I’ve looked into the linked security vulnerability (CVE-2019-2215). There various ready-to-use POCs for it, including a fully working “pop me a root shell” feature. Source code is also available.
Sadly the specific kernel version running on the current firmware (8901.2.A.0096.20191001, September patch level) is 4.9.112-perf+. The 4.9 kernel branch was patched some time ago. So this one is not a solution for us. Confirmed it by trying all the available POCs.
Install ADB on your computer and ensure that your device has ADB Debugging enabled.
Once you have a ’ privileged’ connection via ADB run, ‘adb reboot bootloader’ Your phone will now boot into fastboot mode, this is where we can boot custom images
Run ‘fastboot boot (path-to-twrp).img’ Your phone will now boot in to TWRP
Find the install section of TWRP
Navigate to the SD card, find the magisk zip, select it and now swipe ‘flash’
Voila! Reboot back into the OS and you will now have full root access.
I’m a little bit shy to ask, but:
Will the Notification LED be available after rooting?
As far as I can remember regarding the first FP2s: It was needed to set permissions for the LED (colors), but then the worked.
thanks!
Great news and thanks to everybody involved - from dev to test and docu!
Questions though: How can we install upcoming system updates? And will rooting the phone prevent the automatic OTA updates?
If OTA did not work anymore on a rooted system, I’d guess one has to install the full system images (that Fairphone has not started to provide yet, have they?). Or otherwise make a backup the system partition before the initial rooting, restore it lateron, run the OTA update, create a backup of the updated system for future use and then root it again.
You will still see system updates, however they will fail to install due to modified boot and potentially system partitions (if you decided to modify system using root access).
In order to update, you have to restore all modified partitions to their unmodified state. I usually do this by flashing the boot and system partitions I backed up before. Then you can simply boot up your phone, install the update as usual and then use/install TWRP and Magisk(=root) again.
You can root the phone without loosing data. However you must have unlocked the phone before doing so. Unlocking is always triggering a data wipe to prevent attackers from accessing your data. E.g. if someone stole your phone, then rooting could potentially give the thief access to all your data. Long story short: as long as you unlocked your phone before using it, there is no need to wipe your phone. If you did not unlock it before, there is no way around it other than to root using an actual exploit in the running OS.
Hmmm. I only know the mechanisms about rooted FP2.
Yet, FP3 seems to have a different partitions-setup (A/B system partitions for a different update process) - still have to take a closer look at this …
In the thread about TWRP, I understand two different messages about the process of OTA updates:
OTA updates would install on rooted phones as well (with phone being unrooted afterwards):
k4y0z on the other hand says that the update would be refused:
I don’t want to sound pedantic but unlocking/rooting is not meant for “Android noobs” (how you described yourself). A lot can go wrong with such great power.
You may regard the difficulty to open up software/hardware as beneficial as the higher barrier means less collateral damage.
The instructions are clear, apart from them not clearly mentioning the smartphone needs to be unlocked and that doing so clears all data. Some have unlocked their FP3 right away, some not.