# How to root kyocera duraforce pro ?



## Dropdead999 (Nov 17, 2016)

Please anybody know how to root the kyocera duraforce pro ? I've been try many method like using apps iroot,king root, kingo root, towel root and etc. but doesnt work. Thank you


----------



## drjby4 (Dec 3, 2016)

Looking also.  Anyone? Anyone? Bueller? Anyone?


----------



## Rooted Droid (Dec 3, 2016)

Dropdead999 said:


> Please anybody know how to root the kyocera duraforce pro ? I've been try many method like using apps iroot,king root, kingo root, towel root and etc. but doesnt work. Thank you

Click to collapse



I'm not familiar with this device but I have 4 methods that come to mind to root it.Make sure you do research on these 1st though because otherwise you might break your device!!

Method 1.
If your device has a custom recovery like twrp/cwm then you can grab a flashable zip from chainfires website and flash it in the recovery.

Method 2. You may be able to use "Wugfreshs Nexus Toolkit" thought it probably won't be compatible cuz like it says its for nexus devices.

Method 3. MTK Tool, if your device has a mediatek chipset then you may be able to use this tool on your PC to root the device

Method 4. Downloading the Android SDK Tools and using adb within CMD on windows to push a root zip/ root apk to the system directory and add the superuser binary (there are lots of tutorials to do this it just sounds difficult haha)

Just some thoughts, hope these may help! Good luck!


----------



## kay_rus (Jan 4, 2017)

I can try to help, training won't hurt. First of all I need the output of the command below:


```
cat /proc/cpuinfo
```

Also the kernel version or the "About" menu photo.


----------



## Sirachi (Jan 18, 2017)

Anybody have any luck with rooting a Duraforce Pro?  May buy this phone.


----------



## Vrink (Jan 22, 2017)

I am also very interested in a root for this phone. Just got this phone the other day and I really like the device. Would be great to get Nougat on this thing.


----------



## mr67volks (Jan 23, 2017)

I dont have cat/cpuinfo , but here is the screen cap link

.imgur. com/ U68XxPq.png

( sorry for some reason i have lost all my post counts form years back and now cant post images. )




kay_rus said:


> I can try to help, training won't hurt. First of all I need the output of the command below:
> 
> 
> ```
> ...

Click to collapse


----------



## kay_rus (Jan 24, 2017)

upd


----------



## RazorRaiser (Jan 27, 2017)

Here's the output from cat.


> $ cat /proc/cpuinfo
> Processor       : AArch64 Processor rev 4 (aarch64)
> processor       : 0
> processor       : 1
> ...

Click to collapse



Does anyone know they button combo for fastboot on this? I can get into a recovery mode but there's no orange light like with previous versions, and fastboot won't recognize it.


----------



## bouzer4me (Jan 28, 2017)

How do you get recovery mode?


----------



## bouzer4me (Jan 29, 2017)

*recovery mode*



RazorRaiser said:


> Here's the output from cat.
> 
> 
> Does anyone know they button combo for fastboot on this? I can get into a recovery mode but there's no orange light like with previous versions, and fastboot won't recognize it.

Click to collapse



How do you enter into recovery mode?? because via adb is impossible for me, I was installed adb and fastboot drivers, the cmd prompt recognize my device and reboot with "adb reboot bootloader" but don´t  show recovery or fastboot mode, just reboot normally


----------



## RazorRaiser (Jan 29, 2017)

bouzer4me said:


> How do you enter into recovery mode?? because via adb is impossible for me, I was installed adb and fastboot drivers, the cmd prompt recognize my device and reboot with "adb reboot bootloader" but don´t  show recovery or fastboot mode, just reboot normally

Click to collapse



*adb reboot recovery* will get you to recovery mode, just like the up and down volume buttons with the power button.

Interestingly, picking "Reboot to bootloader" from that menu also restarts the phone like normal. Does anyone have any insight on this? I've turned on OEM unlock from the developer menu but I get the feeling I'm missing a step.


----------



## RazorRaiser (Feb 12, 2017)

Just an update if anyone is following this thread. I emailed Kyocera asking how to get to bootloader and they told me they won't say. :/
I've been trying all kinds of button combinations but none work. Does anyone know if some manufacturers use special programs (I.E. their own versions of ADB and fastboot?) Is that a thing?

I'm trying to figure out which routes are a waste of time.


----------



## richie138 (Feb 28, 2017)

RazorRaiser said:


> Just an update if anyone is following this thread. I emailed Kyocera asking how to get to bootloader and they told me they won't say. :/
> I've been trying all kinds of button combinations but none work. Does anyone know if some manufacturers use special programs (I.E. their own versions of ADB and fastboot?) Is that a thing?
> 
> I'm trying to figure out which routes are a waste of time.

Click to collapse



did you figure this out yet?


----------



## RazorRaiser (Mar 1, 2017)

No, I'm at a dead end right now. What all have you tried?


----------



## ByAsher (Mar 2, 2017)

RazorRaiser said:


> No, I'm at a dead end right now. What all have you tried?

Click to collapse



Looks like Kyocera do that again Its very familliar with hidro icon that need to be rooted and after that deleted some files (recovery) in adb, and after that we can reboot to fastboot.
Something like that:
adb shell
su
dd if=/dev/zero of=/dev/block/platform/msm_sdcc.1/by-name/recovery
reboot recovery

BUT REMEMBER!!! You do this at your own risk, im not responsible for broking phones!!! 

And we dont have root

Maybe first temp root with kingroot and than delete recovery?


----------



## jnieves9019 (Mar 14, 2017)

I have the Verizon Duraforce Pro and I'm running into the same issue!! ? Anyone have any updates??


----------



## calipso-l (Mar 14, 2017)

tried it more then 20 times to enter recovery with power button + volume up and down - no success


----------



## sl2208 (Mar 25, 2017)

*Duraforce PRO recovery mode*

I was able to get into the recovery menu on my ATT Kyocera Duraforce Pro (hope it works for Verizon/Sprint/T-Mb versions):
1.Turn off your phone 
2.Press and hold the power, vol up and vol down buttons at the same time. 
3.After Kyocera logo finally appears release the power button but continue holding the vol up and vol down buttons until the reset menu appears.


----------



## SergP2008 (Mar 29, 2017)

sl2208 said:


> I was able to get into the recovery menu on my ATT Kyocera Duraforce Pro (hope it works for Verizon/Sprint/T-Mb versions):
> 1.Turn off your phone
> 2.Press and hold the power, vol up and vol down buttons at the same time.
> 3.After Kyocera logo finally appears release the power button but continue holding the vol up and vol down buttons until the reset menu appears.

Click to collapse



Please make a video how do you get into recovery


----------



## Dropdead999 (Nov 17, 2016)

Please anybody know how to root the kyocera duraforce pro ? I've been try many method like using apps iroot,king root, kingo root, towel root and etc. but doesnt work. Thank you


----------



## hgomezc (Apr 2, 2017)

Hello,

In a few days, my daughter will be dumping this phone, and I'm going to take possession of it to replace my current, ancient non-android phone, and finally go back to Android since my last device on Jelly Bean 4.1.2.

A few days back we had an issue with a stuck app, and in several intents, I was not able to get the DuraForce into recovery mode. Finally, I solved the app's problem by clearing the app's cache, and that was it, daddy was a hero again! But I was left with the doubt about the recovery mode.

However, now that the Duraforce is going to be mine, the first thing I'll do is to perform a factory reset (it has stock ROM), and then I would like to install a custom ROM on it to get it to the latest Android version available for this device.

So, I would like to join forces with someone doing the same, to share knowledge and experience while traveling this treacherous path.


----------



## TishPunk (Apr 5, 2017)

hgomezc said:


> So, I would like to join forces with someone doing the same, to share knowledge and experience while traveling this treacherous path.

Click to collapse



Hello! Did you get to root on your device? Do not you get to get into bootloader mode?


----------



## hgomezc (Apr 6, 2017)

TishPunk said:


> Hello! Did you get to root on your device? Do not you get to get into bootloader mode?

Click to collapse



I don´t have the phone yet, maybe in a couple of days. I'll let you know as soon as I manage to work on it.


----------



## scotty9009 (Apr 7, 2017)

*Recovery menu Verizon*

With phone on hold power and vol- down when phone shuts down the red ligth will blink 12 times when light turns green release power button. From there you can get into bootloader light in upper left coner.


----------



## hgomezc (Apr 16, 2017)

scotty9009 said:


> With phone on hold power and vol- down when phone shuts down the red ligth will blink 12 times when light turns green release power button. From there you can get into bootloader light in upper left coner.

Click to collapse



This didn't work for my phone. Nothing happens at all; the phone doesn't even shut down while pressing that combination. Thank you anyways.

I've had the phone for a few days now, and I've tried a lot of ways to get it into recovery mode without success. My device was draining the battery very badly, it lasted about 5 to 6 hours on stand-by mode before going down to 2%, so I thought that I need to root it and install a clean rom instead of the AT&T stock rom. Besides, it has a lot of bloatware that I don't want.

Finally, yesterday my battery usage was way better, it consumed 15% in about 12 hours on stand-by, so it is an outstanding improvement for me. What I did is that I disabled the unwanted apps and configured the APN which was missing for my carrier. I'm not saying that the APN thing had anything to do with the battery drain, but I don't know for sure.

For the meantime, I will leave it as it is. If I still experience unusual battery drain, then I will try again to install a custom rom.


----------



## richie138 (May 12, 2017)

doing this booted me into "Safe Mode"


----------



## JudahYehudi92 (May 18, 2017)

Dropdead999 said:


> Please anybody know how to root the kyocera duraforce pro ? I've been try many method like using apps iroot,king root, kingo root, towel root and etc. but doesnt work. Thank you

Click to collapse



I

I got the phone as well and for now there is no root for Android OS 6.0.1. Guess we gotta be patient


----------



## Celti (May 23, 2017)

I've found myself with a Duraforce Pro and am eager to find a way to root it. I don't know a great deal about the process but I know how to follow instructions if anyone wanting to work on this needs information from the phone to try and get this done.


----------



## Mr_Sm1th (Jun 2, 2017)

following this just got duraforce pro and would love to be able to get Galaxy S8 rom for the phone.


----------



## DevCake (Jul 1, 2017)

Dropdead999 said:


> Please anybody know how to root the kyocera duraforce pro ? I've been try many method like using apps iroot,king root, kingo root, towel root and etc. but doesnt work. Thank you

Click to collapse



I've been trying to get into fastboot to unlock the bootloader with no success. I have the Verizon E6810 version. No button combo seems to do it and via ADB is a bust. Please post updates if you have one.

~DC


----------



## olegfusion (Jul 20, 2017)

Did somebody try to unlock bootloader? In developer settings there are OEM unlock switch, somebody tried to enable it and unlock via fastboot?


----------



## richie138 (Aug 15, 2017)

olegfusion said:


> Did somebody try to unlock bootloader? In developer settings there are OEM unlock switch, somebody tried to enable it and unlock via fastboot?

Click to collapse



I have tried this and it didn't work.  neither adb nor fastboot will reboot to the bootloader for me.  _adb reboot bootloader_ reboots the phone "normally" and any fastboot command such as_ fastboot oem unlock_ just says < waiting for any device >

I'm using OS X but I've tried various things on Windows in the past without luck as well

:crying:


----------



## Sirachi (Sep 19, 2017)

Anybody have luck with this?  I just bought the phone.  Willing to work with a developer on rooting it.


----------



## Sirachi (Sep 19, 2017)

Found this link: http://www.androidinfotech.com/2016/12/root-kyocera-duraforce-pro-marshmallow-twrp.html

Anybody tried it yet?


----------



## Rickgmi (Sep 21, 2017)

*Little circle*

when I shut off phone then hold the Volume up and down with power button I get a regular boot screen but with a little round circle in upper left corner, it seems to stay there till I press and hold the power button then boots like normal.. could that be the boot menu blocked from the screen


----------



## BigBallSak17 (Sep 26, 2017)

If you press the vol up/vol down/power buttons at the same time then when Kyocera appears on the screen release the power button but keep holding the vol up/vol down bottom. This puts you to where you can reboot to bootloader, erase your phone, clear cache partitions ..... May this will help someone. I sure would love to get mine rooted!


----------



## Sirachi (Sep 27, 2017)

richie138 said:


> I have tried this and it didn't work.  neither adb nor fastboot will reboot to the bootloader for me.  _adb reboot bootloader_ reboots the phone "normally" and any fastboot command such as_ fastboot oem unlock_ just says < waiting for any device >
> 
> I'm using OS X but I've tried various things on Windows in the past without luck as well
> 
> :crying:

Click to collapse



No such luck for me either.  Attempted on both Mac OS and Windows 7.  When I reboot into bootloader it just sits there on the Kyocera splash screen.


----------



## gazumph (Oct 14, 2017)

I'm looking to root my Kyocera DuraForce Pro AT&T E6820. No luck anywhere.


----------



## Ynotme (Oct 17, 2017)

*Almost there...*

The best way to enter bootloader mode is using the latest version of adb/fastboot from google in conjunction with valid drivers. If done properly, the following command will return a serial no: "adb devices". Then, one can type "adb reboot bootloader" which will boot the phone to a screen with the Kyocera logo and a tiny circle in the upper left corner (this is normal). You interact with the bootloader via USB Debugging from the PC it's connected to. Every command will take the form of fastboot <option> <command>. The command to unlock the bootloader is supposed to be "fastboot oem unlock". However, it and almost every other fastboot command, including "fastboot flashing unlock" fails. Once successfully unlocked, all of the fastboot commands should work as expected. Since Kyocera publishes a setting to allow oem unlocking in the first place (via developer options), it seems fair to assume they also provide a mechanism to actually unlock it. If one can accomplish that, rooting the device is all downhill.


----------



## Ynotme (Oct 18, 2017)

Please, everyone. I implore you to recreate the above scenario in hopes someone will clear that last hurdle (or even bypass it altogether). If you find my instructions lacking, I'll happily provide clarification for anyone willing to try.


----------



## Dropdead999 (Nov 17, 2016)

Please anybody know how to root the kyocera duraforce pro ? I've been try many method like using apps iroot,king root, kingo root, towel root and etc. but doesnt work. Thank you


----------



## Ynotme (Oct 19, 2017)

My efforts thus far were performed strictly from a Windows 10 PC using Verizon's flavor of the Duraforce Pro (*E6810*) running the recently released Android 7.1.2 (Nougat) update. They include but aren't limited to the following major points: 

Installed the newest Windows drivers from both google and Kyocera.
Installed the newest and a deprecated version of the adb/fastboot executables.
Identified at least one other working fastboot command (_fastboot getvar all_).
Launched the recovery environment using a button combination instead of _adb reboot recovery_. 
Connected multiple cables to both USB 2.0 and USB 3.0 ports.
Toggled the _Legacy USB support_ setting in BIOS setup.
Inspected the recovery logs for anything useful (option 6 in the recovery menu).
Installed and studied the Android Development Environment for any leads.
All ideas, no matter how unlikely, are welcome and encouraged. The following specific conditions have yet to be ruled out:

Testing from a native Linux environment.
Testing on both the Sprint (*E6830*) and ATT (*E6820*) implementations of the phone.
Testing on a phone still running the stock Android 6.0 (Marshmallow) operating system.


----------



## Ynotme (Oct 20, 2017)

*ATTN: Moderators*

I suspect this thread would attract more attention in another forum, possibly "Android Development and Hacking --> Android General" since the content here pertains exclusively to, and is the only such thread of any significance focused on rooting the Kyocera Duraforce Pro. If you agree, please direct me to the appropriate procedure and forgive my naivete. I am very new to the site as well as the newest participant of this thread.


----------



## Ynotme (Oct 22, 2017)

Further experimentation with the following scenarios continued failing in a manner identical to previous efforts:

Fastboot from a native Linux installation of Ubuntu Live version 16.04.3 LTS amd64.
Fastboot with the phone in "System Update" mode, hoping for a correlation with Samsung "Download" mode.
Fastboot after removing all accounts, Google or otherwise, and disabling all security options in phone settings.

Until we can advance beyond "Bootloader" mode, our testing should focus specifically on Fastboot/OEM Unlocking.

Note: One can explore (but not touch) protected areas of the phone's native Linux file system from the ADE Device Monitor and other limited tools.


----------



## OPIUM57 (Oct 29, 2017)

*Root Kyocera Duraforce pro*

Hello could you show how to proceed for Root Kyocera Duraforce pro thanks


----------



## Ynotme (Nov 1, 2017)

Sure, I'll get right on that. 



OPIUM57 said:


> Hello could you show how to proceed for Root Kyocera Duraforce pro thanks

Click to collapse


----------



## emgo (Nov 1, 2017)

*Rooting the 6810*



Ynotme said:


> Sure, I'll get right on that.

Click to collapse



Ynotme, I'll be watching your posts. I need root access on my Duraforce Pro 6810. Thanks for all your work. I just upgraded to Nougat.

Ken


----------



## NE-Phil (Nov 2, 2017)

*Anyone Try this Neopodapsi Root?*

So far, my Kyocera Brigadier is working just fine but I am interested in getting the DuraForce Pro.  I also want to see if it can be rooted since the Brigadier cannot. 

Obviously no luck at rooting it here so I just googled how to root the DuraForce Pro and came up with an interesting link.  I'm unable to post the link as I don't have the qualifying 10 posts yet. I can tell you where it is. Go to Neopodapsi DOT com .  Click on Android and do a search on DuraForce Pro. 4 articles appear, two of them having to do with rooting it. 
Might be another dead end but you never know.  

Phil


----------



## Nesbocaj (Nov 2, 2017)

Survey scam, good luck.


----------



## sanjananb (Nov 3, 2017)

*Check these steps*

Get root access will be via Rootkhp Pro free program.

load program Rootkhp Pro on a PC
Connect your mobile device to your computer
The program runs without installation
Click on the Root button and wait for the notification to start work
We are waiting for about 10 minutes and get a notification that you are ready
Attention! The end result may depend on the firmware version of your mobile device


----------



## Ynotme (Nov 10, 2017)

Regarding the last two proposals; My initial impression of them is not positive. Even if we determine that one or both is feasible, each requires installing a custom recovery ROM which can only be accomplished after successfully unlocking the bootloader. That aside, I was unable to locate any reputable websites with independent reviews or threads corroborating their efficacy. I also found the terms and conditions of their software unreasonable and even preposterous. Furthermore, closer inspection of their actual procedures exposes them as generic instructions applicable to 90% of smartphones. Undeniably, the gaudy marketing and pervasive trickery stains their credibility the most. Since neither suggestion was even acted upon, I presume the authors have their own serious reservations. So, with all due respect, we need results not suggestions.


----------



## Celti (Nov 10, 2017)

Working from an Arch Linux system with a DuraForce Pro Sprint (E8630).

Booted into Android normally: `adb devices` lists the phone, `adb reboot recovery` boots into recovery, `adb reboot bootloader` reboots the phone with no special action and _without_ the screen with the Kyocera logo and the circle in the corner. Selecting "Reboot into bootloader" from the recovery does the same thing.

At any point between rebooting the phone and getting back into Android proper (e.g., while booting and while in recovery) both adb and fastboot do not recognise the phone, and in fact the phone is not even listed in my laptop's current connected USB devices for adb/fastboot to work with.

I _do_ have the Enable OEM Unlock option turned on in Developer Tools.


----------



## Ynotme (Nov 16, 2017)

Got my hands on ATT's version (E3820) and was unable to the access the recovery environment at all. Customary adb commands just reboot the phone so fastboot useless. Holding both volume buttons while booting yields a featureless black screen with a dead android robot captioned "No Disc!" Now that we've examined all three varieties of the D-Pro (Thank-you Celti), we need to get creative with our research.  To keep the momentum going, I'm chasing a few long-shots that I'll report back on soon...


----------



## Ynotme (Nov 19, 2017)

I've captured the primary archive used by the update software for the E6810 which contains all of the latest internal partitions including, system.img and recovery.img among others all easily extracted using 7-zip. Next steps are to mount the system image (ext4) under Linux, add the su binaries, and re-insert the archive into the update software. The latter being the most challenging step because it likely includes anti-tampering protection of some sort.


----------



## OPIUM57 (Nov 24, 2017)

Good job guy


----------



## hetty (Nov 27, 2017)

Any progress?
I too am looking for help to Root the Duraforce Pro. I really like the phone but have the problem with Android that it doesn't save new APN data or says the user cant do it. Hence the desire to Root it to try resolve this. I want to use it in multiple countries which my data subscription allows but it doesn't work.
I have tried Kingoroot, Towel root but like the first post, no joy.

Post #53 is incomprehensible to me ...... looks interesting but I need more baby steps.

I have a Duraforce and it rooted fine with Kingoroot.


----------



## vodny (Dec 8, 2017)

No go with rooting this device for me either, but I have noticed on the Kyocera homepage, that it should receive Nougat update around 8th December, which may solve some performance problems it has. I tried to update it, but it didnt find it yet. Maybe my DFPro will not receive it anyway, cause I have the 2GB RAM variant.


----------



## Ynotme (Dec 13, 2017)

Thank-you for the kind words, and I apologize for my lapse in communication. Instead of blaming the season or a full schedule, I really really want to believe my lack of progress is largely the result of a steep learning curve. I've spent far too long trying unsuccessfully to mount the image files I plucked from the E6810 update tool, and it's long past time to ask for help. Hopefully there's a Linux guru monitoring this thread who can/will determine categorically whether these partitions are indeed mountable and if the current path is still feasible. When/if someone steps up, I'll make the files accessible and recount the details of my fruitless efforts.  In the meantime, I have no intention of giving up.


----------



## Celti (Dec 13, 2017)

Ynotme said:


> Hopefully there's a Linux guru monitoring this thread who can/will determine categorically whether these partitions are indeed mountable and if the current path is still feasible.

Click to collapse



Linux guru with a E8630 here, watching this thread eagerly. Shoot me a message and let's get cracking!


----------



## Ynotme (Dec 14, 2017)

Thank-you Celti for coming forward and your contributions so far. Your confidence and enthusiasm is encouraging. That said, I must remind you that our work on the E6810 may have little or no bearing on the E6830. Alongside MTP, the USB menu on my phone includes an entry called "System Update" that is not present on the other two models. Selecting it creates a virtual drive containing proprietary software that downloads the latest OEM builds used to repair or update the device. I saved the source file (binfile74.bin) by replicating the Windows temp directory in realtime during a repair operation with a tool called Goodsync. The current package contains several files comprising Android Nougat 7.1.2 totaling about 1.5GB after being repacked. My actual attempts to mount them consisted of only the most basic Linux commands on a clean install of Ubuntu 16.04 loaded in VirtualBox. Many thanks and good luck. I'll make every effort to remain responsive.

https://drive.google.com/file/d/1JvfbA6wI1SsafOLn4xMHxd0xKslJD3e9/view?usp=sharing


----------



## Celti (Dec 14, 2017)

Ynotme said:


> Thank-you Celti for coming forward and your contributions so far. Your confidence and enthusiasm is encouraging. That said, I must remind you that our work on the E6810 may have little or no bearing on the E6830.

Click to collapse



 It might, it might not. Either way, progress will be made for _someone_.

Taking a preliminary look at the file, it's a bunch of concatenated partition images and other files (I've noticed NON-HLOS.bin specifically, part of the baseband firmware image) prefixed with a Kyocera-specific security header. 

Of particular note is a file in this bundle named "SUM_MEM_Script.txt", generated by something called "KC SUM calc Ver 1.07" with what looks like filenames and checksums for the entire device structure. Ought to help with extracting these safely.


----------



## Dropdead999 (Nov 17, 2016)

Please anybody know how to root the kyocera duraforce pro ? I've been try many method like using apps iroot,king root, kingo root, towel root and etc. but doesnt work. Thank you


----------



## emgo (Dec 14, 2017)

Thanks to all of you working on root for the Duraforce Pro. I have a 6810 that I would really like to get rooted, I'll be watching.
Ken


----------



## Celti (Dec 14, 2017)

You now can find all of the files extracted from the binary at https://repo.celti.name/kc/. They all appear to be bog-standard Android sparse images/bootimgs/the various other bits and blobs that make up an Android update.


----------



## Ynotme (Dec 15, 2017)

Celti said:


> ...Either way, progress will be made for _someone_.

Click to collapse



Your altruism is refreshing even now. Did you too encounter errors mounting the partition images, mainly system.img and recovery.img? The others, including those inside gpt_main.bin, are inconsequential at the moment.


----------



## Celti (Dec 15, 2017)

Ynotme said:


> Your altruism is refreshing even now. Did you too encounter errors mounting the partition images, mainly system.img and recovery.img? The others, including those inside gpt_main.bin, are inconsequential at the moment.

Click to collapse



I have not. system.img is an Android "sparse image" ext4 filesystem while recovery.img is an Android "boot image". Have you worked with either format before? There are standard Android development tools for both, but I prefer using IMGtool; simply run "imgtool system.img extract" and "imgtool recovery.img extract"; the former will generate a mountable image file,. while the latter will generate a kernel, kernelimage, and a .tar.gz format ramdisk.


----------



## Ynotme (Dec 16, 2017)

Celti said:


> I have not. system.img is an Android "sparse image" ext4 filesystem while recovery.img is an Android "boot image".

Click to collapse



Thank-you. That's what I was hoping to hear and exactly why I asked for help. Since unlocking the bootloader seems unlikely, I laid out a quick plan earlier to 'import' the superuser binaries to the system image so they would automagically appear in the system folder when the repair operation completed (Specifically busybox and su in system/bin and Superuser.apk in system/app). It sounds like that solution is still workable, though not as straightforward.


----------



## Ynotme (Dec 22, 2017)

The next step requires editing the contents of an Android sparse image as stated above. Celti, are you still able to assist with this task? Since the target partition is now available for download with the main package or individually, I urge anyone with a comparable skillset to undertake the challenge. Meanwhile, I'll commit my limited patchwork of free time to learning the ability.


----------



## sudex1 (Jan 2, 2018)

*huhu*

I am new to this forum and a new owner of the *DuraForce PRO E6820 6.0.1 (3.017AT)* at&t branding and bootloader signature.
Though I got no android/linux skills I try my best to get that rooted. I found kernel and other software here:  kyoceramobile.com/support/developers/
but not sure if this is a clean kernel or the same at&t plaqued kernel already installed.

Through my researches I also found this document niap-ccevs.org/MMO/Product/st_vid10742-st.pdf and wonder if it may help.

cheers sudex.
be back soon.


----------



## Rafael4096 (Jan 3, 2018)

Not sure if this helps, but I am working on buying a secondary Duraforce Pro so I can experiment without losing my primary phone.
If anyone comes up with test methods or files, I am willing to risk my "spare" for the cause. I love the phone, but not the bloat.
I really hate the messaging app, its really glitchy and cumbersome. I prefer the Google messages app, but it doesn't seem to play well with the Duraforce Pro.


----------



## ColdAtrophy (Jan 8, 2018)

I'm new here and I'm no hacker, but I just wanted to say thank you to you guys that are working on the Kyocera DFP. I have an E6820 (AT&T) with Marshmallow 6.0.1 and I am more than willing to help however I can. I've exhausted all the usual stuff with ADB and Fastboot and got stuck at not being able to get into the recovery or the bootloader so I'll be in watching with great interest.


----------



## Ynotme (Jan 10, 2018)

Thanks everyone for your enthusiasm and various snippets of information. Aside from my work on the E6810, our best odds ride almost entirely on finding and exposing a vulnerability. The kernel images on the Kyocera web site _are_ actually classified by service provider suggesting congruency with commercial releases of the same version making them viable test subjects for potential weaknesses in the E6820 and E6830.


----------



## duntou (Jan 14, 2018)

*root my e6820 not success*

adb reboot bootloader
<waiting devices>

Anyone have a new way? thanks


----------



## Rafael4096 (Jan 16, 2018)

*Got my spare Duraforce Pro*



Rafael4096 said:


> Not sure if this helps, but I am working on buying a secondary Duraforce Pro so I can experiment without losing my primary phone.
> If anyone comes up with test methods or files, I am willing to risk my "spare" for the cause. I love the phone, but not the bloat.
> I really hate the messaging app, its really glitchy and cumbersome. I prefer the Google messages app, but it doesn't seem to play well with the Duraforce Pro.

Click to collapse



Got the spare today so I can experiment without losing my personal phone.
If anyone has ideas to try, glad to try it on my spare if it looks like it wont permanently brick it. It still may brick, but I am willing to try.


----------



## wanderingturtle (Feb 5, 2018)

I am considering buying this phone, since it is the only durable verizon phone I can find on the market. I would want to install a custom ROM like cyanogen. I don't have the skills, but I could contribute to a bounty to get this done.


----------



## ColdAtrophy (Feb 6, 2018)

wanderingturtle said:


> I am considering buying this phone, since it is the only durable verizon phone I can find on the market. I would want to install a custom ROM like cyanogen. I don't have the skills, but I could contribute to a bounty to get this done.

Click to collapse



I'll 2nd that. I'm willing to throw down some cash to make this happen. Someone fire up the bat signal.

Sent from my KYOCERA-E6820 using Tapatalk


----------



## ilia3367 (Feb 14, 2018)

Tell me please, does the Sprint phone have a bootloader mode?


----------



## Ynotme (Feb 15, 2018)

I will at least finish the work I started on Verizon's baby (E6810) using the recent update as proof of concept. Look for results within a week.


----------



## emgo (Feb 23, 2018)

I'm anxiously waiting on root access for my 6810. Will this be for the Nougat update?
Thanks,
Ken


----------



## ilia3367 (Mar 1, 2018)

emgo said:


> I'm anxiously waiting on root access for *my 6810*.

Click to collapse



The Verizon bootloader will never be unlocked.


----------



## emgo (Mar 2, 2018)

I was thinking you could have a rooted phone without having the bootloader unlocked, it that incorrect?


----------



## ColdAtrophy (Mar 3, 2018)

emgo said:


> I was thinking you could have a rooted phone without having the bootloader unlocked, it that incorrect?

Click to collapse



I am by no means an expert. I've only recently started to get into learning everything I can about Android, Linux, root, ROMs, flashing recovery, etc. 

I got my hands on a Verizon Galaxy S4 for free. The owner got an upgrade to a new phone and doesn't care what I do to it. 

It took me about a day to figure out how to root it. I've noticed a few things in the process. 

1) I can easily get into the recovery on the S4.

2) Odin, the proprietary Samsung flashing tool, is available for fixing any screwups. Since I rooted it the first time, I flashed it back to stock twice and went through the process again.

3) Download mode is accessible on the S4. I've seen it referenced elsewhere as "fastboot/download mode".

With all that said, the S4 cannot get the usual custom ROMs flashed to it if it has been updated to Lollipop. And even if it hasn't, the only way around the bootloader is to use something called Safestrap which, as I understand it, creates a second boot partition and sidesteps the stock Verizon one. According to my research on this, this was on the only viable option for the same exact reason. Verizon's bootloader is locked.

So anyone who knows better, please correct me, but the way I see it is this: locked bootloader does not mean root is impossible. It seems to mean that flashing custom ROMs is impossible. I'll still take a stock OS with SuperSU installed and working any day over what we have now.

Sent from my KYOCERA-E6820 using Tapatalk


----------



## Dropdead999 (Nov 17, 2016)

Please anybody know how to root the kyocera duraforce pro ? I've been try many method like using apps iroot,king root, kingo root, towel root and etc. but doesnt work. Thank you


----------



## jfever311 (Mar 17, 2018)

Any updates on possible root exploits?


----------



## ColdAtrophy (Mar 28, 2018)

Alrighty. It's been a little while since anyone has posted anything of progress or value, no offense intended of course. What's the standard procedure for posting a root bounty for a phone? I'd like to attract some real interest in getting this thing done.

Edit: No idea if this is even remotely helpful, but I came across something that I found interesting.

I ended up with a soft brick, black screen after boot. I tinkered a little too hard I think. I used Google's Find My Device app to send a factory reset command to the device. And wouldn't ya know it? The system recovery screen loaded and then the recovery processes ran. I couldn't interact with it, but still. Kyocera told me that there was no way to fix it without an RMA and AT&T had no method for accessing recovery either. It left me wondering if this represented a potential vulnerability that could be exploited for access to the recovery environment.

I looked into the documentation on the Device Admin aspect of Android and I didn't find much that seemed helpful, so maybe this is absolutely nothing, but I thought I'd share.


----------



## MisterWillie (Mar 28, 2018)

Just what root method were you trying to use?


----------



## ColdAtrophy (Mar 30, 2018)

MisterWillie said:


> Just what root method were you trying to use?

Click to collapse



Honestly, I don't recall off the top of my head. It was likely either Kingoroot or Kingroot that yielded the black screen. At the time, I was trying anything and everything that looked like it wasn't a total scam. 

I've tried everything. I mean it. I looked into every single method I could come across over a period of 4 or 5 months. I either couldn't use the root method due to the fact that I can't access the recovery to flash a new image (like with Magisk for example), or the application didn't offer an exploit that worked. Also, fastboot is inaccessible.


----------



## Ynotme (Apr 7, 2018)

Gentlemen, I confess I've never rooted a smartphone before, much less one with a locked bootloader. In fact, the E6810 is my very first Android. Far from an expert, I'm rather just an enthusiast faced with a steep learning curve at every turn. Unfortunately, despite calls for a bounty, I passed the point of diminishing returns soon after my last post. I hence took an alternate route utilizing ADB and Tasker to achieve the desired functionality. However, I still believe my original approach holds the greatest chance of success for a committed individual or team thereof. As before, the next steps require merging the superuser files with a recovery image and fooling Verizon's software into loading it. I suspect Celti is well equipped to accomplish the former, but owning an E6820 means he has little incentive to do so (Regrettably, after reviewing our dialogue, I suspect my poor choice of words inadvertently offended him). The final step depends less on technical know-how, but will likely involve much trial and error. Theoretically, everything needed to proceed exists within this thread except for the raw determination. I apologize for ditching the party early, but I'll try to remain available for consult.


----------



## ndt44 (Sep 29, 2018)

sl2208 said:


> I was able to get into the recovery menu on my ATT Kyocera Duraforce Pro (hope it works for Verizon/Sprint/T-Mb versions):
> 1.Turn off your phone
> 2.Press and hold the power, vol up and vol down buttons at the same time.
> 3.After Kyocera logo finally appears release the power button but continue holding the vol up and vol down buttons until the reset menu appears.

Click to collapse



This worked on my AT&T E6820 and got the phone to a screen with a green android guy with a red warning sign and "no command" on the screen. Unfortunately, I am having some version issues with ADB on my laptop right now.


----------



## naveenroy (Oct 5, 2018)

Just trying to bump this thread up. Would really love to remove some bloatware from this phone!


----------



## agladservo (Oct 14, 2018)

I've already stated before, I can do it, but either someone needs to send me the Sprint variant, or at least get in direct touch where I've got the information for that or an AT&T version on the stock firmware that's currently in service. The stock Verizon firmware still works with VIKIROOT (albeit buggy) despite being compiled past the patching of CVE-2016-5195 & the Verizon consumer utility software will load an entire packed & signed image to the device through it's own method, at least one of which has been dumped, shared, and unpacked, but without the prerelease Verizon firmware mentioned on those Russian forums, which presumably still has the other pre-Q3 '06 Qualcomm exploits unpatched there's no fastboot access on the other-than Sprint versions, and using temporal CVE-2016-5195 escallation to raw flash a patched boot/aboot will almost certainly brick it in the worst way possible. Alternatively, the method used for the Cat S60 *might* work here, but obviously it won't work with that Verizon utility image, so, either someone needs a full flash image & utility from Sprint, or something to root & dump in its entirety through ADB/standalone exploits that aren't the rowhammer or temporal CVE-2016-5195 ones that mostly do work because the quadrooter vulnerabilities (or something) are needed to get around dm-verity for lack of both a signed engboot and the ability to write it through fastboot


----------



## j_yenals (Jan 3, 2019)

Hi, 
Junior member just wondering if there has been any progress made on rooting the Duraforce pro 6820 AT&T or either of the other versions. 

I will provide a phone and hope that others might contribute after the fact. Just sayin.

Thanks


----------



## Celti (Jan 23, 2019)

Ynotme said:


> I suspect Celti is well equipped to accomplish the former, but owning an E6820 means he has little incentive to do so (Regrettably, after reviewing our dialogue, I suspect my poor choice of words inadvertently offended him)

Click to collapse



Not offended, just been repeatedly punched in the face by life. Also, I have an E6830 (Sprint), not an E6820 (AT&T) — but I no longer have service for it.


----------



## rhys8582 (Jan 29, 2019)

Hey all!  I just finished reading through this thread from start to finish.  At one point someone posted "The Verizon bootloader will never be unlocked!".  I don't really want to go back through the 9 pages I just read to locate that comment; can someone clarify what is meant by that?

Thanks!


