(No progress yet)Root dev for Galaxy S9 Plus SM-G965U (Snapdragon)

Search This thread
By:
Advanced…
D

drakaina

New member
Aug 14, 2018
4
13
Knoxville
Do not ask for an ETA
 Once the mods start getting onto people for asking, I'll take my dev work off site. I don't want to upset mods and admin over people being impatient.

I've been looking and root isn't available yet for the Snapdragon version. I've created root access for a few devices so far, be it years ago. I want root, so I've decided to start dev work on my own. Can't say how long it will take, or if I will be able to, but anyone that is willing to test or help, feel free to comment and say so, since help would be greatly appreciated. Testers are needed.

First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
 
Last edited:
  • Like
Reactions: Daniellero995, Tom_Neverwinter, MathGuy284 and 7 others
J

jflow36

Senior Member
Feb 5, 2015
132
16
drakaina said:
Do not ask for an ETA
Once the mods start getting onto people for asking, I'll take my dev work off site. I don't want to upset mods and admin over people being impatient.

I've been looking and root isn't available yet for the Snapdragon version. I've created root access for a few devices so far, be it years ago. I want root, so I've decided to start dev work on my own. Can't say how long it will take, or if I will be able to, but anyone that is willing to test or help, feel free to comment and say so, since help would be greatly appreciated. Testers are needed.

First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
Click to expand...
Click to collapse
One guy flashed a combination version of the firmware and got the OEM unlock toggle to show on a SM-G960U. It switched on and off but I am not sure if it actually unlocked the bootloader or not. There is a TWRP already ported to the Snapdragon version as well, although only for the Chinese and Hong Kong version, it should work on our device if you can get the bootloader unlocked first. I have been scouring online and in the forums since the phone came out and that's all I nave found thus far. Im sure you already know these things, but I figured I would say it just in case you weren't aware. Hope you get it figured out! Good luck! ?
 
  • Like
Reactions: Daniellero995
beatbreakee

beatbreakee

Senior Member
Aug 10, 2015
287
420
Frisco
Samsung Galaxy S10
The only development I've heard of is one user claiming he got a diagnostic boot with SElinux permissive. (In the S9 root dev forum/thread) I also have a source who is NOT trying to be identified publicly because he works for google, but he informed me that "the android O build for SAMSUNG DEVICES, was developed with special instructions in it to automatically kick a KERNEL PANIC , if ANY app NOT on some internal White List attempts to access, modify, or send SU commands through any NOT LISTED app with those permissions granted already." ... now I'm not an Android level programmer, but I'm an old Linux dev/ penetration systems tester (lol) and from what I am gathering is that the patches or whatever that Samsung added to the O.S. also included an encrypted or hidden white list, which he says is VERY small, (as in number of items actually in the list) , but even he said they do not have any access nor knowledge of where they stored this. He did tell me that they delivered an incomplete or infant code for Samsung Snapdragon Model Note 8,9 and s8,9, and it was so crude that not only would it not compile because of missing crap Samsung deliberately did not supply them with... but he said that it was NOT lockable in that state, so Samsung either inserted their own locked kernel and whatever to create this B.S. broke down version of Android that is Root crippled. BUT the only clue he could give me was that "On no level can an E-fuse provide an unbreakable chain of trust, and that if an extreme modded were to actually break down the system board of an S9, they could in theory remove or add some sort of device that would bypass the Qualcomm Secure boot completely!" ... now this ain't a best friend or nothing so truthfully I'm surprised I got this much from him... but I've known who he was and that hes worked for Google nearly 12 years as a developer and software engineer. So I dont know if any of that info helps... but my contribution is that I can get my device (s9+ from Sprint USA Sm-g965U) replaced with little to no hassle, so I'm 100% willing to do any tests u need, providing that you give me at least a basic level of instruction, as to each set of commands or package u want me to flash. I'm pretty android savvy considering it's just a linux derivative... and I know Samsung 100% .. I've had every S - galaxy since day 1 . BUT throwing blind commands at my device that I have 0 understanding of their impact, makes me feel like a squirrel running across the freeway during rush hour! Plz Do me a favor and shoot me a private message and I'll give you my cell number and email so u can reach me quicker when you have something u need tested! Now please people don't berate me if something he said to me was not correct or you have different data to disprove what he said. I literally took notes by hand and had him confirm them, so I'm just the messenger/informant and u gotta realize that as a google employee, he #1 is partially not knowledgeable of ways to exploit the O.S. which is what the hackers come into play for. And make the developers work **** tons harder to FIX the hole the ****ed up in the 1st place! ? Lol... and #2. I did ask about the possibility of a $$$$ number he would take in order to provide an actual Eng-boot like that of the S8, and he said that "Those are developed by each individual corporation after they are provided the build source code", and that "google has no interest in possessing or archiving any such file because the O.S. does not need it to provide a developers version of the O.S., which is as far as Google goes in providing a new system to the companies.... so for something like that, reach out to one of the underpaid factories full of workers and I'm sure they would happily give you what you want for much cheaper than you imagine!" Ok that was very long winded but I wanted to cover all I could because I prob wont check this thread anymore.... plz PM me bro so I can get you my info ... and let's put this Flashing Guinea Pig (me) to work in getting this ***** at least hack rooted or maybe full!!!
 
  • Like
Reactions: kc-guy, Tom_Neverwinter, vazersecurity and 4 others
M

maherwaleed

Member
Apr 4, 2014
9
1
Hello, i've just finished reading all above and from what I've read I can tell that not all hopes are lost as well I'm offering my help to be a (TESTER) for any attempts you wanna try, however, please note that I'm NO DEV just a user who would like to his phone rooted ASAP that's all, so please explain the commands that you would give me and the steps. plz PM me so I can get you my contact info
 
D

drakaina

New member
Aug 14, 2018
4
13
Knoxville
Ok, so far I have a few routes I plan to take that have worked on other devices. Working on the first, but not at the moment. The rude comment compelled me to post my own. Devs don't follow old ways of doing things so get that out of your head if you want to think forward, not backwards. I have found what could be an exploit in the rom itself that "might" be the starting point to get root access. This is NOT an ETA but hopefully we can start testing in the next few weeks.

I'll say it now, don't get overly excited a possible exploit has been found. I make no guarantee on it being THE exploit needed. Just be patient, and if you have insight on a way to attack this or another possible exploit, do say so.

If anyone knows of the bootloader partition already having been copied, post a link. I share mine at the moment so I don't always have it around, so any of the bootloader data would help greatly.
 
  • Like
Reactions: Rac3r-X, razrlover and TheKnux
D

drakaina

New member
Aug 14, 2018
4
13
Knoxville
You're continuing to be rude and attempting to derail the point of the thread. Meh, I'm getting back to work since it not good to feed trolls. ;)
 
Last edited:
P

partcyborg

Recognized Developer
Jun 23, 2017
2,552
2,289
OnePlus 9 Pro
drakaina said:
Do not ask for an ETA
First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
Click to expand...
Click to collapse


Myself and a handful of other people involved in us snapdragon s8/s8+/n8+ took a brief crack at it a little while ago to no avail. I don't want to go into too many details on here as 1) Samsung is watching surely and 2) the contents from the peanut gallery get old quick but here are the cliff notes. Feel free to pm me here or on telegram for more details. (Backstory on me, I created samfail which was the first/only n8 root method and the second for the s8/s8+ and the only published one beyond bootloader v1.

- samfail is 100% patched. No known way to modify system
- you can't mix combo boot with stock images anymore. Samsung got wise to that. Figured out how to track it if we can force write a system image
- there is a ton of new system level security because they had to move out of the boot image due to treble. Probably the first big nail in the coffin I'm.
- don't waste your time on the oem unlock toggle in the combo/factory rom. No it doesn't unlock the bootloader. The us snapdragons don't respect it's value outside of turning off frp, but that was with the s8 idk if it is still true on the s9.
- the other poster is right about the anti root thing. It's in the open source kernel code. If anything being exexuted under uid 0 matches a list of common/known root mods/not stuff that is supposed to be there, instant kernel panic. Things like "binary is called BusyBox" are on that list.

This was the point I gave up. Partially because I don't have the device so testing is extremely difficult (I wised up this year and purchased a intl. Snapdragon sm-g9650 which has full oem unlock just like the exy).

In sure there's things in forgetting right now and again, being too transparent here results in root method bring patched faster, hit me up if you want more brain dump
 
  • Like
Reactions: b0nedaddy2360, theslam08, bigron77 and 2 others
J

jflow36

Senior Member
Feb 5, 2015
132
16
drakaina said:
You're continuing to be rude and attempting to derail the point of the thread. Meh, I'm getting back to work since it not good to feed trolls. ;)
Click to expand...
Click to collapse
Although I have seen a lot worse on these threads, his comment was pretty negative, which is what we do not need in this thread. I wish people would just keep their thoughts to themselves if they have nothing to add to the discussion. I also will test so let me know if there is anything I can do to help.
 
