[4.4 ROOT] SlapMyMoto 1.0 (Works with MotoWPNoMo)

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,767
263
Sequim WA
My apologies for taking so long, life is hectic. This is a "root path" for the 4.4 update, and in this case you will retain your stock recovery so features like remote wipe will continue to work. It requires you downgrading to 4.2.2 or already be on 4.2.2 before updating to 4.4.

First you must use MotoWPNoMo, if you haven't then you will need to. Use RockMyMoto to gain root, then use MotoWPNoMo, and then restore to the 4.2.2 Camera update.

SlapMyMoto requires you to be on the 4.2.2 Camera update, you can find the firmware for your device below:
ATT- http://sbf.droid-developers.org/download.php?device=0&file=22
Verizon - http://sbf.droid-developers.org/download.php?device=0&file=55

Step1)

Unzip SlapMyMoto-1,0.zip and push the jar file to your internal storage
Code:
adb push SlapMyMoto.jar /sdcard/SlapMyMoto.jar
Step2)

Use http://www.cydiaimpactor.com/ to open up a telnet session as system user on port 2222. We covered how to use Impactor and telnet in the RockMyMoto root, I won't be covering it again since this post is going to be long enough already, see here -> http://forum.xda-developers.com/showthread.php?t=2509590 or http://rootzwiki.com/topic/107098-root-rockmymoto-yes-even-the-first-ota/


Connecting over telnet, and run Stage1 with this command:
Code:
dalvikvm -cp /sdcard/SlapMyMoto.jar SlapMyMoto
When the device tells you to reboot, do this manually with "adb reboot" or your power button. It will not auto reboot on this step

Step3)

Once the device has rebooted, run Impactor again and connect over telnet just like in the previous step, then run the same command
Code:
dalvikvm -cp /sdcard/SlapMyMoto.jar SlapMyMoto
Once the device has rebooted, please take the 4.4 OTA.

Step4)
Now that we are on 4.4, we can finish the process with adb shell:

Code:
adb shell
cp /sdcard/install.sh /data/local/tmp/install.sh
chmod 755 /data/local/tmp/install.sh
echo "/data/local/tmp/install.sh" > /sys/kernel/uevent_helper
Then either wait, or toggle your bluetooth. Once the device reboots, you will have root.
 

Attachments

Last edited:

AaronCompNetSys

Senior Member
Jun 19, 2007
300
84
0
After taking the 4.4 OTA in step 3, if you then take on the 4.4.2 OTA update afterwards, the write protection off will be reverted and /system/ will once again be locked. There is no known way at this time to reverse this for users with locked bootloaders.

If you are on 4.2.x, you will be prompted for the 4.4 OTA update before getting the 4.4.2 OTA. You should complete step 4 before deciding to take on the 4.4.2 OTA or not.

Other relivent quotes from jcase:

The only thing i didn't understand was the "restore to 4.2.2 camera update" part, and [...] i'm already on 4.2.2.
[...]you skipped a step...

Rooted devices rarely handle OTAs very well, especially if they do not have a recovery anymore. Restore to [stock], and continue.
^(From another thread, but a comon question in this one)^

Quoting from Step 3: "Once the device has rebooted, please take the 4.4 OTA."

So what happens if the only OTA available is 4.4.2?
The device is not rooted at the step when you are taking the 4.4 OTA. The 4.4 update.zip is available from other sources and can be sideloaded in recovery.
Possible mirror, not verified: magnet:?xt=urn:btih:CDARPSOTRY7CO4EY6K6SNWVASPBPX46S

Ok ... so what if you use the 0.5c method, where you replace the recovery with the customized boot image, that enabled write protection?
You can't boot a customized image.
Will that method work for 4.4.2 when it comes along?
No it won't work in 4.4.2, nor will it work with the 4.4 bootloaders.

I know you stated before that you have no intention on developing new root methods for the Moto X.
But is there any chance you have reconsidered and decided to take a look on 4.4.2?
No time, sorry.

No one mentions custom bootloader.

I am aware 0.5c works, but it has it's own flaws hence no longer beign available. Don't take OTAs with root, it is not a smart move.

