Have to be rooted and give your file manager su permissions, load Magisk app, find the log and see where the .Magisk file is
Since Magisk app v8.0.0 the advanced settings/install options for dm-verity and forced encryption won't be available on most modern devices (see Advanced Settings/Install Options for details). The tools are still there and may be accessed through various means.
Keeping dm-verity and forced encryption:
If your device supports it, the app will auto-detect if your device is encrypted and if it’s recommended to keep dm-verity enabled and the “Preserve forced encryption” and “Preserve dm-verity” will then be enabled by default. If these options aren’t enabled, you can keep dm-verity and forced encryption by checking the options for this before installing a new version of Magisk through the app.
If you install through recovery (either for the first time or as an update) run one or both of the following commands in a terminal emulator or in your recovery's terminal before installing:
echo KEEPVERITY=true>>/cache/.magisk
echo KEEPFORCEENCRYPT=true>>/cache/.magisk
If you can't access /data (TWRP can't decrypt, etc) you can instead use either /data/.magisk or/system/.magisk, but please note that using /system/.magisk isn't systemless.
Some devices need to keep dm-verity enabled to work properly. One example is some Huawei devices that might otherwise experience weird behaviour or bootloops.
Disabling dm-verity and forced encryption:
If you on the other hand want to disable either dm-verity or forced encryption, you can go about it the same way as described above. If you're using the .magisk file method, just change KEEPVERITY and/or KEEPFORCEENCRYPT in the commands to false:
echo KEEPVERITY=false>>/data/.magisk
echo KEEPFORCEENCRYPT=false>>/data/.magisk
If you can't access /data (TWRP can't decrypt, etc) you can instead use either /cache/.magisk or/system/.magisk, but please note that using /system/.magisk isn't systemless.
If disabling verity through Magisk doesn't help, you can try the following command (provided that your device has a vbmeta.img):
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
think its from here: https://forum.hovatek.com/thread-32719.html
or
https://www.reddit.com/r/Magisk/comments/mvk9j9
*cough* Copy-pasta... *cough*
When citing a text it's customary to also give the source.
fixed my bad
mr_reaper said:
fixed my bad
Click to expand...
Click to collapse
He, he...
I guess you got it from that Reddit link, but look closer at the bottom of that post for the actual source (hint: look even closer at the URL).
Computer Tower: $1500
Monitor: $500
Mouse and Keyboard: $50
Internet Service: $50/month
Accidentally plagiarize one of the mods... Priceless.
LOL
oh ****, LMFAOOOO. my bad was just trying to help *shurgs*
Related
Dupe from N6 forums for all you 6P junkies.
Obviously I'm not responsible for your mom exploding or your phone disowning you, but.....
I got tethering and Android Pay working on stock Nougat - that's Android N, folks - on a Nexus.
(confirmed will work on Marshmallow and up on 5, 5x, 6, 6p...etc.)
Thanks to @Chainfire, @ManHands and @interloper, and you!
click thanks if this helps, or buy me a beer or something.
prerequisites:
working adb and fastboot (from platform-tools in the Android SDK if you don't know where to find it)
twrp .img for your device
latest stable systemless supersu
1. be on Marshmallow or Nougat obviously
2. flash twrp
(volume down + power on nexus gets you into bootloader, then after flashing recovery, use volume buttons to scroll and power button to select recovery mode)
3. flash systemless root while booted into twrp (unsure if .supersu SYSTEMLESS=true in /data is still needed, but can't hurt - mine is still there from earlier.)
4. while still in twrp, go to mount and check system. Make sure you allow changes.
5. from your computer, do this
Code:
adb shell
echo "net.tethering.noprovisioning=true" >> /system/build.prop
6. reboot into Android.
7. Install Terminal Emulator from the Play Store.
8. Launch it, and in Terminal Emulator, do this
Code:
su
settings put global tether_dun_required 0
exit
9. go into Supersu, expert, scroll to the bottom and hit full unroot. No, you don't want it to patch you back to the stock boot image or recovery*. If it hangs, just reboot and try doing it again.
10. ????
11. Profit! You should have tethering unlocked, be unrooted, and have full Android Pay goodness working.
To take an OTA, do this, because Flashfire gets confused after you've done build.prop edits -
1. go to About Phone, scroll down. Find your build number.
2. download that Nexus Factory Image.
3. Unzip it all. ALL OF IT.
4. Make sure you have Android SDK & platform-tools (or just a working Fastboot and ADB)
5. just flash boot, system, and recovery - you can now OTA with no problems. Then repeat the above guide on your new OTA. Confirmed working 10 minutes ago, OTA'ing from Marshmallow to Nougat and then getting tethering working again
ALTERNATE IF YOU PREFER FLASHFIRE:
All the above steps, but you only have to flash the System image to fix the build.prop hash fail then flashfire should work for you. Wouldn't necessarily recommend upgrading version numbers (6.0.1 to 7.0.0) with Flashfire, but who knows, it might work great! Chainfire is a wizard.
*you can do this if you want, but when I let it patch my boot image I got the dreaded "device corrupt!!!!1" message at boot. Did not try letting it flash stock recovery image.
What if tethering already works on my N device? I haven't yet seen an N device failing to tether...
dtective said:
What if tethering already works on my N device? I haven't yet seen an N device failing to tether...
Click to expand...
Click to collapse
Then you don't need to apply the tethering tweak. Android allows you to tether just fine. The issue lies with certain carriers that charge extra for tethering. By default, Android allows the carriers to check to see if you're tethering and this is what this tweak changes.
I was also able to get ad blocking working using AdAway, on a one time host name update basis. SafetyNet check passes and Android Pay works. To enable this:
1. Prior to Step 9 above, Download and install the AdAway apk. It is available here: https://f-droid.org/repository/browse/?fdid=org.adaway
2. Go into the AdAway settings, Under "Target hosts file" select /data/data/hosts.
3. Enable Ad Blocking. Adaway will complain about not being able to create the symlink. To overcome this, I made /system read/write in Root Explorer, then created it manually in terminal:
Code:
su
ln -s /data/data/hosts /system/etc/hosts
4. Reboot. Go into AdAway and verify it is enabled.
5. Proceed with step 9 above. Make sure you say no to patching back to the stock boot image or recovery.
After Reboot You'll be unrooted with a host name ad blocker and working Android Pay. Worked for me anyway...YMMV. I will probably try and keep /data/data/hosts updated manually.
With the tethering mods t mobile still sees that I'm tethering and slotted my tethering speeds to a crawl after 5gb. Any way around this?
Sent from my Nexus 6P using Tapatalk
So this will allow me to get around Cricket's tethering ban (or rather, lack of support for the N6P in particular)?
Anyone confirm this works for Verizon / UDP?
DualSportDad said:
With the tethering mods t mobile still sees that I'm tethering and slotted my tethering speeds to a crawl after 5gb. Any way around this?
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
If you are visiting unsecured website (https://www.instantssl.com/https-tutorials/what-is-https.html) You'll need to change your browser's user agent, or use VPN to encrypt your traffic.
keda said:
If you are visiting unsecured website (https://www.instantssl.com/https-tutorials/what-is-https.html) You'll need to change your browser's user agent, or use VPN to encrypt your traffic.
Click to expand...
Click to collapse
I've tried both, it still sees tether useage.
Sent from my Nexus 6P using Tapatalk
I'm on Android N and have been since the dev previews. I've never seen trouble with tethering... I'm on vzw UDP.
Turn On > su < Rename
Turn Off > su~ < Rename
Dunard said:
Turn On > su < Rename
Turn Off > su~ < Rename
Click to expand...
Click to collapse
There's Magisk for that.
But it would be great if Jide would implement Magisk instead of the current root system (although I personally have no need for Magisk, since I prefer to truly modify /system).
I don't know Magisk can turn it off without the rw enable in the initrd.img and using the system.sfs.
If it require rw enable in the initrd.img and system.img then it is pointless to use the Magisk app when the newer SuperSU have that option already.
Hmm...
If you enable "developer options" (google it)
You can enable/disable root from /settings/developer/root
mitchell4you said:
Hmm...
If you enable "developer options" (google it)
You can enable/disable root from /settings/developer/root
Click to expand...
Click to collapse
That won't help him as the su binary is still in /system.
SafetyNet will fail in any case.
However, since the ia86 (Intel x86) and ia64 (Intel x64) architectures don't use the traditional bootloader method (as in what arm and arm64 use), you can use Magisk, since SafetyNet won't detect it when it's off, since it will use the old (as in, less restrictive) method of checking the bootloader (which will always return a positive answer, due to there being no bootloader to unlock (the desktop bootloaders are completely unrelated, except for the fact that they are used to boot the system.)
Hello all,
I'm trying to enable avb on a user build and I don't really know where to start.
I signed the build with my own keys and I also wrote the key to the device (fastboot flash avb_custom_key).
I presume I also have to sign the vendor.img file as well. That is not included in the LOS build as it sits in its own partition. But I can extract it in img format with dd.
How should I go about this? Found barely any info on this subject. Asked around LineageOS channels but got no info on this.
As it stands the LOS build is not enforcing avb. I can basically modify anything in /vendor or /system and it persists on reboot.
If someone understands the whole thing any info is very appreciated.
I presume I must add my key to vbmeta.img?
Thank you
@mad_rock
You mean ADB?
jwoegerbauer said:
@mad_rock
You mean ADB?
Click to expand...
Click to collapse
nah, adb is ok.
avb as in Android Verified Boot
trying to figure out how to set it up properly.
found a flag in build config that's disabling avb but I need to understand the rest of the stuff so I can configure it properly before I remove the flag.
as I see it, vbmeta is using a testkey from the build sources, not using any key that I generated to sign apks/builds etc.
My phone
OnePlust 7T
Android 10 (security patch level 1 July 2020)
Oxygen OS 10.0.12.HD65AA
HD1903
Kernel 4.14.117-perf+
Let me know if you need further information.
My goal
I want to install (and use) ViPER4Android FX.
My situation
I have root and the ViPER4Android FX (Version 2.5.0.5 (FX), Codename Beautiful) apk installed. When attempting to install thedriver I get the message "Driver install failed: I/O error, please reboot and try again.".
What I've tried
Rebooting the phone
Deleting the audio_effects.conf using Root Browser -> no error message, but deletion fails
Deleting it using termux -> "rm: cannot remove 'audio_effects.conf': Read-only file system
Mount using root ADB and "su -c "mount -o rw,remount /"" -> "'/dev/block/dm-4' is read-only
Disable verity using "adb disable-verity" -> "verity cannot be disabled/enabled - USER build
Conclusion
So if I understand correctly, I need to disable verity (which has something to do with SElinux(?)) in order to mount my filesystem, in order to delete the audio_effects.conf in order to install the ViPER drivers.
To make thinks more complicated, there is no proper TWRP available for the 7T, so it's not easy to flash stuff - I usually use fastboot for that nowadays.
So how do I disable the verity? Or is there another way to get ViPER to run on my phone?
MetaColon said:
My phone
OnePlust 7T
Android 10 (security patch level 1 July 2020)
Oxygen OS 10.0.12.HD65AA
HD1903
Kernel 4.14.117-perf+
Let me know if you need further information.
My goal
I want to install (and use) Viber4Android FX.
Conclusion
So if I understand correctly, I need to disable verity (which has something to do with SElinux(?)) in order to mount my filesystem, in order to delete the audio_effects.conf in order to install the Viber drivers.
To make thinks more complicated, there is no proper TWRP available for the 7T, so it's not easy to flash stuff - I usually use fastboot for that nowadays.
So how do I disable the verity? Or is there another way to get Viber to run on my phone?
Click to expand...
Click to collapse
Here you go, Viber 4 Android : https://play.google.com/store/apps/details?id=com.viber.voip
(Sorry, someone had to make the joke)
If found this thread, it may be helpful :
https://forum.xda-developers.com/android/help/viper4android-android-11-t4117149/page2
Raiz said:
Here you go, Viber 4 Android : https://play.google.com/store/apps/details?id=com.viber.voip
(Sorry, someone had to make the joke)
If found this thread, it may be helpful :
https://forum.xda-developers.com/android/help/viper4android-android-11-t4117149/page2
Click to expand...
Click to collapse
You're right of course, I corrected the misspelling.
As for the thread (or the YT video referenced in it), I'm a bit sceptical as it targets Android 11 (not 10). I'll give it a try after a backup though.
MetaColon said:
You're right of course, I corrected the misspelling.
As for the thread (or the YT video referenced in it), I'm a bit sceptical as it targets Android 11 (not 10). I'll give it a try after a backup though.
Click to expand...
Click to collapse
Alright this worked, thanks a lot!
This is a recompiled/modified kernel from LineageOS, see that thread for details: https://forum.xda-developers.com/t/rom-official-bramble-lineageos-18-1.4223697/ . This is the kernel they use: https://github.com/LineageOS/android_kernel_google_redbull. Head over to that thread to thank them for all that they do!
The only change I made was I added the required iptables kernel modules for TTL/Tether/unmetering for using your phone as a hotspot. I have Tmobile & with my plan, when I connect any device to the phone it is extremely throttled to around 0.5Mbps. With this kernel, and the settings below, you can get around that limitation. Root is required, so steps to do that are below as well. I am actually very new working with kernels so feel free to weigh in if you have comments or thoughts. For that reason I can't actually indicate what ROMs this will be compatible with, besides what I used, which is: lineage-18.1-20210620-nightly-bramble-signed.zip
I also have these for the Pixel 3a & 4a - if there's interest I'll share those.
All steps to go from stock Pixel -> LineageOS & this Kernel:
Spoiler: Unlock bootloader
Install windows driver: Device Manager->Find Pixel->Update driver->Search Android SDK/extras/google/usb_driver
Device Mgr->View->Show hidden devices->
Should see "Android Composite ADB Interface" when phone connected in ADB mode
Should see "Android Device/Android Bootloader Interface" (when phone connected & in fastboot)
Install Android SDK/ADB tools
May need to use Tmobile Device Unlock app to get a permanent unlock, which allows OEM unlock option in next step
Enable developer options if not already
Turn on USB debugging
Enable OEM unlock. If greyed out: check above step, might need to do a factory reset if above wasnt successful
Connect phone to PC via USB cable
CMD (sdk/platform-tools/)
adb devices (should show device attached-will need to allow on phone)
Fastboot mode: Turn off device-> Hold vol down btn + Hold pwr btn-> Notice fastboot screen
OR: adb reboot bootloader
PC Cmd: (WILL LOSE ALL DATA doing this!!)
fastboot flashing unlock
Should see message/warning on phone
Use vol up/down + pwr btns to select "allow bootloader unlock"
This will FACTORY reset!!
Spoiler: Install LineageOS & Root
Unlock Bootloader if not already done
Backup your files - this will DELETE ALL OF YOUR DATA
Download the latest LineageOS build
Reboot to bootloader
adb reboot bootloader
Flash boot image/recovery:
fastboot flash boot lineage-18.1-[WHATEVER]-recovery-bramble.img
Vol+ btn to select Recovery Mode -> Pwr btn
Should reboot on Recovery screen
Factory reset/wipe data:
Select Factory reset...
Flash ROM:
Apply Update-> Apply from ADB
adb sideload lineage-18.1-[WHATEVER]-signed.zip
Advanced-> Reboot to Recovery-> Apply Update-> Apply from ADB ->
adb sideload MindTheGapps-11.0.0-arm64-[WHATEVER].zip ->YES
Magisk/Root: Apply Update-> Apply from ADB ->
adb sideload Magisk-v23.0.apk
Flash my custom Kernel
Reboot to Bootloader
Download & Unzip boot_KevinTTL.zip -> boot_KevinTTL.img (file is in this post)
fastboot flash boot boot_KevinTTL.img
Reboot System Now
Phone should boot to Android for the first time, go through initial setup
Spoiler: Change TTL
Verify Magisk is installed correctly.
Download Termux app
Termux App:
su (Grant permissions)
iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64 (should be no errors - if you have errors my kernel is not installed)
Test: Turn on phone Hotspot, connect any device, do a speed test comparing speed on phone should be similar to the connected device.
If any limitations/blocks: (Not sure but maybe http vs https is blocked sometimes)
Install VPN Hotspot app (Green key icon): "Wi-Fi hotspot" ON, wlan1 ON, DISABLE "Tethering HW Acceleration" in settings
This probably goes without saying, but disable System & Lineage updates!
Files:
Magisk: https://github.com/topjohnwu/Magisk/releases/tag/v23.0
ROM files & thread: https://forum.xda-developers.com/t/rom-official-bramble-lineageos-18-1.4223697/
...
Can we have this added to the official LineageOS kernel for bramble? Or else you'd have to continuously release an update whenever the kernel gets updated in the official build. Thanks!
SavakSYN said:
Can we have this added to the official LineageOS kernel for bramble? Or else you'd have to continuously release an update whenever the kernel gets updated in the official build. Thanks!
Click to expand...
Click to collapse
Hopefully someone else can chime in - I'm with you though. It would be cool if added officially, but I don't know how to go about that. They may not be doing it for a reason? I've seen similar Magisk modules that do this but I'm not sure if I can do it for this build (have too much time in this already). But if done via Magisk then that would kind of solve the issue at hand...
You can take the module you built while compiling the kernel and make a Magisk module that places it somewhere in system and loads it into the kernel with insmod at boot. I don't think Lineage enforces signatures on modules, so no issue there, and it will generally continue working through all future updates.
The real issue I see is that your not blocking ipv6. Without doing that, this solution is only partially working. The ndc commands to do that are:
Code:
ndc interface ipv6 rndis0 disable
ndc interface ipv6 wlan0 disable
These commands set net.ipv6.conf.[interface].disable_ipv6 to 1. Applying this to wlan0 will disable ipv6 for wifi as well, but it's the best you can do without writing an app or using automation software.
fddm said:
You can take the module you built while compiling the kernel and make a Magisk module that places it somewhere in system and loads it into the kernel with insmod at boot. I don't think Lineage enforces signatures on modules, so no issue there, and it will generally continue working through all future updates.
The real issue I see is that your not blocking ipv6. Without doing that, this solution is only partially working. The ndc commands to do that are:
Code:
ndc interface ipv6 rndis0 disable
ndc interface ipv6 wlan0 disable
These commands set net.ipv6.conf.[interface].disable_ipv6 to 1. Applying this to wlan0 will disable ipv6 for wifi as well, but it's the best you can do without writing an app or using automation software.
Click to expand...
Click to collapse
Anyone know how to do this via a Magisk module? Or any clue? I tried several times but Im obviously not doing it right. These are the changes I'm making to the kernel config before compiling: (They allow the iptables function we need to set the TTL)
CONFIG_NETFILTER_XT_TARGET_HL=y
CONFIG_NETFILTER_XT_TARGET_HMARK=y
I checked the kernel config, and looks like it should work. You might try this template:
example.zip
drive.google.com
I placed the module in /product/etc here, it's easy enough to change that to wherever is convenient.
It took me quite some time to compile AOSP's kernel (I always find it to be pretty buggy). I added in the options:
CONFIG_NETFILTER_XT_TARGET_HL=y
CONFIG_NETFILTER_XT_TARGET_HMARK=y
But I didn't get a xt_hl.ko output file, I only got a xt_hl.o file. Any idea if that will work? Or a way (or easier way) to get this file? I'm thinking they are not universal and specific to a device or something like that.
Try m to build modules, y is for builtin.
fddm said:
Try m to build modules, y is for builtin.
Click to expand...
