Related
Hello everybody,
I created a tool - initially for the nexus 9 (flounder|flounder_lte) - that gets rid of the ForceEncrypt flag in a generic way (meaning it should work no matter what rom you are on). It does that by patching the currently installed boot.img.
I enhanced that tool to make it work for other devices too. (See the list below to see if your device is supported)
Disclaimer
Code:
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about the features in this tool
* before using it! YOU are choosing to make these modifications, and if
* you point the finger at me for messing up your device, I will laugh at you. Hard. A lot.
*/
Background
The Android CDD (Compatibility Definition Document) suggests demands that all devices with the appropriate horse power SHOULD MUST enable full disk-encryption (FDE) by default. Even though I support every step towards more security I have to criticize this approach. Full-disk-encryption comes at a price. Encryption takes time because some component has to de- and encrypt the stuff on the disk at some point and in current devices it's the CPU's task. Even though modern devices have quite fast CPU cores you can still easily feel the difference between FDE in the on- or off-state. The I/O is faster and boot-times take only half as long. (I did not do any scientific measurements though)
There is an ongoing discussion about this topic in cyanogenmod's gerrit for the nexus 9. Although it's a fun read it is pretty clear that this exchange of views is not going anywhere near a useful outcome. Additionally, Google's stock ROMs always have forced encryption enabled on newer devices.
Because performance is important to me and at least my tablet does not need the extra security I created the FED-Patcher (ForceEncrypt Disable Patcher).
How does it work?
FED-Patcher is a simple flashable ZIP that is supposed to be run in a recovery that has busybox integrated (like TWRP or CWM). This is what it does:
Checks if your device is compatible
Dumps the currently installed boot.img.
Unpacks the dump of your currently installed boot.img. The unpacking process is done via a self-compiled, statically linked version of unmkbootimg.
It patches the filesystem tables which include the force-encrypt flags. This process will change "forceencrypt" to "encryptable".
Then, if necessary, it patches the filesystem tables to not use dm-verity. This is done by removing the "verify" mount-parameter.
Creates a new boot.img. The unpacking process is done via a self-compiled, statically linked version of mkbootimg.
Flashes the modified boot.img
Supported devices
HTC Nexus 9 WiFi (flounder)
HTC Nexus 9 LTE (flounder_lte)
Motorola Nexus 6 (shamu)
LG Nexus 5X (bullhead)
Huawei Nexus 6P (angler)
Version History
v1 - Initial version with HTC Nexus 9 WiFi (flounder) support
v2 - Added Motorola Nexus 6 (shamu) support
v3 - Added support for HTC Nexus 9 LTE (flounder_lte)
v4 - Added support for signed boot-images
v5 - Changed error handling to compensate for missing fstab files. Some roms seem not to ship with the complete set of boot-files from AOSP.
v6 - FED-Patcher will enforce the same structure for the patched boot.img that the original boot.img had. Additionally, the kernel commandline will also be taken over. This should fix pretty much every case where devices would not boot after patching.
v7 - FED-Patcher will now disable dm-verity in fstab to get rid of the red error sign on marshmallow roms.
v8 - Added support for LG Nexus 5X (bullhead) and Huawei Nexus 6P (angler)
What do I need to make this work?
A supported device
An unlocked bootloader
An already installed ROM with forceencrypt flag. (like cyanogenmod CM12.1)
A recovery that includes busybox (TWRP, CWM)
How do I use it?
Make a thorough, conservative backup of your data if there is any on your device
Go into your recovery (TWRP, CWM)
Flash fed_patcher-signed.zip
If your device is already encrypted (You booted your ROM at least once) you need to do a full wipe to get rid of the encryption. This full wipe will clear all your data on your data-partition (where your apps as well as their settings are stored) as well as on your internal storage so please, do a backup before. If you don't do a backup and want to restore your data... well... Call obama.
How do I know if it worked?
Go into your "Settings"-App. In "Security", if it offers you to encrypt your device it is unencrypted. If it says something like "Device is encrypted" it indeed is encrypted.
IMPORTANT: If you update your ROM you have to run FED-Patcher again because ROM-updates also update the boot-partition which effectively removes my patch. So, if you are on CM12.1 for example and you used my patch and do an update to a newer nightly you have to run FED-Patcher again. If you don't do so Android will encrypt your device at the first boot.
Is it dangerous?
Well, I implemented tons of checks that prevent pretty much anything bad from happening. But, of course, we're dealing with the boot-partition here. Even though I tested FED-Patcher quite a lot there is still room for crap hitting the fan.
Screenshot
Scroll down to the attached thumbnails.
Credits
* pbatard for making (un)mkbootimg (dunno if he is on xda)
* @rovo89 for his xposed framework - I used some of his ideas by reading the source of his xposed installer flashable ZIP for FED-Patcher.
GibHub: https://github.com/gladiac1337/fed-patcher
XDA:DevDB Information
FED-Patcher, Tool/Utility for all devices (see above for details)
Contributors
gladiac, rovo89
Version Information
Status: Beta
Current Beta Version: v8
Beta Release Date: 2015-10-27
Created 2015-10-27
Last Updated 2016-10-23
Hi @gladiac and first of all thanks for the work and time spent developing this amazing tool.
I'm currently running stock Marshmallow on my Nexus 6 and i plan to stay like that, but would like to test my device with ForceEncrypt disabled. Here are my doubts.
1 - Does this work on stock?
2 - Would i be able to flash the monthly security update images without having to wipe my device every time?
3 - In your opinion, do the speed gains justify the all the work?
Thanks in advance.
cyberon said:
Hi @gladiac and first of all thanks for the work and time spent developing this amazing tool.
I'm currently on stock Marshmallow and i plan to stay like that, but would like to test my device with forcencrypt disabled. Here are my doubts.
1 - Does this work on stock?
2 - Would i be able to flash the monthly security update images without having to wipe my device every time?
3 - In your opinion, do the speed gains justify the all the work?
Thanks in advance.
Click to expand...
Click to collapse
Hi @cyberon,
good questions!
Yes, FED-Patcher works on stock! Marshmallow made it necessary to do a new release, v7, to get rid of an error message at boot but other than that, FED-Patcher works just fine on Android 6.
Well, I don't know how the monthly security-updates will be deployed. I guess it will be done by OTA (Over the Air) updates. OTA will probably not work after modifying the boot-image. However, flashing factory images should work just fine. Additionally, most of the time, OTA-zips are being posted here on xda or androidpolice whenever they become available so doing manual OTA updates is another possibility to do updates.
To get back to your question - wiping should not be necessary after an upgrade - be it via OTA or factory images. Google did a fantastic job with the upgrade-functionality in newer Android versions. However, whenever you do an update, be sure to run FED-Patcher afterwards because, in case the boot-partitions got updated, forced encryption will be in place again and on the first boot it will encrypt you device.
Well, I do all my tests on a HTC Nexus 9 (flounder). It is a pretty fast beast. However, on an unmodified stock rom, it was clearly tangible that the GUI had more latency than necessary. Apps loaded pretty slowly - compared to my Sony Xperia Z1 (honami) it took like twice as long to start youtube - and in general it just did not behave like a beast. This was why I started writing FED-Patcher. In my opinion it was worth my time. (it wasn't that much actually)
I hope I could help.
Enjoy, gladiac
Thanks for the quick and detailed answer @gladiac, now regarding point number 2.
I never wait for the OTA, but always flash the images manually.
As far as i understand from your answer, it would it be ok to flash all the img files manually, then flash TWRP and finally flash FED without booting the OS.
Am i missing something?
cyberon said:
Thanks for the quick and detailed answer @gladiac, now regarding point number 2.
I never wait for the OTA, but always flash the images manually.
As far as i understand from your answer, it would it be ok to flash all the img files manually, then flash TWRP and finally flash FED without booting the OS.
Click to expand...
Click to collapse
That's pretty much how I would do it. You don't even have to flash TWRP if you just skip flashing the recovery.img which is included in the factory-image package.
Thanks @gladiac, will try that way.
PS: I have a feeling that if we had this option added to a toolkit like Wugfresh Nexus Root Toolkit, it would be an instant success.
hi @gladiac
first of all thanks for your patch
I'm on Nexus 6 with stock Marshmallow and all I want to do is disable encryption and enable root.
Is your patch + SuperSU enough or I need something else?
Thanks a lot
Worked on my N9 - thanks!
provolinoo said:
hi @gladiac
first of all thanks for your patch
I'm on Nexus 6 with stock Marshmallow and all I want to do is disable encryption and enable root.
Is your patch + SuperSU enough or I need something else?
Thanks a lot
Click to expand...
Click to collapse
Hi @provolinoo,
well, FED Patcher will disable the forced encryption for you. However, SuperSU will not work so easily. The reason for that is that the stock ROM has SeLinux enabled in "enforcing" mode. SuperSU does not work without adding more SeLinux Policies to the stock ROM. Unfortunately, it's not in the scope of FED Patcher to add SeLinux policies for SuperSU. This should be done inside the flashable ZIP of SuperSU instead.
The last time I tested SuperSU with marshmallow stock was with version 2.52 BETA. It did not work. The result was a boot-loop because of one or more SeLinux denials. A little more info on that matter is here.
So, to get SuperSU working you would have to set SeLinux to "permissive" mode. Alternatively, you can use @Chainfire's boot.imgs to make SuperSU work.
Have fun, gladiac
Thank you gladiac. Your FED patcher (v8) works flawlessly on my Nexus 9. Edit: I am using TWRP 2.8.7.1
The gerrit conversation you linked is interesting. I am grateful that someone with your skills decided to support our ability to choose whether or not to encrypt. CM thinks I am smart enough for root priveleges but I am too stupid to be trusted with decryption?
Don't some major vendors allow the disabling of encryption from within Android?
Anyway, thanks for the patcher.
dmantilal said:
Thank you gladiac. Your FED patcher (v8) works flawlessly on my Nexus 9.
The gerrit conversation you linked is interesting. I am grateful that someone with your skills decided to support our ability to choose whether or not to encrypt. CM thinks I am smart enough for root priveleges but I am too stupid to be trusted with decryption?
Don't some major vendors allow the disabling of encryption from within Android?
Anyway, thanks for the patcher.
Click to expand...
Click to collapse
I agree, I love CM roms but their decision to force encryption when most of cm users are power-user is a nonsense
Sooo....basically, I cannot use a stock Marshmallow that is FEDpatched and with root (using SuperSU, unless there is alternative)? If I want those, I have to get one of the custom ROMs?
EDIT: also, I tried using Chainfire's modified boot. It is stated that it will disable the forceencrypt. It didn't work in mine, still encrypted.
jamesalfred said:
Sooo....basically, I cannot use a stock Marshmallow that is FEDpatched and with root (using SuperSU, unless there is alternative)? If I want those, I have to get one of the custom ROMs?
EDIT: also, I tried using Chainfire's modified boot. It is stated that it will disable the forceencrypt. It didn't work in mine, still encrypted.
Click to expand...
Click to collapse
Did you follow the directions and format the entire "data" partition?
dmantilal said:
Did you follow the directions and format the entire "data" partition?
Click to expand...
Click to collapse
I too have the same problem didnt work for me.
im on the the new 6.0 L build but went ahead and flashed the modified boot image for K build just so I could flash the TWRP img.
Once TWRP was installed, I installed the Fed path ZIP and that went well supposedly. and then after that I did a factory reset, then I WIPED the DATA, CACHE and Dalvik.. I rebooted setup my device and it still shows encrypted.
nextelbuddy said:
I too have the same problem didnt work for me.
im on the the new 6.0 L build but went ahead and flashed the modified boot image for K build just so I could flash the TWRP img.
Once TWRP was installed, I installed the Fed path ZIP and that went well supposedly. and then after that I did a factory reset, then I WIPED the DATA, CACHE and Dalvik.. I rebooted setup my device and it still shows encrypted.
Click to expand...
Click to collapse
It did not work because you did not follow the directions.
Flash TWRP. Flash FED. Full wipe (or format, depending on your choice of terminology). OP goes on to clarify by saying "This full wipe will clear all your data on your data-partition (where your apps as well as their settings are stored) as well as on your internal storage so please, do a backup before.", meaning if you did not lose everything on data, which includes "/sdcard", you most likely did it wrong.
Give us more info so we can help (assuming you fid it right initially).
P.S. - 6.0 is M(arshmallow), not L(ollipop).
dmantilal said:
Did you follow the directions and format the entire "data" partition?
Click to expand...
Click to collapse
dmantilal said:
It did not work because you did not follow the directions.
Flash TWRP. Flash FED. Full wipe (or format, depending on your choice of terminology). OP goes on to clarify by saying "This full wipe will clear all your data on your data-partition (where your apps as well as their settings are stored) as well as on your internal storage so please, do a backup before.", meaning if you did not lose everything on data, which includes "/sdcard", you most likely did it wrong.
Give us more info so we can help (assuming you fid it right initially).
P.S. - 6.0 is M(arshmallow), not L(ollipop).
Click to expand...
Click to collapse
i solved my issue. i was wiping DATA but not choosing internal storage. i did that and rebooted and now it says ENCRYPT not ENCRYPTED
THANKS!
so currently I have a modified boot image from the K build, TWRP and now a modifier boot.img kernel for no force encrypt BUT I am not rooted and dont plan on it. does this mean I can still get OTAs?> i would guess not since my boot image has been modified and i am unlocked? would i even want an OTA? wouldnt that just give me a stock boot.img again causing me to get encrypted on the next boot after OTA?
nextelbuddy said:
i solved my issue. i was wiping DATA but not choosing internal storage. i did that and rebooted and now it says ENCRYPT not ENCRYPTED
THANKS!
so currently I have a modified boot image from the K build, TWRP and now a modifier boot.img kernel for no force encrypt BUT I am not rooted and dont plan on it. does this mean I can still get OTAs?> i would guess not since my boot image has been modified and i am unlocked? would i even want an OTA? wouldnt that just give me a stock boot.img again causing me to get encrypted on the next boot after OTA?
Click to expand...
Click to collapse
Side-loading the OTA then following that with a FED flash seems much safer.
Loading an OTA directly would over-write the boot.img with a ForceEncrypt boot.img, logically Forcing Encryption (derp) at boot.
I am using chroma ROM which doesn't force encryption and my device is still encrypted. Can I still use this?
jamespat93 said:
I am using chroma ROM which doesn't force encryption and my device is still encrypted. Can I still use this?
Click to expand...
Click to collapse
You can if you want But if you want to unencrypt your phone, backup your ROM, copy sd content to your computer, wipe everything! in recovery (twrp) including Format Data, Factory reset, internal storage etc. Connect your phone while in recovery to your computer (you'll see 25.98GB instead of 23.03GB), copy sd content back to your phone, restore your rom backup and you'll be fine.
I can't get it work on Nexus 6 and chroma rom r26.
My steps: wipe everything, push folder (rom,patcher and gapps), flash chroma, flash gapps, flash patcher, wipe everything but system
after boot in setting/security it is again encrypted. what I am doing wrong?
Are any devs working on a method to repartition the Pixel? It seems that most flashing issues are due to the A/B partition scheme. Also, in the case of custom ROMs, the duplicate partitions are a waste of space (unless you want to dual boot, which doesn't work well either since the data partition is shared).
Anyway, it would be awesome if the Pixel could be repartitioned.
I think this is highly unlikely. The Nexus 7 had a laughably small system partition, which led to people being SOL when trying to get newer Android versions and gApps to work together. The other reason this is unlikely is because it's a pretty dangerous process (mess something up and you might completely brick the device, since factory images don't do any partitioning work), and this would modify the hashes used by SafetyNet, so there would be no easy way of passing the CTS checks.
The a/b partitions weren't made for dual booting, they were made for google and ota's/updates
Now, you can dual boot with the same custom rom, one rooted, the other non-rooted same with stock.
Sent from my Pixel using XDA-Developers Legacy app
creeve4 said:
Are any devs working on a method to repartition the Pixel? It seems that most flashing issues are due to the A/B partition scheme. Also, in the case of custom ROMs, the duplicate partitions are a waste of space (unless you want to dual boot, which doesn't work well either since the data partition is shared).
Anyway, it would be awesome if the Pixel could be repartitioned.
Click to expand...
Click to collapse
What space are you wasting? Its the system partition. The biggest reason I think that it exists is for the seamless updates. Its also a redundancy should you not be able to boot or an OTA fries your device.
The only issues I have ever had (and most of the ones I have encountered) were users not doing research. Its not hard to flash on this device, its just that details arent laid out very well and up to date in any one spot.
[Custom Rom] [K-Rom V.3] Huawei (Prague) PRA-LX1, PRA-LX2, PRA-LX3, PRA-LA1, Honor P8 Youth Edition, Huawei Nova lite.- EMUI 5 -Android 7-
Based on Huawei Firmware
C432B164 and Kangvip B373,
(Rebuild Honor 6x)
My rom was developed and tested on this device:
Huawei P8 lite 2017 (Prague)
Model Number: PRA-LX1
EMUI 5 build number: PRA LX1C432B164
-Ota updated
-free device without branding, with root and
-TWRP Recovery 3.1.1
The following mods were integrated and enabled:
- Startup manager in the Phone Manager
- Call Recorder
- KangVip Advanced Settings
- Viper 4 Android FX 2.5
If extensions or Xposed to come,
is updated immediately.
Whether the subsequent instructions on provider
Branding is applicable, I could not test.
Please backup your data with the Huawei backup app.
The Rom is installed so as if you wanted to restore a TWRP backup.
Before the rom installation, please make a TWRP backup
the system partition for emergencies !!
Requirements:
- TWRP Recovery
- Firmware B164
(other Firmware you must test)
Quick start Guide:
You are familiar with the subject and have the TWRP Recovery 3.1.1
already installed and created a backup on the SD card.
Download
2017-07-22--17-15-K-Rom.v3-system.boot.rar
(1:05 GB)
and unpack it. (not download as a zip).
This backup file
2017-07-22--17-15-K-Rom.v3-system.boot
please copy to the TWRP backup folder on the ExtSd and
restore the two partitions (boot and system).
All users applications, beyond the system, remain on the device.
An additional installation of SuperSu and
BusyBox is not necessary. Both were integrated
and configured. There are comprehensive read and write permissions.
If no root exists, or the Kangvip Settings do not work, root please with SuperSu from the attachment.
The rom is partly debloated. Some Google apps have been removed.
You can be installed from you if necessary. One can also do well with the HiApp.
If you're having trouble with Google sign-in, go to / system / priv-app / GmsCore / GmsCore.apk.
Exchange this app with this: ....
, set the rights to rw-r-r and reboot.
Or perform a normal installation.
With Google, there should be no more problems.
Do not activate the Addblocker and hide navbar in Kangvip Advanced Settings.
Both works only on chinaroms.
...... and remember: A custom rom is
never as perfect as stock.
Him you have ever teach something in between.
WARNING!!!
If all that worked on my device, it does not mean that it comes with all the others. To prevent follow exactly the instructions damage. The implementation is your risk.
Never make a factory reset in TWRP. Brick !!! Wipes only in the stock recovery.
Tip: The current Bricks were probably caused by TWRP. The data partition is missing or damaged. This is done by TWRP, which still produces errors. There is no TWRP that works properly. Immediately after a new update most anything goes. But at least after the Rooting come the problems. Then must not edit the data partition you. Only use TWRP to flash. Or make backups and restorings without data partition.
NOTE: Despite careful preparation I can not guarantee that through the implementation of this Guidance does not create damage to the device or operating system, and therefore assume no liability for ensuing damage and malfunction of hardware and software! If you are still unsure, follow these steps: Only perform the procedure if any mentioned conditions (model number, Android version, etc.) apply to you or your device. Read the instructions carefully and completely, check unfamiliar terminology by google or xda. Downloadet files check for viruses. A backup of important settings and data make. The instructions do not perform, if you do not know what you're doing.
This text was translated using Google Translate. Makes less mistakes than I do..
Thanks to: Kangvip, @Tecalote , Chainfire, Stephen (Stericson) + Jmz software, Team Win Recovery Project, and Huawei Technologies Co., Ltd.华为 技术 有限公司
All downloads are here:
This rom is being replaced by the K-Rom V.3.3!
File upload in progress .............................>>...... Finished !
Great
---------- Post added at 10:00 PM ---------- Previous post was at 09:59 PM ----------
When i ised this rom from honor 6x hijack, i noticed snapchat was malfunctioning. It was not usable. Is there any way to fix that?
aciupapa said:
Great
---------- Post added at 10:00 PM ---------- Previous post was at 09:59 PM ----------
When i ised this rom from honor 6x hijack, i noticed snapchat was malfunctioning. It was not usable. Is there any way to fix that?
Click to expand...
Click to collapse
I do not know. This rom is not the V.2 from the 6x, but completely redesigned on the LX1. Has a patched kernel.
ChinHon said:
I do not know. This Rome is not the V.2 from the 6x, but completely redesigned on the LX1. Has a patched kernel.
Click to expand...
Click to collapse
Ok, ill test it
Thank Youuuu
Is this rom was tweaked? and has better performance?
EXE bahotin said:
Is this rom was tweaked? and has better performance?
Click to expand...
Click to collapse
Yes !
ChinHon said:
Yes !
Click to expand...
Click to collapse
is seeder working? and Gl tools
No idea. Try it.
ChinHon said:
I do not know. This rom is not the V.2 from the 6x, but completely redesigned on the LX1. Has a patched kernel.
Click to expand...
Click to collapse
Ok, so all things do work, snapchat works. Except for Huawei Music player. It is not present here
How to restore it? ;/
ChinHon said:
No idea. Try it.
Click to expand...
