Related
[FIX][XPOSED][4.0+] Universal fix for the several "Master Key" vulnerabilities
You may be aware of recent news about several different security vulnerabilities that allow replacing code on a signed APK without invalidating the signature:
Master Key (Bug 8219321)
An issue related with duplicate entries on the ZIP / APK files.
It was patched by Google back in February 2013 and shared with OEMs, and some of the newer devices might have already received the fix in a recent stock update. At least both Xperia Z 4.2.2 and Galaxy S2 4.1.2 contain the fix; CM has also recently patched it, on this commit.
More info can be found on @Adam77Root's thread here: http://forum.xda-developers.com/showthread.php?t=2359943
Bug 9695860
This also originates in the ZIP file parsing routines, and was disclosed just a few days ago immediately after the previous one was made public. The correction has already been applied by Google to the code (this commit), but it's very likely that its rollout on stock ROMs will take a long time especially on non-Nexus devices.
You can read more about it here.
To know if you're vulnerable, use SRT AppScanner mentioned above.
Unless you're running CM 10.1.2, there's a fairly big chance that you have this issue, at least as of this moment.
Bug 9950697
It's yet another inconsistency in ZIP parsing that could be abused in very a similar way to the previous one.
This one is a bit special to me, since I was fortunate enough to be the first one to report it on Google's bugtracker
It was discovered around the time that the previous bug was acknowledged and Android 4.3 was a few days from being released, but despite the prompt report it was unfortunately too late to include the fix in time for the release; Therefore it wasn't disclosed till Android 4.4 sources came out and I had also decided not including a fix for in on this module, since it would be an easy way to learn about the extra attack vector.
Kudos to Jeff Forristal at Bluebox Security, who I learned was also working on that exact problem and helped me report it properly to Google, and also to Saurik who already released a Substrate-based fix and has written a very interesting article about it here.
Checking if you're vulnerable
You can use some 3rd party apps to test your system, such as:
- SRT AppScanner
- Bluebox Security Scanner
On Android 4.4 all these bugs should be fixed, and therefore this mod is not needed. But you can run one of these scanners to make sure you're not vulnerable.
While technically different, these vulnerabilities permit that legitimate APKs can be manipulated to replace the original code with arbitrary one without breaking the signature. This allows someone to take an update from a well known publisher (e.g. Google Maps), change the APK, and a device receiving it will happily apply the update as if it was indeed from that publisher. Depending on the apps being updated in this way, priviledge escalation can be achieved.
Google has already mentioned that all apps published on the Play Store are checked for this kind of manipulation, but those of us installing APKs from other sources aren't safe.
The universal fix
Since decompiling, fixing and recompiling the code for every possible ROM version is way beyond anyone's capability, the awesome Xposed framework by @rovo89 proves itself once again as an invaluable tool.
By creating hooks around the vulnerable methods and replacing the buggy implementation with a safe one, it's possible to patch the 2 issues on the fly without ever changing the original files. Applying the fix is as easy as installing and enabling an Xposed module.
Installation steps
1. Make sure the Xposed Framework is installed.
Follow the instructions on the thread. Root is required only during installation, it is no longer required afterwards. Only ICS or above is supported.
2. Install the Master Key multi-fix module.
3. Follow the Xposed notification about a new module being available, and on the list of modules activate Master Key multi-fix
4. Reboot
You should now see an image similar to the attached one when opening the app. The green text shows that the module is active and the vulnerabilities have been patched in memory.
Download
Grab it from Google Play (recommended, as you'll get updates) or use the attached APK. The files are the same.
Version history
2.0 - Fix bug 9950697; additional corrections taken from Android 4.4 (also supports GB, provided you have a working version of Xposed Framework for your ROM)
1.3 - Fixed problems with parsing some zips depending on the rom original code
1.2 - Added 2 additional zip entry integrity checks that were missing
1.1 - Support for additional devices with modified core libraries (e.g. MTK6589)
1.0 - Initial version
Sources
Available on GitHub
If you appreciated this fix, consider donating with Paypal.
Thanks!
FAQ
Fequently asked questions
[ 1 ]
Q: Bluebox Security Scanner still says my phone is unpatched after installing this... Any ideas why?
A: Make sure to click the Refresh entry on the app's menu and it should change to green once the mod is active.
[ 2 ]
Q: Bluebox Security Scanner says that the 2nd bug is not patched even after refreshing but SRT AppScanner says it's patched. Which one is right?
A: The scanner was mis-detecting the 2nd bug and it got fixed in version 1.5. Make sure you update Bluebox from the Play store.
[ 3 ]
Q: Does the module permanently patch the vulnerability or is it only when the module is active? If for example, I activate the module and reboot, then after verifying that the exploit is patched, deactivate the module. Would I still be patched? I guess what I'm asking is if I need to have this module active at all times to be patched? Permanent fix, or Just while the module is installed?
A: The fix is not permanent. It's applied only whenever the module is installed and active. If you remove it, after the next boot you're back with the original code from your ROM (which might have the bug or not).
Thank you, this would help a lot
Sent from my GT-I9500 using Tapatalk 4 Beta
Thank you but I don't see any link to the xposed patch app
Envoyé depuis mon LT28h en utilisant Tapatalk 4 Beta
Marsou77 said:
Thank you but I don't see any link to the xposed patch app
Click to expand...
Click to collapse
Have a look now
I needed to create the thread first in order to include the link on the app itself.
Thanks! I was just googling to see if someone had already done this before writing it myself!
XPosed is amazing sauce for Android.
The 4.1.2 update for the T-Mobile galaxy s3 is already patched.
Thanks for the info OP.
Maxamillion said:
The 4.1.2 update for the T-Mobile galaxy s3 is already patched.
Thanks for the info OP.
Click to expand...
Click to collapse
The second bug as well? Check java.util.zip.ZipEntry on /system/framework/core.jar and see if the readShort() values are properly converted to unsigned.
.....
Bluebox security still says my phone is unpatched after installing this... Any ideas why?
Sent from my HTC Sensation Z710e using xda app-developers app
Shredz98 said:
Bluebox security still says my phone is unpatched after installing this... Any ideas why?
Click to expand...
Click to collapse
No idea why it doesn't refresh automatically each time you execute the app, but access the Refresh option from the menu and it should change to green once the mod is active.
Tungstwenty said:
No idea why it doesn't refresh automatically each time you execute the app, but access the Refresh option from the menu and it should change to green once the mod is active.
Click to expand...
Click to collapse
Yeah you're correct mate, says patched when I rescanned so all good the patch does exactly what it says, brilliant work! Was beginning to think I would have to live with this security hole active on my device!
Sent from my HTC Sensation Z710e using xda app-developers app
Shredz98 said:
Yeah you're correct mate, says patched when I rescanned so all good the patch does exactly what it says, brilliant work! Was beginning to think I would have to live with this security hole active on my device!
Click to expand...
Click to collapse
Added to the FAQ (post #2)
Hey Everyone,
I've found an alternative for the blueboox app. It's called the SRT AppScanner and seems to work better than the BlueBox Scanner and it provides more functionality, too.
Since I'am a new user, i can't post links. Simply query SRT AppScanner in the PlayStore.
Best regards
Boradin
Thanks for great patch.
I've tested with SRT AppScanner and found I'm still vulnerable to bug 9695860.
How do I make sure bug 9695860 was fixed?
mnirun said:
Thanks for great patch.
I've tested with SRT AppScanner and found I'm still vulnerable to bug 9695860.
How do I make sure bug 9695860 was fixed?
Click to expand...
Click to collapse
When I initially installed SRT it was always giving me 2 greens even with the mod disabled, even though I checked the code for my ROM and the 2nd bug is there.
Now, after a very recent update, it always gives me a red on the second bug even with the mod active. I'll need to double check how they are doing the detection because it doesn't seem to be correct.
Bluebox Security, on the other hand, does reflect the change although it only detects the first bug. Running it on an emulator with a vulnerable ROM correctly said so, and after applying the mod and forcing a rescan it will change to no longer vulnerable.
SRT AppScanner has just received an additional update from Play and now appears to correctly detect the status of bug 9695860 depending on whether the mod is active or not and if your base ROM is vulnerable.
The sources are now available on GitHub (check 1st post).
Tungstwenty said:
SRT AppScanner has just received an additional update from Play and now appears to correctly detect the status of bug 9695860 depending on whether the mod is active or not and if your base ROM is vulnerable.
Click to expand...
Click to collapse
Confirmed, you patch is now detected by SRT AppScanner.
Thank you.
Tungstwenty said:
You may be aware of recent news about 2 different security vulnerabilities that allow replacing code on a signed APK without invalidating the signature:
Master Key (Bug 8219321)
An issue related with duplicate entries on the ZIP / APK files.
It was patched by Google back in February 2013 and shared with OEMs, and some of the newer devices might have already received the fix in a recent stock update. At least both Xperia Z 4.2.2 and Galaxy S2 4.1.2 contain the fix; CM has also recently patched it, on this commit.
An easy way to know if you're vulnerable is installing this app by Bluebox Security. Update: An ever better one is SRT AppScanner, which can detect both bugs.
More info can be found on @Adam77Root's thread here: http://forum.xda-developers.com/showthread.php?t=2359943
Bug 9695860
This also originates in the ZIP file parsing routines, and was disclosed just a few days ago immediately after the previous one was made public. The correction has already been applied by Google to the code (this commit), but it's very likely that its rollout on stock ROMs will take a long time especially on non-Nexus devices.
You can read more about it here.
To know if you're vulnerable, use SRT AppScanner mentioned above.
Unless you're running CM 10.1.2, there's a fairly big chance that you have this issue, at least as of this moment.
While technically different, both of these vulnerabilities permit that legitimate APKs can be manipulated to replace the original code with arbitrary one without breaking the signature. This allows someone to take an update from a well known publisher (e.g. Google Maps), change the APK, and a device receiving it will happily apply the update as if it was indeed from that publisher. Depending on the apps being updated in this way, priviledge escalation can be achieved.
Google has already mentioned that all apps published on the Play Store are checked for this kind of manipulation, but those of us installing APKs from other sources aren't safe.
The universal patch
Since decompiling, fixing and recompiling the code for every possible ROM version is way beyond anyone's capability, the awesome Xposed framework by @rovo89 proves itself once again as an invaluable tool.
By creating hooks around the vulnerable methods and replacing the buggy implementation with a safe one, it's possible to patch the 2 issues on the fly without ever changing the original files. Applying the fix is as easy as installing and enabling an Xposed module.
Installation steps
1. Make sure the Xposed Framework is installed.
Follow the instructions on the thread. Root is required only during installation, it is no longer required afterwards. Only ICS or above is supported.
2. Install the Master Key dual fix module.
3. Follow the Xposed notification about a new module being available, and on the list of modules activate Master Key dual fix
4. Reboot the device (a Soft reboot is sufficient)
You should now see an image similar to the attached one. The green text shows that the module is active and the 2 vulnerabilities have been patched.
Download
Grab it from Google Play or use the attached APK.
Sources
Available on GitHub
If you appreciated this fix, consider donating with Paypal.
Thanks!
Click to expand...
Click to collapse
Thank you for this patch, but can we install this mod over "REKEY" patch or remove rekey and enable this patch instead ??
Adds timestamps to Xposed log file.
This app has no user interface. Enable it in Xposed - reboot - done.
USAGE:
Enable it in Xposed - reboot - disable + enable in Xposed - reboot - done.
IMPORTANT
Xposed needs root access for installation
Website: http://tinyurl.com/nq32zze
Play Store: http://tinyurl.com/lstxrva
Xposed Repository: no longer available, unwelcome
APK download: http://tinyurl.com/mzert7f
Why this app? Problems could be resolved easier if it is known when it happend. Sadly it was not added to Xposed itself.
I've removed this module from the Xposed Repository as @rovo89 "strongly dislike such modifications". It's still available in PlayStore or as direct download
@rovo89 why removed out of curiosity. Why can't it be added to official xposed even
Sent from my amazingly awesome OnePlus One using Tapatalk
Not allowed to hook Xposed This hooks a) the log() of XposedBridge and b) the modules.list save of Xposed Installer to set itself as 1st so other modules write the timestampe.
I could understand that it is not good if a module enables itself, like some existing does, but this is not the case for this
interesting, my logs all have timestamps even without this module...
dimm0k said:
interesting, my logs all have timestamps even without this module...
Click to expand...
Click to collapse
Very interesting. With this module you have in each line 2 timestamps?
defim said:
Very interesting. With this module you have in each line 2 timestamps?
Click to expand...
Click to collapse
actually I was going to install this mod and then realized my Xposed logs already have a timestamp... using the latest non-beta of Xposed installer.
dimm0k said:
actually I was going to install this mod and then realized my Xposed logs already have a timestamp... using the latest non-beta of Xposed installer.
Click to expand...
Click to collapse
May a module you are using add this to its own log output, but not all lines. The latest XposedBridge does it not and has in the last 3 months only 1 change: https://github.com/rovo89/XposedBridge/commits/master
defim said:
May a module you are using add this to its own log output, but not all lines. The latest XposedBridge does it not and has in the last 3 months only 1 change: https://github.com/rovo89/XposedBridge/commits/master
Click to expand...
Click to collapse
crap, you're right! guess this module will be useful. a module I was using was adding a timestamp and I neglected to examine it carefully.
Late to the party I guess but...
Can you add option (or edit conf or smth) because the xposed log timestamp is GMT+0 all the way. I'd prefer my own timezone instead for easier reading.
TIA.
kotey said:
Late to the party I guess but...
Can you add option (or edit conf or smth) because the xposed log timestamp is GMT+0 all the way. I'd prefer my own timezone instead for easier reading.
TIA.
Click to expand...
Click to collapse
In an eralier version local set timezoen was used, but the problem was that android takes a while to load it and the first log lines had +0 timezone
@kotey
Published new version where timezone is set by run module in xposed installer, it shows you a toast with it.
Hint: If you want another time zone than detected / set on device just edit shared prefirences xml file and reboot
Thanks mate. You're damn fast, you know
kotey said:
Thanks mate. You're damn fast, you know
Click to expand...
Click to collapse
Thx, was not so much code
Hi, I am the author of VirtualXposed: https://forum.xda-developers.com/xposed/virtualxposed-xposed-root-unlock-t3760313
VirtualXposed can run some Xposed modules on Non-Root devices without needing to unlock the bootloader or flash any sysytem images, but it can not act on system processes.
After a lot of exploration and experiment, I found a better way to run (Xposed) modules. It can run on both root and non-root devices, and it support Android 5.0 ~ 10.0 I release the beta version in China at 2019/1/5, after many tests and improvements, it is stable enough now to introduce it for you.
The app, or framework is named TaiChi
## Introduction
TaiChi is a framework to use Xposed module with or without Root/Unlock bootloader, it support Android 5.0 ~ 9.0.
In simple words, TaiChi is Xposed-Styled Framework, it can load Xposed modules, do hooks and so on.
## Feature
TaiChi is Xposed-Styled, but it has no relation with Xposed. The only relevance is that TaiChi can load Xposed modules, the implementation of TaiChi and Xposed Framework is very different.
Here are some features of Taichi:
1. TaiChi has fully supports for Android Pie.
2. TaiChi can run in non-root mode.
3. TaiChi does not effect the android system and it does not hook all apps in system. Only the apps you want to apply Xposed modules are hooked. Other apps in system run in a completely clean environment, which means TaiChi can pass SafeNet easily.
4. TaiChi doesn't need to reboot system in most cases
5. TaiChi is hard to detect. TaiChi doesn't modify the libart and app_process, it has nearly no noticeable characteristics.
## Usage
TaiChi has two work mode: magisk mode and non-root mode. If you don't want to unlock the bootloader/flash system images, you can use the non-root mode, if you prefer more powerful functions, just try magisk mode.
### What is the different with magisk mode and non-root mode?
The only difference is that magisk mode can hook system process, so more modules are supported, such as Xposed Edge/Greenify.But magisk mode need to unlock the bootloader and install Magisk, while non-root mode just needs to install a simple app.
### Non-Root mode
TaiChi run in non-root mode in genernal, just install a simple app, all the installation is over. If you want to use Xposed modules, for example, you'd like to use SnapFreedom on SnapChat, follow these steps:
1. Click the float button in Home page of TaiChi, and then click the button : **Create App**.
2. Select the app you'd like to apply Xposed modules, such as SnapChat.
3. Click the "Create" button at the bottom and then wait the creation to finish pariently.
4. When creation finished, TaiChi tells you that you need to unstall the original SnapChat, please uninstall it, this is necessary. Because TaiChi in non-root mode needs to modify the APK file which means we have to re-sign the APK.
5. Follow the steps in TaiChi app until you installed the new app.
6. Enter the **Module Manage** activity by click the button "Module Manager" of the float button in Home page.
7. Check the SnapFreedom module.
8. Kill the process of SnapChat and the Xposed modules should work properly.(You don't need to reboot system)
### Magisk mode
Non-root mode of TaiChi has some shortcomming even though it do not need to unlock bootloader, so i develop a magisk module, this module can give TaiChi extra power to overcome these shortcommings:
1. magisk mode can hook into system process.
2. magisk mode don't need to modify the apk, and the signature keeps same.
When you flashed the [magisk module]https://github.com/tiann/TaiChi-Magisk provided by TaiChi, TaiChi app switch to magisk mode automaticly: TaiChi App + magisk module = TaiChi·Magisk. When the magisk module is disabled or removed, TaiChi app turn to non-root mode.
If you want to use magisk mode, please read the [wiki](https://github.com/tiann/Tai-Chi/wiki/taichi-magisk-beta) carefully.
## For Developers
TaiChi is a Framework, developers can wrote modules to do hooks. The TaiChi modules is fully compatible to Xposed modules, so just wrote the Xposed-Styled modules and it can run well in TaiChi, too.
But there are still some difference from TaiChi Framework and Xposed Framework, please refer [For Xposed Developers]https://github.com/tiann/Tai-Chi/wiki/For-Xposed-developer
## Discuss
- [Telegram Group](https://t.me/vxp_group)
## Contact me
(mailto:[email protected])
[B]## Other [/B]
1. TaiChi is closed-source now, it may be open-sourced in the future, but not now.
2. TaiChi can not run Xposed modules arbitrarily(it supports it in technical-speaking), it can only run specific version and specific modules now. If you want to use other modules, please fire an issue. Here is the support list: https://taichi.cool/module/module.html
3. TaiChi is compatible to Xposed modules, but it may have its own module in the future.
[B][U][SIZE="4"][PLAIN]XDAevDB Information[/PLAIN][/SIZE][/U][/B]
[SIZE=3][B]TaiChi, Xposed for all devices (see above for details)[/B][/SIZE]
[B][U]Contributors[/U][/B]
[URL="https://forum.xda-developers.com/member.php?u=8994560"]weishu[/URL], [URL="https://forum.xda-developers.com/member.php?u=8994560"]weishu[/URL]
[B]Source Code:[/B] [URL="https://github.com/taichi-framework"]https://github.com/taichi-framework[/URL]
[B]Xposed Package Name:[/B]
[B][U]Version Information[/U][/B]
[B]Status:[/B] Stable
[B]Created[/B] 2019-03-11
[B]Last Updated[/B] 2019-03-16
I noticed the magisk module today on the repo. Sounds very promising and... tempting to me.
But, regardless of how much I'd love to finally have xposed modules on pie, there's one major deal-breaker here: Closed source.
TaiChi magisk (as well as xposed) are extremely mighty - which makes it mandatory for us to see and confirm what's happening behind the curtains.
As soon as it gets open source, I'll be back and support this project.
Sent from my OnePlus 6 using XDA Labs
weishu said:
TaiChi run in non-root mode in genernal, just install a simple app, all the installation is over. If you want to use Xposed modules, for example, you'd like to use SnapFreedom on SnapChat, follow these steps:
1. Click the float button in Home page of TaiChi, and then click the button : **Create App**.
2. Select the app you'd like to apply Xposed modules, such as SnapChat.
3. Click the "Create" button at the bottom and then wait the creation to finish pariently.
4. When creation finished, TaiChi tells you that you need to unstall the original SnapChat, please uninstall it, this is necessary. Because TaiChi in non-root mode needs to modify the APK file which means we have to re-sign the APK.
5. Follow the steps in TaiChi app until you installed the new app.
6. Enter the **Module Manage** activity by click the button "Module Manager" of the float button in Home page.
7. Check the SnapFreedom module.
8. Kill the process of SnapChat and the Xposed modules should work properly.(You don't need to reboot system)
Click to expand...
Click to collapse
Thanks for this great module, its nice to know there is hope for our locked bootloader devices.
I want to use snapfreedom, but the above steps wont actually work, snapchat will refuse to log me in since the signature of the apk has changed and its been uninstalled so my data is gone. Without root access I can't figure a way to copy my user data over to remain logged in. Any ideas would be greatly appreciated!
flamery said:
Thanks for this great module, its nice to know there is hope for our locked bootloader devices.
I want to use snapfreedom, but the above steps wont actually work, snapchat will refuse to log me in since the signature of the apk has changed and its been uninstalled so my data is gone. Without root access I can't figure a way to copy my user data over to remain logged in. Any ideas would be greatly appreciated!
Click to expand...
Click to collapse
The SnapChat itself refused you to login or other app can not login by Snapchat?
In fact, TaiChi non-root mode cheats the signature of app, if it cannot cheats SnapChat, i will look into it.
Depressed T.Bear said:
I noticed the magisk module today on the repo. Sounds very promising and... tempting to me.
But, regardless of how much I'd love to finally have xposed modules on pie, there's one major deal-breaker here: Closed source.
TaiChi magisk (as well as xposed) are extremely mighty - which makes it mandatory for us to see and confirm what's happening behind the curtains.
As soon as it gets open source, I'll be back and support this project.
Sent from my OnePlus 6 using XDA Labs
Click to expand...
Click to collapse
In fact, I’ve been tangled for a long time whether to open source the TaiChi.
Whether it's TaiChi or Xposed-Framework, they are so powerful that it's hard to believe its security if it's not open source. But there are some reasons for me to not open source it now:
1. TaiChi is a framework, it gives the same power to modules, modules can do all that TaiChi can do. In magisk-mode, TaiChi can control your device completely(Although I didn't do that), so dose the modules. If TaiChi is open-source but some modules don't, it is not secure too. You can choose to use only open-source modules, but others may not. There are so many excellent modules are closed-source, such as Greenify, Xposed Edge, Snapchat, etc. Only open source TaiChi is far from security if some module developer are malicious.
2. Open source doesn't mean security. VirtualXposed is open-source: https://github.com/android-hacker/VirtualXposed . But if you read the XDA Thread of it: https://forum.xda-developers.com/xpo...nlock-t3760313 . There are still so many users thinks it is not safe to use
Depressed T.Bear said:
I noticed the magisk module today on the repo. Sounds very promising and... tempting to me.
But, regardless of how much I'd love to finally have xposed modules on pie, there's one major deal-breaker here: Closed source.
TaiChi magisk (as well as xposed) are extremely mighty - which makes it mandatory for us to see and confirm what's happening behind the curtains.
As soon as it gets open source, I'll be back and support this project.
Sent from my OnePlus 6 using XDA Labs
Click to expand...
Click to collapse
In fact, I’ve been tangled for a long time whether to open source the TaiChi.
Whether it's TaiChi or Xposed-Framework, they are so powerful that it's hard to believe its security if it's not open source. But there are some reasons for me to not open source it now:
1. TaiChi is a framework, it gives the same power to modules, modules can do all that TaiChi can do. In magisk-mode, TaiChi can control your device completely(Although I didn't do that), so dose the modules. If TaiChi is open-source but some modules don't, it is not secure too. You can choose to use only open-source modules, but others may not. There are so many excellent modules are closed-source, such as Greenify, Xposed Edge, Snapchat, etc. Only open source TaiChi is far from security if some module developer are malicious.
2. Open source doesn't mean security. VirtualXposed is open-source: https://github.com/android-hacker/VirtualXposed . But if you read the XDA Thread of it: https://forum.xda-developers.com/xpo...nlock-t3760313 . There are still so many users thinks it is not safe to use.
Depressed T.Bear said:
I noticed the magisk module today on the repo. Sounds very promising and... tempting to me.
But, regardless of how much I'd love to finally have xposed modules on pie, there's one major deal-breaker here: Closed source.
TaiChi magisk (as well as xposed) are extremely mighty - which makes it mandatory for us to see and confirm what's happening behind the curtains.
As soon as it gets open source, I'll be back and support this project.
Sent from my OnePlus 6 using XDA Labs
Click to expand...
Click to collapse
In fact, I’ve been tangled for a long time whether to open source the TaiChi.
Whether it's TaiChi or Xposed-Framework, they are so powerful that it's hard to believe its security if it's not open source. But there are some reasons for me to not open source it now:
1. TaiChi is a framework, it gives the same power to modules, modules can do all that TaiChi can do. In magisk-mode, TaiChi can control your device completely(Although I didn't do that), so dose the modules. If TaiChi is open-source but some modules don't, it is not secure too. You can choose to use only open-source modules, but others may not. There are so many excellent modules are closed-source, such as Greenify, Xposed Edge, Snapchat, etc. Only open source TaiChi is far from security if some module developer are malicious.
2. Open source doesn't mean security. VirtualXposed is open-source: https://github.com/android-hacker/VirtualXposed . But if you read the XDA Thread of it: https://forum.xda-developers.com/xpo...nlock-t3760313 . There are still so many users thinks it is not safe to use. When it is closed-source, users think it is insecure becuase it is not open-source, when you open source it, users think it is insecure becuase no one to review the huge and ****-source code.
3. Xposed-Framework is not open-source after Android O, too. (correct me if i am wrong)
4. Closed-source can provide security for normal users. Closed source means that TaiChi can restrict the ****ing and harmful modules run in TaiChi(it won't load unknown modules). And also, The module developer won't worry about crack( it won't load the re-signed modules).
Happy to hear from all your advices.
weishu said:
In fact, I’ve been tangled for a long time whether to open source the TaiChi.
Whether it's TaiChi or Xposed-Framework, they are so powerful that it's hard to believe its security if it's not open source. But there are some reasons for me to not open source it now:
1. TaiChi is a framework, it gives the same power to modules, modules can do all that TaiChi can do. In magisk-mode, TaiChi can control your device completely(Although I didn't do that), so dose the modules. If TaiChi is open-source but some modules don't, it is not secure too. You can choose to use only open-source modules, but others may not. There are so many excellent modules are closed-source, such as Greenify, Xposed Edge, Snapchat, etc. Only open source TaiChi is far from security if some module developer are malicious.
2. Open source doesn't mean security. VirtualXposed is open-source: https://github.com/android-hacker/VirtualXposed . But if you read the XDA Thread of it: https://forum.xda-developers.com/xpo...nlock-t3760313 . There are still so many users thinks it is not safe to use
Click to expand...
Click to collapse
I think it is a pretty weak reasoning to not make the framework open source because the modules are closed source.
Both open and closed source do not mean security, so this is not a real argument either.
So, it lets me just wondering what the real reason is to not open source.
weishu said:
The SnapChat itself refused you to login or other app can not login by Snapchat?
In fact, TaiChi non-root mode cheats the signature of app, if it cannot cheats SnapChat, i will look into it.
Click to expand...
Click to collapse
Its the login to snapchat, they have very high security around 3rd party apps and app modding. If the apk has been modified you get the "login has temporarily failed" message when trying to login.
The workaround in the past has been to login with xposed disabled, titanium backup data, flash xposed, then restore data so you remain logged in. But there is no way to achieve that without root that I can see! thanks for looking into it!
so how do i enable the Magisk module?
Just tried Taichi today and it instantly bring the good old days for me with Xposed. I need to have certain Apps to run in different locale and Xposed module is to the only way to get this done! However Xposed also stopped Google pay so I have to stop using Xposed ever since.
With Taichi I can start use Xposed again and have Google Pay at the same time... Great solution!
Unfortunately with current international politics it immediately mark anything from China as insecure. I am not sure if TaiChi is secure or not, but I guess since the day I rooted my phone I am assuming all the risk inherited.
Anyway good work! Weishu! (Just donated)
Hmm I must be high on something because I dont see the download link.
woomera said:
Hmm I must be high on something because I dont see the download link.
Click to expand...
Click to collapse
Check the magisk manager downloads section.
@weishu , I hope you can help. I've purchased xprivacylua pro from the google play store some time ago and reinstalled it on Pie. Xprivacylua pro does not seem to recognize xprivacylua is installed also. Do you have any suggestions?
dirtyreturn said:
@weishu , I hope you can help. I've purchased xprivacylua pro from the google play store some time ago and reinstalled it on Pie. Xprivacylua pro does not seem to recognize xprivacylua is installed also. Do you have any suggestions?
Click to expand...
Click to collapse
It sounds like you misunderstood something. The "Pro" app from. Google Play is just a companion app, which enables the pro features you bought. It doesn't contain the actual xposed module (and app) of xprivacy Lua.
Simply download it through the xposed repo or get the latest apk directly from the xprivacy lua website.
Sent from my OnePlus 6 using XDA Labs
Depressed T.Bear said:
It sounds like you misunderstood something. The "Pro" app from. Google Play is just a companion app, which enables the pro features you bought. It doesn't contain the actual xposed module (and app) of xprivacy Lua.
Simply download it through the xposed repo or get the latest apk directly from the xprivacy lua website.
Click to expand...
Click to collapse
Thanks for the reply. I just assumed by my post it would make sense.
I do have the taichi magisk module installed, and from there I've installed xprivacylua. And from the google play store the pro companion app. @Depressed T.Bear - are you using xprivacylua on Pie? Does the pro app recognize the main app as installed for you?
Depressed T.Bear said:
It sounds like you misunderstood something. The "Pro" app from. Google Play is just a companion app, which enables the pro features you bought. It doesn't contain the actual xposed module (and app) of xprivacy Lua.
Simply download it through the xposed repo or get the latest apk directly from the xprivacy lua website.
Click to expand...
Click to collapse
Please see screenshots.
dirtyreturn said:
Thanks for the reply. I just assumed by my post it would make sense.
I do have the taichi magisk module installed, and from there I've installed xprivacylua. And from the google play store the pro companion app. @Depressed T.Bear - are you using xprivacylua on Pie? Does the pro app recognize the main app as installed for you?
Click to expand...
Click to collapse
Then it might be due to TaiChi.
Yes, I'm using XPrivacyLua on Pie - but with EdExposed and not with TaiChi. For one simple reason: TaiChi is not open source! EdExposed and RiruCore instead are.
So it would be absolute nonsense to use an app like XPrivacyLua to protect your privacy, while using a xposed version with is closed-source and nobody can tell what it actually does.
So, I can't help you with TaiChi. Only the developer can.
All I can say is that it works flawlessly with EdExposed.
Sent from my OnePlus 6 using XDA Labs
I have edxposed but I'm thinking of trying Taichi out to see if it's more stable. Will this work with modules such as xposed edge where the module doesnt target a specific app?
Soumy1234 said:
I have edxposed but I'm thinking of trying Taichi out to see if it's more stable. Will this work with modules such as xposed edge where the module doesnt target a specific app?
Click to expand...
Click to collapse
Your question is answered clearly in the first post
Sent from my OnePlus 6 using XDA Labs
Is there any way to pass SafetyNet on an emulator?
I believe there would be Magisk and Universal SafatyNet Fix Module involved, yet what's their states in 2020.
I have got crazy enough to recompile Android Emulator and Android to change hardware info to pass it - I'm hesitant even if that'd work either! -
Un-root emulator.
jwoegerbauer said:
Un-root emulator.
Click to expand...
Click to collapse
I have tested this process on stock android emulator as well,
This problem unfortunately still persists and has roots deep whithin the SafetyNet architecture which by default return false for both basicIntegrity and ctsProfile.
Do we have any tools for spoofing the device hardware info and hide that we're on an emulator?
Does having a custom emulator will help at all? - since we'll not have google play services at all -
hrtcop said:
I have tested this process on stock android emulator as well,
This problem unfortunately still persists and has roots deep whithin the SafetyNet architecture which by default return false for both basicIntegrity and ctsProfile.
Do we have any tools for spoofing the device hardware info and hide that we're on an emulator?
Does having a custom emulator will help at all? - since we'll not have google play services at all -
Click to expand...
Click to collapse
To clarify things:
SafetyNet API ( part of Google Play Services Framework ) doesn't have "roots deep within": it simply queries an Android OS for being tampered in any way, will say SafetyNet API is designed to detect modified devices, may be Android got rooted or it's Custom ROM, what causes SafetyNet check will fail.
If an app doesn't rely on presence of GMS ( GMS is not part of any Android ) then on emulator a SafetyNet check isn't done at all.
GravityBox - all-in-one tweak box - Xposed module for devices running Android 11
Version 11.0.5 [R]
Version for JellyBean is available in this thread: https://forum.xda-developers.com/showthread.php?t=2316070
Version for KitKat is available in this thread: https://forum.xda-developers.com/showthread.php?t=2554049
Version for Lollipop is available in this thread: https://forum.xda-developers.com/showthread.php?t=3037566
Version for Marshmallow is available in this thread: https://forum.xda-developers.com/showthread.php?t=3251148
Version for Nougat is available in this thread: https://forum.xda-developers.com/showthread.php?t=3653953
Version for Oreo is available in this thread: https://forum.xda-developers.com/showthread.php?t=3739929
Version for Pie is available in this thread: http://forum.xda-developers.com/showthread.php?t=3908768
Version for Q is available in this thread: http://forum.xda-developers.com/showthread.php?t=3974497
READ THIS POST CAREFULLY BEFORE PROCEEDING ANY FURTHER
Introduction
The app utilizes Riru-EdXposed Magisk module which uses original Xposed Framework API created by rovo89.
!!!!!! WARNING !!!!!!
This module utilizes EdXposed Framework which is still in early development stage and may contain bugs or might not be fully compatible with the system of your Android device. I take no responsibility for any issues arising from using GravityBox with EdXposed and strongly recommend creating a full backup of your device before activating the module.
Requirements
- Magisk v21 or later
- Riru v23 or later (Magisk module)
- EdXposed Manager (Application)
- Avoid using Resource hooking support if possible (Can be disabled in EdXposed Manager settings)
Installation
This procedure assumes you have working Magisk installation.
1) Install Riru module in Magisk Manager
2) Install and run EdXposed Manager app and download Riru-EdXposed module v5.1.3.x or later (currently Alpha/Canary)
3) Install downloaded Riru-EdXposed module in Magisk Manager
5) Reboot and open EdXposed Manager app to check if EdXposed works and is active
6) Install GravityBox and enable it in EdXposed Manager
7) Reboot and profit
Required whitelisted packages
In case you use blacklist/whitelist functionality of EdXposed make sure all the following packages are whitelisted (not blacklisted respectively) for full GravityBox experience.
- Android System (android)
- System UI (com.android.systemui)
- Call Management (com.android.server.telecom)
- Download Manager (com.android.providers.downloads)
- Phone (com.android.dialer or com.google.android.dialer)
- Phone Services (com.android.phone)
- Phone (com.android.incallui) (OxygenOS only)
- Keyboard app (e.g. Gboard) in order to be able to use "Volume key cursor control" feature
It is strongly recommended to use Whitelist functionality for better performance as EdXposed hooks only smaller amount of processes.
In case of running multiple Xposed modules consult their whitelist requirements with the devs of module.
Feature highlight
--- Lockscreen tweaks
--- QuickSettings tile management with additional tiles
--- Statusbar tweaks
--- Navigation bar tweaks
--- Pie controls
--- Power tweaks
--- Display tweaks
--- Phone tweaks
--- Media tweaks
--- Hardware/navigation key actions
--- GravityBox Actions - interface for 3rd party apps
--- Notification control (per-app notification LED/sounds/vibrations)
--- Fingerprint launcher
--- Advanced tuning of Framework and System UI parameters
... and many more
Compatibility
GB's main concept is to make most of the preference changes to be done on the fly without need to reboot a device to achieve custom-ROM like experience.
This means it is not possible to "completely deactivate" particular feature if it causes trouble on your device or if you installed GB because you want to use only one particular feature you can't find elsewhere.
This results in issues on ROMs/devices that have parts that are diverting from default Android implementation too much, or are running heavily modified custom ROMs.
If you experience weird issues after installing GB, even if you didn't activate a particular feature, it is not because of GB is broken, it is because it is not compatible with your ROM.
It is very similar to a situation when you installed ROM built from source for Nexus to some Xperia device - it won't work.
GB is a complex module and is not suitable for 1 purpose scenario. This means, if you are running custom ROM built from source, and you are missing a certain feature, your best option is to go ask creators of those ROMs to implement those additional features. Supplementing missing features on well-known custom ROMs built from source by installing xposed modules (especially complex ones) is definitely not a good way to go and can cause more trouble than good.
GB being a complex module, it shouldn't be combined with other complex modules often racing for the same goal. They can conflict/fight on the same playground and there's no way you can deterministically say which one's going to win. They can even lose both.
So in summary:
- this module is designed to run on vanilla or close-to-vanilla Android 11 (AOSP)
- officially supports devices/systems it was developed and tested on
- Samsung, HTC, MIUI, Xperia, Lenovo, etc. are NOT supported. It is not guaranteed this module will work on these at all so try at your own risk. This module is simply too complex to support all kind of ROM brands that were vastly modified by vendors.
- DO NOT USE WITH CUSTOM ROMS MODULE WAS NOT EXPLICITLY DESIGNED FOR
- I will not implement any exceptions that will adapt this module to a specific custom ROM. Please, do understand, it is unmanageable.
- I will not provide any support for devices violating these compatibility rules
GravityBox [R] has been designed for and tested on
- Pixel 3a running Google OS
- OnePlus 7Pro running Oxygen OS 11
Reporting bugs
If possible, please use Github issue reporting interface for reporting bugs.
If you experience problems with certain feature, provide the full-detailed info that can help me
to reproduce the bug and attach logs that can be exported from EdXposed Manager app.
Real-time logging can be performed by using ADB: adb logcat -s EdXposed-Bridge
In case you experience SystemUI crashes or other apps Force Closing, or device soft reboots, attach logcat from time
crash occurs. (use adb logcat *:E or your favorite logcat app from Play Store).
Please, don't attach big logs. Only the portion where error is clearly seen.
Disable all other xposed modules before reproducing bug to make sure it is really GravityBox related
Remember, this app was developed and tested on one particular device so it is not guaranteed that it will work flawlessly on yours.
Multilanguage support
Volunteers are welcome to translate GravityBox to other languages.
Preferred way is to use GitHub interface to fork your own copy of GravityBox, make changes and then send pull request against original repository.
Anoter way is to simply download this file: https://github.com/GravityBox/GravityBox/raw/r/GravityBox/src/main/res/values/strings.xml
Use Notepad++ to edit strings and then send me edited file so I can include translations into next release.
Source code
GravityBox is opensource. Sources are available in my gihub: https://github.com/GravityBox/GravityBox/tree/r
If you're a dev and have some ideas for additional features, feel free to fork it, work on it and send the pull requests.
Copyright notice
https://github.com/GravityBox/GravityBox/blob/r/NOTICE
Support development
Coding, maintaining and supporting this project costs me a lot of my precious time. If you find this project useful, you are more than welcome to support its development via donation. This form of support is meant to compensate for my time dedicated to the community + eventually, help me to afford newer device to keep up with AOSP evolution thus providing continuous support as Android evolves. Thanks!
Info about premium features and PayPal transaction ID verification system
1) Those who supported development via PayPal donation can use their PayPal transaction ID to unlock premium features.
As of v2.9.5, there are three premium features:
- Backup/restore of GB settings.
- Ultimate notification control
- Advanced Tuning
2) If you contributed to the project by providing translations, code fragments, or by any other way
you can apply for a free transaction ID by contacting me via PM.
3) Be aware that there's a system that can identify potential transaction ID
abuse. E.g. when one ID is being used by more users. Such IDs will get blocked automatically.
In case you own more devices, you can use one transaction ID on up to 10 of them.
4) If you are using your own custom builds of GB for personal use, you will get hash mismatch
upon verifying your ID as verification system accepts requests only from official releases of GB.
If you want to be able to verify IDs with your custom build, contact me via PM so I can setup
a special hash for your build.
If you are using a custom build that you provide for broader group of users (e.g. in a custom ROM),
it is necessary to ask for new hash everytime your new custom version is released for public use.
These rules are based on mutual trust so please, do not violate them.
Credits
- RikkaW for creating and maintainng Riru Magisk module
- solohsu & MlgmXyysd for creating and maintaining EdExposed Magisk module
- @frank93 for donating Pixel 3a for development
- @bgcngm for his code contributions to the project
- @MohammadAG for Xperia specific contributions to the project
- @rovo89 for his ultimate Xposed framework and "Volume keys to skip track" mod
- @peptonib for starting me up with this project
- @simmac for app icon
- @romracer for Motorola specific code contributions
- @firefds for Samsung specific code contributions
- CyanogenMod project
- ParanoidAndroid project
- Slim, RootBox, AOKP, OmniROM projects
- Sergey Margaritov for ColorPickerPreference
- ArthurHub for Image cropping library
- All those who provided translations for different languages (Mr.Premise, peptonib, kidmar, ch-vox, romashko, Indiant, lelemm, oicirbaf, unavix, LuHash, WedyDQ10, mp3comanche, awaaas, liveasx, samsonbear, Eric850130, xtrem007, benjoe1, asmb111, Fatih Firinci, ...)
- and finally, all those who keep the project alive by supporting me via donations (you know who you are)
Changelog
https://github.com/GravityBox/GravityBox/blob/r/CHANGELOG.txt
Changelog 11.0.5 - 08/08/2021
- Lockscreen: added option to blur media artwork on lockscreen (thanks to robbins)
- Navbar: allow cursor control keys in gestural navbar
- Dialer: adjusted for compatibility with the latest Google Dialer
- Properly identify OnePlus 8T as device running OxygenOS ROM (thanks to F-i-f)
--- should improve compatibility significantly
Developed and tested on:
- Pixel 3a running Google OS
- OnePlus 7Pro running Oxygen OS 11
Current issues
- Display: Expanded Desktop - immersive modes not working
- Key actions: Home double-tap not working
- Lockscreen: Changed custom carrier text won't appear immediately
- Custom Battery indicator: stock battery may appear for a while after the reboot
- ... + potentially others mainly device/system variation specific
Removed features
- GPS and SlimKat tiles - location modes (battery saving/high accuracy/device) no longer exist in Android 11
- Audio Recording tile - background recording of audio not possible in Android 11
Download
https://github.com/GravityBox/GravityBox/releases/tag/v11.0.5_r
Settings
It is possible to restore settings that were backed up in GravityBox [Q]
Simply transfer "GravityBox" folder from internal storage of one device to internal storage of another device.
Required whitelisted packages
In case you use blacklist/whitelist functionality of EdXposed make sure all the following packages are whitelisted (not blacklisted respectively) for full GravityBox experience.
- Android System (android)
- System UI (com.android.systemui)
- Call Management (com.android.server.telecom)
- Download Manager (com.android.providers.downloads)
- Phone (com.android.dialer or com.google.android.dialer)
- Phone Services (com.android.phone)
- Phone (com.android.incallui) (OxygenOS only)
- Keyboard app (e.g. Gboard) in order to be able to use "Volume key cursor control" feature
It is strongly recommended to use Whitelist functionality for better performance as EdXposed hooks only smaller amount of processes.
In case of running multiple Xposed modules consult their whitelist requirements with the devs of module.
Credits
@frank93 for donating Pixel 3a for developemnt
Commit history
Commit history for transition from 11.0.4 to 11.0.5
@C3C076
Mate, you did it. Congratulations.
Can't wait to try it out.
Really appreciate your efforts in bringing this to us 11ers.
Cheers
2021 is looking good! Thank you so much. Working flawlessly on my pixel 3a
@C3C076
THIS is the first gift I've received of the new year. Thank you, sir!!!
Now, that's pretty awesome!
And the January update from Google should drop soon as well.
Thanks a lot @C3C076!
Got my Github notification this morning about the [R] pre-release! Just now updated my Pixel 4 XL from 08-2020 (Android 10) to 09-2020 (Android 11) using my keep root / seamless update method with no problems. Everything working perfectly fine! All I had to do was first disable GravityBox [R] in EdXposed Manager, and disabled Kirisakura AK3 (kernel) module helper in Magisk Manager. Upgraded to Android 11 with no issues at all, and everything system and root-wise seems to work perfectly fine. My current running list of Magisk / Xposed modules: https://forum.xda-developers.com/t/guide-edxposed-gpay-discussion.3992607/post-84193393
(I'm hoping @Ghisy finds this helpful, hehe)
Though I'm gonna play it safe and OTA each month, instead of factory image (sans "-w" flag) jumping. Gonna work my way up to the current firmware, then test out GravityBox [R] - thanks so much @C3C076! The fact that so many people like me have held off on upgrading to the latest Android version just based on your work should speak volumes! I'll report back once I'm able to actually play around with GB[R] some. The baby's starting to wake... :O
edit: my son rolled over, coo'ed, and faceplanted back to sleep <3
- Also should note, I was on Kirisakura 5.2.6 kernel before. Now on 6.6.0, all is well!
- Also wanted to note, SafetyNet was passing (with my current configuration) on 09-2020 build with no further modifications necessary. I just finished updating up to 12-2020, and SafetyNet is still passing . Activating GravityBox module now, and will further report back!
edit 2: Seems verrrry stable so far! The only thing I found that didn't work properly (or rather, worked 80% correctly) was for an option that I don't even normally use, and accidentally toggled, haha. Under QuickSettings management -> Tiles per header, each option works fine, but when selecting 8, it still only shows 7.
Other than that, at least as far as the options that I personally use, everything seems fine! I didn't get a chance to test out every function affected by my set of GB options in such a short time, of course, but I will certainly report if there are any issues. And of course I won't list every single option I ticked off, but attached is my backup file / preferences of my current config for anyone who may be curious. Again, keep in mind that compared to the vast functions GB offers in totality, I only use what I use so of course I can't account for the entirety of GB. But from what I've tested so far, it seems damn stable and this has made my transition to Android 11 pretty much seamless!
and @Ghisy, I'll send you some more details when I get a chance, certainly well before the weekend. Though if it's any consolation, in total the actual updating process only took me about an hour, if not less! Probably took me more time to actually download the files and prep, lol. XD
i5lee8bit said:
Just now updated my Pixel 4 XL from 08-2020 (Android 10) to 09-2020 (Android 11) using my keep root / seamless update method with no problems.
[...]
My current running list of Magisk / Xposed modules: https://forum.xda-developers.com/t/guide-edxposed-gpay-discussion.3992607/post-84193393
(I'm hoping @Ghisy finds this helpful, hehe)
[...]
Activating GravityBox module now, and will further report back!
Click to expand...
Click to collapse
Ha, thanks!
I'd be interested in your seamless update process if you don't mind sharing! Although I might go the image (sans -w) route instead.
Not sure I'll update until the week-end, I don't have much time on weekdays.
Ghisy said:
Ha, thanks!
I'd be interested in your seamless update process if you don't mind sharing! Although I might go the image (sans -w) route instead.
Not sure I'll update until the week-end, I don't have much time on weekdays.
Click to expand...
Click to collapse
see my edit above =)
But I also wanted to separately post a big finding of great news (at least for me)! - The volume key cursor control option now seems to persist through reboots, without needing to toggle the option again after reboots! Not sure, tbh, if this was fixed on [Q] already due to / as a side effect of the big Riru / EdXposed updates, but at least I can confirm that it definitely works on [R] now as intended. Woohoo!
Also @C3C076, donated an extra $10 USD via PP (20485146561217901). You're already very generous for enabling Family Library, and this should cover for installing the unlocker on my backup/secondary Android devices as well as my wife's phone. I also figured it would be better to donate via PP than disabling Family Library and purchasing again from Play Store, assuming higher fees from Google.
i5lee8bit said:
see my edit above =)
But I also wanted to separately post a big finding of great news (at least for me)! - The volume key cursor control option now seems to persist through reboots, without needing to toggle the option again after reboots! Not sure, tbh, if this was fixed on [Q] already due to / as a side effect of the big Riru / EdXposed updates, but at least I can confirm that it definitely works on [R] now as intended. Woohoo!
Also @C3C076, donated an extra $10 USD via PP (20485146561217901). You're already very generous for enabling Family Library, and this should cover for installing the unlocker on my backup/secondary Android devices as well as my wife's phone. I also figured it would be better to donate via PP than disabling Family Library and purchasing again from Play Store, assuming higher fees from Google.
Click to expand...
Click to collapse
Thanks. Your support is very much appreciated. Too kind. Interesting find about volume key cursor control. As you can see in the 2nd post I listed it there as currently not working . Looks like I'll have to take a look again. Do you use whitelist (App list mode enabled in EdXposed settings) ?
i5lee8bit said:
see my edit above =)
Click to expand...
Click to collapse
would you mind sharing your upgrade procedure from android 10 to 11 though? i’m not sure why, but my "usual" procedure (using the complete firmware, patching the boot.img, flashing everything including that boot-image afterwards) fails with all of the android 11 images. :/
(feel free to directmessage if you think it’s off topic here of course.)
frank93 said:
would you mind sharing your upgrade procedure from android 10 to 11 though? i’m not sure why, but my "usual" procedure (using the complete firmware, patching the boot.img, flashing everything including that boot-image afterwards) fails with all of the android 11 images. :/
(feel free to directmessage if you think it’s off topic here of course.)
Click to expand...
Click to collapse
If I can share my experience. I applied standard system update procedure from settings being on Pie (had it on your pixel to bring update for GB for Pie). This went without uninstalling magisk etc. I simple went incrementally from Pie through Q up to R and then several security update. Only after I was in the latest update I grabbed boot.img from corresponding system image, patched it using magisk and then flashed using fastboot. All apps and settings were preserved from Pie.
thanks. sounds about "right", your last step is basically what i’ve been doing as well previously (the "system update" never worked for me though, but i didn’t care too much). there must be something fishy going on with my device then. i’ll try again soon.
(in the end i wouldn’t even mind being without root for a few bootups inbetween, so .. i’ll flash the stock boot image and try booting android 11 then. if it works, i can try getting back root just as well afterwards i guess.)
frank93 said:
thanks. sounds about "right", your last step is basically what i’ve been doing as well previously (the "system update" never worked for me though, but i didn’t care too much). there must be something fishy going on with my device then. i’ll try again soon.
(in the end i wouldn’t even mind being without root for a few bootups inbetween, so .. i’ll flash the stock boot image and try booting android 11 then. if it works, i can try getting back root just as well afterwards i guess.)
Click to expand...
Click to collapse
Yeah, note that I never flashed full rom image. I went using standard system update from settings. In the end it was only patched boot.img I flashed.
okay, apparently not even a "real" firmware update (using the original stock boot image) works for me. loops back to bootloader 2-3 seconds after the google-logo. so i guess there’s something else wrong with my device/system.
i’ve "updated" back to the latest/last android 10 for now (there the firmware upgrade/downgrade works!?), and i’ll scratch my head another time i think. thanks for your input though!
i5lee8bit said:
and @Ghisy, I'll send you some more details when I get a chance, certainly well before the weekend. Though if it's any consolation, in total the actual updating process only took me about an hour, if not less! Probably took me more time to actually download the files and prep, lol. XD
Click to expand...
Click to collapse
Thanks, I appreciate it! You took one for the team and shared interesting info too! *(air) high five*
C3C076 said:
Thanks. Your support is very much appreciated. Too kind. Interesting find about volume key cursor control. As you can see in the 2nd post I listed it there as currently not working . Looks like I'll have to take a look again. Do you use whitelist (App list mode enabled in EdXposed settings) ?
Click to expand...
Click to collapse
I use App List mode, but not White List mode, as I use the Pass SafetyNet option (so basically on Blacklist mode). Because I also have GPay working and all (I've linked to that thread before, it's the one I linked with my list of active modules). Hahaha, I didn't even realize you put in the 2nd post about it not working - weird! Definitely working for me though, using these current configurations.
frank93 said:
would you mind sharing your upgrade procedure from android 10 to 11 though? i’m not sure why, but my "usual" procedure (using the complete firmware, patching the boot.img, flashing everything including that boot-image afterwards) fails with all of the android 11 images. :/
(feel free to directmessage if you think it’s off topic here of course.)
Click to expand...
Click to collapse
Since I'm sure others may find it useful, I'll post it here. Also, @C3C076 may find it useful to follow this concept, assuming things are similar for Pixel 3a (I've been a long time HTC user, up til U12+ and only then switched to Pixel phones, 4 for wife and 4 XL for me to be exact).
My firmware update procedure is basically predicated on restoring the stock boot and dtbo (dtbo in case custom kernel flashed) images for your current build, which restores the stock firmware (and therefore recovery) and "unroots" / stock-ifies the phone without removing any of your Magisk or EdXposed configs, which allows you to simply boot into recovery and apply (sideload) OTA zip from stock recovery. Before booting back into system after OTA flash, reboot back into bootloader and flash the new build's Magisk-patched boot image, and when you boot up into system, voila, seamless, intuitive, and relatively safe update to new firmware version. Worst case scenario, if you bootloop you just flash the stock boot image (or even better, a modified Magisk Core Only boot image) and fix whatever is causing the problem.
Here is a link to my guide for September 2020 build, which was the first Android 11 build. There's a bunch of additional notes due to the major update at the time, though some of the info is a bit outdated. I assumed everyone at the time was on a very specific versions of firmware, Magisk, EdXposed, and even modules, etc. But if you read, especially the 2nd post, you can certainly understand how it all works and how we could apply the process from any firmware version. Here's the thread: https://forum.xda-developers.com/t/...0-009-coral-magisk-stock-boot-images.4160787/
- I recommend giving the procedure a read, as you should be able to understand the intuition behind the process I use.
As we're already (assuming) on latest Magisk, Magisk Manager, EdXposed, Riru, etc. etc, we don't need to worry as much about compatibility of our installed modules before OTA'ing. So basically, I condensed down what needs to be disabled, in my case, to the old GravityBox module (obviously), and the old Kirisakura (my kernel on Q) kernel helper Magisk module. You would also want to disable any modules, Magisk and EdXposed, that may not be compatible with [R] yet.
So here was my update procedure, from here on, coming from August 2020 build already on Magisk 21.2 and up to date EdXposed / Riru / etc. modules - SPECIFICALLY FOR PIXEL 4 XL "CORAL"
(OPEN THE "SPOILER" TO VIEW!):
Spoiler: Pixel 4 XL (and by extension and intuition, hopefully other Pixel series) keep-root / updating guide-procedures
NOTE: The files I provide are specifically only for Pixel 4 XL!! You will need to obtain the correct files for your own device to follow this procedure, but the same idea should be able to be applied!
First, I downloaded the boot and dtbo file(s) for Aug. 2020 thru Dec. 2020 builds. Here's a link to my AFH uploads for these files: P4XL Boot / DTBO files
Then, I patched each month's boot image with Magisk 21.2, and put them to the side.
There's only stock dtbo.img for 08-2020 because dtbo will remain stock throughout the updating procedure, fyi.
Actually, hell, for Pixel 4 XL "Coral" users, to make your life extremely easy, I've uploaded all the files you'll need to follow this here!! - LINK HERE
And OTA files from Google servers: LINK#2 HERE
Disabled GravityBox [Q] module in EdXposed Manager / Uninstall GravityBox [Q]
(Don't bother installing GravityBox [R] yet)
Disabled Kirisakura AK3 Kernel Helper module in Magisk Manager
(you'll also want to disable any modules that potentially may not work with [R])
-- Reboot once to finalize disabling the modules --
(Don't boot back into system until this section is done, to ensure all root, settings, mods, etc. are retained - this is basically the 2nd post of the September guide I linked earlier)
- Reboot into Bootloader mode -
fastboot flash boot 08-boot.img
fastboot flash dtbo 08-dtbo.img
(these steps revert recovery to stock)
- Reboot into Recovery mode-
(when No Command / Android icon shows up, hold power button and tap volume up to get to recovery menu)
Choose option: Apply update from ADB
adb sideload (09-2020 OTA zip).zip
after OTA zip flash completes, REBOOT BACK TO BOOTLOADER
fastboot flash boot 09-patched.img
- NOW REBOOT INTO SYSTEM! -
When your phone boots back into Android (11), you will be rooted, with all mods and settings retained. And if you passed SafetyNet before with the right combination of mods and settings, it should still pass now. While you can, I wouldn't yet bother installing GravityBox [R] quite yet. Let's first continue to incrementally upgrade until we're at 12-2020 (or 01-2021 depending on when you're reading this). Basically, just make sure the Android System Update notification (sorry, I don't remember exactly the notification label, but you'll know when you see it) indicates the update completed before proceding.
Now we just repeat my OTA update procedure again, except no need to flash stock dtbo images, as we're not doing anything (like flashing custom kernel) in this short amount of time that modifies the dtbo partition.
Reboot into bootloader mode
fastboot flash boot 09-boot.img
Reboot into recovery mode
Apply update from ADB
adb sideload (10-2020 OTA zip).zip
Reboot to bootloader
fastboot flash boot 10-patched.img
Boot to system
Allow time for the system update notification to indicate update was completed.
Reboot into bootloader mode
fastboot flash boot 10-boot.img
Reboot into recovery mode
Apply update from ADB
adb sideload (11-2020 OTA zip).zip
Reboot to bootloader
fastboot flash boot 11-patched.img
Boot to system
Allow time for the system update notification to indicate update was completed.
Reboot into bootloader mode
fastboot flash boot 11-boot.img
Reboot into recovery mode
Apply update from ADB
adb sideload (12-2020 OTA zip).zip
Reboot to bootloader
fastboot flash boot 12-patched.img
Boot to system
EDIT: Google released January 2021 firmware update, literally minutes after (or maybe while??) I was posting this! Here is my January 2021 easy update guide for Pixel 4 XL: https://forum.xda-developers.com/t/...5-003-coral-magisk-stock-boot-images.4213263/
Allow time for the system update notification to indicate update was completed.
Install GravityBox [R], activate module, reboot one more time, have fun!!
Also install custom kernel or whatever else you might need to do as well.
To be honest, I kinda rushed this post, so I'll re-read it later and make sure I didn't make any little mistakes. But hopefully if you read my guides threads and stuff (like, actually read it), the entire concept should be very clear and intuitive to you! Assuming other Pixel phones (at least AB Pixel devices) have similar partitioning schemes, this should be very useful knowledge to have, as it makes updating to new firmware versions incredibly easy and low risk. Good luck, I hope this huge post helps some people / makes a better day for someone! =)
EDIT: @frank93, seeing your linked post, I see you have a Pixel 4a. Unfortunately you obviously can't use the exact files I provided / linked, but you should still be able to follow the same procedure. Just grab the OTA's, plus the full factory images, pull the necessary boot and dtbo files from the factory images, and Magisk patch the boot images for each month, and name / organize all the files and put them aside on your computer. You should still be able to follow my procedure, but with your files. I hope it works for you with no problems if you decide to try it!
Has anyone tried one plus 8t?
...aaaand Pixel January 2021 update just dropped
Awesome! 2021 is looking good! Donation sent! Keep up the awesome work bro! Working flawlessly on my Pixel 3xl