The corporation that I work at has recently moved their security software for mobile devices, to MobileIron.
With the limited knowledge about the program, and the fact that I can't access their server (yet) so I can do some testing, I am trying to find a way around this so called "root detection" and what it does.
I was looking at installing CM7 on one of my phones and taking that in to try to test it and get some log files of the machine. However, I am just wondering has anyone had the blessing of having to deal with this pain in the ass application? I would really like to say "Ha!" to my co-worker who thinks that you won't be able to get around their detection method. But in general, I don't enjoy having to forward everything to my e-mail account, because office e-mail forwarding, generally sucks (doesn't forward half of my replies or sent items).
Would anyone be willing to help me out with this, once I get some decent information for this?
They're going to do that to me too. However I'm actually OK with browser-based OWA on my Galaxy, yes I know that's probably too awful to contemplate but it's probably what I'll resort to until somebody finds a way around. Somebody with a lot more chops than me.
Has anyone found out how the application detects root? I'm about to have to deal with this, and I'd really like to be able to keep root.
Wow thats crazy. Maybe ask chainsDD?
Sent from my MIUI.us Sensation 4G using XDA App
My company is also moving to MobileIron...will see if I can get any insight into how it detects rooting...
Bump.. bump.. My company also moving to MobileIron..
See Below....
Run fully rooted Rom and mobileiron
Disclaimer: This is for testing purposes only. I do not condone breaking company policy, or breaking any laws. I am not responsible for you getting fired as a result of you making these modifications. You should always read and abide by company policies and any laws pertaining to such modifications. Use of this tutorial is at your own risk.risk.
Preface: I have tested this and its fully functional on my CDMA galaxy nexus and HP Touchpad both running CM9. I haven'tt tested this on any other device or ROM.
Requirements:
1. Rooted Android Phone running ICS based ROM
2. Titanium Backup (app installed)
3. Hide my Root (app installed)
4. Mobileiron (app installed but never run)
5. Touchdown (app installed but never run)
Instructions:
Edit: Make a nandroid backup 1st.
1. Open Hide my Root
2. Choose hide SU binary
3. Press home
4. Menu, settings, apps, all apps
5. Choose Superuser.apk
6. Choose disable
7. Now open mobileiron and configure the settings per your company's instruction.
8. Set up your email in the Touchdown application and let it sync everything.
9. Open Hide my Root and choose restore SU Binary
10. Go back to menu, settings, apps, superser.apk and choose enable.
11. Open Titanium Backup
12. Choose backup/restore from the top
13. Scroll to Mobileiron and tap it and choose freeze.
Now restore your nandroid backup before you get in trouble.
There is another way, as well, however, you have to de-compile the apk file.
Loopholes
GNeX
AOKP
FRANCOS LATEST KERNEL
& WHATEVER [MOD AT THE TIME]
Bumping this thread in response to MI's latest app update which now detects the root. Hoping to get some more minds in on this, maybe use this thread to collaborate:
http://forum.xda-developers.com/showthread.php?t=1611861&page=3
Hello, everyone!
If you aren't an expert - that's okay. Everyone is welcome and you're free to ask questions.
Make sure to check the date this post was updated (I may forget to update the date in the title) which is located at the bottom of this post. If this post hasn't been updated in more than a month, contact me and I'll refresh everything.
Quick Introduction:
I'm new to the Yoga Book squad, and I've noticed one major downside.... the forums are a total mess. So what I'm hoping to do, is to keep this thread as up-to-date as possible, with links to guides, development progress and anything else.
I figure to make this more... tidy, I will enforce a colour-coding system for each sub-thread-guide-thingy, so you can instantly tell whether a guide or method to do something to your Yoga Book is risky, and most likely experimental, or is well tested. These will probably be done via experiments on my own Book (the wifi-only version), but of course I will hope via this community thread I will be able to provide more detailed statistics and such as everyone does their own thing to their device.
If you have anything to add to this thread, or would like to help out with anything; please feel free to contact me or just tell me what you're thinking - I'll do my best to read everyone's replies.
General Yoga Book Information
To my knowledge, there are two versions of the Yoga Book, each with two sub-versions for the OS:
1.) YB1-X9aF - this is the Wi-Fi version
2.) YB1-X9aL - this is the LTE/4G version
Where the "a" between the 9 and the F/L is either a zero or a one, depending on the installed OS (Android: 0, Windows 10: 1)
The SIM card is a Nano-SIM with 3G capability.
Other than that, all Yoga Book devices share the following specifications:
- 10.1 inch IPS display, of resolution 1920x1200
- Intel Atom x5-Z8550 processor, which:
----+ Has an architecture of x86_64
----+ Core base clock of 1.44 gigahertz
----+ Core boost clock of 2.4 gigahertz
----+ 4 cores and 4 threads
- Battery capacity of 8500 milliampere hours
- On-board storage of 64 gigabytes of solid-state storage (SSD)
- 4 gigabytes of random-access memory (RAM)
- A microSD card slot capable of up to 128 gigabytes of storage
- Two camera's, one above the display and one on the keyboard
- Wi-Fi (802.11 ac) and Bluetooth (v4)
- 3.5 millimetre headphone jack
- Micro-USB 2.0 OTG port
- Micro-HDMI port
Colour (or color) Codes and Tags:
For those who like using grey-scale display filters or whom are colour blind, I've added a "level" to each of them, where level 3 is like... crazy meltdown experimentation mode, and 1 is stable-ish (probably as stable as it'll get unless a REAL developer takes on the challenge).
