Post Reply

Universal Root Method for Motorola Qualcomm Android 2.x.x Phones

OP rootdefyxt320

10th July 2013, 06:52 AM   |  #1  
OP Senior Member
Flag Sydney, NSW, Australia
Thanks Meter: 373
 
399 posts
Join Date:Joined: Oct 2012
More
NOTE: This exploit only exists in Qualcomm chipsets due to eFuse in the TI OMAP chipsets. Sorry, for disappointing users with TI OMAP chipsets.

Exploit has been patched. Thanks to mattlgroff. This exploit only exists in Motorola Qualcomm phones with Gingerbread
Quote:
Originally Posted by mattlgroff

This is not for all Moto Qualcomms, either. It has been patched for a very long time and is the opposite of far reaching as the OP suggests.

Sent from my SGH-M919 using Tapatalk 2


Requirements/Prerequisites:

-Motorola Android 2.x.x Phone
-Motorola Drivers installed
-USB Cable
-Device must have fastboot protocol support in the bootloader otherwise this method won't work.

Tools Required:

-Motorola Android firmware Depacker by Skrilax_CZ
-UPDATE-SuperSU-v1.41.zip by Chainfire
-ADB and Fastboot
-Stock SBF/fastboot files.

Method 1: Firmware is in SBF format and packed in CG2.smg format. Examples of phones that has firmware packed in CG2.smg format are Motorola Defy Mini, Motorola Fire XT, Motorola Motoluxe. This method is for Windows. It will also work for Linux if you have the Linux version of Motorola Android Firmware Depacker.


I have tested this method on my Motorola Defy Mini XT320 which is a Gingerbread phone. It also works on Motorola Fire XT311,XT316,XT530,XT531 and Motorola Motoluxe XT615 (not Canadian XT615).

1. Make sure all drivers are installed.
2. Download the SBF file for your phone.
3. Download Motorola Android Depacker. MotoAndroidDepacker-1.2alpha3.zip
4. Download UPDATE-SuperSU-v1.41.zip Please don't extract the zip file for this one.
5. Make sure you have ADB and Fastboot setup if don't have it setup you can download adb&fastboot.zip and extract the zip file making sure everything is in the same location
6. Open Motorola Android Depacker and select the button 'Open From file' and select the SBF file for your phone and open it.
7. Click on the button 'Split to folder' to split SBF file.
8. Now select the button 'Open from File' and change the selection of file type to 'MOTOBLUR mbn image (*CG2.smg)' go to the folder called nameofsbf-extracted which contains CG2.smg and open it.

NOTE: nameofsbf-extracted this means the name of the SBF file with the word extracted at the end. Here's an example: TNBST_4_0A.1F.0ERPS_flex_WE_Orange_Spain-extracted

9. Minimize Motorola Android Firmware Depacker and go to the folder named 'CG2-extracted' and navigate to a file named 'recoverysec.mbn' OR 'emmc_recovery.mbn' and rename it to 'recovery.img'
10. Go to builder.clockworkmod.com and upload your recovery.img and select build.
11. Once it finishes building CWM Recovery, there will be a few files that are ready to be downloaded, download the file named 'recovery.img' NOT 'inputrecovery.img'
12. Place recovery.img in the same location where ADB and fastboot are.
13. Place UPDATE-SuperSU-v1.41.zip in the root of your sdcard.
14. Enable USB Debugging on your phone.
15. Reboot the device into fastboot mode by typing this command in cmd:
Code:
adb reboot-bootloader
16. Boot into temporary CWM Recovery by typing this command in cmd:
Code:
fastboot boot recovery.img
17. Now using Volume keys to navigate and power button to select option. Select 'install zip from sdcard' then select UPDATE-SuperSU-v1.41.zip and it will ask you to confirm install and select yes.
18. Select 'reboot system now' and if it asks you to fix any permissions select yes.
19. Your device should be rooted.

NOTE: METHOD 1 WILL ONLY WORK IF THE SBF FILE IS PACKED IN CG2.SMG FORMAT!


Method 2: TESTED the first 7 steps and it worked. I need some testers please to test the rest of the steps. This is when your firmware is packed in fastboot.xml.zip or .xml.zip format such as Motorola RAZR XT910 firmware. I don't own a phone that has a firmware of fastboot.xml.zip, so I just downloaded XT910 firmware so I could test the first 7 steps. This method should work both in Windows and Linux.


1. Make sure all drivers are installed.
2. Download the fastboot files for your phone.
3.Download UPDATE-SuperSU-v1.41.zip Please don't extract the zip file for this one.
4. Make sure you have ADB and Fastboot setup otherwise you can download adb&fastboot.zip and extract the zip file making sure everything is in the same location.
5. Using a file manager, extract the file named 'recovery_signed' and rename it to recovery.img
6. Go to builder.clockworkmod.com and upload your recovery.img and select build.
7. Once it finishes building CWM Recovery, there will be a few files that are ready to be downloaded, download the file named 'recovery.img' NOT 'inputrecovery.img'
8. Place recovery.img in the same location where ADB and fastboot are.
9. Now place UPDATE-SuperSU-v1.41.zip in the root of your sdcard.
10. Enable USB Debugging on your phone.
11. Reboot the device into fastboot mode by typing this command in cmd:
Code:
adb reboot-bootloader
12. Boot into temporary CWM Recovery by typing this command in cmd:
Code:
fastboot boot recovery.img
13. Now using Volume keys to navigate and power button to select option. Select 'install zip from sdcard' then select UPDATE-SuperSU-v1.41.zip and it will ask you to confirm install and select yes.
14. Select 'reboot system now' and if it asks you to fix any permissions select yes.
15. Your device should be rooted.
Attached Thumbnails
Click image for larger version

Name:	4143d1357236401-defy-mini-root-success-alin-razvan-droidevelopers-xt320-install-recovery.img.jpg
Views:	236
Size:	26.3 KB
ID:	2120330  
Attached Files
File Type: zip MotoAndroidDepacker-1.2alpha3.zip - [Click for QR Code] (46.1 KB, 741 views)
File Type: zip UPDATE-SuperSU-v1.41.zip - [Click for QR Code] (1.05 MB, 654 views)
File Type: zip adb&fastboot.zip - [Click for QR Code] (373.4 KB, 581 views)
File Type: img sample-XT910-ICS-recovery.img - [Click for QR Code] (6.23 MB, 187 views)
Last edited by rootdefyxt320; 24th July 2013 at 12:43 PM.
The Following 6 Users Say Thank You to rootdefyxt320 For This Useful Post: [ View ]
10th July 2013, 06:52 AM   |  #2  
OP Senior Member
Flag Sydney, NSW, Australia
Thanks Meter: 373
 
399 posts
Join Date:Joined: Oct 2012
More
Here's Superuser for x86 and ARM devices.
This is Superuser by koush.
Attached Files
File Type: zip superuser-2.zip - [Click for QR Code] (1.10 MB, 63 views)
Last edited by rootdefyxt320; 16th July 2013 at 12:42 AM.
The Following 2 Users Say Thank You to rootdefyxt320 For This Useful Post: [ View ]
15th July 2013, 12:30 AM   |  #3  
OP Senior Member
Flag Sydney, NSW, Australia
Thanks Meter: 373
 
399 posts
Join Date:Joined: Oct 2012
More
NOTE: This method works on both locked and unlocked bootloaders.
The Following 2 Users Say Thank You to rootdefyxt320 For This Useful Post: [ View ]
15th July 2013, 02:08 PM   |  #4  
open1your1eyes0's Avatar
Senior Member
Flag New York City
Thanks Meter: 3,335
 
2,212 posts
Join Date:Joined: Dec 2010
Donate to Me
More
Any ideas if this will work on the new Droid RAZR HD and DROID RAZR M update that broke the bootloader unlock method? http://www.droid-life.com/2013/07/10...g-bootloaders/
15th July 2013, 02:42 PM   |  #5  
adlx.xda's Avatar
Retired Recognized Developer
Flag Madrid
Thanks Meter: 815
 
1,033 posts
Join Date:Joined: Feb 2010
Donate to Me
More
I find it weird that a bootloader locked Motorola phone would let you "fastboot boot". That's not what I would expect...

Sent from my Galaxy Nexus using Tapatalk 4 Beta
15th July 2013, 05:26 PM   |  #6  
Senior Member
Thanks Meter: 33
 
169 posts
Join Date:Joined: Nov 2012
Does UPDATE-SuperSU-v1.41 also works on x86 devices such as the Razr I or would we need to use the su file from here: http://forum.xda-developers.com/show....php?t=2123369

I'm asking since they also have different updater-scripts...

