[App] [Root] OnePlus Data Protector - ONE Themes and Apps

This app can be used to maximize the protection of the data on your rooted phone in situations in which someone has physical access to your device. It only works on OnePlus One 64GB phones (and might work on the 16GB edition).
Features:
Toggling tamper flag
Unlocking/locking bootloader without wiping your data
Disabling and enabling the recovery program (such as TWRP) from within Android
Use case:
Suppose you have rooted your phone and in the process you have also installed a custom recovery program. Anyone with physical access to your phone can now easily extract all files that are on your internal storage, by booting the phone into recovery mode and connecting it to a computer. Imagine that, to counter this problem, you install a recovery program that does not expose any files and only accepts signed flashable packages. Now, an intruder cannot access files through recovery mode, but can still flash a new recovery program that does expose files. To prevent this from happening, one must also lock the bootloader, to prevent malicious images from being flashed. This app makes taking these measures easy. It is able to completely block access to the recovery program by backing up and erasing the recovery partition, and toggle the bootloader lock. This will make it (nearly) impossible for anyone without special hardware, tools and soldering equipment and experience to gain access to your files.
Tested on:
OnePlus One 64GB, Resurrection Remix
Important:
If you lock your bootloader and disable your recovery, the only way to get to your data is through Android. If you corrupt Android in one way or another, i.e. it does not boot anymore, you have practically lost your data. I advise you to only disable access to the recovery program in situations in which there is an increased likelihood your phone will be stolen.
You can also use device encryption.
Downloads:
OnePlus Data Protector 1.1
OnePlus Data Protector 1.0
XDA:DevDB Information
OnePlus Data Protector, Device Specific App for the OnePlus One
Contributors
_Tobias
Source Code: https://github.com/Tobiaqs/OnePlusDP
Version Information
Status: Stable
Current Stable Version: 1.1
Stable Release Date: 2017-07-18
Created 2017-07-17
Last Updated 2017-07-18

Would this be considered a workaround to not being able to encrypt the /data partition with f2fs? Or would they still have the ability to view my data in plain text?

Does this work with custom roms/kernels/firmware? Once I re-lock my bootloader, will I be able to unlock it again without wiping my device? I tried looking on github but there's no info about this.

ThunderThighs said:
Does this work with custom roms/kernels/firmware? Once I re-lock my bootloader, will I be able to unlock it again without wiping my device? I tried looking on github but there's no info about this.
Click to expand...
Click to collapse
Once you lock your bootloader, you will be able to unlock it without wiping your device, provided you unlock it through the app (or find another way to write the flag value to the aboot partition). This will work on almost all custom roms/kernels, however, disabling the recovery will probably not work if you for some reason have a resized recovery partition (not likely to be the case).
Unlocking it through fastboot will initiate a full wipe.
ThunderThighs said:
Would this be considered a workaround to not being able to encrypt the /data partition with f2fs? Or would they still have the ability to view my data in plain text?
Click to expand...
Click to collapse
Given enough hardware and tools, one would still be able to read from your memory chip, but not with just a USB cable. Encrypting the data partition, combined with the use of this app would be more secure.

I just noticed a bug. The app incorrectly shows the value of the unlocked flag. Setting the flag still works all the same.
This has been fixed in version 1.1.

Thank you for making this useful app. It really does work as advertised, and the only bug I experienced was fixed in v1.1.

