?[ROOT][XT1607][XT1609][XT1625][XT1254] auto#initroot tethered jailbreak??

autoprime

Recognized Developer / Inactive Recognized Contrib
Jun 23, 2010
2,638
11,895
203
thread best viewed in browser not xda app
Code:
[CENTER]
                   _ _                               
         _       _| | |_ _     _ _               _   
 ___ _ _| |_ ___|_     _|_|___|_| |_ ___ ___ ___| |_ 
| .'| | |  _| . |_     _| |   | |  _|  _| . | . |  _|
|__,|___|_| |___| |_|_| |_|_|_|_|_| |_| |___|___|_|  
[/CENTER]
tethered jailbreak for bootloader-locked motos

motorola g4 play harpia amazon xt1607 + verizon xt1609
motorola turbo quark verizon xt1254
motorola g4 athene amazon xt1625


feature
double-click install
windows/mac/linux
disable ota updates*
disable amazon ads*
anti-bootloop protect*
working wifi/cellular/nfc/bt/fm
systemless root + mods with magisk
*see tips in post #2

install
download auto#initroot to computer
download magiskmanager apk to moto and install
connect moto to computer with usb cable then (re)boot moto into fastboot
double-click auto#initroot file and wait for moto to boot into jailbreak android
double-click auto#initroot file everytime you reboot moto to regain jailbreak android

uninstall
windows: double-click auto#initroot file and press "0" key when prompted
mac/linux: double-click auto#initroot file and press any key when prompted
see here for more uninstall info
 
Last edited:

autoprime

Recognized Developer / Inactive Recognized Contrib
Jun 23, 2010
2,638
11,895
203


what this is
i make tethered jailbreak for moto using cve-2016-10277 and initroot ideas
designed for bootloader locked motos with no root jailbreak
tethered jailbreak require computer to jailbreak

what this is not
how to use fastboot/adb/drivers
lazy posting before search
bootloader unlock

install step by step
steps 1 and 2 run only once steps 3 and 4 needed each jailbreak after

1. download auto#initroot [here] to computer
  • download then unzip auto#initroot zip file
  • be sure auto#initroot file matches moto model#/software#

2. download magiskmanager apk [here] to moto and install
  • on moto enable : settings - security - “unknown sources”
  • on moto d/l latest magiskmanager 5.x apk and install
3. connect moto to computer with usb cable then (re)boot moto into fastboot
  • enter fastboot : “adb reboot bootloader” or
  • volume down + power at boot
4. double-click auto#initroot script and wait for moto to boot into jailbreak android
  • open folder unzipped in step 1-1
  • mac/linux users : may need to chmod +x auto#initroot script or fastboot binary
  • run script for computer OS and moto boot into jailbreak android
  • unplug usb cable and enjoy root jailbreak
  • run script every time moto boot into jailbreak android
  • read tip section for more
tips
double-click auto#initroot to boot jailbreak android
windows : double-click auto#initroot bat file
linux : set *.sh to execute on double-click or make *.desktop file
mac : double-click auto#initroot command file

use /magisk/.core/service.d/ folder to run script at boot
use example below to make custom *.sh file(s) then put in /magisk/.core/service.d/ folder and chmod +x it​
  • anti-bootloop
  • stop ota update
  • stop amazon ad
  • stop bloat app and services
  • and more...
    Code:
    [/LIST]
    #!/system/bin/sh
    
    #move this to /magisk/.core/service.d/ folder after factory resets
    
    #anti-bootloop -- allow harpia to reboot without computer
    printf '\x31' | dd of=/dev/block/platform/msm_sdcc.1/by-name/utags bs=1 seek=90
    
    #disable ota so #initroot not patched
    pm disable com.motorola.ccc.ota
    
    #disable bloat after factory reset
    if [ ! -e "/cache/firstrun" ]; then
    
      #disable amazon ad
      pm disable com.amazon.phoenix
      rm /data/data/com.android.systemui/files/boot.ad*
    
      #add verizon xt1609 bloat
      pm disable com.gotv.nflgamecenter.us.lite
      pm disable com.vznavigator.Generic
    
      #add amazon xt1607 bloat
      pm disable com.amazon.widgets
      pm disable com.amazon.clouddrive.photos
      pm disable com.amazon.kindle
      pm disable com.amazon.dee.app
      pm disable com.amazon.drive
      pm disable com.imdb.mobile
      pm disable com.goodreads
      pm disable com.audible.application
    
      #create firstrun so only run once
      touch /cache/firstrun
    
    #end if statement
    fi
    
    #add new commands here
    
    #end of script
    exit 0

  • pfaq (probable frequent asked questions)
    q : why no bootloader unlock
    a : need 0 days bug to set unlock qfuse

    q : why jailbreak need tether
    a : #initroot exploit stored in memory and gone after reboot

    q : i need computer always to jailbreak android
    a : yes but if no reboot always jailbreak android

    q : i need computer always to boot moto
    a : no use command in tips for anti-bootloop

    q : i can reboot phone without computer and jailbreak android
    a : no no use anti-bootloop to boot without computer but also lose jailbreak

    q : must install magiskmanager before auto#initroot
    a : no you can install before or after does not matter

    q : must double-click only for jailbreak
    a : double-click is easy but can also run script from terminal

    q : must use script for jailbreak
    a : no you can manually type fastboot commands in terminal

    q : i put script in /magisk/.core/service.d/ why no run
    a : chmod +x file.sh and it will run on jailbreak android boot

    q : why no auto#initroot for my moto
    a : cant do everything

    q : i do everything right why no work
    a : sometimes you must pull battery out moto and try again

    q : auto#initroot work on non-moto
    a : no moto only

    q : how to disable #initroot
    a : boot to fastboot run command below and #initroot never happen
    Code:
    fastboot oem config fsg-id “”
    #initroot-able versions
    Code:
    [COLOR="green"]XT1254 MCG24.251-5-5[/COLOR] <- do not upgrade past this version
    
    [COLOR="green"]XT1607 MPIS24.241-2.35-1-13[/COLOR] <- do not upgrade past this version
    [COLOR="green"]XT1607 MPI24.241-2.35-1[/COLOR]
    
    [COLOR="green"]XT1609 MPIS24.241-2.35-1-17[/COLOR] <- do not upgrade past this version
    [COLOR="green"]XT1609 MPIS24.241-2.35-1-13[/COLOR]
    [COLOR="green"]XT1609 MPIS24.241-2.35-1-3[/COLOR]
    [COLOR="green"]XT1609 MPI24.241-2.35-1[/COLOR]
    
    [COLOR="green"]XT1625 NPJS25.93-14-4[/COLOR] <- do not upgrade past this version
    [COLOR="Green"]XT1625 MPJ24.139-64[/COLOR]
    
    [COLOR="Red"]XT1687 NPNS25.137-35-5[/COLOR] <- blocks #initroot
    [COLOR="Green"]XT1687 NPN25.137-35[/COLOR] <- do not upgrade past this version
    my comments
    make use of the custom scripts you can add to /magisk/.core/service.d/
    even though bootloader lock systemless magisk help makes many mods
    i hope people come up with creative ways to make these locked phones fun again
    i only have xt1609 so cannot test everything myself
    things may be broken for non-xt1609 moto and user must test
    i thought using jailbreak sounded funny and since the root is tethered...
    tethered jailbreak = tethered root
    tethered root lasts until you reboot
    dont reboot for month and you have root for month
    initial #initroot poc was limited to root thru adb shell only
    initial #initroot poc required you to be at computer for every reboot
    auto#initroot gives us the ability to do system-edit like mods with magisk
    auto#initroot is just a double-click away any time you need to re-root
    this seems like the best possible case for bootloader-locked phone
    other than bootloader unlock itself of course
    changelog
    july 19 2017 - initial release
    august 3 2017 - added uninstall option to auto#initroot script + added amazon g5 play xt1687
    august 6 2017 - added support for all windows versions
    error reporting

    users reporting issue should make report detailed as possible to increase chance of getting response.

