Hi guys and girls,
I bought a oneplus 7 pro recently and wanted to unlock the bootloader and root it to install the xXx Nolimits mod except I made some errors (I believe I removed too much bloatware with the .profile file, my WIFI and my mobile data were no longer working), so I re-lock the bootloader except that I got this error message: "Your Device is corrupt. It can't be trusted and will not boot", I was scared for a moment but I managed to access the fastboot and re-unlock the bootloader this time to remove everything that was not there in the stock phone and re-lock the bootloader.
I did all the checks after re-locking my bootloader (root check, safety net check, sensor check, Widevine check and stock recovery check) and absolutely no problem, everything is in order.
My question is: is it possible that something has been changed in the low level of android? (I just install TWRP with fastboot, flash Magisk with TWRP and finally flash the xXx nolimits mod).
Thanks for your help !
Related
I really hate that boot screen that makes you think your phone is going to blow up because the bootloader is unlocked... I realize that having it unlocked is perfectly fine, and with Magisk, all the Google security stuff still works just fine.. I also know that an unlocked booloader makes it much easier to flash updates (flash-all but remove the -w) ... So please don't try to explain why I should leave my bootloader unlocked.
WIth my HTC phones, unlocking the bootloader would erase the phone (obviously, and just like the Pixel 2). Locking the bootloader wouldn't erase the phone on the HTC, but with the Pixel 2, the instructions say that it WILL ERASE THE PHONE.
With the HTC, the wipe happened in recovery, so if I had TWRP installed, the phone wouldn't erase... I could easily switch between locked and unlocked, and as long as I had TWRP installed, the phone would "think" it was going to erase, but I stopped it.
So my question is... Does the Pixel 2 wipe the phone on lock/unlock through recovery? If so, can I lock the phone with TWRP installed in recovery and prevent that lock? I know I can make a backup and try it and see, but since the Feb update, getting into a decrypted recovery has become a pain (remove pin/password, reboot, reboot to recovery, do what you want, reboot to system, add the pin/password, add fingerprint, open EVERY SINGLE APP THAT USES FINGERPRINT AND SET LOGIN AND REGISTER THE FINGERPRINT - it frustrates me, in case you can't tell).
You cannot flash TWRP unless you are unlocked so at this time there is no way to unlock the bootloader without a full wipe.
I think you misunderstood the question. I have unlocked the bootloader (let it wipe) and installed TWRP. I want to know if the re-lock will wipe through recovery (and therefore be stopped by TWRP) or if it does the wipe using some other method (and therefore wiping regardless).
1. You won't be able to maintain your userdata while switching between locked and unlocked states.
2. You will likely not be able to boot your device either after locking your phone.
For 1)
The Pixel 2 enables FBE (filesystem-based encryption) by default for your userdata partition. The encryption keys are derived from a hardware secret (accessible only from TrustZone), the RSA public key that was used to sign the boot image and a flag (whether it is locked or unlocked). The latter parameters are provided by the bootloader (lk) to the Keymaster trustlet (running in TrustZone).
If any of these parameters change, then the encryption keys will change as well. As a result, your files will remain inaccessible even if you were hypothetically able to flip the lock state.
For 2)
Unlocking the bootloader (fastboot flashing unlock) will disable verification of the boot image. TWRP is installed by modifying the boot image (in both the "a" and "b" slots) which invalidates the Verified Boot signature that covers this boot image (stored in the vbmeta partition). When the device is locked again, the bootloader will fail to pass the signature check and stay in the "red" boot state. At that point I guess you have a brick (I have not tried this myself for obvious reasons).
Source: reading the lk source code and various Android documentation such as https://source.android.com/security/encryption/file-based
Lekensteyn said:
When the device is locked again, the bootloader will fail to pass the signature check and stay in the "red" boot state. At that point I guess you have a brick (I have not tried this myself for obvious reasons).
Click to expand...
Click to collapse
The signature of the Custom ROM (Official LineageOS) can be integrated into the bootloader before re-locking the bootloader.
But this is the problem: "Lineage Recovery is also built in userdebug mode, that's a problem. When Lineage recovery is built this way, it allows any package, signed or unsigned, to be installed on your phone. This effectively negates the benefits of locking the bootloader. [...] In fact most custom ROMs simply use TWRP or another third party recovery which has the same issues as they are designed to never even look at the signatures of the packages they are flashing to your device."
"A discussion about bootloader locking/unlocking... AKA I want to relock my bootloader, should I?: LineageOS"
https://www.reddit.com/r/LineageOS/comments/n7yo7u
I rooted my s7, latest version of 8.0 United Kingdom (g930fxxu4esae build r16nw.g930fxxs5esf6). I used TWRP and magisk.
All was well until I rebooted, then got the dreaded "custom binary blocked by frp lock". I was able to take the stock rom and install the AP file, and now it's working again except that of course root is gone. I suspect that if I attempt to root again, I will run into the same error on a reboot.
I've done some googling but haven't found anything really reliable sounding about getting around this problem.
EDIT: UPDATE: I've flashed the latest version of BTU on phones 1 and 2. I've successfully rooted phone 1 and it seems to be sticking. Phone 2 I'm still working on, it doesn't have to be rooted though as it's more of a backup for gaming. Thanks again to everyone in this thread for all the good advice and info.
You are going to have to re flash you current firmware unrooted and before you root, enable OEM unlocking in developer options AFTER setting up your google account(you have to use the same google account as you did before), unfortunately there is no way of force enabling OEM unlock with a flashable zip on the s7, well least to my knowledge. FRP lock is googles factory reset protection, which stops people from factory resetting a phone and then just use their google account instead of the one they don't know the password too, and it stops custom binaries like trwp from booting and even a stock binary that has been rooted from booting because it thinks you could be trying to bypass FRP.
Enabling OEM unlocking with disable FRP lock on the device, allowing you to use custom binary and boot normally without the checks.
Viper4060 said:
You are going to have to re flash you current firmware unrooted and before you root, enable OEM unlocking in developer options AFTER setting up your google account(you have to use the same google account as you did before), unfortunately there is no way of force enabling OEM unlock with a flashable zip on the s7, well least to my knowledge. FRP lock is googles factory reset protection, which stops people from factory resetting a phone and then just use their google account instead of the one they don't know the password too, and it stops custom binaries like trwp from booting and even a stock binary that has been rooted from booting because it thinks you could be trying to bypass FRP.
Enabling OEM unlocking with disable FRP lock on the device, allowing you to use custom binary and boot normally without the checks.
Click to expand...
Click to collapse
Correct basically turn FRP lock off it's a pain in the ass.
Also @kettir this is the final release of BTU not the one you have in your post 》》https://www.sammobile.com/samsung/galaxy-s7/firmware/SM-G930F/BTU/download/G930FXXU5ESD2/270504
cooltt said:
Correct basically turn FRP lock off it's a pain in the ass.
Also @kettir this is the final release of BTU not the one you have in your post 》》https://www.sammobile.com/samsung/galaxy-s7/firmware/SM-G930F/BTU/download/G930FXXU5ESD2/270504
Click to expand...
Click to collapse
Thanks for more great advice and info. It appears that now the requirements are:
Download the latest BTU as per your note because I like it better
Flash it to attain a "stock" system.
Go through the minimum setup after reboot and get developer options.
Set up google account
Enable OEM unlocking (and USB debugging of course)
flash TWRP
go into recovery immediately
Use TWRP to flash magisk
go back into download mode immediately
flash only the AP from the stock firmware
And this might, possibly, achieve root with magisk, while keeping the stock bootloader. That is, if I understand what TWRP and magisk are actually doing to the system. I.e., TWRP replaces the system part that handles recovery, while magisk roots the phone without changing the system, so that TWRP is the problem for FRP.
As title said: I have an 1+8 device and unlocked bootloader lock,but I am wanna to keep my magisk models and re-lock it. I also flashed twrp and edxposed. could I re-lock using custom vbmeta partition? or modify my aboot to remove boot verify. If I directly use "fastboot oem lock" ,it says a letter said my device are occoupt? or sth,in red. could these methods jailbrake google's boot verify ,disable ignore these red letter ,directly boot hydragon os or oxygen os? thanks
Markpeng0315 said:
As title said: I have an 1+8 device and unlocked bootloader lock,but I am wanna to keep my magisk models and re-lock it. I also flashed twrp and edxposed. could I re-lock using custom vbmeta partition? or modify my aboot to remove boot verify. If I directly use "fastboot oem lock" ,it says a letter said my device are occoupt? or sth,in red. could these methods jailbrake google's boot verify ,disable ignore these red letter ,directly boot hydragon os or oxygen os? thanks
Click to expand...
Click to collapse
You can't have a locked bootloader with any changes to system like that or verified boot will not let it boot up, as you've seen and there's really no way around that
If you change aboot, it still won't boot
if i modify vbmeta partion and compeletely changed verification files? is it possible? or could i flash a boot file modified from Android older version to skip this limit. thanks
Not possible, but I do not understand why you would even worry about un rooting. I see no possible reason why you would even risk bricking your device!
But if it means so much to you go ahead, and then you will know why.
I recommend against it, you will basically have a paperweight. When you relock the system checks for a signature, if it is not found, then the phone won't boot. Or something like that.
Markpeng0315 said:
As title said: I have an 1+8 device and unlocked bootloader lock,but I am wanna to keep my magisk models and re-lock it. I also flashed twrp and edxposed. could I re-lock using custom vbmeta partition? or modify my aboot to remove boot verify. If I directly use "fastboot oem lock" ,it says a letter said my device are occoupt? or sth,in red. could these methods jailbrake google's boot verify ,disable ignore these red letter ,directly boot hydragon os or oxygen os? thanks
Click to expand...
Click to collapse
Sounds like you want to modify the boot.img and create a sub partition to force boot a custom firmware? If that's the case then you seem to know about coding or at least modifying firmware. So why don't you just download OnePlus 8 firmware, create a virtual SDK and play around with the new Android 10 firmware. Because even if you did these modification on other phones it stands to reason that they were on older Android builds. This will keep your phone safe and give you the opportunity to test your theory. Happy modding!
Recently rooted my new Zenfone 7. Is it possible to remove Bootloader unlocked Warning message at the start up of the system? Thanks for an answer.
re-lock the bootloader
Boot into fastboot, then send this command from your pc.
fastboot oem asus-lock
how did you get root to work? I followed the instructions listed and it would not work for me.
I followed the instructions there: https://forum.xda-developers.com/t/recovery-official-twrp-for-asus-zenfone-7-series.4161719/ in fastboot mode you should update android drivers manually through device manager to get it work otherwise you'll get " waiting on device " error and it won't flash TWRP.
Is it possible to remove Bootloader unlocked warning without re-locking device though?
Jkm15 said:
I followed the instructions there: https://forum.xda-developers.com/t/recovery-official-twrp-for-asus-zenfone-7-series.4161719/ in fastboot mode you should update android drivers manually through device manager to get it work otherwise you'll get " waiting on device " error and it won't flash TWRP.
Click to expand...
Click to collapse
Getting TWRP on and working was fine. It was when I went and tried to flash Magisk that it kept causing a bootloop.
Jkm15 said:
Is it possible to remove Bootloader unlocked warning without re-locking device though?
Click to expand...
Click to collapse
Why? Unless you plan on overwriting TWRP, there is no benefit to having it unlocked all the time. TWRP will still work after it is re-locked. and you can unlock it again via the app anytime you need to update.
Joeb2000 said:
Getting TWRP on and working was fine. It was when I went and tried to flash Magisk that it kept causing a bootloop.
Why? Unless you plan on overwriting TWRP, there is no benefit to having it unlocked all the time. TWRP will still work after it is re-locked. and you can unlock it again via the app anytime you need to update.
Click to expand...
Click to collapse
Had locked bootloader on device with magisk. Result is fastboot loop =|
Same wish here. that warning screen is ugly....
Hello again! I have a problem, i have the original firmware and the tool to flash it in case anything goes wrong (MTK Client), so i unlocked the bootloader, the problem is that when you unlock the bootloader, the baseband says (020null) and imei is unknown. I tried to restore my own nvcfg, nvram and nvdata to no luck, when I lock the bootloader, they appear again without flashing anything. So there must be something in the system that checks if you have the bootloader locked or not... I want to know how to disable it because I want to have root (I have rooted it with no issues, but i want my imei you know), i thought init.rc may have something to do with it, here is it (https://gist.github.com/ThePinkLyna/a43e65572896a57af2624610f74d00f2).
By the way my phone is an Alcatel 5007G, MTK 6762. Any ideas in where could be the block? The bootloader? An script in the system? There must be a way, right?
Re-lock the bootloader.
Android can get rooted without having the bootloader got unlocked before.
It's the Android kernel that checks if bootloader is locked or not.
xXx yYy said:
Re-lock the bootloader.
Android can get rooted without having the bootloader got unlocked before.
It's the Android kernel that checks if bootloader is locked or not.
Click to expand...
Click to collapse
How to get root without unlocking the bootloader? Because if i patch boot.img to use with magisk, then it goes into red state because secure boot. I know, the last thing you said, but i was talking about the system, there must be something which checks if the bootloader is unlocked or not and if its unlocked then it blocks the imei, i doubt android does that by default.
well, not answer to your original question, however try bootless-root method. but read warnings about limitations on locked bootloader (do not modify boot, system, ...)
TheAndrew579 said:
How to get root without unlocking the bootloader? Because if i patch boot.img to use with magisk, then it goes into red state because secure boot. I know, the last thing you said, but i was talking about the system, there must be something which checks if the bootloader is unlocked or not and if its unlocked then it blocks the imei, i doubt android does that by default.
Click to expand...
Click to collapse
You can doubt all, it's on you. Also take note that
1. every Android device comes shipped with a recovery partition by default,
2. you can't use a Custom Recovery like TWRP to restore lost IMEI.
are you sure it's bootloader lock state and not Magisk? I have same issue with Redmi 6, when booted in Magisk from fastboot baseband is unknown. normal boot baseband reappear (nothing flashed)
my suspect is magisk mount overlay (have to dig more into)
https://github.com/topjohnwu/Magisk/issues/426
What Magisk version you tried?
xXx yYy > /dev/null
aIecxs said:
are you sure it's bootloader lock state and not Magisk? I have same issue with Redmi 6, when booted in Magisk from fastboot baseband is unknown. normal boot baseband reappear (nothing flashed)
my suspect is magisk mount overlay (have to dig more into)
https://github.com/topjohnwu/Magisk/issues/426
What Magisk version you tried?
xXx yYy > /dev/null
Click to expand...
Click to collapse
Its not Magisk, because the problem starts happening when i unlock the bootloader, when i unlock it (Without installing magisk or flashing anything), and androids appears again, i go to info and it says baseband = 020null and imei unknown, if i flash magisk, then i get root but still no imei.
Im talking about the original firmware, unlocked bootloader = no imei, when i lock it again after uninstalling magisk (By flashing the original boot.img) then the imei appears again.
aIecxs said:
well, not answer to your original question, however try bootless-root method. but read warnings about limitations on locked bootloader (do not modify boot, system, ...)
Click to expand...
Click to collapse
And my android security version is newer, so that method wont work, still, i want root so i can uninstall system apps, so an unlocked bootloader is a must, but how exactly if when i unlock it i lose the imei? Thats the problem
you don't need root to get rid of system apps. this will do it. be careful what you're doing, in case of bootloop the only way left is factory reset. do a backup before.
Code:
adb shell cmd package disable --user 0 <pkgname>
How to disable any pre-installed system app bloatware on Android without root
If you hate the bloatware or pre-installed apps on your Android smartphone, here's how to disable them even if Android doesn't normally let you.
www.xda-developers.com