My last phone (Nexus 4) was stolen. My new device, the Nexus 6, as you all know comes with enhanced security measures, requiring authentication even after a factory reset. Now, I had grown accustomed to playing around with wiping, rooting, custom roms, kernels, radios, etc with my Nexus 4. Now that I have had my Nexus 6 for a bunch of months, I am starting to think about rooting my device (so I can install an SSH server and have my phone automatically open a tunnel back to my server). My only hesitation is turning the OEM unlocking switch to on. See, I am a big fan of the new security measures that require authentication after a device reset, and would much prefer to keep that feature enabled. I've searched around on Google and XDA, and I haven't been able to find any definitive answers on how unlocking the bootloader in order to root the device will affect these security mechanisms.
My understanding is this: in order to root the Nexus 6, you need to enable OEM unlocking, which allows flashing pretty much any image onto the phone. If any image can be flashed to the phone, this security mechanism can be circumvented.
Two questions:
1. (pretty sure the answer to this is no) Can I root my phone and prevent flashing of images that would circumvent the security feature
2. Will rooting my phone make it easier for an unknown party to gain access to the device via another route
Unlocking the bootloader really only allows you to flash unsigned images, and root provides you with the option to grant administrative access to applications.
Neither one of those has anything to do with encrypted data, or in any way makes encrypted data readable without the key.
The bootloader unlock will make it easier for a thief to wipe all the data on the device without reading it, so he can use the device or sell it as functioning... Even then, you may be able to factory reset an encrypted device without the key anyways... At which point I would think they could make a new key for the freshly wiped partition?
Anything that is going to run unauthorised code at root level is likely going to use other exploits to achieve root on their own, like users do to gain root on devices that are locked down. You having root access doesn't give the right for anything to run as root unless you approve it (or if someone managed to find some exploit in the version of supersu your running, but this is not likely... and if we are assuming any code may have holes in it you're not safe no matter what you do). It does give you the possibility of being tricked into running malicious code that is disguised as some utility... But that is a risk your going to take running any software that isn't from a stable corperation you can take legal action against. Trust who wrote the code or don't use it.
If in question number 1 "the security feature" is encryption, then yes having and unlocked bootloader means if someone takes your phone they can flash a kernel that does not force encryption, they would then have to format the userdata partition to encrypt the phone. Without luck, guessing the password, or discovering some amazing undocumented flaw in the encryption algorithm they will not being able to read your data with out having the key, or guessing it.
@scryan
If you have unlocked the bootloader and have installed a custom recovery (TWRP), are you able to see the list of files in the file manager of TWRP, if the device is encrypted?
Nikos2k said:
@scryan
If you have unlocked the bootloader and have installed a custom recovery (TWRP), are you able to see the list of files in the file manager of TWRP, if the device is encrypted?
Click to expand...
Click to collapse
Yes. Otherwise couldn't pick a file to flash. It actually only encrypts user data. Apps, zips ect are not encrypted or we couldn't pull and modify them.
prdog1 said:
Yes. Otherwise couldn't pick a file to flash. It actually only encrypts user data. Apps, zips ect are not encrypted or we couldn't pull and modify them.
Click to expand...
Click to collapse
the user data that are encrypted include files on the sdcard folder? (e.g. pdfs, images in DCIM folder etc)
i am asking because in my device in Settings -> Security -> Encryption it shows that it is encrypted, in TWRP however i can see all the files
Can i make the custom recovery to ask for the pin? do I have to enable PIN as a screen lock?
What happens if i use an unlock pattern or just swipe for unlock?
Nikos2k said:
the user data that are encrypted include files on the sdcard folder? (e.g. pdfs, images in DCIM folder etc)
i am asking because in my device in Settings -> Security -> Encryption it shows that it is encrypted, in TWRP however i can see all the files
Can i make the custom recovery to ask for the pin? do I have to enable PIN as a screen lock?
What happens if i use an unlock pattern or just swipe for unlock?
Click to expand...
Click to collapse
TWRP will use same pin as Device lock. Only thing I have seen if you use pinlock have to convert 5x5 to 4x4. There's a way to convert it located in this forum somewhere. Swipe to unlock has no pin so TWRP is open. Unlock pattern works also. Either pin or swipe has to be converted don't remember which. I run wide open encrypted so have never played with it.
prdog1 said:
TWRP will use same pin as Device lock. Only thing I have seen if you use pinlock have to convert 5x5 to 4x4. There's a way to convert it located in this forum somewhere.
Click to expand...
Click to collapse
By pinlock you mean the pattern screen lock?
I think it is 3 x 3, not 4x4 or 5x5
And since I use this pattern screen lock, which cannot be input in TWRP, this means that I have to disable it b4 I need to enter recovery?
This makes me a bit uncomfortable since I may need to enter recovery because of a problem with the system
Nikos2k said:
By pinlock you mean the pattern screen lock?
I think it is 3 x 3, not 4x4 or 5x5
And since I use this pattern screen lock, which cannot be input in TWRP, this means that I have to disable it b4 I need to enter recovery?
This makes me a bit uncomfortable since I may need to enter recovery because of a problem with the system
Click to expand...
Click to collapse
Start with this thread. It explains TWRP.
http://forum.xda-developers.com/nexus-6/help/twrp-2-8-5-0-password-help-t3046630
prdog1 said:
Start with this thread. It explains TWRP.
http://forum.xda-developers.com/nexus-6/help/twrp-2-8-5-0-password-help-t3046630
Click to expand...
Click to collapse
thank you it worked!
scryan said:
Unlocking the bootloader really only allows you to flash unsigned images, and root provides you with the option to grant administrative access to applications.
Neither one of those has anything to do with encrypted data, or in any way makes encrypted data readable without the key.
The bootloader unlock will make it easier for a thief to wipe all the data on the device without reading it, so he can use the device or sell it as functioning... Even then, you may be able to factory reset an encrypted device without the key anyways... At which point I would think they could make a new key for the freshly wiped partition?
Anything that is going to run unauthorised code at root level is likely going to use other exploits to achieve root on their own, like users do to gain root on devices that are locked down. You having root access doesn't give the right for anything to run as root unless you approve it (or if someone managed to find some exploit in the version of supersu your running, but this is not likely... and if we are assuming any code may have holes in it you're not safe no matter what you do). It does give you the possibility of being tricked into running malicious code that is disguised as some utility... But that is a risk your going to take running any software that isn't from a stable corperation you can take legal action against. Trust who wrote the code or don't use it.
If in question number 1 "the security feature" is encryption, then yes having and unlocked bootloader means if someone takes your phone they can flash a kernel that does not force encryption, they would then have to format the userdata partition to encrypt the phone. Without luck, guessing the password, or discovering some amazing undocumented flaw in the encryption algorithm they will not being able to read your data with out having the key, or guessing it.
Click to expand...
Click to collapse
Ok, so for encryption, "Allow OEM Unlocking" allows flashing of unsigned images (such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
quickdry21 said:
Ok, so for encryption, "Allow OEM Unlocking"
encryption and oem unlock ar 2 entirely different things
allows flashing of unsigned images
allows you to unlock the boottloader, which allows you to flash unsigned img's. the setting itself does nothing but enable the ability. to unlock
(such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
yes
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
i think if someone were to completely wipe the phone, use a different gmail and sim, the google protection would be gone, but i could be wrong. im not positive on that one.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
some extremely savvy person "may" be able to make a rom without the google protection, but i have never seen it tried.it may be a core feature that cant be removed.
i really wouldnt worry about that. the likelihood that someone would steal or find your device and have the skills to do all you asked above, is very remote.
Click to expand...
Click to collapse
in red above.
bweN diorD said:
in red above.
Click to expand...
Click to collapse
protection will be gone if you flash android 5.0.1. if you wipe and flash android 5.1.1, the protection will still be there and will ask for your password first.
bweN diorD said:
in red above.
Click to expand...
Click to collapse
Thanks, that does seem to make sense.
I know this comes across as overly paranoid, but I ask also because I'm a curious developer. I'm interested in understanding how android's insides work in general as well as how the new device protection fits in with rooting, custom roms, unlocking the bootloader, etc. (just how well does it prevent unauthorized use of devices)
Interesting, that says to me there is a relatively easy way to get around the reset protection if a phone has an unlocked bootloader. Albeit, relatively easy is relative.
quickdry21 said:
Interesting, that says to me there is a relatively easy way to get around the reset protection if a phone has an unlocked bootloader. Albeit, relatively easy is relative.
Click to expand...
Click to collapse
easy, yes, for one of us. but for a typical user, very hard. anyways, i dont like letting out the secret of how to bypass it, so keep it quiet please
simms22 said:
easy, yes, for one of us. but for a typical user, very hard. anyways, i dont like letting out the secret of how to bypass it, so keep it quiet please
Click to expand...
Click to collapse
Yes, agreed. I'm going to edit out that quote.
quickdry21 said:
Ok, so for encryption, "Allow OEM Unlocking" allows flashing of unsigned images (such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
Click to expand...
Click to collapse
Maybe someone could figure out something?
But if your device is wiped, and basically all the partitions are re-written.... Where do you want to store the last google account information to check against?
No one is going to plan on stealing your phone, ask you if the bootloader is unlocked, then decide not to if they say no. None of the security really prevents your phone from being stolen. Nothing just looking at your phone lets a would be thief know that its encrypted and not unlocked...
The encryption and locked bootloader will not prevent your phone from being stolen. The encryption will protect your data, and the locked booloader will make it harder to reset the device (though does factory recovery have a factory reset option? I would think this would allow the device to be wiped and encryption key to be reset anyways?)
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
Click to expand...
Click to collapse
What? You keep talking about this single security device? What are you talking about?
Do you mean encryption?
encryption is just how the data is stored on the device.
Say you have the word "Duck"
And we want to store that word in a safe way. As a VERY VERY basic method, we will encrypt this by shifting each letter of the alphabet a certain number of letters. This number will be something YOU give, so that others do not know how many letters we have shifted over.
So lets say you give us "5" as your key.
so the alphabet
abcdefghijklmnopqrstuvwxyz we will shift 5 letters over, starting on the fifth letter and wrapping around...
fghijklmnopqrstuvwxyzabcde so each letter matches up with a new letter.
D is the 4th letter of the alphabet, so we will use the 4th letter of of shifted alphabet, i
u is the 21st letter of the alphabet so we will use the 21st letter of our shifted alphabet, z
ect, ect... so Duck becomes Izho, and with out knowing how many letters to shift over, know one will know what that means (ok, obviously due to the simplicity of our encryption algorithm, anyone who is smart and cares can likely try different numbers until the output is a coherent word. the actual method of encryption is significantly more complex, and the key is more then one characters
See here for more intellegent details: https://wiki.archlinux.org/index.php/Disk_encryption#How_the_encryption_works
quickdry21 said:
Yes, agreed. I'm going to edit out that quote.
Click to expand...
Click to collapse
na, it ok, you can leave it here. that way if someone really needs to, theyll find the answer here. just dont go around spreading it around i meant
scryan said:
Maybe someone could figure out something?
But if your device is wiped, and basically all the partitions are re-written.... Where do you want to store the last google account information to check against?
No one is going to plan on stealing your phone, ask you if the bootloader is unlocked, then decide not to if they say no. None of the security really prevents your phone from being stolen. Nothing just looking at your phone lets a would be thief know that its encrypted and not unlocked...
The encryption and locked bootloader will not prevent your phone from being stolen. The encryption will protect your data, and the locked booloader will make it harder to reset the device (though does factory recovery have a factory reset option? I would think this would allow the device to be wiped and encryption key to be reset anyways?)
Click to expand...
Click to collapse
I'm not expecting this "Device Protection" feature to prevent my phone from being stolen, I'm more interested in the **** you aspect to someone who tries, and maybe them returning it to me for some money.
scryan said:
What? You keep talking about this single security device? What are you talking about?
Do you mean encryption?
Click to expand...
Click to collapse
I'm not sure if you are aware, but with the release of 5.1, there is a new security feature (think it's called Device Protection, but that seems to encompass some other things) that requires you to login to the last Google account attached to the phone after a factory reset (whether done from the settings UI, or from recovery mode). If you are unable to login to a Google account that was attached to the phone, the phone becomes worthless (there have been some posts on xda about people "acquiring" a Nexus 6 and being unable to use it), some details here: https://support.google.com/nexus/answer/6172890
A quote from that link sums it up:
Important: You can enter information for any Google account that has been added to the device. If you can't provide this information during the setup process, you won't be able to use the device at all after the factory reset.
Click to expand...
Click to collapse
Now, this security feature is only available on new phones that are released with 5.1 (with the exception of the newest round of Nexus devices, which received it with the update to 5.1). This leads me to believe that some aspect is baked into the device. Separate encrypted partition maybe? Part of the bootloader software? I don't know, that's what I'm curious about.
scryan said:
encryption is just how the data is stored on the device.
Say you have the word "Duck"
And we want to store that word in a safe way. As a VERY VERY basic method, we will encrypt this by shifting each letter of the alphabet a certain number of letters. This number will be something YOU give, so that others do not know how many letters we have shifted over.
So lets say you give us "5" as your key.
so the alphabet
abcdefghijklmnopqrstuvwxyz we will shift 5 letters over, starting on the fifth letter and wrapping around...
fghijklmnopqrstuvwxyzabcde so each letter matches up with a new letter.
D is the 4th letter of the alphabet, so we will use the 4th letter of of shifted alphabet, i
u is the 21st letter of the alphabet so we will use the 21st letter of our shifted alphabet, z
ect, ect... so Duck becomes Izho, and with out knowing how many letters to shift over, know one will know what that means (ok, obviously due to the simplicity of our encryption algorithm, anyone who is smart and cares can likely try different numbers until the output is a coherent word. the actual method of encryption is significantly more complex, and the key is more then one characters
See here for more intellegent details: https://wiki.archlinux.org/index.php/Disk_encryption#How_the_encryption_works
Click to expand...
Click to collapse
Yes, I was not very clear in my original post about what security feature I was inquiring about. I'm aware of what encryption is. Part of the reason I am interested in rooting my phone is to reverse tunnel a SSH server on the phone, or possibly netcat, via SSH to my server, so I will be able to open up a shell on my phone from anywhere I desire.
Ahh yes, apologies, was unaware they implemented that feature. A bit dense this morning.
I would imagine unlocked bootloader/custom recovery would DEFINITELY negate this feature.
No one gonna give your phone back, particularly after you use this as a "**** you" While its just IMO, its better to enjoy your phone now. Screwing yourself out of features only to attempt to limit the phone once you don't have anything to do with it anymore does not seem to be particularly productive.
Related
Good morning droids,
I was looking around for info on the "phone storage encryption" option which requires a PIN when the phone is first powered on. This sounds nice conseridering the amount of information contained on our devices these days.
I think this is a stock HTC feature but I wasn't finding much in other forums. I'm currently running viper rom which has me wondering a few things:
Where in the boot process does it prompt for decrypt? Would you still be able to mount images from storage-- like does it prompt before the bootloader starts? would you still be able to use/nandroid/mount roms in a custom bootloader? Are there any recovery options? if it all goes to hell would I still beable to flash back to stock? Can encryption be undone after? My main concern has to do with when in the boot the storage is decrypted and how it affects the use/flashing of roms.
With all these questions I think the resounding common sense answer is "its just not worth the potential fallout." but I'll ask anyway...
Thoughts?
CarbolDroid said:
Good morning droids,
I was looking around for info on the "phone storage encryption" option which requires a PIN when the phone is first powered on. This sounds nice conseridering the amount of information contained on our devices these days.
I think this is a stock HTC feature but I wasn't finding much in other forums. I'm currently running viper rom which has me wondering a few things:
Where in the boot process does it prompt for decrypt? Would you still be able to mount images from storage-- like does it prompt before the bootloader starts? would you still be able to use/nandroid/mount roms in a custom bootloader? Are there any recovery options? if it all goes to hell would I still beable to flash back to stock? Can encryption be undone after? My main concern has to do with when in the boot the storage is decrypted and how it affects the use/flashing of roms.
With all these questions I think the resounding common sense answer is "its just not worth the potential fallout." but I'll ask anyway...
Thoughts?
Click to expand...
Click to collapse
I don't believe that recoveries are able to update a phone with an encrypted data partition unless you're using stock. I do believe you can flash back to stock if something goes wrong, although you would certainly have to format /data to get back into it. However, the actual login process (if I remember correctly, it's been a while) is that the bootloader starts you in a "dummy" environment of sorts that just asks you for your password. If it checks out, the system reboots, passing that key on to the "real" operating system which decrypts the data volume.
I'd echo though that it's really not something you should fool around with.
As we know google is going to pre enable the Data encryption on Android L and we already have it as an optional extra security ..
So before anyone rushes to enable it to feel more Secured . First let's learn about it ..
As this option is available in Security .
If you enable it you have to enter password/PIN(compulsory) ..
80% minimum battery + plugged in for charging is necessary .
Once the encryption starts it will take about 15 minutes to complete the process ..
Once it's complete , it will automatically reboot the phone . booting will be in 2 stages.. On first stage it will ask for password/PIN to decrypt the phone/phone storage
And then the second boot process will be the normal one ..
And now comes the warning part ..
Once you encrypt the data , you have to decrypt it on every boot and you can't disable this .. You have to factory reset the phone to remove this .
And here at XDA we flash mods and zips etc almost every day/week ..
So if you encrypt your phone and then you flash anything via bootloader ..IT WILL FORMAT EVERYTHING ..(including internal storage, basically factory reset)
So if you are an advanced user with custom rom/recovery etc i suggest you to first do a complete backup If you really want to try the data encryption .
So i hope this information be helpful for those who are unaware and don't know what can happen , and i suggest you to read about it before you enable it ..
For most of us, we already know that encryption causes issues, always. Maybe not immediately, but always at some point.
Its the new people that go "oh encryption, sounds good, must use", when they don't have any data that's actually important enough to justify the need for encryption.
Lethargy said:
For most of us, we already know that encryption causes issues, always. Maybe not immediately, but always at some point.
Its the new people that go "oh encryption, sounds good, must use", when they don't have any data that's actually important enough to justify the need for encryption.
Click to expand...
Click to collapse
That's why i created a new thread specially for those who are inexperienced .
Not everyone are born developers/pro
Everyone learns with making mistakes
And our Job is to help them at XDA .
IMO this is what XDA is for at the first place ..
I'll rely on custom ROMs as always, that certainly have it disabled by default.
I think it's insane google would try to force this on us. Shame on them. ?
How does android L handle staying unlocked in trusted areas if encryption is enabled?
Despite the warning, we will see how the encryption will work in Android L. It might not be the same process as described from Kitkat/JB of encryption.
Who know if the process of encryption will be changed in Android L, so that you don't have to do each step to encrypt/decry pt and the flashing/modding issues.
I see many bricks coming from this as well, from unknowing flashers.
inferol said:
Despite the warning, we will see how the encryption will work in Android L. It might not be the same process as described from Kitkat/JB of encryption.
Who know if the process of encryption will be changed in Android L, so that you don't have to do each step to encrypt/decry pt and the flashing/modding issues.
Click to expand...
Click to collapse
Probably they are going to change the way it works .. , because they haven't updated it since it first came out with ICS ..
The inability to use pattern lock is enough to turn me off Android encryption. All the other problems just makes it a no brainer.
May be they have overcome these issues and thus made it default....
I find no sense in making some hectic procedure as default
wow. wonder who will have access to the encryption keys.. or more likely supplied the encryption technique in the first place?
cough... nsa, feds, gchq, ect...... cough
don't believe the security services fake crying about encrytion... just a fairy story to pacify the sheep
meangreenie said:
wow. wonder who will have access to the encryption keys.. or more likely supplied the encryption technique in the first place?
cough... nsa, feds, gchq, ect...... cough
don't believe the security services fake crying about encrytion... just a fairy story to pacify the sheep
Click to expand...
Click to collapse
When NSA forced TrueCrypt to hand over their keys, they essentially and purposely updated their product to be broken to ensure no one used it. Wonder what Google would do?
Sent from my Nexus 5 using Tapatalk
Wakamatsu said:
The inability to use pattern lock is enough to turn me off Android encryption. All the other problems just makes it a no brainer.
Click to expand...
Click to collapse
You can't do it out of the box, but you can make it work fairly easy with twrp and a backup. The quick version is:
before encryption, setup your pattern lock, do a nandroid backup in twrp. Reboot, change to a PIN/password to allow encryption, perform encryption process. Boot back into twrp, it will prompt you to enter your pin/password, since it can decrypt and then function inside of the encrypted volume (and therefore restore an unencrypted backup inside of the encrypted envelope in essence). Restore your backup that has pattern unlock and reboot. It should prompt you for your strong pin/password on each initial boot, but once booted, it will use your pattern unlock. Downside is you can't change your pattern after that, so pick what you want the first time. You can change your pin/password if you want, I use EncPassChanger myself. I also use bootunlocker to relock the bootloader after I'm done, just have to make sure to unlock before flashing any updates.
I use this process on both my N5 and 2013 N7.
rootSU said:
When NSA forced TrueCrypt to hand over their keys, they essentially and purposely updated their product to be broken to ensure no one used it. Wonder what Google would do?
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Source for this?
markassbuster said:
Source for this?
Click to expand...
Click to collapse
Action speaks louder than words sometimes all u need is to observe
markassbuster said:
Source for this?
Click to expand...
Click to collapse
They can't really openly say that buy the industry "knows".
But the opening paragraph of this page hints at it.
http://truecrypt.sourceforge.net
rootSU said:
They can't really openly say that buy the industry "knows".
But the opening paragraph of this page hints at it.
http://truecrypt.sourceforge.net
Click to expand...
Click to collapse
AH OK thanks. I thought there was some recent, concrete news about what went down.
Thing is, now what will we gotta do to still be able to flash zips with encrypted device? XD
So I recently encrypted my phone....because I read it only encrypts the data partition...so if I wanted to update my CM11 version (m9 to m10 for example) I wouldn't be able to?
I should have read into it more I guess...
edit: TWRP saved my ass. Just looked at it and it decrypts the data partition.
I encrypted my phone, but now wish I hadn't. I'm pretty sure it is the cause of some small issues I have had flashing different ROMs.
fml :crying:
I have an ATT S5 (SM-G900A), completely stock, unrooted, updated to the latest 5.0 OTA update. My requirements for my phone are that it be able to pass Airwatch checks and that it be able to be encrypted (Personal device used at work). Some background first:
Last time I tried to play around with rooting, other mods, and whatnot was on my ATT S3 (I think I747?) and I discovered that an unspecified combination of rooting, installing a custom loader (CWM in my case) and installing a custom mod (Cyanogenmod at the time) made my phone unable to encrypt. At the time I was not required to use Airwatch, but encryption was required for my phone to connect to work, so I gave up on the whole lot.
I have now discovered that ATT, in their infinite wisdom, has replaced the S Voice drive mode with their own "ATT Drive Mode", and it's been verified they went so far as to remove the related APKs from the phone entirely. For those unaware, S Voice Drive mode is an feature of S Voice that (when turned on) reads out all callers and text messages, and then verbally prompts you for actions; reply, answer, ignore, etc. It allows fully hands free functionality. ATT Drive Mode, on the other hand, automatically kicks in whenever speeds of 20 MPH are detected (even if you're a passenger), rejects all calls and texts excluding a user-defined 5 person list, and essentially makes your phone useless anytime you're in a car. The goal is to "reduce texting and distracted driving", but as I'm on-call as part of my job and need to at least be aware of texts that come in within 10 minutes of receipt, it actually makes my drive much more dangerous. ATT Drive mode is a good idea for teens, perhaps, but i'm not a teen.
This brings me to my question: What are my options?
--Does rooting break my ability to encrypt? I know airwatch will flag, but I'm thinking there's a possibility of being able to root, put a custom loader on my phone, and then restore stock with that custom loader, whereupon I can try to install the drive mode APK...which leads me to my next question:
--Does having a custom loader (like safestrap or CWM or whatever is in use nowadays) break my ability to encrypt?
--Does anyone know of a way to install the S Voice drive mode in the G900A? I tried searching, but the only references involved being rooted, or ended with something vague like "download a stock rom and find the apk using root explorer" as the solution (which is vague to me because I don't know which stock rom to use, what apk to look for, and last time I used root explorer on my s3, it needed root...)
Honestly, the ideal solution would be something like the stock rom from the international version that would run on my ATT version...but I don't know if such a thing exists or is possible. I don't mind Samsung's cruft, but I do dislike ATT's lobotomizing of my phone to push their own little product that treats me like a kid. I know that I am less safe as a driver without the S Voice drive mode than I was with it.
I take it I have no options? And that no one knows how rooting affects encryption?
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
sheaiden said:
I take it I have no options? And that no one knows how rooting affects encryption?
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
Click to expand...
Click to collapse
I will make it easy for you. Since you took the 5.0 OTA update rooting is not possible anymore. Also there is no way to downgrade to KitKat which was rootable. Sorry. Not much you can do until someone finds a way to root 5.0. If you find the S Voice Drive app, you can side load it and see if it works.
Waiting4MyAndroid said:
I will make it easy for you. Since you took the 5.0 OTA update rooting is not possible anymore. Also there is no way to downgrade to KitKat which was rootable. Sorry. Not much you can do until someone finds a way to root 5.0. If you find the S Voice Drive app, you can side load it and see if it works.
Click to expand...
Click to collapse
Actually, while I greatly appreciate the fact that you took the time to reply (seriously! at least you took the time!), this is neither easy nor related to the questions I asked. If you look at my post, I'm not asking "how can I root", I'm asking three rather different questions:
--Does rooting break my ability to encrypt? I know airwatch will flag, but I'm thinking there's a possibility of being able to root, put a custom loader on my phone, and then restore stock with that custom loader, whereupon I can try to install the drive mode APK...which leads me to my next question:
--Does having a custom loader (like safestrap or CWM or whatever is in use nowadays) break my ability to encrypt?
--Does anyone know of a way to install the S Voice drive mode in the G900A? I tried searching, but the only references involved being rooted, or ended with something vague like "download a stock rom and find the apk using root explorer" as the solution (which is vague to me because I don't know which stock rom to use, what apk to look for, and last time I used root explorer on my s3, it needed root...)
In fact, I am unable to remain rooted (Airwatch; it's part of the post title), and the whole point and thrust of my question lies in the fact that I am looking to find out what affects encryption and what options I have as far as getting S Voice Drive mode on my phone while staying Airwatch compliant (not rooted). In addition, "if you can find the s voice drive app" is part of the problem too, as evidenced by the third question I asked above; I don't know where to find said app.
Does anyone know anything regarding what I was actually asking?
Everything that you want to do requires ROOT! Safstrap needs root, CWM will brick you phone since the bootloader is locked. Again, there is no way as of now to root the S5 with 5.0 att OTA.
Here is the link to download the GS4 S Voice app. You can try and side load it,
https://www.dropbox.com/s/oe7i2g81iuhjv38/S-Voice_Android_phone_J.apk?dl=0
Waiting4MyAndroid said:
Everything that you want to do requires ROOT! Safstrap needs root, CWM will brick you phone since the bootloader is locked. Again, there is no way as of now to root the S5 with 5.0 att OTA.
Here is the link to download the GS4 S Voice app. You can try and side load it,
Click to expand...
Click to collapse
Awesome, I'll start with that sideloading, and test it out. Thanks! As far as the rest, I suppose that does clarify some things (that I admittedly already knew), so I do appreciate it, but it still does leave the answers to the other questions. I can infer, of course, that the answer to whether having a custom bootloader on the Galaxy S5 breaks encryption will be dependent on whether root breaks the encryption, since as you pointed out custom bootloaders need root to install, but the fantasy I entertained for a little while was rooting when there's a method (hope springs eternal, so I'm hoping it will eventually be possible), installing a custom bootloader so I can do things like backups and sideload, getting the proper apk's installed for the drive app, and then unrooting it so I can connect it via airwatch to my work's network. Perhaps I should have marked this as a solidly theoretical question, since as you said, there currently exists no root. I just want to know, with the unique way that Samsung implemented Knox and the encryption on the S5, what will break encryption and what won't?
Of course, there is a side question brought up by all this...how possible is it to load another firmware on my phone? as in, use Odin to put the tmobile image on my phone. That is likely a bad example, since I'm fairly certain there are actual hardware differences between the ATT and the tmobile models, but the concept still stands. At what level are the hardware configurations different between phone companies?
sheaiden said:
Awesome, I'll start with that sideloading, and test it out. Thanks! As far as the rest, I suppose that does clarify some things (that I admittedly already knew), so I do appreciate it, but it still does leave the answers to the other questions. I can infer, of course, that the answer to whether having a custom bootloader on the Galaxy S5 breaks encryption will be dependent on whether root breaks the encryption, since as you pointed out custom bootloaders need root to install, but the fantasy I entertained for a little while was rooting when there's a method (hope springs eternal, so I'm hoping it will eventually be possible), installing a custom bootloader so I can do things like backups and sideload, getting the proper apk's installed for the drive app, and then unrooting it so I can connect it via airwatch to my work's network. Perhaps I should have marked this as a solidly theoretical question, since as you said, there currently exists no root. I just want to know, with the unique way that Samsung implemented Knox and the encryption on the S5, what will break encryption and what won't?
Of course, there is a side question brought up by all this...how possible is it to load another firmware on my phone? as in, use Odin to put the tmobile image on my phone. That is likely a bad example, since I'm fairly certain there are actual hardware differences between the ATT and the tmobile models, but the concept still stands. At what level are the hardware configurations different between phone companies?
Click to expand...
Click to collapse
You will not be able to change your bootloader period... At this point the locked bootloader is unbreakable. That leads to your next question about tmobile and that's a no as well due to the locked down bootloader.
Even with root you won't be able to do anything you've suggested due to the locked bootloader.
OPOfreak said:
You will not be able to change your bootloader period... At this point the locked bootloader is unbreakable. That leads to your next question about tmobile and that's a no as well due to the locked down bootloader.
Even with root you won't be able to do anything you've suggested due to the locked bootloader.
Click to expand...
Click to collapse
Interesting. I had been under the impression that I had seen people referring to installing clockworkmod or some similar thing on an S5, but I think I may be getting caught up in terminology; those are recoveries, aren't they? not bootloaders? Or perhaps people were posting about the other S5s with unlocked bootloaders. 15 different versions of S5, and I get stuck with the most apple-like of all the carriers....(in the sense of "you take what we give you and don't play with it!")
So, assuming I don't manage to get it installed via the link Waiting4MyAndroid was kind enough to post, I think that rules out anything other than the method of:
--wait for a root method to be established for the new OTA
--root, install the drive apk
--unroot, so I can encrypt and pass airwatch
Does anyone know if the old method of rooting broke encryption? and whether encryption was able to be performed after unrooting again?
Edit: Attempted to Sideload. Sadly, it is telling me "App not installed" (other sideloads do work; it's not the unknown sources setting). I'm thinking either the apk is marked for s4, and it's not compatible, or it's trying to overwrite files from the established svoice system, and that's not allowed. I suppose if someone has the drive apks from a tmobile S5 image or some such thing (same model, different carrier), then I could try again, but unfortunately this apk doesn't work. Thanks for the attempt, Waiting4MyAndroid!
Simply put I want to Lock my bootloader and recovery even disabling recovery would be fine.
I'm basically asking if this is possible although I understand there are so to speak 1337 methods to bypass the Security measures I'm concerned with.
It's just most people's first approach to a phone they just found/stole is factory reset where frp would kick in, with the unlocked bootloader that would be easy af to bypass. *Not to mention frp bypass methods that are public
My goal is to set up my phone with the latest release of Pure Nexus + root and Latest TWRP, from there Lock the bootloader and then secure TWRP IE recover with a return to owner for reward with contact info.
Basically disabling/locking recovery with a return to owner screen and locking the bootloader as basic deterrent's for any common / petty their or anyone looking to upgrade to the phone they just found if you catch my drift.
-Also it would be nice to feel a little more secure with all these extra features PureNexus offers although I get that Android Security is fundamentally flawed these are just deterrents, also I'd be stoked to see this on a device I come across.
*Wouldn't hesitate to up call the owner of a phone that properly configured, although I know I could bypass it just a respect thing for me. :3
You can lock the bootloader, but it can simply be unlocked again. The only way to ensure it can't be unlocked is to encrypt it, and no Nexus device has an encrypted bootloader. Recovery cannot be disabled, though you could flash a non-working recovery image to the recovery partition. In that case however, simply unlocking the bootloader would allow someone to flash a recovery image to the device.
Your goals are laudable, but you're wasting your time here. To accomplish your end goal requires a device with an encrypted bootloader, which means you want something that isn't a Nexus and is sold through AT&T or Verizon. Both carriers encrypt the bootloader so you can't unlock it.
So basically because the bootloader cannot be secured my efforts would be in vain, are we sure I can't simply relock the bootloader in the same fashion that the stock rom is shipped out.
IE I remember having to OEM unlock in order to flash a custom recovery, with that being said after flashing a disabled recovery is it not possible to then re enable OEM lock somehow even with Pure Nexus running.
*Perhaps even only with the stock rom?
I'll make this as plain as I can. The only way to secure the bootloader is to encrypt it. Locking the bootloader and resetting the OEM Unlocking toggle in Developer Options won't help since any potential thief can simply unlock the bootloader. If you want to improve security, set a pin, pattern lock, or password after you mess around with locking the bootloader and setting the OEM Unlock toggle to off (if possible).
Simply disabling the ome toggle in developer setting doesn't relock the bootloader so would you say it's safe to run "fastboot oem lock" with Pure Nexus installed wipe data and then disable the oem toggle?
If that works wouldn't it be True to say I would need re enable the oem toggle and then "fastboot oem unlock" if I ever intended to replace the disabled recovery.
I really just wanted to shoot in the dark, although I don't want to brick my Nexus 6. Also sorry for a better lack of information on my part I don't mean to be a hassle.
JmakeITlookEZY said:
Simply disabling the ome toggle in developer setting doesn't relock the bootloader so would you say it's safe to run "fastboot oem lock" with Pure Nexus installed wipe data and then disable the oem toggle?
If that works wouldn't it be True to say I would need re enable the oem toggle and then "fastboot oem unlock" if I ever intended to replace the disabled recovery.
I really just wanted to shoot in the dark, although I don't want to brick my Nexus 6. Also sorry for a better lack of information on my part I don't mean to be a hassle.
Click to expand...
Click to collapse
Never lock the bootloader when running a.custom ROM... Bad very bad idea
rignfool said:
Never lock the bootloader when running a.custom ROM... Bad very bad idea
Click to expand...
Click to collapse
Worth asking why?
As in is this a goal worth pursuing IE a custom or unofficial build that supports such functionality.
Possibly already done: http://android.stackexchange.com/qu...4-7-bootloader-after-flashing-a-non-stock-rom
JmakeITlookEZY said:
Worth asking why?
As in is this a goal worth pursuing IE a custom or unofficial build that supports such functionality.
Click to expand...
Click to collapse
Because...
Stock ROMs are tested and tested for compatibility... To make sure you don't wind up in a bootloop (unless you have an LG)
Custom ROMs... Are not... No matter beans best intentions... He's no OEM...
You wind up in a bootloop for whatever reason... And a factory reset doesn't fix it... You're done... You have a paperweight...
So proceed as pleased, if I feel risky or got an extra Shamu I'll shoot in the dark and post the results. :3
More info:
What the consequences are really depends on your device. Most devices enable signature-verification for the boot partition (kernel) which prevents you from booting any kernels not signed by device manufacturer (unless you exploit some security breaches like 2nd boot). They also disallow you to flash any partition via 'fastboot flash' command, but not on all devices.
So no, you are not okay with relocking your phone: If you use custom firmware, you typically use a custom kernel and in this case, re-locking your bootloader via 'fastboot oem lock' will put your device in a state where it will not boot anymore! Be careful with that.
Info source: http://android.stackexchange.com/users/89475/kuleszdl
Idea: Disable signature-verification?
Note: Everyone thinks it will brick no one has said it happened, very strong possibility signature-verification is enabled. ?
are you an secret agent or something?
why the extreme paranoia about having this phone?
wase4711 said:
are you an secret agent or something?
why the extreme paranoia about having this phone?
Click to expand...
Click to collapse
I agree.
@JmakeITlookEZY, Basically, if your trying to say they want to give someone a phone that cannot be unlocked after locking it, then this isn't the device for you. There is an 'OEM Unlock' to prevent this but to hide this setting, would have no idea . And if you lock the bootloader and then someone wants to unlock it, it has to wipe the device.
Just have to live with the fact if someone wants to try and unlock the device, it's gonna get wiped no matter what. I'm no security expert but if you're worried something is going to happen to your phone, then you shouldn't be using it.
And if your really concerned, using a screen lock will prevent users from going into the recovery or booting the device anyways.
Gysper said:
?
Click to expand...
Click to collapse
It would be nice to feel confident enough to leave my device lying around or even lose it and know that it will either be returned or discarded.
I believe that level of security should be an option, not to mention have the ability to do it to begin with.
JmakeITlookEZY said:
It would be nice to feel confident enough to leave my device lying around or even lose it and know that it will either be returned or discarded.
I believe that level of security should be an option, not to mention have the ability to do it to begin with.
Click to expand...
Click to collapse
Yeah its called GPS
google Android Device Manager and use the locate device. You can even lock it if lost and erase all data.
Gysper said:
?
Click to expand...
Click to collapse
Not really a concern, if someone decided to keep the device the first step would be turn it off.
*More than likely reset from there epically considering encrypting the device would be a given.
JmakeITlookEZY said:
Not really a concern, if someone decided to keep the device the first step would be turn it off.
*More than likely reset from there epically considering encrypting the device would be a given.
Click to expand...
Click to collapse
Buy a tracking device and hack the phone. Problem solved
Gysper said:
?
Click to expand...
Click to collapse
Care to elaborate "tracking device" & "hack the phone" just dosen't seem to be what I'm shooting for.
JmakeITlookEZY said:
Care to elaborate "tracking device" & "hack the phone" just dosen't seem to be what I'm shooting for.
Click to expand...
Click to collapse
So you don't work for the CIA...
Let's be real, if you have no trust when something gets lost, then you don't deserve it. Should do your research and check out how to prevent something if it get's lost: http://www.apartmenttherapy.com/what-really-happens-when-a-smartphone-is-lost-195321
This is not a suicide hotline thread, if you're scared about losing something and not getting it returned, then I have to say you have a serious episode of OCD. Don't be that guy and learn to live with the consequences.
Gysper said:
?
Click to expand...
Click to collapse
Just to be Frank this is about information and general purpose security how you perceive it, is whatever.
*Also to address the "you don't deserve it" my concerns are the opposite it's not that I don't deserve it, more the other way around.
Update: Found more information that pretty much sums up what I hope to accomplish aswell as the implications.
Source: http://www.androidpolice.com/2011/0...ncryption-signing-and-locking-let-me-explain/
Update,
May be possible via: https://forum.xda-developers.com/an...signing-boot-images-android-verified-t3600606
Totally stock pixel 5. Tried to sideload 12, and due to crappy instructions on XDA, that failed to mention the need to do the OEM unlock step, I ended up with a ADB sideload flash that failed at 94% and resulted in a empty A partition and a phone that failed to boot, so it switched to the backup system partition.
I'm now booted on the B partition (Android 11).
How can I fix my phone, so it's got 2 good system partitions?
Enable OEM unlocking, unlock bootloader, then use the Android Flash Tool to flash 12 Beta 5. Wiping /data shouldn't be necessary; however, if this fails and you have to force flash all partitions, a /data wipe will be required.
I highly recommend you keep the bootloader unlocked while using beta firmware, because it makes it a LOT easier to downgrade back to production firmware.
If you intend to root, don't forget to disable dm-verity and vbmeta-verification.
Detailed instructions on using the Android Flash Tool
Tip: When you get to the step of selecting which build to flash to your device, click the pencil icon to change options. Make sure you leave Relock Bootloader unchecked,
V0latyle said:
Wiping /data shouldn't be necessary
Click to expand...
Click to collapse
But unlocking the bootloader will wipe the phone.....
EDIT: I'm assuming there is a wipe data option with Android Flash Tool?
I don't know. I've never used it
xunholyx said:
But unlocking the bootloader will wipe the phone.....
Click to expand...
Click to collapse
Correct, but it's still necessary to install the beta (and downgrade)
xunholyx said:
EDIT: I'm assuming there is a wipe data option with Android Flash Tool?
I don't know. I've never used it
Click to expand...
Click to collapse
There is indeed. It's actually quite comprehensive.
I don't want to unlock the bootloader. I just want to get a system partition back, I do t want root or any modifications,
Chr1stOnABike said:
I don't want to unlock the bootloader. I just want to get a system partition back, I do t want root or any modifications,
Click to expand...
Click to collapse
In that case, I believe the only option for you is to attempt to sideload the OTA via recovery.
Download the beta OTA here
Follow the instructions to apply the OTA here
If this does not work, you can try using the Android Flash Tool after enabling Developer Options and USB Debugging. You can choose not to wipe your device in the tool options. No guarantee this will work. Requires unlocked bootloader
I will say this: Running beta software on a locked bootloader is not only highly inadvisable, it's foolhardy. Beta software is EXPERIMENTAL, you use it AT YOUR OWN RISK, meaning it is YOUR responsibility to fix it if something goes wrong. Keeping your bootloader unlocked means your ability to fix it is limited, if not impossible.
V0latyle said:
In that case, I believe the only option for you is to attempt to sideload the OTA via recovery.
Download the beta OTA here
Follow the instructions to apply the OTA here
If this does not work, you can try using the Android Flash Tool after enabling Developer Options and USB Debugging. You can choose not to wipe your device in the tool options. No guarantee this will work.
I will say this: Running beta software on a locked bootloader is not only highly inadvisable, it's foolhardy. Beta software is EXPERIMENTAL, you use it AT YOUR OWN RISK, meaning it is YOUR responsibility to fix it if something goes wrong. Keeping your bootloader unlocked means your ability to fix it is limited, if not impossible.
Click to expand...
Click to collapse
Flash tool doesn't work, as it expects to go i to recovery, and it doesn't it comes up with the no system error.
So when android 12 releases in a couple of weeks, will it just flash it to the other partition, to retain 11? In other words,will this fix itself in the fullness of time.
Also, who is going to fix the crappy XDA blog post that was poorly checked that caused this mess. I can't be the only one (I know the flawed instructions have been copied by the usual churnalists 9to5google Android authority, Android police)
Chr1stOnABike said:
Flash tool doesn't work, as it expects to go i to recovery, and it doesn't it comes up with the no system error.
Click to expand...
Click to collapse
Ah. Well, you can fix this, but it will require unlocking the bootloader.
You can always relock it after you're done.
Chr1stOnABike said:
So when android 12 releases in a couple of weeks, will it just flash it to the other partition, to retain 11? In other words,will this fix itself in the fullness of time.
Click to expand...
Click to collapse
Don't know. Given that you can't boot into recovery, you can't sideload the OTA to test this theory. I personally doubt it. You can either wait and see, or you can just bite the bullet and fix the issue.
Chr1stOnABike said:
Also, who is going to fix the crappy XDA blog post that was poorly checked that caused this mess. I can't be the only one (I know the flawed instructions have been copied by the usual churnalists 9to5google Android authority, Android police)
Click to expand...
Click to collapse
Link to the post? You may not be the only one, but the majority of folks (including myself, I was in the Marine Corps for 9 years so you can guess my mental acuity) have been able to use the instructions to our success.
Isn't unlocking and relocking bootloader detectable in soft fuses and an instant warranty void?
How to install Android 12 and 12L on Google Pixel and other Android devices
Google has just released Android 12L beta for the Pixel lineup. Here is how you can install Android 12 (or 12L) on your smartphone!
www.xda-developers.com
Someone in the comments also broke their phone by following the untested Instructions.
Chr1stOnABike said:
Isn't unlocking and relocking bootloader detectable in soft fuses and an instant warranty void?
Click to expand...
Click to collapse
I'm not sure. But that raises a question for you: Why are you running beta firmware if you're worried about the warranty?
Chr1stOnABike said:
How to install Android 12 and 12L on Google Pixel and other Android devices
Google has just released Android 12L beta for the Pixel lineup. Here is how you can install Android 12 (or 12L) on your smartphone!
www.xda-developers.com
Someone in the comments also broke their phone by following the untested Instructions.
Click to expand...
Click to collapse
I have updated my phone using both of these methods and can personally confirm the instructions are correct. The only difference I would point out is that I'm comfortable enough using adb and fastboot commands that I manually type them and don't use the batch file.
It is your responsibility to understand the instructions and follow them. You flash and modify your device at your own risk. If you do not fully understand the instructions, it is also your responsibility to either find the details you need, or ask for help.
This may seem rather condescending or apathetic, but the situation is this:
- You tried to run experimental beta firmware on your device despite your concerns for the warranty
- You did not ask questions before doing so, and if you did read any of the multiple threads on this issue, you would have been acutely aware of the recommendation to unlock your bootloader before you proceed
- You are now left with few options to fix your device because you decided to ignore experienced advice and do things your own way
As I stated previously, the responsibility for fixing things is yours and yours alone. If you were that concerned with your warranty, you should have kept your phone completely stock and avoided installing the beta.
I have one last recommendation for you:
Disenroll from the beta program and wait for the OTA to take you back to A11 public release. A data wipe will be required.
You have been told in detail what you can do to fix your device. What you do now is completely up to you.
V0latyle said:
I'm not sure. But that raises a question for you: Why are you running beta firmware if you're worried about the warranty?
I have updated my phone using both of these methods and can personally confirm the instructions are correct. .
Click to expand...
Click to collapse
The instructions only work if you have previously done the unmentioned OEM unlock step, which you must have done.
The fact you don't understand this, it limits your credibility. Just because something worked for you, doesn't make it correct.
It also sounds like you don't understand the difference between OEM unlock and a bootloader unlock.
Chr1stOnABike said:
The instructions only work if you have previously done the unmentioned OEM unlock step, which you must have done.
Click to expand...
Click to collapse
Yes - I unlocked and rooted my phone the day I got it, and I bought it full price direct from Google. Your point?
Chr1stOnABike said:
The fact you don't understand this, it limits your credibility. Just because something worked for you, doesn't make it correct.
Click to expand...
Click to collapse
Yes, it's always worked for me. I've been trying to work with you here and give you options that do not require OEM Unlock or unlocking the bootloader. The reason I thought the Android Flash Tool might work is because it's literally a tool provided by Google, and though it uses ADB, I figured they might have some sort of security to allow recovery of locked phones.
What exactly is it you don't think I understand? As I've pointed out, you decided to install beta software on your device despite your concerns for warranty. As I ALSO pointed out, if warranty was that much of a concern for you, you should have stayed on stock public release firmware and not messed with anything at all.
I will admit that the guide you linked does not mention needing an unlocked bootloader. I think it's generally been assumed among us in the community that modifying your device requires an unlocked bootloader. I will talk to the mods and see if we can get a note added to the post. However, you seemed to miss the big warning that advises against using the beta on your daily driver.
Chr1stOnABike said:
It also sounds like you don't understand the difference between OEM unlock and a bootloader unlock.
Click to expand...
Click to collapse
Again, how so? If you're going to call me ignorant, you had better explain how.
OEM Unlock simply sets a flag: "unlock-ability" to 1. It's an on/off switch that corresponds to the 1 or 0 set for the "unlock-ability" flag. It has no other function.
When someone attempts to unlock the bootloader, the device checks that flag. If it's 0, the bootloader cannot be unlocked. If it's 1, it can.
Unlocking the bootloader disables security features that prevent you from flashing partitions on your phone, or booting images sent via ADB. The reason why this is important when running custom or experimental firmware is because it allows the user to reflash corrupted partitions (like in your case). It allows a lot more freedom over what you can do with your phone.
I've been doing this for years - more than 10 years in fact. I would be careful about making accusations like "you don't understand the difference" or "you don't know what you're talking about'" to someone who is trying to help you. I understand you're frustrated, but you're going to have to swallow your pride here and admit, at least to yourself, that you screwed up. It seems pretty clear to me that you either did not fully understand the risk of trying to modify your device with a locked bootloader (yes, installing the beta counts as a modification), or you ignored the risk and tried to do it anyway. Yet you come here and impugn my credibility? As they say, "check yourself before you wreck yourself". You screwed up and got yourself into this mess. You alone are to blame. No one has to help you, and believe me, I've been quite tempted to tell you to pound sand. The least you can do is show a little gratitude for someone who's trying to help, and respect for experience and knowledge far beyond your own.
I have one more option for you: Rescue mode.
Reboot your phone into bootloader (hold power + volume down, release power but keep holding volume down when screen turns off)
Use volume buttons to select rescue mode on the right side, then press power to select
Google Pixel Repair Tool
This probably won't work because the repair tool only works if the firmware on your phone is older or equivalent to the firmware the repair tool has.
Chr1stOnABike said:
The instructions only work if you have previously done the unmentioned OEM unlock step, which you must have done.
The fact you don't understand this, it limits your credibility. Just because something worked for you, doesn't make it correct.
It also sounds like you don't understand the difference between OEM unlock and a bootloader unlock.
Click to expand...
Click to collapse
I haven't had time to read much of this thread yet, but why insult the one person I see who's trying to help you?
I've seen this before and other users who may know what to do, usually just walk away as they don't want to help someone who may just insult them or are clearly unappreciative of the help given.
Everyone let's all keep it civilized.
If you have issue with a post, please hit report button and walk away.
Positive vibes, all.
--andybones
@Chr1stOnABike I am indeed trying to help you, as I understand your situation is frustrating. I also understand that it may be frustrating to be told to do what you didn't want to do in the first place, but the reason why I'm telling you to do it is because it'll be of the most help to you.
Losing your data sucks. I get it. But fortunately the Pixel 5 is great about backing everything up to your Google account. Just make sure your photos are backed up and you'll be fine. Setting it back up after a wipe is a pain in the ass, but again, I'm recommending the bootloader unlock because I believe it's your best chance at recovery.
As far as that goes, I'm still trying to be flexible and provide you with different options. Be aware that if these other options don't work, you have no other choice. I'm not saying that to be rude, that's just the reality of it.
And lastly, I would very much appreciate you making the distinction between thinking I'm wrong because you have evidence to the contrary, vs thinking I'm wrong simply because you don't like my recommendations. If you sincerely believe I'm incorrect and can demonstrate how, please feel free to do so.
My only objective here is to help people the best I can with the knowledge and experience I have.
For those who ever get stuck like I did. When I got stuck in a bootloop, I realized I could 'fastboot boot twrp.img' and was able to save my internal storage from being lost by backing up to PC with TWRP, then move it back onto internal after the factory reset. Did I lost app data in these cases, yes. But that's my own fault for not regularly backup app data up with something like Swift or AppDash.
@Chr1stOnABike just checking in to see if you were able to get your problem resolved?