Universal Root Method for Motorola Qualcomm Android 2.x.x Phones

Search This thread

rootdefyxt320

Senior Member
Oct 4, 2012
488
440
Sydney, NSW
NOTE: This exploit only exists in Qualcomm chipsets due to eFuse in the TI OMAP chipsets. Sorry, for disappointing users with TI OMAP chipsets.

Exploit has been patched. Thanks to mattlgroff. This exploit only exists in Motorola Qualcomm phones with Gingerbread
This is not for all Moto Qualcomms, either. It has been patched for a very long time and is the opposite of far reaching as the OP suggests.

Sent from my SGH-M919 using Tapatalk 2

Requirements/Prerequisites:

-Motorola Android 2.x.x Phone
-Motorola Drivers installed
-USB Cable
-Device must have fastboot protocol support in the bootloader otherwise this method won't work.

Tools Required:

-Motorola Android firmware Depacker by Skrilax_CZ
-UPDATE-SuperSU-v1.41.zip by Chainfire
-ADB and Fastboot
-Stock SBF/fastboot files.

Method 1: Firmware is in SBF format and packed in CG2.smg format. Examples of phones that has firmware packed in CG2.smg format are Motorola Defy Mini, Motorola Fire XT, Motorola Motoluxe. This method is for Windows. It will also work for Linux if you have the Linux version of Motorola Android Firmware Depacker.


I have tested this method on my Motorola Defy Mini XT320 which is a Gingerbread phone. It also works on Motorola Fire XT311,XT316,XT530,XT531 and Motorola Motoluxe XT615 (not Canadian XT615).

1. Make sure all drivers are installed.
2. Download the SBF file for your phone.
3. Download Motorola Android Depacker. MotoAndroidDepacker-1.2alpha3.zip
4. Download UPDATE-SuperSU-v1.41.zip Please don't extract the zip file for this one.
5. Make sure you have ADB and Fastboot setup if don't have it setup you can download adb&fastboot.zip and extract the zip file making sure everything is in the same location
6. Open Motorola Android Depacker and select the button 'Open From file' and select the SBF file for your phone and open it.
7. Click on the button 'Split to folder' to split SBF file.
8. Now select the button 'Open from File' and change the selection of file type to 'MOTOBLUR mbn image (*CG2.smg)' go to the folder called nameofsbf-extracted which contains CG2.smg and open it.

NOTE: nameofsbf-extracted this means the name of the SBF file with the word extracted at the end. Here's an example: TNBST_4_0A.1F.0ERPS_flex_WE_Orange_Spain-extracted

9. Minimize Motorola Android Firmware Depacker and go to the folder named 'CG2-extracted' and navigate to a file named 'recoverysec.mbn' OR 'emmc_recovery.mbn' and rename it to 'recovery.img'
10. Go to builder.clockworkmod.com and upload your recovery.img and select build.
11. Once it finishes building CWM Recovery, there will be a few files that are ready to be downloaded, download the file named 'recovery.img' NOT 'inputrecovery.img'
12. Place recovery.img in the same location where ADB and fastboot are.
13. Place UPDATE-SuperSU-v1.41.zip in the root of your sdcard.
14. Enable USB Debugging on your phone.
15. Reboot the device into fastboot mode by typing this command in cmd:
Code:
adb reboot-bootloader
16. Boot into temporary CWM Recovery by typing this command in cmd:
Code:
fastboot boot recovery.img
17. Now using Volume keys to navigate and power button to select option. Select 'install zip from sdcard' then select UPDATE-SuperSU-v1.41.zip and it will ask you to confirm install and select yes.
18. Select 'reboot system now' and if it asks you to fix any permissions select yes.
19. Your device should be rooted.

NOTE: METHOD 1 WILL ONLY WORK IF THE SBF FILE IS PACKED IN CG2.SMG FORMAT!


Method 2: TESTED the first 7 steps and it worked. I need some testers please to test the rest of the steps. This is when your firmware is packed in fastboot.xml.zip or .xml.zip format such as Motorola RAZR XT910 firmware. I don't own a phone that has a firmware of fastboot.xml.zip, so I just downloaded XT910 firmware so I could test the first 7 steps. This method should work both in Windows and Linux.


