Tuesday, January 26, 2016

rooting - Is it necessary to have an unlocked bootloader to root a device?




My LG Stylo 2 Sprint Version running on Android 7 Nougat has a locked bootloader. LG made sure that the bootloader can't be unlocked.


This article states that it's possible to root with a locked bootloader.



When the boot loader is locked, and the manufacturer doesn’t provide a legitimate method to unlock it, you usually need to find a flaw in the device that will serve as an entry point for rooting it.


First you need to identify which type of boot loader lock you have; it can vary depending on the manufacturer, carrier, device variant, or software version within the same device. Sometimes, fastboot access is forbidden but you can still flash using the manufacturer’s proprietary flashing protocol, such as Motorola SBF or Samsung ODIN. Sometimes signature checks on the same device are enforced differently when using fastboot instead of the manufacturer’s proprietary download mode. Signature checking can happen at boot time, at flashing time, or both.


Some locked boot loaders only enforce signature verification on selected partitions; a typical example is having locked boot and recovery partitions. In this case booting a custom kernel or a modified recovery image is not allowed, but you can still modify the system partition. In this scenario, you can perform rooting by editing the system partition of a stock image as described in the “Rooting with an Unlocked Boot Loader” section.


On some devices, where the boot partition is locked and booting a custom kernel is forbidden, it is possible to flash a custom boot image in the recovery partition and boot the system with the custom kernel by booting in recovery mode when powering on the phone. In this case, it is possible to get root access through adb shell by modifying the default.prop file of the custom boot image initrd, as you’ll see in the “Abusing adbd to Get Root” section. On some devices, the stock recovery image allows applying updates signed with the default Android test key. This key is a generic key for packages that do not otherwise specify a key. It is included in the build/target/product/security directory in the AOSP source tree. You can root by applying a custom update package containing the su binary. It is unknown whether the manufacturer has left this on purpose or not, but this is known to work on some Samsung devices with Android 4.0 and stock recovery 3e.


In the worst-case scenario, boot loader restrictions won’t allow you to boot with a partition that fails signature verification. In this case, you have to use other techniques to achieve root access.




This seems counterintuitive, but is it necessary to have an unlocked bootloader to root a device? Otherwise, do any of the methods mentioned in the article work?




No comments:

Post a Comment

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...