Root for J7 Crown (S767VL)? Straight Talk/Tracfone/Total Wireless phone.
- Thread starter KamariaK
- Start date
Pwoof! Dusty thread.
Heads up to anyone who is still interested, an implementation of CVE-2019-16253 has been made by a developer named K0mraid3. Among the devices that this system shell (not root) works on is our J7 Crown! This is a privilege escalation exploit that grants an adb shell system level access.
While this exploit does not grant root level access on its own, it could be a very valuable tool in escalating further, and it is super easy to use!
Edit:
Oh! I have been doing the exploit wrong. so you are supposed to use version 3.0.02.2 of tts, I have been using 3.0.00.86 which gives a whole slew of different permission groups including 1015(sdcard_rw),1023(media_rw) and 1024(mtp). This version doesn't work on newer devices, but for the device I have it allows ls on root XD
Chears
Heads up to anyone who is still interested, an implementation of CVE-2019-16253 has been made by a developer named K0mraid3. Among the devices that this system shell (not root) works on is our J7 Crown! This is a privilege escalation exploit that grants an adb shell system level access.
While this exploit does not grant root level access on its own, it could be a very valuable tool in escalating further, and it is super easy to use!
Edit:
Oh! I have been doing the exploit wrong. so you are supposed to use version 3.0.02.2 of tts, I have been using 3.0.00.86 which gives a whole slew of different permission groups including 1015(sdcard_rw),1023(media_rw) and 1024(mtp). This version doesn't work on newer devices, but for the device I have it allows ls on root XD
Chears
Last edited:
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
3
If anyone has anything they would like to add to what I am posting in order to be more specific or definitive of what I am attempting to discuss, please, do not hesitate to post it.
There are things encoded at the hardware level that do not get changed or flashed when flashing Samsung devices, there are hardware components that have their own independent "firmware", so to speak. These components retain their original firmware regardless of what you flash on the device's internal memory(this is very similar to the BIOS chip in your PC that stays the same regardless of what OS you install or how many times you wipe the system and reinstall the OS). If the software that we flash on the internal storage does not pass the signature/security checks encoded in these components that have independent firmware at first boot, the device becomes software-bricked or can even be hardware-bricked. In other words, there are hardware components that are checking the bootloader to verify it is the correct bootloader, if not verified, the device fails to boot at that point(this usually results in a hard-brick), if verified, the bootloader checks the software that it is about to boot, if verified by the bootloader, the device continues to boot, if not verified, the device fails to boot at that point(this usually results in a soft-brick, but can potentially hard-brick). Software-brick is potentially repairable, hardware-brick is not repairable without new hardware replacements or expensive external hardware components and software tools for PC and some rather complicated methods to perform a hard-brick recovery.
In some ways and some instances, it can be a mixture of hardware level checks, bootloader checks and kernel checks before it even gets to attempting to boot at the software level. If these checks don't all agree with each other, the device cannot function properly, sometimes, not at all.
All of this is to say that 1 of 2 things will likely happen when flashing Refine firmware on our devices.
1) our locked bootloader will possibly block the install due to the refine firmware not passing our bootloader's signature/security checks.
Or
2) the firmware might successfully flash without any errors but will potentially brick the device on first boot due to not passing the bootloader's signature/security checks.
If you feel like being a trailblazer, take the chance yourself and see if it works. The rest of us choose to not take the chance in order to prevent a "worst case" scenario.
Side note****
I would like to know how they got Modaco Superboot to unlock bootloader on a Samsung device. Modaco superboot uses fastboot commands to achieve it's purpose. Now, here's the real question, how did they get fastboot to do anything to a Samsung device when Samsung devices do not even have fastboot functionality, no fastboot mode, no bootloader mode? Samsung has it's own version of "bootloader mode" but it isn't the same thing as the "fastboot related" bootloader mode. On Samsung it's called Download Mode which is only compatible with specific tools, not fastboot.
ADB works perfectly fine on Samsung, but fastboot can't do anything with Samsung.
Sent from my SM-S767VL using Tapatalk22
Yes, several times, with several additional modifications trying to get it to work, but it is pointless, it still blocks the patched .img and also still blocks TWRP.
I chased this for weeks on end trying different tricks and methods, nothing worked, didn't even get close to working.
On engineering firmware, OEM unlocked, RMM/KG status stated "checking", RMM/KG status not set to pre-normal(which should allow patched .img or TWRP to flash). But still no success, regardless of what is tried. I've tried everything except finding/buying a ENG root firmware(which doesn't exist for this device). I've exhausted every method and tool that I've learned/discovered in all the years I've been dealing with android customization, NOTHING works, period. We just are not going to get past the locked bootloader on this device, it is a pointless endeavor, Verizon/Tracfone has this device locked down air-tight.
Sent from my SM-S767VL using Tapatalk2
Not necessarily, the "OEM unlock" setting does not always, itself, unlock the bootloader. Sometimes, it is a setting that puts the device in a state that the bootloader "can" be unlocked via the compatible unlock method, if one exists for the device.
For instance, on a fastboot capable device, one would enable the "OEM unlock" setting, then boot to fastboot mode and issue the correct fastboot commands to unlock bootloader, or, after enabling the setting, one would obtain the necessary information/codes to unlock then visit a specific website to enter the info/codes and maybe use a couple of specific PC programs to unlock.
In a manner of speaking, it can be a kind of cover over the keyhole that allows you to insert the key to unlock the lock, you just need the correct key to release the lock once the cover is removed from the keyhole.
But, you are right, in a sense. Some devices that have this setting are completely unlocked just by toggling this setting, but this does not apply to all devices, in all cases.
Sent from my SM-S767VL using Tapatalk