[X] - Means that you will have to delete some or all of your data for it to work
[R] - Means that it requires a Rooted device
[Level 3] VERY EXPERIMENTAL - Use with caution, and with the knowledge that you may boot-loop, brick your device or lose your data!!! OR ALL OF THOSE THINGS!! Make sure to backup everything you hold dear, and just for good measure you'll have something to fallback on.
[Level 2] NOT WELL-TESTED - This will probably work for most people, but things may be unstable at the best of times. Again, make sure you have a backup before trying level 2 items.
[Level 1] 99% FINE - If there's an issue, it's probably your own fault... but again, I can't guarantee that everything I or anyone else does is perfect and will work for everyone! You should probably still have a backup, but if you're lazy like myself it's okay, I forgive you.
Android M/6.0
Rooting, backups, and more!
[1][X] Unlocking the Bootloader
earthCallingAngela wrote a really nice guide for unlocking the bootloader. The original thread is here, but for those who are too lazy to open the link in a new tab I've quoted the information.
IF YOU APPRECIATE THEIR EFFORTS GO AND THANK THEIR ORIGINAL POST!!!
Remember, unlocking your devices bootloader will format your storage (meaning you'll lose all of your data), so backup anything important before proceeding.
earthCallingAngela's OP: https://forum.xda-developers.com/yoga-book/how-to/how-to-unlock-bootloader-t3502216
I hope this is useful information. It took me a bit to figure it out due to a lot of conflicting information, since the procedure has changed, perhaps several times, since the first version of Android. Also, I'll probably forget myself.
Please note that I've performed these steps on Linux (Specifically Arch Linux). Others have pointed out that if you have issues executing step 7 from Windows, you may need to follow this post.
1. Install Android Studio, or otherwise obtain the latest versions of the adb and fastboot programs. I think Windows users also need to install a USB driver, but I run Linux, so I am not sure about that procedure.
2. Gain access to the developer options on the tablet. Go to the settings, and find the "about tablet" section. Scroll down to the "Software version" section and tap on that several times until it says that you are now a developer. Feel special.
3. Go to the new "Developer options" setting. Select "OEM unlocking." Also, I selected "USB debugging" as a straightforward way to reboot into the boot loader.
4. Connect to the computer on which you've installed adb and fastboot.
5. Type 'adb devices' to see your device listed. The tablet will ask you if you're sure you want to allow the computer access to it. Answer in the affirmative, and save that option.
6. Type 'adb reboot-bootloader' to do just that.
7. After you see the innards of your 'droid, type 'fastboot flashing unlock' . On Linux, you may need root permissions to do this. The tablet will ask you to confirm (select with up/down volume, and accept with the power button), and will then erase all of your data! I didn't worry about this as I'm all on Google services, and so they can be restored easily enough.
Click to expand...
Click to collapse
[3] TWRP Custom Recovery
danjac has written a post about his attempt at getting a modified version of TWRP running on his Yoga Book. From what I can tell it was a success, besides a few bugs (which are avoidable... I think).
WARNING! MAKE SURE YOU READ THESE!!
Before you go ahead and just flash his version, make sure you know the consequences that could arise if something goes wrong. If the recovery of your device screws up, you don't really have much to bring it back to life with. Even though there shouldn't be many things to worry about, it's still very risky.
In fact, it is recommended you ONLY temporarily boot into TWRP, instead of just flashing it like you would on another device. danjac's OP gives more information for you to use.
If you think you are willing to take the risk and know what you're doing, I highly suggest you make a complete backup of your device if possible. So far there isn't really a way to get your stock recovery back (since we don't have a custom ROM or a way to download Lenovo's modified version online).
danjac's OP: https://forum.xda-developers.com/yoga-book/development/recovery-twrp-t3533980
[2] Rooting (via Magisk)
danjac wrote the first guide to rooting the Yoga Book, and you should, again, go and thank his original post. However, his OP is now a bit outdated, Magisk (currently v12.0) now includes a root module (MagiskSU) based on phh's SuperUser.
Please note: If you are already rooted via a different method (and maybe you want to change because it didn't work... or something like that) you have to go into your super-user manager and uninstall it. If you have a previous version of Magisk installed, there is an uninstall ZIP that you can flash, which will remove any Magisk version, including MagiskSU. Again, more details on the main Magisk thread.
Do I NEED to unlock my bootloader to Root my device?
The short answer is yes, and the long answer is sort-of. You only need to unlock your bootloader if your ROM doesn't support Rooting out-of-the-box (which in Lenovo's case, it isn't supported). However, you can lock your bootloader afterwards if it's such a concern to you. Yeah, you probably will stop receiving over-the-air updates from Lenovo, but they're probably not going to push out another update for a long while, so in my opinion it's nothing to worry about.
Follow the instructions on the main Magisk page to install it if you're new to Magisk, but if you know a thing or two then I'll paraphrase:
- Flash the latest Magisk ZIP file via the TWRP Recovery (if you have it) or just flash it over ADB
- You should also download the Magisk Manager from the Play Store to make sure you're always up-to-date
danjac's OT: https://forum.xda-developers.com/yoga-book/how-to/root-yb1-x90l-how-to-t3534268
Magisk's main thread: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
[2] Dual-booting Android and Windows 10
Since there isn't a place to get the Android side of things, I won't put too much info here.
Although if you're already running the Android version and want to know how to put Windows 10 on your device too, look at this thread.
Dual-booting OT: https://forum.xda-developers.com/yoga-book/help/android-to-windows-hack-dual-boot-option-t3475733
[3][X] Custom ROM
Currently there is no custom ROM which supports the Yoga Book, mainly for the simple fact not many people own the device. However, if we make enough noise in the community I'm sure someone will crack under the pressure ;P
Although, I'm doing my best efforts to merge the device drivers and such into the Android Source code, but you shouldn't get your hopes up. If I ever get it working, it will probably be unstable and not that great (I don't have much experience with the details of the Android OS), I'm running off my knowledge of the Linux OS.
If you're using the Windows 10 version of the Yoga Book (I'm sorry you paid the extra $50!!), hopefully Lenovo will at least release a version of their own ROM soon (or put it back from what I've heard). I've also heard that they're upgrading to Nougat in October (of 2017)... so we've got plenty of time to find another solution to our sorrows.
Information for Developers:
Someone has also posted a backup of their working Lenovo-customised Android OS, but I won't post a link here because:
- It's only a backup
- May draw un-wanted attention to the link
But if you're a developer and you think that will help you, you can easily find it somewhere in these forums.
EDIT: The link has now been removed (I can't find it)
If you're trying to
Code:
repo sync
the AOSP and you're getting stuck syncing the work tree, try doing this (from the folder you're trying to sync to):
Code:
rm -rf frameworks/compile/slang/
mkdir /home/<user>/slang_helper
sudo ln -s /home/<user>/slang_helper frameworks/compile/slang
Please be careful when typing commands into your terminal, especially from the internet, and especially when you don't understand what the commands are doing.
Lenovo's source code download: http://pcsupport.lenovo.com/au/en/products/tablets/yoga-series/yoga-book/za0v/downloads
[2] Linux without removing Android
Thanks to @Tiggi2017 for making the first guide. His OT here is a good one to read through if you're interested in this.
Via a few apps and some commands, you're able to have a "Linux" OS running on your Android device with the Halo Keyboard and such still working perfectly.
His original method doesn't need Root access apparently. However, there are other methods that may be easier for some people if they have a Rooted device. Look through the comments in that thread for more information.
OT: https://forum.xda-developers.com/yoga-book/how-to/yoga-book-gnuroot-debian-t3580358
Apps, tips and tricks!
[1] Apps That Support Multi-Window
Thanks to sashlon1138 for doing most of the hard work by putting this list together (may not be complete, if you know of more apps that work let me know so I can add them!).
Thanks to uuang for getting the ball rolling.
Thanks to Csilla4 for finding the first calculator app that works.
Thanks to docoli for also finding a huge list of compatible apps.
Csilla4:
- iDo Calculator
uuang:
- RAR
- Google Photos
sashlon1138:
- Chrome (but not beta)
- Facebook
- Messenger (Facebook)
- Gmail
- Outlook
- Youtube
- VLC
- Google Search
- Home
- Instagram
- Pinterest
- Dolphin Browser
- Ebay
- Paypal
- Flow Free
- Google Maps
- Google Earth
- OneNote
- Wikipedia
- ES File Manager
- Twitter
- Evernote
- Reddit
- Skype
- Candy Crush Saga
- Candy Crush Soda
- Candy Crush Jelly
- Spotify
- Soundcloud
- Opera
- Opera Mini
- Yahoo Mail
- Viber Messenger
- MX Player
- Google Translate
- Shazam
- AliExpress
- Tumblr
- Twitch
- Mega
docoli:
- Microsoft Word, Excel and Powerpoint
- Softmaker Textmaker HD, Planmaker HD and Presentations HD
- RealCalc
- Adobe Acrobat
- CamScanner
- MindjetMaps
- LinkedIn
- ezPDF Reader
- Detexify
- HERE WeGo
- Google Street View
- Öffi (German Public Transportation Schedule app)
- DB Navigator (German Railroad Schedule app)
- Kindle
- Amazon Prime Video
- Maxdome
- Barnes & Noble Nook
- Audible
- TuneIn Radio
- TED
- Babbel
- dict.cc. plus
- Amazon
- Nine (you can even have any number of items in parallel on the screen, e.g., inbox, calender, contacts, notes)
- OneDrive
Link to OT: https://forum.xda-developers.com/yoga-book/help/multi-window-apps-t3565253/post71494066#post71494066
[2] Changing the DPI
WARNING! Do not change your DPI to extreme values! You may render your device useless (unless you already have set up ADB and know how to revert the changes)!
Thanks to melando for bringing up the actual default DPI values.
Just so you are aware, if you're running Android 7 (Nougat) or later, you can adjust the "DPI" to some preset values from the settings app.
Using this site, I calculated that the Yoga Book has a technical DPI of 224 pixels per inch, with a resolution of 1920 by 1200 pixels, over a 10.1" screen (diagonal). However, the default Lenovo has set it to may be actually 280. They suggest that you may find it better if the DPI is set to 240.
This is a trivial modification if your device is Rooted. All you have to do is open the Play Store, and search for something along the lines of "DPI changer", and find an app that has good reviews.
An example app would be "Easy DPI Changer [Root]"
If your device does not have Root, then you will have to have a computer with ADB installed.
To install ADB, do a quick Google. There's bound to be a guide there somewhere (I'll put one here soon).
Once you have ADB installed, you can follow this easy guide to change your DPI to whatever you like.
DPI Calculator: http://dpi.lv/
Non-Root Method: http://www.androidbeat.com/2015/07/how-to-change-dpi-of-android-device-without-root/
[1] Recommended Apps...?
There isn't anything here as of yet, because I haven't gotten far enough to look for any good apps that work well with the Yoga Book. So right now I'm going to rely on everyone else for that. I'll get there eventually.
However, you should at least download Magisk Manager from the Play Store, to manage your Root and other neato Magisk features.
If you're a developer, and need guinea pigs to test your stuff on, I am happy to help anyway I can (and I'm sure much of the community is too).
If anyone needs help, I'll do my best to assist, but if it's anything too tedious (such as teaching you how TWRP works or something along those lines), you should probably have a look on the internet for tutorials and guides for that stuff. There are plenty of people out there who can explain concepts better than myself.
Windows 10
Simple customisations!
[1] Touch-pad Customiser
This program was first put into the spotlight by dinosauria123, so go to their original post and thank them for finding this.
This small program lets you modify some simple variables associated with your touch pad, only requiring a reboot after you change something.
Features:
- Setting extended right click area
- Setting unlock area
- Setting mouse pointer acceleration
- Setting scroll direction
- Disable Touchpad clicking (added in version 1.4)
Click to expand...
Click to collapse
OT: https://forum.xda-developers.com/yoga-book/themes/yoga-book-touch-pad-setting-application-t3569836
[1] Minor Halo KB Customisations
If you were wondering if there was a simple and easy way to lower the brightness of the Halo Keyboard, or just get rid of those pesky battery-draining touch vibrations for every key press, there is a way!!
Best of all, you don't have to download it! It's already installed!!
To find this not-so-well-hidden app, you have to either go to your Program Files, or open the good-old Control Panel (thanks to urayandro for pointing out that it's in the Control Panel!).
Control Panel method: Once you're in the Control Panel, just click on "Appearance and Personalisation", and you will find the "Halo Keyboard" program right at the bottom.
Program Files method: For 99.9% of people this is on your Local Drive (C: ). It may be located in your normal Program Files or it may be in your x86 Program Files, I'm assuming it depends on whether you're using the Windows 10 your device originally came with, or you have re-installed it (thanks to sawyerbenjamin for informing me that for them, it was in the normal Program Files folder). Assuming it's in your normal program files; go to Program Files/Lenovo/ and there it is. The application name is "ControlApp.exe". You can also make a shortcut to this application - I put a shortcut on my Desktop.
It allows you to:
- Toggle the touch tone/sound
- Toggle the vibration on keypress
- Adjust the time it takes for the keyboard lights to turn off
- Adjust the backlight (or whatever that is called) brightness for the whole keyboard
Risky or experimental customisations!
[2] Using AMIDuOS (Android Emu)
Update: I've spent a bit of time trying to use this, and in my opinion it's not worth the time. But if you need a development environment for something, it's pretty good at that. :/
In my attempt at replacing my Windows 10 installation with any version of Android I could find, I ran across this program called AMIDuOS. It's similar to emulating an Android system while you're in Windows, but instead of running it in a virtual environment, it runs directly on your x86 hardware (which is what the Yoga Book uses).
If you're cool with having a Windows 10 version of the Yoga Book, but still want to use some Android applications (possibly for drawing, or maybe just because the Android ecosystem is miles better compared to the Windows one) this may be a good solution for you.
Currently, they support Lollipop and Jellybean (not Marshmallow). However, this program is not free. You can trial it for free though. I'm fairly certain the full price is $10 USD.
It's not a difficult thing to set up (apparently), so if you wanna try something out and know how to deal with possible emulation problems (although unlikely) it may be worth it.
AMIDuOS Website: http://www.amiduos.com/
[2] Process Lasso
Huh? Process what-now? Yep, Process Lasso is a very complex program filled to the brim with algorithms tailored mainly towards getting the best performance and responsiveness, and to control those pesky rogue background processes that slow down your device when you don't need them to.
This program is completely free (but it does have a Pro version if you want a few extra customisation's and want to support the developers) and I've found it works pretty well, especially with a low-power device like the Yoga Book.
Since the Yoga Book is meant to be a very portable device, I'm not using Process Lasso to get maximum performance (as that would obviously drain the battery life quickly), I'm using it to make sure that if there's a program that needs to use power and deplete my battery life, then it's something I want - not some dodgy Windows background processes or other stuff like that.
It's pretty easy to set up. I've got a few of the main features enabled, and I recommend that you use similar settings.
I've enabled:
- ProBalance; this will keep the background processes in check, and allow the foreground processes to take the reigns of your CPU, insuring you experience minimal stutters.
- SmartTrim; this is an optional one, since I'm constantly micro-managing the applications I've got installed on my 64GB internal drive, this should help to prolong the performance of my drive, making sure it's well pruned (that's a pretty good analogy actually)
I've turned off the tray-icon showing me the CPU utilisation, so that doesn't need to waste any of my precious battery life (I'm usually a battery-life extremest), but you don't need to do that.
So if you're experiencing major delays when just doing simple things like moving around the Windows 10 user interface due to rogue background processes, I highly recommend you give this program a try.
Also, if you're a pro-ish-user like myself, feel free to dive deeper into the program. It's filled with toggles and adjustable's for you to play with and tailor the program to your needs, and almost everything you can change is accompanied with a tool-tip explaining what it does. Enjoy! But of course, as always, be careful of what you change - there are some things that could make your system really slow and or unstable.
P.S. The Yoga Book uses the 64-bit system, so choose that version of the program.
Website: https://bitsum.com/
Reserved
Does anybody know, whether bootloader unlocking is necessary for magisk root?
Con_Sole said:
Does anybody know, whether bootloader unlocking is necessary for magisk root?
Click to expand...
Click to collapse
I'm not entirely sure, however flashing something to your device (via TWRP at least) does require an unlocked bootloader. So without an unlocked bootloader, I don't think there's a way to install MagiskSU. Sorry about that... :/
I will have a look around and see what I can find, though.
Con_Sole said:
Does anybody know, whether bootloader unlocking is necessary for magisk root?
Click to expand...
Click to collapse
So I've done more looking around and here is your answer: Yyyyeeeeaaaahhhhhh......?
Magisk itself does not require an unlocked bootloader, however, it does require root access. Usually to get root access you need to unlock your bootloader, unless it comes already rooted in a custom ROM (but in our case, it doesn't). Unlocking the bootloader is a relatively safe procedure to perform, so [in my opinion] you shouldn't have anything to worry about!
nan0s7 said:
[1] Minor Halo KB Customisations
If you were wondering if there was a simple and easy way to lower the brightness of the Halo Keyboard, or just get rid of those pesky battery-draining touch vibrations for every key press, there is a way!!
Best of all, you don't have to download it! It's already installed!!
To find this not-so-well-hidden app, you have to go to your Program Files. For 99.9% of people this is on your Local Drive (C. So to get to it, go to Program Files (x86)/Lenovo/ and there it is. Its very helpful and informative name is ControlApp.exe.
It allows you to:
- Toggle the touch tone/sound
- Toggle the vibration on keypress
- Adjust the time it takes for the keyboard lights to turn off
- Adjust the backlight (or whatever that is called) brightness for the whole keyboard
Click to expand...
Click to collapse
it's not not-so-well-hidden app.... it's not hidden at all. you can found it under "appearance and personalization" section of retro control panel.
urayandro said:
it's not not-so-well-hidden app.... it's not hidden at all. you can found it under "appearance and personalization" section of retro control panel.
Click to expand...
Click to collapse
Indeed it is! Consider that noted ;P
urayandro said:
it's not not-so-well-hidden app.... it's not hidden at all. you can found it under "appearance and personalization" section of retro control panel.
Click to expand...
Click to collapse
I found it in my normal Program Files folder. (x86) only contained a folder for LenovoPaper.
sawyerbenjamin said:
I found it in my normal Program Files folder. (x86) only contained a folder for LenovoPaper.
Click to expand...
Click to collapse
Huh, well it must depend on whether you kept the original installation of Windows that came on the device, or whether you reinstalled it (or came from Android). I'll add that information. Thanks!
sawyerbenjamin said:
I found it in my normal Program Files folder. (x86) only contained a folder for LenovoPaper.
Click to expand...
Click to collapse
Same here. In my device is also only contain LenovoPaper under \Program Files (x86)\LenovoPaper
What i mean with retro control panel is old window's control panel. not the win10 setting. You can access it by:
1. Click start and type "control panel" then press enter.
2. You should see control panel window that similar to older version of windows.
3. Go to "Appearance and Personalization
4. Under there you should see "HaloKeyboard" shortcut.
You can also create another shortcut of this app by right-clicking it then choose create shortcut. Windows will make another shortcut on the desktop. I did this to get easier access when need to adjust keyboard brightness.
Hey there,
i think there is a way to flash the win 10 image on my yb1-x90f. just don't wont to brick it and so i have a few questions to all of you experts. in other words, i need your help
there is a quide i found in internet, which i think could work. But there are words i've never read before like "RUSB". is this an important word? i attached as low quality pdf...
there is also the win 10 image online. but we have to pay for it because it's "exclusive" stuff. 50$
maybe we can put together, 50/50 so its 25$ for me and you?
i think you know which page is meant. if not pm me
like descriped in the guide, (part 3) we have to select "Boot Menu" and after that "EFI USB Device"
But my bootloader looks different (android version).
is there a way to flash the image via original android bootloader/recovery or do we need to find a way to get into the other bootloader?
in this post: https://forum.xda-developers.com/yoga-book/help/bricked-yoga-book-yb1-x90l-t3537048
@mmusaad managed to get into this kind of "mode" but i think its a dangerous way and he had a big luck to "unbrick" his device. maybe onyone find an easy way to go into this "windows bootloader" or whatever?
so maybe we can work togehter
woodirk said:
there is also the win 10 image online. but we have to pay for it because it's "exclusive" stuff. 50$
Click to expand...
Click to collapse
Probably wrong translation from Chinese... Should read USB-R. There are USB Ports which don't support remote drives
woodirk said:
there is also the win 10 image online. but we have to pay for it because it's "exclusive" stuff. 50$
Click to expand...
Click to collapse
Windows was never free, that's why the Windows Yoga Book is $50 more expensive. A Win-Image will not help you either, as Lenovo brands the Product Key into the Bios.
jamespmi said:
Windows was never free, that's why the Windows Yoga Book is $50 more expensive. A Win-Image will not help you either, as Lenovo brands the Product Key into the Bios.
Click to expand...
Click to collapse
OMG sometimes i think "together" :highfive: is a heavy word... :crying:
what about this ? (see attachement)
and stop letting me look like an idiot...
I'm on the YB1-X91F, which is the Windows version. Unfortunately for us, the Android and Windows versions of the Yoga Book have totally different BIOS's. This is the main thing stopping us from being able to dual-boot.
Easy-firmware has both the Android and Windows' ROM's, but they only provide instructions on how to overwrite the current operating system, not the opposite ones. I have downloaded everything they have on the Android side of things, and everything except the Windows ROM on the Windows side.
While I was messing around with my device, I did brick it. But I was able to get an SD-card with a Windows bootable "USB" install on it, and went through the installation process on my external keyboard. Then from there was able to install the drivers and restore the Windows version with everything working after a bit of time. I don't know how different this would be if you don't mind getting rid of the Android bootloader totally, but that's not really recommended.
What we'd need for getting Android alongside the Windows version is a way to get a working Fastboot/ADB connection.
