Information:
This is a Bootloader Unlock for the Verizon Note Edge.
Enjoy. Don't forget to thank @beaups, as he discovered the eMMC backdoor and exploited it, and @ryanbg for helping apply it. I am managing the thread, and initially collected the CID/Aboot combo to use the CID switch/Flash the corresponding Aboot method. I opted to hold off on publically releasing this, as Ryan has a much cleaner way. He extracts the CID hash inside a developer edition aboot, and places it in the currecnt aboot parititon. This allows the unlock to be increment agnostic, and, in my opinoin, is a much cleaner way to do this.
THIS WILL NOT WORK ON GALAXY S3/GALAXY S4/GALAXY S6|e/Galaxy S7|e. It will NOT work on AT&T devices, as they are missing the developer edition check function. Running this on an AT&T variant will almost certainly brick it.
We may get around to doing a VZW S3 version here soon, and after that, that should round out all the vulnerable devices, as we have already hit the VZW Note 3, VZW Note 4, and VZW S5 (Samsung eMMC version). The VZW S4, and some VZW S5's use Toshiba eMMC's, and therefore, aren't vulnerable to this. If we have missed a vulnerable device, feel free to tag me and alert me.
Disclosure:
I do not own a Note Edge. The exploit happened to be applicable to the Note Edge, and we compiled it for your devices rather than not releasing it. This seems like a reasonable and friendly thing to do for the community. I can't help you root or teach you how to use ADB. It's important you have the ability to do these things or research them a bit before blindly using this. I am very familiar with Samsung however, and time permitting, will do my best to help anyone having issues. I did not compile this, Ryan did, after I collected the necessary pieces to do so (the developer edition aboot & CID combo), and told him the device was vulnerable.
I am managing this thread to help the community out, and can answer any (reasonable) questions you have. PLEASE do not tag Ryan and Beaups galore in this thread, there is no need to bug them.
How this works:
You should not run this if you don't understand it. For those who are capable but need some help go here.
More info on this method: here
A writeup on the exploit can be found here.
Requirements:
- Any 5.1.x Firmware (latest is preferred). If you are on 4.4.x, upgrade either via OTA or ODIN.
- Root (Or at least, temp-root via King Root, if you have trouble with the King Root app, try the Desktop version, I hear it works more reliably).
- Knowledge of ABD
- Micro USB Cable
- Micro SD Card (Backup your data, as IT WILL BE FORMATTED!!!)
- Disable Reactivation Lock
- A Saumsung eMMC - You can download the 'eMMC Brick Bug' check app on the Play Store to verify your CID starts with 15. If it does, you are good. If not, this will not work.
Onto the Actual Unlock:
The code below is NOT a script, you must enter the commands manually.
Code:
Allow device to reboot. After full reboot, power down and pull battery. You may need to run it twice if it doesn't work after the battery pull.
Download:
Download
Donate:
Paypal: [email protected] [COMPLETELY VOLUNTARY AND OPTIONAL] -- this is Ryan's donation email, please donate to him if you choose to donate, as he has a wedding coming! Or, if you prefer donating to a charity, The Mike a Wish Foundation is the preferred one.
FAQ:
I CAN'T ROOT WITH KINGROOT!!!
Some people took an SE Policy Update recently pushed out by Samsung's "Security Policy Updater" app to prevent KingRoot's current method from completing successful temp-root. A fresh ODIN to the lowest possible 5.0.1 FW will solve the issue.
I HAZ BOOTLOOPZ!!!
Don't freak out. If you folowed the instructions, you are fine. Pull out your SD Card and see if it boots. If it boots without the SD Card, you need to backup what is on your SD Card (which is the backup of your original retail CID), and format the SD Card on your PC. Other than that, you can always just ODIN to stock 5.1.1 and start over.
Can I updated my Bootloader to a newer version?
DON'T UPDATE YOUR BOOTLOADER TO A MARSHMALLOW BASED BOOTLOADER, WE DON'T KNOW IF THIS IS STILL EXPLOITABLE ON MM! For multiple reasons: Samsung has the ability to update the eMMC firmware and patch the CID write bug, and temp root on Marshmallow became much harder due to dm-verity, etc.
Does the Unlock survive a Bootloader flash?
No. The tool places a developer edition CID Hash Blob in your aboot partition, and cahnges your CID to that of the developer edition that matches taht CID blob. Flashing an aboot (via dd or ODIN) will erase this blob, and you will need to re-run this tool.
Can I go back to retail?
Why would you want this? You can run both the developer edition aboot, and retail edition aboot with the developer edition CID.
But yes. You can. When you run this, a backup of your current CID is taken. As long as you hang onto that backup, you will always be able to use the samsung_cid binary found here. Pull up and ADB Shell, and get root, then execute samsung_cid (from somewhere like /data/local/tmp/) followed by your backed up CID.
What about /System partition write protection?
It is gone. Permanently in my testing. Returning to a retail aboot still allows /system to be remounted R/W (as root only obviously).
How do I root now that I have converted to a Developer Edition?
Two Options:
Doesn't Trip KNOX (most likely), unable to run custom ROM/Kernel: Just re-run King Root post conversion. You'll have permanent root.
Does Trip KNOX, able to run custom ROM/Kernel: Use ODIN to flash TWRP, and then TWRP to flash SuperSU.
XDA:DevDB Information
[OFFICIAL] Verizon Galaxy Note Edge Bootloader Unlock, Tool/Utility for the Galaxy Note Edge
Contributors
npjohnson
Source Code: https://github.com/beaups/SamsungCID
Version Information
Status: Stable
Current Stable Version: 2016-05-25
Stable Release Date: 2016-05-25
Created 2016-05-26
Last Updated 2016-06-02
This is a Bootloader Unlock for the Verizon Note Edge.
Enjoy. Don't forget to thank @beaups, as he discovered the eMMC backdoor and exploited it, and @ryanbg for helping apply it. I am managing the thread, and initially collected the CID/Aboot combo to use the CID switch/Flash the corresponding Aboot method. I opted to hold off on publically releasing this, as Ryan has a much cleaner way. He extracts the CID hash inside a developer edition aboot, and places it in the currecnt aboot parititon. This allows the unlock to be increment agnostic, and, in my opinoin, is a much cleaner way to do this.
THIS WILL NOT WORK ON GALAXY S3/GALAXY S4/GALAXY S6|e/Galaxy S7|e. It will NOT work on AT&T devices, as they are missing the developer edition check function. Running this on an AT&T variant will almost certainly brick it.
We may get around to doing a VZW S3 version here soon, and after that, that should round out all the vulnerable devices, as we have already hit the VZW Note 3, VZW Note 4, and VZW S5 (Samsung eMMC version). The VZW S4, and some VZW S5's use Toshiba eMMC's, and therefore, aren't vulnerable to this. If we have missed a vulnerable device, feel free to tag me and alert me.
Disclosure:
I do not own a Note Edge. The exploit happened to be applicable to the Note Edge, and we compiled it for your devices rather than not releasing it. This seems like a reasonable and friendly thing to do for the community. I can't help you root or teach you how to use ADB. It's important you have the ability to do these things or research them a bit before blindly using this. I am very familiar with Samsung however, and time permitting, will do my best to help anyone having issues. I did not compile this, Ryan did, after I collected the necessary pieces to do so (the developer edition aboot & CID combo), and told him the device was vulnerable.
I am managing this thread to help the community out, and can answer any (reasonable) questions you have. PLEASE do not tag Ryan and Beaups galore in this thread, there is no need to bug them.
How this works:
You should not run this if you don't understand it. For those who are capable but need some help go here.
More info on this method: here
A writeup on the exploit can be found here.
Requirements:
- Any 5.1.x Firmware (latest is preferred). If you are on 4.4.x, upgrade either via OTA or ODIN.
- Root (Or at least, temp-root via King Root, if you have trouble with the King Root app, try the Desktop version, I hear it works more reliably).
- Knowledge of ABD
- Micro USB Cable
- Micro SD Card (Backup your data, as IT WILL BE FORMATTED!!!)
- Disable Reactivation Lock
- A Saumsung eMMC - You can download the 'eMMC Brick Bug' check app on the Play Store to verify your CID starts with 15. If it does, you are good. If not, this will not work.
Onto the Actual Unlock:
The code below is NOT a script, you must enter the commands manually.
Code:
Code:
adb push samsung_unlock_edge /data/local/tmp/
adb shell
su
cd /data/local/tmp/
chmod 777 samsung_unlock_edge
chown root.root samsung_unlock_edge
./samsung_unlock_edgeDownload:
Download
Donate:
Paypal: [email protected] [COMPLETELY VOLUNTARY AND OPTIONAL] -- this is Ryan's donation email, please donate to him if you choose to donate, as he has a wedding coming! Or, if you prefer donating to a charity, The Mike a Wish Foundation is the preferred one.
FAQ:
I CAN'T ROOT WITH KINGROOT!!!
Some people took an SE Policy Update recently pushed out by Samsung's "Security Policy Updater" app to prevent KingRoot's current method from completing successful temp-root. A fresh ODIN to the lowest possible 5.0.1 FW will solve the issue.
I HAZ BOOTLOOPZ!!!
Don't freak out. If you folowed the instructions, you are fine. Pull out your SD Card and see if it boots. If it boots without the SD Card, you need to backup what is on your SD Card (which is the backup of your original retail CID), and format the SD Card on your PC. Other than that, you can always just ODIN to stock 5.1.1 and start over.
Can I updated my Bootloader to a newer version?
DON'T UPDATE YOUR BOOTLOADER TO A MARSHMALLOW BASED BOOTLOADER, WE DON'T KNOW IF THIS IS STILL EXPLOITABLE ON MM! For multiple reasons: Samsung has the ability to update the eMMC firmware and patch the CID write bug, and temp root on Marshmallow became much harder due to dm-verity, etc.
Does the Unlock survive a Bootloader flash?
No. The tool places a developer edition CID Hash Blob in your aboot partition, and cahnges your CID to that of the developer edition that matches taht CID blob. Flashing an aboot (via dd or ODIN) will erase this blob, and you will need to re-run this tool.
Can I go back to retail?
Why would you want this? You can run both the developer edition aboot, and retail edition aboot with the developer edition CID.
But yes. You can. When you run this, a backup of your current CID is taken. As long as you hang onto that backup, you will always be able to use the samsung_cid binary found here. Pull up and ADB Shell, and get root, then execute samsung_cid (from somewhere like /data/local/tmp/) followed by your backed up CID.
What about /System partition write protection?
It is gone. Permanently in my testing. Returning to a retail aboot still allows /system to be remounted R/W (as root only obviously).
How do I root now that I have converted to a Developer Edition?
Two Options:
Doesn't Trip KNOX (most likely), unable to run custom ROM/Kernel: Just re-run King Root post conversion. You'll have permanent root.
Does Trip KNOX, able to run custom ROM/Kernel: Use ODIN to flash TWRP, and then TWRP to flash SuperSU.
XDA:DevDB Information
[OFFICIAL] Verizon Galaxy Note Edge Bootloader Unlock, Tool/Utility for the Galaxy Note Edge
Contributors
npjohnson
Source Code: https://github.com/beaups/SamsungCID
Version Information
Status: Stable
Current Stable Version: 2016-05-25
Stable Release Date: 2016-05-25
Created 2016-05-26
Last Updated 2016-06-02
Last edited:
