System file modification - Google Pixel 3 Questions & Answers

I've been using Pixel 3 only for two weeks, and haven't understood its security mechanism fully yet.
Usually on other phones, I simply run TWRP and modify hosts to avoid ads. After doing the same on Pixel 3 and booting into system, ads are still there, which means hosts modification didn't work properly.
So I installed Magisk from TWRP, and did the same modification on Android, and I confirmed ads were all gone as usual. Then, I uninstalled Magisk with the modified hosts left in /system/etc, and reboot the system to find ads were all back...
It looks like you need Magisk installed on Pixel 3 to keep system file modifications working. I haven't tried font modifications, but I assume the result would be the same.
Could someone explain to me what causes this system file modifications fail without Magisk installed? A new Pixel-unique system security mechanism?? Thanks in advance!
QT

Does Pixel 3 checks whether system files are signed by Google or not??

qtotter said:
Does Pixel 3 checks whether system files are signed by Google or not??
Click to expand...
Click to collapse
It is my understanding that this mod requires root.
Yes, system files have checks. That's why when you edit system files you use the original signature.

Tulsadiver said:
Yes, system files have checks. That's why when you edit system files you use the original signature.
Click to expand...
Click to collapse
Thanks for your info. Google's security policy is getting tighter...

Related

UnifiedNLP with GApps Patch

This package contains a few windows batch files to help you get UnifiedNLP working with (or without) Google Play Services on your phone. Extract it anywhere and run the batch files as needed. Everything required is included in the download but you will need root ADB capabilities. Learn more about ADB here:
http://wiki.lineageos.org/adb_fastboot_guide.html
For the record, I use this on Nougat. More specifically, LineageOS 14.1 so I can't say how it will work or what is necessary on other versions or roms.
Included Batch Files
To use these scripts your phone needs to be connected to your computer.
Install.bat - Install apks and addon.d updater script
Patch.bat - Patch framework-res.apk
DisableGoogle.bat - Disable Google location services and permissions
EnableGoogle.bat - Enable Google location services and permissions
Restore.bat - Delete apks, restore stock framework, enable services and permissions
GetDiff.bat - Create new patch file.
Background
UnifiedNlp is a network location provider that can be used instead of the Google network location service that's included in Google Play Services. The version used here is the GApps version that can be used along side Google Play Services.
https://github.com/microg/android_packages_apps_UnifiedNlp
Installing the Apps
Run Install.bat
UnifiedNLP has to be installed as a system app. This script installs it in /system/app along with some backends. It also installs an addon.d script so it will survive system updates if your rom supports it. Once installed, you can find the app in your app drawer. See the thread on XDA to help set it up.
https://forum.xda-developers.com/android/apps-games/app-g-unifiednlp-floss-wi-fi-cell-tower-t2991544
Patching the Framework
Run Patch.bat
To use a location provider, it's package name has to be included in the "config_locationProviderPackageNames". This script patches framework-res.apk to include the UnifiedNLP package name. I've created a thread on the LOS subreddit asking for this to be included by default but until then we'll have to patch each update.
https://www.reddit.com/r/LineageOS/comments/5u919y/support_for_unifiednlp/#ddto2rc
If patching fails run GetDiff.bat to create a new patch file:
When prompted, open arrays.patched.xml in your text editor (Notepad++ recommended)
Find 'config_locationProviderPackageNames' section
Add a new item 'org.microg.nlp'
Save and continue
Run Patch.bat again
Disabling Googles Location Service
Run DisableGoogle.bat
When you enable network location in settings you also enable Google's location service. There's no simple way to enable one without the other... Bit of a monopoly and totally wrong if you ask me, but that's the way it is. So we have to disable a couple of Google services to get UnifiedNLP working.
So now we should have UnifiedNLP working but we still have Google Play Services stalking us and constantly checking our location. This is what gives us all those NLP related wakelocks. To prevent this we just have to revoke coarse/fine location permissions for Google Play Services. DisableGoogle.bat also does this.
Disclaimer:
Needless to say, if you try this you do so at your own risk. I take no responsibility for anything.
It's always a good idea to make a full backup before doing anything like this to your phone.
Download
nlp_patch.zip
Resources:
Everything required is included in the download but if you'd like to download full versions or find out more, checkout the links.
Apktool: https://ibotpeaches.github.io/Apktool/
UnixUtils: http://unxutils.sourceforge.net/
jPortable: http://portableapps.com/apps/utilities/java_portable
ADB: https://dl.google.com/android/repository/platform-tools-latest-windows.zip
Reserved
Download updated: There was a very silly error in Patch.bat.
I'm just posting to say that my ROM won't boot after applying this patch. Fortunately, I had a backup. I'm running Resurrection Remix on a Note 4 (N910T), which is v7.1.1 and based on a mix of LineageOS and Emotion/Emotroid (the latter is AOSP). I followed the instructions to the tee. I already had adb and fastboot installed. The patch did succeed. I also tried clearing cache and dalvik cache in TWRP, but still couldn't boot. I do have GApps installed. What could have gone wrong?
Thanks!
Hmm... Not sure why it wouldn't work for you. I can only guess that the framework didn't re-compile properly or it wasn't pushed to system properly.
One thing you could try is boot to twrp, mount system and run patch.bat from there.
No GCN push
Hey, thank you very much for your effort! I have used your Windows Batch files in an editor to translate the process to Linux. Everything works flawlessly on my LG G4 with Lineage 14.1!
Without GCM, which is sadly a dealbreaker. It seems to need permission for "com.google.android.gms android.permission.ACCESS_FINE_LOCATION", the other three adb lines in your DisableGoogle.bat can be executed and GCM still works.
So I ask: What do I lose in privacy in not revoking permission for the line above?
If location permissions are allowed then google play services will keep accessing network/gps to keep track of your location. This causes all those nlp wakelocks. I did find however that using UnifiedNLP like this caused significantly less wakelocks than using the google location services. So if that's how you need it then go for it.
BTW, what's GCN push?
Sorry, I meant GCM, Google Cloud Messaging (not Notification).
The main question would be if Google still collects and tracks Wi-Fis, cell towers etc. when I don't revoke this permission. If so, the whole enterprise to get the Mozilla Location Provider to work would be rather pointless. No push notifications for Signal, Tweetings etc. is sadly not acceptable for me.
Ah, I can't comment on GCM as I've never used it but third party app's I use push ok. But that being said, you use GCM so that's what you need to work.
The whole point of this really is to stop google from stalking you (whether for privacy, battery or both). So yeah, I'd have to agree that using this and allowing those google location permissions would be pretty pointless.
Works great on my op3t thanks a million
microG's built in unified nlp and this are same?
vegoja said:
Works great on my op3t thanks a million
Click to expand...
Click to collapse
Good to know, cheers.
sohamsen said:
microG's built in unified nlp and this are same?
Click to expand...
Click to collapse
Yes. If you're using MicroG then this isn't useful for you.
Hi,
This method works if i disabled google play services only.
Disablepatch disabled my gps lock.
any idea?
The download is dead, can you reupload?
Hi. With some little changes (updating java and apktool) I managed to get Patch.bat working on LOS 15.1 *but* my device did not boot anymore once the patched framework-res.apk was in place (and booted again once I piut back the original apk). Did I miss a step? Thks in advance for your help.
@Nyakov: the download isnt dead, try again.
@Julien Faure: You probably didnt do anything wrong. I tried this same patch on Resurrection Remix Nougat many months ago, ROM wouldnt boot. I suspect that you need to disable Android's signature verification for this to work. Check out Smali Patcher.
Thansk a lot for the quick answer! If possible, I would like to avoid rooting (and thus avoid Magisk): is there a way to disable signature verification w/o it? Something to be done, applied, installed from TWRP for instance.
@Julien Faure: Smali patcher doesnt need root. It doesnt even need Magisk, despite being listed as a Magisk module on XDA.
Follow the steps in the SP thread. Since all you want is signature verification disabled, only check that box. Once it is successful, it will create a zip file. Extract the services.jar from that, boot into TWRP, replace your services.jar with the new one, set permissions on this file to 0644.
In the zip SP produces, there will also be zero byte (0 in size) files. These are placemarkers that tell Magisk to systemlessly delete these files. But since you wont be using Magisk, you need to look in /system/framework and manually delete these files. So just find the ones that match the paths and names of the zero byte files in the zip, delete them. If you cant find all of them, just skip the ones not present.
Because you are modifying the system partition, you may also need to disable dm-verity and/or Verified Boot (AVB). But since you're patching LOS, i dont believe it will be necessary.
AnonVendetta said:
@Julien Faure: Smali patcher doesnt need root. It doesnt even need Magisk, despite being listed as a Magisk module on XDA.
Follow the steps in the SP thread. Since all you want is signature verification disabled, only check that box. Once it is successful, it will create a zip file. Extract the services.jar from that, boot into TWRP, replace your services.jar with the new one, set permissions on this file to 0644.
In the zip SP produces, there will also be zero byte (0 in size) files. These are placemarkers that tell Magisk to systemlessly delete these files. But since you wont be using Magisk, you need to look in /system/framework and manually delete these files. So just find the ones that match the paths and names of the zero byte files in the zip, delete them. If you cant find all of them, just skip the ones not present.
Because you are modifying the system partition, you may also need to disable dm-verity and/or Verified Boot (AVB). But since you're patching LOS, i dont believe it will be necessary.
Click to expand...
Click to collapse
Wow thanks a lot again. Will report here once I will have tested that.
@AnonVendetta: BTW, are you aware of any ROM (not necessarily for the 5X) which supports the UNLP + GApps configuration "out-of-the-box" w/o having to apply those patches (OP's one + Smali)? Seems to me that a lot of ROMs (if not all) decided to support the "microG as a gmscore replacement" scenario only.

Converting a user app to system app corrupts phone on 9.0

Does anyone have experience with turning a user app into a system app on 9.0?
I tried using terminal emulator + app systemizer on magisk and Link2DS both ways have corrupted the phone.
kittygotwet said:
Does anyone have experience with turning a user app into a system app on 9.0?
I tried using terminal emulator + app systemizer on magisk and Link2DS both ways have corrupted the phone.
Click to expand...
Click to collapse
Are you able to recover? If so, you may have to settle without it. I know Systemizer works on 8.1, but I didn't try it on 9.0 before I downgraded. I'm not aware of any other options besides manually moving it, but that would break your systemless root, and would also need to be done after every update.
If you can't recover but can get into fastboot, you can boot into TWRP and flash "Magisk Mount". That will allow you to remove the Systemizer module manually from the Magisk image and boot back into the OS. As for Link2SD, I've never used it, so I'm not sure what changes it made that would have to be undone in order to recover.
jallenhayslett said:
Are you able to recover? If so, you may have to settle without it. I know Systemizer works on 8.1, but I didn't try it on 9.0 before I downgraded. I'm not aware of any other options besides manually moving it, but that would break your systemless root, and would also need to be done after every update.
If you can't recover but can get into fastboot, you can boot into TWRP and flash "Magisk Mount". That will allow you to remove the Systemizer module manually from the Magisk image and boot back into the OS. As for Link2SD, I've never used it, so I'm not sure what changes it made that would have to be undone in order to recover.
Click to expand...
Click to collapse
I just flash-all to fix it then reroot with Magisk. How do I convert an app to system through recovery (in twrp)?
kittygotwet said:
I just flash-all to fix it then reroot with Magisk. How do I convert an app to system through recovery (in twrp)?
Click to expand...
Click to collapse
As long as you dont care about remaining systemless and passing SafetyNet, you could simply move the apk folder into the system app folder manually. You could do it either through TWRP's built in file manager, or do it live with a root capable file manager. Either way should work.
Again, it's not ideal as it will trip SafetyNet and must be done after every ROM update/flash. So, if you have anything that depends on SafetyNet, that's not an option for you.
Another possibility would be to look at the Magisk documentation for module building and make your own module which would inject whatever apk you need systemlessly. You could accelerate the learning process by downloading one that already does something similar and reverse engineering it to fit your needs.
jallenhayslett said:
As long as you dont care about remaining systemless and passing SafetyNet, you could simply move the apk folder into the system app folder manually. You could do it either through TWRP's built in file manager, or do it live with a root capable file manager. Either way should work.
Again, it's not ideal as it will trip SafetyNet and must be done after every ROM update/flash. So, if you have anything that depends on SafetyNet, that's not an option for you.
Another possibility would be to look at the Magisk documentation for module building and make your own module which would inject whatever apk you need systemlessly. You could accelerate the learning process by downloading one that already does something similar and reverse engineering it to fit your needs.
Click to expand...
Click to collapse
damn, i need safetynet for google pay. crap hopefully the apps update for 9.0 and fixes itself.

Adding apps to system

I'm quite new to using a phone without root, so is there a possibilty to add apks to system without rooting?
I tried ADBFastbootTools but it seems like it won't add anything. No apk and also no new folder.
Impact7 said:
I'm quite new to using a phone without root, so is there a possibilty to add apks to system without rooting?
I tried ADBFastbootTools but it seems like it won't add anything. No apk and also no new folder.
Click to expand...
Click to collapse
System partition is write protected. Not only Root is needed, you need a systemlees system like Magisk for example to not break dm-verify. Another option should be a rooted phone with dm-verify disabled.
In both cases, you will need a unlocked bootloader and root

Can't modify system even after root

Hello people,
I have unlocked my phone yesterday and installed Magisk and root explorer.
I would like to replace the files in /system/fonts to change the default fonts. I tried to flash a twrp zip with new fonts and also manually tried to replace the fonts. But the system cannot be mounted as r/w in root explorer even after granting root permissions and flashing twrp zip does nothing. Is there any way to overcome this issue to mount system as r/w?
I mean what is the point of rooting if we cannot modify system!
Thanks!
Normal ... This is a new Android 10 restriction ... The system partition can no longer be mounted for writing, even with root!
On my old Redmi Note 4 (Rom Havoc Android 10), I had managed to change the fonts by copying the file from TWRP.
Many modifications are starting to be systemlessly. Like viper4android and others. The worst is not being able to flash system/vendor images in recovery.
wopr33 said:
Normal ... This is a new Android 10 restriction ... The system partition can no longer be mounted for writing, even with root!
On my old Redmi Note 4 (Rom Havoc Android 10), I had managed to change the fonts by copying the file from TWRP.
Click to expand...
Click to collapse
Thanks for the information. I tried to copy file in TWRP but it is giving an error. Could you please let me know how you have done it?
I don't know how TWRP works for the Poco X3, but for the Redmi Note 4 I copied the file using the built-in explorer, with no errors.
I think you need to activate the system partition in R/W in TWRP.
htcmusic said:
Thanks for the information. I tried to copy file in TWRP but it is giving an error. Could you please let me know how you have done it?
Click to expand...
Click to collapse
Sadly nothing will work for you rn. As far as i know, all devices launching with Android 10 use "dynamic partitions" wherein all partitions are inside Super.img and /system, /vendor, /product no longer writeable (Read only).
IMHO you're better off learning how to make a Magisk module yourself. Look at this guide from topjohnwu: https://topjohnwu.github.io/Magisk/guides.html
Slim K said:
Sadly nothing will work for you rn. As far as i know, all devices launching with Android 10 use "dynamic partitions" wherein all partitions are inside Super.img and /system, /vendor, /product no longer writeable (Read only).
IMHO you're better off learning how to make a Magisk module yourself. Look at this guide from topjohnwu: https://topjohnwu.github.io/Magisk/guides.html
Click to expand...
Click to collapse
Thank you for the info.
I finally was able to change the font using magisk modules as mentioned here: https://github.com/nongthaihoang/custom_font_installer
htcmusic said:
Thank you for the info.
I finally was able to change the font using magisk modules as mentioned here: https://github.com/nongthaihoang/custom_font_installer
Click to expand...
Click to collapse
I am very interested (to replace emojis).
I looked at the Magisk module page, it talks about flashing the ZIP, so I need TWRP ? For the moment, I didn't install it.
wopr33 said:
I am very interested (to replace emojis).
I looked at the Magisk module page, it talks about flashing the ZIP, so I need TWRP ?
Click to expand...
Click to collapse
You don't need twrp to install a Magisk module. You can do that through the Magisk Manager just as easily.
wopr33 said:
I am very interested (to replace emojis).
I looked at the Magisk module page, it talks about flashing the ZIP, so I need TWRP ? For the moment, I didn't install it.
Click to expand...
Click to collapse
I just installed the magisk module with custom fonts in internal storage as mentioned in the github page. It was magical, I was trying to replace the fonts for the whole day and it didn't work. Somehow this magisk module does the job.

Edit hosts file via Custom ROM?

I want to edit hosts file in my non-rooted Android device.
Since flashing a Custom ROM is basically installing a new OS, I was wondering,
Is a hosts file already present in a Custom ROM or is it generated later and at what point?
If it is preincluded in the ROM, is it possible to edit that hosts file and then flash the ROM, basically editing the hosts file without rooting?
parker_04 said:
I want to edit hosts file in my non-rooted Android device.
Since flashing a Custom ROM is basically installing a new OS, I was wondering,
Is a hosts file already present in a Custom ROM or is it generated later and at what point?
If it is preincluded in the ROM, is it possible to edit that hosts file and then flash the ROM, basically editing the hosts file without rooting?
Click to expand...
Click to collapse
Some custom ROMs do include custom hosts files, and you could potentially edit it before flashing the ROM. I'm not sure why you'd want to use a custom ROM without root, though - with root access, you can use a hosts manager like AdAway to update your hosts file on the fly.
V0latyle said:
Some custom ROMs do include custom hosts files, and you could potentially edit it before flashing the ROM. I'm not sure why you'd want to use a custom ROM without root, though - with root access, you can use a hosts manager like AdAway to update your hosts file on the fly.
Click to expand...
Click to collapse
(I am a newbie in rooting and flashing Custom ROM so please correct me)
Well my main objective is to edit the hosts file.
I understand it generally require root privileges but I want to use rooting as a last resort.
I am already going to flash Xiaomi Eu ROM in my Redmi Note 11. And if it is possible to edit the hosts via the ROM, wouldn't it be a better alternative than rooting? As with rooting, there also comes some consequences like tripping SafetyNet which I would gladly like to avoid.
parker_04 said:
(I am a newbie in rooting and flashing Custom ROM so please correct me)
Well my main objective is to edit the hosts file.
I understand it generally require root privileges but I want to use rooting as a last resort.
I am already going to flash Xiaomi Eu ROM in my Redmi Note 11. And if it is possible to edit the hosts via the ROM, wouldn't it be a better alternative than rooting? As with rooting, there also comes some consequences like tripping SafetyNet which I would gladly like to avoid.
Click to expand...
Click to collapse
SafetyNet is no longer relevant; it has been replaced by Play Integrity. See this thread. Even so, it is possible to pass Play Integrity BASIC and DEVICE attestation using the Universal SafetyNet Fix Magisk module.
I'm rooted with Magisk 25.2 on my Pixel 5. I use AdAway to manage my hosts file, and USNF 2.3.1 MOD 2, and I have zero issues with Play Integrity.
O
V0latyle said:
SafetyNet is no longer relevant; it has been replaced by Play Integrity. See this thread. Even so, it is possible to pass Play Integrity BASIC and DEVICE attestation using the Universal SafetyNet Fix Magisk module.
I'm rooted with Magisk 25.2 on my Pixel 5. I use AdAway to manage my hosts file, and USNF 2.3.1 MOD 2, and I have zero issues with Play Integrity.
Click to expand...
Click to collapse
I see.
But SafetyNet/Play Integrity is only one of the consequences of rooting. In Xiaomi devices, the warranty remains intact even after unlocking bootloader unless the device is rooted.
I am happy with flashing Custom ROM with edited hosts file without rooting.
I can always root my device later if this doesn't work.
Unless there is some other drawback which I am not aware of. If there is, please inform me so I don't end up in a mess.
parker_04 said:
I see.
But SafetyNet/Play Integrity is only one of the consequences of rooting. In Xiaomi devices, the warranty remains intact even after unlocking bootloader unless the device is rooted.
Click to expand...
Click to collapse
How would they know whether you rooted the device?
I can see how flashing custom firmware could void the warranty, like Samsung...So I suppose I've answered my own question as rooting would ostensibly involve either patching the boot image or installing SU to system. But, if you're editing a hosts file, you're also changing the system image, so I would assume that this would do the same thing.
parker_04 said:
I am happy with flashing Custom ROM with edited hosts file without rooting.
I can always root my device later if this doesn't work.
Unless there is some other drawback which I am not aware of. If there is, please inform me so I don't end up in a mess.
Click to expand...
Click to collapse
Well, as I pointed out above, you're making modifications to the software. If you're concerned about the warranty, don't use ANY modified software on your device, and keep your bootloader locked. You can't have your cake and eat it too.

Categories

Resources