Update:
Tried it 5 times now to build a CWM Recovery via the website, failed every time
my id's
e3fc4f10d5e026b4fbb33cc6969d339c
0d2ebce8165bd84fefa20129caf925d6
1ef2ceba6ed2298cdacf677c1a158a71
800b2c95ba9068b30f4e79e905cda0e8
6897f97da88ee7db655f8d1d90816aef

CFC_9.8.2I-50_SMI-26_S7_USASMIJBRTEU.xml.zip
Razr I XT890
Last edited by dagoban; 15th July 2013 at 08:56 PM.
16th July 2013, 12:36 AM   |  #7  
OP Senior Member
Flag Sydney, NSW, Australia
Thanks Meter: 373
 
399 posts
Join Date:Joined: Oct 2012
More
Quote:
Originally Posted by adlx.xda

I find it weird that a bootloader locked Motorola phone would let you "fastboot boot". That's not what I would expect...

Sent from my Galaxy Nexus using Tapatalk 4 Beta

Yeah, it worked on a Motorola Defy Mini XT320, it's the fastboot exploit that's been left by Motorola.
The Following User Says Thank You to rootdefyxt320 For This Useful Post: [ View ]
16th July 2013, 12:13 PM   |  #8  
PsyClip-R's Avatar
Senior Member
Thanks Meter: 22
 
127 posts
Join Date:Joined: Dec 2009
More
Prompt Motorola XT881 (Electrify 2) fails to boot custom recovery.img
Hey ! I've tried your method and I stuck at 12-th step.
This is what I get everytime I try to boot CWM recovery
Click image for larger version

Name:	recovery boot fail.jpg
Views:	141
Size:	23.9 KB
ID:	2120232
"Can not boot recovery.img: No error"

Also the next time I success to execute the command, but the device returns me
Click image for larger version

Name:	recocovery load fail.jpg
Views:	108
Size:	52.5 KB
ID:	2120251
OKAY
booting...
FAILED (remote:unsupported command)

And now my device seems to be soft-bricked.. I get (Flash failure)

I'd really like to help you with that. Anyone knows what the problem is ?
I think it's all about locked bootloader and deprecated fastboot Motorola has made.
Last edited by PsyClip-R; 16th July 2013 at 12:33 PM.
The Following User Says Thank You to PsyClip-R For This Useful Post: [ View ]
16th July 2013, 12:44 PM   |  #9  
OP Senior Member
Flag Sydney, NSW, Australia
Thanks Meter: 373
 
399 posts
Join Date:Joined: Oct 2012
More
Quote:
Originally Posted by PsyClip-R

Hey ! I've tried your method and I stuck at 12-th step.
This is what I get everytime I try to boot CWM recovery
Attachment 2120232
"Can not boot recovery.img: No error"

Also the next time I success to execute the command, but the device returns me
Attachment 2120251
OKAY
booting...
FAILED (remote:unsupported command)

And now my device seems to be soft-bricked.. I get (Flash failure)

I'd really like to help you with that. Anyone knows what the problem is ?
I think it's all about locked bootloader and deprecated fastboot Motorola has made.

It looks like this exploit in phones with Qualcomm devices because my Motorola Defy Mini has a Qualcomm chipset. It looks like the eFuse is preventing it to boot into custom img file.
The Following User Says Thank You to rootdefyxt320 For This Useful Post: [ View ]
16th July 2013, 12:51 PM   |  #10  
PsyClip-R's Avatar
Senior Member
Thanks Meter: 22
 
127 posts
Join Date:Joined: Dec 2009
More
Wink
Quote:
Originally Posted by rootdefyxt320

It looks like this exploit in phones with Qualcomm devices because my Motorola Defy Mini has a Qualcomm chipset. It looks like the eFuse is preventing it to boot into custom img file.

Oh, it looks like it is.
Tomorrow I'll try this with my old Motorola Bravo (which is Defy like device)

Post Reply Subscribe to Thread

Tags
fastboot exploit, motorola, root, universal method
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Android Software and Hacking General [Developers Only] by ThreadRank