Please be kind if this is a stupid question - I'm very new to this and learning fast.
Would it be possible to add a signature to aromafm or to a lock pattern removal script, using the leaked Samsung platform certificate (as recently reported), and if so would that allow it to be sideloaded to stock recovery in a Galaxy S9?
I recently had to add a pattern lock - which I somehow managed to immediately forget. Even though it was a simple pattern specifically chosen to fall naturally under the hand so that I wouldn't forget it... I've tried so many variations that it's now making me wait 24 hours between attempts. It also turns out that data that I thought was backing up externally was actually only going to internal storage, so I really don't want to do a factory reset without trying absolutely everything else first.
Galaxy S9
Not rooted
Bootloader is locked
USB debugging is enabled
ADB can see the phone but it's not authorised
ADB sideload does work - but of course any scripts need the Samsung signature.
The phone is not registered with Samsung, so I can't unlock it through my Samsung account.
I realise it's clutching at straws but would the leaked platform key be a way in?
missmilla said:
Please be kind if this is a stupid question - I'm very new to this and learning fast.
Would it be possible to add a signature to aromafm or to a lock pattern removal script, using the leaked Samsung platform certificate (as recently reported), and if so would that allow it to be sideloaded to stock recovery in a Galaxy S9?
I recently had to add a pattern lock - which I somehow managed to immediately forget. Even though it was a simple pattern specifically chosen to fall naturally under the hand so that I wouldn't forget it... I've tried so many variations that it's now making me wait 24 hours between attempts. It also turns out that data that I thought was backing up externally was actually only going to internal storage, so I really don't want to do a factory reset without trying absolutely everything else first.
Galaxy S9
Not rooted
Bootloader is locked
USB debugging is enabled
ADB can see the phone but it's not authorised
ADB sideload does work - but of course any scripts need the Samsung signature.
The phone is not registered with Samsung, so I can't unlock it through my Samsung account.
I realise it's clutching at straws but would the leaked platform key be a way in?
Click to expand...
Click to collapse
While XDA prides itself on being hacker friendly, we shy away from anything that could result in legal liability, which is why we do not permit the sharing of any proprietary material, even if it's already in the public domain.
So in a nutshell....I imagine that if one did have a valid key, and signed an update package using that key, they could potentially use it to exploit their device, such as changing the props to allow bootloader unlocking, thereby permitting custom recoveries. Samsung as far as I know does not protect the system image with Verified Boot, so it is possible to modify /system without incurring a boot failure.
All that being said, the point is pretty moot, because as I pointed out we do not allow sharing anything that is licensed intellectual property, so any discussions on the topic would have to be rather...vague.
V0latyle said:
While XDA prides itself on being hacker friendly, we shy away from anything that could result in legal liability, which is why we do not permit the sharing of any proprietary material, even if it's already in the public domain.
So in a nutshell....I imagine that if one did have a valid key, and signed an update package using that key, they could potentially use it to exploit their device, such as changing the props to allow bootloader unlocking, thereby permitting custom recoveries. Samsung as far as I know does not protect the system image with Verified Boot, so it is possible to modify /system without incurring a boot failure.
All that being said, the point is pretty moot, because as I pointed out we do not allow sharing anything that is licensed intellectual property, so any discussions on the topic would have to be rather...vague.
Click to expand...
Click to collapse
Thank you, that's really helpful. I was thinking more whether simply adding a signature to a script would let that script be used directly with stock recovery, rather than unlocking the bootloader to flash a custom recovery (which I suspect would be beyond me), but it sounds as though in theory it might be worth a try. At this stage I probably have nothing left to lose as I'll have to to a full reset anyway if I can't find anonther way in.
missmilla said:
Thank you, that's really helpful. I was thinking more whether simply adding a signature to a script would let that script be used directly with stock recovery, rather than unlocking the bootloader to flash a custom recovery (which I suspect would be beyond me), but it sounds as though in theory it might be worth a try. At this stage I probably have nothing left to lose as I'll have to to a full reset anyway if I can't find anonther way in.
Click to expand...
Click to collapse
I'm honestly no expert on this kind of thing, but if I'm correct in my assumption that Samsung does not protect the system image, then yes - you could, in theory, use the leaked key to sign an update package that could patch /system to gain root. This would require knowledge of exactly how Samsung signs their updates. However, if the system image is protected, this would cause a boot failure, as AVB would detect the modification.
But.
If the above were possible, then the best course of action would be to create a script that would set ro.oem_unlock_ability=1 and sys.get_unlock_ability=1, after which the user would immediately reboot to download mode and unlock the bootloader, because once you've unlocked the bootloader, you've removed a lot of restrictions - you can flash a custom recovery, flash a root patch, flash anything you damn well pleased.
I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.
V0latyle said:
I'm honestly no expert on this kind of thing, but if I'm correct in my assumption that Samsung does not protect the system image, then yes - you could, in theory, use the leaked key to sign an update package that could patch /system to gain root. This would require knowledge of exactly how Samsung signs their updates. However, if the system image is protected, this would cause a boot failure, as AVB would detect the modification.
But.
If the above were possible, then the best course of action would be to create a script that would set ro.oem_unlock_ability=1 and sys.get_unlock_ability=1, after which the user would immediately reboot to download mode and unlock the bootloader, because once you've unlocked the bootloader, you've removed a lot of restrictions - you can flash a custom recovery, flash a root patch, flash anything you damn well pleased.
Click to expand...
Click to collapse
Thank you, I will do some more digging around. Would unlocking the bootloader that way not wipe the data?
blackhawk said:
I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.
Click to expand...
Click to collapse
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.
missmilla said:
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.
Click to expand...
Click to collapse
If in the US try a Samsung Experience center at a Best buy.
I never set locks on my phones, bios's or use encryption on data backup drives because you are always the one most likely to be locked out, sometimes through no fault of your own
Digital data is fragile unless it's redundantly backed up.
blackhawk said:
I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.
Click to expand...
Click to collapse
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.
blackhawk said:
If in the US try a Samsung Experience center at a Best buy.
I never set locks on my phones, bios's or use encryption on data backup drives because you are always the one most likely to be locked out, sometimes through no fault of your own
Digital data is fragile unless it's redundantly backed up.
Click to expand...
Click to collapse
Thank you. I'm in the UK but we do have a couple of Samsung Experience Centres here so I'll try asking. Oh I will definitely be making multiple, unencrypted backups from now on! I will also be rooting the phone and installing a custom recovery just in case.
If you start playing with the firmware bricking the device is always a real possibility especially if you don't follow the protocols correctly. I never had to flash any of my Samsung's in 12 years, all are still working today. I don't do OTA updates either, ever, the potential to brick them like that is higher with you having zero control.
Samsung would really love to sell you a new expensive phone...
Some lessons you end up learning the hard way. I lost a 30yo database that is irreplaceable
Learn from your mistakes and press on. It's a lot easier though to learn from other's mistakes.
missmilla said:
Thank you, I will do some more digging around. Would unlocking the bootloader that way not wipe the data?
Click to expand...
Click to collapse
Unlocking the bootloader will always require a data wipe.
missmilla said:
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
Click to expand...
Click to collapse
The stock recovery will refuse any packages that are not signed, or are signed with an unrecognized key. There's other measures in place as well.
blackhawk said:
If you start playing with the firmware bricking the device is always a real possibility especially if you don't follow the protocols correctly. I never had to flash any of my Samsung's in 12 years, all are still working today. I don't do OTA updates either, ever, the potential to brick them like that is higher with you having zero control.
Samsung would really love to sell you a new expensive phone...
Some lessons you end up learning the hard way. I lost a 30yo database that is irreplaceable
Learn from your mistakes and press on. It's a lot easier though to learn from other's mistakes.
Click to expand...
Click to collapse
Probably not something to be messing around with when I don't know what I'm doing then.
Ouch! No wonder you're so careful with backing up... as I will be too from now on. Lesson learned
V0latyle said:
Unlocking the bootloader will always require a data wipe.
The stock recovery will refuse any packages that are not signed, or are signed with an unrecognized key. There's other measures in place as well.
Click to expand...
Click to collapse
It's sounding like I'd probably better count my losses and leave it alone. And be more careful in future. All this has got me itching to try stuff out though. Possibly not on my one and only phone, but maybe if I can get a cheap second hand one to play with, or the S9 once I eventually upgrade - it sounds so much fun!
You can use the key to sideload an update, if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures, but the problem on this is where you can find the certificate? Nobody will tell you where you can find it because who has it remains silent and also communities do not allow this kind of sharing.
Skorpion96 said:
You can use the key to sideload an update, if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures, but the problem on this is where you can find the certificate? Nobody will tell you where you can find it because who has it remains silent and also communities do not allow this kind of sharing.
Click to expand...
Click to collapse
Thank you. Yeah, I thought I had seen someone publish the certificate, but I misunderstood. So wouldn't be able to get hold of it what with not being familiar with the dark web!
Skorpion96 said:
if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures
Click to expand...
Click to collapse
you can always flash blank vbmeta on low level (such as usbdl, edl or bootrom mode) but that's not how it works.
aIecxs said:
you can always flash blank vbmeta on low level (such as edl or bootrom mode) but that's not how it works.
Click to expand...
Click to collapse
Depends, if your device is made in USA you can't. I was only suggesting a way to bypass flashing restrictions hoping that bootloader lock don't block you. Normally bootloader lock blocks unsigned flashing but if you are able to bypass it during flash maybe you can boot unsigned firmware, I'm not sure though. To flash stuff you can use an exploit or escalate privileges with a signed app that updates a system one to become uid 1000 and after that you can do setenforce 0 or setenforce permissive to set kernel permissive
No no, locked bootloader prevents booting unsigned boot, vbmeta, etc (not flashing in first place)
@missmilla just realized you wanna break into your device? this was always possible for S9 (encrypted with default_password) but it's not easy
https://www.forensicfocus.com/news/samsung-exynos-support-in-oxygen-forensic-detective
aIecxs said:
@missmilla just realized you wanna break into your device? this was always possible for S9 (encrypted with default_password) but it's not easy
https://www.forensicfocus.com/news/samsung-exynos-support-in-oxygen-forensic-detective
Click to expand...
Click to collapse
Apparently the Qualcomm variants aren't suspectable to this hack. Only Exynos models are listed.
Related
Need link to download the specific software specified in the title of this thread. Came across the one loaded on Google by another xda member but having difficulties downloading it. If you have it mirrored to another cloud service please provide me with the link. I am mostly gunning to get my hands on all of the .img files which come inside it so that I may review them via a hex editor and unlock my bootloader the sneaky way since Huawei refuses to reply back to my emails. Many thanks in advance.
Update: I was able to get my hands on the update.app file. So now will begin extraction and making my changes to hack the bootloader status on my device. If Huawei has responded back to you with your proper bootloader unlock code then you were fortunate. I myself have run out of patience with them and am now handling this on my own personal level.
Modding.MyMind said:
Need link to download the specific software specified in the title of this thread. Came across the one loaded on Google by another xda member but having difficulties downloading it. If you have it mirrored to another cloud service please provide me with the link. I am mostly gunning to get my hands on all of the .img files which come inside it so that I may review them via a hex editor and unlock my bootloader the sneaky way since Huawei refuses to reply back to my emails. Many thanks in advance.
Update: I was able to get my hands on the update.app file. So now will begin extraction and making my changes to hack the bootloader status on my device. If Huawei has responded back to you with your proper bootloader unlock code then you were fortunate. I myself have run out of patience with them and am now handling this on my own personal level.
Click to expand...
Click to collapse
Having trouble getting the bootloader unlock code? Try this:
Most of the issues are that emails sent outside of Shenzhen China business time during the week are not answered. They go into an email black hole. You'd have to send in the bootloader unlock request email really late here in the US or set up some way to send your email later automatically like I did with the Chrome extension Boomerang to get the code for my second HAM2. Currently sending in a request around 9pm EST to 4am EST Sunday - Thursday is the best time to email for the unlock code Sun-Thurs corresponds to Monday-Friday at Huawei in China.
I have emailed outside of those times and not gotten a response. After figuring out the time difference and setting up boomerang for an automated send later feature with my email the code arrived a couple hours after it was sent and I saw it when I woke up the next morning.
Sent from my MT2L03 using Tapatalk
@arcadesdude, thanks for your input, but unfortunately that route has failed me as well. Been at it with these emails since late last year. My guess is that my emails are getting lost in middle of a bunch of other emails they may be receiving or I'm going to their spam mail which they probably ignore. Either case, all attempts have not been successful. I found the EFI image and boot image inside the update.app last night. So far so good as it looks like I can easily hack this update and finally get my bootloader unlocked so I may do what I need to do with it.
Modding.MyMind said:
@arcadesdude, thanks for your input, but unfortunately that route has failed me as well. Been at it with these emails since late last year. My guess is that my emails are getting lost in middle of a bunch of other emails they may be receiving or I'm going to their spam mail which they probably ignore. Either case, all attempts have not been successful. I found the EFI image and boot image inside the update.app last night. So far so good as it looks like I can easily hack this update and finally get my bootloader unlocked so I may do what I need to do with it.
Click to expand...
Click to collapse
You can unlock the bootloader without the bootloader unlock code?
Did you try another email address? Another member on here used another address and got through to Huawei.
Sent from my MT2L03 using Tapatalk
arcadesdude said:
You can unlock the bootloader without the bootloader unlock code?
Did you try another email address? Another member on here used another address and got through to Huawei.
Sent from my MT2L03 using Tapatalk
Click to expand...
Click to collapse
No, the bootloader code is still required. All I am going to do is modify the source via a hex editor so that I can input a code of my choosing and force it to accept that code and thus unlock my bootloader. That is very possible . Should of done this already but I wanted to give Huawei a chance - but they failed.
Modding.MyMind said:
No, the bootloader code is still required. All I am going to do is modify the source via a hex editor so that I can input a code of my choosing and force it to accept that code and thus unlock my bootloader. That is very possible . Should of done this already but I wanted to give Huawei a chance - but they failed.
Click to expand...
Click to collapse
I didn't know you could do that. Is it essentially just flashing your modified bootloader partition to the phone using adb like we flash the recovery partition?
arcadesdude said:
I didn't know you could do that. Is it essentially just flashing your modified bootloader partition to the phone using adb like we flash the recovery partition?
Click to expand...
Click to collapse
Pretty much, but not with adb. Using fastboot.
also, i guess you also need disable the verification chain? but how? I heard it probably start from very beginning, ROM, a real read only rom. if you flash hacked aboot, sbl probably refuse to boot it, right?
xordos said:
also, i guess you also need disable the verification chain? but how? I heard it probably start from very beginning, ROM, a real read only rom. if you flash hacked aboot, sbl probably refuse to boot it, right?
Click to expand...
Click to collapse
With a bootloader being locked you are presumably limited on what can and cannot be flashed. With that in mind should a modification be incorrectly done for a device with a locked bootloader then it would be safe to say that the flash would be denied and no harm done. Because I will be modifying the source to accept my personal code then this will not have any affect towards flashing. The device will even accept it. Then, when I enter my code and reboot, the device will simply say it is unlocked. The only catch to this though is that if I flash back to the original then the bootloader should technically relock itself. I will open a thread on this procedure down the road when I get time and even include my mods so others may compare it with the stock to see the differences.
Modding.MyMind said:
With a bootloader being locked you are presumably limited on what can and cannot be flashed. With that in mind should a modification be incorrectly done for a device with a locked bootloader then it would be safe to say that the flash would be denied and no harm done. Because I will be modifying the source to accept my personal code then this will not have any affect towards flashing. The device will even accept it. Then, when I enter my code and reboot, the device will simply say it is unlocked. The only catch to this though is that if I flash back to the original then the bootloader should technically relock itself. I will open a thread on this procedure down the road when I get time and even include my mods so others may compare it with the stock to see the differences.
Click to expand...
Click to collapse
Regarding the limitation, early I thought you are going to modify/repackage the UPDATE.APP, as that way, if (a big if) it works, ideally you can flash to any partition. (There is some thread in xda that discussion about read/repackage the huawei UPDATE.APP)
But as we discussed briefly long time back, this whole thing is really really risky, if the booting path to fastboot got damage, then pretty much the phone is hard bricked.
Probably if you stick with flash with fastboot, then the risk will be lesser but man, this is scary stuff..
Regarding the validation chain, I got info from following article:
http://www.newandroidbook.com/Articles/aboot.html
A few paragraph after the Figure One.
Let's see...
PS, maybe you can continue try some different email address and sent at correct time to Huawei for the code...
PS2, another thought, maybe inject a superSU to the UPDATE.APP system image will work? not sure how strict they are validating when flashing UPDATE.APP and/or when booting the system partition.
xordos said:
Regarding the limitation, early I thought you are going to modify/repackage the UPDATE.APP, as that way, if (a big if) it works, ideally you can flash to any partition. (There is some thread in xda that discussion about read/repackage the huawei UPDATE.APP)
But as we discussed briefly long time back, this whole thing is really really risky, if the booting path to fastboot got damage, then pretty much the phone is hard bricked.
Probably if you stick with flash with fastboot, then the risk will be lesser but man, this is scary stuff..
Regarding the validation chain, I got info from following article:
http://www.newandroidbook.com/Articles/aboot.html
A few paragraph after the Figure One.
Let's see...
PS, maybe you can continue try some different email address and sent at correct time to Huawei for the code...
Click to expand...
Click to collapse
I won't be using the update.app parsay. Merely needed it so I can locate the images I want by viewing it with a hex editor and then extracting them so that I can solely focus on those images using a hex editor and once I make my patch(s) then I will use fastboot to flash those images to their respective partitions on the device. It really isn't that risky as long as you know what to look for. I won't be that guy that says "oops" in this case lol. So, I'm not worried about possibly bricking this device one bit .
Modding.MyMind said:
I won't be using the update.app parsay. Merely needed it so I can locate the images I want by viewing it with a hex editor and then extracting them so that I can solely focus on those images using a hex editor and once I make my patch(s) then I will use fastboot to flash those images to their respective partitions on the device. It really isn't that risky as long as you know what to look for. I won't be that guy that says "oops" in this case lol. So, I'm not worried about possibly bricking this device one bit .
Click to expand...
Click to collapse
Just curious, what are you planning to do that requires an unlocked bootloader?
ScoobSTi said:
Just curious, what are you planning to do that requires an unlocked bootloader?
Click to expand...
Click to collapse
Something lol
I'm not sure why you can't get the code from Huawei ...but I'm kinda glad you can't. seems your gathering nice info about this phone.
Sent from my MT2L03 using XDA Free mobile app
Modding.MyMind said:
Something lol
Click to expand...
Click to collapse
Just in case you're being super extremely nice and kind and trying to make a ROM for us, the other developer has hit a huge roadblock on CM11/12 you should know about.
ScoobSTi said:
Just in case you're being super extremely nice and kind and trying to make a ROM for us, the other developer has hit a huge roadblock on CM11/12 you should know about.
Click to expand...
Click to collapse
Even he is not plan to build CM, but as the man who build first recovery for us, I think he wont stop until he can play with his own baby in his phone.
Modding.MyMind said:
I won't be using the update.app parsay. Merely needed it so I can locate the images I want by viewing it with a hex editor and then extracting them so that I can solely focus on those images using a hex editor and once I make my patch(s) then I will use fastboot to flash those images to their respective partitions on the device. It really isn't that risky as long as you know what to look for. I won't be that guy that says "oops" in this case lol. So, I'm not worried about possibly bricking this device one bit .
Click to expand...
Click to collapse
1. How are you going to flash image via fastboot if your bootloader is locked?
2. You have to hack fastboot image to pass throuth unlock code verification without or with some random code. But even if you do so, you won't be able to flash fastboot image via fastboot even with unlocked bootloader.
I would'nt touch fastboot at all 'cause it's a high risk to get a hard brick.
I have found unlock code in some partition of my device, but I dunno was it there initially or was written there after unlocking. If the first case is and fastboot just compares entered code with saved one in device, then you can try to make update.app with injected su, as xordos offered, to be able to read this partition.
Injecting su into the update.app woukdnt work. The update.app has it's own crc and such. So to simply say, it won't work. You also answered your questions with remarks 1 and 2. One exception is that yes, you can flash the image. As for risks, it's only there if you mess something up - development typically is about taking risks . The fastboot image won't technically brick the device anyways. At best a soft brick may occur, but to be honest since "bricking" is up for discussion; bricking can occur simply by making a change to the build.prop file and not fixing it's permissions prior to rebooting. Unless you "hard" brick the device, then it can always be recovered.
You said the image or images can't be flashed with a locked bootloader, while yes is technically true, but understand that it isn't 100%, because you see, when your device recieves an update initially the devices bootloader is expected to be locked, right? Yet, magically enough the update goes through, the phone reboots, you either hate or love the new update. Something to think about before actually saying an image can't be flashed . Instead, I would have you ask yourself, "how?".
xordos said:
Even he is not plan to build CM, but as the man who build first recovery for us, I think he wont stop until he can play with his own baby in his phone.
Click to expand...
Click to collapse
And best believe, I want to play
DEPRECATED
This firmware is old and deprecated.
See the below link for new firmware and a better root method.
https://forum.xda-developers.com/galaxy-s8/development/root-partcyborgrom-aqi6-deodexed-t3702988
You can just flash the BL_ tarball if you don't want to install a new system
but want the better screen and modem drivers.
PART 2: FIRMWARE RELOADED
I have done extensive research into the issues reported by those of you who are still experiencing screen issues.
I was unable to reproduce the screen issue on my then-current firmware with this update.
Not being content to leave people with buggy screens, I learned as much as I could about the s8 firmware.
This is what I did with that information.
Flashable Custom Firmware Package For ALL SM-G950U/U1 ON US CARRIERS
If you have a non-us G950U and want to install this pm me or ask in the thread and ill make one. Its very simple but I wanted to get this out to everyone else ASAP
NOTICE!
This an UPDATE (and More) to the Green/Garbled Screen Issue firmware.
There is NEW firmware to download below, and everyone who is rooted should read on, even if you installed the previous version.
Background
At the core of the issue with the garbled screen, modem panics, and sd card issues are two central themes: Bugs, and Incompatibilities. The S8 family of phones was fraught with issues early in its release, including the infamous "Red Tint', Fingerprint scanner malfunctions, mysteriously poor battery life, and surely a bunch of smaller others. Many of these bugs were caused by issues in the device's underlying firmware. Like most devices, Samsung has worked to fix these bugs and improve device performance throughout the phones lifetime for sale in public.
Root Bugs
The problem was unfortunately worse for users of one of the rooting methods for the S8. The biggest reason for this is that in order to relax security constraints enough to make rooting possible, a "non-user oriented", "factory" combination firmware was used. This firmware, being designed apparently for configuration/repair processes inside a factory, was not tuned to the normal level as the public firmware, likely did not go through the same testing, and ultimately any bugs unique to this "Combination" firmware that did not directly affect basic functionality or also stock were probably largely initially ignored.
This is where most of the issues that you all have had come from.
Finding a Solution
As I was unable to reproduce the issue on my device without resorting to the original firmware shipped out with the root method I used, I decided to think about what made my device different than the other devices reporting these issues. While sure we may have slightly varying hardware and that may contribute to these issues as well. What I am absolutely certain of is that most of us have different releases of software from each other. Not only have people essentially ad-hoc upgraded from the original firmware they rooted with until now, many have not upgraded at all or, only partially upgraded (such as with the pervious version of this).
While I could have simply packaged up my firmware/bootloader flashfire backup, I decided to take it a step further.
THE GOODS
Without further ado, I present to you:
S8Root Improved: A SM-G950U1 Custom Firmware Package for Root Users
This package contains a custom mix of the latest AQH3 STOCK (not combination) firmware used wherever possible with the Necessary boot/kernel images from the combination firmware necessary to keep root working with permissive SELinux. It contains all of the improvements from the previous version, and many more.
RESULTS
I can only speak for myself, but the results I experienced were amazing:
- Better UI Responsiveness.
Things surprise me how they move
- Sharper/brighter screen colors
I thought it couldn't get better than the last version but it has! Everything just looks crisper and are super bright without being oversaturated like with the Adaptie Mode.
- POSSIBLY Improved LTE network connectivity.
Note I said POSSIBLY. I personally regularly experienced 8-10Mb/s download bumps and 2-3Mb/s upload bumps in LTE while moving back and forth from this new firmware. I have my LTE radio locked to a specific channel (there are two i pick up at my place and one is terrible) and I carefully measured -107 to -112 dBm RSRP and -13 to -14 dB RSRQ prior to each measurement. I almost left this out but I figured it would be better to give you the information with no conclusion either way. It ABSOLUTELY could be Atmospheric changes, Traffic level changes, or any other of a million thins. YMMV
- Could POTENTIALLY still any remaining fix long-standing SDCard issues
I did not experience this, but had a few reports from users that did. The same pieces used in that version that would touch SDcard usage are used here, so that fix/improvement will carry over.
DISCLAIMER
Unfortunately proving beyond any shadow of a doubt that this package fixes the issue was impossible . I have TRIED AND TRIED AND TRIED to trigger the screen issues, including tweaking on and off every setting (auto brightness, multiple DPIs, different graphs modes, etc) I could get my hands on and it just was not happening. I used every software/systems trick I could think of to break this again, and I was completely unable to tickle the bug on this firmware, despite being able to reliably trigger it almost on command using my previous firmware.
The only thing left to do is either:
- Get the source from samsung, fix the bug myself, and get them to sign my new kernel image with their key so our locked bootloaders would allow it (HAHA I DOUBT IT)
- Acquire a large fleet of S8s (and S8+s) to run distributed integration testing (like the kind Android use at Google). Well if someone wants to buy me a few dozen s8s and s8+s (each) sure I'll take a month off work and squash this, but otherwise not gonna happen either.
If it STILL happens for you, I'm sorry.
I have done everything I can think of, and if it happens to you and you have suggestions, I'm all ears.
BUT HEY, but this is XDA right? Land of mods like Xposed which will brick one persons device and work flawlessly on the identical one next to it. And we love Xposed don't we?
Despite absolutely hilarious comments to the contrary, this package absolutely meets the (aka "BugFix") as well as just about any android update ever does, given the wide variety of environments, usecases and software configurations out there. I surely hope that this works for you.
Instructions
1) Download the package from the link above.
- Here it is Again for good measure.
2) Reboot into download mode and flash using Comsy Odin
Thats it! I packaged this in a way to make the process as smooth as possible.
There is NO reinstall, NO wipe of any kind, nor ANY further work on your part needed to install and use this.
The file size is small so the download is fast, and again, there is NO WIPE or config change needed.
if (for some inexplicable reason) you want to roll back, or go to 100% stock sans root, that process should not be made any more difficult as well.
Legacy Information
If you were here before and either looked at or downloaded the previous version, AND YOU HAVE NO QUESTIONS you can skip this part.
If you have questions, please read through to the end of the post before asking them, as I tried to answer as many as I could before hand and all of this information still applies.
WHAT IT IS NOT:
I wanted to outline a few things it is NOT about, to make a valliant effort to stem off the flow of questions before they begin (ha!):
NOT: A new Stock ROM for Your Phone
THIS IS NOT A FULL OS BUILD! DO NOT DOWNLOAD THE WHOLE THING AND FLASH IT EXPECTING AN ENTIRELY UPGRADED OS.
There is no full stock AQI1 image I have found. Believe me I looked a bunch of places after I found it
NOT: Oreo Early Preview
Given the predictions that the next release from Samsung would likely be Oreo, there was some initial over excitement. This wound up being NOT the case and if you read at least current Samsung Oreo projections they are predicting AQB now.
NOT: A Fix for the 80% Battery Issue
I know this is completely futile to hope for but:
THIS DOES NOT FIX THE 80% BATTERY ISSUE!!!!
NO WE DO NOT HAVE A FIX FOR THAT OR ONE COMING ANY TIME SOON!
YES SOME PEOPLE ARE STILL TRYING!
PLEASE DO NOT ASK! OFF TOPIC FOR THS THREAD
NOT: Currently Tested by ANYONE but ME
Since the moment I installed this I have not had ONE SINGLE screen issue, where previously I would have them several times throughout the day (at least 3 sometimes upwards of 6). For the case of ME and MY device, I am confident in declaring that this boot ROM does not have the same kernel bug that was causing the issue on the boot.img provided as part of your traditional root method.
NOTE: This is for the s8 G950 US Snapdragon models ONLY! Do NOT Flash this on your exynos, your Chinese/HK S8, your N8, your MOTO RAZR flip phone, whatever else you have. Kernels/boot.img files are very device specific and you will surely break it if not completely brick it.
DISCLAIMER:
YOUR WARRANTY IS ALREADY VOID if you are paying attention and are doing this to fix bugs with the existing sampwnd root.
HOWEVER IT IS EVEN VOIDER NOW. FLASH THUS TO YOUR DEVICE AT YOUR OWN RISK!
and if you break it I AM NOT RESPONSIBLE! FLASH AT YOUR OWN RISK!
As I said I have not tested this anywhere but my phone as I dont have any other s8s nor do I have access to any locally. I hope it works for you as well as it has for me.
STEPS
Download Boot Image
Use the URL here to Download the AQI1 boot.img file: Go Download the New Hotness
Prepare Phone for Flashing in FlashFire
If you did not download it on your phone, copy it somewhere FlashFire can see it.
Flash it
Open up FlashFire
Hit the "+" button
Select the "Flash Firmware Package" option, NOT the "Flash Zip or OTA" option!
You should see a popup window thing that has a checkbox next to the word BOOT, with "boot.img, 22MiB" underneath.
Make sure the checkbox is checked.
Make sure that it says BOOT above boot.img.
I have no idea if its possible for this to get messed up, but BOOT implies flashing the BOOT partition so if it says something else you are headed towards brick town, abort immediately.
Press the Check mark at the top right corner once you have confirmed the two things above.
MAKE SURE EVER ROOT IS DISABLED!!!
Click on the "Reboot" box, and choose "Recovery". MAKE SURE PRESERVE RECOVERY IS NOT CHECKED!
Back at the main menu, click the lightening bolt next to the word FLASH. Confirm.
Wait for FlashFire to do its thing. Sometimes it takes a minute for FF to wake up and start flashing. Occasionally for me it never happens, if this happens DO NOT PANIC ITS FINE. Hold down power+volDown until you eventually wind up in upload mode, then just reboot normally and everything will come back fine.
When FlashFire finishes (it will go really fast, the image is only 22MB we arent flashing a 5GB system here), it will auto-reboot your device into the recovery men
Select Wipe Cache and Confirm
This will wipe cache which is fine and safe. Again maybe not needed, feel free to skip if you know what you are doing. If you mess up and accidentally click factory reset instead, please tell me so I can laugh at you.
Reboot into a Clear New World
Select reboot and boot the system normally. If you formatted the cache partition above, it will take a little longer to start your phone. This is just the first time per normal.
Thats it! Welcome to the world of clear screens and bright colors. It could be a total placebo effect but I actually think this kernel drives the display better sometimes.
Please let me know what you think, and if this works for you. I wi;; be here for a while to answer questions or fix anything i typoed above or whatever.
FYI: A s8+ thread is coming too, as I sprung for purchasing both downloads to be an equal opportunity XDAer (at least with US flagship Samsung devices lol) but since I have an s8 and thus had the files locally already I made this one first
@jhofseth for nerding out with me the last few nights on trying crazy **** to get a bootloader unlock which prompted me to dig at this in the first place
Most of all, all of the tons of you who have made so many aewesome mods, themes, apps, what have you that I use every day and that make me enjoy my device all the more. I could not be happier to have the opportunity to give back a little.
Here is the restof the s8 combo firm if you are interested, but don't just flash this as its not a full OS:
EDIT: DOWNLOAD THE NEW ONE ABOVE
Can I Get The Link To The S8+ Boot im willing to try it
Mark805 said:
Can I Get The Link To The S8+ Boot im willing to try it
Click to expand...
Click to collapse
Coming very soon I promise! 10m max
Ok thanks
Mark805 said:
Can I Get The Link To The S8+ Boot im willing to try it
Click to expand...
Click to collapse
Its up now! https://forum.xda-developers.com/ga...sampwnd-root-green-screen-corruption-t3673815
whats the bootloader verison? it can be found by booting into download mode manually.
Cameron581 said:
whats the bootloader verison? it can be found by booting into download mode manually.
Click to expand...
Click to collapse
This isn't a bootloader change, it's boot.img which is the kernel and root filesystem essentially
Hey, btw this does not void warranty. I understand it's a standard disclaimer but it doesn't void it. It doesn't trip knox, so warranty is still very intact.
mweinbach said:
Hey, btw this does not void warranty. I understand it's a standard disclaimer but it doesn't void it. It doesn't trip knox, so warranty is still very intact.
Click to expand...
Click to collapse
Uh just because their service does not catch you does not mean that technically you are not violating your warranty contract thus making using technically illegal
That would be like saying "it's not murder if you leave no forensics!" Lol
wildermjs8 said:
Uh just because their service does not catch you does not mean that technically you are not violating your warranty contract thus making using technically illegal
That would be like saying "it's not murder if you leave no forensics!" Lol
Click to expand...
Click to collapse
i mean legally a warranty can not be void through software modifications unless it causes physical damage to the device. Since the efuse was not tripped no physical damage has been caused and no warranties have legally been void.
I had the green screen/graphics corruption after flashing this still...
goliath714 said:
I had the green screen/graphics corruption after flashing this still...
Click to expand...
Click to collapse
Apparently this happens to some people. I am fairly certain it is a firmware combination issue but I haven't been able to track it down. One thing you can do to eliminate it if you have the issue still (please let me know if this does not work) is to disable auto brightness.
wildermjs8 said:
Apparently this happens to some people. I am fairly certain it is a firmware combination issue but I haven't been able to track it down. One thing you can do to eliminate it if you have the issue still (please let me know if this does not work) is to disable auto brightness.
Click to expand...
Click to collapse
I have auto brightness off and still get it here and there.
goliath714 said:
I had the green screen/graphics corruption after flashing this still...
Click to expand...
Click to collapse
Please check out the OP again and download/flash the new version. Rather than just a few files, its a whole new entire bootloader/kernel package that I assembled piece by piece to have as much latest stock firmware as possible while maintaining what we need for root.
My primary suspect for why some people experience this regression is having older parts of their system. Rather than push everyone to upgrade, I made a painless upgrade process for all of their firmware instead
This includes the Radio drivers and bootloaders, kernels and flash layer libraries. Its all either latest stock or its AQI1 Combination because it was absolutely necessary.
wildermjs8 said:
Please check out the OP again and download/flash the new version. Rather than just a few files, its a whole new entire bootloader/kernel package that I assembled piece by piece to have as much latest stock firmware as possible while maintaining what we need for root.
My primary suspect for why some people experience this regression is having older parts of their system. Rather than push everyone to upgrade, I made a painless upgrade process for all of their firmware instead
This includes the Radio drivers and bootloaders, kernels and flash layer libraries. Its all either latest stock or its AQI1 Combination because it was absolutely necessary.
Click to expand...
Click to collapse
We flash the tar in the AP slot correct?
CloudyxVision13 said:
We flash the tar in the AP slot correct?
Click to expand...
Click to collapse
Yep
---------- Post added at 08:29 PM ---------- Previous post was at 08:28 PM ----------
Seems to be running better to me. Thanks bro
CloudyxVision13 said:
We flash the tar in the AP slot correct?
Click to expand...
Click to collapse
It actually does not matter, as Odin will do the right thing no matter what.
Sorry I should have made that clear. I will update the op to make that clear
Just wanna make sure of something. First, I flash the first download files through modded doin, then afterwards, flash the second file in ff?
AngelIsL33T said:
Just wanna make sure of something. First, I flash the first download files through modded doin, then afterwards, flash the second file in ff?
Click to expand...
Click to collapse
Nope, only need the tar file bud. The old boot.img file is just basically the previous version of this.
AngelIsL33T said:
Just wanna make sure of something. First, I flash the first download files through modded doin, then afterwards, flash the second file in ff?
Click to expand...
Click to collapse
The old image is actually part of the new tar, do you will have it anyway . I packaged it in Odin this time because there are some pieces of firmware FF either can't or warns against using it for. Plus one clean simple tar seemed easier, no?
Do you see the boot.img in the op? I thought I nixed all the instances of the link but I may have missed one.
I almost rewrote all the old text to reflect now but it felt like editing history so I tried to preserve what made the most sense still. It sounds like it's still a little confusing sobrskr another crack at it shortly.
Please let me know if you have any trouble! I'll be here to help all evening
Hello,
Recently the forced upgrade of the Sony Xperia X OS to Oreo destroyed certain functionalities which were critical to my phone's utility. Functionalities for which I had indeed selected and purchased the phone in the first place. Having suffered similar problems in the past, I postponed the upgrade for weeks and sought advice from Sony on declining the update. Of course they said this was not an option and that my files would be unaffected, and of course this was false information.
As someone on the Autism spectrum, I have always struggled with digital merchandise and the tendency for suppliers to alter their products after I have purchased them. It is necessary for me to have consistency, and to be able to organize things in a certain way without worry of having them altered. I familiarize myself with how to use the product and then, silently, menus change, operations reorganize themselves entirely and it becomes difficult to perform the basic tasks that I have learned at great personal difficulty to navigate on my device already. This is a big problem. I do not want the latest and the greatest. I want consistency. I want my device to continue operating as it did when I purchased it less than a year ago.
All of this is to say that when the latest update destroyed the very things that gave my phone value to me and for which I had painstakingly selected it, I was thrown into a mild state of panic. After confirming with Sony that the upgrade was irreversible, and finding no other alternative, I elected to purchase the very same phone that I already owned for a second time, knowing that the Operating System would not yet have been upgraded.
The problem, now, is how to use the phone without risking the same forced OS upgrade and rendering the repurchase entirely pointless.
My understanding is that the only way to accomplish this would be to root the new phone. Please correct me if I am wrong. Given my circumstances, I have always seemed an obvious candidate for rooting my devices in order to maintain control of operations. Unfortunately I am not very technically inclined, and Root tutorials simply bamboozle me with their jargon. Given the sensitive nature of the rooting process, in that it seems very easy to make a misstep or run into complications, I have been excluded from taking advantage of this obvious solution.
Yet here I am, with a brand new phone that I cannot use unless I am able find a way to prevent the Operating System from updating.
My questions are:
Is there any way to block OS updates without rooting, that I am unaware of?
If rooting is the only method, what is the safest way that a layman like myself might confidently pursue this route?
Thank you for your time.
wynden said:
My questions are:
Is there any way to block OS updates without rooting, that I am unaware of?
If rooting is the only method, what is the safest way that a layman like myself might confidently pursue this route?
Thank you for your time.
Click to expand...
Click to collapse
No. But if I remember correctly, you can just not update your phone. Or you can try to unpack the firmware, edit it manually, delete the app which updates your system, repack the firmware and flash it. Or you can freeze it through ADB... But, the best way, of course, is root.
It's quite easy if you'll follow the instructions.
In short:
Flash Android 6.0 through Flashtool. Not as hard as it sounds, but it's mandratory.
Save your TA partition. One bat-script on Android 6.0 with locked bootloader, and you are ready.
Unlocking your bootloader. Sony have their own instructions which are pretty easy to follow.
Delete the app which updates your system. The easiest step.
Last: if something went wrong with your hardware - just relock your bootloader with the keys you've backed up - and you have your phone in a factory new condition!
Good luck! Ask here if you need any additional information!
Gray47Maxx said:
No. But if I remember correctly, you can just not update your phone.
Click to expand...
Click to collapse
Gray, thank you for your reply. It does not seem that just not updating is an option, as the phone keeps harassing the user to download the update, and there is no way to disable those push notifications, as far as I am aware.
In short:
Flash Android 6.0 through Flashtool. Not as hard as it sounds, but it's mandratory.
Save your TA partition. One bat-script on Android 6.0 with locked bootloader, and you are ready.
Unlocking your bootloader. Sony have their own instructions which are pretty easy to follow.
Delete the app which updates your system. The easiest step.
Click to expand...
Click to collapse
I appreciate the summary, but I don't know what a flash tool is, or a TA partition, or a bat-script, or a bootloader, etc. This is why I feel unqualified to tackle such a sensitive operation. I have googled instructions on rooting, but since I do not understand what is being asked of me, I cannot proceed. What is the best way for a layman who is easily overwhelmed to familiarize themselves with the technology to become reliably competent at tackling such a project?
Last: if something went wrong with your hardware - just relock your bootloader with the keys you've backed up - and you have your phone in a factory new condition!
Click to expand...
Click to collapse
My understanding was that a root was irreversible. This is a major contributor to my trepidation. Is this not the case?
Additionally, I have gathered from various forums that the process of rooting Xperia has been particularly problematic and frequently unsuccessful. Do you know if there is any truth to this? I would not have a clue what to do if I encountered a problem.
wynden said:
Gray, thank you for your reply. It does not seem that just not updating is an option, as the phone keeps harassing the user to download the update, and there is no way to disable those push notifications, as far as I am aware.
Click to expand...
Click to collapse
It's only a push notification, and it can easily be ignored. But it's very annoying, I know.
wynden said:
I appreciate the summary, but I don't know what a flash tool is, or a TA partition, or a bat-script, or a bootloader, etc. This is why I feel unqualified to tackle such a sensitive operation. I have googled instructions on rooting, but since I do not understand what is being asked of me, I cannot proceed. What is the best way for a layman who is easily overwhelmed to familiarize themselves with the technology to become reliably competent at tackling such a project?
Click to expand...
Click to collapse
The best way is to try to find a person who is familiar with Sony devices - then you'll have less chances to break something. If you don't have anyone familiar with Sony - then XDA have some good threads (this or this, for example) for self-learning.
My own experience with rooting, tweaking, making things started with bootloader unlocking, and my only helpers were guides and members of one famous Russian geek forums. So, maybe soon you'll join this community as a full member. Who knows ;^)
wynden said:
My understanding was that a root was irreversible. This is a major contributor to my trepidation. Is this not the case?
Additionally, I have gathered from various forums that the process of rooting Xperia has been particularly problematic and frequently unsuccessful. Do you know if there is any truth to this? I would not have a clue what to do if I encountered a problem.
Click to expand...
Click to collapse
Root is reversible, so do bootloader unlocking. A little bit complicated, but possible.
Yes, and as someone mentioned there, in terms of security Sony is an Apple of Android world here. Their devices are hardest to modify, they are overcosted, but there is nothing impossible.
So, in short:
You have two ways:
You can downgrade your phone, ignore that push notifications and keep your phone intact.
You can unlock your bootloader, root your phone and delete the app that updates your phone.
P.S. If I remember correctly, there was a way to "freeze" (force app to stop all of its activity) this app without rooting, unlocking, and so on. If I'll find it - I'll share it here
Thank you for your reply.
Gray47Maxx said:
It's only a push notification, and it can easily be ignored. But it's very annoying, I know.
Click to expand...
Click to collapse
No, not at least not in my case. Moreover it is only too easy to accidentally enable it when you are trying to do something else, entirely.
Thank you for directing me to those links, I will investigate the guides and see if they are any more illuminating than others I have read. I do not have a personal acquaintance familiar with Sony devices, unfortunately. They seem rather hard to come by even online.
If Sony devices are, indeed, the hardest to modify, then I feel my apprehension is justified. Is it wise to proceed without a technical expert to consult? Is there anyplace where I might find help if I need it? How likely is it that I will do irreparable damage to the device?
You can downgrade your phone, ignore that push notifications and keep your phone intact
Click to expand...
Click to collapse
When you say "downgrade", do you refer to restricting the second model I purchased to the OS it came with, or do you mean to suggest that my original phone can be downgraded? I had been told that even with root an OS update could not be reversed.
P.S. If I remember correctly, there was a way to "freeze" (force app to stop all of its activity) this app without rooting, unlocking, and so on. If I'll find it - I'll share it here
Click to expand...
Click to collapse
That is definitely something I would be interested in exploring before proceeding with more drastic alternatives. If you have any suggestions as to where I might look for more information, please do let me know.
Again, thank you very much for your help and correspondence in this matter. It is greatly appreciated.
wynden said:
Is it wise to proceed without a technical expert to consult? Is there anyplace where I might find help if I need it? How likely is it that I will do irreparable damage to the device?
Click to expand...
Click to collapse
1. If you've learned everything from the threads and you are following instuctions step-by-step - then yes, it is OK.
2. The great place to find a man who can help you is to check some local repair shops (especially ones where you can repair Sony phones) and make some good relations with a local master/technician. If something went wrong - they'll fix it! Plus if you make friends with them, I'm sure they will help you in such a hard procedure.
3. Only one thing is irreparable - DRM keys. So, you must save them before doing anything. Everything else can be fixed pretty easily.
wynden said:
When you say "downgrade", do you refer to restricting the second model I purchased to the OS it came with, or do you mean to suggest that my original phone can be downgraded? I had been told that even with root an OS update could not be reversed.
Click to expand...
Click to collapse
Thankfully, it can be reversed - it's Android after all. There's a special program for doing updates and downgrades - it's called Flashtool. And, of course, you can downgrade your phone to 6.0 without unlocking bootloader with this program. There you can download an OS and here is a complete video how to flash your device through it.
wynden said:
That is definitely something I would be interested in exploring before proceeding with more drastic alternatives. If you have any suggestions as to where I might look for more information, please do let me know.
Again, thank you very much for your help and correspondence in this matter. It is greatly appreciated.
Click to expand...
Click to collapse
Sure!
Good luck in Flashtool using!
P.S. It looks like you can stop downloading your OS update.
When you'll downgrade to 6.0, go to Updater app -> Settings -> Automatic updates download -> OFF. Boom, only notification left.
SONY IS THE APPLE OF ANDROID ( WELL SAID) (Y)
its a Cryptex scroll, one key wrong and the secret is destroyed for ever!
as 8 years Sony Xperias user coming from various devices, era, and Security policies of SONY here what i have found
1. SE phones were the easiest to root , Pre 2012 (last known device Xperia Ion)
2. 2013, Z series launched and thru out life of Z (c6602 / C6603 ) rooting was Piece of cake
3. then came Z3 with Devil in the Details. Sony Started using DRMKEYS (Digitial Rights Managment Keys) the are Stored in Hidden Partition and Every time you wana use Premium features (which you paid for) ( such as Image Enhancement Features withing Camera and Movie Player) (Blue Tooth 5 technology) ( FastCharge options) ( SD cards above 32Gb support) and much more, Xperia will ask KERNEL to Check where DRM KEYS are Instated or not. if Kernel output is 1 then all these features works perfect.
4. Z3, Z3+ Z4v , Z5 and Finally Z5p etc landed in hands having LP (android lollypop) kernels (KK for Z3) and KINGROOT was able to Find Android Exploits and used to Root easily! however from MM kernel, when SONY gripped its security with SONY RIC, every attempt from KINGROOT to root Xperia went on BOOTLOOPS. hence the only way to ROOT sony was to FLASH MODIFIED KERNEL. and to FLASH MODIFIED kernel you must UNLOCK the BOOTLOADER and when you do that, TA partition will be WIPED and you will loose you DRM KEYS FOREVER. even when you root your Stockrom and have /system access, failure kernel finding drmkeys will always make your sony device entry level droid.
5. A fresh breeze , when DIRTY COW script found this exploit in MM kernel when newly purchased Xperia (like X) came in to your hands having Android 6.01, just connect it to WIndows PC, enable usb debugging and run the TA Backup Script AKA dirtycow script and it will SPEW this TA-xxxx-xxxx-xxxx-xxx.img file (2mb) in the same folder! run it more than one! it will spew same file with different timestamp in that same folder. So now you have something SONY never wanted you to have!
6. More Over a very amazing Kernel Modding script called ROOTKERNEL SCRIPT by @tobias.waldvogel was primed and later taken over by @serajr which basically takes given kernel.elf file from the downloaded Stockrom and switch off all securties and add line in kernel to always prompt all SONY APPS for the existance of DRM KEYS Provisioned! even if they arent. this scripted supported z3, z3+, z4v, Z5c, X5 , z5p, X, Xc, Xperf, Xz and XZs from kernels LP, MM, N and O making whole drm keys concept mockery for Sony.
7. from XZP sony changed the way drm works and now for every device there is hidden location where you cannot know and even if you add line in kernel to point memory block for existing drmkeys. it will fail so kernel fix for DRM is gone. However the controversial commercialized xperifix by member name //storm does the job.
coming back to you
your X falls under the glory period of numerious options and fixes where not only drmfix is possible in kernel but also you can extract your drm keys TA.img and one day you can use to relock your bootloader !
I would suggest you to
1. use dirtycow script! extract TA.img
2. unlock boodloader
3. ROOT your MM kernel , disable all software updates!
4. relock the bootloader using that same TA.img (if you want)
and i agree! all sony devices came in my hands were always the BEST with the OS; they left the FACTORY! later it was just unfinished Roms to SUPPORT its successors! , for X the OREO is horrible! its designed to Support XZ2 and XZP but since the tree starts from X so they had to include X also.
YasuHamed said:
For X the OREO is horrible! its designed to Support XZ2 and XZP but since the tree starts from X so they had to include X also.
Click to expand...
Click to collapse
Completely disagree with you. Oreo for X is the best stock ROM I've used so far. Stable, fast, battery life friendly, secured and just ideal. Why do you think it is bad?
BTW I've used XZ2 less than a week ago, both of them runs almost equal. So...
Gray47Maxx said:
The great place to find a man who can help you is to check some local repair shops
Click to expand...
Click to collapse
I was unable to locate a mobile repair shop anywhere near me, although that is what I had initially hoped I would be able to do. Still, I expect they would take exception with me if I wanted them to assist me in doing something that the manufacturers disallow, so I don't know that it would have helped.
It is news to me that the phone can be downgraded, contrary to what Sony informed me. Do you think it would be better for me to go this route before attempting a root?
I suspect a root will still be necessary, if only because it will continue prompting me to update. You mentioned that I can turn Automatic updates off, but I believe what you are referring to is a setting I had already enforced. I made sure that the phone does not automatically download the updates in the settings, but it nonetheless harasses me with push notifications that I cannot dismiss.
Thanks again for directing me to these resources and helping me begin to understand the nuances of what I'm attempting.
YasuHamed said:
coming back to you
your X falls under the glory period of numerious options and fixes where not only drmfix is possible in kernel but also you can extract your drm keys TA.img and one day you can use to relock your bootloader !
I would suggest you to
1. use dirtycow script! extract TA.img
2. unlock boodloader
3. ROOT your MM kernel , disable all software updates!
4. relock the bootloader using that same TA.img (if you want)
Click to expand...
Click to collapse
Thank you for the overview, it does help me better understand the conflicting information I have been finding online, and your remarks about the X are very reassuring and do give me some confidence and hope for success. Are there any simplified, step-by-step tutorials for implementing this method that you have recommended, which you could direct me to? Figuring out which one to follow is one of my primary points of confusion.
Gray47Maxx said:
Completely disagree with you. Oreo for X is the best stock ROM I've used so far. Stable, fast, battery life friendly, secured and just ideal. Why do you think it is bad?
BTW I've used XZ2 less than a week ago, both of them runs almost equal. So...
Click to expand...
Click to collapse
Third generation of Oreo for Sony X is less horrible .2.50 but still heatsup more than Nougat and starts hanging, lagging. Since I reside in a country where its 45C usually,for me Nougat .0.252 (came dec2017) was the best rom!
wynden said:
Thank you for the overview, it does help me better understand the conflicting information I have been finding online, and your remarks about the X are very reassuring and do give me some confidence and hope for success. Are there any simplified, step-by-step tutorials for implementing this method that you have recommended, which you could direct me to? Figuring out which one to follow is one of my primary points of confusion.
Click to expand...
Click to collapse
I own X so Trust me The device is over all LOVE,
1. the modified kernels, instruction, Trivia can be found in my post https://forum.xda-developers.com/xperia-x/how-to/root-xperia-x-f5122-android-n-34-2-2-47-t3594502
2. BASIC INFO about Xperias, Unlocking bootloader and using Dirtycow Script MUST BE READ at https://forum.xda-developers.com/showpost.php?p=72141176&postcount=7
3. Since you are on Android MM, Enable usb Debugging from Developer Options and run Dirtycow Script - FULL GUIDE at
https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236
4. The Only Shepard for flashing Xperias EVEN when Sony's own Xperia Compainion Fails (many times) to flash your device is THE FLASHTOOL, www.flashtool.net , once boot is unlocked! sony will no longer recognize your device. Flashtool has inbuilt Xperfirm and you can download firmwares of all device across time (selective)
(literature)
. A very Promising Detailed, Library level guide by @DHGE on DRM KEYS CONCEPT at https://forum.xda-developers.com/showpost.php?p=70504721&postcount=2
YasuHamed said:
Third generation of Oreo for Sony X is less horrible .2.50 but still heatsup more than Nougat and starts hanging, lagging. Since I reside in a country where its 45C usually,for me Nougat .0.252 (came dec2017) was the best rom!
Click to expand...
Click to collapse
That's strange. My phone was fast as hell on all of the Oreo ROMs. Maybe I haven't noticed any heatups, because I have the latest revision (and mfg date is 06.2017) and everything is OK with the hardware there, so it just CAN'T heat up in my case...
Anyways, maybe you should try XGEN + FSC + Debloater?)
Gray47Maxx said:
That's strange. My phone was fast as hell on all of the Oreo ROMs. Maybe I haven't noticed any heatups, because I have the latest revision (and mfg date is 06.2017) and everything is OK with the hardware there, so it just CAN'T heat up in my case...
Anyways, maybe you should try XGEN + FSC + Debloater?)
Click to expand...
Click to collapse
I am actually on Xgen which is built on latest! its bit cooler and makes me survive the lagging!
the temperature in my country goes up to 50C
A few suggestions:
Turning off notifications:
(not certain it applies to those "forced" notifications by the update app, but I suspect if you disable the "fota service" and "fota application" [search for similar terms] it'll stop being displayed)
https://www.digitaltrends.com/android/how-to-turn-off-notifications-in-android/
https://www.techadvisor.co.uk/how-t...how-disable-notifications-in-android-3614881/
In any case - you can attempt to disable the (most likely) offending apps, being the "fota" components via adb:
(for this you need to enable "USB debugging" via "developer options": Settings -> about phone -> Build number -> Tap 7 times)
https://www.reddit.com/r/Android/comments/3eav7t/get_rid_of_unwanted_system_apps_adb_shell_pm_hide/
https://forum.xda-developers.com/lg-g3/general/disable-apps-root-disabled-disable-t3491624
https://android.stackexchange.com/questions/56620/enable-and-disable-system-apps-via-adb
Doing it the root way would be installing Magisk (= root) and purchasing & installing "Titanium Backup root" + the "Titanium Backup PRO Key root".
https://forum.xda-developers.com/xp...peria-x-to-t3785135/post76404647#post76404647
How exactly to do that:
others please chime in
Hope that helps in any way
zacharias.maladroit said:
In any case - you can attempt to disable the (most likely) offending apps, being the "fota" components via adb:
(for this you need to enable "USB debugging" via "developer options": Settings -> about phone -> Build number -> Tap 7 times)
https://www.reddit.com/r/Android/comments/3eav7t/get_rid_of_unwanted_system_apps_adb_shell_pm_hide/
https://forum.xda-developers.com/lg-g3/general/disable-apps-root-disabled-disable-t3491624
https://android.stackexchange.com/questions/56620/enable-and-disable-system-apps-via-adb
Click to expand...
Click to collapse
That's what I was looking for. IMHO this is the best variant if you don't want to upgrade or unlock your bootloader. You should give it a try!
Do not worry
good afternoon
Since you have a "limitation" I will try to guide you as best as possible in what you want to do.
I do not know how the "spectrum of autism" works, but if I'm too technical, you can mention it and I can try to break down a bit more what I'm trying to say.
First, Sony as a company that creates devices with "updates" will always sell the idea that the updates are irreversible, is common and normal in the software and telecommunications companies so it goes without saying that they "destroyed your phone " second: no, it was not necessary to buy another phone, with which you had the problem could be solved only if it is normal that among "non-technical" users are at a crossroads when updates make notable changes to the system and often create confusion.
Now, your simplest solution is to find a trustworthy technical service that can return your phone to a later version for which you are more familiar. probably this version is the initial with which the phone came at the time of its release to the market, in this case with xperia x was 6.0.1 named with its own name as "marsmallow".
then, if what you want is to try to solve it for yourself there is a lot of information in this forum, very helpful and in some cases quite explained so that less experienced users manage to make various changes or modifications to their phones.
take it easy, an update does not damage your phone, it is understandable that you feel fear or disappointment but these things that you tell us that happened to you with your phone have a solution, if you want more information I can help you through this means. or you can read and inform yourself about everything that goes with it.
Finally, words like: fastboot, root, flashtools, are just slang for processes that are not usually so complicated, there are even videos on YouTube that explain them very detailed.
luck and I hope your problem can be solved :laugh:
PS: I'm sorry for my bad English
winsters said:
good afternoon
Since you have a "limitation" I will try to guide you as best as possible in what you want to do.
I do not know how the "spectrum of autism" works, but if I'm too technical, you can mention it and I can try to break down a bit more what I'm trying to say.
First, Sony as a company that creates devices with "updates" will always sell the idea that the updates are irreversible, is common and normal in the software and telecommunications companies so it goes without saying that they "destroyed your phone " second: no, it was not necessary to buy another phone, with which you had the problem could be solved only if it is normal that among "non-technical" users are at a crossroads when updates make notable changes to the system and often create confusion.
Now, your simplest solution is to find a trustworthy technical service that can return your phone to a later version for which you are more familiar. probably this version is the initial with which the phone came at the time of its release to the market, in this case with xperia x was 6.0.1 named with its own name as "marsmallow".
then, if what you want is to try to solve it for yourself there is a lot of information in this forum, very helpful and in some cases quite explained so that less experienced users manage to make various changes or modifications to their phones.
take it easy, an update does not damage your phone, it is understandable that you feel fear or disappointment but these things that you tell us that happened to you with your phone have a solution, if you want more information I can help you through this means. or you can read and inform yourself about everything that goes with it.
Finally, words like: fastboot, root, flashtools, are just slang for processes that are not usually so complicated, there are even videos on YouTube that explain them very detailed.
luck and I hope your problem can be solved :laugh:
PS: I'm sorry for my bad English
Click to expand...
Click to collapse
your English is perfect <3 WOW!
please convert my graffiti, gibberish instructions to your perfect English Guide <3
1 . https://forum.xda-developers.com/showpost.php?p=72141176&postcount=7 ( wrote few months ago)
2. https://forum.xda-developers.com/showpost.php?p=76429289&postcount=7 ( wrote recently)
3. https://forum.xda-developers.com/showpost.php?p=76484508&postcount=2 ( wrote recently)
Gray47Maxx said:
That's strange. My phone was fast as hell on all of the Oreo ROMs. Maybe I haven't noticed any heatups, because I have the latest revision (and mfg date is 06.2017) and everything is OK with the hardware there, so it just CAN'T heat up in my case...
Anyways, maybe you should try XGEN + FSC + Debloater?)
Click to expand...
Click to collapse
I am too facing problems in oreo, and will probably go bak to 6 for more mods / better battery life
Follow the instruction of your OS (GrapheneOS or CalyxOS) as normal, then just before locking the bootloader back follow the guide here. The end result is a OS with Magisk and root, but the bootloader can not be lock again (because of the root process).
So, if you would like to be able to record call, block advertisement and enjoy your device because it is your freedom to do with your device what ever you want, root your OS.
PS, if security is more important then privacy, rooting is not the way to go, at the moment I didnt find how to maintain both
Old news.
And technically, you CAN relock the bootloader if you wanted to, by resigning everything. There's links (somewhere, you'll have to search for it) to a program on git that someone wrote to do this, but I haven't tried it.
The reality is that locking the bootloader really doesn't do much for you. It might protect you a BIT if you lose physical control over it, but when you lose physical control over a device, you have to assume that its been compromised anyway.
Locking the bootloader will be essential in the future when Google enforces Hardware Backed attestation for those who use contactless payments.
This is good to know.
shoey63 said:
Locking the bootloader will be essential in the future when Google enforces Hardware Backed attestation for those who use contactless payments.
This is good to know.
Click to expand...
Click to collapse
Source?
96carboard said:
Source?
Click to expand...
Click to collapse
It's all in This thread
Edit: More reading Here
shoey63 said:
It's all in This thread
Edit: More reading Here
Click to expand...
Click to collapse
Your links seem to be showing something about current issues that people are having, not about something "in the future" regarding enforcement of locked bootloader.
Edit: what I'm looking for is some statement from gooble that they intend to make some changes with respect to this, otherwise it appears to be just speculation.
Edit 2: The subject is also pretty off topic, since there's a good chance that it doesn't come into play at all with graphene or calyx, both of which do NOT include integrated binary gooble services. Graphene goes to a lot of trouble to make it installable, but strongly isolated from everything else, which includes restricting hardware status flags from being readable by it. Calyx promotes microG.
