FORUMS
Remove All Ads from XDA

📢[ROOT][XT1607][XT1609][XT1625][XT1254] auto#initroot tethered jailbreak💯🔥

2,634 posts
Thanks Meter: 11,899
 
By autoprime, Recognized Contributor / Recognized Developer on 20th July 2017, 01:04 AM
Post Reply Email Thread
Quote:

thread best viewed in browser not xda app
Code:
_ _ _ _| | |_ _ _ _ _ ___ _ _| |_ ___|_ _|_|___|_| |_ ___ ___ ___| |_ | .'| | | _| . |_ _| | | | _| _| . | . | _| |__,|___|_| |___| |_|_| |_|_|_|_|_| |_| |___|___|_|
tethered jailbreak for bootloader-locked motos

motorola g4 play harpia amazon xt1607 + verizon xt1609
motorola turbo quark verizon xt1254
motorola g4 athene amazon xt1625


feature
double-click install
windows/mac/linux
disable ota updates*
disable amazon ads*
anti-bootloop protect*
working wifi/cellular/nfc/bt/fm
systemless root + mods with magisk
*see tips in post #2

install
download auto#initroot to computer
download magiskmanager apk to moto and install
connect moto to computer with usb cable then (re)boot moto into fastboot
double-click auto#initroot file and wait for moto to boot into jailbreak android
double-click auto#initroot file everytime you reboot moto to regain jailbreak android

uninstall
windows: double-click auto#initroot file and press "0" key when prompted
mac/linux: double-click auto#initroot file and press any key when prompted
see here for more uninstall info

special thanks :
roee hay / aleph security for cve-2016-10277 / initroot
john wu for magisk / magiskmanager
The Following 20 Users Say Thank You to autoprime For This Useful Post: [ View ]
 
 
20th July 2017, 01:04 AM |#2  
autoprime's Avatar
OP Recognized Contributor / Recognized Developer
Thanks Meter: 11,899
 
Donate to Me
More
🙌 donation are thankful 🙌

Quote:

what this is
i make tethered jailbreak for moto using cve-2016-10277 and initroot ideas
designed for bootloader locked motos with no root jailbreak
tethered jailbreak require computer to jailbreak

what this is not
how to use fastboot/adb/drivers
lazy posting before search
bootloader unlock

install step by step
steps 1 and 2 run only once steps 3 and 4 needed each jailbreak after

1. download auto#initroot [here] to computer
  • download then unzip auto#initroot zip file
  • be sure auto#initroot file matches moto model#/software#

2. download magiskmanager apk [here] to moto and install
  • on moto enable : settings - security - “unknown sources”
  • on moto d/l latest magiskmanager 5.x apk and install
3. connect moto to computer with usb cable then (re)boot moto into fastboot
  • enter fastboot : “adb reboot bootloader” or
  • volume down + power at boot
4. double-click auto#initroot script and wait for moto to boot into jailbreak android
  • open folder unzipped in step 1-1
  • mac/linux users : may need to chmod +x auto#initroot script or fastboot binary
  • run script for computer OS and moto boot into jailbreak android
  • unplug usb cable and enjoy root jailbreak
  • run script every time moto boot into jailbreak android
  • read tip section for more

tips
double-click auto#initroot to boot jailbreak android
windows : double-click auto#initroot bat file
linux : set *.sh to execute on double-click or make *.desktop file
mac : double-click auto#initroot command file

use /magisk/.core/service.d/ folder to run script at boot
use example below to make custom *.sh file(s) then put in /magisk/.core/service.d/ folder and chmod +x it
  • anti-bootloop
  • stop ota update
  • stop amazon ad
  • stop bloat app and services
  • and more...
Code:
#!/system/bin/sh

#move this to /magisk/.core/service.d/ folder after factory resets

#anti-bootloop -- allow harpia to reboot without computer
printf '\x31' | dd of=/dev/block/platform/msm_sdcc.1/by-name/utags bs=1 seek=90

#disable ota so #initroot not patched
pm disable com.motorola.ccc.ota

#disable bloat after factory reset
if [ ! -e "/cache/firstrun" ]; then

  #disable amazon ad
  pm disable com.amazon.phoenix
  rm /data/data/com.android.systemui/files/boot.ad*

  #add verizon xt1609 bloat
  pm disable com.gotv.nflgamecenter.us.lite
  pm disable com.vznavigator.Generic