    details required:
    1. on your phone go to settings > about phone and list:
    • model number
    • software variant/channel
    • android version
    • android security patch level
    • build number

    2. which auto#initroot file are you using?
    • full name of auto#initroot folder or *.initroot file

    3. what is the output from the auto#initroot script/command/bat file?
    • copy/paste the entire output log of command prompt/terminal window
    • screenshot would work if you are unable to copy/paste text

    4. what os is on your computer?
    • windows 10 64-bit, windows 8.1 32-bit, os x 10.8.5, etc..

    your report should answer all possible variables.
    if error report already answered previously in thread then report will likely be ignored.
    if more questions must be asked before it's possible to give you answer then report will likely be ignored.
 
Last edited:

autoprime

Recognized Developer / Inactive Recognized Contrib
Jun 23, 2010
2,638
11,895
203
This worked for the XT1609, wonderfully, in fact. Just dont install anything to /system and you should be gold :).
wise words! in fact, don't mess with system or boot and you should be good!
unless of course you know what you're doing and want to try to test things more.

could this method works too on new Samsung Galaxy Note Fan Edition ? (Bootloader locked it seems... )

https://forum.xda-developers.com/note-fe
no moto bug only unfortunately
:(


to others...

as long as you used #initroot to boot...
the following should work if setup properly:
  • titanium backup
  • greenify
  • other apps that need root to run
  • systemless adblock
  • systemless xposed
  • any xposed modules that work on your model moto
  • any magisk modules that work on your model moto

this is pretty much like running a stock rooted rom... as long as you dont reboot.
when you do reboot you reboot into stock system with no root/magisk/xposed modifications...
until you re-run auto#initroot again from the computer.

get the phone all set up how you want it and you should be able to stay rooted the entire time you're away from the computer and never not have root/mods unless phones crashes randomly.. then you just deal with stock for a bit.

backup your data with titanium backup or helium or something before installing any mods and you mess up and end up having to factory reset to boot or something. make sure data is backed up to ext-sd, cloud, computer etc. if stored on internal sdcard you'll lose it when you factory reset.
 
Last edited:

autoprime

Recognized Developer / Inactive Recognized Contrib
Jun 23, 2010
2,638
11,895
203
@autoprime can you add this to the op, woke up to a couple ppl complaining about bootloops

To clear out the ramdisk address they need to run

fastboot oem config fsg-id ""

afterwards
i know you know..
but this command was explained in the second post of this thread as well as alternatives to avoid the bootloop entirely. i wish people could read. i have added the command to the first post for now... may add something to install script for easy uninstall.
 

sswyu

Member
Jun 11, 2009
17
0
0
I installed it on my xt1609 and it worked , then I tried to install systemless xposed in magiska, then the phone went to bootloop, I uninstalled iniroot by script and it can boot to the system .
But now I tried to install the iniroot again , it goes to bootloop again, it seemd system-less xposed did something to the system
What should I do now, thanks.
 

autoprime

Recognized Developer / Inactive Recognized Contrib
Jun 23, 2010
2,638
11,895
203
I installed it on my xt1609 and it worked , then I tried to install systemless xposed in magiska, then the phone went to bootloop, I uninstalled iniroot by script and it can boot to the system .
But now I tried to install the iniroot again , it goes to bootloop again, it seemd system-less xposed did something to the system
What should I do now, thanks.
unplug moto and pull battery.. put battery back in and try to boot with auto#initroot again.
sometimes usb unplug and battery pull is needed for initroot to work.

if it still bootloops..
boot into fastboot
send: fastboot oem config fsg-id ""
boot into stock recovery and factory reset
now initroot should work again.

as long as system or boot is not modified then phone should always be safe
and at most just need a factory reset and
fastboot oem config fsg-id ""
to remove initroot completely and go back to a 100% stock phone.
 

sswyu

Member
Jun 11, 2009
17
0
0
Thank you, I think the systemless xposed in magiska did something so now the install script will only cause bootloop, maybe I should factory reset and try again, but without titanium backup , backup and restore is a pain in the ass. I will try later.
 

autoprime

Recognized Developer / Inactive Recognized Contrib
Jun 23, 2010
2,638
11,895
203
Thank you, I think the systemless xposed in magiska did something so now the install script will only cause bootloop, maybe I should factory reset and try again, but without titanium backup , backup and restore is a pain in the ass. I will try later.
so pulling the battery and usb cable did not help?

why no titanium backup? it doesnt work with magisk? i have not tried this yet.
 

sswyu

Member
Jun 11, 2009
17
0
0
because now if I want to the boot to system I have to uninstall the script so no root no magiska no titanium backup.
the script works great fist time anyway, just anyone want to install xposed . YOU HAVE BEEN WARNED.
 

autoprime

Recognized Developer / Inactive Recognized Contrib
Jun 23, 2010
2,638
11,895
203
because now if I want to the boot to system I have to uninstall the script so no root no magiska no titanium backup.
the script works great fist time anyway, just anyone want to install xposed . YOU HAVE BEEN WARNED.
ahh.. yeah you need to backup data with titanium before you start messing with it.
initroot > backup > mod moto

there are other users who have flashed systemless xposed and can still boot.. so lots of variables here.
hopefully ppl just test and report what works and we can all find the best way to do all this.
 

JooseyJay

Member
Jun 21, 2013
34
9
0
Thank you!!! I've been refreshing the SunShine download page praying for an update for droid turbo, XT1254 MCG24.251-5-5, unlocked, TWRP, and rooted! Thanks @autoprime & @jcase

Edit: I may have spoken too soon, installed superSU through TWRP, wiped dalvik/cache, rebooted, now stuck on moto powered by android screen...
 
Last edited:

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,767
263
Sequim WA
Thank you!!! I've been refreshing the SunShine download page praying for an update for droid turbo, XT1254 MCG24.251-5-5, unlocked, TWRP, and rooted! Thanks @autoprime & @jcase

Edit: I may have spoken too soon, installed superSU through TWRP, wiped dalvik/cache, rebooted, now stuck on moto powered by android screen...
Which supersu did you install? 2.62 is needed for DT I believe, reflash stock boot.img and reinstall supersu
 

JooseyJay

Member
Jun 21, 2013
34
9
0
Which supersu did you install? 2.62 is needed for DT I believe, reflash stock boot.img and reinstall supersu
I had flashed version 2.46 on MCG24.251-5-5. I ended up flashing a SU4TL-49 stock rom and and supersu 2.46 worked with it.
I accidentally booted to system after installing twrp but before booting recovery, so I had to flash twrp a second time, as it got wrote over by stock recovery. Not sure if that had anything to do with it.
 

autoprime

Recognized Developer / Inactive Recognized Contrib
Jun 23, 2010
2,638
11,895
203
What can and cant be done with this root on a locked bootloader? Would titanium backup and greenify work with this?
as long as you used #initroot to boot...
the following should work if setup properly:
  • titanium backup
  • greenify
  • other apps that need root to run
  • systemless adblock
  • systemless xposed
  • any xposed modules that work on your model moto
  • any magisk modules that work on your model moto

this is pretty much like running a stock rooted rom... as long as you dont reboot.
when you do reboot you reboot into stock system with no root/magisk/xposed modifications...
until you re-run auto#initroot again from the computer.

get the phone all set up how you want it and you should be able to stay rooted the entire time you're away from the computer and never not have root/mods unless phones crashes randomly.. then you just deal with stock for a bit.
 
  • Like
Reactions: killerxda