I have a rooted pixel 2 and an unlocked bootloader, but my company requires me to install MobileIron on my device. I can't seem to find a workaround for MobileIron, so it looks like I need to unroot and relock my bootloader.
1. Does anyone know how to get MobileIron up and running on a rooted device?
2. If no, can I unroot without losing any apps/data? I presume this should be possible, even though re-locking the bootloader might not be possible without losing the apps/data.
3. What about relocking the bootloader? I imagine it will be trickier than just going into developer options and unchecking the allow OEM unlocking box, but maybe that's all it takes?
Have you tired magisk hide? That's sytemless root and many security required apps are fooled by hiding root.
Unfortunately that doesn't work. Would uninstalling Magisk from inside the manager cause me to lose data?
No1ustad said:
I have a rooted pixel 2 and an unlocked bootloader, but my company requires me to install MobileIron on my device. I can't seem to find a workaround for MobileIron, so it looks like I need to unroot and relock my bootloader.
1. Does anyone know how to get MobileIron up and running on a rooted device?
2. If no, can I unroot without losing any apps/data? I presume this should be possible, even though re-locking the bootloader might not be possible without losing the apps/data.
3. What about relocking the bootloader? I imagine it will be trickier than just going into developer options and unchecking the allow OEM unlocking box, but maybe that's all it takes?
Click to expand...
Click to collapse
As far as your third question goes, to relock the bootloader, you don't uncheck allow OEM unlocking. You do the same as when you unlocked it. Plug it into your computer, boot to fastboot mode and, instead of typing fastboot flashing unlock, you type fastboot flashing lock. That's all there is to it. You want to be completely stock when you do it. Can't remember if it wipes the device though.
To unroot without losing your data, download the latest factory image, remove the -w in the flashall.bat file (don't forget to save it after you edit it) . Plug the phone into a computer and then run the flashall.bat file that you edited.
Related
Is it possible to pull the 33R OTA package off the OnePlus One site (or anywhere else), and flash the package (via fastboot), on an "exploited" bootloader. In my case, I have an original OnePlus One with the old bootloader, which can be exploited, so that I can do stupid stuff, without unlocking the bootloader. Is it possible to extract the bootloader from a 33R edition (or greater) CM11s ROM, and only flash the /system and other partitions without overwriting my exploited bootloader. (I.e. flash the individual packages via fastboot)
You might ask me why I want to keep the old, unsecure bootloader on my OPO? Cause I don't want to constantly lock/unlock the bootloader after each OTA, and also because I like my OPO that way. (I'm on 25R at the moment)
Why do you think you need to lock/unlock the bootloader for an OTA? That isn't true at all. Just unlock it, leave it unlocked, and you never need to worry about it again.
Transmitted via Bacon
timmaaa said:
Why do you think you need to lock/unlock the bootloader for an OTA? That isn't true at all. Just unlock it, leave it unlocked, and you never need to worry about it again.
Transmitted via Bacon
Click to expand...
Click to collapse
The bootloader is there for a 2nd security measure, in case your phone falls into the wrong hands. After you're done rooting and messing about with the phone, you'd relock the bootloader, so if someone tries to hack your phone via root shell, they would have to wipe the phone. For whatever reason, I want to keep my exploitable bootloader, but also update at the same time. AFAIK, the bootloader has no effect on the Android OS, so I was asking whether I could flash every package, except the bootloader, via fastboot. I know keeping the exploitable bootloader is a stupid thing to do, but it's just as stupid as leaving the bootloader unlocked after rooting.
Desolutional said:
The bootloader is there for a 2nd security measure, in case your phone falls into the wrong hands. After you're done rooting and messing about with the phone, you'd relock the bootloader, so if someone tries to hack your phone via root shell, they would have to wipe the phone. For whatever reason, I want to keep my exploitable bootloader, but also update at the same time. AFAIK, the bootloader has no effect on the Android OS, so I was asking whether I could flash every package, except the bootloader, via fastboot. I know keeping the exploitable bootloader is a stupid thing to do, but it's just as stupid as leaving the bootloader unlocked after rooting.
Click to expand...
Click to collapse
The chances are if your phone was to be stolen, the thief wouldn't even know a thing about what a bootloader is. As what Tim said, there's no reason to leave your bootloader locked again unlocking.
Take a look into cerberus if you want recovery mode protection for anti theft if you're worried. And no it isn't "stupid" to leaving the bootloader unlocked after rooting, re unlocking would cause the phone to be wiped on your part.
Well I'll give it a shot, and see what happens,
Surely the OTA doesn't need to reflash the bootloader, it's just there as an exploit fix.
DISCLAIMER: Any guides/suggestions/workarounds posted here are to be taken at your own risk. Any bricks/lockouts/otherwise unusable devices are your own responsibility. No support will be provided, unless someone takes it upon themselves to help you out.
Situation:
Updates to Google's SafetyNet is checking for unlocked bootloader, if your bootloader is unlocked, SafetyNet will error, preventing you from being able to use Android Pay, even if you're on a stock, unrooted, but otherwise unlocked bootloader.
Problem:
Many of you might feel that you won't ever give up your custom ROMs, Mods, Xposed, etc., that you've grown to love and accept as the norm in the community (heck, that's why I've been using Nexus forever!), and some of you might even feel that you won't let Google dictate whats allowed/disallow on your device, and might try combination of solutions to try and get one up on Google, by locking your bootloader, and experiment trying to get Android Pay to work on a Custom ROM/etc.
Danger:
There is a very real risk that you might brick your device if you lock your bootloader while not using stock firmware.
Discussion:
I've been a member of this community for a while now, and while not a programmer, developer myself, I am more tech savvy then most of the people I surround myself with. Given this, I wanted to try and give back by proposing this thread, a place where many of you, more experienced, and less experienced, than myself can share their concerns, thoughts, solutions, theories, as how to safely get Android Pay working with our beloved custom ROMs/Mods with the new Google updates.
So please, feel free to brainstorm/propose/ponder below your thoughts/suggestions/theories/solutions to the above state issue. I will try and update this first post with anything that we determine below as safe course of this adventure(misadventure?).
I'll first link to some light reading by @Chainfire - http://forum.xda-developers.com/showpost.php?p=68424605&postcount=2 to give you an idea why all of this is happening.
Solutions/Theories/Tests:
Hoping I didn't just make a useless thread, on Chainfire's suhide thread, http://forum.xda-developers.com/apps/supersu/suhide-t3450396
did release (2016.10.07 - v0.54 - RELEASE NOTES- Fix for latest SafetyNet update) bypass unlocked bootloader check?
Ok, forward and onward.
Some of my concerns with locked bootloader:
1. - With a locked bootloader, a custom recovery (TWRP), and a custom ROM, a few things can go wrong, like ROM not booting, with OEM unlocking disallowed in developer options. Provided that you didn't set a pattern/work to boot device, (PIN is what I believe TWRP will only allow to unlock your partitions), or didn't set a lock at all, you should be able to boot into TWRP and format userdata/all partitions, flash another ROM, boot, check "OEM Unlocking" and be able to perform bootloader unlock command, correct?
2. What would happen in the same scenario as above, but if you had a stock bootloader, would it be more difficult to flash a ROM? would you be able to flash anything at all? Or even boot TWRP with a locked bootloader?
3. In my conversation with @Lawlrus in another thread, he mentioned that as long as you have debugging enabled on your ROM, you should be ok, I fail to see the point of this, because if you can boot into your ROM, can't you just toggle OEM unlocking in the first place?
A. A solution to keeping bootloader locked + having and updating a custom ROM?
1. Flash favorite ROM, set it up as you wish, install whatever you want, configure it as you want.
2. Enjoy ROM
3. Time to update ROM - Backup app data/messages using Titanium, or even Google's backup, whatever floats your boat.
4. Reboot into custom recovery, make a backup (without password/pin lock preferably).
5. Reboot into bootloader, unlock bootloader (this will wipe your data).
6. Restore nandroid backup (recovery backup you just made)
7. Flash updated ROM/Root/Mods/GApps/Whatever..
8. Relock bootloader.
9. Use Android Pay.
10. Profit.
What am I not seeing with this approach?
@Shemploo
You're correct you can just flip the switch. The point of it was being if you can't boot the ROM up due to it bootlooping for some reason
Lawlrus said:
@Shemploo
You're correct you can just flip the switch. The point of it was being if you can't boot the ROM up due to it bootlooping for some reason
Click to expand...
Click to collapse
If you're not able to boot into ROM, having debugging enabled before it fails to boot has no bearing on ADB if you can access the custom recovery, IIRC.
In other words, being able to boot into a custom recovery like TWRP even with locked bootloader will give you ADB access to your partitions, provided that you didn't encrypt/lock your Android, and forgot the password.
Also, I think ADB would be very useful to have your PC communicate with TWRP for pulling/pushing files, which is important if you need to load a ROM in via TWRP so you can get back into your ROM, and check "OEM unlocking" allowing you to reboot into bootloader and use the bootloader unlock command.
I believe that TWRP ADB works irregardless of whether you have enabled debugging in OS, or not. The debugging in OS is only there for the OS's benefit.
I am on the Google variant. I'm curious whether simply unlocking the bootloader will prevent me from using Android Pay (and similarly protected apps). And same question for SuperSU systemless root?
As a bonus, if I were to unlock, root, modify a file (like hosts), then unroot and relock, would it complain?
NegativeOne said:
I am on the Google variant. I'm curious whether simply unlocking the bootloader will prevent me from using Android Pay (and similarly protected apps). And same question for SuperSU systemless root?
As a bonus, if I were to unlock, root, modify a file (like hosts), then unroot and relock, would it complain?
Click to expand...
Click to collapse
If you modify the system and relock the bootloader, you risk bricking the device entirely, if it won't accept fastboot commands
NegativeOne said:
I am on the Google variant. I'm curious whether simply unlocking the bootloader will prevent me from using Android Pay (and similarly protected apps). And same question for SuperSU systemless root?
As a bonus, if I were to unlock, root, modify a file (like hosts), then unroot and relock, would it complain?
Click to expand...
Click to collapse
First question, I think on some firmware, custom Kernel with root is allowing Android Pay for some users on some carriers. I wouldn't universalize, you have to try.
However, only unlocking bootloadet doesn't work, but in addition a custom kernel can fix what breaks is needed.
ndarkside93 said:
If you modify the system and relock the bootloader, you risk bricking the device entirely, if it won't accept fastboot commands
Click to expand...
Click to collapse
Second question:
EXACTLY: the bootloader detects changes in the system partition away from pure stock, so if you change things, that signals "corruption" to the bootlader so it will PREVENT boot and as ndarkside says, RISK OF BRICK
Sent from my sailfish using XDA Labs
nednednerb said:
First question, I think on some firmware, custom Kernel with root is allowing Android Pay for some users on some carriers. I wouldn't universalize, you have to try.
However, only unlocking bootloadet doesn't work, but in addition a custom kernel can fix what breaks is needed.
Second question:
EXACTLY: the bootloader detects changes in the system partition away from pure stock, so if you change things, that signals "corruption" to the bootlader so it will PREVENT boot and as ndarkside says, RISK OF BRICK
Click to expand...
Click to collapse
Very true, but on the pixel with the November update, safety net checks for bootloader unlock, but I think Franco kernel can hide it to pass the check, if there is no root.
So I've seen a few posts in the past, where someone has suggested rooting then locking the bootloader and other things like this. But now days do all phones delete data when they unlock the bootloader, if yes do some manufacturers not delete the data when you choose to relock the bootloader?
What i want is to know which brands if any would be possible for me to, unlock the bootloader flash twrp flash xposed other files root ect restore the stock recovery and then relock the bootloader keeping the changes i have made, for security reasons unlocked bootloaders are risky.
The next question is if this is possible if something messes up while it's locked, i won't have twrp to recover it, how would i fix this is this a issue for bricking the device? will fastboot always work to flash stock firmware files if the manufacturer provides them? i'm assuming that would be the only way to solve this? does fastboot need something like OEM unlock turned on in the system to be able to flash firmware to recover? if it does i wouldn't be able to fix that.
Samsung doesn't require OEM unlock to be turned on to flash through odin, but because of all samsung phones using dm-vertity even if the bootloader doesn't delete everything locking it, dm-verity would detect the changes and prevent using the phone in that state.
Appreciate all suggestions.
Thanks.
I need some help unlocking the bootloader on my Samsung A01. The instructions say to enable developer mode — basic stuff — and then enable USB debugging and OEM Unlocking. You guessed it: the OEM Unlock option just ain't there. I tried the trick with chaging the date and checking for updates, but it didn't help. Please, can anyone give me some help that will actually fix the problem? I just want to root this damn thing.
To root phone's Android unlocking phone's bootloader is NOT required.
xXx yYy said:
To root phone's Android unlocking phone's bootloader is NOT required.
Click to expand...
Click to collapse
Ok then. How do I do it? All the other guides tell me I have to. And how would I install TWRP, which I definitely want to do?
Every guide I look at tells me I have to unlock the bootloader first.
You do NOT need to root your phone's Android to install TWRP - a custom recovery, but you will need to unlock the bootloader. Take note that Android OS has nothing to do with phone's bootloader, that Android OS gets launched by bootloader if device didn't get tampered.
xXx yYy said:
You do NOT need to root your phone's Android to install TWRP - a custom recovery, but you will need to unlock the bootloader. Take note that Android OS has nothing to do with phone's bootloader, that Android OS gets launched by bootloader if device didn't get tampered.
Click to expand...
Click to collapse
Ok, how do I just root for now? I want Magisk. I'm trying to install it with ADB, but I'm getting Error 21.
Furthermore, how do I unlock the bootloader when the system doesn't want to give me the OEM Unlocking option?
You do NOT need to root your phone's Android before to install Magisk: you typically root Android OS by means of Magisk.
You install Magisk via TWRP what requires an unlocked bootloader. You unlock a phone's bootloader via FASTBOOT tool what requires OEM Unlock option got activated before applying the bootloader-unlock.
xXx yYy said:
You do NOT need to root your phone's Android before to install Magisk: you typically root Android OS by means of Magisk.
You install Magisk via TWRP what requires an unlocked bootloader. You unlock a phone's bootloader via FASTBOOT tool what requires OEM Unlock option got activated before applying the bootloader-unlock.
Click to expand...
Click to collapse
So basically until I can use the OEM Unlock option, I can't do a darn thing, can I?
So how do I get it?
I'm going to ask for help on this again. I've been around the forum, I've looked for anything I could find, and I'm still no closer to getting this thing solved.