[Q] 5.0 and rooting on locked device

[themsftcpu]

Hey,
So as mentioned in the large "How to root" thread, any update after 4.4.3 will essentially make your device unrootable (or unwritable).
I have the xt1058, which is one of the devices with a locked bootloader. This device is also compatible with Android 5.0, so I was wondering if I flash a captured OTA of 5.0 for the xt1058, will that lock out my bootloader and ensure that I can never root again?

Thanks!

 

[nhizzat]

5.0 > 4.4.3 so logic would lead me to say yes, you're stuck running stock.

 

[Darth]

If you are locked, you will not be able to Root on 5.0 for now, or for awhile.... If ever.

---------- Post added at 10:26 AM ---------- Previous post was at 10:26 AM ----------

Once it comes out of course.

---------- Post added at 10:27 AM ---------- Previous post was at 10:26 AM ----------

if you really want to Root.... Best to not update, as they may figure out how to Root kit Kat and not Lollipop. Usually how it goes.

 

[KidJoe]

Hey,
So as mentioned in the large "How to root" thread, any update after 4.4.3 will essentially make your device unrootable (or unwritable).
I have the xt1058, which is one of the devices with a locked bootloader. This device is also compatible with Android 5.0, so I was wondering if I flash a captured OTA of 5.0 for the xt1058, will that lock out my bootloader and ensure that I can never root again?

Thanks!

Not sure what you mean by "flash a captured OTA" but with a locked bootloader all you can flash is a ROM or OTA which is digitally signed by Moto and meant for your phone and its CID value. In other words, you can't capture an OTA zip file, modify, repack it and flash it to include Root, if you have a locked bootloader.

If you want usable root on the X you need two parts 1. Root Exploit, and 2. An Exploit that allows for disabling Write Protection.

If you have a locked bootloader you need someone to find these exploits and create a repeatable process to use them to gain root and disabling write protection. You basically need to find and exploit a flaw or vulnerability in the phone, or its software. i.e. Hack It.

When Write Protection is enabled (the phone's default state with locked bootloader, or the state you are in after you install 4.4.2), any changes made to /system, or the like, (including, but not limited to, App installs, file modifications, deletions, renames, etc) are not permanent and are lost at power off/on.

On a locked bootloader you are relying on someone finding vulnerabilities in the phone or its software to both root and disable write protection. Period. No way around that.

As it stands right now, no one has released info on any vulnerabilities which could gain root on a locked bootloader 2013 X which have been upgraded to 4.4.4. So there is no process for rooting those locked bootloader phones.

While JCASE's Sunshine tool can exploit a vulnerability to unlock the bootloader (disabling write protection), it needs to be able to ROOT, or Temp Root, the phone first, which leaves out phones on 4.4.4 (unless I've missed a change recently). (and before you ask, no, you can NOT safely downgrade from 4.4.4 to 4.4.2 or lower, nor can you get to a state where Sunshine will work once you have 4.4.4 on your phone.)

With further security enhancements as android evolves, its only going to get more difficult finding vulnerabilities to exploit and creating repeatable processes for those with locked bootloaders. In other words while there might be a chance someone comes up with something for locked bootloader 2013 X's on Lollipop, I wouldn't count on it happening, nor would I "bet the farm" that it will ever happen.

 

[frenchie007]

Not sure what you mean by "flash a captured OTA" but with a locked bootloader all you can flash is a ROM or OTA which is digitally signed by Moto and meant for your phone and its CID value. In other words, you can't capture an OTA zip file, modify, repack it and flash it to include Root, if you have a locked bootloader.

If you want usable root on the X you need two parts 1. Root Exploit, and 2. An Exploit that allows for disabling Write Protection.

If you have a locked bootloader you need someone to find these exploits and create a repeatable process to use them to gain root and disabling write protection. You basically need to find and exploit a flaw or vulnerability in the phone, or its software. i.e. Hack It.

When Write Protection is enabled (the phone's default state with locked bootloader, or the state you are in after you install 4.4.2), any changes made to /system, or the like, (including, but not limited to, App installs, file modifications, deletions, renames, etc) are not permanent and are lost at power off/on.

On a locked bootloader you are relying on someone finding vulnerabilities in the phone or its software to both root and disable write protection. Period. No way around that.

As it stands right now, no one has released info on any vulnerabilities which could gain root on a locked bootloader 2013 X which have been upgraded to 4.4.4. So there is no process for rooting those locked bootloader phones.

While JCASE's Sunshine tool can exploit a vulnerability to unlock the bootloader (disabling write protection), it needs to be able to ROOT, or Temp Root, the phone first, which leaves out phones on 4.4.4 (unless I've missed a change recently). (and before you ask, no, you can NOT safely downgrade from 4.4.4 to 4.4.2 or lower, nor can you get to a state where Sunshine will work once you have 4.4.4 on your phone.)

With further security enhancements as android evolves, its only going to get more difficult finding vulnerabilities to exploit and creating repeatable processes for those with locked bootloaders. In other words while there might be a chance someone comes up with something for locked bootloader 2013 X's on Lollipop, I wouldn't count on it happening, nor would I "bet the farm" that it will ever happen.

What about using safestrap? I also own a locked moto x and am currently running a rooted 4.4.4 ROM via safestrap.
Would this be possible to do with lollipop while retaining root?

 

[KidJoe]

What about using safestrap? I also own a locked moto x and am currently running a rooted 4.4.4 ROM via safestrap.
Would this be possible to do with lollipop while retaining root?

You'll likely still need to find a software vulnerability to exploit to gain root. And if Lillipop uses a new Kernel (which is does) it may not be compatible with the current Safestrap. And Hash stopped developing Safestrap.

That being said.. Safe strap requires the host phone/os be rooted with write protection disabled. So if you are running Safestrap on a 2013 X, you likely have Android 4.4 or lower as your host OS and have used something like SlapMyMoto/RockMyMoto along with MotoWpNoMo to root and disable write protection on your host OS. If this is the case, use Sunshine to unlock your bootloader. It will be much easier.

 

[frenchie007]

You'll likely still need to find a software vulnerability to exploit to gain root. And if Lillipop uses a new Kernel (which is does) it may not be compatible with the current Safestrap. And Hash stopped developing Safestrap.

That being said.. Safe strap requires the host phone/os be rooted with write protection disabled. So if you are running Safestrap on a 2013 X, you likely have Android 4.4 or lower as your host OS and have used something like SlapMyMoto/RockMyMoto along with MotoWpNoMo to root and disable write protection on your host OS. If this is the case, use Sunshine to unlock your bootloader. It will be much easier.

Yep, I was holding out on unlocking with sunshine but seems like its necessary to keep root for lollipop. Thanks!

 

[nhizzat]

Yep, I was holding out on unlocking with sunshine but seems like its necessary to keep root for lollipop. Thanks!

Why would you ever wait to unlock your bootloader if you're able to? You wouldn't have to worry about any of this with an unlocked bootloader.

 

[KidJoe]

Why would you ever wait to unlock your bootloader if you're able to? You wouldn't have to worry about any of this with an unlocked bootloader.

My only guess would be.... he is still under warranty and isn't in a hurry to void it?

 

[frenchie007]

Why would you ever wait to unlock your bootloader if you're able to? You wouldn't have to worry about any of this with an unlocked bootloader.

My only guess would be.... he is still under warranty and isn't in a hurry to void it?

Because sunshine costs money and yes, I'm in no hurry to unlock it (until lollipop comes along that is)

 

[Darth]

Because sunshine costs money and yes, I'm in no hurry to unlock it (until lollipop comes along that is)

Just keep in mind.... As soon as you update to 4.4.4 or Lollipop, There's no guarantee you'll ever be able to unlock with Sunshine.

You likely know this... But just checking. ?

 

[frenchie007]

Just keep in mind.... As soon as you update to 4.4.4 or Lollipop, There's no guarantee you'll ever be able to unlock with Sunshine.

You likely know this... But just checking. ��

using safestrap to flash only parts of 4.4.4 (excluding bootloader if I'm not mistaken) allows me to retain full root even on 4.4.4 even with a locked bootloader. however from what I understand you're right this won't be possible for lollipop :/

 

[Darth]

using safestrap to flash only parts of 4.4.4 (excluding bootloader if I'm not mistaken) allows me to retain full root even on 4.4.4. however from what I understand you're right this won't be possible for lollipop

Maybe it could..... But based on the issues I've seen in the N5 section, likely not. Lollipop probably won't play well with anything kit Kat or earlier.

Pretty hard to test too... Who knows what would happen if you tried. Also, who knows when or if SBF files will turn up.

---------- Post added at 05:15 PM ---------- Previous post was at 05:13 PM ----------

Off topic.... But I will feel bad for anyone who has Lollipop complaints and tries downgrading. Could be the end of their device.

Unless moto changes that quirk with their bootloader.