Related

Magisk and Bootloader

Hi,
I am very new to this android world so my queries might feel stupid. Actually i m here after 3 years and that is very long period in this world. I know about rooting(super Su), bootloader and recovery (stock,CM and TWRP) . Recently read about Magisk and got some queries. Hope you will help me out. These are not device specific but need to learn.
What i read/study i found these readings...
1. Magisk roots device systemlessly (does not touch system partition) so one can get OTA updates easily.
2.To install and run Magisk one needs to unlock the bootloader .
3.(Device Specific) My redmi MI Flash tool says,If you unlock the bootloader , you wont get OTA updates.
4.I have previously rooted my galaxy Y and uninstalled system apps. If i delete sys apps from magisk,still can we say that we are not touching system.
So all statements are true? or some? or none ?
Here my device is redmi 3s (6.0.1- MIUI 9.6.1.0 Global Stable).All these queries are just in relation to OTA system updates. Nothing related to warranty.
Thanking You
Yes.
Yes.
Don't know about Xiaomi, but I've never had issues with OTA on a device with an unlocked bootloader (I've mainly used different Google and Oneplus devices). Someone with a Xiaomi is gonna have to chime in on this one.
As long as you use Magisk's debloating feature of replacing files or directories with empty ones, you're good. The actual /system partition won't be touched. Use a module like the Debloater module by @veez21, or make a debloater module yourself.
Didgeridoohan said:
Don't know about Xiaomi, but I've never had issues with OTA on a device with an unlocked bootloader (I've mainly used different Google and Oneplus devices). Someone with a Xiaomi is gonna have to chime in on this one.
Click to expand...
Click to collapse
Ahh, Thank You.
You get OTA system updates for your STOCK ROM ?
inwell said:
Ahh, Thank You.
You get OTA system updates for your STOCK ROM ?
Click to expand...
Click to collapse
Yes. But, having both Magisk and a custom recovery (an OTA won't install with a modified boot image and a custom recovery installed) I always find it easier to download the update and flash it manually. But, like I said, I have no idea if this is true for Xiaomi.
1. Ok. i also heared that when you update your device,you lose root...not true ? Or you need to root again ?
2.In normal stock device,we get update notification and we downlaod then restart (as per convenience)device to update.
If i remove some system apps from my rooted device and unroot the device,manage to get stock recovery back ,will the OTA update system treat my device as Stock-untouched? And install updates just as stock device will do ?
3. Is boot.img and bootloader are same things? Coz i read that for re locking boot loader you need to flash boot.img from stock software. (But Some procedures just use fastboot and relock oem command-they wont use boot.img,dont know why )
I read that unrooting,restoring stock recovery and locking bootloader again is more difficult/complicated than the rooting procedure
Some one should come up with solution just like Windows Restore .If you want to go back to everything STOCK,just use that feature same as done to Restore Windows in its previous state.
Any update that also updates the boot image (which means pretty much all) will remove root. But, that's just a simple case of reflashing Magisk right after applying the update.
If you've touched /system in any way, removing system apps or even just mounting the /system partition read-write, an OTA will fail. To be able update with an OTA your /system and /vendor partitions need to be untouched and you need to have the stock boot image and stock recovery installed. If your device doesn't conform to this the OTA will fail.
Boot image and bootloader are not the same thing. That you can read up on all over the internet, so I won't go into details. If you have done any kind of modifications on your device, I suggest you leave your bootloader unlocked. It's to easy to mess things up otherwise.
Going back to full stock is usually just a matter of flashing a full factory image/firmware package/stock ROM. Quite easy... Of course, some manufacturers make it harder than others.
Didgeridoohan said:
Boot image and bootloader are not the same thing. That you can read up on all over the internet, so I won't go into details. If you have done any kind of modifications on your device, I suggest you leave your bootloader unlocked. It's to easy to mess things up otherwise.
Click to expand...
Click to collapse
Ok. As you say the two are different , but can you explain in simple words (terms) that how they both are related/linked/connected? Coz as i read some forums/posts i get to read
1. To relock/lock bootloader you need to flash boot.img which suggests these (terms) are linked/connected.
2. but same time some forums/post suggest no img file flashing but just a fastboot command(s) to relock bootloader. In this case it seems they are not linked/connected.
And if the above 2 statements are true and device specific then how the bootloader and boot image are linked and not linked in diff devices? what changes are made so that in some cases these are linked and in some not
Sorry for asking too much. But you were really very kind to help me out.Thank you once again
I'm not 100% accurate (and someone will hopefully come I'm and correct me if needed), but basically the bootloader checks that everything is alright and then starts up your device. After that the boot image (ramdisk and kernel) takes over. Ramdisk basically makes sure all the partitions are mounted, and the kernel is exactly what it sounds like. The core of the OS, making sure that everything is working as it should.
This is of course a huge over-simplification, so if you want more you'll have to search around (and there are tons of resources around the web).
The main reason I can think of right at the moment for wanting to flash a boot image before locking the bootloader is that it's generally a good idea to have your device fully stock and functional before doing so. After you've locked the bootloader there might not be any going back if things start acting up and you could end up with a nice paperweight.
Questions are good. That's how you learn. I do believe that you'd be much better of searching around the internet for your answers. They've been put out there many, many times.
Ok.Thank you very much.I will learn more ...

Some security brainstorming while using unlocked bootloader

*I've tried the search on xda but didn't find what is on my mind
** feel free to add the topic to the proper place
So here is it
Unlocked bootloader - decrypted storage - twrp recovery
Pretty much on a silver plate for any thief
.. If i encrypt the storage will i be able to access twrp with the code
And if i remove the installed rom and kept the internal data will it be available after the new rom flash
What is the best options to go with?

Root [TWRP + Magisk] kills device Security :: Pin/Fingerprints broken

Hello XDA, I'm going to keep this short and sweet - I was able to root my device using the TWRP + Magisk method and some online guides. I believe after experimenting and flashing over the weekend, there is a bug, race condition, or something that prevents bio metrics and security from properly working on the Note 9.
If I set a pin, as it's required for me to add my fingerprints - when I later try to unlock the phone, the device will say the wrong pin. Deleting the cache, reading guides etc will only get you in a bootloop.
I'm in a state right now where I'm rooted with no device security, as adding a pin will effectively brick the device until flashing with Stock Android again.
_______
I was able to root last week Friday. I didn't bother setting a pin as I was happy to have root. Yesterday, I decided to go ahead and set my pin and soon enough, was prompted to use it to disable security.
I really thought I had mistakenly confirmed a stray character in my pin, and after toying, researching, and flashing my device over the weekend, Ive come to a crux where I could use some expert assistance.
Some guides I used had links to an RMM disabled or some ****, another guide had two zips for a different type of disabler. I'm not linking them, because apparently none of them work, but I believe this is where the problem lies. I think one of the zips is to remove the OEM Integrity Check or some **** Samsung wrote to secure the device. One of the packages I flashed took all those packages but nothing has worked.
Setting your pin during setup, or later in settings yields the same results - you will lock yourself out until you flash Stock Android to restart the process.
We're almost there guys, just need to be able to lock my device like a normal cellhpone user - thank you
dekalbcountyman said:
Hello XDA, I'm going to keep this short and sweet - I was able to root my device using the TWRP + Magisk method and some online guides. I believe after experimenting and flashing over the weekend, there is a bug, race condition, or something that prevents bio metrics and security from properly working on the Note 9.
If I set a pin, as it's required for me to add my fingerprints - when I later try to unlock the phone, the device will say the wrong pin. Deleting the cache, reading guides etc will only get you in a bootloop.
I'm in a state right now where I'm rooted with no device security, as adding a pin will effectively brick the device until flashing with Stock Android again.
_______
I was able to root last week Friday. I didn't bother setting a pin as I was happy to have root. Yesterday, I decided to go ahead and set my pin and soon enough, was prompted to use it to disable security.
I really thought I had mistakenly confirmed a stray character in my pin, and after toying, researching, and flashing my device over the weekend, Ive come to a crux where I could use some expert assistance.
Some guides I used had links to an RMM disabled or some ****, another guide had two zips for a different type of disabler. I'm not linking them, because apparently none of them work, but I believe this is where the problem lies. I think one of the zips is to remove the OEM Integrity Check or some **** Samsung wrote to secure the device. One of the packages I flashed took all those packages but nothing has worked.
Setting your pin during setup, or later in settings yields the same results - you will lock yourself out until you flash Stock Android to restart the process.
We're almost there guys, just need to be able to lock my device like a normal cellhpone user - thank you
Click to expand...
Click to collapse
did you encrypt your device? when you reboot, do you see an animation of a pad lock?
bober10113 said:
did you encrypt your device? when you reboot, do you see an animation of a pad lock?
Click to expand...
Click to collapse
Bober, first of all thanks for taking YOUR TIME to respond - as a senior member I feel like we can make progress
No, my phone is not encrypted - there is no lock when booting up, just the Stock Samsung animation
I do not use any system encryption or anything like that. I’m a hardware first guy, and use a suite of my own private encrypted cloud software
I played with my Note 9 before I rotted cow TWRP + Magisk - all tutorials out there mentioned flashing various encryption/security zips which I have - I think those zoos are geared for Knox
After you root the phone, you cannot set any type of biometric security or pin or you will be stuck in a bootloop/lock loop as the device is unable to authenticate your pin
dekalbcountyman said:
Bober, first of all thanks for taking YOUR TIME to respond - as a senior member I feel like we can make progress
No, my phone is not encrypted - there is no lock when booting up, just the Stock Samsung animation
I do not use any system encryption or anything like that. I’m a hardware first guy, and use a suite of my own private encrypted cloud software
I played with my Note 9 before I rotted cow TWRP + Magisk - all tutorials out there mentioned flashing various encryption/security zips which I have - I think those zoos are geared for Knox
After you root the phone, you cannot set any type of biometric security or pin or you will be stuck in a bootloop/lock loop as the device is unable to authenticate your pin
Click to expand...
Click to collapse
Are you using Snapdragon or Exynos?
mmjs14 said:
Are you using Snapdragon or Exynos?
Click to expand...
Click to collapse
Sir, I am using a
Galaxy Note 9
SM-N960F Internationals Unlocked
Alpine White
Exynos
Boot loader is TWRP and OEM Unlock is staying open permanently
I have all the hardware required, just need to overcome this software quirk so I can lock my phone when I’m not using it
dekalbcountyman said:
Bober, first of all thanks for taking YOUR TIME to respond - as a senior member I feel like we can make progress
No, my phone is not encrypted - there is no lock when booting up, just the Stock Samsung animation
I do not use any system encryption or anything like that. I’m a hardware first guy, and use a suite of my own private encrypted cloud software
I played with my Note 9 before I rotted cow TWRP + Magisk - all tutorials out there mentioned flashing various encryption/security zips which I have - I think those zoos are geared for Knox
After you root the phone, you cannot set any type of biometric security or pin or you will be stuck in a bootloop/lock loop as the device is unable to authenticate your pin
Click to expand...
Click to collapse
ive never seen this. what firmware are you on?
have you tried to download the very latest and completely wipe your phone? use samfirm tool 0.3.6 do dl the latest.
fill up all the slots with the md5 files u dled with samfirm and flash using odin( in csc slot use csc.md5 instead of home_csc.md5.)
go dl
magisk zip:
https://github.com/topjohnwu/Magisk/releases/download/v19.2/Magisk-v19.2.zip
and apk:
https://github.com/topjohnwu/Magisk/releases/download/manager-v7.2.0/MagiskManager-v7.2.0.apk
ketan oem fix +root
https://www.androidfilehost.com/?w=files&flid=281291
once back on latest stock firmware root again using twrp 3.2.x.x tar
flash it with odin but go to option and uncheck autoreboot
and flash twrp.tar in the AP slot.
once successful, manualy reboot phone to recovery( dont let it boot to homescreen! so hold vol up + Bixby +power
once in twrp swipe to get in recovery. go to wipe button and Format ( type yes) and go to reboot button and choose reboot to recovery
once back to recovery go again to wipe button and choose factory wipe.
once done flash dr ketan oem and root zip. ( within the aroma setup of that zip choose yes to both option for root and kernel)
once finished you can now flash the latest magisk.zip as dled earlier.
now reboot and setup your device. once done you can install magisk manger .apk that was dled earlier.
Bober, I did your steps exactly as described and used the links you provided and got it working w/ Biometric Security
I've flashed my phone like 20 times so the process took like 15 minutes max - this was also the first time I flashed all the files in the firmware download. Other guides out there tell me I only need to load the AP slot when flashing for this phone.
The "ketan oem fix +root" is the only security/system level zip I flashed using TWRP - besides looking like an early 2000s rootkit, the Terms of Use had an old version listed and said the binary was from 2015
I couldn't take screens, but everything went well when I checked the version
Thank You so much - in the future, will this root method hold for the life of the Note 9? Like when the new Android after Pie is released, will it be as simple as
1. Backing Up Phone
2. Flashing Android 10 Stock via Odin
3. Reflashing TWRP and Rooting
or is there a more streamlined approach to this? Thanks mate
dekalbcountyman said:
Bober, I did your steps exactly as described and used the links you provided and got it working w/ Biometric Security
I've flashed my phone like 20 times so the process took like 15 minutes max - this was also the first time I flashed all the files in the firmware download. Other guides out there tell me I only need to load the AP slot when flashing for this phone.
The "ketan oem fix +root" is the only security/system level zip I flashed using TWRP - besides looking like an early 2000s rootkit, the Terms of Use had an old version listed and said the binary was from 2015
I couldn't take screens, but everything went well when I checked the version
Thank You so much - in the future, will this root method hold for the life of the Note 9? Like when the new Android after Pie is released, will it be as simple as
1. Backing Up Phone
2. Flashing Android 10 Stock via Odin
3. Reflashing TWRP and Rooting
or is there a more streamlined approach to this? Thanks mate
Click to expand...
Click to collapse
actualy the root method that dr ketan created is just a way to bypass an issue that not all phones have(rmm state aka binaries error when booting.
but technically the method should be;
flash twrp, format, reboot again to recovery and flash official magisk .zip
you can also rely on rom developpers to flash their version instead of stock android via odin. this allows you to not always have to go through the twrp/root procedure each time and also rom devs include nice additional features.
anyways glad i could help.