1. Make sure all drivers are installed.
2. Download the fastboot files for your phone.
3.Download UPDATE-SuperSU-v1.41.zip Please don't extract the zip file for this one.
4. Make sure you have ADB and Fastboot setup otherwise you can download adb&fastboot.zip and extract the zip file making sure everything is in the same location.
5. Using a file manager, extract the file named 'recovery_signed' and rename it to recovery.img
6. Go to builder.clockworkmod.com and upload your recovery.img and select build.
7. Once it finishes building CWM Recovery, there will be a few files that are ready to be downloaded, download the file named 'recovery.img' NOT 'inputrecovery.img'
8. Place recovery.img in the same location where ADB and fastboot are.
9. Now place UPDATE-SuperSU-v1.41.zip in the root of your sdcard.
10. Enable USB Debugging on your phone.
11. Reboot the device into fastboot mode by typing this command in cmd:
Code:
adb reboot-bootloader
12. Boot into temporary CWM Recovery by typing this command in cmd:
Code:
fastboot boot recovery.img
13. Now using Volume keys to navigate and power button to select option. Select 'install zip from sdcard' then select UPDATE-SuperSU-v1.41.zip and it will ask you to confirm install and select yes.
14. Select 'reboot system now' and if it asks you to fix any permissions select yes.
15. Your device should be rooted.
 

Attachments

  • MotoAndroidDepacker-1.2alpha3.zip
    46.1 KB · Views: 3,574
  • UPDATE-SuperSU-v1.41.zip
    1.1 MB · Views: 2,722
  • sample-XT910-ICS-recovery.img
    6.2 MB · Views: 2,187
  • 4143d1357236401-defy-mini-root-success-alin-razvan-droidevelopers-xt320-install-recovery.img.jpg
    4143d1357236401-defy-mini-root-success-alin-razvan-droidevelopers-xt320-install-recovery.img.jpg
    26.3 KB · Views: 383
Last edited:

adlx.xda

Inactive Recognized Developer
Feb 4, 2010
1,541
1,752
Madrid
I find it weird that a bootloader locked Motorola phone would let you "fastboot boot". That's not what I would expect...

Sent from my Galaxy Nexus using Tapatalk 4 Beta
 

dagoban

Senior Member
Nov 27, 2012
297
164
Does UPDATE-SuperSU-v1.41 also works on x86 devices such as the Razr I or would we need to use the su file from here: http://forum.xda-developers.com/showthread.php?t=2123369

I'm asking since they also have different updater-scripts...

Update:
Tried it 5 times now to build a CWM Recovery via the website, failed every time :(
my id's
e3fc4f10d5e026b4fbb33cc6969d339c
0d2ebce8165bd84fefa20129caf925d6
1ef2ceba6ed2298cdacf677c1a158a71
800b2c95ba9068b30f4e79e905cda0e8
6897f97da88ee7db655f8d1d90816aef

CFC_9.8.2I-50_SMI-26_S7_USASMIJBRTEU.xml.zip
Razr I XT890
 
Last edited:

PsyClip-R

Senior Member
Dec 19, 2009
295
91
Warsaw
Motorola XT881 (Electrify 2) fails to boot custom recovery.img

Hey ! I've tried your method and I stuck at 12-th step.
This is what I get everytime I try to boot CWM recovery
View attachment 2120232
"Can not boot recovery.img: No error"

Also the next time I success to execute the command, but the device returns me
View attachment 2120251
OKAY
booting...
FAILED (remote:unsupported command)

And now my device seems to be soft-bricked.. I get (Flash failure)

I'd really like to help you with that. Anyone knows what the problem is ?
I think it's all about locked bootloader and deprecated fastboot Motorola has made.
 
Last edited:
  • Like
Reactions: rootdefyxt320

rootdefyxt320

Senior Member
Oct 4, 2012
488
440
Sydney, NSW
Hey ! I've tried your method and I stuck at 12-th step.
This is what I get everytime I try to boot CWM recovery
View attachment 2120232
"Can not boot recovery.img: No error"

Also the next time I success to execute the command, but the device returns me
View attachment 2120251
OKAY
booting...
FAILED (remote:unsupported command)

And now my device seems to be soft-bricked.. I get (Flash failure)

I'd really like to help you with that. Anyone knows what the problem is ?
I think it's all about locked bootloader and deprecated fastboot Motorola has made.

It looks like this exploit in phones with Qualcomm devices because my Motorola Defy Mini has a Qualcomm chipset. It looks like the eFuse is preventing it to boot into custom img file.
 
  • Like
Reactions: PsyClip-R

rootdefyxt320

Senior Member
Oct 4, 2012
488
440
Sydney, NSW
Oh, it looks like it is.
Tomorrow I'll try this with my old Motorola Bravo (which is Defy like device)

The SBF is packed in CGXX.smg format as I have decompiled the SBF for my cousin as he owns a Defy MB525 before so this method won't work as Bravo doesn't have fastboot and eFuse on TI OMAP is aggressive and I think recovery is CG47.smg
 

mattlgroff

Inactive Recognized Developer
Dec 5, 2011
2,291
2,446
San Diego
It looks like this exploit in phones with Qualcomm devices because my Motorola Defy Mini has a Qualcomm chipset. It looks like the eFuse is preventing it to boot into custom img file.

This is not for all Moto Qualcomms, either. It has been patched for a very long time and is the opposite of far reaching as the OP suggests.

Sent from my SGH-M919 using Tapatalk 2
 
  • Like
Reactions: rootdefyxt320

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    NOTE: This exploit only exists in Qualcomm chipsets due to eFuse in the TI OMAP chipsets. Sorry, for disappointing users with TI OMAP chipsets.

    Exploit has been patched. Thanks to mattlgroff. This exploit only exists in Motorola Qualcomm phones with Gingerbread
    This is not for all Moto Qualcomms, either. It has been patched for a very long time and is the opposite of far reaching as the OP suggests.

    Sent from my SGH-M919 using Tapatalk 2

    Requirements/Prerequisites:

    -Motorola Android 2.x.x Phone
    -Motorola Drivers installed
    -USB Cable
    -Device must have fastboot protocol support in the bootloader otherwise this method won't work.

    Tools Required:

    -Motorola Android firmware Depacker by Skrilax_CZ
    -UPDATE-SuperSU-v1.41.zip by Chainfire
    -ADB and Fastboot
    -Stock SBF/fastboot files.

    Method 1: Firmware is in SBF format and packed in CG2.smg format. Examples of phones that has firmware packed in CG2.smg format are Motorola Defy Mini, Motorola Fire XT, Motorola Motoluxe. This method is for Windows. It will also work for Linux if you have the Linux version of Motorola Android Firmware Depacker.


    I have tested this method on my Motorola Defy Mini XT320 which is a Gingerbread phone. It also works on Motorola Fire XT311,XT316,XT530,XT531 and Motorola Motoluxe XT615 (not Canadian XT615).

    1. Make sure all drivers are installed.
    2. Download the SBF file for your phone.
    3. Download Motorola Android Depacker. MotoAndroidDepacker-1.2alpha3.zip
    4. Download UPDATE-SuperSU-v1.41.zip Please don't extract the zip file for this one.
    5. Make sure you have ADB and Fastboot setup if don't have it setup you can download adb&fastboot.zip and extract the zip file making sure everything is in the same location
    6. Open Motorola Android Depacker and select the button 'Open From file' and select the SBF file for your phone and open it.
    7. Click on the button 'Split to folder' to split SBF file.
    8. Now select the button 'Open from File' and change the selection of file type to 'MOTOBLUR mbn image (*CG2.smg)' go to the folder called nameofsbf-extracted which contains CG2.smg and open it.

    NOTE: nameofsbf-extracted this means the name of the SBF file with the word extracted at the end. Here's an example: TNBST_4_0A.1F.0ERPS_flex_WE_Orange_Spain-extracted

    9. Minimize Motorola Android Firmware Depacker and go to the folder named 'CG2-extracted' and navigate to a file named 'recoverysec.mbn' OR 'emmc_recovery.mbn' and rename it to 'recovery.img'
    10. Go to builder.clockworkmod.com and upload your recovery.img and select build.
    11. Once it finishes building CWM Recovery, there will be a few files that are ready to be downloaded, download the file named 'recovery.img' NOT 'inputrecovery.img'
    12. Place recovery.img in the same location where ADB and fastboot are.
    13. Place UPDATE-SuperSU-v1.41.zip in the root of your sdcard.
    14. Enable USB Debugging on your phone.
    15. Reboot the device into fastboot mode by typing this command in cmd:
    Code:
    adb reboot-bootloader
    16. Boot into temporary CWM Recovery by typing this command in cmd:
    Code:
    fastboot boot recovery.img
    17. Now using Volume keys to navigate and power button to select option. Select 'install zip from sdcard' then select UPDATE-SuperSU-v1.41.zip and it will ask you to confirm install and select yes.
    18. Select 'reboot system now' and if it asks you to fix any permissions select yes.
    19. Your device should be rooted.

    NOTE: METHOD 1 WILL ONLY WORK IF THE SBF FILE IS PACKED IN CG2.SMG FORMAT!


    Method 2: TESTED the first 7 steps and it worked. I need some testers please to test the rest of the steps. This is when your firmware is packed in fastboot.xml.zip or .xml.zip format such as Motorola RAZR XT910 firmware. I don't own a phone that has a firmware of fastboot.xml.zip, so I just downloaded XT910 firmware so I could test the first 7 steps. This method should work both in Windows and Linux.


    1. Make sure all drivers are installed.
    2. Download the fastboot files for your phone.
    3.Download UPDATE-SuperSU-v1.41.zip Please don't extract the zip file for this one.
    4. Make sure you have ADB and Fastboot setup otherwise you can download adb&fastboot.zip and extract the zip file making sure everything is in the same location.
    5. Using a file manager, extract the file named 'recovery_signed' and rename it to recovery.img
    6. Go to builder.clockworkmod.com and upload your recovery.img and select build.
    7. Once it finishes building CWM Recovery, there will be a few files that are ready to be downloaded, download the file named 'recovery.img' NOT 'inputrecovery.img'
    8. Place recovery.img in the same location where ADB and fastboot are.
    9. Now place UPDATE-SuperSU-v1.41.zip in the root of your sdcard.
    10. Enable USB Debugging on your phone.
    11. Reboot the device into fastboot mode by typing this command in cmd:
    Code:
    adb reboot-bootloader
    12. Boot into temporary CWM Recovery by typing this command in cmd:
    Code:
    fastboot boot recovery.img
    13. Now using Volume keys to navigate and power button to select option. Select 'install zip from sdcard' then select UPDATE-SuperSU-v1.41.zip and it will ask you to confirm install and select yes.
    14. Select 'reboot system now' and if it asks you to fix any permissions select yes.
    15. Your device should be rooted.
    2
    Here's Superuser for x86 and ARM devices.
    This is Superuser by koush.
    2
    NOTE: This method works on both locked and unlocked bootloaders.
    1
    I find it weird that a bootloader locked Motorola phone would let you "fastboot boot". That's not what I would expect...

    Sent from my Galaxy Nexus using Tapatalk 4 Beta

    Yeah, it worked on a Motorola Defy Mini XT320, it's the fastboot exploit that's been left by Motorola.
    1
    Motorola XT881 (Electrify 2) fails to boot custom recovery.img

    Hey ! I've tried your method and I stuck at 12-th step.
    This is what I get everytime I try to boot CWM recovery
    View attachment 2120232
    "Can not boot recovery.img: No error"

    Also the next time I success to execute the command, but the device returns me
    View attachment 2120251
    OKAY
    booting...
    FAILED (remote:unsupported command)

    And now my device seems to be soft-bricked.. I get (Flash failure)

    I'd really like to help you with that. Anyone knows what the problem is ?
    I think it's all about locked bootloader and deprecated fastboot Motorola has made.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone