Temporary root with locked boot loader? - OnePlus X Q&A, Help & Troubleshooting

Temporary root with locked boot loader? - OnePlus X Q&A, Help & Troubleshooting

Is there any way to get root access on OPX while the boot loader remains locked? Running stock firmware (Oxygen 2.2.3, Android v5.1.1).
I would like to export all my saved WiFi network settings, for importing onto another OPX (running AOSIP 8.1). Without root, the /etc/wifi/wpa_supplicant.conf file is basically empty (and has a timestamp of 6/10/2015). Is that even the correct location for the live wpa_supplicant file on OPX?
I don't think the boot loader can be unlocked without wiping the data? Which is obviously not going to help me in this situation. And I don't think Magisk or SuperSU can be installed without unlocking the bootloader?
I've tried Kingroot, but that won't even install. Is there a DirtyCow temporal root tool for OPX? I've not come across one. The only solution that looks like a possibility is the One Plus Engineering Mode root procedure: https://gist.github.com/aldur/b785257ac26d23bce648cad3ce2f6dc8. Does that work on OPX? It certainly seems to have the engineering mode tools on mine. And I think the ROM is old enough that it won't have been patched/removed?
Can I just ADB this command:
Code:
adb shell am start -n com.android.engineeringmode/.qualcomm.DiagEnabled --es "code" "angela"
and then start shell to try and access/transfer the proper wpa_supplicant.conf file? And then after, can I dial *#8011# to close root?
Is it possible that this will work without tripping SafetyNet, or is that inevitable? I'd rather not bork my stock phone by making it fail SafetyNet, avoiding all the Magisk rigmarole if possible.

Related

[Q] LG Optimus F60 Boot Loop, Running STOCK Firmware.

Hey everyone, (It's a long story: But I would really appreciate any help...)
[I know the easy solution: Boot into RECOVERY MODE and factory reset the phone and if all goes well...DONE.]
I'm running on Android 4.4.(the latest I think its '2'), Stock Firmware, 4G LTE form MetroPCS, and able to get into a so called 'recovery mode' (you can only factory reset the phone) and download mode. I can't get into safe-mode. and I'm Currently stuck in a bootloop or a 'soft-brick'.
Here's what happened:
I've recently been messing around with the tether_dun_required on my LG in order to get it be able to tether WiFi to my laptop.
The phone was rooted using this method: [GUIDE] New Root Method for LG Devices
[ROOT was successful]
I tried various SQLite3 editing apps to try and change the tether_dun_required record in settings.db in data/data/com.android.providers.settings/databases but after looking ant the SuperSU logs I got this error: Cannot [mount or chmod] ... because the filesystem is Read-Only...
So, I decided to use ES-File Explorer to pull the settings.db file to my computer and modified it using SQLite Studio then I copied the files to sdcard and renamed the old settings.db to settings_old.db using ES-File Explorer. (all over WiFi) Then I ran ADB shell and got root using 'su'. I remounted '/' , '/data', and '/system' as RW using "mount -o rw,remount /" and etc... Then, I used the "cp" command to copy the files from "/sdcard/settings.db" to "/data/data/com.providers.settings/databases". I assumed you needed to reboot. So I rebooted the phone. AND....bootloop.
I was going to make a nandroid backup or atleast copy anything important out of the phone but: being a noob... I didn't.
I can't get ADB to run either of the Download or Recovery modes.
I know (have a feeling...) I can fix the phone if I can rename the settings.db to something else and the settings_old.db to settings.db but I don't have access to the filesystem because I can't start ADB.

Ophidian_DarkCore said:
if your savvy with the shell, aroma fm has a built in terminal.
flash this in recovery http://forum.xda-developers.com/showthread.php?t=1646108
then cd to the directory.
rm settings.db
mv settings_old.db settings.db
Click to expand...
Click to collapse
Thanks you for you reply. I have one question though, I have no idea if my bootloader or my kernal or any of that is 'unlocked' I only rooted my phone. If I try to flash aroma fm and they are locked or something would that actually really brick my phone?
ALSO: I don't have an SDCARD... I don't think it's possible to flash anything then? Because flashing from the Internal Storage might brick the device. right?
ALSO: I don't think the LG Optimus F60 has ARM Neon support... & the "Recovery mode" doesn't have any flashing support. It's all STOCK.
LG Optimus F60 Specifications
Any Ideas?