For the Android version getting Windows alongside it, you need a way to get the Android bootloader to point to and recognise the Windows installation. However, this is almost impossible unless you have a custom ROM, which we do not have that supports the Yoga Book. You could probably delete Android totally, and then install Windows from there, but I'm not 100% sure because I haven't messed around with the Android version of the tablet.
We'd need a way to get the Android BIOS and Fastboot off of it so we can then use it to our advantage.
nan0s7 said:
I have downloaded everything they have on the Android side of things, and everything except the Windows ROM on the Windows side.
Click to expand...
Click to collapse
that's good to know...
nan0s7 said:
You could probably delete Android totally, and then install Windows from there, but I'm not 100% sure because I haven't messed around with the Android version of the tablet.
Click to expand...
Click to collapse
this is exactly what i want to do and where i need your help
imo this will help us https://forum.xda-developers.com/showpost.php?p=70540959&postcount=7
woodirk said:
what about this ? (see attachement)
Click to expand...
Click to collapse
That probably flashes a valid Serial Number into the Bios...
DPI settings
I believe default DPI may actually be 280 - there's a Lenovo forum thread recommending setting it to 240 which I have found reduces the size of icons etc. so 224 does not seem right
melando said:
I believe default DPI may actually be 280 - there's a Lenovo forum thread recommending setting it to 240 which I have found reduces the size of icons etc. so 224 does not seem right
Click to expand...
Click to collapse
Thanks for the information! I've added a bit to the DPI section about the other values.
nan0s7 said:
Thanks for the information! I've added a bit to the DPI section about the other values.
Click to expand...
Click to collapse
However now that the Nougat update is out some adjustments can be made in Display Settings...
melando said:
However now that the Nougat update is out some adjustments can be made in Display Settings...
Click to expand...
Click to collapse
Oh yeah forgot that happened (I'm on the Windows version). Fixed it now!
Picked up a Moto G8 Power off Ebay and I havent touched an Android since I flashed a HTC Desire with Cyanogen Mod years ago.
Product/Variant: sofair XT2041-3 64GB PVT
?BootLoader? BL:MBM-3.0-sofiar-reteu-0f8934adaf8-210928
BaseBand: M6125_43.45.03.48R Sofia_rowdsds_cust
Recovery mode shows: RPES31.Q4U-47-35-9/54bc43
oem_locked
Spent all of today going around in circles.
Google Locked = it wants a pin to verify. Ebay ad stated it was google locked house clearance and not stolen. Nothing shows up in CheckAmend.com
On an offline PC
Android Studio installed - strangely ADB nowhere to be found.
ADB installed separately.
Got Magisk apk
Got from lolinet mirrors
XT2041-3_SOFIAR_RETEU_11_RPES31.Q4U-47-35-9_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml
blankflash_sofiar_RPE31.Q4U-47-35
From Motorola
Motorola_Mobile_Drivers_64bit
Rescue_and_Smart_Assistant_v6.3.2.12_setup - This will not install and I find this error in the Windows eventlog
MDM Declared Configuration: Function (checkNewInstanceData) operation (Read isNewInstanceData) failed with (The parameter is incorrect.)
Motorola support cant help until monday, but it might be a ASLR or some other MS security thing.
TWRP is missing the Motorola G8 on their website, G7 and G9 and others exist, so this is not an option.
Followed some of those youtube videos showing how to bypass the FRP, which appear to use a variety of tricks to either disable the Google Play Service or use an app to launch another app, a bit like getting the 2nd dial tone by calling a business freephone number, and hacking their phone system to get an onward outbound dial tone in the 80's.. Showing my age!
Before I put the device online using wifi and no sim for mobile data, I could get access to the Androids settings, where I could list apps, set permissions and other things so I'd tried to disable the play store, but these tricks wouldnt work. Put it online and it appears Android has been updated so those previous tricks for getting all the apps listed and makiing changes to their permission etc is no longer there. One of them was using the emergency phone, getting to the contact detail and then choosing a pic to gain access to other apps and that also stopped working and has disappeared which is why I say I think its been updated in all but version number!
I can access a fat32 sd card in recovery mode, but the apk files I put on it dont show, just the folders Android created on blank Fat32 partitions.
USB and ADB dont detect this device so I cant use the Wireshark USB to watch what is going over the USB connection.
AFAIK Android DeveloperMode/Debugging Mode is disabled.
I havent touched an android since the HTC Desires appeared and then I ported it Cyanogen Mod, but I subsequently learnt the UK Police had access to my phone even back then!
Not taking it apart to get access to the JTAG (just yet), I bought a few broke Pixel4A to see what I could learn about them when they arrive as well.
I see in fastboot, the mention of a "console [NULL]:null" is this the fastboot.exe alongside adb.exe in android tools, or something else?
So is there any other way or suggestion to get root for this device?
I fancied looking at LineageOS, or maybe some other OS like an unofficial port of GrapheneOS. I've found the device tree info put up by someone on here which would suggest its possible to port from Android 10Q to an Android11 distro/os, but my first hurdle is my stumbling block, I cant get the USB to work and have not found any other way to get beyond this stage to poke around with the OS and phone.
So any pointers, suggestions, advice, will be much appreciated!
TIA
Edit. It looks like Android/Google/Motorola have done a good job at locking down this OS and phone.
Edit2
Saw this thread here about making sure the Motorola drivers are installed properly.
[HELP] I seem to have bricked my Moto G Power and not it's stuck on bootloader.
