Related
Just wondering, what do I have to keep my tab unencrypted once I am. I have unencrypted my tablet before but lost it after flashing new ROM. Do I need to factory reset every time I want to flash something new?
Sent from my Nexus 9 using XDA Free mobile app
Kazba1626 said:
Just wondering, what do I have to keep my tab unencrypted once I am. I have unencrypted my tablet before but lost it after flashing new ROM. Do I need to factory reset every time I want to flash something new?
Click to expand...
Click to collapse
No, you do not need to factory reset every time you want to flash.
You just need to not boot on a boot.img that forces encryption on, and not allow updates to perform a wipe.
So the problem is, if you install a factory OTA, assuming that it allows you to actually install it, then it installs a new force encrypt boot image, and auto-reboots when finished, which initiates a full device encryption.
Don't install OTA.
Obtain the fastboot installable images from google's nexus factory sysimages site.
Extract the archive.
Before you run "flash-all.sh" install script, MODIFY it to remove the "-w" from the final line. That switch causes the system to be WIPED upon completion.
Next, open the actual update archive referenced by that line, i.e. "image-volantis-??????.zip", and REMOVE the files "boot.img" (save this one in a different location), and "user.img" or "userdata.img".
Then run flash-all.sh.
When this completes, the device will be updated, but depending on what changes in the boot.img, it MAY NOT BE BOOTABLE.
At this point, make the appropriate modifications to the boot.img, then fastboot flash boot boot.img.
Depending on what method you use to disable the forced encryption, you may install the boot.img before modification and then boot appropriately to perform the modification (do not reboot normally -- reboot to custom recovery or similar).
Looking at the boot.img that came with the Lollipop update, I see that it starts with "ANDROID!" and the regular Android boot image header, instead of whatever was being used before.
Further, there is a file in the update called kk2lp_partition.tbl which seems to include GPT partitions for boot and recovery.
With this information it sounds like building and flashing custom recovery and kernel/OS should be easier than it has been.
I tried using "fastboot boot boot.img" but unfortunately that still doesn't work ("stubbed on this platform").
I just made a copy of boot.img and stripped the signature(? blob at the end that doesn't get counted in the ANDROID! header, so I'm assuming) and flashed it, supposedly successfully, and booted. Either it didn't actually flash or this now has the "developer" mode enabled by default.
I'll try more later. If somebody has a recovery to try, let me know.
EDIT: Also, if anyone has an idea where I could post the update.zip I'd be happy to upload it (It's 923MB).
EDIT2: For the record I pulled an adb bugreport during the OTA download and it downloaded from some cloudfront server with a Signature and an Expire flag and when I try to re-use the URL it gives me an error page.
To me sounds like your already unlocked your bootloader in 4.4.4 and this update didn't lock it back nor should it. Now if you didn't unlock your bootloader prior to updating to lollipop, flashing the boot.img should have left the tablet unbootable.
Just guess as I don't have the tablet, the tablet I do have once unlocking bootloader I can go up or down on the 3 OS available and none relock the bootloader.
A better test would be someone who hasn't unlocked their bootloader to flash modifed boot.img.
Did you make the boot.img unsecure? if not you should, that way you will know if your modified boot.img flashed or not, by booting up and looking at the file you edited.
I tried modifying the boot image and it lets me flash it but then it doesn't boot. I think maybe when I tried it the first time, since the signature (must be what it is) was at the end of the file it didn't get overwritten in storage, and the otherwise-unmodified boot.img verified against it. But when I added some extra junk on the cmdline, it dropped back to recovery when I tried to boot. Reflashing the original boot.img gets me booting again.
So we'll have to wait for the dev. edition firmware again to get this thing running unsecured images in Lollipop.
Its probably the same format as the nexus player with the bootstub at the end of the image maybe you could upload?
Does any one have the ota so I can patch the stock firmware to investigate rooting it?
social-design-concepts said:
Its probably the same format as the nexus player with the bootstub at the end of the image maybe you could upload?
Does any one have the ota so I can patch the stock firmware to investigate rooting it?
Click to expand...
Click to collapse
@xBIGREDDx appears to have it, I am thinking this is like samsung's boot.img use unpackbootimg to unpack.
vampirefo said:
@xBIGREDDx appears to have it, I am thinking this is like samsung's boot.img use unpackbootimg to unpack.
Click to expand...
Click to collapse
If its not full uefi it should still be using the bootstub like the nexus player but they could of added a separate bootloader like Sammy does with sboot on their Intel tab but nexus player formatted image would make more sense to me would still start with the android header what I fear killed root is the commit added that doesn't run console as root user. But have to see the image
xBIGREDDx said:
Looking at the boot.img that came with the Lollipop update, I see that it starts with "ANDROID!" and the regular Android boot image header, instead of whatever was being used before.
Further, there is a file in the update called kk2lp_partition.tbl which seems to include GPT partitions for boot and recovery.
With this information it sounds like building and flashing custom recovery and kernel/OS should be easier than it has been.
I tried using "fastboot boot boot.img" but unfortunately that still doesn't work ("stubbed on this platform").
I just made a copy of boot.img and stripped the signature(? blob at the end that doesn't get counted in the ANDROID! header, so I'm assuming) and flashed it, supposedly successfully, and booted. Either it didn't actually flash or this now has the "developer" mode enabled by default.
I'll try more later. If somebody has a recovery to try, let me know.
EDIT: Also, if anyone has an idea where I could post the update.zip I'd be happy to upload it (It's 923MB).
EDIT2: For the record I pulled an adb bugreport during the OTA download and it downloaded from some cloudfront server with a Signature and an Expire flag and when I try to re-use the URL it gives me an error page.
Click to expand...
Click to collapse
hey,I just made a big mistake. that i didn't read this before i update my dell 7840.
So, here is the problem, and I really need your guys' help.
I can't enter recovery!!!!! every time there is just one f***ing intel icon..
Somebody save me !!!
social-design-concepts said:
If its not full uefi it should still be using the bootstub like the nexus player but they could of added a separate bootloader like Sammy does with sboot on their Intel tab but nexus player formatted image would make more sense to me would still start with the android header what I fear killed root is the commit added that doesn't run console as root user. But have to see the image
Click to expand...
Click to collapse
Ok looked at boot.img Samsung style ie use unpackbootimg to unpack boot.img, boot has own partition like Samsung and this new elite 7QS walmart $50 tablet I just got.
Looking at recovery.fstab all parts have it's own partition.
#size_hint=16
/dev/block/by-name/boot /boot emmc None length=0
#size_hint=16
/dev/block/by-name/recovery /recovery emmc None length=0
#size_hint=16
/dev/block/by-name/fastboot /fastboot emmc None length=0
new thing to me is verity_key
it's in both boot.img and droidboot.img
looks like simple unpack repack to me, for root and recovery.
vampirefo said:
Ok looked at boot.img Samsung style ie use unpackbootimg to unpack boot.img, boot has own partition like Samsung and this new elite 7QS walmart $50 tablet I just got.
Looking at recovery.fstab all parts have it's own partition.
#size_hint=16
/dev/block/by-name/boot /boot emmc None length=0
#size_hint=16
/dev/block/by-name/recovery /recovery emmc None length=0
#size_hint=16
/dev/block/by-name/fastboot /fastboot emmc None length=0
new thing to me is verity_key
it's in both boot.img and droidboot.img
looks like simple unpack repack to me, for root and recovery.
Click to expand...
Click to collapse
verity_key might have to do with verified boot another Intel commit relates to 3 boot modes secure boot insecure boot and verified boot.
There is another Intel commit relating to partlink and mapping the those images to block by name
it be interesting to see if those are physical block devices or virtual ones using the mapping once the device is rooted.
Playing with the kid havnt had time to play with electronics today yet.
Looked at the partition table awesome stuff there can't wait to play now
this is of great interest: flash_osiptogpt_partition("/tmp/kk2lp_partition.tbl") || abort("OSIP to GPT partitionning failed");;
haven't inspected but this is probably the boot loader package_extract_file("sl_vmm.bin", "/tmp/sl_vmm.bin");
social-design-concepts said:
verity_key might have to do with verified boot another Intel commit relates to 3 boot modes secure boot insecure boot and verified boot.
There is another Intel commit relating to partlink and mapping the those images to block by name
it be interesting to see if those are physical block devices or virtual ones using the mapping once the device is rooted.
Playing with the kid havnt had time to play with electronics today yet.
Looked at the partition table awesome stuff there can't wait to play now
this is of great interest: flash_osiptogpt_partition("/tmp/kk2lp_partition.tbl") || abort("OSIP to GPT partitionning failed");;
haven't inspected but this is probably the boot loader package_extract_file("sl_vmm.bin", "/tmp/sl_vmm.bin");
Click to expand...
Click to collapse
I just got time to unpack system, real large system over 2GB image, 1.6GB used, droidboot contains trigger 3, (stop_partitioning) has other possibilities also does not contain unlock for (fastboot oem unlock), would have been to easy, lol.
pojoker said:
hey,I just made a big mistake. that i didn't read this before i update my dell 7840.
So, here is the problem, and I really need your guys' help.
I can't enter recovery!!!!! every time there is just one f***ing intel icon..
Somebody save me !!!
Click to expand...
Click to collapse
You will need xfstk-downloader and also the firmware files which are part of the OTA update.zip.
Looks like anggusss uploaded the OTA here.
Inside the update.zip, there is a zip file called "ifwi.zip" and in there you take "dnx_fwr_blackburn_qs_qs.bin" and "ifwi_qs.bin" and flash with the downloader tool.
I just looked at the images they are as I suspected the same format as the nexus player with the bootstub at the end of the image followed by an Intel not sure which version signature $MOSS follows but it is a signed image
sl_vmm.bin ? So Intel / Dell is running Android 5.x.x through a virtual machine on this device?
vampirefo said:
That's good, is bootloader still locked on 7840?
Click to expand...
Click to collapse
Just pm'd you @vampirefo , I got something i really need you to look at before i share it. . . . . .
social-design-concepts said:
Just pm'd you @vampirefo , I got something i really need you to look at before i share it. . . . . .
Click to expand...
Click to collapse
Any chance you'd mind sending that something my way?
@xBIGREDDx these link cover the new image format used :
http://events.linuxfoundation.org/sites/events/files/slides/ABS Lollipop MR1 Verified Boot.pdf
the pdf is directly link from this article : https://lwn.net/Articles/638627/
it's a good read
this is the part i was asking @vampirefo about
Bootloader Lock States
• A verified boot capable loader has 3 different security states • Locked, Verified, Unlocked
• State transitions done via Fastboot commands
• Any state transition should erase all user data • Defense against attackers with physical access to the device, so that they cannot flash a hacked boot image and
access userdata contents
• /data partition zeroed out; on next boot, fs_mgr will see this and initiate reboot into Recovery to create a
filesystem
• Any state transition should require the user to physically confirm with the device’s buttons that the
state transition is actually desired • Defense against malware which could otherwise surreptitiously issue ADB and Fastboot commands to unlock the
device without user’s knowledge
• Setting device to “unlocked” state requires option change in Settings app Developer Options • Not enabled by default, user with proximate access must get past the lock screen to change this
• More details later under Persistent Data Block slides
• Specific commands may vary across implementations • In Kernelflinger: “fastboot oem {lock|unlock|verified}
Bootloader States (Continued)
• “Locked” state • Devices ship to the end user in this state
• No images may be flashed or erased with Fastboot
• Boot/Recovery images verified by the bootloader using enrolled keystore
• “Verified” state • A subset of targets/partitions may be flashed or erased with Fastboot • bootloader, boot, system, oem, vendor, recovery, cache, userdata
• Boot/Recovery images verified by the bootloader using enrolled keystore
• Good state for running user-built Android images or third-party images like Cyanogenmod • Device is still secure, may have to deal with a prompt at boot if keystore isn’t signed by OEM
• “Unlocked” state • Device may not be unlocked if flag in Persistent Data Block is not set via Settings app
• All Fastboot commands available
• User keystore may be enrolled or erased • Erasing keystore causes loader to fall back to OEM Keystore for image verification
• “fastboot flash keystore <path to keystore binary>” or “fastboot erase keystore”
• Unlocked devices do not verify boot or recovery images
• User may be warned at boot that the device is unlocked and requires physical interaction to proceed
Persistent Data Block (PDB)
• Implemented as a small “persistent” partition in the fstab • Raw data, does not contain a filesystem
• The very last byte in the partition stores whether unlocking is enabled • Must contain value 0x01 or unlocking is forbidden
• Not all methods of doing a Master Clear are the same • A Master Clear initiated by the Settings app will zero the persistent partition along with user data • Considered trusted as user would have to get past lock screen to do this
• Erasing userdata from Recovery Console or Fastboot in “verified” state does not allow this
• Relevant code • frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
• packages/apps/Settings/src/com/android/settings/MasterClearConfirm.java
• packages/apps/Settings/src/com/android/settings/Utils.java
• Devices with Google Mobile Services store additional user data in the PDB • Untrusted resets will require Google account sign-in of an account that has been already used by the device,
before the device can be used again
• Discourages thieves
• All bets are off if the device can be rooted
what we can't tell is if this is the lock state for the anti-theft feature or the bootloader ?
Ah, yeah, Google has a page up about that as well:
https://source.android.com/devices/tech/security/verifiedboot/verified-boot.html
Looks like the boot flow is a little bit different from what the Intel paper describes; I'm guessing one is a newer revision of the spec than the other.
Hi all. After spending a couple of days reading abd understanding aboot, boot and kernel operations, I'm now curious about if there can be a boot time console before the kernel is loaded into memory i.e. if there can be a process that somehow will enable us to fork in between the aboot and the boot, and wait for user interaction to load the user specified boot, and then will hand over the execution to the specified boot. Can it be possible anyhow?
Aboot is checked by SBL at boot.
Looking for the same for a phone with bricked eMMC.
https://forum.xda-developers.com/android/help/how-to-boot-sd-card-qmobile-z8-bricked-t3712171
Found any solution?
Please remove this thread, its misleading as hell
Yes, very possible....
The old bootloader for dual booting a PS3 offered just the thing.
It's android equivalent would be a kernel with exec & a modified recovery that provides a transparent command line instead of using scripts.
Take a look at jollaman's dual boot recovery & aroma installer for the nexus 5x.
Good place to start for a pure android solution.
Otherwise, there are versions of u-boot that run on certain phones, or grub2 alternatively.
Aboot & sbl gotta get gutted though.
Hello Guys I am new to the community and I'm willing to learn more about phones.
My question is where is the bootloader's code stored?It cant be stored into the /boot partition as according to this the bootloader either starts the kernel, which then starts android, or the recovery mode. Inside the /boot there is only the kernel and the RAMDISK according to this. Is it inside a chipset on the motherboard? In order to be able to be unlocked the code must be editable. It cant be stored inside the /boot because sometimes you need to delete that partition in order to install custom ROM. You dont install a different bootloader....
My second question is where is the recovery mode stored? I 'm sure it is stored inside the phone's hard drive but I couldnt find any partition with that name.
Ok. I have a thrid question now. Theoritically, are we able to flash a custom ROM without unlocking the bootloader? Probably we could but due to the bootloader we won't be able to access it. Am i right? Same rules apply for custom recovery too(correct me if I'm wrong).
