43 replies to this topic

[xKroniK13x]

User zxz0O0 on xda is reporting that his giefroot tool can provided tethered root to Razr M's on the 183.46.15 firmware, however, /system is read-only. I have not tested this, but I thought someone may want to take a look.

 

Giefroot Thread:

Please Login or Register to see this Hidden Content

Post Announcing Tethered Root:

Please Login or Register to see this Hidden Content

 

Will the Razr community luck out again? Not even close to an unlock, but some people may be happy.

[RikRong]

John tested this earlier on his HD and it didn't work, but we haven't seen a test on the M yet.

[livinginkaos]

I would be shocked if it worked on the M and not the HD.  Build is the same.

[Leinsoren]

Tried it on my M, and can confirm it didn't work. Will keep an eye on this to see if any new changes may appear in the future.

[xKroniK13x]

Another supposed root found. Unlock not working though.

Please Login or Register to see this Hidden Content

Sent from my RAZR M on BlissPop Lollipop 5.0.2 from Tapatalk

[johnthehillbilly]

I'm gonna say I doubt seriously that it works, mainly because it says it uses towelroot (which in-fact does not work)....

[johnthehillbilly]

Tried to DL it to test it just in case...... All I could get was a .bin file instead of the .7z file that its supposed to be.... (First red flag).... Then went to the "source" link that was mentioned .... Once I fed it into the translator to translate from Russian (second red flag)..... The attachment has been removed from there.... (Yup, another red flag).....

[RikRong]

Please Login or Register to see this Hidden Content

The exploit somehow downgrades the kernel, so it can be rooted? Is that possible on a locked boot loader? Am I missing something? Is that possible?

Sent from my HTC6525LVW using Tapatalk

[xKroniK13x]

http://forum.xda-developers.com/showthread.php?p=58875300

The exploit somehow downgrades the kernel, so it can be rooted? Is that possible on a locked boot loader? Am I missing something? Is that possible?

Sent from my HTC6525LVW using Tapatalk

I wouldn't think so, it flashes some sort of modified stock recovery from the looks of things. Many reports of success but I am still skeptical. Not that it's relevant if people would have just unlocked when it was possible.

Sent from my RAZR M on BlissPop Lollipop 5.0.2 from Tapatalk

[SamuriHL]

I have my doubts on a locked device.

[SamuriHL]

I've had a look at it.  Someone on a locked device should definitely give this a try.  I have doubts, but, there is a good possibility it works.

[johnthehillbilly]

works on my unlocked HD ...... (Just tested on a fresh fxz) ..... I am still unsure how or if its going to work on a locked device..... Also, it seems that there are a bunch of unnecessary reboots, with no commands or any indication of anything happening in between ....

[RikRong]

Yeah, I definitely can't wait to see a more experienced member over on XDA try it out on a locked phone. It seems that everyone that has reported success have joined XDA exclusively to post in that thread.

Sent from my HTC6525LVW using Tapatalk

[johnthehillbilly]

The problem is.... Most "experienced" members [here or there] have unlocked

[xKroniK13x]

I know someone with a locked xt907, but I couldn't ever convince them to root... I'll see if they will let me give it a shot. I'm skeptical because, like RikRong said, most people reporting success are brand new members just reporting that it worked. I'm not super paranoid, but running a script that some unknown Russian group made seems like trouble. 😯


Edit: Now they're saying they have a potential BL unlock for the .15 build. Get real!

Cheers from 4pda community.
Just wanted to warn You all one more time - do not try to unlock BL with this root method.
Author of this exploit (HydrogenXS) has already bricked his phone right after successful root and now he is trying to restore it.

some explanation about unlocking (a free translation from 4pda):

Attempt of bootloader unlocking on .15 results one of theese: 1) You`ll get a hardbrick 2) Nothing

Now I`ve got a unlock method, but it is not verified yet, development is in progress.
If you want to try it so much - I can build it and give it to you, but i am and not responsible for bricked devices.
One good guy have sent me a motherboard for further experiments, and as soon as i recieve it, i will continue my work on unlocking BL.

Sent from my RAZR M on BlissPop Lollipop 5.0.2 from Tapatalk

[SamuriHL]

I'm with you on that.  I looked at the scripting they're pushing and it's interesting cause they seem to be loading a kernel mod somehow.  Before replacing recovery.  I wonder if they found a way to temporarily patch at least some of the checks as part of the exploit.  It's interesting, anyway.  I'd like to see it run on a locked device.

[xKroniK13x]

Here is what is going on behind the scenes, according to xda user 's5610'
 
 

1) Script crashes moto_crypto.
2) Factory recovery gets replaced by May 1 kernel.
3) Reboot to recovery, but there is kernel instead - it gets booted, and we got vulnerable to Towelroot system under May 1 kernel.
4) We do root job, then quit.
5) Factory recovery returned back.
6) Script starts moto_crypto.
7) Normal system start, as if nothing happened.
 
W/o moto_crypto crash trick the kernel isn't stable + has no rw rights. Also there are few lines changed in giefroot's *.sh + custom install script. What exactly changed, and what for - I don't know, being not dev )

And ATTACK found out the exploits they are using...

It's using the CVE-2014-7911 exploit
>

Please Login or Register to see this Hidden Content

Please Login or Register to see this Hidden Content

And CVE-2014-4322 exploit:
>

Please Login or Register to see this Hidden Content

Please Login or Register to see this Hidden Content

Sooo... it looks like it may be a working root exploit, however, I'm gonna still call bologna on the BL unlock. A root exploit and a BL unlock are miles apart without the bad TZ partition.

[SamuriHL]

This will most definitely not unlock the BL.  But I do think there's something to it for root.  That's an interesting concept replacing recovery with boot.  I've seen it done on other devices, so, this is not out of the realm of possibilities.  And the boot they're using is signed, so, it could work on a locked BL device.

[johnthehillbilly]

Now we just need a reliable poor locked soul to run it....

[livinginkaos]

I might need to pick one up to try it.

sent from my N6