Related
Is there a way to dynamically load/use a custom recovery on an Andoid phone (generally, any phone) without actually having to overwrite the phone's stock recovery? For example, by booting to stock recovery, flashing a zip file that will start up CWM/TWRP so you can use it temporarily, but stock recovery is still there and when you reboot the phone it will still be there? Sort of like using a Linux live cd.
Because I figure someone will probably ask, I'm asking about this because I have a phone that I want to get into that is protected by a pattern lock. I haven't examined it yet, but I am strongly expecting:
- No root
- No custom recovery
- No ADB debugging enabled
I know I can bypass the pattern lock from CWM/TWRP (rm /data/system/gesture.key)...but I would prefer to not have to do an overwrite of the recovery partition if it can be avoided. And whether or not this ends up being needed for this phone, it will be good to know for future reference.
Gromlakh said:
Is there a way to dynamically load/use a custom recovery on an Andoid phone (generally, any phone) without actually having to overwrite the phone's stock recovery? For example, by booting to stock recovery, flashing a zip file that will start up CWM/TWRP so you can use it temporarily, but stock recovery is still there and when you reboot the phone it will still be there? Sort of like using a Linux live cd.
Because I figure someone will probably ask, I'm asking about this because I have a phone that I want to get into that is protected by a pattern lock. I haven't examined it yet, but I am strongly expecting:
- No root
- No custom recovery
- No ADB debugging enabled
I know I can bypass the pattern lock from CWM/TWRP (rm /data/system/gesture.key)...but I would prefer to not have to do an overwrite of the recovery partition if it can be avoided. And whether or not this ends up being needed for this phone, it will be good to know for future reference.
Click to expand...
Click to collapse
Only recoveries like that are along the lines of SafeStrap, but is device specific and you already have to be rooted and booted into the OS to install that one. So, for what you need, no.
es0tericcha0s said:
Only recoveries like that are along the lines of SafeStrap, but is device specific and you already have to be rooted and booted into the OS to install that one. So, for what you need, no.
Click to expand...
Click to collapse
Actually, after randomly stumbling across some articles tonight...it appears that you can. At least on some phones, some of the time, with "fastboot boot recovery.img."
http://forum.xda-developers.com/showthread.php?t=2597788
Ah. I didn't think of that because usually you have to unlock the bootloader to do that, which on most phones also wipe them, void the warranty, and often leave some kind of marker that would be obvious. But it depends on the phone still. And it's not uncommon for those things to be disabled on updates too. Also, Samsungs don't have fastboot at all, so that wouldn't be an option for any of them.
Hello everybody.
I have a simple Question about root on this model, is it possible to do?
And if it is possible, tell me how Please.
Best regards
Wojtek
I am looking for the same too
Me too... Looks like it is still impossible
Only paid method and who knows it will be work on my p30 lite......hmm
Hello ppl,
I know this might be a little old.. any way just for the knowledge lets bring this thread back.
I had the same concern for a while, and kind of eager to get mine rooted.. until now.
I managed to unlock mine, and root it succesfully. Latest version of magisk, safty net passed, root essentials running like a charm, I can ADB in to it and su yey!
How? main issue here is my p30 lite MAR-LX3A was already in emui10, and somehow this little sucker wont allow the unlock of the bootloader regardless. I used a unlock tool that is advised to work for this model using testpoint short. how ever it was not working for me, until I read the EMUI had to be downgraded to 9.1.
Once runnig EMUI9.1 I didnt had to re-run the tool it was already unlocked. weird.
Any how the unlocker tool I used was not the ABD/fastboot tools, it was a paid app in case you are still interested in getting it done I can tell you how. Just keep in mind you will need to Open the back cover of the device.
Think is there is no custom recovery image available that works, neither a custom ROM, so all you have is pretty much root access.
I beleive this to be a pretty decent phone so I dont want just to ditch it, I am working to get a TWRP image, if I a managed to so I will get a ROM done as well. Think the whole device has been off the track for dedicated modders and devs, so it has just not been worked on.
which me luck. I'll keep you posted
I used an unlock bootloader service for 15$. First i had to downgrade my emui from 10 to 9.
I can run magisk without problem. My only problem is that i wan't super su. I was able to flash TWRP Recovery 3.2.1.0 (HiSilicon Kirin 710). But i couldn't use it because the folder are encrypted. So if anyone has any idea how to decrypt this let me know
aka_max said:
I used an unlock bootloader service for 15$. First i had to downgrade my emui from 10 to 9.
I can run magisk without problem. My only problem is that i wan't super su. I was able to flash TWRP Recovery 3.2.1.0 (HiSilicon Kirin 710). But i couldn't use it because the folder are encrypted. So if anyone has any idea how to decrypt this let me know
Click to expand...
Click to collapse
I'm gonna look for that TWRP img, I didnt find a working one acutally. is there a specific reason why you rather use super su ?
about encryption you usually need to make sure there is no password configured, I read somewhere about a guy that had his Face recognition still configured, and that was the reason he was unable to unencrypt. there are some zips you can flash somwhere around, but never tried them
blzbh said:
I'm gonna look for that TWRP img, I didnt find a working one acutally. is there a specific reason why you rather use super su ?
about encryption you usually need to make sure there is no password configured, I read somewhere about a guy that had his Face recognition still configured, and that was the reason he was unable to unencrypt. there are some zips you can flash somwhere around, but never tried them
Click to expand...
Click to collapse
I deactivated all passwords etc. But it didn't work for me. The only reason i need supersu is because i wan't recover some deleted contacts and mails after factory reset. And those Windows applications with real deep scan not works with magisk.
aka_max said:
I deactivated all passwords etc. But it didn't work for me. The only reason i need supersu is because i wan't recover some deleted contacts and mails after factory reset. And those Windows applications with real deep scan not works with magisk.
Click to expand...
Click to collapse
why dont you try getting an image of the partition with DD, convert it and mount it in the PC directly, I beleive using the scan software directly against the phone is more complicated than just scanning a directly attached block device.
Hello
Is there any way to decrypt the Huawei P30 Lite?I haven't found anything anywhere.
i have twrp on it but the system is encrypted :-(
i have read some posts about wipe data.. use stock rom etc... But i am to lazy to test it. Let me know if it will works. Be sure to make a backup before playing around
nominator64 said:
Hello
Is there any way to decrypt the Huawei P30 Lite?I haven't found anything anywhere.
i have twrp on it but the system is encrypted :-(
Click to expand...
Click to collapse
there are a few things to try... you can go to wipe menu in TWRP then use the fix/repair option against the system encrypted partition..
-try reparing it
-try changing the partition from ext4 (check first the type usually ext4) to ext2, then change it back to what it was, ext4
last resource:
-wipe all data/factory reset ***** You WILL loose all your personal data if you do this **** just make a backup MANUALLY before doing this.. if you use TWP backup pbby your back will be encrypted too...
I manage to get mine unencrypted with this last step, took a few attempts, but had to reflash Stock so its back to encryption
Maybe we should create our own TWRP version for the p30 lite. There are many tutorials ^^
aka_max said:
Maybe we should create our own TWRP version for the p30 lite. There are many tutorials ^^
Click to expand...
Click to collapse
agreed I have been working on one that truely works, but there are a few blanks about how TWRP really works.. and its boot process. I have learned a little this past week, but still think gonna have to reverse engineer a working img to get some answers.... I was actually thinking on building a orange fox image better not sure what would be easier..
I have lots of work so I do this in my free time, but let me know if you want a help perhaps we can get something and port a nice ROM that's worth the device
.
blzbh said:
there are a few things to try... you can go to wipe menu in TWRP then use the fix/repair option against the system encrypted partition..
-try reparing it
-try changing the partition from ext4 (check first the type usually ext4) to ext2, then change it back to what it was, ext4
last resource:
-wipe all data/factory reset ***** You WILL loose all your personal data if you do this **** just make a backup MANUALLY before doing this.. if you use TWP backup pbby your back will be encrypted too...
I manage to get mine unencrypted with this last step, took a few attempts, but had to reflash Stock so its back to encryption
Click to expand...
Click to collapse
thank you for the suggestions. unfortunately does not work :-(
Please keep us posted, really excited to see a custom rom for this phone, also could you elaborate on the process of unlocking the bootloader? My back cover is already broken so I have to open it up anyways
k.r.o.o.k said:
Please keep us posted, really excited to see a custom rom for this phone, also could you elaborate on the process of unlocking the bootloader? My back cover is already broken so I have to open it up anyways
Click to expand...
Click to collapse
Sure, ive been busy but will try my best.. about the unlock process I end up paying 19 euros... But try using fastboot unlock first.. may save you the money not sure...
1. Downgrade to emui 9.1 .. just plug the p30 lite to PC, install hsuite... Go for the firmware/software update... A pop up screen will show up with some small letters buttom rigth.. older releases or revert to older firmware something like that.. you will get too choose 9.1 only ... Choose that and apply.. Keep an eye out.. this will delete everything in your phone... Next boot you will be in 9.1.. avoid the automatic upgrade.
2. Turn the phone off, take the back cover and locate the testpoints.. short by using metal wire... The small aluminium wire wraps that come with bread and other bags for easy close are usefull just remove some plastic in each side... connect the usb cable to PC.. leave the phone side unplugged.. Touch test point with the wire while the other side touches a metal cover in the phone.. while doing it plug the phone to the USB cable.. the charging animation should not appear . . . Screen must stay black.. otherwise do it again.. if done right the device manager will detect COM port for your device
Identify the point with this video
3. use either app you want to detect testpoint mode and unlock... I managed to do it with a 3 day unlimited license for HCU client.. that did the trick their website have some tutorials easy to follow.
Hi all,
I have the same problem like a few other people. I unlocked the phone with HCU, and after I tried to root with magisk (by trwp) But the main issue, the phone is encrypted and the installation proccess of the magisk by the trwp got failed. How can I root this phone? Anybode has success with this?
Thank you!
huawei p30 lite device root support please
Hello
I am enjoying the life with Redmi note 9 pro, unlocked bootloader and custom rom.
However, I was thinking, if someone gets physical access to the phone he could boot in fastboot or recovery and get inside, right?
So if this is possible, what do we do to protect our information? Is it possible to password protect the booting?
Not if you use encryption. That's why it's there. If you have unlocked phone they can get to bootloader abd for example reinstall whole system a basically make their stolen/found phone working, but that is not possible without full wipe, which means also your data.
Gajdalf said:
Not if you use encryption. That's why it's there. If you have unlocked phone they can get to bootloader abd for example reinstall whole system a basically make their stolen/found phone working, but that is not possible without full wipe, which means also your data.
Click to expand...
Click to collapse
Hi,
Is there a guide for how to enable encryption after unlocking the bootloader on the Note 9 Pro?
Thanks!
Gajdalf said:
Not if you use encryption. That's why it's there. If you have unlocked phone they can get to bootloader abd for example reinstall whole system a basically make their stolen/found phone working, but that is not possible without full wipe, which means also your data.
Click to expand...
Click to collapse
If that's the case then I am ok. My primary objective is the data to be secured.
And do you know why there is no option to encrypt the SD card? I am at MIUI 11 V11.0.4.0.QJZMIXM
BuzzyMind said:
Hi,
Is there a guide for how to enable encryption after unlocking the bootloader on the Note 9 Pro?
Thanks!
Click to expand...
Click to collapse
Hi. The easiest way to accomplish this is to go to settings and search for "encrypt". Activate the "Encrypt device using lock screen password".
Just remember that if you forget this password there is no way to get your data back, and also the microSD card is not encrypted.
BuzzyMind said:
Hi,
Is there a guide for how to enable encryption after unlocking the bootloader on the Note 9 Pro?
Thanks!
Click to expand...
Click to collapse
Unlocking has nothing to do with encryption. These 2 things are not connected in any way. So if you have encrypted system (which is usually by default) unlocking bootloader will not change that.
I don't know where exactly it is on MIUI system, but if you search for encryption in setting you should be able to find it (exactly like Smartie083 said).
If I remember correctly some systems were able to encrypt also sd-card (not sure tho). If your system allows it (you will need to have such option somewhere in security), keep in mind that this will render such sd-card usable only in that device, not anywhere else. So taking it out and connecting to PC will not work etc.
Also if you are interested in security of your system, you might be interested in ditching MIUI, installing clean rom without gapps and if you need G-services then using it through microG (although interesting, I consider this as valid option just for total paranoia people, or people which are running away from law).
Also avoiding root and ensuring that selinux is enabled is helpfull.
Basically some time back I rooted this tablet but since then I've reverted to the stock rom. I've been upgrading the OS through the system update. Everytime I boot the tablet I get the message "this device bootloader is unlocked and not safe bluh bluh" I was wondering if I could re rock the bootloader to get rid of this message along with getting back playstore apps back like Netflix and others (I know I can just download the apk but some apps don't allow that). Now with a quick YouTube search I did find an easy way to re lock but I don't want to end up bricking it. Do you guys think it's safe?
@LegendJim
Don't own a Samsung, hence don't know whether you can access it via Fastboot and in turn don't know whether this may work
Code:
fastboot devices
fastboot flashing lock
fastboot reboot
jwoegerbauer said:
@LegendJim
Don't own a Samsung, hence don't know whether you can access it via Fastboot and in turn don't know whether this may work
Code:
fastboot devices
fastboot flashing lock
fastboot reboot
Click to expand...
Click to collapse
Do u know if by doing this u unlock the apps like Netflix and other **** (ik you can download the apk for some apps but doesn't work for evything)
@LegendJim
Don't think the apps you've in mind query the state of device's boot-loader, at least have never heard of this.
Please be kind if this is a stupid question - I'm very new to this and learning fast.
Would it be possible to add a signature to aromafm or to a lock pattern removal script, using the leaked Samsung platform certificate (as recently reported), and if so would that allow it to be sideloaded to stock recovery in a Galaxy S9?
I recently had to add a pattern lock - which I somehow managed to immediately forget. Even though it was a simple pattern specifically chosen to fall naturally under the hand so that I wouldn't forget it... I've tried so many variations that it's now making me wait 24 hours between attempts. It also turns out that data that I thought was backing up externally was actually only going to internal storage, so I really don't want to do a factory reset without trying absolutely everything else first.
Galaxy S9
Not rooted
Bootloader is locked
USB debugging is enabled
ADB can see the phone but it's not authorised
ADB sideload does work - but of course any scripts need the Samsung signature.
The phone is not registered with Samsung, so I can't unlock it through my Samsung account.
I realise it's clutching at straws but would the leaked platform key be a way in?
missmilla said:
Please be kind if this is a stupid question - I'm very new to this and learning fast.
Would it be possible to add a signature to aromafm or to a lock pattern removal script, using the leaked Samsung platform certificate (as recently reported), and if so would that allow it to be sideloaded to stock recovery in a Galaxy S9?
I recently had to add a pattern lock - which I somehow managed to immediately forget. Even though it was a simple pattern specifically chosen to fall naturally under the hand so that I wouldn't forget it... I've tried so many variations that it's now making me wait 24 hours between attempts. It also turns out that data that I thought was backing up externally was actually only going to internal storage, so I really don't want to do a factory reset without trying absolutely everything else first.
Galaxy S9
Not rooted
Bootloader is locked
USB debugging is enabled
ADB can see the phone but it's not authorised
ADB sideload does work - but of course any scripts need the Samsung signature.
The phone is not registered with Samsung, so I can't unlock it through my Samsung account.
I realise it's clutching at straws but would the leaked platform key be a way in?
Click to expand...
Click to collapse
While XDA prides itself on being hacker friendly, we shy away from anything that could result in legal liability, which is why we do not permit the sharing of any proprietary material, even if it's already in the public domain.
So in a nutshell....I imagine that if one did have a valid key, and signed an update package using that key, they could potentially use it to exploit their device, such as changing the props to allow bootloader unlocking, thereby permitting custom recoveries. Samsung as far as I know does not protect the system image with Verified Boot, so it is possible to modify /system without incurring a boot failure.
All that being said, the point is pretty moot, because as I pointed out we do not allow sharing anything that is licensed intellectual property, so any discussions on the topic would have to be rather...vague.
V0latyle said:
While XDA prides itself on being hacker friendly, we shy away from anything that could result in legal liability, which is why we do not permit the sharing of any proprietary material, even if it's already in the public domain.
So in a nutshell....I imagine that if one did have a valid key, and signed an update package using that key, they could potentially use it to exploit their device, such as changing the props to allow bootloader unlocking, thereby permitting custom recoveries. Samsung as far as I know does not protect the system image with Verified Boot, so it is possible to modify /system without incurring a boot failure.
All that being said, the point is pretty moot, because as I pointed out we do not allow sharing anything that is licensed intellectual property, so any discussions on the topic would have to be rather...vague.
Click to expand...
Click to collapse
Thank you, that's really helpful. I was thinking more whether simply adding a signature to a script would let that script be used directly with stock recovery, rather than unlocking the bootloader to flash a custom recovery (which I suspect would be beyond me), but it sounds as though in theory it might be worth a try. At this stage I probably have nothing left to lose as I'll have to to a full reset anyway if I can't find anonther way in.
missmilla said:
Thank you, that's really helpful. I was thinking more whether simply adding a signature to a script would let that script be used directly with stock recovery, rather than unlocking the bootloader to flash a custom recovery (which I suspect would be beyond me), but it sounds as though in theory it might be worth a try. At this stage I probably have nothing left to lose as I'll have to to a full reset anyway if I can't find anonther way in.
Click to expand...
Click to collapse
I'm honestly no expert on this kind of thing, but if I'm correct in my assumption that Samsung does not protect the system image, then yes - you could, in theory, use the leaked key to sign an update package that could patch /system to gain root. This would require knowledge of exactly how Samsung signs their updates. However, if the system image is protected, this would cause a boot failure, as AVB would detect the modification.
But.
If the above were possible, then the best course of action would be to create a script that would set ro.oem_unlock_ability=1 and sys.get_unlock_ability=1, after which the user would immediately reboot to download mode and unlock the bootloader, because once you've unlocked the bootloader, you've removed a lot of restrictions - you can flash a custom recovery, flash a root patch, flash anything you damn well pleased.
I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.
V0latyle said:
I'm honestly no expert on this kind of thing, but if I'm correct in my assumption that Samsung does not protect the system image, then yes - you could, in theory, use the leaked key to sign an update package that could patch /system to gain root. This would require knowledge of exactly how Samsung signs their updates. However, if the system image is protected, this would cause a boot failure, as AVB would detect the modification.
But.
If the above were possible, then the best course of action would be to create a script that would set ro.oem_unlock_ability=1 and sys.get_unlock_ability=1, after which the user would immediately reboot to download mode and unlock the bootloader, because once you've unlocked the bootloader, you've removed a lot of restrictions - you can flash a custom recovery, flash a root patch, flash anything you damn well pleased.
Click to expand...
Click to collapse
Thank you, I will do some more digging around. Would unlocking the bootloader that way not wipe the data?
blackhawk said:
I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.
Click to expand...
Click to collapse
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.
missmilla said:
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.
Click to expand...
Click to collapse
If in the US try a Samsung Experience center at a Best buy.
I never set locks on my phones, bios's or use encryption on data backup drives because you are always the one most likely to be locked out, sometimes through no fault of your own
Digital data is fragile unless it's redundantly backed up.
blackhawk said:
I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.
Click to expand...
Click to collapse
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.
blackhawk said:
If in the US try a Samsung Experience center at a Best buy.
I never set locks on my phones, bios's or use encryption on data backup drives because you are always the one most likely to be locked out, sometimes through no fault of your own
Digital data is fragile unless it's redundantly backed up.
Click to expand...
Click to collapse
Thank you. I'm in the UK but we do have a couple of Samsung Experience Centres here so I'll try asking. Oh I will definitely be making multiple, unencrypted backups from now on! I will also be rooting the phone and installing a custom recovery just in case.
If you start playing with the firmware bricking the device is always a real possibility especially if you don't follow the protocols correctly. I never had to flash any of my Samsung's in 12 years, all are still working today. I don't do OTA updates either, ever, the potential to brick them like that is higher with you having zero control.
Samsung would really love to sell you a new expensive phone...
Some lessons you end up learning the hard way. I lost a 30yo database that is irreplaceable
Learn from your mistakes and press on. It's a lot easier though to learn from other's mistakes.
missmilla said:
Thank you, I will do some more digging around. Would unlocking the bootloader that way not wipe the data?
Click to expand...
Click to collapse
Unlocking the bootloader will always require a data wipe.
missmilla said:
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
Click to expand...
Click to collapse
The stock recovery will refuse any packages that are not signed, or are signed with an unrecognized key. There's other measures in place as well.
blackhawk said:
If you start playing with the firmware bricking the device is always a real possibility especially if you don't follow the protocols correctly. I never had to flash any of my Samsung's in 12 years, all are still working today. I don't do OTA updates either, ever, the potential to brick them like that is higher with you having zero control.
Samsung would really love to sell you a new expensive phone...
Some lessons you end up learning the hard way. I lost a 30yo database that is irreplaceable
Learn from your mistakes and press on. It's a lot easier though to learn from other's mistakes.
Click to expand...
Click to collapse
Probably not something to be messing around with when I don't know what I'm doing then.
Ouch! No wonder you're so careful with backing up... as I will be too from now on. Lesson learned
V0latyle said:
Unlocking the bootloader will always require a data wipe.
The stock recovery will refuse any packages that are not signed, or are signed with an unrecognized key. There's other measures in place as well.
Click to expand...
Click to collapse
It's sounding like I'd probably better count my losses and leave it alone. And be more careful in future. All this has got me itching to try stuff out though. Possibly not on my one and only phone, but maybe if I can get a cheap second hand one to play with, or the S9 once I eventually upgrade - it sounds so much fun!
You can use the key to sideload an update, if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures, but the problem on this is where you can find the certificate? Nobody will tell you where you can find it because who has it remains silent and also communities do not allow this kind of sharing.
Skorpion96 said:
You can use the key to sideload an update, if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures, but the problem on this is where you can find the certificate? Nobody will tell you where you can find it because who has it remains silent and also communities do not allow this kind of sharing.
Click to expand...
Click to collapse
Thank you. Yeah, I thought I had seen someone publish the certificate, but I misunderstood. So wouldn't be able to get hold of it what with not being familiar with the dark web!
Skorpion96 said:
if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures
Click to expand...
Click to collapse
you can always flash blank vbmeta on low level (such as usbdl, edl or bootrom mode) but that's not how it works.
aIecxs said:
you can always flash blank vbmeta on low level (such as edl or bootrom mode) but that's not how it works.
Click to expand...
Click to collapse
Depends, if your device is made in USA you can't. I was only suggesting a way to bypass flashing restrictions hoping that bootloader lock don't block you. Normally bootloader lock blocks unsigned flashing but if you are able to bypass it during flash maybe you can boot unsigned firmware, I'm not sure though. To flash stuff you can use an exploit or escalate privileges with a signed app that updates a system one to become uid 1000 and after that you can do setenforce 0 or setenforce permissive to set kernel permissive
No no, locked bootloader prevents booting unsigned boot, vbmeta, etc (not flashing in first place)
@missmilla just realized you wanna break into your device? this was always possible for S9 (encrypted with default_password) but it's not easy
https://www.forensicfocus.com/news/samsung-exynos-support-in-oxygen-forensic-detective
aIecxs said:
@missmilla just realized you wanna break into your device? this was always possible for S9 (encrypted with default_password) but it's not easy
https://www.forensicfocus.com/news/samsung-exynos-support-in-oxygen-forensic-detective
Click to expand...
Click to collapse
Apparently the Qualcomm variants aren't suspectable to this hack. Only Exynos models are listed.