----------



## Ynotme (Mar 24, 2019)

rhys8582 said:


> Hey all!  I just finished reading through this thread from start to finish.  At one point someone posted "The Verizon bootloader will never be unlocked!".  I don't really want to go back through the 9 pages I just read to locate that comment; can someone clarify what is meant by that?
> 
> Thanks!

Click to collapse



The E6810 (Verizon) and possibly other models, include a setting in developer options called "OEM unlocking."  Ideally (and logically) it would grant access to the boot _loader_ from boot _menu_ which is launched by depressing the volume down button when powering on the unit. Sadly, the setting in developer options changes nothing when enabled and appears defunct. That means the boot _loader_ is disabled deeper within the image and likely very difficult to reach. Therefore, one must employ more complex methods to gain root access such as exploiting a security vulnerability.

http://technotif.com/rooting-locked-boot-loader/


----------



## 3l3tric (Apr 5, 2019)

agladservo said:


> I've already stated before, I can do it, but either someone needs to send me the Sprint variant, or at least get in direct touch where I've got the information for that or an AT&T version on the stock firmware that's currently in service.

Click to collapse



I just received the DuraForce Pro 2 from AT&T yesterday and found this thread, what all do you need?


----------



## servimp (Apr 23, 2019)

This was done on a 6810 For this, the phone had to have been rooted (not sure here).
I currently have a pair of 6810s to spare, and available for anyone to test.
Besides, I can get my hands in one of those e6810s with Russian firmware, just in case some investigation is needed.


----------



## 11sword11 (Apr 23, 2019)

The phone withe russian firmware don't have root. In this firmware even removed trigger for enable adb in developer settings. The russians do not want to share the secret of how they patched device with this firmware. I suspect they are solder wires to the board and flash the memory chip directly on the programmer.
Or maybe they have a special cable or software tool that they don't want to share with anyone.


----------



## ndt44 (Oct 14, 2019)

In case anyone is still attempting to root these, here is some partition info from my active, working E6820 AT&T DuraForce Pro: (from an app called DiskInfo) 

--------------------------
 Internal Storage
--------------------------
 * zram0 [zram0] Not mounted
   Total space: 512 MB
--------------------------
 Internal Storage (MMC)
--------------------------
 * modem [mmcblk0p1] (/firmware) [vfat]
   Used: 83.1 MB, Free: 8.9 MB, Total space: 92 MB
 * sbl1 [mmcblk0p2] Not mounted
   Total space: 1 MB
 * sbl1bak [mmcblk0p3] Not mounted
   Total space: 1 MB
 * rpm [mmcblk0p4] Not mounted
   Total space: 512 KB
 * rpmbak [mmcblk0p5] Not mounted
   Total space: 512 KB
 * tz [mmcblk0p6] Not mounted
   Total space: 2 MB
 * tzbak [mmcblk0p7] Not mounted
   Total space: 2 MB
 * cmnlib64 [mmcblk0p8] Not mounted
   Total space: 512 KB
 * cmnlib64bak [mmcblk0p9] Not mounted
   Total space: 512 KB
 * cmnlib [mmcblk0p10] Not mounted
   Total space: 512 KB
 * cmnlibbak [mmcblk0p11] Not mounted
   Total space: 512 KB
 * keymaster [mmcblk0p12] Not mounted
   Total space: 512 KB
 * keymasterbak [mmcblk0p13] Not mounted
   Total space: 512 KB
 * devcfg [mmcblk0p14] Not mounted
   Total space: 512 KB
 * devcfgbak [mmcblk0p15] Not mounted
   Total space: 512 KB
 * aboot [mmcblk0p16] Not mounted
   Total space: 2 MB
 * abootbak [mmcblk0p17] Not mounted
   Total space: 2 MB
 * boot [mmcblk0p18] Not mounted
   Total space: 64 MB
 * recovery [mmcblk0p19] Not mounted
   Total space: 64 MB
 * fota [mmcblk0p20] Not mounted
   Total space: 64 MB
 * fotabk [mmcblk0p21] Not mounted
   Total space: 64 MB
 * devparam [mmcblk0p22] Not mounted
   Total space: 10 MB
 * splash [mmcblk0p23] Not mounted
   Total space: 25 MB
 * reserve1 [mmcblk0p24] Not mounted
   Total space: 512 KB
 * reserve2 [mmcblk0p25] Not mounted
   Total space: 512 KB
 * system [mmcblk0p26] Not mounted
   Total space: 4.5 GB
 * Cache [mmcblk0p27] (/cache) [ext4]
   Used: 89.9 MB, Free: 2 GB, Total space: 2.1 GB
 * Data (userdata) [mmcblk0p28] (/data) [ext4]
   Used: 18.7 GB, Free: 2.7 GB, Total space: 21.5 GB
 * dsp [mmcblk0p29] (/dsp) [ext4]
   Used: 8.2 MB, Free: 7.8 MB, Total space: 16 MB
 * mdtp [mmcblk0p30] Not mounted
   Total space: 32 MB
 * devinfo [mmcblk0p31] Not mounted
   Total space: 8 MB
 * carrier [mmcblk0p32] (/carrier) [ext4]
   Used: 5.5 MB, Free: 34.5 MB, Total space: 40 MB
 * fotamng [mmcblk0p33] Not mounted
   Total space: 257 MB
 * reserve3 [mmcblk0p34] Not mounted
   Total space: 56 MB
 * reserve4 [mmcblk0p35] Not mounted
   Total space: 2 MB
 * reserve5 [mmcblk0p36] Not mounted
   Total space: 2 MB
 * fsc [mmcblk0p37] Not mounted
   Total space: 512 KB
 * ssd [mmcblk0p38] Not mounted
   Total space: 512 KB
 * DDR [mmcblk0p39] Not mounted
   Total space: 512 KB
 * fsg [mmcblk0p40] Not mounted
   Total space: 2 MB
 * misc [mmcblk0p41] Not mounted
   Total space: 1 MB
 * keystore [mmcblk0p42] Not mounted
   Total space: 512 KB
 * config [mmcblk0p43] Not mounted
   Total space: 512 KB
 * oem [mmcblk0p44] Not mounted
   Total space: 64 MB
 * limits [mmcblk0p45] Not mounted
   Total space: 512 KB
 * mota [mmcblk0p46] Not mounted
   Total space: 512 KB
 * reserve6 [mmcblk0p47] Not mounted
   Total space: 512 KB
 * dip [mmcblk0p48] Not mounted
   Total space: 1 MB
 * syscfg [mmcblk0p49] Not mounted
   Total space: 512 KB
 * mcfg [mmcblk0p50] Not mounted
   Total space: 4 MB
 * apdp [mmcblk0p51] Not mounted
   Total space: 512 KB
 * msadp [mmcblk0p52] Not mounted
   Total space: 512 KB
 * dpo [mmcblk0p53] Not mounted
   Total space: 512 KB
 * log [mmcblk0p54] Not mounted
   Total space: 60 MB
 * logwork [mmcblk0p55] Not mounted
   Total space: 32 MB
 * kcs [mmcblk0p56] (/kcs) [ext4]
   Used: 9.5 MB, Free: 480 KB, Total space: 10 MB
 * cslog [mmcblk0p57] Not mounted
   Total space: 16 MB
 * bootwork [mmcblk0p58] Not mounted
   Total space: 16 MB
 * sum [mmcblk0p59] Not mounted
   Total space: 1 MB
 * sec [mmcblk0p60] Not mounted
   Total space: 512 KB
 * chkcode [mmcblk0p61] Not mounted
   Total space: 512 KB
 * dnand [mmcblk0p62] Not mounted
   Total space: 8 MB
 * sysprop [mmcblk0p63] (/pstore) [ext4]
   Used: 6.1 MB, Free: 1.9 MB, Total space: 8 MB
 * persist [mmcblk0p64] (/persist) [ext4]
   Used: 5.2 MB, Free: 10.8 MB, Total space: 16 MB
 * modemst1 [mmcblk0p65] Not mounted
   Total space: 2 MB
 * modemst2 [mmcblk0p66] Not mounted
   Total space: 2 MB
 * bfss1 [mmcblk0p67] Not mounted
   Total space: 4 MB
 * bfss2 [mmcblk0p68] Not mounted
   Total space: 8 MB
 * reserve7 [mmcblk0p69] Not mounted
   Total space: 7 MB
 * kcs_work [mmcblk0p70] Not mounted
   Total space: 1 MB
 * mmcblk0rpmb [mmcblk0rpmb] Not mounted
   Total space: 4 MB
--------------------------
 SD Card
--------------------------
 * android_meta [mmcblk1p1] Not mounted
   Total space: 16 MB
 * android_expand [mmcblk1p2] Not mounted
   Total space: 14.8 GB
--------------------------
 device-mapper
--------------------------
 * System [dm-0] (/system) [ext4]
   Used: 3.4 GB, Free: 1 GB, Total space: 4.5 GB
 * dm-1 [dm-1] (/devparam) [ext4]
   Used: 4.4 MB, Free: 5.5 MB, Total space: 9.9 MB
 * dm-2 [dm-2] Not mounted
   Total space: 21.5 GB
 * dm-3 [dm-3] (/mnt/expand/hexSerialNumber) [ext4]
   Used: 11.3 GB, Free: 3.6 GB, Total space: 14.8 GB
--------------------------
 tmpfs mount points
--------------------------
 * /dev [tmpfs]
   Used: 124 KB, Free: 890 MB, Total space: 890 MB
 * /mnt [tmpfs]
   Used: 0 B, Free: 890 MB, Total space: 890 MB
 * /storage [tmpfs]
   Used: 0 B, Free: 890 MB, Total space: 890 MB
 * /storage/self [tmpfs]
   Used: 0 B, Free: 890 MB, Total space: 890 MB
--------------------------
 Memory
--------------------------
 * RAM
   Used: 1.3 GB, Free: 465 MB, Total space: 1.8 GB
 * Swap
   Used: 476 MB, Free: 35.5 MB, Total space: 511 MB


----------



## Vailed (Dec 14, 2019)

Did anyone ever achieve root on e6820? Have one and can only get to safe mode and no joy with adb


----------



## SpockSpock (May 21, 2020)

*Kyocera Duraforce pro 2 root.*

I have the AT&t version of this device and I would love to get it rooted. If I can provide any info that will help some genius do this please let me know.

Also is there a beginner's programming guide for how to become a route specialist?


----------



## albert3434 (Jun 16, 2020)

First thing I want to give thanks to everyone that has posted here. This is an amazing community. I have spent a couple days trying the many suggestions on this and other XDA Kyocera DF Pro threads. Unfortunately I've had no success unlocking the bootloader or rooting.

Here's what I've tried:
I have a Kyocera DF Pro E6833 (Sprint) that I factory reset. It shows Android 6.0.1 under settings/about phone/software info. I've enabled OEM unlocking under the developer options. I then download abd platform-tools, connect my phone to my windows pc, enable MTP file transfer, and then run commands from an admin command line. The "adb devices" command works and results in showing my device and serial # but the "fastboot devices" command doesn't show any results - it just returns me to a command prompt. I then tried to download and install many different USB drivers and repeat the process. I always get results for the "adb devices" command but the "fastboot devices" command always shows nothing. Every time I try the "fastboot oem unlock" command, it's reply is <waiting for device> and stays there for 30+ minutes before I press ctrl-c and exit.
I have tried almost all of the suggested root programs in this thread that I can find. Nothing has worked. This phone is getting old now but I still love it. I just want to be able to get rid of this sprint bloatware that's always running and killing my battery.

So anyone got anything else to try? I'm thinking of paying the $40 on the OneClickRoot site but friends have said that's a waste of $ and wont work. They told me to look here first and I'm glad that I did.


----------



## Onebigburb (Mar 1, 2021)

Would factory open source help? Something hidding as a clue?



			https://kyoceramobile.com/support/developers/


----------



## Dropdead999 (Nov 17, 2016)

Please anybody know how to root the kyocera duraforce pro ? I've been try many method like using apps iroot,king root, kingo root, towel root and etc. but doesnt work. Thank you


----------



## Keilaron (Nov 1, 2022)

Hello from the future. I was going through some old devices laying around in a box, and found a Verizon-branded Kyocera Duraforce Pro, except..

```
C:\Users\--->fastboot devices
------- fastboot
```
... (redacted) this one responds on fastboot. So far it looks like I can only use a few commands (like getvar product confirms it uses a MSM8952 chipset). Is anyone still interested in figuring out these devices?


----------



## Devicarious (Nov 29, 2022)

I am having the same issues


----------