Ophidian_DarkCore said:
well damn, if you have a custom recovery usb-otg you can make a flashable zip that runs some shell commands.
flashing wont brick a device. putting unsigned boot/recovery imgs usually bricks locked devices.
as with all lg devices, there is download mode to load stock firmware/updates. [LOL apparently I can't post outside links yet even, if their a quote...]
Click to expand...
Click to collapse
That's RIGHT! But, sorry for the noob question: What is a custom recovery usb-otg and how do I make a flashable zip that runs some commands? (For example: maybe one that just runs the commands but doesn't actually change the recovery software or the boot just one that can rename the files?)
Also, I don't think it would work but, would flashing the recovery to stock not delete any data, and have the phone be able to boot?
If it's too much to explain that's okay just show me some related posts that can show me how.
Thanks again for your time.

Ophidian_DarkCore said:
maybe try this http://forum.xda-developers.com/showpost.php?p=59637778&postcount=62
EDIT: Disregard below
you need a custom recovery before anything. and apparently your device supports fastboot.... so give this a go http://forum.xda-developers.com/and...8-5-0-touch-recovery-lg-t3049800#post59310323
and later you might get android L
Click to expand...
Click to collapse
I'm not sure, because the phone already has the factory boot and I haven't flashed anything into the Boot Partition. It's probably an error that happens when it tries to validate the settings.db or the permissions it has [chmod or that its mounted read write]. [To my understanding] what TWRP boot loop fix does is install fastboot then the custom recovery and the stock boot again. Which should do about the same thing because the phone is already stock. Right?
Would installing a custom recovery then allow me to access adb or the filesystem? (If so any recommendations?) Or how would I run a script from download mode?
Thanks for your time.

Ophidian_DarkCore said:
you only need to flash the recovery. not the boot img.
installing a custom recovery will either give you adb, or an on device shell.
Click to expand...
Click to collapse
That's right, Thank you. I'm going to try flashing one right now. Do you know of any that give you access to adb? (and maybe have low risk of bricking LG phones?)

Ophidian_DarkCore said:
the one in that thread should work.
fyi, recoveries, roms, and kernels are specialised software usually only compatible with one model. so no mixxy matchy
i guess using those instructions you could try the img from here http://forum.xda-developers.com/and...8-5-0-touch-recovery-lg-t3049800#post59310323
Click to expand...
Click to collapse
How would I install the img? I would need to install fastboot, right? Then run fastboot ****.img?
Is fatboot run from adb or from SendCommand.exe?
Thanks again for all your help.

Ophidian_DarkCore said:
yea, just grab a fastboot binary, the lg driver, go into whatever mode in that thread and
Code:
fastboot flash *.img
edit: fastboot is it's own binary. so it's run in a command shell on your pc like adb is.
Click to expand...
Click to collapse
One last question (Need to make sure...): I have fastboot.exe from the SDK tools, so all I need to do is:
1. Connect the USB
2. Boot into Download Mode
3. Run fastboot flash *.img
4. When finished unplug the USB and take the battery out.
5. Then boot back into Download mode or Recovery Mode to get TWRP?
6. Then try to see if I can get ADB to work?
Also, sorry for all the questions: But If I ever needed to, will a factory reset delete TWRP or will I need to flash it again with the Stock recovery?
Thanks for your time. You are awesome.

Hi, thank you for using XDA Assist. Unfortunately there is no device specific forum for your device. I'm going to ask a moderator to move your thread here, http://forum.xda-developers.com/android/help

Solved it.
I used an exploit to access the filesystem and fix the corrupt db.

crazy_code said:
Hey everyone, (It's a long story: But I would really appreciate any help...)
[I know the easy solution: Boot into RECOVERY MODE and factory reset the phone and if all goes well...DONE.]
I'm running on Android 4.4.(the latest I think its '2'), Stock Firmware, 4G LTE form MetroPCS, and able to get into a so called 'recovery mode' (you can only factory reset the phone) and download mode. I can't get into safe-mode. and I'm Currently stuck in a bootloop or a 'soft-brick'.
Here's what happened:
I've recently been messing around with the tether_dun_required on my LG in order to get it be able to tether WiFi to my laptop.
The phone was rooted using this method: [GUIDE] New Root Method for LG Devices
[ROOT was successful]
I tried various SQLite3 editing apps to try and change the tether_dun_required record in settings.db in data/data/com.android.providers.settings/databases but after looking ant the SuperSU logs I got this error: Cannot [mount or chmod] ... because the filesystem is Read-Only...
So, I decided to use ES-File Explorer to pull the settings.db file to my computer and modified it using SQLite Studio then I copied the files to sdcard and renamed the old settings.db to settings_old.db using ES-File Explorer. (all over WiFi) Then I ran ADB shell and got root using 'su'. I remounted '/' , '/data', and '/system' as RW using "mount -o rw,remount /" and etc... Then, I used the "cp" command to copy the files from "/sdcard/settings.db" to "/data/data/com.providers.settings/databases". I assumed you needed to reboot. So I rebooted the phone. AND....bootloop.
I was going to make a nandroid backup or atleast copy anything important out of the phone but: being a noob... I didn't.
I can't get ADB to run either of the Download or Recovery modes.
I know (have a feeling...) I can fix the phone if I can rename the settings.db to something else and the settings_old.db to settings.db but I don't have access to the filesystem because I can't start ADB.
Maybe it's the fact the system was still mounted as Read-Write when I rebooted and the stock firmware just doesn't like that...
I'm new to android but love to code C, C++, and C#. Does anybody know of any API's that might help me access the filesystem in download mode. Because I'm almost certain the root method I used, used that as an exploit to root the phone.
Or can someone at least point me in the right direction as to how to UN-softbrick the phone without 'factory-resetting' it. I would really love to be able to recover my contacts and pictures.
Click to expand...
Click to collapse
i need to restore my lg f60 (i'm in the us and the carrier it supports is metropcs). i have TWRP recovery on it. can someone link to stock firmware/rom (whatever the terminology is...basically the operating system that the phone came w/), usb drivers, software tool to install the firmware, and everything i need to restore my phone back to how it was when i bought it.
i was curious and tried lollipop (i think i tried both 5.0 something or 5.1 something or just one of them ended up working) but the camera was completely non-functional so now i need to go back to the phone being how it was when i bought it.
the firmware i've installed on the phone right now is MS39510G_00 (i think "MS39510G" is the actual identifier of the firmware, and the 00 is probably not useful for anything; the site i got it from maybe just appends it for some reason). but this firmware doesn't seem like what the phone came with or i'm not using/not doing everything i need to to restore it back to normal.
couple of things that strike me as odd and make me think that i don't have the right firmware or just didn't do something right:
there's a weird white area at the bottom, which i think was transparent and took on the color of the wallpaper on the phone when you just bought it & didn't mess around w/it
some of the icons are just the generic green android icon. a lot of apps have this same icon instead of different icons of their own
the lock screen seems also seems kind of different. it doesn't look like the lock screen of a new lg f60. maybe i was using a custom lock screen (i doubt it, but it's possible) but still it doesn't look like the standard lock screen to me

how do i restore my us metropcs lg f60 phone back to stock?
i need to restore my lg f60 (i'm in the us and the carrier it supports is metropcs). i have TWRP recovery on it. can someone link to stock firmware/rom (whatever the terminology is...basically the operating system that the phone came w/), usb drivers, software tool to install the firmware, and everything i need to restore my phone back to how it was when i bought it
i was curious and tried lollipop (i think i tried both 5.0 something or 5.1 something or just one of them ended up working) but the camera was completely non-functional so now i need to go back to the phone being how it was when i bought it.
the firmware i've installed on the phone right now is MS39510G_00 (i think "MS39510G" is the actual identifier of the firmware, and the 00 is probably not useful for anything; the site i got it from maybe just appends it for some reason). but this firmware doesn't seem like what the phone came with or i'm not using/not doing everything i need to to restore it back to normal.
couple of things that strike me as odd and make me think that i don't have the right firmware or just didn't do something right:
there's a weird white area at the bottom, which i think was transparent and took on the color of the wallpaper on the phone when you just bought it & didn't mess around w/it
some of the icons are just the generic green android icon. a lot of apps have this same icon instead of different icons of their own
the lock screen also seems kind of different. it doesn't look like the lock screen of a new lg f60. maybe i was using a custom lock screen (i doubt it, but it's possible) but still it doesn't look like the standard lock screen to me

