Database Develop

[Security breach?] Your data is NOT SAFE! Simple bypass of data wipe when unlocking

I've always been a bit startled by how the bootloader bootloader is unlocked on my nexus 4. After pushing the unlock command to my device and choosing "yes", the bootloader is unlocked right away. The data isn't wiped before I reboot into the system, while on the nexus 7 the bootloader is not unlocked before after the wipe.
Yesterday i re-locked, rebooted and unlocked my device again as an experiment. I then proceeded to boot a custom recovery without rebooting into the system. I suceded, and was able to boot into TWRP without the bootloader wiping my data. I could then proceed to adb pull/push watever i wished from the data partition or any other partition without the data having been wiped. What? I thought my data was secure after re-locking my bootloader, but it appears it isn't.
If this applies to all nexus 4 devices, I was also able to reboot into the system after wiping cace from TWRP. This means you can oem unlock and root without without my data being wiped simply by booting a custom recovery right after unlocking.
If this applies to all nexus 4 devices, our data is not safe. This means that even normal users with locked bootloaders can have their data stolen easy as pie. We need more confirmations on this issue to confirm it. If you are willing to try, just follow the instructions below. Please report if it works or if it doesn't. WARNING! Do this at your own risk! I'm not responsible if your data is wiped, etc. Please perform a full nandroid or adb backup and copy it to a safe place before performing the following seps:
1. If you're unlocked, re-lock your bootloader and reboot into fastboot:
Code:
fastboot oem lock
fastboot reboot-bootloader
2. Unlock your bootloader:
Code:
fastboot oem unlock
3. There's no need to reboot into bootloader after performing the previous step. It makes no difference. Just do not reboot into the system.
4. Flash or boot a custom recovery:
Code:
fastboot flash recovery custom_recovery.img
OR
Code:
fastboot boot custom_recovery.img
5. Now you're in custom recovery if all goes as expected. Root by flashing SuperSU/whatever or pull data with adb or do some serious damage! :good:
6. If you want to reboot back into your system without loosing data, you'll have to wipe cache in custom recovery. This prevents the bootloader from rebooting back into the stock recovery (if you didn't overwrite it) and wipe your phone. If you flashed a custom recovery and you're stuck in a bootloop or something, this applies to you too.
And again: Please report back if it worked or if it didn't! Good luck! :^)
Edit: This wasn't all my idea. Found out about the last cache wipe step here.

fiskenigaten said:
I've always been a bit startled by how the bootloader bootloader is unlocked on my nexus 4. After pushing the unlock command to my device and choosing "yes", the bootloader is unlocked right away. The data isn't wiped before I reboot into the system, while on the nexus 7 the bootloader is not unlocked before after the wipe.
Yesterday i re-locked, rebooted and unlocked my device again as an experiment. I then proceeded to boot a custom recovery without rebooting into the system. I suceded, and was able to boot into TWRP without the bootloader wiping my data. I could then proceed to adb pull/push watever i wished from the data partition or any other partition without the data having been wiped. What? I thought my data was secure after re-locking my bootloader, but no!
I was also able to reboot into the system after wiping cace from TWRP. This means I can oem unlock and root without without my data being wiped simply by booting a custom recovery right after unlocking.
I want to find out if this applies to all other makos on all bootloaders. If you are willing to try, this is what I did. Please report if it works or if it doesn't. WARNING! Do this at your own risk! I'm not responsible if your data is wiped. Please perform a full nandroid backup and copy it to a safe place before performing the following seps:
1. If you're unlocked, re-lock your bootloader and reboot into fastboot:
Code:
fastboot oem lock
fastboot reboot-bootloader
2. Unlock your bootloader:
Code:
fastboot oem unlock
3. There's no need to reboot into bootloader after performing the previous step. It makes no difference. Just do not reboot into the system.
4. Flash or boot a custom recovery:
Code:
fastboot flash recovery custom_recovery.img
OR
Code:
fastboot boot custom_recovery.img
5. Now you're in custom recovery if all goes as expected. Root by flashing SuperSU/whatever or pull data with adb or do some serious damage! :good:
6. If you want to reboot back into your system without loosing data, you'll have to wipe cache in custom recovery. For some reason this keeps the stock recovery from wiping the phone. If you flashed a custom recovery and you're stuck in a bootloop or something, this applies to you too.
And again: Please report back if it worked or if it didn't! Good luck! :^)
Edit: This wasn't all my idea. Found out about the last cache wipe step here.
Click to expand...
Click to collapse
The upside is, the person who steals or finds your phone is most likely not a developer, an android nerd, or has ever heard of XDA to gain this information.

Semantics said:
The upside is, the person who steals or finds your phone is most likely not a developer, an android nerd, or has ever heard of XDA to gain this information.
Click to expand...
Click to collapse
/deleted I have no idea what I'm talking

Not up for experimenting, but it reminded me of my experience on the N4.
-initial BL unlock via the standard method = data wiped,
-upon relocking, and then unlocking the BL again = no data wipe (same method as above)
Can't recall if the behaviour was the same on my GN.

CMNein said:
Not up for experimenting, but it reminded me of my experience on the N4.
-initial BL unlock via the standard method = data wiped,
-upon relocking, and then unlocking the BL again = no data wipe (same method as above)
Can't recall if the behaviour was the same on my GN.
Click to expand...
Click to collapse
My data is allways wiped after bootloader unlock, but it is only wiped upon reboot. It was like that the first time as well.

I can almost (95%) confirm this, because the first time I unlock my Nexus 4, I fastboot flash cwm directly, and boot into recovery, to flash PA and wipe cache and data. Everything in my sdcard was intact and I was also confused like you did.
Maybe if I ever wanted to full wipe again I will give it a try...

ksilver89 said:
I can almost (95%) confirm this, because the first time I unlock my Nexus 4, I fastboot flash cwm directly, and boot into recovery, to flash PA and wipe cache and data. Everything in my sdcard was intact and I was also confused like you did.
Maybe if I ever wanted to full wipe again I will give it a try...
Click to expand...
Click to collapse
Excactly! This is really careless by Google. It means NO nexus 4 without encryption is safe! I want my data to be safe!

I don't get it. I thought even Samsung's phones you can do that? Just just go flash cf root then yeah done? Are they even trying to protect the data in your internal memory data from getting stolen?

fiskenigaten said:
My data is allways wiped after bootloader unlock, but it is only wiped upon reboot. It was like that the first time as well.
Click to expand...
Click to collapse
Sorry, I should have clarified I was referring to the virtual sdcard side of it.

Yup this is the exact reason I opened a thread about compatibility issues with encryption and CWM recovery. We have to encrypt our phones if we want to secure our data. What are the options once we go the 3rd party recovery route is another question.
http://forum.xda-developers.com/showthread.php?p=41257911
Sent from my Nexus 4 using Tapatalk 2

Excactly! This is really careless by Google. It means NO nexus 4 without encryption is safe! I want my data to be safe!
Click to expand...
Click to collapse
Guess it's time to encrypt your device then...
Seriously, bugs and exploits are going to happen. This is software written by humans, after all.
If you are serious about data security on your device, you would have already encrypted by now.

Can confirm easily. I relocked my boot loader with my phone at its current state. (CMRC1 + Bricked Kernel). Then proceeded to unlock, rebooted boot loader, booted into recovery, wipe cache, data intact
Sent from my Nexus 4 using xda premium

Well if someone steals your phone they most likely don't give a **** about your data (unless there's bank info on it) they probably just wanna resell it for an easy 3-400$
Sent from my Nexus 4 @1.72 GHz on Stock 4.2.2

To be honest if you want your bank info safe never put it on a device that is easily lost or stolen or transmits the info over the air.
Wayne Tech Nexus

Guys, honest question. If someone were to grab your data but you encrypted it via the settings menu, does that mean they can still decipher your contents? For example, the TSA is known to get your electronic items and copy the data for their "Security protocol." Would this allow them to copy the data but not decipher it?
Sent from my Nexus 4

nexicon said:
Guys, honest question. If someone were to grab your data but you encrypted it via the settings menu, does that mean they can still decipher your contents? For example, the TSA is known to get your electronic items and copy the data for their "Security protocol." Would this allow them to copy the data but not decipher it?
Sent from my Nexus 4
Click to expand...
Click to collapse
If the TSA got ahold of your device they would be able to decrypt it easily enough. No amount of encryption would prevent that.

zelendel said:
If the TSA got ahold of your device they would be able to decrypt it easily enough. No amount of encryption would prevent that.
Click to expand...
Click to collapse
Nothing in this country is safe and private anymore. Sigh..
Sent from my Nexus 4

nexicon said:
Nothing in this country is safe and private anymore. Sigh..
Sent from my Nexus 4
Click to expand...
Click to collapse
Not really. The only way to beat Gov hackers is to be a better hacker.

zelendel said:
Not really. The only way to beat Gov hackers is to be a better hacker.
Click to expand...
Click to collapse
Easy for you to say
Sent from my Nexus 4

nexicon said:
Easy for you to say
Sent from my Nexus 4
Click to expand...
Click to collapse
No not really man. Not sure what Country your in but it is most likely not very different here.