96carboard said:
Old news.
And technically, you CAN relock the bootloader if you wanted to, by resigning everything. There's links (somewhere, you'll have to search for it) to a program on git that someone wrote to do this, but I haven't tried it.
The reality is that locking the bootloader really doesn't do much for you. It might protect you a BIT if you lose physical control over it, but when you lose physical control over a device, you have to assume that its been compromised anyway.
Click to expand...
Click to collapse
It may be old news for you, I didnt find it anywhere. That is why I posted it here, just in case there are people like me that looking for that answer.
Asking in the GrapheneOS chats, I only got an answer that rooting is not supported and not recommended.
Since I'm using call recorder to my work and will be glad to block advertisements locally, and god forbid, I also would like to use either Graphene or CalyxOS.
I dont see other way around it unless using root.
Can you please send your links for looking back the bootloader? that will be awesome. Thanks!
HQwarp said:
Can you please send your links for looking back the bootloader? that will be awesome. Thanks!
Click to expand...
Click to collapse
Use the search bar at the top of the screen, or read through all the other threads in the 6 and 6pro forums, that's what I would have to do to find it for you.
96carboard said:
Use the search bar at the top of the screen, or read through all the other threads in the 6 and 6pro forums, that's what I would have to do to find it for you.
Click to expand...
Click to collapse
Very sad respond from you. You can be helpful and point me to the right direction and with less arrogance attitude of yours...
XDA is a place to share knowledge, not to show your arrogance on how good you are to type in google search.
FYI, if anyone want to sign the bootloader after using Magisk this is probably the way
Rooting Graphene/Calyx/LeOS/DivestOS/eOS/CopperHead completely defeats t he purpose as now it gives potentially a malicious app root abilities.
As the head of Graphene's Twitter once said "but why... that opens so many security risk doors"|
You can't re-lock the bootloader with root unless you create a new avb-key. Don't bother rooting security roms, its pointless.
Yes, you are right, it is lowering the security of the phone. But, that's ok, each one with his use case of attack. If it is ok for you to use your phone without sudo, good for you. Since I'm not Edward Snowden and I'm not afraid to use sudo on my machines, and when I do, I know enough when and how to use it.
Therefore, I don't see why I can't use sudo on my phone. Especially when some of us do need our phone to perform tasks that currently are not supported by Security oriented OS as you mentioned, AND also do want to lower our information footprint on the net. For this case using sudo on the formation ROMs seems ideal.
HQwarp said:
Very sad respond from you.
Click to expand...
Click to collapse
Very sad that you expect to be spoon fed when you have the capacity to search for yourself.
to make it easier for people who may look for it (I was one of those people)
this is that script mentioned earlier which will allow you to resign the rom to allow you to lock the bootloader with Magisk https://forum.xda-developers.com/t/...s-and-add-adb-root-and-other-changes.4440367/
This is exactly what I needed https://github.com/chenxiaolong/avbroot
I believe so anyway, still actually trying to get it to work, just need to setup android studio as far as I can make out
then you can easily patch the rom with magisk and sign it with your own keys
And this information could be useful as well https://forum.xda-developers.com/t/signing-boot-images-for-android-verified-boot-avb-v8.3600606/
FireRattus said:
to make it easier for people who may look for it (I was one of those people)
this is that script mentioned earlier which will allow you to resign the rom to allow you to lock the bootloader with Magisk https://forum.xda-developers.com/t/...s-and-add-adb-root-and-other-changes.4440367/
Click to expand...
Click to collapse
So how would this work? Would I have to unlock and wipe after every update
cammykool said:
So how would this work? Would I have to unlock and wipe after every update
Click to expand...
Click to collapse
I have been working on this when I have had time, I have been able to successfully flash Graphene with Magisk and lock the bootloader, turning what I learned into this guide https://forum.xda-developers.com/t/lock-boot-loader-magisk-root-grapheneos.4510295/
I believe there is a way to update with signed OTA files that are patched with Magisk, using AVBRoot that I use in the guide
I haven't figured this part out yet. it took me long enough just to work it out for the firmware/system rom but I will definitely be trying and updating the guide as I learn more about the process
FireRattus said:
I have been working on this when I have had time, I have been able to successfully flash Graphene with Magisk and lock the bootloader, turning what I learned into this guide https://forum.xda-developers.com/t/lock-boot-loader-magisk-root-grapheneos.4510295/
I believe there is a way to update with signed OTA files that are patched with Magisk, using AVBRoot that I use in the guide
I haven't figured this part out yet. it took me long enough just to work it out for the firmware/system rom but I will definitely be trying and updating the guide as I learn more about the process
Click to expand...
Click to collapse
That sounds extremely promising.
Since proton is obsolete now, I'm searching for a rom with sandboxed google play that I can root. Rooting GrapheneOS seems to be the only way for that.
Locking bootlaoder doesn't really matter to me, but rooting graphene and then being able to dirty flash updates later (I don't care about OTAs, even if it's cool and comfortable) is important.
How would you update graphene right now when you're rooted? Just dirty flash the new rom, then flash patched boot.img?
Spl4tt said:
That sounds extremely promising.
Since proton is obsolete now, I'm searching for a rom with sandboxed google play that I can root. Rooting GrapheneOS seems to be the only way for that.
Locking bootlaoder doesn't really matter to me, but rooting graphene and then being able to dirty flash updates later (I don't care about OTAs, even if it's cool and comfortable) is important.
How would you update graphene right now when you're rooted? Just dirty flash the new rom, then flash patched boot.img?
Click to expand...
Click to collapse
If you don't care about locking the boot loader you do lose some physical security advantages of it
but it does make the process easier, I believe you should just be able to use AVBRoot as it's intended
GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
Maintain Android Verified Boot using a custom key while rooted with Magisk - GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
github.com
Once you have completed all the initial steps then updates are as simple as
Follow step 6 in the previous section to patch the new OTA (or an existing OTA with a newer Magisk APK).
Reboot to recovery mode. If stuck at a No command screen, press the volume up button once while holding down the power button.
Sideload the patched OTA.
Reboot.
Click to expand...
Click to collapse
FireRattus said:
If you don't care about locking the boot loader you do lose some physical security advantages of it
but it does make the process easier, I believe you should just be able to use AVBRoot as it's intended
GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
Maintain Android Verified Boot using a custom key while rooted with Magisk - GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
github.com
Once you have completed all the initial steps then updates are as simple as
Click to expand...
Click to collapse
If updating is that easy with a locked bootloader I'm gonna try this. Thanks for your efforts man
Anyone know if I can I expect the same procedures to work for GOS installed on a Pixel 5 or 4?
Hello out there,
it might be an easy question for some of you, so please be so kind and help me out: I highly appreciate your answers.
--
The Samsung Bootloader, which can't be changed due to the burning of the eFuse (yet I do not understand, why one can't use the same method of digitally signing an own bootloader and load it onto the flash without burning the eFuse) boots from a certain file on the flash, which should be Linux-Standard /boot/vmlinuz.
Why can't one backup the whole flash with Samsung Tools and install an own Linux System to boot from?
I now know that the kernel protection is based on a google development, where several virtual machines are loaded and one of those is then the Android System and Kernel, with a Platform where the Apps can be started from (Dalvik) and this virtual machine can be checked for manipulations - so to speak: Software protection = of no use for me or my choice to implement or program my own version of such a protection, but it has nothing to do with a hardware based (knox) protection. Is this correct?
(I do not want to blow the fuse, but use a custom rom. Any solution for this?)
--
I could analyse the open source code of Android and maybe able to initialize an update process, which might replace the whole file system, but doing so might be a bit dangerous if you don't know what you're doing.
Thanks for answering.
TheLazyGuyDE
TheLazyGuyDE said:
(...)
(I do not want to blow the fuse, but use a custom rom. Any solution for this?)
(...)
Click to expand...
Click to collapse
You have already received an answer in your previous threads.
So I don't understand why you keep asking the same thing.
Let me specify my question:
I asked the question in relation to a customization of the bootloader, but I didn't ask it in relation to probably existing Tools, maybe from Samsung (I don't know), which might backup the flash and may be able to put something onto the flash or is this not possible? Why should I change the bootloader (and blow the fuse) if I have all the functionality I need already on the phone? - That's the question.
I've heared something about "download mode" where you can communicate with the smartphone and I've watched a custom rom installation.
I think the installed bootloader is able to backup and restore. But will installation of a custom rom do anything that isn't reversible (like blowing the fuse)?
Or is it fully reversible if I some day re-install the backup I made prior to installing the custom rom?
Is it possible to directly mount the flash under Linux?
Is the bootloader itself directly in the knox-chip? How should the chip otherwise recognise that the bootloader changed?
(a brief overview would be nice)
As you can see: I am very careful and I don't want to do anything wrong, which I'd definitely repent later on. "Just go ahead" without careful planning is not my style. That's the reason why I want to know everything before I start.
I appreciate every answer.