  #add amazon xt1607 bloat
  pm disable com.amazon.widgets
  pm disable com.amazon.clouddrive.photos
  pm disable com.amazon.kindle
  pm disable com.amazon.dee.app
  pm disable com.amazon.drive
  pm disable com.imdb.mobile
  pm disable com.goodreads
  pm disable com.audible.application

  #create firstrun so only run once
  touch /cache/firstrun

#end if statement
fi

#add new commands here

#end of script
exit 0

pfaq (probable frequent asked questions)
q : why no bootloader unlock
a : need 0 days bug to set unlock qfuse

q : why jailbreak need tether
a : #initroot exploit stored in memory and gone after reboot

q : i need computer always to jailbreak android
a : yes but if no reboot always jailbreak android

q : i need computer always to boot moto
a : no use command in tips for anti-bootloop

q : i can reboot phone without computer and jailbreak android
a : no no use anti-bootloop to boot without computer but also lose jailbreak

q : must install magiskmanager before auto#initroot
a : no you can install before or after does not matter

q : must double-click only for jailbreak
a : double-click is easy but can also run script from terminal

q : must use script for jailbreak
a : no you can manually type fastboot commands in terminal

q : i put script in /magisk/.core/service.d/ why no run
a : chmod +x file.sh and it will run on jailbreak android boot

q : why no auto#initroot for my moto
a : cant do everything

q : i do everything right why no work
a : sometimes you must pull battery out moto and try again

q : auto#initroot work on non-moto
a : no moto only

q : how to disable #initroot
a : boot to fastboot run command below and #initroot never happen
Code:
fastboot oem config fsg-id “”

#initroot-able versions
Code:
XT1254 MCG24.251-5-5 <- do not upgrade past this version

XT1607 MPIS24.241-2.35-1-13 <- do not upgrade past this version
XT1607 MPI24.241-2.35-1

XT1609 MPIS24.241-2.35-1-17 <- do not upgrade past this version
XT1609 MPIS24.241-2.35-1-13
XT1609 MPIS24.241-2.35-1-3
XT1609 MPI24.241-2.35-1

XT1625 NPJS25.93-14-4 <- do not upgrade past this version
XT1625 MPJ24.139-64

XT1687 NPNS25.137-35-5 <- blocks #initroot
XT1687 NPN25.137-35 <- do not upgrade past this version

my comments
make use of the custom scripts you can add to /magisk/.core/service.d/
even though bootloader lock systemless magisk help makes many mods
i hope people come up with creative ways to make these locked phones fun again
i only have xt1609 so cannot test everything myself
things may be broken for non-xt1609 moto and user must test
i thought using jailbreak sounded funny and since the root is tethered...
tethered jailbreak = tethered root
tethered root lasts until you reboot
dont reboot for month and you have root for month
initial #initroot poc was limited to root thru adb shell only
initial #initroot poc required you to be at computer for every reboot
auto#initroot gives us the ability to do system-edit like mods with magisk
auto#initroot is just a double-click away any time you need to re-root
this seems like the best possible case for bootloader-locked phone
other than bootloader unlock itself of course

changelog
july 19 2017 - initial release
august 3 2017 - added uninstall option to auto#initroot script + added amazon g5 play xt1687
august 6 2017 - added support for all windows versions

error reporting

users reporting issue should make report detailed as possible to increase chance of getting response.

details required:
1. on your phone go to settings > about phone and list:
  • model number
  • software variant/channel
  • android version
  • android security patch level
  • build number

2. which auto#initroot file are you using?
  • full name of auto#initroot folder or *.initroot file

3. what is the output from the auto#initroot script/command/bat file?
  • copy/paste the entire output log of command prompt/terminal window
  • screenshot would work if you are unable to copy/paste text

4. what os is on your computer?
  • windows 10 64-bit, windows 8.1 32-bit, os x 10.8.5, etc..

your report should answer all possible variables.
if error report already answered previously in thread then report will likely be ignored.
if more questions must be asked before it's possible to give you answer then report will likely be ignored.