[HELP] How to Install TWRP without PC.

Hello everyone,
I'm in a little trouble. I need to install custom recovery on my Xperia SP C5302 but I have no PC.
How can I install TWRP ( preferred ) / CWM/Philz on my device ? Is there any way ?
Thank You.
Note : There's a cyber cafe beside my house. But all their computers are running Windows XP.
If there's no way to install without PC then can I be able to install custom recovery on my device with Win XP ?
Thanks again.

Do you have root?

TechnoSparks said:
Do you have root?
Click to expand...
Click to collapse
Yes I'm rooted and my bootloader is unlocked.

Are you ready to bear any risks?

TechnoSparks said:
Are you ready to bear any risks?
Click to expand...
Click to collapse
Yes I'm. but what kinda risk ? soft brick ? or something else ?

rhrokib said:
Yes I'm. but what kinda risk ? soft brick ? or something else ?
Click to expand...
Click to collapse
Most likely soft brick. But who knows, hard bricks even happen when they never touched anything for some people.

TechnoSparks said:
Most likely soft brick. But who knows, hard bricks even happen when they never touched anything for some people.
Click to expand...
Click to collapse
okay. Is there any way to install TWRP without PC then ?

or any custom recovery. philz, CWM anything

Install a terminal emulator by Jake Pelvich from Play store.
Extract the official TWRP img from the TWRP fota zip, or, if you already downloaded an official img, put it into the root of your internal storage.
For ease of access, but still mnemonic, rename the img into "twrp.img"
Open your terminal emulator, and enter "su" and run. This will make the terminal to request root, as you're elevating the shell into root.
Now, we "dd" the TWRP image into your FOTA partition. Copy and run the following:
Code:
dd if=/storage/emulated/0/twrp.img of=/dev/block/platform/msm_sdcc.1/by-name/FOTAKernel bs=4096
Reboot to check if recovery is accessible after hitting volume up when LED lights up

TechnoSparks said:
Install a terminal emulator by Jake Pelvich from Play store.
Extract the official TWRP img from the TWRP fota zip, or, if you already downloaded an official img, put it into the root of your internal storage.
For ease of access, but still mnemonic, rename the img into "twrp.img"
Open your terminal emulator, and enter "su" and run. This will make the terminal to request root, as you're elevating the shell into root.
Now, we "dd" the TWRP image into your FOTA partition. Copy and run the following:
Reboot to check if recovery is accessible after hitting volume up when LED lights up
Click to expand...
Click to collapse
Thanks a lot. Maybe it works. But how to boot into recovery ?
explain me please.

rhrokib said:
Thanks a lot. Maybe it works. But how to boot into recovery ?
explain me please.
Click to expand...
Click to collapse
Like already mentioned, press volume button UP when the LED lights up during your XSP bootup

TechnoSparks said:
Like already mentioned, press volume button UP when the LED lights up during your XSP bootup
Click to expand...
Click to collapse
There is no LED during bootup. Either I didn't understand. I tried with software to boot into recovery. But my device just complete a reboot everytime. What to do ?

rhrokib said:
There is no LED during bootup. Either I didn't understand. I tried with software to boot into recovery. But my device just complete a reboot everytime. What to do ?
Click to expand...
Click to collapse
What ROM are you using? You need a ROM that can boot a FOTAKernel recovery, and not all of them can (especially stock based ones, since stock by default doesn't allow this).

Ditto.
If you are not using a ROM that supports booting from TWRP, then I can't suggest a method to install other recoveries without a PC.
I do not say it is impossible though, but it'll take a lot of brain power, and moderate understanding of shell scripting in order to reverse engineer the other recoveries provided in the dev subforum.

TechnoSparks said:
Ditto.
If you are not using a ROM that supports booting from TWRP, then I can't suggest a method to install other recoveries without a PC.
I do not say it is impossible though, but it'll take a lot of brain power, and moderate understanding of shell scripting in order to reverse engineer the other recoveries provided in the dev subforum.
Click to expand...
Click to collapse
I tried with Terminal Emulator and it seems okay. But I can't boot into recovery. Tried a lot of process. Doesn't work. Now can I install TWRP with pc ? or I need to flash my stock back to install from PC as I replaced my stock img file ?
Again if I flash stock now, will my bootloader be locked again ?

rhrokib said:
I tried with Terminal Emulator and it seems okay. But I can't boot into recovery. Tried a lot of process. Doesn't work. Now can I install TWRP with pc ? or I need to flash my stock back to install from PC as I replaced my stock img file ?
Again if I flash stock now, will my bootloader be locked again ?
Click to expand...
Click to collapse
Like already explained by Tomoms and me, you need a ROM that supports booting recovery from the FOTA partition in order for my explained method to work. You didn't also tell us which ROM you are using.
No, you dont need to flash your stock back. Leaving the FOTA partition replaced does no absolute harm at all.
If you flash stock, your bootloader will still remain unlocked. In order to relock, you will need to explicitly relock it, by using the relock bootloader option provided by flashtool. If you backed up your TA partition, restoring it will automatically relock your bootloader.

TechnoSparks said:
Like already explained by Tomoms and me, you need a ROM that supports booting recovery from the FOTA partition in order for my explained method to work. You didn't also tell us which ROM you are using.
No, you dont need to flash your stock back. Leaving the FOTA partition replaced does no absolute harm at all.
If you flash stock, your bootloader will still remain unlocked. In order to relock, you will need to explicitly relock it, by using the relock bootloader option provided by flashtool. If you backed up your TA partition, restoring it will automatically relock your bootloader.
Click to expand...
Click to collapse
Okay thanks everyone. I finally installed TWRP, CWM as well as Philz.
I was using 4.3 Stock. Finally installed those from Doomlord's thread. That was really handy to use.
again thank you all for supporting me.

rhrokib said:
Okay thanks everyone. I finally installed TWRP, CWM as well as Philz.
I was using 4.3 Stock. Finally installed those from Doomlord's thread. That was really handy to use.
again thank you all for supporting me.
Click to expand...
Click to collapse
Alright, good to know you finally installed the recoveries. 4.3 Stock ROM does not support my method explained in my recent post. And no problem!

Guide: Relock bootloader with custom rom on oneplus 5/5t

Oneplus 5/5T bootloader included with 5.1.5 firmware allows booting self-signed recoveries and kernels. In short, you generate signing keys; sign recovery and kernel from your current custom rom (kernel could be signed on the phone); transfer recovery on your phone; apply boot signer for kernel; and relock bootloader. This guide borrows from Chainfire's guide and customizes it for our device.
PROS:
1. Virtually total protection of your data, especially if encrypted
2. Inability to flash another recovery, even stock recovery (if OEM unlock allowed is unchecked)
3. Inability to flash another kernel, including stock kernel, (again if OEM unlock is unchecked)
4. Inability to unlock bootloader in fastboot, see above
5. Total inability to flash anything in fastboot. The only access to the phone is through TWRP
6. You can still change/update roms, backup/restore data to your liking
7. You get a different boot warning screen: 'your phone has loaded a different operating system' with a fingerprint (four rows of numbers). Write them down and compare once in a while: if the numbers are different, someone (and I am talking a sophisticated adversary) tempered with your phone
CONS:
1. You would have to set up things once
2. When changing or updating roms, one extra step is required - flashing Chainfire's modified Verified boot signer zip to resign kernel (right after Magisk and before reboot).
The key generation and signing is based on Android source directions and Chainfire's thread about relocking bootloaders with custom roms. So, credit for that goes to him
THESE ARE INSTRUCTIONS FOR LINUX. I am sure there is a way to do the same on Windows
Preliminary steps:
Remember, if you are not on 5.1.5, you may have problems. For example, my own rom, Jaguar Oreo, requires 5.1.4 firmware. I did all the steps and everything worked, except that TWRP couldn't de-crypt. However, I went ahead and flashed 5.1.5 firmware and the rom is working fine. So, I re-did all the steps and now de-cryption works too. This may or may not be the case with your favorite rom, if it is not on 5.1.5.
1. Create a directory on your PC named, let's say, Bootkeys.
2. Get Chainfire's Bootsignature.jar from here: https://forum.xda-developers.com/attachment.php?attachmentid=4136392&d=1493804209 and VerifiedBootsigner.zip from here: https://forum.xda-developers.com/attachment.php?attachmentid=4164411&d=1496000476 and put both files in that newly created directory
3. Get your favorite TWRP (I use Blue_Spark) and put it also in that directory
4. Key Generation:
Run the following code one line at a time from PC terminal opened in your newly created directory. Skip the lines with "#" sign, these are for comments only.
Code:
# private key
openssl genrsa -f4 -out custom.pem 2048
openssl pkcs8 -in custom.pem -topk8 -outform DER -out custom.pk8 -nocrypt
# public key
openssl req -new -x509 -sha256 -key custom.pem -out custom.x509.pem
openssl x509 -outform DER -in custom.x509.pem -out custom.x509.der
You don't need to use pem files and can delete them after key generation.
5. Signing:
Rename your TWRP into recovery.img and run the following code one line at a time from the same terminal
Code:
java -jar BootSignature.jar /recovery recovery.img custom.pk8 custom.x509.der recovery_signed.img
java -jar BootSignature.jar -verify recovery_signed.img
Your recovery is signed (first command) and verified (second command - the output should be 'signature valid').
6. Open Verifiedbootsigner-v8.zip you downloaded from Chainfire's thread with your PC's archive manager (don't have to unzip it). Grab your newly generated keys custom.pk8 and custom.x509.der and put them into the opened zip. Make sure the files are there and close archive manager
7. Now back to the phone. Flash your newly signed 'recovery_signed.img' (not original 'recovery.img') to the phone via fastboot or in your existing TWRP. Reboot in your new recovery.
8. Now, format the phone - you have to type 'yes'; next, format separately system/cache/dalvik/data/SD. Reboot the phone into TWRP again.
9. Transfer your favorite Rom, No verity (only if your rom is force-encrypt) and Verifiedbootsigner to your SD card. Remember. You must be decrypted to relock. Locking bootloader on encrypted device will destroy encryption key. Once bootloader is locked and everything is working, you can encrypt.
10. Flash the rom, No verity (only if your rom is force-encrypt) and Verifiedbootsigner. Reboot and make sure you are NOT encrypted (in Settings/Security). (If encrypted, stop and return to step 8: you either haven't formatted to factory reset or your no verity didn't work).
Now, back to TWRP: most likely your data is gone, so, re-transfer the rom and and Verifiedbootsigner to internal SD
Now, you are ready for the FUN PART: re-locking:
11. Boot in fastboot and execute fastboot oem lock
12. Reboot. You will get a yellow warning: 'Your phone loaded a different operating system". The first boot may throw you into TWRP. Just reboot normally again
13. Now, you can do whatever you want, including Gapps and Magisk. Everything should operate normally. Just remember, every time after flashing Magisk/update/change rom, you MUST reflash Verifiedbootsigner, as the last step and before reboot, even if during flashing, the script tells you kernel is signed. Follow the script and press volume down to sign again

Screenshots

And you have already done it, right?
Sounds fun tbh, will try for sure.

Now, that I have locked bootloader on my Oneplus 5, and made sure that everything is working including encryption, I have disabled OEM unlock within developer settings. When I put the phone in fastboot and try 'fastboot oem unlock', I get a response 'FAILED (remote: Flashing Unlock is not allowed'. Since the bootloader is locked, no one can put another self-signed recovery or kernel via fastboot or otherwise, as it can only be done with unlocked bootloader. They can start the phone and get to my recovery, but data cannot be mounted and adb sideload wouldn't work either. They can try to press cancel at password prompt, but TWRP can't format unmounted data. The only way to proceed is to flash stock recovery via adb or full stock. In any event, my data is wiped.

Will this work if the phone is decrypted (using no verity)?

optimumpro said:
Now, that I have locked bootloader on my Oneplus 5, and made sure that everything is working including encryption, I have disabled OEM unlock within developer settings. When I put the phone in fastboot and try 'fastboot oem unlock', I get a response 'FAILED (remote: Flashing Unlock is not allowed'. Since the bootloader is locked, no one can put another self-signed recovery or kernel via fastboot or otherwise, as it can only be done with unlocked bootloader. They can start the phone and get to my recovery, but data cannot be mounted and adb sideload wouldn't work either. They can try to press cancel at password prompt, but TWRP can't format unmounted data. The only way to proceed is to flash stock recovery via adb or full stock. In any event, my data is wiped.
Click to expand...
Click to collapse
But in any case, the OEM unlock from dev option can be turned on, and then surely one can get through, right?
Also, did you go bootloader locked post encrypting, I mean is this the last step?
For my guidance, can you tell me, the sequence (number wise please), how to go encrypted?
Btw, any snapshot of bootloader failure?

obol2 said:
Will this work if the phone is decrypted (using no verity)?
Click to expand...
Click to collapse
I dont think, cause it is encrypted.

vdbhb59 said:
But in any case, the OEM unlock from dev option can be turned on, and then surely one can get through, right?
Also, did you go bootloader locked post encrypting, I mean is this the last step?
For my guidance, can you tell me, the sequence (number wise please), how to go encrypted?
Btw, any snapshot of bootloader failure?
Click to expand...
Click to collapse
obol2 said:
Will this work if the phone is decrypted (using no verity)?
Click to expand...
Click to collapse
Guys. Read 9-10 in the OP. Everything about encryption is there.

optimumpro said:
Guys. Read 9-10 in the OP. Everything about encryption is there.
Also, OEM option isn't available on custom roms. But you can modify build.prop for it to show up. Once everything is working, you can set oem unlock not allowed and remove the entry from build.prop.
Click to expand...
Click to collapse
Oops, my bad. I get your point.
Will try over the weekend. BTW, are you going for a release in the next 2-3 days? Then, I will clean flash once that is out.

vdbhb59 said:
Oops, my bad. I get your point.
Will try over the weekend. BTW, are you going for a release in the next 2-3 days? Then, I will clean flash once that is out.
Click to expand...
Click to collapse
I will update the rom once October security patches become available.

optimumpro said:
Screenshots
Click to expand...
Click to collapse
Thanks for the guide, I will try this when a new open beta comes out.
This might be really useful for those who have upgraded their devices from Widevine L3 to L1 by OnePlus, only to be disappointed that after unlocking the bootloader, L1 breaks.
One question tho, although right now I'm encrypted, I do not have that dialogue "To start Android, enter your password" with a black background when booting. Normally when I reboot, I get to my lockscreen with my wallpaper etc. and when I try to unlock the device, there's a small scrolling text saying "Unlock your device to access your apps..." or something around those lines. This seems like a bit different encryption than the one I have. Any clue on why's that? (fyi, I am 100% encrypted, TWRP asks me for my password to decrypt data)

david19au said:
Thanks for the guide, I will try this when a new open beta comes out.
This might be really useful for those who have upgraded their devices from Widevine L3 to L1 by OnePlus, only to be disappointed that after unlocking the bootloader, L1 breaks.
One question tho, although right now I'm encrypted, I do not have that dialogue "To start Android, enter your password" with a black background when booting. Normally when I reboot, I get to my lockscreen with my wallpaper etc. and when I try to unlock the device, there's a small scrolling text saying "Unlock your device to access your apps..." or something around those lines. This seems like a bit different encryption than the one I have. Any clue on why's that? (fyi, I am 100% encrypted, TWRP asks me for my password to decrypt data)
Click to expand...
Click to collapse
That's because you are encrypted with FBE. My rom has FDE, and it is not forced. So, if you are force-encrypted, you need to flash 'no verity', as stated in the guide. You must be de-crypted to relock. Then, if you want to be encrypted, reflash your rom without 'no verity'.

optimumpro said:
That's because you are encrypted with FBE. My rom has FDE, and it is not forced. So, if you are force-encrypted, you need to flash 'no verity', as stated in the guide. You must be de-crypted to relock. Then, if you want to be encrypted, reflash your rom without 'no verity'.
Click to expand...
Click to collapse
Ohh, I see. Thanks for the swift answer!
I have two more questions: if I want to update my recovery, I need to keep the generated keys and with those keys I need to sign the recovery.img again, right? And do you have any guides on generating the keys while on Windows? Or do I have to be on Linux to generate the keys using those commands?

david19au said:
Ohh, I see. Thanks for the swift answer!
I have two more questions: if I want to update my recovery, I need to keep the generated keys and with those keys I need to sign the recovery.img again, right? And do you have any guides on generating the keys while on Windows? Or do I have to be on Linux to generate the keys using those commands?
Click to expand...
Click to collapse
Every time another recovery or kernel are installed, you need to sign. Only kernel could be signed on the phone. Your keys are supposed to be on your PC.
Haven't been using Windows for 10 years. So, can't help you.

optimumpro said:
Every time another recovery or kernel are installed, you need to sign. Only kernel could be signed on the phone. Your keys are supposed to be on your PC.
Haven't been using Windows for 10 years. So, can't help you.
Click to expand...
Click to collapse
I have a Linux VM just in case this happens but maybe you should mention it in your thread as most users here use Windows.

Additional experience having a custom rom on locked bootloader:
It appears that nothing, not even stock kernel or recovery, could be flashed via fastboot, if 'oem unlock allowed' is unchecked in Developer's settings. I tried to flash stock recovery via fastboot and got a response: 'remote flashing is not allowed', and fastboot is remote flashing. So, the only access to the phone is TWRP and unless data is mounted (via entering password/pin), not much could be done there either.

optimumpro said:
Additional experience having a custom rom on locked bootloader:
It appears that nothing, not even stock kernel or recovery, could be flashed via fastboot, if 'oem unlock allowed' is unchecked in Developer's settings. I tried to flash stock recovery via fastboot and got a response: 'remote flashing is not allowed', and fastboot is remote flashing. So, the only access to the phone is TWRP and unless data is mounted (via entering password/pin), not much could be done there either.
Click to expand...
Click to collapse
So, the only way around is by OEM unlock checked? This is good. Fully encrypted and hope it does work, especially for me. I will do a clean flash tomorrow. Can you share in the other thread just for me the exact steps for going Encrypted?
Once more please..

vdbhb59 said:
So, the only way around is by OEM unlock checked? This is good. Fully encrypted and hope it does work, especially for me. I will do a clean flash tomorrow. Can you share in the other thread just for me the exact steps for going Encrypted?
Once more please..
Click to expand...
Click to collapse
So, were you able to encrypt on Jaguar?
Regarding locking bootloader: just remember, you have to be de-crypted when re-locking. Otherwise, encryption key will be automatically erased, and you will have to do everything from start.

optimumpro said:
So, were you able to encrypt on Jaguar?
Regarding locking bootloader: just remember, you have to be de-crypted when re-locking. Otherwise, encryption key will be automatically erased, and you will have to do everything from start.
Click to expand...
Click to collapse
Ohh, so in that case a bit confused. If I Encrypt Jaguar, then locking bootloader will be done how? Sorry if it is a stupid question.

vdbhb59 said:
Ohh, so in that case a bit confused. If I Encrypt Jaguar, then locking bootloader will be done how? Sorry if it is a stupid question.
Click to expand...
Click to collapse
Whatever rom you have, if you are encrypted (whether FDE or FBE), you must wipe encryption by doing factory reset in TWRP before re-locking. Otherwise, when you re-lock, your encryption key will be wiped, but encryption will stay, so, the phone will be useless. You can do encryption later, when you are successfully re-locked.

Question Help: your device is corrupted and cannot be trusted and will not boot

Situation:
I tried rooting my phone. I extracted the boot.img with payloaddumper from the latest android 11 Zenfone 8 image from the Asus website (the same version I have on my phone). I patched that image file with Magisk. Flashed that file to my phone with fastboot which succeeded. But after rebooting this is the message I get:
"Your device is corrupted and cannot be trusted and will not boot" and than a link to g.co/ABH
There is no option to "press power to continue" as seen on other screenshots of this problem on YouTube. So I am stuck. I cannot enter recovery. It tries to boot a few times but than stays at the "start" screen while booting.
What I tried to fix this:
Internet states that I have to disable DM check with: adb reboot "dm-verity enforcing". But ADB does not see my device. Fastboot does! So I tried flashing back the original/unpatched boot.img but the result stays the same.
Question:
What can I do to fix this? Also flash Vendor_boot.img? At this moment I rather not do too much but wait for advice/tips in this forum.
And a few "stupid" questions:
- When trying to root the method described here in this forum..... does the bootloader have to be unlocked? My is not.
- IF the bootloader has to be open.... I know I have to use an Asus tool.... but is there a way to do it with ADB/Fastboot?
- When it is necessary to flash my whole device.... is there a way to save my data? (for example flash trwp first and back up data to a thumbdrive)
Any help much appreciated!

>>does the bootloader have to be unlocked
Yes
>>but is there a way to do it with ADB/Fastboot?
No. Only to relock. Or at least I haven't seen such method.
>>When it is necessary to flash my whole device
What do you mean?
>>is there a way to save my data?
If you have root and mean apps data - Swift backup. For me it is failed to restore only few apps (banking + Signal messenger) all other apps are ok.

dron39 said:
>>does the bootloader have to be unlocked
Yes
Click to expand...
Click to collapse
Ok.... bummer..... the device was not unlocked....... So NOT being unlocked did not prevent the flashing I guess. And a locked bootloader is preventing disabling the DM check?
dron39 said:
>>When it is necessary to flash my whole device
What do you mean?
Click to expand...
Click to collapse
If undoing my flash/error (= no unlocked bootloader) is not possible. I have to do a complete reflash I guess. So that would wipe all data. I was wondering if I could flash only parts of the system so some partitions would be spared (so I could save some data..... or install TWRP and maybe save some data)
dron39 said:
>>is there a way to save my data?
If you have root and mean apps data - Swift backup. For me it is failed to restore only few apps (banking + Signal messenger) all other apps are ok.
Click to expand...
Click to collapse
Root was the goal. But that did not happen yet because of the locked bootloader as I understand it now. So no root = no backup/saving data?

If I download the last OTA update my phone recieved, extract boot.img from it and flash that to my phone with fastboot will that restore my phone to a bootable state? If not,what will?

Question How to lock/unlock bootloader without wiping!

Using the standard XIAOMI batch unlock tool, WHILE you click UNLOCK or after issuing
Code:
fastboot oem lock
,
keep volume down pressed!
Then from a shell, type:
Spoiler
fastboot -u continue

data will wipe, no other option till now.

Zibri said:
Using the standard XIAOMI batch unlock tool, WHILE you click UNLOCK or after issuing
Code:
fastboot oem lock
,
keep volume down pressed!
Then from a shell, type:
Spoiler
fastboot -u continue
Click to expand...
Click to collapse
Do you mean the Xiaomi Mi Unlock tool??, youre post is a bit vague, are you saying that i can unlock my bootloader without the data being wiped, thats awesome if thats the case

gotta try this next time

Zibri said:
Using the standard XIAOMI batch unlock tool, WHILE you click UNLOCK or after issuing
Code:
fastboot oem lock
,
keep volume down pressed!
Then from a shell, type:
Spoiler
fastboot -u continue
Click to expand...
Click to collapse
Hmm if you're saying we can re-lock the bootloader without wiping data then there might be a way to keep root and get the bootloader locked... Any videos on the correct setup?

BigChungus321 said:
Hmm if you're saying we can re-lock the bootloader without wiping data then there might be a way to keep root and get the bootloader locked... Any videos on the correct setup?
Click to expand...
Click to collapse
no.. you won't be able to boot an unmodified bootloader....
but you can keep the data partition at least... check something, then reunlock...

ashufftb said:
data will wipe, no other option till now.
Click to expand...
Click to collapse
NO. data won't wipe. but you won't be able to boot a tampered system.. all you will be able to do is to keep the data partition

Zibri said:
NO. data won't wipe. but you won't be able to boot a tampered system.. all you will be able to do is to keep the data partition
Click to expand...
Click to collapse
tampered system huh

Then whats the point if phone wont Boot?.
Its my understanding when you install a rom stock or not, the partition has to be formatted for it to encrypt the new install, so its not gonna boot anyway unless ya wipe data, defeats the purpose for me ha ha, i was hopeful i could unlock and boot back to wiui without having to reinstall lol.

gazza35 said:
Then whats the point if phone wont Boot?.
Its my understanding when you install a rom stock or not, the partition has to be formatted for it to encrypt the new install, so its not gonna boot anyway unless ya wipe data, defeats the purpose for me ha ha, i was hopeful i could unlock and boot back to wiui without having to reinstall lol.
Click to expand...
Click to collapse
Example:
you have a rooted phone with modified bootloader, recovery and everything...
you want to try out an original rom with original locks like in a freshly bought phone
but you don't want to lose applications and data.
Yoou reflash the stock rom without deleting the data partition, and you relock the bootloader. Usually doing so it wipes the data partition too...
It's just a way for testers and hackers to go back and forth without wiping anything.

Zibri said:
Example:
you have a rooted phone with modified bootloader, recovery and everything...
you want to try out an original rom with original locks like in a freshly bought phone
but you don't want to lose applications and data.
Yoou reflash the stock rom without deleting the data partition, and you relock the bootloader. Usually doing so it wipes the data partition too...
It's just a way for testers and hackers to go back and forth without wiping anything.
Click to expand...
Click to collapse
Nice find man, i get ya, and yer perfect for testing those roms out.