Click to collapse
Those config options do work. You can tell because without those options you cannot run the iptables ttl cmd. With this options the command succeeds. But for some reason there is no ko file. Will the other format work? I'm not really familiar with "make" but there may be a way to build/compile just the xt_hl file without the rest of the build
CONFIG_NETFILTER_XT_TARGET_HL=m
'y' does not build a .ko because it gets built into the kernel. The 'm' option builds as a module.
fddm said:
CONFIG_NETFILTER_XT_TARGET_HL=m
'y' does not build a .ko because it gets built into the kernel. The 'm' option builds as a module.
Click to expand...
Click to collapse
Very interesting. I'll give this a go when I get time. Thank you!
That worked! (changing y=>m gave me a ko file)
This is the xt_HL.ko file from AOSPKernel: android-msm-redbull-4.19-android12, for bramble, in case anyone wants it. I'll try this with the Magisk method when I get a chance. Again, I have no clue what the compatibility will be on this file.
BTW https://android.googlesource.com/kernel/manifest/+refs indicates the AOSP kernels for bramble (Pixel4a5g) (redbull kernel):
android-msm-redbull-4.19-android11-qpr2
android-msm-redbull-4.19-android11-qpr3
android-msm-redbull-4.19-android12
android-msm-redbull-4.19-android12-qpr1
Attaching xt_HL for Android11/lineage-18.1 in case anyone needs it.
Anyone know why AOSP in general is so buggy to build? Like missing files, config path issues, etc. I have issues everytime, across devices, versions. But when I build LineageSO I typically don't have any issues; it just works!
I tested the module and I believe it works! How do I know? I ran the cmd: "iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64" on a rooted only boot.img and I got an error. THEN I installed the (attached) Magisk module and it was successful.
I say it that way because I had strange testing results. I connected my laptop to my phones hotspot on a 5g connection & got very fast speed (80Mbps+) (it initially had the TTL setting). Then I deleted the rule "iptables -t mangle -D POSTROUTING -j TTL --ttl-set 64", restarted the phone and got the same fast speed test. Then I installed the stock Lineage18.1 boot.img (no ttl setting) & got the same fast speed! Then I rooted that image & installed. Same results. So it's almost like its persistent - but I can't understand how that can be. I tested my wife's phone (Pixel 4a) to my laptop and I get 0.6Mbps, as I'd expect.
So...if anyone wants to test...please report your results. Again, I can't comment on compatibility, BUT I currently have a LineageOS18.1 build from 6/2021, and this module was built against LineageOS18.1 from this week and it works fine. I attached 2 modules just in case: 1 is for AOSP Android12 (since LineageOS19 official isnt available for our phone yet) as well as for LineageOS18.1.
Thanks @fddm for your help!
UPDATE: I deleted the Magisk files from this thread so I don't have duplicates & moved the discussion to this thread: https://forum.xda-developers.com/t/...-12-iptables-ttl-unthrottled-hotspot.4384353/
FYI, it seems since Android 8, kernel modules do not need to be signed anymore. https://source.android.com/devices/architecture/kernel/loadable-kernel-modules
Hello,
The iptables command seem to stick but tether still throttled.
Android 11 build rq1c210205.006 with this kernel boot file. I have also tried android 12 with ttl patched kernel but tether still throttle. Any suggestion of the issue?
guest00x said:
Hello,
The iptables command seem to stick but tether still throttled.
Android 11 build rq1c210205.006 with this kernel boot file. I have also tried android 12 with ttl patched kernel but tether still throttle. Any suggestion of the issue?
Click to expand...
Click to collapse
Tmobile? How are you testing, speedtest.net or similar? What is linked device? If a PC, try setting ttl in PC registry to 65 (Google it) I believe (when it then hits the phone it'll naturally go to expected 64 value) & test
Yes. It is tmobile voice sim. TTL seem to work with ping to google give 64, 65, 66 from mac via usb ethernet or wifi. But speed test is .60 dl (exceeded HS data) and and iphone connected via wifi speed test yield same speed .6. ifconfig show many interfaces but ttl mangle did not specify any so it should apply to all.
I have other MR1100/5100 and ttl Bypass work.