Help Help
Help anyone, i have LG f60 (390n) running with 5.0.1 lollipop. I wanted to instal custom recovery and install custom rom CM. But i have two problems:
1. If i want to boot to download mode - i have error "SECURE BOOT ERROR" (but it boots up normally, and work normally)
2.If i want to boot to recovery mode - i have error "LOADING KETSTORE FAILED STATUS 5"
Please help.
I am not able to flash it trough LG Flash tool, and i am not able to boot into custom recovery.

adb build.prop restore - rooted phone but cannot gain SU or 'root' in adb.

Hi all,
I have been through douzens of threads and forums looking for a solution to this.
I followed some instructions to modify the build.prop file on my Huawei G535-L11 to disable Huawei theme manager in order to get Xsposed working fully (changed ro.config.hwtheme: 0). I did a backup of my original build.prop before hand, and my phone was rooted and unlocked but running the stock rom.
Unfortunately, it rebooted but won't go past the first 'EE' splash screen (just turns off again).
I can inconsistently get in to both fastboot and Android recovery, so I have been trying to use adb to push the original build.prop to /system/ on the phone.
However, this fails as /system/ is apparently RO. I have now discovered that I can't get SU permissions despite my phone being rooted.
If I try:
adb shell
$ su
nothing happens and it goes back to a $ prompt.
If I try:
adb root
I get the message (paraphrased):
adb cannot run as root in production builds.
So I can't push or do any adb method of restoring the build.prop file?! I don't understand why it is acting as if it is not rooted. I had Link2sd, Gravity Box, No Frills Cpu Controller all set up and working before, so I'm fairly sure I did truly have root.
I have also tried flashing a TWRP recovery, which apparently is successful, but when I go in to recovery it is still the Android Recovery.
Does anyone have any ideas what I could do to get my phone working again please?! This is my last gasp before the phone gets filed under 'B' in the cylindrical cabinet in the corner of the room!
Any assistance greatly appreciated!

Some systems are very finicky with modded build.props, or you didn't set the file's permissions correctly. I'm afraid without being able to boot or a working custom recovery, then adb won't work, much less root enabled adb functions. adb works in some stock recoveries, but only for sideloading files directly signed by the manufacturer. In regards to TWRP, is the bootloader unlocked? If not, that would explain why it didn't work. Other than that, I don't believe you'll have any other options besides reloading the stock firmware.

Hi,
Thanks for the reply. Yes, the bootloader was / is unlocked.
Unfortunately, there isn't any stock firmware available anywhere. Unless someone out there has a backed up rom image from the EE Kestrel?

This is supposed to be a working TWRP for your device http://forum.xda-developers.com/showpost.php?p=58522448&postcount=117 - if you get it loaded, there might be a chance to push the working build.prop back to the phone. I would read that thread too and see if there isn't more useful info there or another member with your phone that could make a backup for you. Good luck.

Thanks.
Unfortunately, I'm pretty sure that is the TWRP I've tried. I'll double check when I'm on my PC.
I might try requesting a rom image on that thread, but the community for this phone seems to be pretty dead :/
I've just gone and ordered a new phone anyway, but it seems like a waste of a good phone just for the sake of one line of bad code!
Thanks for your help. I'll post again if I have any success.

Need Firmware For SM-J337P

Hi I need the combination and firmware for the Samsung Galaxy SM-J337PVPU3ASC1
I flashed it with a combination file.. but now I'm stuck in the factory binary mode so I need to flash it again
with the stock firmware or whatever to get it working again
Was trying to do a google bypass and kinda goofed because I couldn't find the right firmware :/
If anyone could help me out I'd appreciate it!

I did same, on accident though, trying to bypass fpr lock after factory reset...honestly i think this phone is ****, being as nobody seems to know anythang bout it. I called asurian and got free replacement.

SaitoSama said:
Hi I need the combination and firmware for the Samsung Galaxy SM-J337PVPU3ASC1
I flashed it with a combination file.. but now I'm stuck in the factory binary mode so I need to flash it again
with the stock firmware or whatever to get it working again
Was trying to do a google bypass and kinda goofed because I couldn't find the right firmware :/
If anyone could help me out I'd appreciate it!
Click to expand...
Click to collapse
I did the same exact thing, so far I've figured out that with that being the newest flash of combination we upgraded the bootloader to binary 3 now, the only firmware that will work is going to be the PVPU3ASC2 which is April's update but online you have to have membership or pay to download, unless that's all a scam? I just did this same wipe on a j327p and had no problem going up from binary 2 to 3 and flashing stock ROM. But from what I understand there's a way to just turn factory off in the combination ROM. I've spent hours pouring over different avenues to go. I was going to change device id to j337U being the unlocked version but I'm getting stuck on gaining SU permissions in the Shell with this new factory binary ROM. I can get adb shell while it's running and side load from recovery but nothing installs or flashes. I believe it's running a sort I emulated VM instead of running ON the phones persistent memory.
FINALLY someone to talk to about this specific problem. It was my fault flashing the U3 combo instead of the U2arj2 I should've.

Attaining root J337p? Dirtycow?
To gain su permissions after reflashing stock have you tried using the dirtycow exploit. I have found it to be an almost fool proof method to attain temp root and for flashing twrp or cwm. Depending on the phone you may have to modify the source a bit but basically jus go to github and download the dirtycow zip or if your using Linux then use git clone and clone the Repository then extract it rename to whatever you want i use the simple dirtycow. put that and accompanying files on the root of the phone (/sdcard) . now use ADB push to push it to /data/local/tmp. Then ADB shell cd into /data/local/tmp and chmod 777 *. Once thats done depending on your phone its gonna be a little trial and error but use ./dirtycow /system/bin/applypatch /data/local/tmp/(the name of your dirtycow applypatch file). Then the same process with app_process or app_process64 depending on the phone. Reboot. That should take SElinux to permissive. Here is where things get tricky. ./dirtycow /system/bin/run-as /data/local/tmp/(name of your dirty run-as file). If you have the exact dirtycow applypatch file for your phone then proceed to thw next step otherwise do whatever mods you gotta do to get your file right. Now run-as exec ./(dirtycow)-applypatch boot. Once that is finished run-as su and presto you have temporary root to do whatever you feel like. I do the next step manually if youd like to. Download the appropriate twrp for your phone name it something memorable like twrp.img and move it to the /sdcard root of your phone. now su dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery. Reboot to recovery and you should be free to flash a permanent root method like chainfire supersu or magisk. And that is that. But i warn you not all phones store the recovery image there you may need to search around a bit. I use su ls -al /dev/block/bootdevice/by-name or cat /proc. Between those 2 i usually can find where it is. I claim no responsibility for bricked phones. Thank you. I will be doing this to my j337p later today ill let you know what i come up with
Ps. If your phone is relatively new its more than likley it has a property called dm-verity which is enable that is a huge pain and causes encryption to fail while flashing. There are .zip files online i believe called dmverityopt.zip or something to that effect i suggest flashing that before and after any custom rom flash. Or a custom kernel that doesnt have that problem.

Nokia 1 TA 1066 Root/unlock running pie

Has anyone got a solution to unlock and root nokia 1 TA 1066 dual sim variant. i am eager to do that but no perfect solution seems there on xda. has anyone from community has a perfect solution for that?

Disclaimer the following information is from my TA-1060 with single sim slot, so things may work differently.
Have you tried the same unlocking method that worked for Oreo? I already had my bootloader unlocked before I upgraded so I don't know how to help there.
For root (without BL unlock, but dont modify boot or system without unlocking), you can use mtk-su to get a temporary root shell from which you can install a permanent solution.
The instructions for installing SuperSU should work from that shell, but Magisk is proving to be far more difficult than I expected, due to the switch to system-as-root without ramdisk.
For TWRP, use the same one you would on Oreo but keep in mind that running it through "fastboot boot" will no longer work due to the aforementioned changes to a boot image without ramdisk. Also keep in mind the system will replace the recovery image with the file in /system/recovery-from-boot.p unless you remove or rename that file.
I don't have any concrete steps for any of this stuff yet, but those are the things I've tried or am currently trying.

[SOLVED] Any way to save my data on bootloop phone without root?

Yesterday, decided to remove bloatware(mostly Google) on my Huawei p8 lite using ADB. And somehow removed this.
:/ $ pm uninstall -k --user 0 com.android.location.fused
Restarted.
Boot Loop.
Before I rebooted my phone usb debugging was on.
Phone boots into eRecovery with 4 options
1)Download latest version and recovery(usuless gives my an "Getting package info failed")
2)Wipe data/factory reset
3)Reboot
4)Shutdown
When I'm connected to pc I allways get a message "Unable to open MTP device".
I don't have the root privalage so I can't folow these steps in this guide below.
Bootloop after removing com.android.location.fused [SOLVED]My questions is:
1. Any method of saving data on bootloop phone without root?
2. Should I try factory reset?

I don't understand what you want, but you can't root in boot loop.
But I hear you will root, it's really easy to root Huawei!
Guide.
1. Get your firmware, with hisuite, after install downgrade or update, will firmware file be saved in document folder on PC.
2. Extract files inside the firmware file, and find the boot.img, system.img or boot.img and opened it and modified, some you will and repack it again.
3. Update hash's for partition controller.
4. Make a form of server and port forward your device to think this is the server there get updating from and see request some your phone ask for or read source of Huaweis update.apk.
4. Configure your server, with coding and upload the firmware to your server.
5. Now just install your update and you have custom os

JonasHS said:
But I hear you will root, it's really easy to root Huawei!
Click to expand...
Click to collapse
This guide is missing most important predecessor step: unlocking bootloader (and therefore useless)

JonasHS said:
I don't understand what you want, but you can't root in boot loop.
Click to expand...
Click to collapse
Thanks for reply. Sorry that I not spicified. My problem is that I unistalled com.android.location.fused witch resulted in boot loop. My phone is not rooted and I don't know what to do next. Only think I can is factory reset, becouse eRecovery gives me an error. I just looking right now for any way to save my data. I found a similar problem solved, but person rooted phone before boot loop. So I guess I only have 1 option then?

You can try to start you Huawei in back up mode,

JonasHS said:
You can try to start you Huawei in back up mode,
Click to expand...
Click to collapse
Yes my phone in recovery mode. Should I try "Wipe data/factory reset"? Because "Download latest version and recovery" option gives me an error"Getting package info failed".

You don't need to unlock bootloader for edit system, i making my own exploit and do it.
O just look at this:
We say you can't edit Any software file on your device, because you don't has permission, like Linux nonroot user.
There are only 1 way to get this permission, it's unlocking bootloader and add your code to software.
NOT TRUE.
if we put this together with a door that's locked and you don't have the key, what do you do?
I will find another way to open the door.
so to show what i mean: update.apk ask server for download the update and send it back too your phone, and your phone will install. Inside an update package, where are boot.img and system.img, what if we edit this file before update, and put a code some will give your user on system the highest privilege. But we can't edit this file, because they are saved on folder, we don't has permission too?
For do this, can we manipulate the data server send back too us.
Prot forwarding.

JonasHS said:
You don't need to unlock bootloader for edit system, i making my own exploit and do it.
Click to expand...
Click to collapse
So you're a hacker and found method to properly sign system.img with huawei's private oem key? you're a genius!
https://android.googlesource.com/platform/external/avb/+/master/README.md#The-VBMeta-struct
Unfortunately the repair has to be done in /data/system/users/0/package-restrictions.xml and requires root access. Furthermore /data is encrypted therefore that modification can't be done offline, it requires booted android to stage where we can enter screen unlock pin (or at least to stage where /data/system is decrypted)

JonasHS said:
You don't need to unlock bootloader for edit system, i making my own exploit and do it.
O just look at this:
We say you can't edit Any software file on your device, because you don't has permission, like Linux nonroot user.
There are only 1 way to get this permission, it's unlocking bootloader and add your code to software.
NOT TRUE.
if we put this together with a door that's locked and you don't have the key, what do you do?
I will find another way to open the door.
so to show what i mean: update.apk ask server for download the update and send it back too your phone, and your phone will install. Inside an update package, where are boot.img and system.img, what if we edit this file before update, and put a code some will give your user on system the highest privilege. But we can't edit this file, because they are saved on folder, we don't has permission too?
For do this, can we manipulate the data server send back too us.
Prot forwarding.
Click to expand...
Click to collapse
That sounds awesome. I guess we can try.

aIecxs said:
So you're a hacker and found method to properly sign system.img with huawei's private oem key? you're a genius!
https://android.googlesource.com/platform/external/avb/+/master/README.md#The-VBMeta-struct
Unfortunately the repair has to be done in /data/system/users/0/package-restrictions.xml and requires root access. Furthermore /data is encrypted therefore that modification can't be done offline, it requires booted android to stage where we can enter screen unlock pin (or at least to stage where /data/system is decrypted)
Click to expand...
Click to collapse
Dahm.

The easiest way to fix bootloop is factory reset. There is no way to safe userdata without fixing bootloop, sorry. it's a hen and egg dilemma.

aIecxs said:
The easiest way to fix bootloop is factory reset. There is no way to safe userdata without fixing bootloop, sorry. it's a hen and egg dilemma.
Click to expand...
Click to collapse
I agree.

Just reset its easiest.
Think about this here: your PC has SSD or HDD and you can take it off and take it into new pc, and edit everythiny on the disk without admin and make a backup.
The true is, you can do the same with a phones chip, but it's hard to do

Next time, before playing with packages, do a backup of your pictures.
Btw you can unlock bootloader with PotatoNV and root with Magisk. rooted devices you can backup with Migrate or TWRP.

New to said:
Yes
Huawei don't store theres OEM keys on devices chip, so they will never could control if i replaced it with my own, and avb will still work in offline mode, so I can just read vbmeta.img with avbtool.py and generate the same vbmeta.img with different size or hash of partitions, some is benn modified.
Click to expand...
Click to collapse

You could me a hacker, i am not a hacker, i have just a good kwoning of code and dissembling

JonasHS said:
Just reset its easiest.
Think about this here: your PC has SSD or HDD and you can take it off and take it into new pc, and edit everythiny on the disk without admin and make a backup.
The true is, you can do the same with a phones chip, but it's hard to do
Click to expand...
Click to collapse
aIecxs said:
Next time, before playing with packages, do a backup of your pictures.
Btw you can unlock bootloader with PotatoNV and root with Magisk. rooted devices you can backup with Migrate or TWRP.
Click to expand...
Click to collapse
Thanks for replys(they gived me alot of ideas what I can learn about phone and hacking).I will be more careful about deleting packages in future.
I just did Factory reset and my phone is working fine again.

JonasHS said:
Huawei don't store theres OEM keys on devices chip, so they will never could control if i replaced it with my own, and avb will still work in offline mode, so I can just read vbmeta.img with avbtool.py and generate the same vbmeta.img with different size or hash of partitions, some is benn modified.
Click to expand...
Click to collapse
Of course they don't. No, you can't flash own vbmeta.img on locked bootloader as the bootloader verifies the hash of vbmeta which is oem signed (you don't have key).
If you know about any flash tool for HiSilicon Kirin exist (IDT?) it would probably easier to flash magisk patched (properly avb signed) ramdisk.img to get root access and adb (osm0sis AIK is capable of signing AVBv2) instead of modifying system.
Nevertheless this won't fix bootloop therefore it's pointless, as the culprit lies in package-restrictions.xml. it's impossible to decrypt userdata partition offline, so there is no hope sorry.

Who has told you this here, i am developer and has readers the source code, yes you can make your own sign keys with openssl

yes, that is called user-settable root of trust and requires you to compile own complete ROM, for example LineageOS. In any case that is impossible with stock EMUI as again you can't cheat Android Verified Boot chain of trust per design. That's the whole purpose of locked bootloader.

Better Mobile App

welcome