JC
[What is] the benefit gained by this procedure.
Starting with the MotoX, Motorola started applying low level write protection to parts of the flash memory (in this case just /system). Root alone does not give us the ability to modify anything in system. My original hackjob that we used to bypass this has been fixed in Android 4.4. This is required if you want to actually install su into the /system partition.
What happened to the flashing recovery.img, before taking the update to 4.4 and then flashing the 4.2.2 bootloader.
Previously we were using my workaround to write to system, now we are using MotoWPNoMo to gain write to system, as it is a better solution. No more recovery hackery needed.

Note: I will be reviewing threads and duplicating posts here to ease others finding them. PM me if you feel you have been misquoted or have something I missed.
 
Last edited:

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,767
263
Sequim WA
Says he won't release a root method for 4.4, has to deal with whiny, entitled people that think he's selfish for doing so, and still ends up releasing something. Now that's what I call a class act.
Actually, i didn't really release a new exploit, and I won't be. This is the same primary exploits as motoroot/rockmymoto/pwnmymoto, just instead of installing su, it plants a "backdoor". Since they allowed us to downgrade, we were able to do this.
 

freak4dell

Senior Member
Aug 10, 2008
732
193
0
Actually, i didn't really release a new exploit, and I won't be. This is the same primary exploits as motoroot/rockmymoto/pwnmymoto, just instead of installing su, it plants a "backdoor". Since they allowed us to downgrade, we were able to do this.
True, but a method is a method, in my eyes.

I gotta wonder if Motorola left the ability to downgrade as somewhat of a subtle way of making up to the community for not being able to unlock the AT&T and Verizon versions. They're just too good at making secure bootloaders to make me think that it was just overlooked.
 

monkespit

Senior Member
May 12, 2009
74
4
0
Thank you for all the great and hard work you do for everyone in the consumer motox community.
I will not whine or nag, I will wait patiently until it is complete and ready. I don't have as much time for testing and tinkering like in the droidx days.
So again, jcase, thank you thank you!

Sent from my XT1060 using Tapatalk
 
  • Like
Reactions: wfpabst

Sinderan

Senior Member
Sep 29, 2009
98
10
0
Marietta
Do you mean gpt.bin and logo.bin? Those are only ones in the camera OTA. I really should have checked before pushing the setup.sh, cause now I just boot to fastboot and don't wanna flash the wrong thing.
 

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,767
263
Sequim WA
Do you mean gpt.bin and logo.bin? Those are only ones in the camera OTA. I really should have checked before pushing the setup.sh, cause now I just boot to fastboot and don't wanna flash the wrong thing.
From the 4.2.2 camera firmware, I clarified in OP now.
 
  • Like
Reactions: sn2hotty
G

GuestK0077

Guest
Awesome! Can't test it yet though, as I am in Canada on Rogers and we haven't gotten the update yet. It's still a relief knowing that I can get root when I get the update though. Thanks!
 

mercado79

Senior Member
Oct 4, 2008
1,049
395
113
Boston, MA
@jcase, i know we're waiting for an update/fix for the reboot recovery issue, but i thought i'd mention that step 5 didn't work as described for me:

Step 5)
adb push recovery.sh /data/local/tmp/setup.sh
adb reboot
(It will reboot, then quickly reboot straight to the bootloader)
the last part didn't happen. after pushing the recovery.sh file (to data local as setup.sh), then doing an adb reboot, the phone never automatically reboots to the bootloader. maybe i'm missing something though. are we supposed to "quickly reboot" or is this supposed to happen on its own?
 

imnotmikal

Senior Member
Oct 25, 2010
67
14
0
27
Richmond, VA
www.michael-adcock.com
@jcase, i know we're waiting for an update/fix for the reboot recovery issue, but i thought i'd mention that step 5 didn't work as described for me:



the last part didn't happen. after pushing the recovery.sh file (to data local as setup.sh), then doing an adb reboot, the phone never automatically reboots to the bootloader. maybe i'm missing something though. are we supposed to "quickly reboot" or is this supposed to happen on its own?
It is supposed to do it automatically, but the Verizon model is missing some dependency for this method.
Jcase said he has a fix and will work on it soon, but for now, do not do this on the Verizon model. Return to 4.2.2 for now.