This is what it looks like, and if I try to boot into recovery or system it just says "no operating OS found." Windows won't recognize it when trying to connect via USB. Any way to fix this? Help would be greatly appreciated.
forum.xda-developers.com
On Win10x64 I've been into c:\windows\system32\DriverStore\FileRepository, sorted the subfolders by todays date/time and can see a number of subfolders like
motoandroid.inf_amd64_dd80f24dcfb3dc931
motoandroid2.inf_...
motodrv.inf_....
motousbnet.inf....
and when inspecting one of the .inf files in notepad I can see there appears to be a service linked to the driver, but when I check the services, there isnt any services installed.
So I'm starting to think maybe Motorola's installation software doesnt work on windows with the default windows security settings, like exploit protection running.
More investigations...
Edit4
In the Control Panel (yes its still there in Win10), Device Manager, Other Devices are a couple of entries which the latest attempt to install the Motorola USB x64 msi installer created.
These are:
Mot Composite ADB Interface
Motorola ADB Interface
In c:\Windows\system32\drivers are a couple of 0KB wdf files (Windows Driver Foundation) files:
Msft_Kernel_WinUSB_01009.Wdf
MSft_Kernel_motoandroid_01009.wdf
Msft_User_WpdFs_01_11_00.wdf
So when looking at the c:\windows\system32\DriverStore\FileRepository I think the driver that needs to be installed can be found in the subfolder:
motoandroid.inf_amd64_dd80f24dcfb3dc931
However opening the motoandroid.inf file inside I can see lines like
DriverVer=03/25/2013, 1.3.0.0
As this folder was created about 30mins+ earlier, am I correct to believe the actual motorola driver was created back in 25th March 2013 and is version 1.3?
I know its possible to edit inf files to make drivers W2k and XP drivers work on later versions of windows, but the motorola website has the version number 6.4 but is this 6.4 the version number of the installation program?
Anyway scrolling further down the motoandroid.inf I can see towards the bottom instructions to install a service
"Mot ADB Interface Installation Driver" and it needs to find the actual driver in %root%\System32\Drivers\motoandroid.sys
Various paramaters, like a transfer size 4096bytes, a debug level of 2 and plenty of guids which will be found in the registry.
Anyway uninstalling the software as now removed these subfolders from the DriverStore\FileRepository, so a reboot and another attempt to see where its failing.
I just hope it doesnt need an internet connection, as this offline pc is a dev machine.
Onwards and upwards....
Edit 5
So the Windows 10 setting which prevents the Lenevo Rescue and Smart assist from installing is the Windows App and Browser Control > Exploit Protection > Force randomisation for images (Mandatory ASLR) when its on.
You can have every other windows setting on, like ransomware protection, normal ASLR, DEP etc etc and LMSA installs fine, right now its downloading an image to flash from FastBoot, but its not got the Developer mode/USB debug enable in android to make this possible.
Now lets see if I can get the Motorola USB drivers to work with ADB...
Got to say these forums are excellent cheap intelligence gathering tools for manufacturers and software companies to harden their products.
So tried lots and lots of these types of YouTube videos which are exploiting an SE Linux "vulnerabilities/design flaw" by getting access to enough of the system in order to disable/force stop certain apps in order to get past FRP block.
Some of these are less than a month old with less than 100 views, but I also suspect some of them of doing a bit of camera editing. I guess its a way of bunking up the number of views for a youtube account, before it gets rebranded, if thats even possible!?!
Now I managed to get the Lenovo Rescue and Smart Assist program to work, once I realised it will not install when Windows Exploit protection/Mandatory ASLR is enabled (which is a give away as to what the installer is doing on my system as well), and the give away information which suggests it might be worth downloading wireshark and installing the USB "packet" sniffer is the fact that when LMSA is running and you plug your usb cable into the Motorola phone, the phone displays the battery power as a xx% inside a swirling circle of sorts.
So there is some sort of USB communication taking place?
The other thing that gives it away is when you type in your IMEI number into the LMSA Rescue section, its detecting the version of firmware and wants to download the latest version.
LMSA did this to me last night as it downloaded
SOFIAR_RETEU_RPES31.Q4U_47_35_12_subsidy_DEFAULT__regulatory_DEFAULT_CFC.XML.zip
which I guess I can search for on this computer, or at least search for files on my windows hard drive created within a certain date/time frame, as the filename might be scrambled/obfuscated in some temp folder.
So is it just Firmware level communication, or is there some sort of Android communication taking place as well?
If its just firmware, then what could be elucidated/deduced from attacking the firmware? Perhaps its time to get the Wireshark USB sniffer out after all.
As I can also put an SD card into the phone (the start of a potential side channel attack) and the phone will load the SD card, I could explore different routes like some "malware" embedded using a picture to attach to the Emergency Contact details, maybe some PHP embedded in the pictures EXIF data or something that could trigger some other secondary app/process in Android into action.
It might pay for me to lookup the Google Android source if its open source, and look at the Android project source which is open source for any vulnerabilities. Anything mentioned in Github could give away clues
Configure on-device developer options | Android Studio | Android Developers
Learn how to configure system behaviors that help you profile and debug your app performance.
developer.android.com
So are there any issues listed here which doesn't just affect Android 13, but maybe earlier versions as well?
Google Issue Tracker
issuetracker.google.com
So lots of less obvious or not publicly mentioned intelligent sources of potential attack vectors in plain sight.
Seeing if I can alter the cpu clock speed and quantum could also help to introduce some instability, Linux has a wider range of cpu schedulers than windows, but this route tends to hang systems and I have to get enough access to this phone in order to change the route.
The recovery msg logs seen when selecting different bootloader options give away info, I think this is DMesg output of sorts. I'm not a linux programmer, just a boring old windows programmer.
I could explore what else could be loaded from the SD card, using the Bootloader menu options. I was surprised the APK packages dont appear in SD card in the "Recovery Mode > Apply updates from SD card" option. Maybe its not expecting a APK file extension? Mybe its expecting a different file of sorts like a .bin file or .img file. Is this where BlankFlash comes into play?
I have to admit, buying a second hand phone like this with FRB enabled off Ebay from a guy purporting to be in Salisbury home of Noivchok, is also a great way of spreading the latest and greatest malware to unsuspecting hackers and also to phish those who could potentially get around the FRB restriction with the minimum of effort. The UK civil service have their own internal postal system so has something been posted internally down the M5 motorway from Cheltenham, for some intelligence gathering or a cheap way of outsourcing some device cracking?
Oh well the silence is deafening.
So Motorola Support Centre have been in touch and stated:
I am really sorry to say that the kill switch feature, which is known as "Google Lock" is not bypassable by anyone other than the repair center.
So they are stating the Android Factory Reset Protection (FRP) can be bypassed which is another way of saying it can be undone, so the next challenge is finding out where on the device this flag or flags resides.
Is it something like the RaspberryPi One Time Programmable (OTP) switch's that may not be One Time Programmable but like the dip switches seen on the motherboards of early 8086/286/386/etc personal computers, or something else like a file on the main storage device with the rest of android.
I think the first thing to do is get Wireshark and the USB sniffer to see what information is being sent over the USB cable.
And as its possible to get the device online via wifi, it's probably a good idea to see what information is being sent over wifi, so using wireshark on a raspberrypi masquerading as an access point might be useful as well.
So the first thing to do is have a look at the Android documents
Android
Android has 74 repositories available. Follow their code on GitHub.
github.com
https://developer.android.com/reference/android/app/admin/FactoryResetProtectionPolicy
The factory reset protection policy determines which accounts can unlock a device that has gone through untrusted factory reset.
So it looks like Android are also stating the Factory Reset Protection can be undone. It seems a that a single user setup and a corporate setup exist, where a corporate account could be used to remotely wipe a device and then reenable the device, I guess if the user hands it back to the company.
https://developer.android.com/about/versions/marshmallow/android-6.0-changes API 23
EXTRA_PROVISIONING_RESET_PROTECTION_PARAMETERS is removed so NFC bump provisioning cannot programmatically unlock a factory reset protected device.
You can now use the EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE extra to pass data to the device owner app during NFC provisioning of the managed device.
Interestingly, NFC can be used to unlock FRP in earlier versions of Android. and its possible to use NFC to potentially configure and more other devices using NFC. As NFC is just a low power and thus low range frequency in the RFID range of frequencies alot of other things could be possible. NFC to me is just like any other form of communication method, beit a usb cable, telephone wire, wifi, ultrasonic sounds, or Infrared.
Radio-frequency identification - Wikipedia
en.wikipedia.org
NFCIP-1 and NFCIP-2
Near-field communication - Wikipedia
en.wikipedia.org
As NFC can communicate a request and response, and Android is using NFC to configure devices, using NFC may be a novel attack vector for peoples android devices, without them knowing about it unless they capture on a personal webcam everyone and every NFC device they come in to close contact with. Maybe using payment terminals could become a new attack vector at your favorite local retail outlet?
Well if Covid doesnt make people socially distanced, then maybe an NFC attack vector might if it works beyond the claimed 4cm operating range! Unfortunately this phone does not come with NFC, but others do.
I've got to find the source code....
Android (operating system) - Wikipedia
en.wikipedia.org
Most versions of Android are proprietary. The core components are taken from the Android Open Source Project (AOSP), which is free and open-source software (FOSS) primarily licensed under the Apache License.
Search results for "factory reset protection" | Android Open Source Project
source.android.com
The default implementation of Test Harness Mode uses the same storage mechanism as Factory Reset Protection to store the ADB keys temporarily in a persistent partition.
So it looks like I need to gain access to this "persistent partition" and try to find this ADB for starters.
Seems a bit sneeky of Google and Android here. https://source.android.com/docs/security/bulletin/2016-02-01
At the bottom of the Android webpage is a link to Factory Images of the Google Nexus and Pixel phones which jumps you to Google web page. No indication what so ever I'm leaving Android and going to Google!
Flashing devices | Android Open Source Project
source.android.com
To enable OEM unlocking on the device:
In Settings, tap About phone, then tap Build number seven times.
When you see the message You are now a developer!, tap the back button.
In Settings, tap System, then tap Developer options and enable OEM unlocking and USB debugging. (If OEM unlocking is disabled, connect to the internet so the device can check in at least once. If it remains disabled, your device might be SIM locked by your carrier and the bootloader can't be unlocked.)
Reboot into the bootloader and use fastboot to unlock it.
For newer devices (2015 and higher):
fastboot flashing unlock
For older devices (2014 and lower):
fastboot oem unlock
Tip: if you're seeing `adb devices` output before reboot but fastboot or the flash script are misbehaving, it might be issues with your USB cable. Try a different port and/or switching connectors. If you are using a USB C port on your computer try a USB A port instead.
Confirm the unlock onscreen.
Well the instructions I've seen only talk about the gaining access to settings and the doing 7 taps on the Build Number. Lets see if the rest of the instructions work.
Onwards and upwards....
Well sent the phone back the Ebay seller claiming to be a house clearance business wouldnt provide any paperwork to back up his claims of how he came to be in possession of the phone. So as I planned to do some computer forensics on it, like retrieve the files wiped by a Factory Reset, and the perverse interpretation of the law in this UK, I wasnt prepared to go any further with the phone. So its been sent back. The banks have already shown how untouchable they are, other big businesses are also in the same position and finding illegal stuff on a phone is not a risk I'm not prepared to take without paperwork.