Stock Pixel/PixelXL Kernel + SafetyNet Patch
Current version: android-msm-marlin-3.18-nougat-mr1
Suitable for build: NMF26U
Security patch level: January 5, 2017
I compiled the stock kernel for the Pixel/PixelXL (they both use the same kernel) and applied the SafetyNet patch by sultanxda. The kernel name says marlin, but this also works on sailfish. Google just created one kernel that works on both sailfish (Pixel) and marlin (Pixel XL) devices.
I posted this over in the Pixel thread (as I have the regular Pixel), but thought I'd share it over here as well.
Use case for this kernel:
- If you want to stay completely stock, but have an unlocked bootloader, the SafetyNet is tripped which disables features such as Android Pay.
- This kernel is completely stock except for the addition of a patch that removes the SafetyNet check.
- If you do not have an unlocked bootloader there is no need to use this kernel. It's exactly the same as the kernel included in the stock builds, except with the addition of the SafetyNet patch.
Installation:
- Download attached .zip and unzip into a folder
- Reboot device into bootloader (power down device, then Power + Volume down)
- Connect device to computer
- Verify connection by typing 'fastboot devices'. Your device should show up (check serial number)
- Enter command: fastboot flash kernel <kernel_image>
- Once flashing is complete, enter command: fastboot reboot
- Disconnect device and wait for reboot sequence to complete.
- You now have a stock Pixel with an unlocked bootloader that can use Android Pay
**WARNING**
If flashing this kernel for whatever reason ruins your device, please don't hold me accountable. Use this at your own risk!
And otherwise, I'm not a professional developer, just a hobbyist. Please don't ask me for a ton of help, I only created this kernel because I want to run completely stock, but still use Android Pay while having an unlocked bootloader in case I ever decide to root my device in the future (am running a Verizon Pixel). I will try to maintain this kernel with each new release until I lose interest
Downloads:
NMF26U
All versions
Not sure why no ones replied here yet! - it's no use to me but thank you very much
Just downloaded and tried to install using fastboot but my device is stuck in a bootloop My bootloader is unlocked and I had previously rooted using twrp but I was using the stock recovery. I was on version NMF26O. I'm going to try re-rooting again and see if that fixes it.
I don't know how this will interact with rooted devices. I'm personally not rooted and I don't have any issues with this kernel. Try being fully stock first before flashing this.
Sakete said:
I don't know how this will interact with rooted devices. I'm personally not rooted and I don't have any issues with this kernel. Try being fully stock first before flashing this.
Click to expand...
Click to collapse
I might try out a few things later and try different versions of root and post if anything works Thanks mate
THANK YOU! I've been looking for a completely stock kernel that would let me use Android Pay with an unlocked bootloader! Any plans to do this for other Nexus phones, like the 5X?
iissmart said:
THANK YOU! I've been looking for a completely stock kernel that would let me use Android Pay with an unlocked bootloader! Any plans to do this for other Nexus phones, like the 5X?
Click to expand...
Click to collapse
I'll only do it for the Pixel as that's the only phone I have. It's not super difficult to do this yourself though, if you're somewhat technical it's pretty straightforward to do.
I have TWRP updated, newest build F260 and followed the steps but still unable to use Android Pay. Says it cant verify the device or software.
EDIT:Im dumb didn't read that it wasn't compatible with root.. just unlocked bootloader.
ghostENVY said:
I have TWRP updated, newest build F260 and followed the steps but still unable to use Android Pay. Says it cant verify the device or software.
EDIT:Im dumb didn't read that it wasn't compatible with root.. just unlocked bootloader.
Click to expand...
Click to collapse
Yeah, if you're rooted, Android Pay will not work. There is a workaround however. You can add cards to Android Pay before you're rooted. If you root after that, Android Pay should work with the cards you've added. You just won't be able to add new cards.
Thanks for the kernel, just want to ask one question:
I have unlocked bootloader + systemless root, when I power up my phone, there is a yellow warning on the boot screen, if I use this patched kernel, will the yellow waning be gone as well ?
churchmice said:
Thanks for the kernel, just want to ask one question:
I have unlocked bootloader + systemless root, when I power up my phone, there is a yellow warning on the boot screen, if I use this patched kernel, will the yellow waning be gone as well ?
Click to expand...
Click to collapse
You mean the orange warning? That's because unlocked bootloader. Only with locked bootloader the warning disappears.
Tylog said:
You mean the orange warning? That's because unlocked bootloader. Only with locked bootloader the warning disappears.
Click to expand...
Click to collapse
I see, thanks for your explanation. AP is actually not available in my country ( China ), what a pity.
Sakete said:
Yeah, if you're rooted, Android Pay will not work. There is a workaround however. You can add cards to Android Pay before you're rooted. If you root after that, Android Pay should work with the cards you've added. You just won't be able to add new cards.
Click to expand...
Click to collapse
Holy **** thanks for the advice I went ahead and unistalled SuperSU and I added my cards! Thanks!
EDIT: I went to my local McDonalds and tried to pay it said "it couldn't authenticate the device" after adding my cards. This is with root just fyi maybe systemless root will have success.
anybody managed to get AP working with root?
nbhadusia said:
anybody managed to get AP working with root?
Click to expand...
Click to collapse
Not going to happen! Maybe when/if Xposed comes out but until then I don't imagine so
Sent from my Google Pixel XL using XDA Labs
DaveHTC200 said:
Not going to happen! Maybe when/if Xposed comes out but until then I don't imagine so
Sent from my Google Pixel XL using XDA Labs
Click to expand...
Click to collapse
I believe a clue of posts up in this thread, someone posted that if you add the cards before you root, Android pay will work for those cards.
Sent from my Pixel using XDA-Developers mobile app
Protibus said:
I believe a clue of posts up in this thread, someone posted that if you add the cards before you root, Android pay will work for those cards.
Sent from my Pixel using XDA-Developers mobile app
Click to expand...
Click to collapse
Correct, try adding cards before rooting. Once cards are added, root your phone and Android Pay should still work for making payments, you just can't add new cards to it (you'll have to unroot first for that).
ghostENVY said:
EDIT: I went to my local McDonalds and tried to pay it said "it couldn't authenticate the device" after adding my cards. This is with root just fyi maybe systemless root will have success.
Click to expand...
Click to collapse
Oh weird, maybe it doesn't work then? Or it could be another issue. I got this idea from someone else who said it works for him. I myself am not rooted so can't verify otherwise.
Hello, will this still get OTA's and install them / or be able to sideload them???
Related
Stock Pixel/Pixel XL Kernel + SafetyNet Patch
Current version: android-9.0.0_r0.111
Suitable for build(s): August 2019
Suitable for devices(s): Pixel XL (marlin) | Pixel (sailfish)
I compiled the stock kernel for the Pixel/Pixel XL and applied the SafetyNet patch by sultanxda. The kernel name says marlin, but this also works on sailfish. Google just created one kernel that works on both sailfish (Pixel) and marlin (Pixel XL) devices.
Use case for this kernel:
- If you want to stay completely stock, but have an unlocked bootloader, the SafetyNet is tripped which disables features such as Android Pay and Netflix.
- This kernel is completely stock except for the addition of a patch that removes the SafetyNet check.
- This kernel is only for the builds listed above!!!! This will not work on any prior build.
- All stock features will work with this kernel (since it's just the stock kernel + patch).
- If you do not have an unlocked bootloader there is no need to use this kernel. It's exactly the same as the stock kernel, except with the addition of the SafetyNet patch.
- This will not prevent SafetyNet from tripping for other reasons, like rooting.
- This will not remove the "device corrupted" warning when the phone is turned on or rebooted.
Installation:
- Be prepared with backups or the factory image from Google in case you do something wrong
- Extract kernel from zip file
- Test with command: fastboot boot <filename>
- Flash with command: fastboot flash kernel <filename>
**WARNING**
If flashing this kernel for whatever reason ruins your device, I am not accountable. Use this at your own risk!
The current version will always be attached to this post. Older versions can be found HERE.
(shamelessly copied from Sakete's kernel for the Pixel/Pixel XL, which is no longer being maintained. Thanks for the inspiration, Sakete!)
Wow. I literally just compiled the patched kernel myself just now. What a ninja! While I'll be running my own, thanks for posting this so I didn't have to
For those who already downloaded the kernel, I checked and saw a new mr2.1 update so I've attached an updated kernel.
iissmart said:
For those who already downloaded the kernel, I checked and saw a new mr2.1 update so I've attached an updated kernel.
Click to expand...
Click to collapse
Mine is based on that but mr2 and mr2.1 have the same commit so I'm pretty sure it's the same kernel.
Cheers
I'm running a pixel on the nof27b build I don't really want to flash a new kernel would it be possible for you to make the patch a flashable zip
Cardflip said:
Mine is based on that but mr2 and mr2.1 have the same commit so I'm pretty sure it's the same kernel.
Cheers
Click to expand...
Click to collapse
Good catch, I didn't look that closely before recompiling but they are indeed the same. Oh well! Maybe I'll start going off of tag names instead of branches...
ipeedalil said:
I'm running a pixel on the nof27b build I don't really want to flash a new kernel would it be possible for you to make the patch a flashable zip
Click to expand...
Click to collapse
Curious - what difference is there between flashing a kernel using fastboot and using a flashable zip? Isn't the end result the same?
iissmart said:
Curious - what difference is there between flashing a kernel using fastboot and using a flashable zip? Isn't the end result the same?
Click to expand...
Click to collapse
I think he's asking for the patch itself to be a flashable zip so he can patch the boot image while it's already compiled and on the phone. Which AFAIK is impossible
We need one for the Non-Verizon models (N2G47E) & (N2G47J). This modified kernel is only for the Verizon version. If you can compile two more versions for Non-Verizon builds.
puertorecon said:
We need one for the Non-Verizon models (N2G47E) & (N2G47J). This modified kernel is only for the Verizon version. If you can compile two more versions for Non-Verizon builds.
Click to expand...
Click to collapse
I was thinking the same thing, That K is for the Verizon model. good to know.
puertorecon said:
We need one for the Non-Verizon models (N2G47E) & (N2G47J). This modified kernel is only for the Verizon version. If you can compile two more versions for Non-Verizon builds.
Click to expand...
Click to collapse
I'll look into it tomorrow!
Thank you.
puertorecon said:
We need one for the Non-Verizon models (N2G47E) & (N2G47J). This modified kernel is only for the Verizon version. If you can compile two more versions for Non-Verizon builds.
Click to expand...
Click to collapse
I believe the kernel would still work.
It looks like the same kernel is used among NHG47K, N2G47J, and N2G47E, so my patched one should work for all of them. I'll update the post.
I'm just curious... So assuming you have the Google version and the oem unlock switch is fuctional and turned on, if you are not intending to root the device why would you unlock the bootloader? I mean you can always unlock it if you want or need to root, right?
bobby janow said:
I'm just curious... So assuming you have the Google version and the oem unlock switch is fuctional and turned on, if you are not intending to root the device why would you unlock the bootloader? I mean you can always unlock it if you want or need to root, right?
Click to expand...
Click to collapse
In the past I would always root or install a custom ROM on my phone. I would like to with the Pixel, but I want to keep Android Pay since I use it almost daily and I haven't been satisfied with the root solutions I've seen for the Pixel so far. It seems like Google is doing a good job of making it difficult to root, given the three or four different ways to root a Pixel that I've seen. Also, with the advent of monthly security patches I would imagine it is a growing headache to unroot, flash the update, then re-root each month. Google has also done a great job with the stock experience on the Pixel that the reasons I'd root are fairly minor.
It's also just been a habit of mine that the first thing I do with a phone is to unlock the bootloader. I don't like the idea of artificially restricting full access to a device, whether it's software or hardware. Plus I don't have to deal with the silly anti-theft checks that people encounter when they wipe the phone and sell it legitimately (like with Swappa or eBay). There was also a time when Nexus phones would bootloop after receiving an OTA, and if you weren't already unlocked before the OTA hit you'd be stuck with a bricked phone.
iissmart said:
In the past I would always root or install a custom ROM on my phone. I would like to with the Pixel, but I want to keep Android Pay since I use it almost daily and I haven't been satisfied with the root solutions I've seen for the Pixel so far. It seems like Google is doing a good job of making it difficult to root, given the three or four different ways to root a Pixel that I've seen. Also, with the advent of monthly security patches I would imagine it is a growing headache to unroot, flash the update, then re-root each month. Google has also done a great job with the stock experience on the Pixel that the reasons I'd root are fairly minor.
It's also just been a habit of mine that the first thing I do with a phone is to unlock the bootloader. I don't like the idea of artificially restricting full access to a device, whether it's software or hardware. Plus I don't have to deal with the silly anti-theft checks that people encounter when they wipe the phone and sell it legitimately (like with Swappa or eBay). There was also a time when Nexus phones would bootloop after receiving an OTA, and if you weren't already unlocked before the OTA hit you'd be stuck with a bricked phone.
Click to expand...
Click to collapse
Ok, fair enough. As I said I was just curious as to the reasoning. But what do you mean by anti-theft checks? I've never sold a phone so I don't really run into anything like that. But if you ever did need to sell it and you could unlock it at a moment notice wouldn't that suffice? I have a Verizon model locked bl so this is all rather moot to my situation, but I do have a 5x that I can unlock if I had to. I like the idea of being able to toggle the oem switch even though I would still remain locked. Something about being able to flash a factory image that I like. Thanks for your reasoning. Not that I agree or disagree with you entirely hehe. Personally, I just like the security of not being able to access my data if it's ever lost or stolen, but I suppose a concerted effort would get in.
bobby janow said:
Ok, fair enough. As I said I was just curious as to the reasoning. But what do you mean by anti-theft checks? I've never sold a phone so I don't really run into anything like that. But if you ever did need to sell it and you could unlock it at a moment notice wouldn't that suffice? I have a Verizon model locked bl so this is all rather moot to my situation, but I do have a 5x that I can unlock if I had to. I like the idea of being able to toggle the oem switch even though I would still remain locked. Something about being able to flash a factory image that I like. Thanks for your reasoning. Not that I agree or disagree with you entirely hehe. Personally, I just like the security of not being able to access my data if it's ever lost or stolen, but I suppose a concerted effort would get in.
Click to expand...
Click to collapse
If a locked phone is wiped/factory reset then only the Google account that was previously on the phone is allowed to be added back to the device. Tons of people were selling Nexus phones when this change rolled out, and the people that bought the phones were unable to add their accounts even after factory resetting. By unlocking the bootloader it disables this restriction. Yeah, I could do it at the time of selling the phone but there's always a chance I'd forget if I got out of the habit of unlocking the bootloader.
I thought about it a lot - and I've never lost a phone before so I'm OK with having my phone accessible in that regard. If I lose my phone I'll have bigger issues (like 2FA locking me out of my accounts) anyway.
I'm on Verizon, but I intentionally bought the phone from Google just to be able to unlock the bootloader .
iissmart said:
If a locked phone is wiped/factory reset then only the Google account that was previously on the phone is allowed to be added back to the device. Tons of people were selling Nexus phones when this change rolled out, and the people that bought the phones were unable to add their accounts even after factory resetting. By unlocking the bootloader it disables this restriction. Yeah, I could do it at the time of selling the phone but there's always a chance I'd forget if I got out of the habit of unlocking the bootloader.
I thought about it a lot - and I've never lost a phone before so I'm OK with having my phone accessible in that regard. If I lose my phone I'll have bigger issues (like 2FA locking me out of my accounts) anyway.
I'm on Verizon, but I intentionally bought the phone from Google just to be able to unlock the bootloader .
Click to expand...
Click to collapse
I've seen the term 2FA bandied about. I presume that's what you're talking about regarding the lockout. So to clarify, if you don't have an unlocked bootloader you can't sell the device? That seems weird. How do you get your account off? If I gave the phone to my wife she can't add her account?
I've never lost a device either although I have smashed one of them disastrously. But now I have a lot more stuff on the device including some personal pics and videos, password files, banking app and of course AP. I actually think my reasoning was more of like there is so much hacking and theft going on that rather than take a chance let me see what it's like being locked like normal people. It's hasn't been bad at all so far as I'm sure you know since you're not really modded either. I get the OTA on another slot and while it's updating I can use the device and a simple reboot updates it. But the bigger reason is that I got a Verizon model (Pixel 32gb) for $240 and not the $650 the Google one would have cost. I'm not sorry although I will revisit that once the Pixel 2 is released. Black Friday is your friend. I would even have bought the Google Pixel for $350 if they had a deal but they didn't. With a fully functioning 5X I just couldn't justify the full price.
Hmm I extracted the file and used fastboot flash kernel kernel_marlin-3.18-nougat-mr2.img and it gives me an error "error: cannot load 'kernel_marlin-3.18-nougat-mr2.img"
coldconfession13 said:
Hmm I extracted the file and used fastboot flash kernel kernel_marlin-3.18-nougat-mr2.img and it gives me an error "error: cannot load 'kernel_marlin-3.18-nougat-mr2.img"
Click to expand...
Click to collapse
After extracting the file I just renamed it to sailfish-image and used that in the command fastboot flash kernel sailfish-image. Flashed fine.
Sent from my Pixel using XDA-Developers Legacy app
Hello guys this guide is for who want to root phone without disabling ota updates.
(BOOTLOODER SHOULD BE UNLOCK)
BIG THANKS FOR MAKING PATCHED BOOT IMg @Jan.Pul
IAM NOT RESPONSIBLE FOR ANY CAUSE OF YOUR DEVICE DO IT ON OWN RISK)
1)Download patched boot.img from link below
2)copy that patched boot.img to your adb folder
3) adb debugging should be on and oem unlock should be on for unlock bootlooder
4)turn off your device and go into fastboot mode by pressing holding volume down and power key
5) check whether fastboot detect your device or not by typing this command on (cmd) FASTBOOT DEVICES
6) if fastboot shows that your device is connected your good to go
7) you need to boot into patched boot.img for this type a command FASTBOOT BOOT patched_boot.img your device will boot automatically
8) download magisk manager apk from google and. Open ur magisk manager and install ad direct method and reboot
If you get bootloop dont worry just press your power key for 5sec it will boot automatically
PATCH BOOT IMG : https://drive.google.com/file/d/1cU6qOMiHlGdSAbRtMVgTlHummcGksnt6/view?usp=drivesdk
Guessing this is for the Indian/Chinese version and the bnd-l24 is still sitting on the shelf? And rooting without making a backup isn't usually the smartest thing to do but we all know that.
Is there a source this came from by any chance?
Yes..But Why?
maximran said:
maximran said:
this guide is for who want to root phone without disabling ota updates.
(IAM NOT RESPONSIBLE FOR AMY CAUSE OF YOUR DEVICE DO IT ON OWN RISK)
Click to expand...
Click to collapse
str8stryk3r said:
rooting without making a backup isn't usually the smartest thing to do but we all know that.
Is there a source this came from by any chance?
Click to expand...
Click to collapse
I Eh... Would Love To See This Happen..
I'm... still at a loss to understand why so many people want to root the 7x... Now?
There is an adaway substitute available... ( Search it if you care to ) no root needed.
You can adjust DPI...
You have Themes....
You can remove apps from user view... ( Search it if you care to )
And.... removing unwanted apps WILL NOT free up more RAM.. RAM Management will just fill the allotted space with something else...
You need to make a backup ??? Eh.... Your Stock Software WILL NOT FAIL Unless you are in there messing with it or, are installing illegal apps that are cancering your unit.
Battery Management apps like Greenify? really? how many of you even have to use the Power Saving options already installed in the 7x? I'm getting a day and a half easy.. without using any of the Power Saving options.. YMMV of course.
Oreo is 3 to 4 weeks away.
There still, is No Stock Image Available from Honor to turn to should your Rooting efforts fail you.
So, What possible benefits are you getting by Rooting Nougat Now..
It's YOUR device.. and I wish you the best of luck should you find a reason that you feel justifies the need to root right now..
I'm going to Root my 7x as well... once a Stock Image is available from Honor and, EMUI / OREO 8.0 , The Updated Security Patch and Facial Unlock / AR options are delivered.. That will hold me for the 6 - 7 months I'll own the 7x.
I am just so curious why so many would gamble with Root.. with no clear cut method of being able to recover from a catastrophe.... and no real benefit at this time.
Click to expand...
Click to collapse
RaiderWill said:
maximran said:
I Eh... Would Love To See This Happen..
I'm... still at a loss to understand why so many people want to root the 7x... Now?
There is an adaway substitute available... ( Search it if you care to ) no root needed.
You can adjust DPI...
You have Themes....
You can remove apps from user view... ( Search it if you care to )
And.... removing unwanted apps WILL NOT free up more RAM.. RAM Management will just fill the allotted space with something else...
You need to make a backup ??? Eh.... Your Stock Software WILL NOT FAIL Unless you are in there messing with it or, are installing illegal apps that are cancering your unit.
Battery Management apps like Greenify? really? how many of you even have to use the Power Saving options already installed in the 7x? I'm getting a day and a half easy.. without using any of the Power Saving options.. YMMV of course.
Oreo is 3 to 4 weeks away.
There still, is No Stock Image Available from Honor to turn to should your Rooting efforts fail you.
So, What possible benefits are you getting by Rooting Nougat Now..
It's YOUR device.. and I wish you the best of luck should you find a reason that you feel justifies the need to root right now..
I'm going to Root my 7x as well... once a Stock Image is available from Honor and, EMUI / OREO 8.0 , The Updated Security Patch and Facial Unlock / AR options are delivered.. That will hold me for the 6 - 7 months I'll own the 7x.
I am just so curious why so many would gamble with Root.. with no clear cut method of being able to recover from a catastrophe.... and no real benefit at this time.
Click to expand...
Click to collapse
Oh I agree with ya. I'm not fooling with mine until a definitive stable method comes out after oreo. I might even hold off until we start getting some custom rooms and kernels. I've unlocked my bootloader and that's about the extent of my Honor 7x modding for the time being.
Click to expand...
Click to collapse
A Question Sir..
str8stryk3r said:
RaiderWill said:
Oh I agree with ya. I'm not fooling with mine until a definitive stable method comes out after oreo. I might even hold off until we start getting some custom rooms and kernels. I've unlocked my bootloader and that's about the extent of my Honor 7x modding for the time being.
Click to expand...
Click to collapse
Have You Tried "Re-Locking" Your Bootloader.. And Then Doing A Factory Reset?
Just asking because.. I thought.. (And I Could Be 100% WRONG) I read somewhere that, relocking using the command line causes the 7x to brick..
Click to expand...
Click to collapse
RaiderWill said:
str8stryk3r said:
Have You Tried "Re-Locking" Your Bootloader.. And Then Doing A Factory Reset?
Just asking because.. I thought.. (And I Could Be 100% WRONG) I read somewhere that, relocking using the command line causes the 7x to brick..
Click to expand...
Click to collapse
No I unlocked the bootloader so I wouldn't have to in the future. Why, bootloader unlocking China cause me to not be able to do ota updates? I was under the impression that only rooting and installing twrp would cause issues with ota but I could've read wrong
Click to expand...
Click to collapse
@maximran, root with Magisk "KEEPFORCEENCRYPT=true"; but if I change to "false", should work too?
str8stryk3r said:
RaiderWill said:
No I unlocked the bootloader so I wouldn't have to in the future. Why, bootloader unlocking China cause me to not be able to do ota updates? I was under the impression that only rooting and installing twrp would cause issues with ota but I could've read wrong
Click to expand...
Click to collapse
True, even I have unlocked my bootloader but I still received OTA.
Click to expand...
Click to collapse
kilroystyx said:
@maximran, root with Magisk "KEEPFORCEENCRYPT=true"; but if I change to "false", should work too?
Click to expand...
Click to collapse
It will not work
Interesting!
str8stryk3r said:
RaiderWill said:
No I unlocked the bootloader so I wouldn't have to in the future. Why, bootloader unlocking China cause me to not be able to do ota updates? I was under the impression that only rooting and installing twrp would cause issues with ota but I could've read wrong
Click to expand...
Click to collapse
Asder.mko said:
str8stryk3r said:
True, even I have unlocked my bootloader but I still received OTA.
Click to expand...
Click to collapse
Really ?
Please.. let me know once the update arrives.
I've NEVER seen a Signed O.T.A. software update package walk through the front door of a device with an Unsecured Bootloader.
Aren't you guys getting the "Exclamation Warning" screen when you first boot up letting you know your device is officially "Unsecure" ?
I'm not rooting Nougat.. just curious.. you normally get an "Update Failed!" message.. Thanks!
Click to expand...
Click to collapse
Click to expand...
Click to collapse
RaiderWill said:
str8stryk3r said:
Asder.mko said:
Really ?
Please.. let me know once the update arrives.
I've NEVER seen a Signed O.T.A. software update package walk through the front door of a device with an Unsecured Bootloader.
Aren't you guys getting the "Exclamation Warning" screen when you first boot up letting you know your device is officially "Unsecure" ?
I'm not rooting Nougat.. just curious.. you normally get an "Update Failed!" message.. Thanks!
Click to expand...
Click to collapse
Well, I got the OTA in December itself but since I had rooted and installed twrp recovery, I wasn't able to install the update.
Yes, we get that " your device is not secure... Blah blah blah..."
Click to expand...
Click to collapse
Click to expand...
Click to collapse
RaiderWill said:
str8stryk3r said:
Asder.mko said:
Really ?
Please.. let me know once the update arrives.
I've NEVER seen a Signed O.T.A. software update package walk through the front door of a device with an Unsecured Bootloader.
Aren't you guys getting the "Exclamation Warning" screen when you first boot up letting you know your device is officially "Unsecure" ?
I'm not rooting Nougat.. just curious.. you normally get an "Update Failed!" message.. Thanks!
Click to expand...
Click to collapse
Before I went ahead an unlocked my bootloader I checked as many sources as I could about if whether or not I'd still be able ota update and the vast majority of the things I read states that what causes the update to fail is not having stock rom and not having stock recovery. The bootloader being unlocked doesn't modify those or any system files so everything should be fine. Unless Huawei changed things specifically for our Honor 7x then there shouldn't be any problems with ota updates. I guess I'll find out when the L24 people start saying they got updates and I don't receive it or can't install it
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Well, that's quite right. I don't know whether Huawei/Honor implemented THAT thing, but yeah reverting back to stock conditions wand applying OTA wouldn't be an issue!
( P.S - I'm stuck here too as I have OTA update since December but haven't reverted to stock to install it. I don't yet know properly about manual installation! )
(I haven't received my 7x yet and I haven't had any recent experience with Huawei OTA updates and I am not advocating that anyone should alter their phones in any way which would void their warranties... )
However, I was surprised to hear in this forum that Huawei has made things more restrictive since the Mate2. Given that you can still obtain bootloader unlock codes (and the only reason AFAIK is to allow you to flash a new recovery) and that Huawei has publicly committed to open-source and has given 7x's to developers, it seems contrary to a "lockdown" philosophy. Rather, it would appear as they are still encouraging 3rd party development to prolong product lifespan in order to attract cheapskates like me who still use a 4-year old phone.
Things may have changed but In order to get OTA updates, here were some of the issues on the Mate2 :
Some people had a difficult time obtaining the bootloader unlock codes. Either you can get a code or you couldn't. Without an unlocked bootloader, you can't flash a different recovery.
You "can't" flash TWRP. That's not entirely true. You needed to restore the appropriate version of Huawei recovery before each OTA, because update.zip can only be interpreted by the appropriate recovery. (Think format differences between CWM and TWRP.)
You were able to root and still obtain OTA. (Albeit, there was only one OTA. The rest had to be downloaded to SD and flashed. But that was okay back then 'cause no one outside of China really knew about Huawei.) The updates weren't checking whether you had modified the existing software or not. Once you've voided your warranty, Huawei didn't care if you then decide to then make your phone more vulnerable or accidentally brick it. The problem was that the update could fail if you remove a piece of bloatware that Huawei decided to update. (The folders would be missing for example. And the update would not recover gracefully.)
But a big THANKS to previous posters which reminded me to backup everything (basically as soon as I receive my 7x).
Oh....if you are flashing a custom recovery, you should also backup the "stock" recovery after each OTA update. Sometimes the recovery is also updated. (That's what I meant by "appropriate" version.)
iammudd said:
(I haven't received my 7x yet and I haven't had any recent experience with Huawei OTA updates and I am not advocating that anyone should alter their phones in any way which would void their warranties... )
However, I was surprised to hear in this forum that Huawei has made things more restrictive since the Mate2. Given that you can still obtain bootloader unlock codes (and the only reason AFAIK is to allow you to flash a new recovery) and that Huawei has publicly committed to open-source and has given 7x's to developers, it seems contrary to a "lockdown" philosophy. Rather, it would appear as they are still encouraging 3rd party development to prolong product lifespan in order to attract cheapskates like me who still use a 4-year old phone.
Things may have changed but In order to get OTA updates, here were some of the issues on the Mate2 :
Some people had a difficult time obtaining the bootloader unlock codes. Either you can get a code or you couldn't. Without an unlocked bootloader, you can't flash a different recovery.
You "can't" flash TWRP. That's not entirely true. You needed to restore the appropriate version of Huawei recovery before each OTA, because update.zip can only be interpreted by the appropriate recovery. (Think format differences between CWM and TWRP.)
You were able to root and still obtain OTA. (Albeit, there was only one OTA. The rest had to be downloaded to SD and flashed. But that was okay back then 'cause no one outside of China really knew about Huawei.) The updates weren't checking whether you had modified the existing software or not. Once you've voided your warranty, Huawei didn't care if you then decide to then make your phone more vulnerable or accidentally brick it. The problem was that the update could fail if you remove a piece of bloatware that Huawei decided to update. (The folders would be missing for example. And the update would not recover gracefully.)
But a big THANKS to previous posters which reminded me to backup everything (basically as soon as I receive my 7x).
Oh....if you are flashing a custom recovery, you should also backup the "stock" recovery after each OTA update. Sometimes the recovery is also updated. (That's what I meant by "appropriate" version.)
Click to expand...
Click to collapse
My thoughts exactly. Why would they provide they website to unlock the bootloader if that kept ota updates from going through. The only thing that's really holding back the development of this device is Huawei hasn't released the full stock firmware package yet. I have the L24 version so it's exciting seeing L21/A10 making some progress because it's only a matter of time until things start to kick off all around.
str8stryk3r said:
My thoughts exactly. Why would they provide they website to unlock the bootloader if that kept ota updates from going through. The only thing that's really holding back the development of this device is Huawei hasn't released the full stock firmware package yet. I have the L24 version so it's exciting seeing L21/A10 making some progress because it's only a matter of time until things start to kick off all around.
Click to expand...
Click to collapse
No need for full fw broh need vendor partitions, device tree, kernel sources
maximran said:
No need for full fw broh need vendor partitions, device tree, kernel sources
Click to expand...
Click to collapse
Lmao, and that's why I'm not a developer. I just know having the stock image files is important so that when something gets screwed up got have something to fall back on.
Bringing Up The Rear...
Asder.mko said:
Yes, we get that " your device is not secure... Blah blah blah..."
Click to expand...
Click to collapse
That Answers My Question As To Wether Or Not You Do See The Unsecure Msg..
Anyway.. Great Discussion.
Fact or Fiction... who will get the updates via O.T.A. ? The Non-Rooted, The Rooted.. or Both.
Even with Project Treble... will this device ever take off with Developer support ?
Will Huawei / Honor release a stock image of Nougat and Oreo ? ( Eh, Honor.. it's been 60 days since Kernel source was released.. and you know people are Rooting away.. why have you not released the stock Nougat image for the 7x?) and don't use working on EMUI & OREO as an excuse.. that's simply not good enough.. :angel:
I'm going to enjoy laying back... and watching how this unfolds.
Re-Reading my own words, as to what is the motivation for everyone Rooting Nougat now.. and what is anyone getting out of doing it.. because so much of what you would normally do with Admin Access is already incorperated into the 7x.. is there really a need to even Root whats coming without something like a Stable Linage / Franco Kernel combo ROM available vs a 100% stable Factory Fresh EMUI / Oreo 8.0 setup.
For me, it will be a fun to see what key Developers, ROM's and support in general.. the 7x actually gets.. and at what point they release firmware for restoration purposes.
You Just Never Know.
RaiderWill said:
That Answers My Question As To Wether Or Not You Do See The Unsecure Msg..
Anyway.. Great Discussion.
Fact or Fiction... who will get the updates via O.T.A. ? The Non-Rooted, The Rooted.. or Both.
Even with Project Treble... will this device ever take off with Developer support ?
Will Huawei / Honor release a stock image of Nougat and Oreo ? ( Eh, Honor.. it's been 60 days since Kernel source was released.. and you know people are Rooting away.. why have you not released the stock Nougat image for the 7x?) and don't use working on EMUI & OREO as an excuse.. that's simply not good enough.. :angel:
I'm going to enjoy laying back... and watching how this unfolds.
Re-Reading my own words, as to what is the motivation for everyone Rooting Nougat now.. and what is anyone getting out of doing it.. because so much of what you would normally do with Admin Access is already incorperated into the 7x.. is there really a need to even Root whats coming without something like a Stable Linage / Franco Kernel combo ROM available vs a 100% stable Factory Fresh EMUI / Oreo 8.0 setup.
For me, it will be a fun to see what key Developers, ROM's and support in general.. the 7x actually gets.. and at what point they release firmware for restoration purposes.
You Just Never Know.
Click to expand...
Click to collapse
People like to root and mod their own devices for their own reasons but you're right, a lot of the reasons I modded past devices was because the roms almost always ran better than stock but the 7x imho runs great. Used to be kernels for better battery life and such. I like custom roms because I like to be able to do certain things that stock roms limited as far as customizing goes. A lot of people hate bloat and end up deleting every file on the phone that isn't necessary or to their liking to make the rom as minimal as possible.
But as of now I'm happy with the phone and don't feel the urge to need to root and and a custom recovery. The roms that eventually come would have to offer something worthwhile to flash. But hell, that's subject to change given how I'm feeling that day lol. There's a new AOSP based rom in another thread that sounds promising
RaiderWill said:
Will Huawei / Honor release a stock image of Nougat and Oreo ? ...
Re-Reading my own words, as to what is the motivation for everyone Rooting Nougat now.. and what is anyone getting out of doing it.. because so much of what you would normally do with Admin Access is already incorperated into the 7x..
Click to expand...
Click to collapse
I assume that you already know this ... but I should mention it for others that you can run TWRP (if there is a version for one's phone) without flashing it. (I don't have my 7x yet, so I prob really shouldn't be trying to give detailed instructions anyways.) From there, you can make backups of the stock image, stock recovery, etc. (So thx again to this forum for reminding me that I should backup all stock images as soon as I receive my 7x so that MY fingerprints are not all over the backups.)
As to rooting, there ARE at least 2 things that Huawei hasn't provided without root:
Yes, I can make app backups (and/or use the Huawei "easy transfer"... not sure what app that is at the moment) but I'd assume that I won't be able to transfer it to a non-Huawei device. That's why I continue to use Titanium Backup.
USB Mass Storage Enabling (and by extension Selinux Passive mode). I want fast transfer to my desktop, etc.... and I want a drive-letter (yes, there are Win programs which only work with drive letters). Without UMS, I haven't found a way to do that.
Will it work?
PuffDaddy_d said:
Will it work?
Click to expand...
Click to collapse
Most probably. The dev has one on order.
May not on day one, but I'd expect it very soon.
The question is how long will Magisk continue to work. According to an XDA:
Full documentation on the Titan Security Module is not yet available, but a few Google engineers have posted Tweets that give us some information. First, in response to a tweet by Dees_Troy, lead developer of TWRP, Google’s tech lead for Android hardware-backed security subsystems, Shawn Willden, states that the new security module will not be used for runtime system analysis. This is important for Magisk users because hardware-backed runtime system analysis would make systemless-root much more difficult. However, Google already opened up an API for the Trusted Execution Environment (TEE), so runtime system analysis could still happen in the future (in other words, there could still be bad news for Magisk.)
Click to expand...
Click to collapse
mycall0 said:
The question is how long will Magisk continue to work. According to an XDA:
Click to expand...
Click to collapse
I wouldn't expect Google to purposely use it to kill Magisk... however I would expect them to make it difficult to be rooted and still pass the SafetyNet check.
I'm just surprised that nobody has confirmed that Magisk works on the P3 yet.
I mean, my phone was delivered this morning, so I assumed that tons of people all over the country were eagerly unlocking bootloaders and flashing away.
But still all quiet here on this thread?
From what I understand, that's because the factory image is only out since a few hours...
Someone on the Xl forum tried and the phone didnt boot so he had to factory flash the image. So looks like its the waiting game for root.
TopJohnWu will have his pixel Friday. He is excited about it, I bet we have root by Monday.
I tried to patch the boot.img through the magisk app and then flash that through fastboot. Flashed successfully but would not boot.
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?
jsauder2 said:
I tried to patch the boot.img through the magisk app and then flash that through fastboot. Flashed successfully but would not boot.
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?
Click to expand...
Click to collapse
From what I understand that is the case, unless you use Magisk to "cloak" and "fool" the apps into thinking it isn't.
Eudeferrer said:
From what I understand that is the case, unless you use Magisk to "cloak" and "fool" the apps into thinking it isn't.
Click to expand...
Click to collapse
Guess I've not tried using my phone unlocked without magisk in awhile...
jsauder2 said:
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?
Click to expand...
Click to collapse
No, my Nexus 5 running LineageOS has always passed with Magisk and unlocked bootloader (and Pay, etc. works).
CSX321 said:
No, my Nexus 5 running LineageOS has always passed with Magisk and unlocked bootloader (and Pay, etc. works).
Click to expand...
Click to collapse
Does it pass when it's unlocked but doesn't have magisk though? That's what I was wondering. This is really the first time I've had a phone unlocked without root (since it doesn't work yet), so I've never actually thought about that until now.
jsauder2 said:
Does it pass when it's unlocked but doesn't have magisk though? That's what I was wondering. This is really the first time I've had a phone unlocked without root (since it doesn't work yet), so I've never actually thought about that until now.
Click to expand...
Click to collapse
Ah, good question. I don't know. I've always had my phone unlocked and rooted.
jsauder2 said:
Does it pass when it's unlocked but doesn't have magisk though? That's what I was wondering. This is really the first time I've had a phone unlocked without root (since it doesn't work yet), so I've never actually thought about that until now.
Click to expand...
Click to collapse
I want to say that it was relatively recently (maybe in the last 2-2.5 years) where if you only unlocked the bootloader, it would fail SafetyNet. For a while, you had to flash a kernel on top of unlocking the bootloader to pass SafetyNet.
tysj said:
I want to say that it was relatively recently (maybe in the last 2-2.5 years) where if you only unlocked the bootloader, it would fail SafetyNet. For a while, you had to flash a kernel on top of unlocking the bootloader to pass SafetyNet.
Click to expand...
Click to collapse
My experience is if I unlock bootloader, I fail SafetyNet unless Magisk is installed. Sometimes after a reboot, I still fail until I load the Magisk app and have it check once. Then the phone is fine again.
As to the original question: I installed the newest beta of Magisk on my Pixel 3 XL, downloaded the factory boot.img from Google and patched it using the app. Flashing to my active boot slot caused fastboot to complain about no valid boot images. Flashing the original boot.img allowed the phone to start normally again.
imsaguy said:
My experience is if I unlock bootloader, I fail SafetyNet unless Magisk is installed. Sometimes after a reboot, I still fail until I load the Magisk app and have it check once. Then the phone is fine again.
As to the original question: I installed the newest beta of Magisk on my Pixel 3 XL, downloaded the factory boot.img from Google and patched it using the app. Flashing to my active boot slot caused fastboot to complain about no valid boot images. Flashing the original boot.img allowed the phone to start normally again.
Click to expand...
Click to collapse
confirmed same results on Pixel 3 (non XL)
jsauder2 said:
I tried to patch the boot.img through the magisk app and then flash that through fastboot. Flashed successfully but would not boot.
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?
Click to expand...
Click to collapse
Yeah that's always been the case with unlocked bootloader
He just rooted the 3XL according to his Twitter. Release this weekend maybe?... Dude wasted no time, absolute machine.
Hello very friendly helping people!
Im a 10 year iPhone user, but over time i came to hate all the restrictions and so i got myself a K30 Ultra and later today it should finally arrive!
Unfortunately i found out that it doesnt check the Google SafetyNet thingy and i can't use Google Pay with it. That kinda sucks, I never thought about stuff like this on iOS, but I'm confident there is a solution for it.
I found out about rooting my device, but it somehow isn't possible because of the Mediatek chip. But then I also found out that apperenty there IS a way to use the program/thingy that makes the phone pass SafetyNet (Magisk) without the need of a custom ROM.
I'm sorry if im confusing words like rooting im very noobish about all this.
So here are my questions in short form:
1. Can I make Google Pay Work in any way on my Redmi K30 Ultra?
2. Does this also affect my banking apps (I'm using DKB and Kontist) and can this be solved, too?
3. Could you link me some guides how to do it?
4. Is there any danger doing it (like deleting my phone if it doesnt work) and is there a possibility to safe my device on the PC or something like this to be safe?
5. Are their any safety concerns doing "it" (not sure what the solution will be) and should I install an anti virus program on the device? I just read about the cerberus trojan and its kinda scary. I think iOS systems were always pretty safe against those.
6. Anything else i need to know?
Thank you so much! I appreciate it a lot that there is a place where i can go to get help on those things! <3
Google Pay and any other banking apps refuse to work when a rooted Android gets detected by them. BTW: SafetyNet API doesn't purely check whether the device's Android is rooted, as the API is designed to check the overall integrity of device's Android.
jwoegerbauer said:
Google Pay and any other banking apps refuse to work when a rooted Android gets detected by them. BTW: SafetyNet API doesn't purely check whether the device's Android is rooted, as the API is designed to check the overall integrity of device's Android.
Click to expand...
Click to collapse
Hey, thanks for your post!
Are you implying that there is no way around that and its doomed to forever not work on my device?
To clarify things: SafetyNet is run by an app that has implemented this API, it's not run by Android OS itself. Yes, Magisk allows you to lever out this test by manipulating device's fingerprint so you will possibly be able to use Google Pay etc.pp
FYI: Any app not having SafetyNet API implemented easily can check whether Android got rooted / tampered or not. The app simply runs functions like
Code:
isRootNative
isDetectedDevKeys
isDetectedTestKeys
isFoundBusyboxBinary
isFoundDangerousProps
isFoundHooks
isFoundResetprop
isFoundSuBinary
isFoundWrongPathPermission
isFoundXposed
isNotFoundReleaseKeys
isPermissiveSelinux
isSuExists
isMagiskSUExists
isFoundMagisk
isFoundRootCloakingApps
what can't get prevented by Magisk.
jwoegerbauer said:
Yes, Magisk allows you to lever out this test by manipulating device's fingerprint so you will possibly be able to use Google Pay etc.pp
Click to expand...
Click to collapse
Ok, perfect. Would you be able to link me to a guide that shows me how to install Magisk on my device? It has a Mediatek chip so a custom ROM isn't possible (as far as I understand).
Mirardt said:
Ok, perfect. Would you be able to link me to a guide that shows me how to install Magisk on my device? It has a Mediatek chip so a custom ROM isn't possible (as far as I understand).
Click to expand...
Click to collapse
How to install Magisk without a Custom ROM is explained here.
If a Custom ROM like TWRP isn't officially made public for your device then you have to compile TWRP at your own.
This is TWRP and Magisk for the latest firmware on the K30 Ultra. https://mifirm.net/downloadtwrp/166
---------- Post added at 07:39 PM ---------- Previous post was at 07:37 PM ----------
Google Pay on a rooted device with Magisk installed /is/ possible, my Galaxy Note 9 with Dr. Ketan's ROM works with Google Pay and I believe it's due to the CTS Profile fix which is available in its ROM Tool app. So there's going to be some way to make it work with the K30 Ultra.
JaboJG said:
This is TWRP and Magisk for the latest firmware on the K30 Ultra. https://mifirm.net/downloadtwrp/166
Click to expand...
Click to collapse
Oh wow how cool is that, that is custom for the K30 ultra
And do I install that with the guide linked above or do I need some certain skill and experience to do that. It says it isn't tested yet. If I do a mirror of my phone before nothing really bad can happen right?
Google Pay on a rooted device with Magisk installed /is/ possible, my Galaxy Note 9 with Dr. Ketan's ROM works with Google Pay and I believe it's due to the CTS Profile fix which is available in its ROM Tool app. So there's going to be some way to make it work with the K30 Ultra.
Click to expand...
Click to collapse
Nice!!!
Yeah the only think that failed SafetyNet Test is the "CTS profile match". But I can't use those roms for my K30 ultra, right, so I just do it with Magisk?
Thanks so much!!
You need to unlock your bootloader with the Mi Unlock tool then flash TWRP over fastboot, and in TWRP make the appropriate backups and flash Magisk. There's many guides and it's relatively straight forward.
K30 Ultra is basically a brand new phone, it's like a month old. It'll be a while but keep an eye on XDA Forums, on the internet, and on YouTube. Somebody will eventually describe or figure out how to fix the CTS Profile.
I think I'm not gonna modify mine and I'll just wear my Apple Watch to use it for contactless payments.
JaboJG said:
You need to unlock your bootloader with the Mi Unlock tool then flash TWRP over fastboot, and in TWRP make the appropriate backups and flash Magisk. There's many guides and it's relatively straight forward.
K30 Ultra is basically a brand new phone, it's like a month old. It'll be a while but keep an eye on XDA Forums, on the internet, and on YouTube. Somebody will eventually describe or figure out how to fix the CTS Profile.
I think I'm not gonna modify mine and I'll just wear my Apple Watch to use it for contactless payments.
Click to expand...
Click to collapse
Alright, so I read 12384 guides and had a very tiny sense of it. The Mi Unlock tool stopped me, though, and now I'll have to wait another 6 days.
As I understood it, my data will be erased, but can be just be restored by MIUI if backed up before. I'm gonna let you know how it worked after I'll do it in about a week.
Probably I won't have to patience to wait. Google Pay is a really nice to have, but neither voLTE, nor voWifi works on my device, so I for sure have do hack that some weird way, because i have no mobile network at all at home and absolutely need voWifi.
Thank you very much for your kind help! <3
No problem at all.
I'm not sure if Wifi-Calling (voWifi) works with my carrier as I've turned it on with the carrier and in the phone, and it doesn't seem to be making calls over wifi. Not a big deal for me though as I've got Unlimited calls with my carrier.
Please let us know if and when you do flash the TWRP as I'd like feedback before flashing it myself.
Do your banking apps refuse to work or is it only google pay that fails due to the safetynet fail?
JaboJG said:
No problem at all.
I'm not sure if Wifi-Calling (voWifi) works with my carrier as I've turned it on with the carrier and in the phone, and it doesn't seem to be making calls over wifi. Not a big deal for me though as I've got Unlimited calls with my carrier.
Please let us know if and when you do flash the TWRP as I'd like feedback before flashing it myself.
Click to expand...
Click to collapse
Yeah, me too, but I have a very bad connection in my flat so I do need voWifi anyway. I will let you know and hope I won't brick my device. But as I understand it, bricking the device just by flashing twrp is very unlikely, right?
MerlijnD said:
Do your banking apps refuse to work or is it only google pay that fails due to the safetynet fail?
Click to expand...
Click to collapse
Only Google Pay, both of my banking apps work perfectly. I couldnt scan the security bar code though, some internal google app wouldn't allow it. So i had to put in both the (very long) idendification and security numbers in manually.
Alright thanks. Another thing im interested in is if Snapchat works when safetynet fails. Did you do any tests regarding that?
MerlijnD said:
Alright thanks. Another thing im interested in is if Snapchat works when safetynet fails. Did you do any tests regarding that?
Click to expand...
Click to collapse
Not using Snapchat, but I just installed it and it starts without problems. Didn't made an account though.
So I'm gonna be able to flash twrp and Magisk in exactly 14 hours and have some questions i would really appreciate an answer to <3
Using this: https://mifirm.net/downloadtwrp/166
1. The thing i want to flash first is twrp and it is the file called "recovery.img" in the downloaded folder, is that correct?
2. Just flashing twrp is "relatively" safe and if I do a backup and the device bricks by installing Magsik after, i can recover it through twrp, correct?
3. Should I not install todays new security update to MIUI or does that not matter at all?
edit: 4. Do I need/want to have "USB debugging", "Install via USB" and "USBebugging (Security Settings)" enabled or just "OEM unlocking"?
Thank you so much! I'm very nervous since i didn't read any experiences of rooting the K30 Ultra before and I'm scared of killing it.
Hey Mirardt, good luck. Let us know how you get on!
1. Yeah, you'll use fastboot to flash the recovery.img for TWRP.
2. Do a full backup with TWRP and you should be safe.
3. Doesn't matter, it's just the September Android security update.
4. Yeah turn on USB Debugging and connect your phone to your computer - it will ask you if you want to allow this computer to debug your phone, choose accept and always (or something similar to those words.) Do this before flashing TWRP.
Mirardt said:
So I'm gonna be able to flash twrp and Magisk in exactly 14 hours and have some questions i would really appreciate an answer to <3
Using this: https://mifirm.net/downloadtwrp/166
1. The thing i want to flash first is twrp and it is the file called "recovery.img" in the downloaded folder, is that correct?
2. Just flashing twrp is "relatively" safe and if I do a backup and the device bricks by installing Magsik after, i can recover it through twrp, correct?
3. Should I not install todays new security update to MIUI or does that not matter at all?
edit: 4. Do I need/want to have "USB debugging", "Install via USB" and "USBebugging (Security Settings)" enabled or just "OEM unlocking"?
Thank you so much! I'm very nervous since i didn't read any experiences of rooting the K30 Ultra before and I'm scared of killing it.
Click to expand...
Click to collapse
JaboJG said:
Hey Mirardt, good luck. Let us know how you get on!
1. Yeah, you'll use fastboot to flash the recovery.img for TWRP.
2. Do a full backup with TWRP and you should be safe.
3. Doesn't matter, it's just the September Android security update.
4. Yeah turn on USB Debugging and connect your phone to your computer - it will ask you if you want to allow this computer to debug your phone, choose accept and always (or something similar to those words.) Do this before flashing TWRP.
Click to expand...
Click to collapse
Hey Jabo, nice, I'm gonna do just that! Just for clarification, I use Mi Unlock Tool first, THEN twrp, then backup, then magisk?
I'll let you know and thanks for the good luck!
edit: so the command would be "fastboot flash recovery recovery.img", right?
I'm VERY sorry for the noobish questions.
I'm going to quickly use this thread to ask how to actually unlock the K30 Ultra Bootloader. I did everything the guides said, but Mi Unlock still doesn't recognize the phone when it's plugged in. Any Advice?
Hey guys (especially JaboJG). quick update: Flashing twrp and Magsik both just worked perfectly. no brick. Thanks for your help!!
The only issue is that it didnt help in passing Google Safety Check. I tried almost everything there is and will post my logs of MagiskHide Props in their thread soon.
Also, now some apps don't work anymore because they detect the root. I hope we will find a fix.
macrett said:
I'm going to quickly use this thread to ask how to actually unlock the K30 Ultra Bootloader. I did everything the guides said, but Mi Unlock still doesn't recognize the phone when it's plugged in. Any Advice?
Click to expand...
Click to collapse
No idea, sorry. It just worked for me.
Follow the instruction of your OS (GrapheneOS or CalyxOS) as normal, then just before locking the bootloader back follow the guide here. The end result is a OS with Magisk and root, but the bootloader can not be lock again (because of the root process).
So, if you would like to be able to record call, block advertisement and enjoy your device because it is your freedom to do with your device what ever you want, root your OS.
PS, if security is more important then privacy, rooting is not the way to go, at the moment I didnt find how to maintain both
Old news.
And technically, you CAN relock the bootloader if you wanted to, by resigning everything. There's links (somewhere, you'll have to search for it) to a program on git that someone wrote to do this, but I haven't tried it.
The reality is that locking the bootloader really doesn't do much for you. It might protect you a BIT if you lose physical control over it, but when you lose physical control over a device, you have to assume that its been compromised anyway.
Locking the bootloader will be essential in the future when Google enforces Hardware Backed attestation for those who use contactless payments.
This is good to know.
shoey63 said:
Locking the bootloader will be essential in the future when Google enforces Hardware Backed attestation for those who use contactless payments.
This is good to know.
Click to expand...
Click to collapse
Source?
96carboard said:
Source?
Click to expand...
Click to collapse
It's all in This thread
Edit: More reading Here
shoey63 said:
It's all in This thread
Edit: More reading Here
Click to expand...
Click to collapse
Your links seem to be showing something about current issues that people are having, not about something "in the future" regarding enforcement of locked bootloader.
Edit: what I'm looking for is some statement from gooble that they intend to make some changes with respect to this, otherwise it appears to be just speculation.
Edit 2: The subject is also pretty off topic, since there's a good chance that it doesn't come into play at all with graphene or calyx, both of which do NOT include integrated binary gooble services. Graphene goes to a lot of trouble to make it installable, but strongly isolated from everything else, which includes restricting hardware status flags from being readable by it. Calyx promotes microG.
96carboard said:
Old news.
And technically, you CAN relock the bootloader if you wanted to, by resigning everything. There's links (somewhere, you'll have to search for it) to a program on git that someone wrote to do this, but I haven't tried it.
The reality is that locking the bootloader really doesn't do much for you. It might protect you a BIT if you lose physical control over it, but when you lose physical control over a device, you have to assume that its been compromised anyway.
Click to expand...
Click to collapse
It may be old news for you, I didnt find it anywhere. That is why I posted it here, just in case there are people like me that looking for that answer.
Asking in the GrapheneOS chats, I only got an answer that rooting is not supported and not recommended.
Since I'm using call recorder to my work and will be glad to block advertisements locally, and god forbid, I also would like to use either Graphene or CalyxOS.
I dont see other way around it unless using root.
Can you please send your links for looking back the bootloader? that will be awesome. Thanks!
HQwarp said:
Can you please send your links for looking back the bootloader? that will be awesome. Thanks!
Click to expand...
Click to collapse
Use the search bar at the top of the screen, or read through all the other threads in the 6 and 6pro forums, that's what I would have to do to find it for you.
96carboard said:
Use the search bar at the top of the screen, or read through all the other threads in the 6 and 6pro forums, that's what I would have to do to find it for you.
Click to expand...
Click to collapse
Very sad respond from you. You can be helpful and point me to the right direction and with less arrogance attitude of yours...
XDA is a place to share knowledge, not to show your arrogance on how good you are to type in google search.
FYI, if anyone want to sign the bootloader after using Magisk this is probably the way
Rooting Graphene/Calyx/LeOS/DivestOS/eOS/CopperHead completely defeats t he purpose as now it gives potentially a malicious app root abilities.
As the head of Graphene's Twitter once said "but why... that opens so many security risk doors"|
You can't re-lock the bootloader with root unless you create a new avb-key. Don't bother rooting security roms, its pointless.
Yes, you are right, it is lowering the security of the phone. But, that's ok, each one with his use case of attack. If it is ok for you to use your phone without sudo, good for you. Since I'm not Edward Snowden and I'm not afraid to use sudo on my machines, and when I do, I know enough when and how to use it.
Therefore, I don't see why I can't use sudo on my phone. Especially when some of us do need our phone to perform tasks that currently are not supported by Security oriented OS as you mentioned, AND also do want to lower our information footprint on the net. For this case using sudo on the formation ROMs seems ideal.
HQwarp said:
Very sad respond from you.
Click to expand...
Click to collapse
Very sad that you expect to be spoon fed when you have the capacity to search for yourself.
to make it easier for people who may look for it (I was one of those people)
this is that script mentioned earlier which will allow you to resign the rom to allow you to lock the bootloader with Magisk https://forum.xda-developers.com/t/...s-and-add-adb-root-and-other-changes.4440367/
This is exactly what I needed https://github.com/chenxiaolong/avbroot
I believe so anyway, still actually trying to get it to work, just need to setup android studio as far as I can make out
then you can easily patch the rom with magisk and sign it with your own keys
And this information could be useful as well https://forum.xda-developers.com/t/signing-boot-images-for-android-verified-boot-avb-v8.3600606/
FireRattus said:
to make it easier for people who may look for it (I was one of those people)
this is that script mentioned earlier which will allow you to resign the rom to allow you to lock the bootloader with Magisk https://forum.xda-developers.com/t/...s-and-add-adb-root-and-other-changes.4440367/
Click to expand...
Click to collapse
So how would this work? Would I have to unlock and wipe after every update
cammykool said:
So how would this work? Would I have to unlock and wipe after every update
Click to expand...
Click to collapse
I have been working on this when I have had time, I have been able to successfully flash Graphene with Magisk and lock the bootloader, turning what I learned into this guide https://forum.xda-developers.com/t/lock-boot-loader-magisk-root-grapheneos.4510295/
I believe there is a way to update with signed OTA files that are patched with Magisk, using AVBRoot that I use in the guide
I haven't figured this part out yet. it took me long enough just to work it out for the firmware/system rom but I will definitely be trying and updating the guide as I learn more about the process
FireRattus said:
I have been working on this when I have had time, I have been able to successfully flash Graphene with Magisk and lock the bootloader, turning what I learned into this guide https://forum.xda-developers.com/t/lock-boot-loader-magisk-root-grapheneos.4510295/
I believe there is a way to update with signed OTA files that are patched with Magisk, using AVBRoot that I use in the guide
I haven't figured this part out yet. it took me long enough just to work it out for the firmware/system rom but I will definitely be trying and updating the guide as I learn more about the process
Click to expand...
Click to collapse
That sounds extremely promising.
Since proton is obsolete now, I'm searching for a rom with sandboxed google play that I can root. Rooting GrapheneOS seems to be the only way for that.
Locking bootlaoder doesn't really matter to me, but rooting graphene and then being able to dirty flash updates later (I don't care about OTAs, even if it's cool and comfortable) is important.
How would you update graphene right now when you're rooted? Just dirty flash the new rom, then flash patched boot.img?
Spl4tt said:
That sounds extremely promising.
Since proton is obsolete now, I'm searching for a rom with sandboxed google play that I can root. Rooting GrapheneOS seems to be the only way for that.
Locking bootlaoder doesn't really matter to me, but rooting graphene and then being able to dirty flash updates later (I don't care about OTAs, even if it's cool and comfortable) is important.
How would you update graphene right now when you're rooted? Just dirty flash the new rom, then flash patched boot.img?
Click to expand...
Click to collapse
If you don't care about locking the boot loader you do lose some physical security advantages of it
but it does make the process easier, I believe you should just be able to use AVBRoot as it's intended
GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
Maintain Android Verified Boot using a custom key while rooted with Magisk - GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
github.com
Once you have completed all the initial steps then updates are as simple as
Follow step 6 in the previous section to patch the new OTA (or an existing OTA with a newer Magisk APK).
Reboot to recovery mode. If stuck at a No command screen, press the volume up button once while holding down the power button.
Sideload the patched OTA.
Reboot.
Click to expand...
Click to collapse
FireRattus said:
If you don't care about locking the boot loader you do lose some physical security advantages of it
but it does make the process easier, I believe you should just be able to use AVBRoot as it's intended
GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
Maintain Android Verified Boot using a custom key while rooted with Magisk - GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
github.com
Once you have completed all the initial steps then updates are as simple as
Click to expand...
Click to collapse
If updating is that easy with a locked bootloader I'm gonna try this. Thanks for your efforts man
Anyone know if I can I expect the same procedures to work for GOS installed on a Pixel 5 or 4?