Click to collapse
want to know when the data partition of TWRP will fixed?
aciupapa said:
Ok, so all things do work, snapchat works. Except for Huawei Music player. It is not present here
How to restore it? ;/
Click to expand...
Click to collapse
Install musik with HiApp.
EXE bahotin said:
want to know when the data partition of TWRP will fixed?
Click to expand...
Click to collapse
The developer is here.
https://forum.xda-developers.com/p8...on/recovery-twrp-huawei-p8-lite-2017-t3591762
@ChinHon
Good morning,
So glad you made this rom ! Thank you !!
May I install it on PRA-LX1C109B120 or do I try to restore your B164OtaUpdate backup (twrp) before ?
I wish I could... Thanks
I mean, it does not work. Do not try it. Download the rescue rom and make all updates up to the B164. Then you can take the k-rom. Please follow exactly the instructions.
ChinHon said:
I mean, it does not work. Do not try it. Download the rescue rom and make all updates up to the B164. Then you can take the k-rom. Please follow exactly the instructions.
Click to expand...
Click to collapse
I understand that you need to be on B164 then restore your K-ROM.
However, in some regions, we don't have B164, and we have the B160 instead. I do believe the naming convention may be different but they must be one and the same. Do you think this would work on a B160?
Some users have just reported to me that the rom runs on these 432 versions : B100, B103, B110, B118 and B120. It is possible that the region does not matter. Only the boot and system are replaced. Cust and vendor remain unaffected. We will only know it when it has been tested. On android -hilfe I would say: Hop hop guys, starts to flash. Here I always advise caution. Have been badly insulted.
no root for me
euricoalex said:
no root for me
Click to expand...
Click to collapse
For me also, was rooted by Magisk. Advanced K settings app also wont start. Going back.
Hey,
how to get rid off encryption of the storage but in WORKING way? A lot of people say to format data but that is bull****. Whenever I install Superman rom I get encryption back after reboot. There is no way to prevent that?
Instruction in rom's thread for beginner is quite misleading, even if written for beginner.
Burgscheinkerkdeiktraast said:
Hey,
how to get rid off encryption of the storage but in WORKING way? A lot of people say to format data but that is bull****. Whenever I install Superman rom I get encryption back after reboot. There is no way to prevent that?
Instruction in rom's thread for beginner is quite misleading, even if written for beginner.
Click to expand...
Click to collapse
Samsung added quota support in their Oreo update for the /data partition.
You should check out this post of Tkkg1994:
https://forum.xda-developers.com/gal...2#post77296102
Tkkg1994 added quota support in that TWRP version he links in his post.
Don't use the official or twrp version in the 1st post, because those don't have the quota support yet.
https://forum.xda-developers.com/ga...rp-herolte-t3333770/post77296102#post77296102
Thank you guys, it worked.
My first impression of the Oreo is mixed, especially camera which has terrible UI compared to Nougat. Gonna test it
Hi, a couple of days ago ArsTechnica reported a 0-day vulnerability with a fully disclosed PoC for root privilege escalation on MiA1 devices and more... I was wondering if it could be used to create a gcam activator without all the hassles of temporary rooting and rebooting with the volume key and never booting into recovery again unless you want a data wipe. Is there anyone with the required skills to try this out?
Found this today:
https://arstechnica.com/information-technology/2019/10/attackers-exploit-0day-vulnerability-that-gives-full-control-of-android-phones/
Should A1 owners be worried?
I think it can be patched in a custom kernel, if it isn't already.
Niyix said:
I think it can be patched in a custom kernel, if it isn't already.
Click to expand...
Click to collapse
I'm not worried about the vulnerability (it will get patched, eventually) - quite the opposite! I think that it could be extremely handy to enable the Camera2 API without having to root with TWRP/tools and risking a device wipe. I can't post the actual exploit proof of concept because I'm a new user here, but the code is reachable from the project zero bug report. Running a process with root privileges would make writing the extra props in the build.properties file way easier. Of course I'm not an Android dev and I could be wrong in many ways... that's why I was asking here.
If you are on Pie, you are safe.
The original bug entry states that it affect Oreo:
...
Other devices which appear to be vulnerable based on source code review are (referring to 8.x releases unless otherwise stated):
1) Pixel 2 with Android 9 and Android 10 preview (https://android.googlesource.com/kernel/msm/+/refs/heads/android-msm-wahoo-4.4-q-preview-6/)
2) Huawei P20
3) Xiaomi Redmi 5A
4) Xiaomi Redmi Note 5
5) Xiaomi A1
...
Click to expand...
Click to collapse