The Following 11 Users Say Thank You to autoprime For This Useful Post: [ View ]
20th July 2017, 02:03 AM |#3  
facuarmo's Avatar
Senior Member
Flag Pilar
Thanks Meter: 989
 
Donate to Me
More
Awesome work m8, hope everyone tests it ASAP .
20th July 2017, 04:55 AM |#4  
Senior Member
Flag Enigma
Thanks Meter: 78
 
Donate to Me
More
This worked for the XT1609, wonderfully, in fact. Just dont install anything to /system and you should be gold .
20th July 2017, 05:09 AM |#5  
wolfgart's Avatar
Senior Member
Flag Rome
Thanks Meter: 1,137
 
More
Quote:
Originally Posted by autoprime

special thanks :
roee hay / aleph security for cve-2016-10277 / initroot
john wu for magisk / magiskmanager

could this method works too on new Samsung Galaxy Note Fan Edition ? (Bootloader locked it seems... )

https://forum.xda-developers.com/note-fe
20th July 2017, 05:29 AM |#6  
autoprime's Avatar
OP Recognized Contributor / Recognized Developer
Thanks Meter: 11,899
 
Donate to Me
More
Quote:
Originally Posted by Voltz100999

This worked for the XT1609, wonderfully, in fact. Just dont install anything to /system and you should be gold .

wise words! in fact, don't mess with system or boot and you should be good!
unless of course you know what you're doing and want to try to test things more.

Quote:
Originally Posted by wolfgart

could this method works too on new Samsung Galaxy Note Fan Edition ? (Bootloader locked it seems... )

https://forum.xda-developers.com/note-fe

no moto bug only unfortunately



to others...

as long as you used #initroot to boot...
the following should work if setup properly:
  • titanium backup
  • greenify
  • other apps that need root to run
  • systemless adblock
  • systemless xposed
  • any xposed modules that work on your model moto
  • any magisk modules that work on your model moto

this is pretty much like running a stock rooted rom... as long as you dont reboot.
when you do reboot you reboot into stock system with no root/magisk/xposed modifications...
until you re-run auto#initroot again from the computer.

get the phone all set up how you want it and you should be able to stay rooted the entire time you're away from the computer and never not have root/mods unless phones crashes randomly.. then you just deal with stock for a bit.

backup your data with titanium backup or helium or something before installing any mods and you mess up and end up having to factory reset to boot or something. make sure data is backed up to ext-sd, cloud, computer etc. if stored on internal sdcard you'll lose it when you factory reset.
20th July 2017, 03:01 PM |#7  
jcase's Avatar
Retired Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 15,873
 
10
Donate to Me
More
@autoprime can you add this to the op, woke up to a couple ppl complaining about bootloops

To clear out the ramdisk address they need to run

fastboot oem config fsg-id ""

afterwards
The Following 4 Users Say Thank You to jcase For This Useful Post: [ View ]
20th July 2017, 04:19 PM |#8  
autoprime's Avatar
OP Recognized Contributor / Recognized Developer
Thanks Meter: 11,899
 
Donate to Me
More
Quote:
Originally Posted by jcase

@autoprime can you add this to the op, woke up to a couple ppl complaining about bootloops

To clear out the ramdisk address they need to run

fastboot oem config fsg-id ""

afterwards

i know you know..
but this command was explained in the second post of this thread as well as alternatives to avoid the bootloop entirely. i wish people could read. i have added the command to the first post for now... may add something to install script for easy uninstall.
20th July 2017, 07:33 PM |#9  
Junior Member
Thanks Meter: 0
 
More
I installed it on my xt1609 and it worked , then I tried to install systemless xposed in magiska, then the phone went to bootloop, I uninstalled iniroot by script and it can boot to the system .
But now I tried to install the iniroot again , it goes to bootloop again, it seemd system-less xposed did something to the system
What should I do now, thanks.
20th July 2017, 07:51 PM |#10  
autoprime's Avatar
OP Recognized Contributor / Recognized Developer
Thanks Meter: 11,899
 
Donate to Me
More
Quote:
Originally Posted by sswyu

I installed it on my xt1609 and it worked , then I tried to install systemless xposed in magiska, then the phone went to bootloop, I uninstalled iniroot by script and it can boot to the system .
But now I tried to install the iniroot again , it goes to bootloop again, it seemd system-less xposed did something to the system
What should I do now, thanks.

unplug moto and pull battery.. put battery back in and try to boot with auto#initroot again.
sometimes usb unplug and battery pull is needed for initroot to work.

if it still bootloops..
boot into fastboot
send: fastboot oem config fsg-id ""
boot into stock recovery and factory reset
now initroot should work again.

as long as system or boot is not modified then phone should always be safe
and at most just need a factory reset and
fastboot oem config fsg-id ""
to remove initroot completely and go back to a 100% stock phone.
The Following 2 Users Say Thank You to autoprime For This Useful Post: [ View ]
20th July 2017, 08:33 PM |#11  
Junior Member
Thanks Meter: 0
 
More
Thank you, I think the systemless xposed in magiska did something so now the install script will only cause bootloop, maybe I should factory reset and try again, but without titanium backup , backup and restore is a pain in the ass. I will try later.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes