Request: Remove "Bootloader unlocked"-warning - OnePlus 3T Questions & Answers

After unlocking the bootloader on each boot a message shows up with the message, that the device ist unlocked and cant' be trusted anymore. ist there any way to make this message disappear? (relocking the bootloader is no way! )
Same question exists in the OnePlus 3 section (with no solution)
Link to OnePlus 3 thread --> http://forum.xda-developers.com/oneplus-3/help/request-remove-bootloader-unlocked-t3405485

As far as I know there is no way to change it

It has been happening from OnePlus 3 and there is no way to remove it

but how can this be fixed on other devices? I've reat about some moto devices, where this message was "fixed".

Yes maybe someone will be able to do in near future

rUmtifUsel said:
but how can this be fixed on other devices? I've reat about some moto devices, where this message was "fixed".
Click to expand...
Click to collapse
I've already put up pretty much the similar post for the 3t not only here but also in the oneplus forums (3t), where I was actually contacted by a oneplus person asking for some details. I've fixed this on pretty much every single android phones I've ever had until now but this is clearly a new quirkier way of doing the logo that doesn't follow any tradition.
I'm guessing that it's been looked at by non-Oneplus people (here, other places) about a million times without finding where that partition, file, ramdisk, lives, and will stay that way until someone has incredible luck or intuition about it, or .. a oneplus engineer decides to reply to me (or you) and tell us the answer. They obviously know since they stuck it there to begin with. I've kind of hit the point where I just ignore it , push the on button (speeds by the screen) and go about my business. The only positive thing I've noted is that over on the oneplus forums, once someone at oneplus notices your post, you often get results, or at least, that's your best shot.
Cheers.

Hi there,
well, my guess that this is part of the IPL (Initial program loader; not boot.img) since the message appears pretty early in the boot-chain. It would make sence since it also checks the LOCK-status and decides if it allows booting unsigned boot.img images (which include kernel and ramdisk). The logic might look something like
if (bootloader.isUnlocked()) {
showMessage();
bootUnsignedImage();
} else {
bootSignedImage();
}

rUmtifUsel said:
but how can this be fixed on other devices? I've reat about some moto devices, where this message was "fixed".
Click to expand...
Click to collapse
This is a standard on Nexus devices and isn't "fixed" on them. Doubt it's going to be different on this.
http://www.droidforums.net/threads/bootloader-unlocked-warning-cant-be-removed-on-nexus-6p.286627/
Pretty sure it's a standard in all new Android phones, and really doubt it will ever be removed.

gladiac said:
Hi there,
well, my guess that this is part of the IPL (Initial program loader; not boot.img) since the message appears pretty early in the boot-chain. It would make sence since it also checks the LOCK-status and decides if it allows booting unsigned boot.img images (which include kernel and ramdisk). The logic might look something like
if (bootloader.isUnlocked()) {
showMessage();
bootUnsignedImage();
} else {
bootSignedImage();
}
Click to expand...
Click to collapse
I think that's somewhere near the truth. I've got build-able source for the 3t (3.5.3) and just finished getting the prebuilts from the phone as well, so here goes a most-likely fruitless search for something resembling a clause that I can figure out where the actual screen is coming from. If I can string together a well enough constructed $find | $grep -i {whatever} | {as many other cmds as needed}, then when I get back from work today, I can find out (well, probably) nothing at all , but it's worth a shot since I don't have to watch it and wait.. ;

gladiac said:
Hi there,
well, my guess that this is part of the IPL (Initial program loader; not boot.img) since the message appears pretty early in the boot-chain. It would make sence since it also checks the LOCK-status and decides if it allows booting unsigned boot.img images (which include kernel and ramdisk). The logic might look something like
if (bootloader.isUnlocked()) {
showMessage();
bootUnsignedImage();
} else {
bootSignedImage();
}
Click to expand...
Click to collapse
I found this code in the file listed after the code:
Code:
#if FBCON_DISPLAY_MSG
display_bootverify_menu_thread(DISPLAY_MENU_ORANGE);
wait_for_users_action();
#else
dprintf(CRITICAL,
"Your device has been unlocked and can't be trusted.\nWait for 5 seconds before proceeding\n");
mdelay(5000);
#endif
}
#endif
Filename in build tree: ~/sandbox/oneplus3t/bootable/bootloader/lk/app/aboot/aboot.c
------------------
So:: There's quite a bit more text for that screen in that file, and it's not as simple as just replacing the entire file with a single line that (e.g.) sets a = 0;
The thing is that the file does a lot of checks and I suspect the boot process won't even get it's feet wet if the file is actually damaged, but ::
The code above could pretty easily just be slightly modified not to print a message or to print a nice message, or a pretty little graphic, and the delay has no reason to exist. As soon as I can get 3.5.3 to built without errors (I just downloaded it again since my first try was from a 3rd party git repo), I'll see if it can be tampered with. The real problem is "Is this worth screwing around with?" . How many people (and I'm not even one of them) would want to blow away their setups just to install a new OS that has this crazy change in it.
Anyway, now that I've found it, I'll see if I can find some better way to handle it, but many have fallen on this sword so I probably will follow in their footsteps.
edit: As I was staring at the filename, it dawned on me that it's where all the stock & custom recoveries are made and is the next tree over called bootloader. That "might" (really doubt it) make this more doable. If we only had to change one partition to get rid of this thing, it'd be more like flashing a logo partition to get rid of it. My guess is that they're way to smart to allow someone to slap a different bootloader in there without there being a price to pay. (like no longer booting because of dm-v*). We'll see.

If it ain't broke
don't fix it

obamadictator said:
If it ain't broke
don't fix it
Click to expand...
Click to collapse
What're you? An insurgent? lol. This is XDA, the home of breaking things that ain't broke. ;

OK, the way I see it is that this problem is pretty much the same everywhere. What differ is the type of message it convey. To me and maybe the initial poster as well is not that it have some sort of language saying it's unlock, but it also has 5-sec delay which is annoying. In my opinion, say a Nexus device which only show a picture of a padlock "unlocked" is a much nicer way to me. That said, that little padlock may not enough to tell a normal person looking at a phone and for them to know it's boot-loader unlocked and it could have "extra stuff" hiding in the system. Originally Nexus and OP device serve different market. OP were aim at the mass, the normal people, while Nexus served the dev. So if we start with that point, then it make more sense that the OP device bootloader unlocked message need to be more clear. Even though it's annoying, but it's a phone to me and I intend to have a stable ROMs on it and I don't have a need for it to reboot every day or many time a day on the normal usage. So, if I'm not going to see that majority of the time, I'm ok with that. If it need to be fixed, I think at least the language on the message could be better, and maybe tell us what is going to load after the 5-sec delay, eg: system or recovery.

To clear things up:
The security warning is displayed by what lives in the aboot partition. It is a part of the boot chain and the piece that loads the kernel. Each part of the boot chain verifies the next one using RSA certs and signatures, starting at the bootrom, which is read-only. Aboot is also responsible for fastboot, the splash screen, and everything else you see on your device which is not recovery or OS (except hsusb 9008 mode, which kicks in in case the cert chain described above fails). Whilst some part of it source code may be included in the OOS device tree all magic is left out. The partition itself contains an somewhat corrupted elf file you could analyze. (If you do, remove the two "NULL" and the "EDIDX" program header). Maybe some qfuse or toggled bit somewhere can remove the warning. If you are good at reverse-engineering low-level arm and know some quallcomm internal stuff, go ahead. Otherwise, please stop confusing things and repeating things that are wrong or irritating.

justibasa said:
This is a standard on Nexus devices and isn't "fixed" on them. Doubt it's going to be different on this.
http://www.droidforums.net/threads/bootloader-unlocked-warning-cant-be-removed-on-nexus-6p.286627/
Pretty sure it's a standard in all new Android phones, and really doubt it will ever be removed.
Click to expand...
Click to collapse
it's fixed on nexus 5x
https://forum.xda-developers.com/showthread.php?p=70567187

What's the variable "FBCON_DISPLAY_MSG" set to?
If the code is written in c (which from the looks of it; it is)
Couldn't you just set a global variable = to whatever the default value is? Or for example if something is changing that value when you unlock the bootloader, just set it back to default after that.
If it's in the aboot.c file, then it must be part of the boot.img right?
Also the boot.img file isn't the whole OS. As long as you don't tamper with the actual calling functions for the system it should be fine "theoretically". My OP3T should be coming in tomorrow, so maybe I can take a look at this as well when I have some time.
EDIT: I just read Jo_Jo_2000's response after what I wrote. That actually makes sense, and that's probably what makes this more difficult to do because you have to re-sign the files using valid certs, otherwise if it fails who knows what could happen since you're modifying the boot partition

any update on this issue?

As I understand the problem there really isn't a way to "fix" it that doesn't involve disabling more security. the dm-verity feature is built in and verifies that the boot process hasn't been tampered with. Once you unlock the bootloader, that isn't the case and dm-verity will always alert. Until you reflash a completely stock "factory" setup and re-lock it in that state. There could be some minor differences necessary to make this happen, but the gist of it should be correct.
I'm hoping against all odds that this isn't the case and that someone will eventually figure out how to re-enable dm-verity for a specific build... such as OOS_Beta + Magisk. But I'm pretty sure that's a futile hope. Google's been waging war on root for a while now and they're winning. Since they ultimately control the platform, it's my prediction that they're going to win.
This wouldn't bother me so much if I thought the ad networks were malware-free. I shouldn't have to expose my personal data or security for advertising. I don't care how passionately you argue on behalf of the content creators.

You really can't without someone customizing their own boot.img with that out. Even then you will see a black screen for a second before it advances to actually boot. Once the bootloader has been modified in any way, this trips and tells you basically you cannot use safetynet stuff. Its not a big deal, OnePlus 3t allows you to skip it pretty quick. Unlike my last phone i had to look at that screen for the entire 5 seconds it asked me too even if i asked it to boot immediately. Its just a warranty and security thing its not a big deal. Can be ignored just like the dm verity warning. Trust me, you dont have it as bad. I get both the bootloader and dm verity warning in the same boot. I do actually enjoy them though because they let you use the volume up and down option to go to fastboot or bootloader or recovery or just turn the thing off without needing to do the stupid button presses which i never remember which one does what. Theyre a nice blessing on this phone i must say. a few vol down clicks and im in twrp. Its nice.

In the oneplus 5 has been done!
https://forum.xda-developers.com/oneplus-5/themes/mod-bootloader-changer-t3800862

Related

Would you be interested?

i was sitting here on XDA and i saw that a user here had his phone stolen from him, and people posted several solutions like GPSTracker and latitude but the user did not have either installed. would anyone be interested in a remote brick? basically it would be like SMS commander, but you send a text that holds a password and the correct brick phrase and the phone will brick. the best(and worst) way i can see to do this would be to have an old radio on the sdcard and have the haykuro SPL on there as well. then when the phone receives the text it flashes the old radio and then the haykuro SPL which we all know would brick the phone. i am still working on possible implementation or another way of doing this(maybe run "wipe all" in terminal), but i was just wondering if anyone would be interested before i really try it out.
maybe in future if app works well our ROM devs could include in their build and then it couldn't be removed(easily). the main reason i would want something like this is so if my phone was stolen i could make it useless to the idiot that stole it.
few minor details that would need to be worked out:
won't work if SIM is changed as number would be different
if i use the terminal command "wipe all" then theif would only need to have a new ROM to install and it would be all better
on the of chance you get the phone back you would want to be able to easily fix the phone
let me know what you think, keep in mind this is a very early stage idea and i haven't put more than 20 minutes thought into it
cant lie the idea is brilliant but execution would be the make or break point, and i have a feelin this will take alot of test g1's to get working lol...and multiple devs as a team to get up off the ground. But im all for it, i have had bad luck in the past especially with sidekicks and etc and this would be a perfect idea to have.
Great idea but don't forget when restoring it (if you manage to retrieve your phone), it should only 'unlock' to a certain pass phrase pre-set by the user. If not anyone could just run the 'unlock' command to start using it again.
On the whole, a great idea.
However, I think flashing an incompatible theme with your current build would be sufficient, seeing as 99% of the people who go around stealing phones would have no idea how to fix a G1 stuck on the T-Mo/Not-Flashing-Android Screen.
Although the Old Radio+New SPL combo ensures that there will be minimal data retrieval, it also seems like overkill for the majority of circumstances, seeing as your phone would become a paperweight.
The terminal command "wipe all" will wipe the data and system partitions and crash the phone, when the person who stole it tries to reboot it it won't boot
Even if you wipe (or remove the SD card) most builds would still boot regardless. A remote kill switch has been around on many platforms for some time, hell even Microsoft have been threatening to use it on Vista for pirated builds but it has never happened.
In this case, perhaps the app would need root access, so it could remotely reboot the G1 and run a script to force a boot loop, if you wanted to go as far as rendering the mobile temp unusable.
However the G1 as it is has plenty of security flaws... I mean many of us managed to get root without issue and I'm sure any google searches will point them to this forum. There is no security for fastboot, nor accessing the recovery image so people can pretty much do as they please - If they know how.
Yeah, I don't know about bricking the phone because it would suck if eventually you did get it back. Then you're stuck with a brick phone maybe theres away around it though which could work not sure how you'd implement this though. I mean the idea is there just going to be abit hard to execute because the problem is with all these theft problems, if they have the phone off when the sms is sent then it doesn't work.
I wouldn't mind having this. If someone snatched my G1 out of my hands and got away, I would just use my friend's cell 1 minute later to make my phone a paper weight, then have peace of mind. lol
Dladu said:
Yeah, I don't know about bricking the phone because it would suck if eventually you did get it back. Then you're stuck with a brick phone maybe theres away around it though which could work not sure how you'd implement this though. I mean the idea is there just going to be abit hard to execute because the problem is with all these theft problems, if they have the phone off when the sms is sent then it doesn't work.
Click to expand...
Click to collapse
i am noting the issues, what i am planning is something similar to SMS commander, when the phone gets a text that says a certain thing it does something. if the phone is off then the text will still arrive when the phone is powered on, hell i could probably even remove the recovery screen and then the person would need to fastboot the phone.
sms commander just "listens" for the text of an incoming message and if it matches a certain phrase it runs a command. obviously i would need root, but at this point if you haven't rooted your phone this(if it works) woulud do it.
with that said, i am researching the APIs to see what would need to be done, i used to have something like this on my old 8525 and i never had to use it, but i'm paranoid about stuff like this
i love this idea, there was this time when i had sold my touch pro on craigslist but the buyer had ripped me off! so that just pissed me off!
(good name ideas)
Cold-Droid
Lock Me
Ban-Droid
Dream Lock
Use me...Not!
Where's My owner
or just a plain app called
"Brick"
This app would be cool if it detected the owners sim card so if it were ever replaced it would say wrong sim card enter passkey (which they will not know)
and if they were to ever put the sim card back in then still it will tell you(sim card has been removed please eneter passkey)
or something like that! just an idea!
kind of like sim lock but instead of sim being locked, the device will be locked!
Why you would want to destroy a phone?
Just remote wipe your data, thats enough. Write that as an app!
Not bricking!
Have you guys used/considered Mobile Defense?
So here is my idea for this application.
Instead of completely bricking the phone, make it so that if the SIM card is removed, or the secret SMS message is sent that it does a complete phone lock and displays a message on-screen stating "This phone is suspected to have been lost/stolen. Please call XXX number to return the property.". All the while sending precise GPS locations updated every x minutes to a preset Email address and/or send a SMS to a preset phone number. This way the real owner may be able to easily recover the phone and none of the information is exposed. The only way to unlock it is to put in a code to unlock it. After x amount of days without being recovered, the program will issue a recoverable brick all the while showing the same message. After x more days after the soft brick, the phone will format all ROM and be unrecoverable. By that time, the real owner would have already gotten his/her replacement G1 if they had insurance, and the thief will have a fancy paperweight.
Great idea
Is this going to get anywhere?
that'd be funny if you could lock the phone at a screen that has a customized text.
Like F**K YOU B*TICH
or maybe
If Found Contact -
ETC. and it just stays at that screen. wonder if thats possible
edit- i shoulda read page 2 haha. same idea as Setnev lol.

Bootloader shipped unlocked? How do I verify for compromise?

Hi, (spent some time searching for answers; if this is covered elsewhere I missed it, sorry)
So, I'm a bit late to the party but I went and found a site still offering Nexus 6 "Factory new" XT1103 unit still in stock after so long, and bought myself one.
(1) I love it, and totally understand why so many people love it
(2) I'm a little concerned in that the bootloader seems to ALREADY be *unlocked*. I certainly didn't do it. Did Google ship these out with the bootloader pre-unlocked? (I tried to google this and found nothing; it strikes me as unlikely). And when booting into the fastboot mode, I don't see any entry saying "secure boot", which bothers me a bit since my Nexus 4 has this (is this deprecated and I missed the news?).
So, I assume that I can just download factory images off Google and flash them myself in order to be sure about my firmware (a little quicker since the bootloader is already unlocked, yeah?). But how do I verify that the bootloader *itself* isn't compromised in any way such that there's no issue with persistent malware, say?
(why yes, people HAVE said that I'm pretty paranoid, why do you ask? Have you been following me around?)
If you download the full firmware image and run the flash-all.bat command, it will overwrite the bootloader and erase everything on the phone. So even if the bootloader were somehow compromised (I really doubt it) this will take care of the problem.
Thanks, I'll do that. On the Google Nexus download page I see both "factory" and "OTA" images - I presume I should use the "factory" image?
I'm really spooked as to WHY the bootloader is unlocked, though, since I certainly did not do it and the box was shrinkwrapped. Does anybody know if anyone else has ever received a Nexus 6 "pre-unlocked"?
New and refurbished units from Motorola did not come shrink-wrapped. In order to open the box you needed to cut the label at the dotted line on the back of the box. Yours could not have been new nor a factory refurb, not just because the box wouldn't have been shrink-wrapped, but also because a refurbished unit would have had the motherboard refurbished so the bootloader status code would be set to 1 (Locked). A previously unlocked bootloader that has been locked would have a status code of 2, with unlocked having a status code of 3.
Strephon Alkhalikoi said:
New and refurbished units from Motorola did not come shrink-wrapped. In order to open the box you needed to cut the label at the dotted line on the back of the box. Yours could not have been new nor a factory refurb, not just because the box wouldn't have been shrink-wrapped, but also because a refurbished unit would have had the motherboard refurbished so the bootloader status code would be set to 1 (Locked). A previously unlocked bootloader that has been locked would have a status code of 2, with unlocked having a status code of 3.
Click to expand...
Click to collapse
...
ok the first time I ever looked, my status code was 3.
I definitely was not the guy who unlocked it.
argggggghhhhhhhhhhh
ok, so would flashing with the full factory image (per the first reply above) be sufficient for me to not have to worry about persistent malware lurking in e.g. a compromised bootloader? I'm not in a position to get a different unit and I'm just really bummed out about this now (especially since I've already logged in with my google account on the phone).
How could I check/verify (some kind of hash) after a full flash that everything is "as it should be"?
weilt said:
...
ok the first time I ever looked, my status code was 3.
I definitely was not the guy who unlocked it.
argggggghhhhhhhhhhh
ok, so would flashing with the full factory image (per the first reply above) be sufficient for me to not have to worry about persistent malware lurking in e.g. a compromised bootloader? I'm not in a position to get a different unit and I'm just really bummed out about this now (especially since I've already logged in with my google account on the phone).
How could I check/verify (some kind of hash) after a full flash that everything is "as it should be"?
Click to expand...
Click to collapse
Simply flash one of the factory images from Google's pages and all your concerns will be eliminated. But, you're being needlessly paranoid regarding the bootloader. All the bootloader does is transfer control from the low level firmware of the device to the Android kernel. Once it does that it sits quietly until the next time you boot. It has no contact with the outside world that I'm aware of so any malware in the bootloader would be useless.
got it, thanks so much for the help!
(I don't know enough about the android bootchain so was envisioning there'd be e.g. enough space allocated for the bootloader such that it would be possible to put in some sort of persistent malware that could be injected into subsequent boots; if it's just a tiny thing (especially if it gets overwritten anyhow when there's a full flash!) then alrighty I'm already safe since I already nuked the firmware twice

Horror story of DiSa, FMM, and the win on SM-T380

Wow where to start? The purchase. So I have a friend pick me up a "like new" Pad A off of craigslist; She was 45min closer to the sale than myself, so hey wtf? Shes got good judgement.. Urm, sge gets to my house with it, and what the he.. no charger NO TYPE C (which I dont have on hand) and tablet is dead dead. So it gets set aside for a couple of days.. I finally get it charged and wtf is this.? Enter in my # off of sales receipt? Oh boy here we go. I had not encountered this DiSa yet, however we made it, I know I can break it, so lets go!
Part 1: Assemble the files
I proceed to go on a downloading frenzy, throwing caution to the wind and downloading everything I can find firmware wise for this thing. Its worth noting that the unit is on Oreo at this point. I locate a combination file fairly early on in the tabs life cycle, on nougat, and blast this infernal thing with odin. Hey cool!? Factory Binary eh? Hey I can sideload to it, so I install a couple of things. Here is where this gets fuzzy...
Part 2: Breaking it
So a couple of apps get installed, I muck around a bit with it, then intentionally try to break it by patching dif boot.img files from other firmwares and flashing, etc etc careless stuff. I end up flashing another, much newer combo file and seem to be back to square one. HOWEVER, I gleamed a bit of useful info that I did not know before: that when flashing the four-file-firmware packs, using the plain CSC files wipes the userdata, where CSC_HOME does not. Lightbulb! I install a couple of apps that were handy for FRP bypassing because you could have them autostart, then.....
Part 3a: Oreo and F*^% My Mobile
I install the latest firm I could find, a Oreo build (AP_T380DXU2BRK2_CL14346227_QB20632006_REV00_user_low_ship_MULTI_CERT_meta) from late last year. To my joy, it booted up and DiSa was gonzo'ed. Yay! So I quickly blast through setup, frantically hit that build version 50 times to show it whose the developer boss, OEM Unlock TWRP here I come. Not so fast it says, for I still have some unpaid balance or some horse sh%%$. Ah man!
Part 3b:: Fool My Mobile
So I do a little research, and hey this has already been beat! COOOOOL. Throwing caution to the wind, I locate the required patched version of Miracle Box 2.58, run it, with it running set my date two years back on PC, cllosed MB, put tab in download mode, re-run MB, go to Samsung tab, check the Reset ReActivation/EE radio button, click start, it blips and bleeps and hisses and whirs... Reset into DL mode to check lock status.... TOTALLY GONE. Not even a mention of that hideous thing!
Part 4: TWRP, Etc.
All this has been covered in depth already so we wont beat that dead horse. Use Magisk to patch boot.img, flash patched booty.img.tar, everything goes awsy one last time. WINNER! It is, however, worth noting that if doing this on Oreo, you have to manually decompress the boot.img.lz4 file with lz4.exe (if in windows) with something like: lz4.exe -d boot.img.lz4 boot.img.ext4 ... then feed that file to Magisk. Anyhow, from DiSa and FMM locked to TWRP Root and happys in nuttin flat. Hope this entertained somebody
<--- logged in on new acct. Old one went away with its old, not accessible email ball and chain
Checking in quickly to update on mine.
Miracle used on COMBO firmware, BIT 2 binary. RMM goes away permanently it seems.
Flashed the Firmware referenced. Magically OEM unlock became available on first boot. Crazy. OEM unlocking enabled, and OEM LOCK OFF.
Up and running. Thanks for the reference.

Google just FORCIBLY pushed an OTA update and unrooted my phone!

A few days ago, I was trying to launch an app from my phone's home screen when it suddenly rebooted itself and downloaded/installed an OTA update, removing root in the process. So it looks like Google just force-restarted it and updated it without my consent!
Or, if not that, then I truly must have the worst luck imaginable - like astronomically, unbelievably bad; so bad it could be legendary - almost as if I were cursed by some mythical, malevolent creature with magical powers.
For what I'm about to assume might have happened to be what actually happened, the odds are probably astronomically against it occurring, or nearing the realm of quantum impossibility (or, at the very least, it would be extremely-improbable and highly-unlikely, statistically speaking).
There have been a handful of times (3-5, but I haven't kept count) in the few months I've had this phone that, after unlocking the screen, I see a window drawn over my phone's home screen: a notification dialog with info about downloading/installing a security update for the OS. At the bottom of the window I recall there being two buttons: one to confirm, reboot my phone, and download/install the update, and the other to postpone the update until some later time at night.
Since there was no button for the polite, socially-acceptable equivalent to responding, "NO, **** YOU! STOP ANNOYING ME WITH THIS PROMPT TO UPDATE! I NEVER WANT TO DOWNLOAD AND INSTALL AN UPDATE, OR SEE THIS POP UP EVER AGAIN!", I've just used the "back" button on my phone to dismiss this notification/prompt rather than accepting one of the two equally-unacceptable choices it offered me and being forced into downloading and updating my phone.
So, in theory, it's possible that, at the same exact moment as my phone's screen refreshed to draw this update notification/prompt again, I just happened to also click in exactly the wrong place - the place where that dreaded "reboot" button was drawn - thereby selecting the option to immediately reboot my phone, downloading and installing the update in the process. It would've had to have happened so quickly - literally, within the same 1/90th of a second - that the screen was drawn so that I didn't even see the notification appear before clicking the option to accept and reboot/install the update immediately.
1/90th of a second: that's just a hair over 11 milliseconds, or a hundredth of a second. And I just happened to click in exactly the wrong spot at exactly that moment?
Utterly, unimaginably, and even ridiculously bad luck if this is what actually happened. But aside from Google simply forcing a reboot/update remotely while I was using my phone, it's the only other thing I can think of that might've caused this.
Whoever programmed this functionality should at the very least be publicly shamed and insulted for it, but possibly also dragged out of their bed in the middle of the night into the street and beaten mercilessly. I don't know the law well enough to be aware of the name of the crime for such a thing (annoying millions of people with this almost-unavoidable and heinously-obnoxious nag to update their phone's OS, and causing maybe thousands of them to suffer some sort of financial loss, pain & suffering, or tragic inconvenience by accidentally accepting and applying the update - especially if they happened to be on a limited mobile data plan, or were roaming at the time). However, I'm fairly certain that most people who have experienced something like what I've been through and am forced to deal with now as a result of an OTA update being applied against their will would be fine with either or both of these things being administered as the just and appropriate form of punishment for such a crime.
So, all that being said, what are my odds that I'll be able to not only restore root to my phone without wiping it and losing all the sensitive data I had saved with root access but hadn't had the time to back up yet during one of the most difficult and tragic weeks of my life (I can't even begin to explain all of the other **** that has gone horribly wrong recently), but to also recover compensation for the cost of exceeding my data plan while visiting another country due to the update being downloaded at an EXTREMELY inopportune time? My guess: probably worse than the odds of accidentally clicking to accept and immediately download and apply an OS update within the same ≈11 milliseconds the nag for it was drawn on my phone's screen while also in the middle of giving a presentation in a super-important, multinational business meeting.
But hey, I figured I would share this post here anyway in the hopes of maybe learning that Google force-pushed an OTA update and pissed off millions of people who then filed a class action lawsuit because of it, and I just hadn't heard the news about it yet, but it was also recent enough that I could still get in on that action and recover at least some part of what I've lost in the past week.
And if not that, maybe I'll at least somehow get confirmation of having some of the worst luck imaginable, or validation that I'm not crazy, or just some sympathy and comfort from the community during a very dark time in my life when I sorely need it.
And I guess if there's even a modicum of hope I'll discover that I'm not completely alone in this world of **** that I now find myself in, and that there are others who have suffered a similar fate or misfortune as a result of either unbelievably bad luck with their phone, or Google forcibly cramming something very large and uncomfortable into an extremely sensitive area against their will - maybe even at one of the worst possible times of their life - then maybe there's even some hope left for my life; some point to even continuing it and trying to get out of the horribly-****ty, godforsaken nightmare I'm stuck in right now.
Or maybe I'll just learn that it is actually somehow possible to restore root to my phone without needing to wipe it first so I'm at least not quite as completely screwed as it looks like I am right now.
≈-∞
Google Pixel 5, OS 11
rooted with Magisk, no TWRP/recovery
recently forcibly OTA-updated to build RQ1A.201205.011
Disable updates permanently. I'm more concerned with the damage updates will do than malware at this point
leveleyed said:
A few days ago, I was trying to launch an app from my phone's home screen when it suddenly rebooted itself and downloaded/installed an OTA update, removing root in the process. So it looks like Google just force-restarted it and updated it without my consent!
Or, if not that, then I truly must have the worst luck imaginable - like astronomically, unbelievably bad; so bad it could be legendary - almost as if I were cursed by some mythical, malevolent creature with magical powers.
For what I'm about to assume might have happened to be what actually happened, the odds are probably astronomically against it occurring, or nearing the realm of quantum impossibility (or, at the very least, it would be extremely-improbable and highly-unlikely, statistically speaking).
There have been a handful of times (3-5, but I haven't kept count) in the few months I've had this phone that, after unlocking the screen, I see a window drawn over my phone's home screen: a notification dialog with info about downloading/installing a security update for the OS. At the bottom of the window I recall there being two buttons: one to confirm, reboot my phone, and download/install the update, and the other to postpone the update until some later time at night.
Since there was no button for the polite, socially-acceptable equivalent to responding, "NO, **** YOU! STOP ANNOYING ME WITH THIS PROMPT TO UPDATE! I NEVER WANT TO DOWNLOAD AND INSTALL AN UPDATE, OR SEE THIS POP UP EVER AGAIN!", I've just used the "back" button on my phone to dismiss this notification/prompt rather than accepting one of the two equally-unacceptable choices it offered me and being forced into downloading and updating my phone.
So, in theory, it's possible that, at the same exact moment as my phone's screen refreshed to draw this update notification/prompt again, I just happened to also click in exactly the wrong place - the place where that dreaded "reboot" button was drawn - thereby selecting the option to immediately reboot my phone, downloading and installing the update in the process. It would've had to have happened so quickly - literally, within the same 1/90th of a second - that the screen was drawn so that I didn't even see the notification appear before clicking the option to accept and reboot/install the update immediately.
1/90th of a second: that's just a hair over 11 milliseconds, or a hundredth of a second. And I just happened to click in exactly the wrong spot at exactly that moment?
Utterly, unimaginably, and even ridiculously bad luck if this is what actually happened. But aside from Google simply forcing a reboot/update remotely while I was using my phone, it's the only other thing I can think of that might've caused this.
Whoever programmed this functionality should at the very least be publicly shamed and insulted for it, but possibly also dragged out of their bed in the middle of the night into the street and beaten mercilessly. I don't know the law well enough to be aware of the name of the crime for such a thing (annoying millions of people with this almost-unavoidable and heinously-obnoxious nag to update their phone's OS, and causing maybe thousands of them to suffer some sort of financial loss, pain & suffering, or tragic inconvenience by accidentally accepting and applying the update - especially if they happened to be on a limited mobile data plan, or were roaming at the time). However, I'm fairly certain that most people who have experienced something like what I've been through and am forced to deal with now as a result of an OTA update being applied against their will would be fine with either or both of these things being administered as the just and appropriate form of punishment for such a crime.
So, all that being said, what are my odds that I'll be able to not only restore root to my phone without wiping it and losing all the sensitive data I had saved with root access but hadn't had the time to back up yet during one of the most difficult and tragic weeks of my life (I can't even begin to explain all of the other **** that has gone horribly wrong recently), but to also recover compensation for the cost of exceeding my data plan while visiting another country due to the update being downloaded at an EXTREMELY inopportune time? My guess: probably worse than the odds of accidentally clicking to accept and immediately download and apply an OS update within the same ≈11 milliseconds the nag for it was drawn on my phone's screen while also in the middle of giving a presentation in a super-important, multinational business meeting.
But hey, I figured I would share this post here anyway in the hopes of maybe learning that Google force-pushed an OTA update and pissed off millions of people who then filed a class action lawsuit because of it, and I just hadn't heard the news about it yet, but it was also recent enough that I could still get in on that action and recover at least some part of what I've lost in the past week.
And if not that, maybe I'll at least somehow get confirmation of having some of the worst luck imaginable, or validation that I'm not crazy, or just some sympathy and comfort from the community during a very dark time in my life when I sorely need it.
And I guess if there's even a modicum of hope I'll discover that I'm not completely alone in this world of **** that I now find myself in, and that there are others who have suffered a similar fate or misfortune as a result of either unbelievably bad luck with their phone, or Google forcibly cramming something very large and uncomfortable into an extremely sensitive area against their will - maybe even at one of the worst possible times of their life - then maybe there's even some hope left for my life; some point to even continuing it and trying to get out of the horribly-****ty, godforsaken nightmare I'm stuck in right now.
Or maybe I'll just learn that it is actually somehow possible to restore root to my phone without needing to wipe it first so I'm at least not quite as completely screwed as it looks like I am right now.
≈-∞
Google Pixel 5, OS 11
rooted with Magisk, no TWRP/recovery
recently forcibly OTA-updated to build RQ1A.201205.011
Click to expand...
Click to collapse
yes, automatic system updates are turned off. it's the first thing i do when i set up a new phone. so like i said, either Google still forced an update on my phone - despite having the automatic update setting turned off - or i have unbelievably impeccable timing on top of horribly bad luck.
Still hoping someone might have a solution that would allow me to restore root without wiping my device/data. please oh please oh please let there be some way to do this.
leveleyed said:
Still hoping someone might have a solution that would allow me to restore root without wiping my device/data. please oh please oh please let there be some way to do this.
Click to expand...
Click to collapse
This is a simple solution and has been discussed before.
Get the boot.img for your current build
Copy it to the phone and patch it with Magisk Manager
Fastboot flash the resulting patched image
Accidentally OTA updated my pixel, all fine but root gone
So i accidentally updated my pixel firmware via official OTA update (security patch 5. january 2021). First i was scared of a bootloop but it all went fine and booted. Of course my root is gone now, but i want to root it again. Bootloader is...
forum.xda-developers.com
UPDATING Pixel 5 Factory Image & Re-Rooting
Why This Thread? I have seen several questions on the process for updating a rooted Pixel 5, since the existing guides only explain the unlock and initial rooting, I thought I'd throw together a quick HOW TO on UPDATING and Re-Rooting for...
forum.xda-developers.com
l7777 said:
This is a simple solution and has been discussed before.
Get the boot.img for your current build
Copy it to the phone and patch it with Magisk Manager
Fastboot flash the resulting patched image
Accidentally OTA updated my pixel, all fine but root gone
So i accidentally updated my pixel firmware via official OTA update (security patch 5. january 2021). First i was scared of a bootloop but it all went fine and booted. Of course my root is gone now, but i want to root it again. Bootloader is...
forum.xda-developers.com
UPDATING Pixel 5 Factory Image & Re-Rooting
Why This Thread? I have seen several questions on the process for updating a rooted Pixel 5, since the existing guides only explain the unlock and initial rooting, I thought I'd throw together a quick HOW TO on UPDATING and Re-Rooting for...
forum.xda-developers.com
Click to expand...
Click to collapse
Thanks! Sorry for asking something that already had an answer. I guess I wasn't searching for the info properly.
I'm still having a problem though. I got the boot.img for the new version on my device. But when trying to launch Magisk manager, I see a window that says "upgrade to full Magisk Manager to finish the setup. Download and install?" I click "OK". But the next time I try to open it, it just keeps doing that same thing.
leveleyed said:
Thanks! Sorry for asking something that already had an answer. I guess I wasn't searching for the info properly.
I'm still having a problem though. I got the boot.img for the new version on my device. But when trying to launch Magisk manager, I see a window that says "upgrade to full Magisk Manager to finish the setup. Download and install?" I click "OK". But the next time I try to open it, it just keeps doing that same thing.
Click to expand...
Click to collapse
Try downloading magisk directly and installing. Or are if it already downloaded it and install that one.
leveleyed said:
yes, automatic system updates are turned off. it's the first thing i do when i set up a new phone. so like i said, either Google still forced an update on my phone - despite having the automatic update settingl turned off - or i have unbelievably impeccable timing on top of horribly bad luck.
Still hoping someone might have a solution that would allow me to restore root without wiping my device/data. please oh please oh please let there be some way to do this.
Click to expand...
Click to collapse
I'm sorry this happened to you.
But I think you more than likely thought it was off, I don't see why Google would "force" updates for only you.
leveleyed said:
Thanks! Sorry for asking something that already had an answer. I guess I wasn't searching for the info properly.
I'm still having a problem though. I got the boot.img for the new version on my device. But when trying to launch Magisk manager, I see a window that says "upgrade to full Magisk Manager to finish the setup. Download and install?" I click "OK". But the next time I try to open it, it just keeps doing that same thing.
Click to expand...
Click to collapse
Try downloading Magisk v22.
There is no longer Magisk Manager.
Releases · topjohnwu/Magisk
The Magic Mask for Android. Contribute to topjohnwu/Magisk development by creating an account on GitHub.
github.com
l7777 said:
Try downloading magisk directly and installing. Or are if it already downloaded it and install that one.
Click to expand...
Click to collapse
Okay. I went to download v22 from Github (assuming I don't want Canary). But on the download page, I see written more than once, "RESTORE THE EXISTING MAGISK MANAGER BACK TO NORMAL BEFORE UPGRADING IF HIDDEN!" Unfortunately, I had Magisk hidden as a different app name. so I can't unhide it. I'm not sure what to do about this. Should I uninstall the hidden/renamed Magisk, or leave it and install the new one?
leveleyed said:
Okay. I went to download v22 from Github (assuming I don't want Canary). But on the download page, I see written more than once, "RESTORE THE EXISTING MAGISK MANAGER BACK TO NORMAL BEFORE UPGRADING IF HIDDEN!" Unfortunately, I had Magisk hidden as a different app name. so I can't unhide it. I'm not sure what to do about this. Should I uninstall the hidden/renamed Magisk, or leave it and install the new one?
Click to expand...
Click to collapse
Yes you should be able to uninstall it manually. Won't hurt anything.
leveleyed said:
Okay. I went to download v22 from Github (assuming I don't want Canary). But on the download page, I see written more than once, "RESTORE THE EXISTING MAGISK MANAGER BACK TO NORMAL BEFORE UPGRADING IF HIDDEN!" Unfortunately, I had Magisk hidden as a different app name. so I can't unhide it. I'm not sure what to do about this. Should I uninstall the hidden/renamed Magisk, or leave it and install the new one?
Click to expand...
Click to collapse
No don't use canary, use v22.
But why can't you inside it? It's in Magisk settling. If you must uninstall it, you can try that also then install v22
andybones said:
I'm sorry this happened to you.
But I think you more than likely thought it was off, I don't see why Google would "force" updates for only you.
Try downloading Magisk v22.
There is no longer Magisk Manager.
Releases · topjohnwu/Magisk
The Magic Mask for Android. Contribute to topjohnwu/Magisk development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
Yeah, I know it was off because I am paranoid about automatic updates. I have them off in both Play Store and for system updates. I checked the setting after I rooted previously, and after it updated. So I guess it was actually just extremely bad luck/timing to click the location of the 'reboot and update now' button within the same frame the prompt appeared on my phone's home screen so that I never even saw it before it started rebooting and applied the update.
andybones said:
No don't use canary, use v22.
But why can't you inside it? It's in Magisk settling. If you must uninstall it, you can try that also then install v22
Click to expand...
Click to collapse
I couldn't unhide it because I was unable to launch Magisk at all. Every time I tried, I was just prompted to download it.
After uninstalling/reinstalling Magisk, downloading and extracting the boot.img for my current version of Android OS, patching in Magisk, and flashing the patched boot.img, I'm happy to report that I've successfully restored root without loss of my data partition!
Thank you so much to everyone here who helped me to get this resolved!
Now, hopefully I can find an app (or perhaps a Magisk module) that will prevent the system update notifications/prompts from even showing up on my phone, thereby eliminating the potential risk of needing to go through this again.

Hello all, after lurking in the shadows forever, ive formally joined, thanks for all the advice and help to those in past threads, and future.

Ive actually been following the advice of many on this site for, ****, a couple few years now. i have a super unorthodox way of doing things, like how i figured out how to succesfully bypass frp on most samsung devices without a computer, last one i did was a couple weeks ago. because i dont have "class time" or training in coding or development besides what ive learned from you guys, i try alot of **** alot of pros wouldnt based on it shouldnt work that way, but, if i think i can weasel my way through anyway i usually prevail, and its usually by the application of a bunch of stupid little tiny actions. long story short i have to do things the hard way, guy could just grab a zte, install twrp app, flash recovery then in twrp recovery flash magisk, done. nope, too fricken easy. i gotta always get a lg, motorola or an iphone, before Uncover 8.0.2 was out, well before it was out i had my iphone 12 pro max jailbroken on 14.8. and i hope yall enjoy this as much as i did. i turned my ish app which i got from the app store jjst to make Apples butt hurt just a little more, i manipulated some filed and configs and basically turned it into Kali-Alpine lol, i then installed the checkrain debian, and yes jailbroke it from within, apples mdm is like neck and neck wiht you i learned while doing this, but when i did my ish filesystem editing, i didnt mount it until i was ready, and when i mounted thatfilesystem, you should ahve seen that realtime log light up, anyway, they said tell a story or something, and this will always be one of my favorite moments in triumph, because i took everything they use to keep a handle, as the very tools to take over the device lol.
in closing, i hope to give back for the advice and knowledge ive recieved in my time around. i will soon share my samsung debloat batch file, and a cople combination firmwares i have, and a magisk patched SM-A530W AP file whixh i also loaded the no verity/force encrypt kernel and twrp recovery image into, /system is mounted rw, props edited wiht all security disabled, and yes, kgclient removable, like totally uninstallable and everything is fine after, currently working on how to successfully boot and operate Samsung devices with 0x030c, bootloader code
theprimalconcretesinister said:
Ive actually been following the advice of many on this site for, ****, a couple few years now. i have a super unorthodox way of doing things, like how i figured out how to succesfully bypass frp on most samsung devices without a computer, last one i did was a couple weeks ago. because i dont have "class time" or training in coding or development besides what ive learned from you guys, i try alot of **** alot of pros wouldnt based on it shouldnt work that way, but, if i think i can weasel my way through anyway i usually prevail, and its usually by the application of a bunch of stupid little tiny actions. long story short i have to do things the hard way, guy could just grab a zte, install twrp app, flash recovery then in twrp recovery flash magisk, done. nope, too fricken easy. i gotta always get a lg, motorola or an iphone, before Uncover 8.0.2 was out, well before it was out i had my iphone 12 pro max jailbroken on 14.8. and i hope yall enjoy this as much as i did. i turned my ish app which i got from the app store jjst to make Apples butt hurt just a little more, i manipulated some filed and configs and basically turned it into Kali-Alpine lol, i then installed the checkrain debian, and yes jailbroke it from within, apples mdm is like neck and neck wiht you i learned while doing this, but when i did my ish filesystem editing, i didnt mount it until i was ready, and when i mounted thatfilesystem, you should ahve seen that realtime log light up, anyway, they said tell a story or something, and this will always be one of my favorite moments in triumph, because i took everything they use to keep a handle, as the very tools to take over the device lol.
in closing, i hope to give back for the advice and knowledge ive recieved in my time around. i will soon share my samsung debloat batch file, and a cople combination firmwares i have, and a magisk patched SM-A530W AP file whixh i also loaded the no verity/force encrypt kernel and twrp recovery image into, /system is mounted rw, props edited wiht all security disabled, and yes, kgclient removable, like totally uninstallable and everything is fine after, currently working on how to successfully boot and operate Samsung devices with 0x030c, bootloader code
Click to expand...
Click to collapse
Nice intro!, Welcome to XDA
theprimalconcretesinister said:
Ive actually been following the advice of many on this site for, ****, a couple few years now. i have a super unorthodox way of doing things, like how i figured out how to succesfully bypass frp on most samsung devices without a computer, last one i did was a couple weeks ago. because i dont have "class time" or training in coding or development besides what ive learned from you guys, i try alot of **** alot of pros wouldnt based on it shouldnt work that way, but, if i think i can weasel my way through anyway i usually prevail, and its usually by the application of a bunch of stupid little tiny actions. long story short i have to do things the hard way, guy could just grab a zte, install twrp app, flash recovery then in twrp recovery flash magisk, done. nope, too fricken easy. i gotta always get a lg, motorola or an iphone, before Uncover 8.0.2 was out, well before it was out i had my iphone 12 pro max jailbroken on 14.8. and i hope yall enjoy this as much as i did. i turned my ish app which i got from the app store jjst to make Apples butt hurt just a little more, i manipulated some filed and configs and basically turned it into Kali-Alpine lol, i then installed the checkrain debian, and yes jailbroke it from within, apples mdm is like neck and neck wiht you i learned while doing this, but when i did my ish filesystem editing, i didnt mount it until i was ready, and when i mounted thatfilesystem, you should ahve seen that realtime log light up, anyway, they said tell a story or something, and this will always be one of my favorite moments in triumph, because i took everything they use to keep a handle, as the very tools to take over the device lol.
in closing, i hope to give back for the advice and knowledge ive recieved in my time around. i will soon share my samsung debloat batch file, and a cople combination firmwares i have, and a magisk patched SM-A530W AP file whixh i also loaded the no verity/force encrypt kernel and twrp recovery image into, /system is mounted rw, props edited wiht all security disabled, and yes, kgclient removable, like totally uninstallable and everything is fine after, currently working on how to successfully boot and operate Samsung devices with 0x030c, bootloader code
Click to expand...
Click to collapse
How did your jail-breaking experience go? I've been thinking of jail-breaking my iPad Mini 4. (Look at my profile banner)

Categories

Resources