[OFFICIAL] Verizon Galaxy Note Edge Bootloader Unlock -- Developer Edition Conversion

Search This thread

npjohnson

Recognized Developer
Information:

This is a Bootloader Unlock for the Verizon Note Edge.

Enjoy. Don't forget to thank @beaups, as he discovered the eMMC backdoor and exploited it, and @ryanbg for helping apply it. I am managing the thread, and initially collected the CID/Aboot combo to use the CID switch/Flash the corresponding Aboot method. I opted to hold off on publically releasing this, as Ryan has a much cleaner way. He extracts the CID hash inside a developer edition aboot, and places it in the currecnt aboot parititon. This allows the unlock to be increment agnostic, and, in my opinoin, is a much cleaner way to do this.

THIS WILL NOT WORK ON GALAXY S3/GALAXY S4/GALAXY S6|e/Galaxy S7|e. It will NOT work on AT&T devices, as they are missing the developer edition check function. Running this on an AT&T variant will almost certainly brick it.

We may get around to doing a VZW S3 version here soon, and after that, that should round out all the vulnerable devices, as we have already hit the VZW Note 3, VZW Note 4, and VZW S5 (Samsung eMMC version). The VZW S4, and some VZW S5's use Toshiba eMMC's, and therefore, aren't vulnerable to this. If we have missed a vulnerable device, feel free to tag me and alert me.


Disclosure:

I do not own a Note Edge. The exploit happened to be applicable to the Note Edge, and we compiled it for your devices rather than not releasing it. This seems like a reasonable and friendly thing to do for the community. I can't help you root or teach you how to use ADB. It's important you have the ability to do these things or research them a bit before blindly using this. I am very familiar with Samsung however, and time permitting, will do my best to help anyone having issues. I did not compile this, Ryan did, after I collected the necessary pieces to do so (the developer edition aboot & CID combo), and told him the device was vulnerable.



I am managing this thread to help the community out, and can answer any (reasonable) questions you have. PLEASE do not tag Ryan and Beaups galore in this thread, there is no need to bug them.


How this works:

You should not run this if you don't understand it. For those who are capable but need some help go here.

More info on this method: here

A writeup on the exploit can be found here.



Requirements:


- Any 5.1.x Firmware (latest is preferred). If you are on 4.4.x, upgrade either via OTA or ODIN.

- Root (Or at least, temp-root via King Root, if you have trouble with the King Root app, try the Desktop version, I hear it works more reliably).

- Knowledge of ABD

- Micro USB Cable

- Micro SD Card (Backup your data, as IT WILL BE FORMATTED!!!)

- Disable Reactivation Lock

- A Saumsung eMMC - You can download the 'eMMC Brick Bug' check app on the Play Store to verify your CID starts with 15. If it does, you are good. If not, this will not work.


Onto the Actual Unlock:


The code below is NOT a script, you must enter the commands manually.

Code:
Code:
adb push samsung_unlock_edge /data/local/tmp/ 
adb shell 
su 
cd /data/local/tmp/ 
chmod 777 samsung_unlock_edge
chown root.root samsung_unlock_edge
./samsung_unlock_edge
Allow device to reboot. After full reboot, power down and pull battery. You may need to run it twice if it doesn't work after the battery pull.


Download:


Download


Donate:


Paypal: attestation28@gmail.com [COMPLETELY VOLUNTARY AND OPTIONAL] -- this is Ryan's donation email, please donate to him if you choose to donate, as he has a wedding coming! Or, if you prefer donating to a charity, The Mike a Wish Foundation is the preferred one.



FAQ:


I CAN'T ROOT WITH KINGROOT!!!

Some people took an SE Policy Update recently pushed out by Samsung's "Security Policy Updater" app to prevent KingRoot's current method from completing successful temp-root. A fresh ODIN to the lowest possible 5.0.1 FW will solve the issue.


I HAZ BOOTLOOPZ!!!


Don't freak out. If you folowed the instructions, you are fine. Pull out your SD Card and see if it boots. If it boots without the SD Card, you need to backup what is on your SD Card (which is the backup of your original retail CID), and format the SD Card on your PC. Other than that, you can always just ODIN to stock 5.1.1 and start over.


Can I updated my Bootloader to a newer version?


DON'T UPDATE YOUR BOOTLOADER TO A MARSHMALLOW BASED BOOTLOADER, WE DON'T KNOW IF THIS IS STILL EXPLOITABLE ON MM! For multiple reasons: Samsung has the ability to update the eMMC firmware and patch the CID write bug, and temp root on Marshmallow became much harder due to dm-verity, etc.


Does the Unlock survive a Bootloader flash?


No. The tool places a developer edition CID Hash Blob in your aboot partition, and cahnges your CID to that of the developer edition that matches taht CID blob. Flashing an aboot (via dd or ODIN) will erase this blob, and you will need to re-run this tool.


Can I go back to retail?


Why would you want this? You can run both the developer edition aboot, and retail edition aboot with the developer edition CID.

But yes. You can. When you run this, a backup of your current CID is taken. As long as you hang onto that backup, you will always be able to use the samsung_cid binary found here. Pull up and ADB Shell, and get root, then execute samsung_cid (from somewhere like /data/local/tmp/) followed by your backed up CID.


What about /System partition write protection?


It is gone. Permanently in my testing. Returning to a retail aboot still allows /system to be remounted R/W (as root only obviously).

How do I root now that I have converted to a Developer Edition?

Two Options:

Doesn't Trip KNOX (most likely), unable to run custom ROM/Kernel: Just re-run King Root post conversion. You'll have permanent root.

Does Trip KNOX, able to run custom ROM/Kernel: Use ODIN to flash TWRP, and then TWRP to flash SuperSU.

XDA:DevDB Information
[OFFICIAL] Verizon Galaxy Note Edge Bootloader Unlock, Tool/Utility for the Galaxy Note Edge

Contributors
npjohnson
Source Code: https://github.com/beaups/SamsungCID


Version Information
Status: Stable
Current Stable Version: 2016-05-25
Stable Release Date: 2016-05-25

Created 2016-05-26
Last Updated 2016-06-02
 
Last edited:

bigbooker455

Senior Member
Nov 5, 2010
286
27
Kenosha, WI
1464229231503.jpg


YEAH!

Sent from my SM-N915V using XDA-Developers mobile app
 

max366

Senior Member
Jul 31, 2015
63
8
just when i need temp root ..... kingroot fails every time !!!! :crying::crying::crying::crying:
 

max366

Senior Member
Jul 31, 2015
63
8
kingroot 4.5 4.8 and 4.92 apk and desktop version tried multiple times each no success

factory reset phone tried again no success

used debloater tool disabled knox stuff etc... no success

currently on 5.0.1

any suggestions?
 

npjohnson

Recognized Developer
It was working fine then about 1 week ago stopped just lockup I heard Google blocked it, recently my phone asked me to do a security update I did it and then it stopped working....

Sent from my SM-N915V using XDA-Developers mobile app

Ahhh. Samsungs on the fly SEPolicy upgrades. This would explain why it works on about half the users devices.

Okay, what method did you use to get temp root then?
 

Mace68

Senior Member
Mar 30, 2011
98
20
A huge thanks to all involved! I guess we can use the ROMs and such in the Dev Edition threads now as long as we don't touch the bootloader?

-Edit-
Just saw that not many of those threads exist.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 16
    Information:

    This is a Bootloader Unlock for the Verizon Note Edge.

    Enjoy. Don't forget to thank @beaups, as he discovered the eMMC backdoor and exploited it, and @ryanbg for helping apply it. I am managing the thread, and initially collected the CID/Aboot combo to use the CID switch/Flash the corresponding Aboot method. I opted to hold off on publically releasing this, as Ryan has a much cleaner way. He extracts the CID hash inside a developer edition aboot, and places it in the currecnt aboot parititon. This allows the unlock to be increment agnostic, and, in my opinoin, is a much cleaner way to do this.

    THIS WILL NOT WORK ON GALAXY S3/GALAXY S4/GALAXY S6|e/Galaxy S7|e. It will NOT work on AT&T devices, as they are missing the developer edition check function. Running this on an AT&T variant will almost certainly brick it.

    We may get around to doing a VZW S3 version here soon, and after that, that should round out all the vulnerable devices, as we have already hit the VZW Note 3, VZW Note 4, and VZW S5 (Samsung eMMC version). The VZW S4, and some VZW S5's use Toshiba eMMC's, and therefore, aren't vulnerable to this. If we have missed a vulnerable device, feel free to tag me and alert me.


    Disclosure:

    I do not own a Note Edge. The exploit happened to be applicable to the Note Edge, and we compiled it for your devices rather than not releasing it. This seems like a reasonable and friendly thing to do for the community. I can't help you root or teach you how to use ADB. It's important you have the ability to do these things or research them a bit before blindly using this. I am very familiar with Samsung however, and time permitting, will do my best to help anyone having issues. I did not compile this, Ryan did, after I collected the necessary pieces to do so (the developer edition aboot & CID combo), and told him the device was vulnerable.



    I am managing this thread to help the community out, and can answer any (reasonable) questions you have. PLEASE do not tag Ryan and Beaups galore in this thread, there is no need to bug them.


    How this works:

    You should not run this if you don't understand it. For those who are capable but need some help go here.

    More info on this method: here

    A writeup on the exploit can be found here.



    Requirements:


    - Any 5.1.x Firmware (latest is preferred). If you are on 4.4.x, upgrade either via OTA or ODIN.

    - Root (Or at least, temp-root via King Root, if you have trouble with the King Root app, try the Desktop version, I hear it works more reliably).

    - Knowledge of ABD

    - Micro USB Cable

    - Micro SD Card (Backup your data, as IT WILL BE FORMATTED!!!)

    - Disable Reactivation Lock

    - A Saumsung eMMC - You can download the 'eMMC Brick Bug' check app on the Play Store to verify your CID starts with 15. If it does, you are good. If not, this will not work.


    Onto the Actual Unlock:


    The code below is NOT a script, you must enter the commands manually.

    Code:
    Code:
    adb push samsung_unlock_edge /data/local/tmp/ 
    adb shell 
    su 
    cd /data/local/tmp/ 
    chmod 777 samsung_unlock_edge
    chown root.root samsung_unlock_edge
    ./samsung_unlock_edge
    Allow device to reboot. After full reboot, power down and pull battery. You may need to run it twice if it doesn't work after the battery pull.


    Download:


    Download


    Donate:


    Paypal: attestation28@gmail.com [COMPLETELY VOLUNTARY AND OPTIONAL] -- this is Ryan's donation email, please donate to him if you choose to donate, as he has a wedding coming! Or, if you prefer donating to a charity, The Mike a Wish Foundation is the preferred one.



    FAQ:


    I CAN'T ROOT WITH KINGROOT!!!

    Some people took an SE Policy Update recently pushed out by Samsung's "Security Policy Updater" app to prevent KingRoot's current method from completing successful temp-root. A fresh ODIN to the lowest possible 5.0.1 FW will solve the issue.


    I HAZ BOOTLOOPZ!!!


    Don't freak out. If you folowed the instructions, you are fine. Pull out your SD Card and see if it boots. If it boots without the SD Card, you need to backup what is on your SD Card (which is the backup of your original retail CID), and format the SD Card on your PC. Other than that, you can always just ODIN to stock 5.1.1 and start over.


    Can I updated my Bootloader to a newer version?