T

thegreatkazoo

Senior Member
Feb 4, 2014
105
17
OKC
zzEvilGeniuszz said:
You cannot buy Exynos from a carrier. You have to buy directly from Samsung for that. I know because I requested a Exynos variant. Sprint said they couldn't (or wouldn't) give me one.
Click to expand...
Click to collapse

i talked to samsung a couple months ago before i got my s9 and they told me they wont sell you one directly with the Exynos. I was going to get the s8 with the exynos if they would of sold me one. They wouldn'ty so i bought a tmobile s9 with my carrier.
 
You must log in or register to reply here.

Similar threads

legojoe8
S9/S9+ Android Pie Discussion (Formerly Alpha/Beta)
Replies
4K
Views
407K
m1batt1
m1batt1
geri005
S9 Pie OneUI General Discussion SM-G960F/FD (Formally Beta Thread)
Replies
2K
Views
284K
Foxhoundalpha
Foxhoundalpha
F
[ROOT] Galaxy S9 and S9+ Official Stock 8.0 MAGISK - UNOFFICIAL
Replies
133
Views
136K
K
Kamikaze01
M
Galaxy S9 SM-G960U (Snapdragon) Engineering ROM
Replies
58
Views
50K
Jessicad89
Jessicad89
M
[HOW TO] Flash U1 firmware to U device
Replies
631
Views
193K
Gamingbro632
Gamingbro632

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 10
    D
    drakaina
    Do not ask for an ETA
     Once the mods start getting onto people for asking, I'll take my dev work off site. I don't want to upset mods and admin over people being impatient.

    I've been looking and root isn't available yet for the Snapdragon version. I've created root access for a few devices so far, be it years ago. I want root, so I've decided to start dev work on my own. Can't say how long it will take, or if I will be able to, but anyone that is willing to test or help, feel free to comment and say so, since help would be greatly appreciated. Testers are needed.

    First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
    View
    7
    beatbreakee
    beatbreakee
    The only development I've heard of is one user claiming he got a diagnostic boot with SElinux permissive. (In the S9 root dev forum/thread) I also have a source who is NOT trying to be identified publicly because he works for google, but he informed me that "the android O build for SAMSUNG DEVICES, was developed with special instructions in it to automatically kick a KERNEL PANIC , if ANY app NOT on some internal White List attempts to access, modify, or send SU commands through any NOT LISTED app with those permissions granted already." ... now I'm not an Android level programmer, but I'm an old Linux dev/ penetration systems tester (lol) and from what I am gathering is that the patches or whatever that Samsung added to the O.S. also included an encrypted or hidden white list, which he says is VERY small, (as in number of items actually in the list) , but even he said they do not have any access nor knowledge of where they stored this. He did tell me that they delivered an incomplete or infant code for Samsung Snapdragon Model Note 8,9 and s8,9, and it was so crude that not only would it not compile because of missing crap Samsung deliberately did not supply them with... but he said that it was NOT lockable in that state, so Samsung either inserted their own locked kernel and whatever to create this B.S. broke down version of Android that is Root crippled. BUT the only clue he could give me was that "On no level can an E-fuse provide an unbreakable chain of trust, and that if an extreme modded were to actually break down the system board of an S9, they could in theory remove or add some sort of device that would bypass the Qualcomm Secure boot completely!" ... now this ain't a best friend or nothing so truthfully I'm surprised I got this much from him... but I've known who he was and that hes worked for Google nearly 12 years as a developer and software engineer. So I dont know if any of that info helps... but my contribution is that I can get my device (s9+ from Sprint USA Sm-g965U) replaced with little to no hassle, so I'm 100% willing to do any tests u need, providing that you give me at least a basic level of instruction, as to each set of commands or package u want me to flash. I'm pretty android savvy considering it's just a linux derivative... and I know Samsung 100% .. I've had every S - galaxy since day 1 . BUT throwing blind commands at my device that I have 0 understanding of their impact, makes me feel like a squirrel running across the freeway during rush hour! Plz Do me a favor and shoot me a private message and I'll give you my cell number and email so u can reach me quicker when you have something u need tested! Now please people don't berate me if something he said to me was not correct or you have different data to disprove what he said. I literally took notes by hand and had him confirm them, so I'm just the messenger/informant and u gotta realize that as a google employee, he #1 is partially not knowledgeable of ways to exploit the O.S. which is what the hackers come into play for. And make the developers work **** tons harder to FIX the hole the ****ed up in the 1st place! ? Lol... and #2. I did ask about the possibility of a $$$$ number he would take in order to provide an actual Eng-boot like that of the S8, and he said that "Those are developed by each individual corporation after they are provided the build source code", and that "google has no interest in possessing or archiving any such file because the O.S. does not need it to provide a developers version of the O.S., which is as far as Google goes in providing a new system to the companies.... so for something like that, reach out to one of the underpaid factories full of workers and I'm sure they would happily give you what you want for much cheaper than you imagine!" Ok that was very long winded but I wanted to cover all I could because I prob wont check this thread anymore.... plz PM me bro so I can get you my info ... and let's put this Flashing Guinea Pig (me) to work in getting this ***** at least hack rooted or maybe full!!!
    View
    5
    P
    partcyborg
    drakaina said:
    Do not ask for an ETA
    First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
    Click to expand...
    Click to collapse


    Myself and a handful of other people involved in us snapdragon s8/s8+/n8+ took a brief crack at it a little while ago to no avail. I don't want to go into too many details on here as 1) Samsung is watching surely and 2) the contents from the peanut gallery get old quick but here are the cliff notes. Feel free to pm me here or on telegram for more details. (Backstory on me, I created samfail which was the first/only n8 root method and the second for the s8/s8+ and the only published one beyond bootloader v1.

    - samfail is 100% patched. No known way to modify system
    - you can't mix combo boot with stock images anymore. Samsung got wise to that. Figured out how to track it if we can force write a system image
    - there is a ton of new system level security because they had to move out of the boot image due to treble. Probably the first big nail in the coffin I'm.
    - don't waste your time on the oem unlock toggle in the combo/factory rom. No it doesn't unlock the bootloader. The us snapdragons don't respect it's value outside of turning off frp, but that was with the s8 idk if it is still true on the s9.
    - the other poster is right about the anti root thing. It's in the open source kernel code. If anything being exexuted under uid 0 matches a list of common/known root mods/not stuff that is supposed to be there, instant kernel panic. Things like "binary is called BusyBox" are on that list.

    This was the point I gave up. Partially because I don't have the device so testing is extremely difficult (I wised up this year and purchased a intl. Snapdragon sm-g9650 which has full oem unlock just like the exy).

    In sure there's things in forgetting right now and again, being too transparent here results in root method bring patched faster, hit me up if you want more brain dump
    View
    3
    D
    drakaina
    Ok, so far I have a few routes I plan to take that have worked on other devices. Working on the first, but not at the moment. The rude comment compelled me to post my own. Devs don't follow old ways of doing things so get that out of your head if you want to think forward, not backwards. I have found what could be an exploit in the rom itself that "might" be the starting point to get root access. This is NOT an ETA but hopefully we can start testing in the next few weeks.

    I'll say it now, don't get overly excited a possible exploit has been found. I make no guarantee on it being THE exploit needed. Just be patient, and if you have insight on a way to attack this or another possible exploit, do say so.

    If anyone knows of the bootloader partition already having been copied, post a link. I share mine at the moment so I don't always have it around, so any of the bootloader data would help greatly.
    View
    3
    P
    partcyborg
    guest_2011 said:
    it's still better than .0000000000000000000000000000000000000000000000% :)

    tell this to those who bought anything international on ebay and had trouble returning

    us warranty is a must. everything is made like **** these days. i end up returning 99% of things i buy, and that's not even electronics but anything. i never buy extended warranty for electronics because i don't waste money on anything warranty-worthy. partly for tax reason. other reason it'll likely fail anyway. my current phones cost $1.
    Click to expand...
    Click to collapse

    alvinator94 said:
    Right but I'm pretty sure that'd brick you. But general rule of thumb, if it was that easy don't you think we'd already have root. But even if, best case scenario, let's say they could work and don't brick us, I'm doubtful we would make it through secure boot. Unless those tars are signed by Samsung and pass the secure boot/Odin security check. And we would have to flash everything, I'm guessing that includes the userdata too because if we just flash one part it and it has one piece to getting around one check, another part might be required to get through another check. I just doubt the **** would boot if we tried flashing it because it would fail the PBL sector.



    I don't know honestly the only known ones are the ones posted with guides in the forum.


    Also attached is me asking them to release the ENG firmware. For the keks Bois.
    Click to expand...
    Click to collapse

    Even if they released it, it would not work on your device. To be able to run eng firmware (and consequently, be essentially oem unlocked on a us device), knox requires a special certificate be installed on the device, which is signed by the trust chain and tied directly to the DID# of the individual device. Only then can you boot eng firmware on any device s8 or later.

    It took them over a decade to do it, but tthey seem to have finally covered all their bases and closed the remaining exploit vectors
    View

New posts