Status of rooting today

Search This thread

Skorpion96

Senior Member
Aug 28, 2014
240
37
Palermo
So I will tell you a story. I have a zte phone which is not rootable at the moment, I spent 11 months trying and two days ago I found a firmware with fastboot, because zte disables it on purpose. Novadays rooting is often a problem since oems lock everything and don't care, also we can say the same about users, they think that since Android adds functionality it's good to stay unrooted. Let me tell you that is a stupid way of thinking, not only you are accepting to use a phone as guest (also smartphones are so powerful to be considered pcs) but also you are doing it without knowing that oems leave backdoors on it. I really don't understand why people don't care anymore about rooting. I'm so sad. Now I made a discord server where I'm looking for people, devs in particular, but also other people are welcome, and I want to port qu1ckr00t exploit and make also new one, I'm sick of people and oems, I really don't understand is possible to be so dumb? I really don't know...
 
  • Like
Reactions: Kawaari

Renate

Recognized Contributor / Inactive Recognized Dev
Feb 3, 2012
3,635
1,606
Boston
www.temblast.com
Nexus 7 (2013)
Moto E5
Yeah, the war against users has escalated.
I think the only way to delay the inevitable is to buy devices with things open at the lowest level.
I rate this on four levels:
  1. Fastboot unlocked, can write most partitions
  2. Fastboot critical unlocked, can write all partitions
  3. Boot ROM and loader software available (e.g. EDL and Firehose for Qualcomm), can read/write all flash
  4. SoC unlocked (e.g. SecureBoot off in Qualcomm), can boot anything
Even if things are open, "progress" means that things always get more complicated and more of a hassle.

Right now I have my cheap/locked/carrier-subsidized phone stock.
I have my Onyx Poke3 ereader Magisk-less rooted and modded.
 

Skorpion96

Senior Member
Aug 28, 2014
240
37
Palermo
Yeah, the war against users has escalated.
I think the only way to delay the inevitable is to buy devices with things open at the lowest level.
I rate this on four levels:
  1. Fastboot unlocked, can write most partitions
  2. Fastboot critical unlocked, can write all partitions
  3. Boot ROM and loader software available (e.g. EDL and Firehose for Qualcomm), can read/write all flash
  4. SoC unlocked (e.g. SecureBoot off in Qualcomm), can boot anything
Even if things are open, "progress" means that things always get more complicated and more of a hassle.

Right now I have my cheap/locked/carrier-subsidized phone stock.
I have my Onyx Poke3 ereader Magisk-less rooted and modded.
the problerm is that even if i have fastboot without a code to unlock the bootloader is meanigless, people have to make new exploits
 

Skorpion96

Senior Member
Aug 28, 2014
240
37
Palermo
Fastboot that requires a code to unlock and no code = No fastboot.
So, on that scale of 1 to 4 you have a 0.
You got the point, I'm in need of some dev who ports qu1ckr00t exploit to armv7l, since I tried some 32 bit version and the exploit was working but it found wrong addresses. But I can't push links here, maybe in private if someone wants to try porting qu1ckr00t using my kernel source. Unfortunately I'm not a dev so would be impossible for me
 

Renate

Recognized Contributor / Inactive Recognized Dev
Feb 3, 2012
3,635
1,606
Boston
www.temblast.com
Nexus 7 (2013)
Moto E5
I'm not that versed in exploits, although I can see that this relies on crashing binder and using entry points in kallsyms.
Can you even see anything here?
Code:
$ cat /proc/kallsyms
cat: /proc/kallsyms: Permission denied
$ echo 0 > /proc/sys/kernel/kptr_restrict
/system/bin/sh: can't create /proc/sys/kernel/kptr_restrict: Permission denied
Do you have your specific (exact) boot.img? It's trivial to extract kallsyms out of that.
 

lebigmac

Senior Member
Jan 31, 2017
1,145
773
Speaking of fastboot. Have you guys seen the fake empty fastboot that Samsung installs on their devices? Samsung deleted the real fastboot and replaced it with a fake one that doesn't even do anything! Samsung did this on purpose to annoy their users 😤
oems leave backdoors on it
Oh now I finally understand the purpose of this fake empty 'fastboot' on all Samsung devices that doesn't even seem to do anything :unsure:

And then Samsung constantly force selinux enforcing down your throat on all their devices and there's nothing you can do about it even as root unless you hack your kernel. Sounds like fun right?

That's why I prefer Xiaomi :love: devices nowadays. Cheap price, good hardware, easy to unlock (1 week waiting time which is kind of annoying but still somewhat acceptable), easy to root and debloat and customize :D(y)




I think one of the major hurdles to achieving root nowadays are all these different read-only protection mechanisms which are shoved down our throats... And having selinux constantly enforcing doesn't really help 😒

Speaking of Enforcing : Have you guys ever heard about the fake root? :unsure:
It looks and feels like real root but it's fake and I can't do anything with it due to selinux constantly enforcing :(
Click here if you don't believe me.

fake_root-jpg.5669537
 
Last edited:

Renate

Recognized Contributor / Inactive Recognized Dev
Feb 3, 2012
3,635
1,606
Boston
www.temblast.com
Nexus 7 (2013)
Moto E5
I was just looking at a boot image from lebigmac.
They're always throwing new stuff at us and I like to keep up with it. There was a small wrinkle in there.
I've seen uncompressed kernels, compressed kernels with extractor stubs, GZIP, LZMA. This one had LZ4 compression.

I'm kind of surprised that everyone seems to have still stuck with GZIPed CPIO for ramdisk.
Why not change it and upset everyone for some marginal benefit?

In any case, the strange thing with lebigmac's boot image is that I could extract the kallsyms but all the addresses were zero.
(This has nothing to do /proc/kallsyms or /proc/sys/kernel/kptr_restrict.)
Has anyone seen this before?
 

lebigmac

Senior Member
Jan 31, 2017
1,145
773
Here is the boot.img that @Renate was talking about in case anyone was wondering ;)(y)
It's from an older HTC U11 device that is giving me the fake root issue briefly mentioned above.
This is slightly off-topic though so please feel free to discuss this fake root issue in THIS THREAD instead. (y)
I just thought I'd mention it here hoping that some Android vulnerability experts would chime in with a possible solution to my fake root problem. Thanks! ;)(y)
 

Attachments

  • boot.img
    36.2 MB · Views: 4
Last edited:
So I will tell you a story. I have a zte phone which is not rootable at the moment, I spent 11 months trying and two days ago I found a firmware with fastboot, because zte disables it on purpose. Novadays rooting is often a problem since oems lock everything and don't care, also we can say the same about users, they think that since Android adds functionality it's good to stay unrooted. Let me tell you that is a stupid way of thinking, not only you are accepting to use a phone as guest (also smartphones are so powerful to be considered pcs) but also you are doing it without knowing that oems leave backdoors on it. I really don't understand why people don't care anymore about rooting. I'm so sad. Now I made a discord server where I'm looking for people, devs in particular, but also other people are welcome, and I want to port qu1ckr00t exploit and make also new one, I'm sick of people and oems, I really don't understand is possible to be so dumb? I really don't know...
What ZTE phone are you attempting to root? If it has a MTK SoC, I'd recommend trying MTKclient. It was able to unlock my ZTE Blade Vantage 2 (yes, a unlocked Verizon phone) and now I've got Magisk and all.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    So I will tell you a story. I have a zte phone which is not rootable at the moment, I spent 11 months trying and two days ago I found a firmware with fastboot, because zte disables it on purpose. Novadays rooting is often a problem since oems lock everything and don't care, also we can say the same about users, they think that since Android adds functionality it's good to stay unrooted. Let me tell you that is a stupid way of thinking, not only you are accepting to use a phone as guest (also smartphones are so powerful to be considered pcs) but also you are doing it without knowing that oems leave backdoors on it. I really don't understand why people don't care anymore about rooting. I'm so sad. Now I made a discord server where I'm looking for people, devs in particular, but also other people are welcome, and I want to port qu1ckr00t exploit and make also new one, I'm sick of people and oems, I really don't understand is possible to be so dumb? I really don't know...
    1
    Fastboot that requires a code to unlock and no code = No fastboot.
    So, on that scale of 1 to 4 you have a 0.