    DON'T UPDATE YOUR BOOTLOADER TO A MARSHMALLOW BASED BOOTLOADER, WE DON'T KNOW IF THIS IS STILL EXPLOITABLE ON MM! For multiple reasons: Samsung has the ability to update the eMMC firmware and patch the CID write bug, and temp root on Marshmallow became much harder due to dm-verity, etc.


    Does the Unlock survive a Bootloader flash?


    No. The tool places a developer edition CID Hash Blob in your aboot partition, and cahnges your CID to that of the developer edition that matches taht CID blob. Flashing an aboot (via dd or ODIN) will erase this blob, and you will need to re-run this tool.


    Can I go back to retail?


    Why would you want this? You can run both the developer edition aboot, and retail edition aboot with the developer edition CID.

    But yes. You can. When you run this, a backup of your current CID is taken. As long as you hang onto that backup, you will always be able to use the samsung_cid binary found here. Pull up and ADB Shell, and get root, then execute samsung_cid (from somewhere like /data/local/tmp/) followed by your backed up CID.


    What about /System partition write protection?


    It is gone. Permanently in my testing. Returning to a retail aboot still allows /system to be remounted R/W (as root only obviously).

    How do I root now that I have converted to a Developer Edition?

    Two Options:

    Doesn't Trip KNOX (most likely), unable to run custom ROM/Kernel: Just re-run King Root post conversion. You'll have permanent root.

    Does Trip KNOX, able to run custom ROM/Kernel: Use ODIN to flash TWRP, and then TWRP to flash SuperSU.

    XDA:DevDB Information
    [OFFICIAL] Verizon Galaxy Note Edge Bootloader Unlock, Tool/Utility for the Galaxy Note Edge

    Contributors
    npjohnson
    Source Code: https://github.com/beaups/SamsungCID


    Version Information
    Status: Stable
    Current Stable Version: 2016-05-25
    Stable Release Date: 2016-05-25

    Created 2016-05-26
    Last Updated 2016-06-02
    2
    Dear friend, does your method still work? I think, no. I try several times to make bootloader custom and every time after reset it became official. For first root, I use Kingo root, because Kingroot doesn't work. When I use it, after 25-29 % progress my phone every time reset. I'll wait for a full working version

    Try to flash your phone then wipe data factory reset remove sim set-up without network connection trt to root with kingo root pc I used it yesterday and it worked perfectly

    Sent from my SM-N915V using XDA-Developers mobile app

    I suggest following mnw1989 advice. I spent like 2 hours, and tried multiple time with factory resetting with both kingroot and kingoroot, wipe data, formatting microsd card to achive developer mode. Multiple tries of Kingoroot worked for me but I had to do it twice because first time it just copied CID to my device.

    Now I am in developer mode and my next step is root, twrp and debloat. After find a way to native tether and hopefully I can find little time to tweak few stuff.
    I am not happy about lack of ROMs but I am happy about now I can do whatever hack I want to do with this device.
    2
    Nvm.
    Found the link on post #91 and it worked out. Now I am a dev mode.

    Thanks.
    Lol, That's why it's a good idea to keep a second set of linkable files.

    Don't just say thanks, hit the thanks button bro.

    Sent from my SM-N915V using Tapatalk
    2
    I suggest following mnw1989 advice. I spent like 2 hours, and tried multiple time with factory resetting with both kingroot and kingoroot, wipe data, formatting microsd card to achive developer mode. Multiple tries of Kingoroot worked for me but I had to do it twice because first time it just copied CID to my device.

    Now I am in developer mode and my next step is root, twrp and debloat. After find a way to native tether and hopefully I can find little time to tweak few stuff.
    I am not happy about lack of ROMs but I am happy about now I can do whatever hack I want to do with this device.
    For native tether install xposed framework and use the moto tether module. This works for me to use native tethering with no entitlement check. For more information check out the xposed thread in the general note edge section
    2
    Deleted

    Sent from my SM-N915V using Tapatalk