For the sake of discussion, y'all ever see Tassadar's Multirom making a comeback ever? It was the absolute coolest thing ever!
That said, the new way Android works most likely killed this off entirely. A/B partitions that share userdata, and encryption that locks you out of your phone unless the security patch at least matches. Kinda hate the new way Android works to be honest.
If you remove encryption and AVB/Verity shouldnt it still work?
virtyx said:
If you remove encryption and AVB/Verity shouldnt it still work?
Click to expand...
Click to collapse
See now you got me thinking... Since Multirom mounts the userdata as system and then isolates the userdata for secondaries, it should right? Although people who have removed encryption on these newer devices have said you can't even have a screen lock or fingerprint at all with encryption gone, that's a big trade off. Hmm...
H4X0R46 said:
See now you got me thinking... Since Multirom mounts the userdata as system and then isolates the userdata for secondaries, it should right? Although people who have removed encryption on these newer devices have said you can't even have a screen lock or fingerprint at all with encryption gone, that's a big trade off. Hmm...
Click to expand...
Click to collapse
Hello, so what do you think is a good thing or a bad thing?
Personally, I'm a little afraid about that
H4X0R46 said:
See now you got me thinking... Since Multirom mounts the userdata as system and then isolates the userdata for secondaries, it should right? Although people who have removed encryption on these newer devices have said you can't even have a screen lock or fingerprint at all with encryption gone, that's a big trade off. Hmm...
Click to expand...
Click to collapse
On my pixel 3, removing encryption wouldn't let me use a pin or finger print to unlock, so no gpay.
On my 7 pro I tested out removing encryption and everything still worked perfectly, even removed Verity/ AVB too, fingerprint and pin worked fine.
I think the reason it didn't work on my pixel 3 is the Titan chip - but I'm unsure.
virtyx said:
On my pixel 3, removing encryption wouldn't let me use a pin or finger print to unlock, so no gpay.
On my 7 pro I tested out removing encryption and everything still worked perfectly, even removed Verity/ AVB too, fingerprint and pin worked fine.
I think the reason it didn't work on my pixel 3 is the Titan chip - but I'm unsure.
Click to expand...
Click to collapse
So you were able to keep your screen lock? That's neat! [emoji848] How do you remove encryption on these newer devices? I remember it used to just be a flag in the boot image, but has that changed?
H4X0R46 said:
So you were able to keep your screen lock? That's neat! [emoji848] How do you remove encryption on these newer devices? I remember it used to just be a flag in the boot image, but has that changed?
Click to expand...
Click to collapse
Firstly, you need to have twrp
Format data
Then
Make sure vendor is mounted
You need to pull the vendor/etc/fstab file to your PC
Rename "fileencryption" to "encryptable"
Then push it back to the vendor/etc location
I also make it a habit to do this before flashing magisk when unencrypted
Echo "KEEPVERITY" = false>>/data/.magisk
Echo "KEEPFORCEENCRYPT" =false>>/data/.magisk
Install magisk
And it's done.
To keep unencrypted between updates, you need to do the fstab move again in twrp and flash magisk again before first boot.
I suspect the pixels Titan chip prevents us from using a screen lock when decrypted
Which is silly, but I understand the security behind it.
virtyx said:
Firstly, you need to have twrp
Format data
Then
Make sure vendor is mounted
You need to pull the vendor/etc/fstab file to your PC
Rename "fileencryption" to "encryptable"
Then push it back to the vendor/etc location
I also make it a habit to do this before flashing magisk when unencrypted
Echo "KEEPVERITY" = false>>/data/.magisk
Echo "KEEPFORCEENCRYPT" =false>>/data/.magisk
Install magisk
And it's done.
To keep unencrypted between updates, you need to do the fstab move again in twrp and flash magisk again before first boot.
I suspect the pixels Titan chip prevents us from using a screen lock when decrypted
Which is silly, but I understand the security behind it.
Click to expand...
Click to collapse
Shoot I might just do this! I've always hated having to match the security patch when flashing a rom, or getting locked out of my phone, this might actually be better since Incan try roms and scrap em easily if I don't like em like I used to do in the older days of Android. Thanks so much! Gonna screenshot these steps and give it a go when I have time. Worst case, I restore a backup or use the MSM Tool, so no biggie! [emoji4]
H4X0R46 said:
Shoot I might just do this! I've always hated having to match the security patch when flashing a rom, or getting locked out of my phone, this might actually be better since Incan try roms and scrap em easily if I don't like em like I used to do in the older days of Android. Thanks so much! Gonna screenshot these steps and give it a go when I have time. Worst case, I restore a backup or use the MSM Tool, so no biggie! [emoji4]
Click to expand...
Click to collapse
No worries! Shoot me a PM if you have trouble
There is a noverity zip lying around somewhere but I prefer to do the steps manually gives me piece of mind.
virtyx said:
No worries! Shoot me a PM if you have trouble
There is a noverity zip lying around somewhere but I prefer to do the steps manually gives me piece of mind.
Click to expand...
Click to collapse
https://forum.xda-developers.com/android/software/universal-dm-verity-forceencrypt-t3817389
This is the zip you mentioned right? Since the change is made in the vendor partition, flashing a stock boot image wouldn't set it back to forced right? Or wrong?
H4X0R46 said:
https://forum.xda-developers.com/android/software/universal-dm-verity-forceencrypt-t3817389
This is the zip you mentioned right? Since the change is made in the vendor partition, flashing a stock boot image wouldn't set it back to forced right? Or wrong?
Click to expand...
Click to collapse
Right, but full rom zip will revert it back
Would this possibly mean multirom would be possible?
Related
If I already have a pin and use that primarily, however I want to use the fingerprint scanner to make life easier. Will I have to take off the fingerprint each time I boot into recovery mode and use TWRP? Or can I use the pin and fingerprint together with no problems?
Any feedback would be much appreciated thank you.
You can keep both, however you can unlock TWRP only by PIN.
You can. You'll still need your PIN to decrypt /data in TWRP. And why are you still running 9.0.5? We're on 9.0.8 now.
remewer said:
You can. You'll still need your PIN to decrypt /data in TWRP. And why are you still running 9.0.5? We're on 9.0.8 now.
Click to expand...
Click to collapse
Because I dont know how to update my phone once rooted without doing something wrong just didn't want to mess about with something I don't know I've rooted my phone's in the past but never updated my phone after cos people say it messes up.
1.I have a rog phone 5 covert to tecentgame. When I move to version WW but then there is a fingerprint error (losing the system fingerprint authentication). Who can help me?
2.There is an opinion that restoring the system partition can fix the above situation, do not know if it is true or false?can anyone guide me on how to do the above?
RAW Firmware Collection and Guide
All fastboot / adb commands require using the side USB-C port https://developer.android.com/studio/releases/platform-tools.html#download Make sure you have fastboot installed Add platform tools to PATH (post 2) Make a backup of anything...
forum.xda-developers.com
It's a known issue. As of yet, it appears this is a drawback to the conversion.
I'm currently working on a solution to get fingerprint working after a conversion. I've located the error and a Magisk module should be able to fix it. I can't make any promises until that theory is fully tested, though.
Of course my Magisk install is broken and won't install from storage...
I need the system/vendor/etc/vendor_(something)_styles.xml
Started a thread for it, since those with a working reader are unlikely to be looking through this thread.
losing fingerprint sensor happend always or its random issue?
yaser86100 said:
losing fingerprint sensor happend always or its random issue?
Click to expand...
Click to collapse
It's basically part of the conversion until that is perfected.
twistedumbrella said:
It's basically part of the conversion until that is perfected.
Click to expand...
Click to collapse
maybe one day thats be perfect ?
yaser86100 said:
maybe one day thats be perfect ?
Click to expand...
Click to collapse
Probably. They got there on the 3, from what I've seen.
..................
twistedumbrella said:
It's basically part of the conversion until that is perfected.
Click to expand...
Click to collapse
Unlocking BL and converting WW, there is a chance of losing your fingerprints, but back up the persist partition before conversion, you don’t have to worry about losing your fingerprints. Once you lose your fingerprints, you only need to restore the persist partition and your fingerprints will be normal. But it can only correspond to this phone, and restore on other phones is not possible.
yaser86100 said:
losing fingerprint sensor happend always or its random issue?
Click to expand...
Click to collapse
The quote below was meant for you. No idea why I was tagged instead.
johnny886 said:
Unlocking BL and converting WW, there is a chance of losing your fingerprints, but back up the persist partition before conversion, you don’t have to worry about losing your fingerprints. Once you lose your fingerprints, you only need to restore the persist partition and your fingerprints will be normal. But it can only correspond to this phone, and restore on other phones is not possible.
Click to expand...
Click to collapse
twistedumbrella said:
I need the system/vendor/etc/vendor_(something)_styles.xml
Started a thread for it, since those with a working reader are unlikely to be looking through this thread.
Click to expand...
Click to collapse
what shoul i change?
i rooted my rog phone 5
i dont know what to do to being back my fingerprint
i havent backuped
shayantt98 said:
what shoul i change?
i rooted my rog phone 5
i dont know what to do to being back my fingerprint
i havent backuped
Click to expand...
Click to collapse
Follow one of the newer threads. The info here is extremely outdated.
Just wanted to see if anyone else has successfully rooted their p3 once it's running android 12 and have it successfully pass safetynet.
I'm relatively sure that most of the people reading these forums have quite a few root apps that make their lives and phone experience easier and would like to keep those on android 12.
Thanks
Can confirm root and safety net pass with a12 release
acidspider said:
Can confirm root and safety net pass with a12 release
Click to expand...
Click to collapse
Which version/build of Magisk are you using? Any modules for hiding from detection?
Psychotc said:
Which version/build of Magisk are you using? Any modules for hiding from detection?
Click to expand...
Click to collapse
Latest canary and safety net fix
Did you just fastboot flash after updating to A12? Did you have to flash the vmbeta also?
prabs99 said:
Did you just fastboot flash after updating to A12? Did you have to flash the vmbeta also?
Click to expand...
Click to collapse
yes just fastboot flashed the magisk_patched boot.img and all was good
p.s whats the vmbeta?
acidspider said:
yes just fastboot flashed the magisk_patched boot.img and all was good
p.s whats the vmbeta?
Click to expand...
Click to collapse
Magisk allows for 'systemless' root. We've all read that. What that means though is basically, it doesn't 'touch' root (it does a kind of 'overlay' of it, but doesn't modify actual System).
when we flash disable-verity etc zip, it keeps the data partition from becoming encrypted, so twrp backup can backup that partition.
you can additionally, if desired, disable vbmeta. That allows u to make modifications in System, Op, etc, and the changes will stick even after a reboot. It is said though if yer changes are in System, yer much better off using a magisk module, as they can be easily reverted, if needed.
To disable vbmeta u have to use fastboot. This would be the fastboot command: fastboot --disable-verity --disable-verification flash vbmeta_a blank_vbmeta.img. You don't have to use a blank vbmeta, you can just flash back the original. Also, if u do fastboot --h it will show all commands and these are listed towards the end of the output.
cheers
AsItLies said:
Magisk allows for 'systemless' root. We've all read that. What that means though is basically, it doesn't 'touch' root (it does a kind of 'overlay' of it, but doesn't modify actual System).
when we flash disable-verity etc zip, it keeps the data partition from becoming encrypted, so twrp backup can backup that partition.
you can additionally, if desired, disable vbmeta. That allows u to make modifications in System, Op, etc, and the changes will stick even after a reboot. It is said though if yer changes are in System, yer much better off using a magisk module, as they can be easily reverted, if needed.
To disable vbmeta u have to use fastboot. This would be the fastboot command: fastboot --disable-verity --disable-verification flash vbmeta_a blank_vbmeta.img. You don't have to use a blank vbmeta, you can just flash back the original. Also, if u do fastboot --h it will show all commands and these are listed towards the end of the output.
cheers
Click to expand...
Click to collapse
This should not be necessary on the P3; this only became an issue with Android 12 on the 4a 5g and up. All prior devices are unaffected AFAIK.
V0latyle said:
This should not be necessary on the P3; this only became an issue with Android 12 on the 4a 5g and up. All prior devices are unaffected AFAIK.
Click to expand...
Click to collapse
I was responding to the person who asked what disabling vbmeta was. So I explained what it was.
it "being necessary" on p3 or any device, I have no idea about, nor am I proclaiming it to be one way or another.
it might be better to direct your comment to those that believe it's needed, if you have reason to believe it is not.
cheers
AsItLies said:
I was responding to the person who asked what disabling vbmeta was. So I explained what it was.
it "being necessary" on p3 or any device, I have no idea about, nor am I proclaiming it to be one way or another.
it might be better to direct your comment to those that believe it's needed, if you have reason to believe it is not.
cheers
Click to expand...
Click to collapse
No need to become defensive.
rocketrazr1999 said:
No need to become defensive.
Click to expand...
Click to collapse
No need to respond to people that aren't asking a question.
AsItLies said:
I was responding to the person who asked what disabling vbmeta was. So I explained what it was.
it "being necessary" on p3 or any device, I have no idea about, nor am I proclaiming it to be one way or another.
it might be better to direct your comment to those that believe it's needed, if you have reason to believe it is not.
cheers
Click to expand...
Click to collapse
I'm afraid you're incorrect. Dm-verity and vbmeta verification have nothing to do with encrypting the data partition, nor is vbmeta used for encryption whatsoever. It is, however, used for "tamper-evident storage" of /boot and /system.
Dm-verity is a method by which a hash is generated from a block storage device. Vbmeta verification compares that generated hash to a cryptographically signed hash stored in /vbmeta to determine they match. These are used for Android Boot Verification on the Pixel 4a 5g, 5, 5a, and 6; those of us using those devices have had to reflash vbmeta with --disable flags in order to flash patched boot images.
However, none of this applies to the Pixel 3, 3XL, 3a, 4, 4XL, or 4a.
The only requirement for root on these devices is an unlocked bootloader. Root is accomplished in exactly the same way as it always has - patch the boot image in Magisk.
V0latyle said:
I'm afraid you're incorrect. Dm-verity and vbmeta verification have nothing to do with encrypting the data partition, nor is vbmeta used for encryption whatsoever. It is, however, used for "tamper-evident storage" of /boot and /system.
Dm-verity is a method by which a hash is generated from a block storage device. Vbmeta verification compares that generated hash to a cryptographically signed hash stored in /vbmeta to determine they match. These are used for Android Boot Verification on the Pixel 4a 5g, 5, 5a, and 6; those of us using those devices have had to reflash vbmeta with --disable flags in order to flash patched boot images.
However, none of this applies to the Pixel 3, 3XL, 3a, 4, 4XL, or 4a.
The only requirement for root on these devices is an unlocked bootloader. Root is accomplished in exactly the same way as it always has - patch the boot image in Magisk.
Click to expand...
Click to collapse
My exact words:
"I was responding to the person who asked what disabling vbmeta was. So I explained what it was.
it "being necessary" on p3 or any device, I have no idea about, nor am I proclaiming it to be one way or another."
What, in my words, are any different than what you're saying?
AsItLies said:
My exact words:
"I was responding to the person who asked what disabling vbmeta was. So I explained what it was.
it "being necessary" on p3 or any device, I have no idea about, nor am I proclaiming it to be one way or another."
What, in my words, are any different than what you're saying?
Click to expand...
Click to collapse
This:
AsItLies said:
when we flash disable-verity etc zip, it keeps the data partition from becoming encrypted, so twrp backup can backup that partition.
Click to expand...
Click to collapse
Disabling verity has nothing to do with data encryption, because it is used exclusively to verify /boot with /vbmeta, and /system with /vbmeta_system.
There is no need for users of the Pixel 4a or below to flash or reflash /vbmeta at any point during update or attempting root.
V0latyle said:
This:
Disabling verity has nothing to do with data encryption, because it is used exclusively to verify /boot with /vbmeta, and /system with /vbmeta_system.
There is no need for users of the Pixel 4a or below to flash or reflash /vbmeta at any point during update or attempting root.
Click to expand...
Click to collapse
V0latyle said:
This:
Disabling verity has nothing to do with data encryption, because it is used exclusively to verify /boot with /vbmeta, and /system with /vbmeta_system.
There is no need for users of the Pixel 4a or below to flash or reflash /vbmeta at any point during update or attempting root.
Click to expand...
Click to collapse
I'm talking about disable-verity-force-encrypt. Ever heard of it? it's the magisk zip module that's been used by probably millions of people, and it does exactly what I said, from a practical standpoint.
And again, I didn't say the vbmeta was specific to any device, I said specifically "I don't know" if it's relevant for the p3, etc etc etc.
I just said, from a practical perspective, what it does.
what's your problem?
AsItLies said:
I'm talking about disable-verity-force-encrypt. Ever heard of it? it's the magisk zip module that's been used by probably millions of people, and it does exactly what I said, from a practical standpoint.
And again, I didn't say the vbmeta was specific to any device, I said specifically "I don't know" if it's relevant for the p3, etc etc etc.
I just said, from a practical perspective, what it does.
what's your problem?
Click to expand...
Click to collapse
No problem here, just doing what I can to try to ensure the information shared is clear, relevant, and accurate.
I would suggest that if you're going to continue to participate in public conversations such as this, you might want to consider your defensive reaction to certain circumstances, as has already been pointed out by another member.
V0latyle said:
No problem here, just doing what I can to try to ensure the information shared is clear, relevant, and accurate.
I would suggest that if you're going to continue to participate in public conversations such as this, you might want to consider your defensive reaction to certain circumstances, as has already been pointed out by another member.
Click to expand...
Click to collapse
And I would suggest to you, if someone makes a point, and it's accurate, then there's no reason to tell them they are wrong? is there?
doing such would make anyone defensive, in public or private. Only someone with their head buried where the sun doesn't shine would not understand that.
AsItLies said:
And I would suggest to you, if someone makes a point, and it's accurate, then there's no reason to tell them they are wrong? is there?
doing such would make anyone defensive, in public or private. Only someone with their head buried where the sun doesn't shine would not understand that.
Click to expand...
Click to collapse
It seems we understand each other.
Cheers!
V0latyle said:
It seems we understand each other.
Cheers!
Click to expand...
Click to collapse
Very nice passive-aggressive response. You'd be a lot better off with 'I was wrong, I misunderstood'.
cheers!
AsItLies said:
Very nice passive-aggressive response. You'd be a lot better off with 'I was wrong, I misunderstood'.
cheers!
Click to expand...
Click to collapse
Do you not find it just a little hypocritical to try to correct someone else when you yourself have become extremely defensive?
I will admit that I was partly wrong - Verified Boot is indeed tied to device encryption on some newer devices, including the 4a 5g and up.
The point I was trying to make is that an excess of information can be confusing to people looking for a solution. But, this community thrives on individuals who all try to help those around them, so the information you provided is appreciated.
Hi all, I hope this isn't a thread that has already been posted... I found it interesting that there is no TWRP or any custom recovery for Pixel 7/7 Pro. I understand it's not needed to flash different rom's such as Paranoid Android or Spark OS but I figure it would be helpful no? My prior device was a iPhone 12, haven't run a rooted android since my Galaxy s4 way back in the day. Is this something somebody is actively pursuing or no as it's not needed? Curious on what the situation is with this, loving my p7 pro. Cheers!
TWRP has been nearly an entire Android version behind for awhile now so I haven't been able to use it on my last couple phones. I believe it is still being worked on but since it's been so far behind due to the changes to Android and it's migration to ramdisk installation it's mostly fallen out of use sadly. I do miss it sometimes as well.
jake.99x3 said:
I figure it would be helpful no?
Click to expand...
Click to collapse
No, its useless. Pixel devices have unlocked bootloaders and support fastboot, therefore recovery is not needed.
Well, a lot of old and new Samsung phones and tablets are running TWRP and root. Yes, with Android 13. Is it strictly because there is that A and B split thing going on ? Personally I have not written to my B partition in many months if ever.
Can there be a lesson learned from that ?
96carboard said:
No, its useless. Pixel devices have unlocked bootloaders and support fastboot, therefore recovery is not needed.
Click to expand...
Click to collapse
I don't know about that. It may not be needed but the advantages are profoundly easier than having to learn terminal commands
Also you can't do flashes and restores without a PC whereas when we had active working custom recovery it could be done anywhere at anytime.
JakeDHS07 said:
Also you can't do flashes and restores without a PC whereas when we had active working custom recovery it could be done anywhere at anytime.
Click to expand...
Click to collapse
Exactly! I used to do a complete backup, periodically. One day I screwed something up playing around at work, went to Recover and flashed my backup. Fixed it in a few minutes
Yeah it would be nice to have for sure
Same here, a nice custom recovery would be sweet. If I had any clue how to build one I would be all over it.
JakeDHS07 said:
Also you can't do flashes and restores without a PC whereas when we had active working custom recovery it could be done anywhere at anytime.
Click to expand...
Click to collapse
Is it even possible to do a nandroid backup anymore with the changes to Android filesystems and permissions? I mean you can't even flash a full firmware package in fastboot anymore, part of it has to be done from fastbootd.
old_fart said:
Well, a lot of old and new Samsung phones and tablets are running TWRP and root. Yes, with Android 13. Is it strictly because there is that A and B split thing going on ? Personally I have not written to my B partition in many months if ever.
Can there be a lesson learned from that ?
Click to expand...
Click to collapse
The A/B system is not for power users who manually flash things. It's so that updates for the 99% who use their phones normally can be done in the background. It also adds a failsafe in case one slot gets corrupted since it will automatically boot the other slot after so many failures. Previously such a failure would be an automatic brick.
Also, I think most of us power users are using the A/B system normally at this point too. You have to go out of your way to not flash an update to the other slot, all the defaults do.
HipKat said:
I don't know about that. It may not be needed but the advantages are profoundly easier than having to learn terminal commands
Click to expand...
Click to collapse
That's insane. And dangerous. When it messes up, good luck fixing it.
96carboard said:
That's insane. And dangerous. When it messes up, good luck fixing it.
Click to expand...
Click to collapse
Ummmm, what??
TWRP is a big miss for me. Nandroid Backups and phone based file explorer without having to boot to Android were just two of the numerous features I used regularly. To say it would be useless is ridiculous.
I for one would be very happy to have it make an appearance on the Pixel 7 Pro. I'm not holding my breath though, the Pixel 6 and 6 Pro still don't have it I believe.
I've used TWRP in the past. I've never understood the attraction.
Even with A/B a recovery is useful, but why would I want to play with volume buttons to express my wishes?
Just take a stock recovery, patch adbd to be rooted, patch the kernel to be permissive, done.
As Patrick Henry said, "Give me ADB or give me death!"
Renate said:
I've used TWRP in the past. I've never understood the attraction.
Even with A/B a recovery is useful, but why would I want to play with volume buttons to express my wishes?
Just take a stock recovery, patch adbd to be rooted, patch the kernel to be permissive, done.
As Patrick Henry said, "Give me ADB or give me death!"
Click to expand...
Click to collapse
You sure you've used it? TWRP is fully touch screen.
Beefheart said:
You sure you've used it? TWRP is fully touch screen.
Click to expand...
Click to collapse
You're right. I'm conflating stock recovery with TWRP.
I do remember big tiles and tapping on them.
Still, I prefer to keep my fingers on the (desktop) keyboard.
Renate said:
You're right. I'm conflating stock recovery with TWRP.
I do remember big tiles and tapping on them.
Still, I prefer to keep my fingers on the (desktop) keyboard.
Click to expand...
Click to collapse
I'm as much of a command line fan as the next nerd, but TWRP offers multiple features not available via ADB.
Renate said:
I've used TWRP in the past. I've never understood the attraction.
Even with A/B a recovery is useful, but why would I want to play with volume buttons to express my wishes?
Just take a stock recovery, patch adbd to be rooted, patch the kernel to be permissive, done.
As Patrick Henry said, "Give me ADB or give me death!"
Click to expand...
Click to collapse
Because when you don't have a computer to connect to do a restore, for example, it's imperative to have a Recovery that does backups so you can
HipKat said:
Because when you don't have a computer to connect to do a restore, for example, it's imperative to have a Recovery that does backups so you can
Click to expand...
Click to collapse
Ok. You're doing backups to a USB flash drive? Fair enough.
But, since this thread is questioning whether any custom recovery is in development wouldn't it be helpful if someone knocked off at least a custom recovery to the extent that I mentioned?
Renate said:
Ok. You're doing backups to a USB flash drive? Fair enough.
But, since this thread is questioning whether any custom recovery is in development wouldn't it be helpful if someone knocked off at least a custom recovery to the extent that I mentioned?
Click to expand...
Click to collapse
No, doing backups to internal storage, actually. How am I going to access a USB flash drive with a telephone if I’m sitting at a friend’s house and something gets corrupted, phone won’t boot, and I have to reboot to recovery where I can access an internal back up? Which cannot be done with stock recovery.
I want to clarify, i already saw many threads mentioning how you can protect your data with an unlocked bootloader, so no need to go deep into that.
But it also seems to me, many people just avoid the other issues, like an attacker being able to sideload malware in your device.
How to mitigate those other risks?
cablop said:
I want to clarify, i already saw many threads mentioning how you can protect your data with an unlocked bootloader, so no need to go deep into that.
But it also seems to me, many people just avoid the other issues, like an attacker being able to sideload malware in your device.
How to mitigate those other risks?
Click to expand...
Click to collapse
Sideloading malware requires physically access to your device. You have to reboot into bootloader mode and flashing e.g. a patched system.img and then reboot into system again. To avoid this: Never leave your device unattended.
WoKoschekk said:
Sideloading malware requires physically access to your device. You have to reboot into bootloader mode and flashing e.g. a patched system.img and then reboot into system again. To avoid this: Never leave your device unattended.
Click to expand...
Click to collapse
I am fully aware of that. But there are time you leave it unattended, you can't carry a bag with all your belongings with you to every place you must be in, e.g., bathroom, beach, gym, etc.
So, if you leave it unattended and then you come back and you think it was compromised, what can you do, apart from a full reset? Can't you have a tool that tells you if something changed, somebody took it, it rebooted, etc.?
cablop said:
I am fully aware of that. But there are time you leave it unattended, you can't carry a bag with all your belongings with you to every place you must be in, e.g., bathroom, beach, gym, etc.
Click to expand...
Click to collapse
It seems a bit paranoid... When I'm not at home my phone is in my pocket or locked up (e.g. gym). That's it.
cablop said:
So, if you leave it unattended and then you come back and you think it was compromised, what can you do, apart from a full reset? Can't you have a tool that tells you if something changed, somebody took it, it rebooted, etc.?
Click to expand...
Click to collapse
A full reset would do nothing for you. In bootloader menu you have no access to /data. Even if fully booted up nobody can access /data due to my display pattern. So, a full wipe wouldn't help you since it only wipes /data.
As I already said you could only patch the system.img/vendor.img with malware. But if Android verified boot is enabled, it's impossible to change something on these partitions.
WoKoschekk said:
It seems a bit paranoid... When I'm not at home my phone is in my pocket or locked up (e.g. gym). That's it.
Click to expand...
Click to collapse
Not really paranoid. You only need to see the ads offering ways to people to know what their partners do, don't they? Keyloggers predate Android phones, so how can i think they are not a real risk?
WoKoschekk said:
A full reset would do nothing for you. In bootloader menu you have no access to /data. Even if fully booted up nobody can access /data due to my display pattern. So, a full wipe wouldn't help you since it only wipes /data.
As I already said you could only patch the system.img/vendor.img with malware. But if Android verified boot is enabled, it's impossible to change something on these partitions.
Click to expand...
Click to collapse
BTW. If it was impossible to write on those partitions, then it would be impossible to change the firmware of the phone, but we do when we unlock the bootloader, and then we patch stuff, like a new recovery partition and even root the phone. So it is not something the Android verified boot can do.
It seems to me that while Google and the vendors think it is important to keep the bootloader locked for security reasons, the community keeps looking in other direction to say it is not, and there's no risk, but there is.
cablop said:
BTW. If it was impossible to write on those partitions, then it would be impossible to change the firmware of the phone
Click to expand...
Click to collapse
You mixed up things. A new firmware is not the same as patching /system on a stock ROM. Even a custom recovery requires a patched vbmeta.img in most cases.
Malware is an executable file that can only be stored on a file system. You can't store it on a boot.img or recovery.img since they are only binaries. No, you need e.g. /system or /vendor. Only there you could store a malicious file like a patched APK that gets executed by system during the next boot sequence.
WoKoschekk said:
You mixed up things. A new firmware is not the same as patching /system on a stock ROM. Even a custom recovery requires a patched vbmeta.img in most cases.
Malware is an executable file that can only be stored on a file system. You can't store it on a boot.img or recovery.img since they are only binaries. No, you need e.g. /system or /vendor. Only there you could store a malicious file like a patched APK that gets executed by system during the next boot sequence.
Click to expand...
Click to collapse
ok, that is interesting, but comes with a doubt... then, how does Magisk work? afaik it is a patch outside the firmware or system or data... Can't we install a malware to the phone in a similar way Magisk gets installed?
cablop said:
ok, that is interesting, but comes with a doubt... then, how does Magisk work? afaik it is a patch outside the firmware or system or data... Can't we install a malware to the phone in a similar way Magisk gets installed?
Click to expand...
Click to collapse
Even Magisk needs an installation for the Manager APK when a patched boot.img gets booted. The APK isn't part of the patch and the installation must be granted by the user.
WoKoschekk said:
Even Magisk needs an installation for the Manager APK when a patched boot.img gets booted. The APK isn't part of the patch and the installation must be granted by the user.
Click to expand...
Click to collapse
Hmmm.
Ok, maybe i am confused by thinking the bootloader of Android can work in a similar fashion as the boot of Linux or even Windows.
So, just to be sure, what you are telling me is that there's no way to install with an unlocked bootloader a malware in the system, either as new software or replacing an existing one, but that the risk is they can read my data, something that i can solve with a proper device or userspace encryption, right?
Can't we flash some things from the TWRP or alike like the GMS directly into the system?