@PinkNinja
It depends on both whether Android is a A/B partition slots system or not and on Android version.
BTW: The XDA-thread you cited is a 1:1 copy of an article published in 2011. Today is the year 2020. Things since Android 7 have drastically changed.
What the guy above said, on a only you have a recovery partition and a bootloader stored on boot when on a/b you have both bootloader and recovery on boot partition.
On the last question, no, you cant flash custom rom with bl locked. In order to flash custom rom you need custom recovery and you can't install/boot it without unlocking bootloader because when bootloader is locked you can only flash/boot images signed by oem, that's thw whole point of bl blocking
If you are curious about your partitions you can fastboot oem partition and there you have most info, as well as in the android websitee, it's everything explained https://source.android.com/
I have this device rooted with magisk BUT cant find way to properly port a qualcomm twrp from similar devices i just need help to get started with custom recovery if i can get one to boot i might be able to fiqure out the rest if any "Bugs" are found thru out the custom recovery. any help would be appericated.
below is a stock image of recovery and boot if needed
both images were from a " .Tar " file. I then extracted the file and got the recovery and boot in " .img.lz4 " format and then i converted them to " .img " only for easy access to edit ETC.
Android Version : 10
Current Firmware Version : A115MUBU1ATC2
Chipset : msm8953
Encryption State : encrypted
#System as Root
Uses an A/B operating System
https://drive.google.com/drive/folders/1mYYqvNgAXAxmiBH8ZDmbnoKMma4CUR12?usp=sharing
Why not compile a matching TWRP by yourself?
Look inside here.
@ jwoegerbauer i can give a try but have no experiences when it comes to makin a custom recovery.
ᐯerified Developer said:
I have this device rooted with magisk BUT cant find way to properly port a qualcomm twrp from similar devices i just need help to get started with custom recovery if i can get one to boot i might be able to fiqure out the rest if any "Bugs" are found thru out the custom recovery. any help would be appericated.
below is a stock image of recovery and boot if needed
both images were from a " .Tar " file. I then extracted the file and got the recovery and boot in " .img.lz4 " format and then i converted them to " .img " only for easy access to edit ETC.
Android Version : 10
Current Firmware Version : A115MUBU1ATC2
Chipset : msm8953
Encryption State : encrypted
#System as Root
Uses an A/B operating System
https://drive.google.com/drive/folders/1mYYqvNgAXAxmiBH8ZDmbnoKMma4CUR12?usp=sharing
Click to expand...
Click to collapse
Yea, im also looking for a way to get some sort of custom recovery on the exact same device. My advice is (if you cant build your own version of twrp) to just wait for some devs to release something for it. The galaxy a11 is a very new device so we'll just have to wait it out.
Edit: So I followed a tutorial here (https://www.youtube.com/watch?time_continue=40&v=MyxGZbCuxDQ&feature=emb_logo) and i created this (https://filebin.net/u3yww2cyajktm043). IT MAY OR MAY NOT WORK!!! USE IT AT YOUR OWN RISK!!!!
what model number is yours? i have the one from boost its the sm-a115u and it seems the toggle for oem unlock is not in my dev settings on my phone
ninjakira said:
what model number is yours? i have the one from boost its the sm-a115u and it seems the toggle for oem unlock is not in my dev settings on my phone
Click to expand...
Click to collapse
You can put the device into download mode and unlock the bootloader from there...
I'm currently stuck on this device trying to get it to unlock the boot loader. I've ticked OEM unlock but when I get into download mode (adb reboot download) I'm not getting any option to unlock the boot loader there. I'm also not able to get into download mode with any key commands. Any ideas here?
I've heard you power off, then hold volume up and down when you plug in a data cable. Haven't tried it yet, I'm on the a115u t-mobile variant. I can get to what it calls download mode, which looks to be fastboot and NOT the standard samsung blue screen download mode. Just boot to recovery and select reboot to bootloader. I do not have oem unlock in my dev settings, but I'll see if I can fastboot oem unlock when I get back to my laptop.
flash sm-a115u1 version firmware first. gives you oem unlock option. obviously toggle on and adb debugging. power off the phone. hold both volume buttons and insert usb cable. it will look like the normal blue download warning screen but read it carefully. it says long press volume up to unlock bootloader. it works. it will go black. release volume up and next it will ask you to confirm. choose yes. it will reboot and erase. after skipping thru set up enable dev options again and you will see oem toggle greyed out with a caption "bootloader already unlocked". thats as far as ive gotten. because now im like "what now?" i need a custom recovery file to flash to the device. any help with that out there? so now that the bootloader is unlocked can i install magisk to root and if so after that how can i network unlock? any help would be greatly appreciated. also looking for any custom roms that are available for this a11(2020). seems like a decent phone.thanks.
Situation:
You can build your TWRP it's very easy. Or get compiled version from A10 and patch your system.
As result you'll get a bootloop.
Why?
Samsung had f****d you up and give you a SECURE BOOT that's not possible to remove by bootloader unlock. If you're install wrong signed recovery loader will said to you:
1st something is going wrong and signatures are mismatched, lete wipe your phone!
Ok. You jad solved that and not wiped your phone.
2nd hmm, signatures still mismatched I'll not boot and go in ***!
Result:
Untill someone will not break this Qualcomm Secure Boot you'll not able to install custom OS or TWRP or any other good stuff.
Is there any updates that can be flashed with stock recovery
griha41 said:
Situation:
You can build your TWRP it's very easy. Or get compiled version from A10 and patch your system.
As result you'll get a bootloop.
Why?
Samsung had f****d you up and give you a SECURE BOOT that's not possible to remove by bootloader unlock. If you're install wrong signed recovery loader will said to you:
1st something is going wrong and signatures are mismatched, lete wipe your phone!
Ok. You jad solved that and not wiped your phone.
2nd hmm, signatures still mismatched I'll not boot and go in ***!
Result:
Untill someone will not break this Qualcomm Secure Boot you'll not able to install custom OS or TWRP or any other good stuff.
Click to expand...
Click to collapse
my a115u is stuck on load screen ,,after flash root trying to get bit un stuck ?????
ugg frustrating
sdell said:
my a115u is stuck on load screen ,,after flash root trying to get bit un stuck ?????
ugg frustrating
Click to expand...
Click to collapse
What's a point? Unpack firmware's AP_ file, extract boot.img, patch it through magisk, and flash through odin. But where in that thread header did you found the install root?
I want to remind you that recovery is bot a root part. That's why root thread and TWRP threads are separated.
griha41 said:
What's a point? Unpack firmware's AP_ file, extract boot.img, patch it through magisk, and flash through odin. But where in that thread header did you found the install root?
I want to remind you that recovery is bot a root part. That's why root thread and TWRP threads are separated.
Click to expand...
Click to collapse
cause i was new ..lol didnt know ..and still trying to understand it all but thqnk you for reply
sdell said:
cause i was new ..lol didnt know ..and still trying to understand it all but thqnk you for reply
Click to expand...
Click to collapse
Ahh I see. Sorry then.
You shall do that way. Find current fiware for your device, download it through fine software.
A result you will get 5 files with .zip extension.
You need to unpack file with AP_ prefix, i suggest you to use 7zip for that stuff. From file you need took off the boot.img.
Then boot.img you shall pack into archive.tar,
When you've done, down load the Magisk apk from github and install on your phone. Move your jew archive to phone memory/diwnload folder and start the Magisk, make patching of kenel, as result you'll receive the magisk_patched.tar, copy that file to your pc and start the Odin, place that archive in AP slot and flash it.
PROFIT!
But I want to warn you in android 10 and up there root and kernel system are different, now system is booting from super.img, and partition /,/system and etc are RO, so through the root you'll not able to change anything in system it would be wiped on next system restart.