been left by Motorola.
Devices:
Motorola Defy Mini XT320- Stock 2.3.6 Rooted.
Sony Xperia X10 Mini Pro U20i- Cyanogenmod 10.

Press the thanks button if I helped you instead of saying thanks

The Following User Says Thank You to rootdefyxt320 For This Useful Post: [ Click to Expand ]
 
PsyClip-R
Old
(Last edited by PsyClip-R; 16th July 2013 at 12:33 PM.)
#8  
PsyClip-R's Avatar
Senior Member
Thanks Meter 20
Posts: 127
Join Date: Dec 2009
Prompt Motorola XT881 (Electrify 2) fails to boot custom recovery.img

Hey ! I've tried your method and I stuck at 12-th step.
This is what I get everytime I try to boot CWM recovery
Click image for larger version

Name:	recovery boot fail.jpg
Views:	140
Size:	23.9 KB
ID:	2120232
"Can not boot recovery.img: No error"

Also the next time I success to execute the command, but the device returns me
Click image for larger version

Name:	recocovery load fail.jpg
Views:	108
Size:	52.5 KB
ID:	2120251
OKAY
booting...
FAILED (remote:unsupported command)

And now my device seems to be soft-bricked.. I get (Flash failure)

I'd really like to help you with that. Anyone knows what the problem is ?
I think it's all about locked bootloader and deprecated fastboot Motorola has made.
The Following User Says Thank You to PsyClip-R For This Useful Post: [ Click to Expand ]
 
rootdefyxt320
Old
#9  
Senior Member - OP
Thanks Meter 371
Posts: 395
Join Date: Oct 2012
Location: Sydney, NSW, Australia
Quote:
Originally Posted by PsyClip-R View Post
Hey ! I've tried your method and I stuck at 12-th step.
This is what I get everytime I try to boot CWM recovery
Attachment 2120232
"Can not boot recovery.img: No error"

Also the next time I success to execute the command, but the device returns me
Attachment 2120251
OKAY
booting...
FAILED (remote:unsupported command)

And now my device seems to be soft-bricked.. I get (Flash failure)

I'd really like to help you with that. Anyone knows what the problem is ?
I think it's all about locked bootloader and deprecated fastboot Motorola has made.
It looks like this exploit in phones with Qualcomm devices because my Motorola Defy Mini has a Qualcomm chipset. It looks like the eFuse is preventing it to boot into custom img file.
Devices:
Motorola Defy Mini XT320- Stock 2.3.6 Rooted.
Sony Xperia X10 Mini Pro U20i- Cyanogenmod 10.

Press the thanks button if I helped you instead of saying thanks

The Following User Says Thank You to rootdefyxt320 For This Useful Post: [ Click to Expand ]
 
PsyClip-R
Old
#10  
PsyClip-R's Avatar
Senior Member
Thanks Meter 20
Posts: 127
Join Date: Dec 2009
Quote:
Originally Posted by rootdefyxt320 View Post
It looks like this exploit in phones with Qualcomm devices because my Motorola Defy Mini has a Qualcomm chipset. It looks like the eFuse is preventing it to boot into custom img file.
Oh, it looks like it is.
Tomorrow I'll try this with my old Motorola Bravo (which is Defy like device)

Tags
fastboot exploit, motorola, root, universal method
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes