[Q] From TWRP back to stock Recovery & locked Bootloader, keeping root & Custom ROM?
Hey everyone,
around new years eve I found out that the Android Device Manger's remote wipe is not secure enough for my needs, as it doesn't wipe the data (pictures, app data etc.) on the virtual "sdcard" of the HTC One's storage. So a potential thief could easily access my Custom Recovery and simply by flashing a custom ROM gain access to the data.
I described the problem in more detail over here: http://forum.xda-developers.com/showthread.php?t=2598154
While unlocking a friend's phone I noticed that during the "fastboot oem unlock" procedure all data is wiped from the device. Something I totally forgot about.
This behavior is exactly what I want if my device gets stolen.
I can accept the hassle to deal with a temporary custom recovery or ways to perform an online nandroid, without the comfort of a Custom Recovery and having to lock the Bootloader again after every Custom ROM upgrade. (Yes, it will be a pain in the b*ttocks, but I want my data to be inaccessible.)
What do I have:
HTC One (international GSM version)
HTCdev.com unlocked
SuperCID
TWRP as Custom Recovery
Rooted CustomRom (SinLess in my case) installed
What I want:
Bootloader to be locked (so that you can't simply flash a Custom Recovery)
Stock Recovery (so that you can't simply flash a Custom ROM)
being able to make a nandroid backup, before unlocking again
keeping root and the Custom ROM
keeping SuperCID (req. for SinLess)
I don't want to make a mistake, so I am asking for some guidance. :angel:
I am assuming correctly that just flashing the Stock Recovery image is enough to get rid of TWRP?
I know that this temporary loading of a Recovery was a thing some time ago (HTC Desire), but I haven't looked into it for years now.
Is this still possible and how do I do it? Does this allow me to perform a nandroid backup with a locked bootloader?
Otherweise: If my bootloader is locked and my recovery reverted to stock, is there a way to nandroid backup my HTC One? I know about the App "Online Nandroid" (Play Store Link) that allows to perform a nandroid backup on a rooted phone without booting to recovery. Does it work with the HTC One?
What happens if I "relock" this htcdev.com unlocked phone? Will I simply be able to use "fastboot oem unlock" (followed by a full wipe) to unlock the bootloader again? Or are there more strings attached, like requiring htcdev.com again or any other problems?
Is the CID setting affected by any of this?
Am I missing something else?
Will the following routine be my way to go if I want to flash something (ROM, Kernel etc.)?
Backup Apps: Titanium Backup
Perform full nandroid Backup (App: Online Nandroid?)
Pull nandroid Backup, Titanium Backup Files and all Data from /sdcard/
Unlock phone --> result: full wipe of device (no big deal, as everything is backed up)
Flash Custom Recovery
Push Installation files for (rooted) Custom ROM, Kernel etc.
Push Titanium Backup Files
Install (rooted) Custom ROM, Kernel etc.
Boot Phone, set it up as usual and restore Titanium Backup
Push Data back to /sdcard/
Flash Stock Recovery
Relock Bootloader
Is this correct?
Or did I miss something?
Thanks in advance
noone? :angel:
I would highly appreciate any guidance on this. Thanks in advance
spaboleo said:
noone? :angel:
I would highly appreciate any guidance on this. Thanks in advance
Click to expand...
Click to collapse
Well, instead of doing what ur trying to do, you can encrypt the phone. A full phone encryption will prevent any changes made to any of the phone partitions. Thus, a ROM cannot be flashed in TWRP recovery, which serves your purpose and is easier than what u mentioned. However, decryption will factory reset the phone.
To answer your points:
1. Yes, flashing the Stock Recovery image will get rid of TWRP. But, im not 100% sure whether the ROM will work properly on stock recovery
2. You can definitely load a recovery without flashing it. Not tried on a locked bootloader. Sorry
3. Not sure whether the Root will be maintained after locking the bootloader and flashing stock recovery. If it is, then the Online Nandroid will definitely work
4. No strings attached. oem unlock will definitely do the trick
5. Nope, u will still be S-OFF. No CID is changed
spaboleo said:
no one?
Click to expand...
Click to collapse
Since you have s-off just use revone to unlock the bootloader without wiping data.
Procedure to lock things down:
Code:
fastboot flash recovery stock_recovery.img
fastboot oem lock
Procedure to return to unlocked/custom recovery:
Code:
adb push revone /data/local/tmp
adb shell
su
cd /data/local/tmp
chmod 755 revone
./revone -u
reboot bootloader
fastboot flash recovery twrp_recovery.img
You could also do revone with file explorer and terminal emulator and then flash TWRP directly in the OS using Flashify. This would allow you to return to unlocked with custom recovery without needing a computer.
raghav kapur said:
Well, instead of doing what ur trying to do, you can encrypt the phone. A full phone encryption will prevent any changes made to any of the phone partitions. Thus, a ROM cannot be flashed in TWRP recovery, which serves your purpose and is easier than what u mentioned. However, decryption will factory reset the phone.
To answer your points:
1. Yes, flashing the Stock Recovery image will get rid of TWRP. But, im not 100% sure whether the ROM will work properly on stock recovery
2. You can definitely load a recovery without flashing it. Not tried on a locked bootloader. Sorry
3. Not sure whether the Root will be maintained after locking the bootloader and flashing stock recovery. If it is, then the Online Nandroid will definitely work
4. No strings attached. oem unlock will definitely do the trick
5. Nope, u will still be S-OFF. No CID is changed
Click to expand...
Click to collapse
Thank you
Well I looked into encryption and it would require to use a PIN or Password lock instead of the Patternlock I prefer.
There was some mod that derived a PIN from a pattern input to work around this limitation, but I don't think it's the best idea to fiddle around with system files of that level.
But after reacing cschmitt's post, about the fact that there is a way to unlock the bootloader without wiping, my whole thoughts from the initial post are pointless
I guess using Android encryption is the only way.
Is it possible to use phone encryption together with location-based (wifi-based) disabling of the encryption using the "SecureSettings Plugin" for Tasker?
cschmitt said:
Since you have s-off just use revone to unlock the bootloader without wiping data.
Procedure to lock things down:
Code:
fastboot flash recovery stock_recovery.img
fastboot oem lock
Procedure to return to unlocked/custom recovery:
Code:
adb push revone /data/local/tmp
adb shell
su
cd /data/local/tmp
chmod 755 revone
./revone -u
reboot bootloader
fastboot flash recovery twrp_recovery.img
You could also do revone with file explorer and terminal emulator and then flash TWRP directly in the OS using Flashify. This would allow you to return to unlocked with custom recovery without needing a computer.
Click to expand...
Click to collapse
Wow! Thanks for pointing that out.
So the bootloader lock does not offer the sufficient protection that I am looking for
Unless...I return to S-On each and every time a I want to flash a rom or an Update.
Can I be sure that with S-On revone does not work to unlock the bootloader without wiping?
(edit: Warning Comment: don't do that...read below)
Thanks everyone
spaboleo said:
Thank you
Well I looked into encryption and it would require to use a PIN or Password lock instead of the Patternlock I prefer.
There was some mod that derived a PIN from a pattern input to work around this limitation, but I don't think it's the best idea to fiddle around with system files of that level.
But after reacing cschmitt's post, about the fact that there is a way to unlock the bootloader without wiping, my whole thoughts from the initial post are pointless
I guess using Android encryption is the only way.
Is it possible to use phone encryption together with location-based (wifi-based) disabling of the encryption using the "SecureSettings Plugin" for Tasker?
Wow! Thanks for pointing that out.
So the bootloader lock does not offer the sufficient protection that I am looking for
Unless...I return to S-On each and every time a I want to flash a rom or an Update.
Can I be sure that with S-On revone does not work to unlock the bootloader without wiping?
Thanks everyone
Click to expand...
Click to collapse
Nope, sorry. Remote encryption is impossible. You will need to manually choose the encryption option in security settings
P.S. Please hit the THANKS button if you think I helped you
spaboleo said:
Wow! Thanks for pointing that out.
So the bootloader lock does not offer the sufficient protection that I am looking for
Unless...I return to S-On each and every time a I want to flash a rom or an Update.
Can I be sure that with S-On revone does not work to unlock the bootloader without wiping?
Click to expand...
Click to collapse
The locked bootloader still offers the same level of protection. Unlocking via fastboot still wipes data, and the only way to unlock it via revone (which does not wipe data) is to be booted into the OS, which is protected by your password/PIN/pattern lock. (You might want to disable ADB while not using it, but in current versions ADB require authorization before it will connect to a new computer, and that would require unlocking your device with the password/PIN/pattern in order to approve the connection.)
If you have a locked bootloader with stock recovery it's not possible to use revone to unlock the bootloader via fastboot or adb, so you're still protected.
You cannot use revone to unlock bootloader if s-on.
An whatever you do do not go back to s-on.
cschmitt said:
The locked bootloader still offers the same level of protection. Unlocking via fastboot still wipes data, and the only way to unlock it via revone (which does not wipe data) is to be booted into the OS, which is protected by your password/PIN/pattern lock. (You might want to disable ADB while not using it, but in current versions ADB require authorization before it will connect to a new computer, and that would require unlocking your device with the password/PIN/pattern in order to approve the connection.)
If you have a locked bootloader with stock recovery it's not possible to use revone to unlock the bootloader via fastboot or adb, so you're still protected.
You cannot use revone to unlock bootloader if s-on.
An whatever you do do not go back to s-on.
Click to expand...
Click to collapse
I was initially S-OFF. I had to S-ON the phone to give it for warranty repair. I can simply use Rumrunner to S-OFF the phone again right? Or are there any other complications?
Thank you
raghav kapur said:
I was initially S-OFF. I had to S-ON the phone to give it for warranty repair. I can simply use Rumrunner to S-OFF the phone again right? Or are there any other complications?
Click to expand...
Click to collapse
There have been a number of cases of going back to s-on with locked bootloader and then not being able to unlock the bootloader again or regain root, so could not s-off again.
cschmitt said:
The locked bootloader still offers the same level of protection. Unlocking via fastboot still wipes data, and the only way to unlock it via revone (which does not wipe data) is to be booted into the OS, which is protected by your password/PIN/pattern lock. (You might want to disable ADB while not using it, but in current versions ADB require authorization before it will connect to a new computer, and that would require unlocking your device with the password/PIN/pattern in order to approve the connection.)
If you have a locked bootloader with stock recovery it's not possible to use revone to unlock the bootloader via fastboot or adb, so you're still protected.
You cannot use revone to unlock bootloader if s-on.
An whatever you do do not go back to s-on.
Click to expand...
Click to collapse
Thank you!
I thought the revone command was operable via fastboot/adb from the bootloader as well.
That is good news.
So one question remains.
Is there a way to access data from the stock recovery (maybe locating via "adb shell ls..." and then using "adb pull...") when s-off with a locked bootloader?
Assuming adb is turned off in the OS (developer options) if not used?
If this isn't possible this seems to be the perfect solution
I thank you sincerely!
spaboleo said:
So one question remains.
Is there a way to access data from the stock recovery (maybe locating via "adb shell ls..." and then using "adb pull...") when s-off with a locked bootloader?
Assuming adb is turned off in the OS (developer options) if not used?
Click to expand...
Click to collapse
All that's available in stock recovery in the ability to flash an HTC signed zip (official OTA, for example) and to factory reset.
There is no backup/restore/adb access/file manager like in a custom recovery.
Perfect :good: :laugh:
Sorry for asking that many questions, but as user the motto is "better safe than sorry".
I unlocked and s-offed my HTC One around June-August 2013 and besides a quick TWRP update here and there and a monthly ROM upgrade there was absolutely no need to fiddle around with it more.
Aftermarket development has become that reliable that it's actually possible to find a good "set it and forget it" daily driver setup.
And since I am not a developer and don't deal with those questions on a regular basis, I'm always not 100% sure if I get all the facts right.
Thanks for helping me out with this one!
I'm going to try it next weekend or next week: Going to backup my data and simulate a potential theft with the locked bootloader and reverted to stock recovery. Remote-Wiping the device, unlocking the bootloader conventionally via fastboot and making sure that this wipes all user-data on the phone. And then I'm going to give that booted into OS, revone unlock a try and simulate a potential rom upgrade, just as you described it.
Right now I just can't risk my daily driver phone, as I wouldn't have the time to set it up again.
Thanks for your extended help
Finally feeling secure again on Android.
Hi everybody,
after reading about how to upgrade & root the Xperia SP on the 4.3 firmware I followed the guides to get everything set up.
Now, after being nearly there I'm stuck with a black booting screen.
Here follow the steps I did undertake so far, any help to resolve my issue would be very welcome.
I started with firmware 12.0.A.2.245 rooted with Doomlords method (flash old kernel, root, flash .245 kernel again)
1 backup contacts/messages etc
2 do TA partition Backup with Backup-TA
3 update firmware using PC-Companion
4 unlock bootloader with official sony guide
5 fastboot flash cwm / superSU
---> everything worked fine so far (phone was operational), now I wanted to get the screen mirroring working - meaning the bravia engine. So I went for
6 Backup-TA check backup integrity with dry restore
7 Backup-TA restore TA partition
last step of the restore was: reboot device, which got me to the black screen - which is where I am stuck now.
All I managed so far is entering the fastboot mode, I could confirm this working by issuing a "fastboot devices" which listed the phone as available.
Anyone got any ideas to what went wrong and how to fix this?
update: after going through the unlock bootloader procedure again the phone boots normally again ( fastboot.exe -i 0x0fce oem unlock 0x[...] ) . Now the last problem is getting the TA partition back.
Is this even possible while keeping root?
Flash stock kernel .266 before restoring TA partition.
go to flashmode and flash the kernel.ftf, links of which can be found by searching.
this problem has been posted as FAQ in Bootloader unlocking relocking thread.
Thanks! I'll try this. I thought you only had to reflash the stock kernel if you wanted to relock the bootloader
In the Xperia SP versions which don't allow bootloader unlocking (Bootloader unlock allowed: no) , does the phone not boot in fastboot mode? I can go to Flashtool mode but not to fastboot. Is this the reason why?
update:
I only got you question now.
It is true that fastboot doesn't work with locked bootloaders, and that Flashtool does work.
But that doesn't mean your custom rom or kernel you flash with flashboot will boot. It works for stock.
If you're at 4.1 there are ways to get root and CWM, I don't think there are easy ways to flashing custom rom or installing root or CWM from 4.3 unrooted without unblocking, getting back to 4.1 to get root on 4.3, or perfoming factory reset.
You may want this: http://forum.xda-developers.com/showthread.php?t=2649923
It's a very long way, but at least it works. You can get 4.3 rooted with recovery, but you must go back to 4.1.2 to run CWM once. That is for root; Recovery procedure includes factory resetting...
Hope you can get it working as you want... Locked bootloader really are nasty
Hello everyone, i am pretty bad at english so dont judge me becouse of this, and i am also noob here
So, i have problem. Why i cannot enter into recovery mode? I want to flash custom rom in my phone, i already have succesfully rooted with this method http://forum.xda-developers.com/xperia-z/general/guide-how-to-root-10-5-1-0-283-t2872873 and now i want custom rom, but i cant flash it becouse i cant enter in recovery mode, whats the problem? And another question, did i need unlocked bootloader for custom roms? What if i need it but i have already rooted? Did its big risk to unlock bootloader for already rooted phone? Sorry guys i am noob here, thanks for help!
First, did you install any recovery like CWM or TWRP or Phil...
on the page it talks about XZDualRecovery: you may choose any other if you prefer
if not there is no GUI based recovery in Sony Software and you need to install them separately.
Since you have already Rooted the Phone..
1. Start with This, go to the below link and backup your TA partition
http://forum.xda-developers.com/showthread.php?t=2292598
This backup is very important if you want to revert back to factory image so keep it safe. WITHOUT THIS BACKUP DO NOT UNLOCK YOUR BOOTLOADER
2. Only on successful backup of TA, think about unlocking your bootloader. from your dialer dial *#*#7378423#*#*, and check if you have "Bootloader unlock allowed: Yes"
Unlocking the bootloader means you can install any of the ROM's available for your phone. If you don't want to unlock or cannot unlock then you may be restricted ROM's with Sony Kernels only.
suppose I unlock my bootloader, install custom recovery like TWRP and now, If I wish to RE LOCK my bootloader ( dont ask why), is it necessary to have the STOCK recovery installed before relocking or custom recovery will be fine?
Thanks.
Relocking the bootloader is NOT recommended. That said, you can and should keep TWRP if you choose to lock it.
Oh okay. I read somewhere that if you choose to re lock your bootloader you have to go FULL STOCK ( ROM + Recovery). I guess that might not be the case for nexus devices?
Relocking the bootloader will wipe your data, but it doesn't play cop and make sure everything is stock. All the bootloader does is pass off control of the device from the low level firmware that we cannot access to either the recovery or Android itself. Locking the bootloader only ensures that the possessor of the device cannot change the contents of the partitions from outside the device using ADB. A device with TWRP and a locked bootloader can still install custom ROMs, and possibly even root.
However, there is practically zero reason to ever lock the bootloader once unlocked, leaving people to wonder why you would want to.