Setup EU ROM with locked bootloader on K20 Pro Global ROM

Hi,
I read a tons of topics here, but more I read more it become unclear to me. I need your help to understand how it works, please.
Step-by-step:
I have bought my Redmi K20 Pro from AliExpress 1.5 years ago with Global ROM installed and unlocked bootloader initially
At the time when I was in Europe the biggest disadvantage using the device was that I couldn't set Google Pay to my device. Now I am in Indonesia and Google Pay is not commonly used here, so it's not the big problem now, but anyway, I would like to fix it.
Currently I am doing a lot of work in Instagram, and the huge problem I realized that my device doesn't work properly with Instagram stories. If I use in-app camera to record the story it looks laggy SO MUCH. Also if I am trying to upload pre-recorded video using native camera app to instagram story, video is still laggy and furthermore it's quality is horrible. Seems like it's compressed from 1080p to 360p. Just weeks ago another problem appears that uploading the videos > 15sec the Instagram app doesn't split it to the blocks (where you can add some notes/text/graphics separately to each block) but uploading as a multiple stories with a same graphics and text I selected before uploading. There are tons of complains about it and seems related exactly to this phone model, but still no solutions.
What I want to do is:
install EU ROM with a hope that Instagram will work properly there
Lock bootloader to setup Google Pay
Checking this forum and other resources I found the info that it's not always possible safely migrate to EU from GLOBAL. Furthermore, many people do not recommend to lock bootloader if it was unlocked.
The questions are:
Is it possible to do what I want safely? Migrate to EU ROM and lock bootloader
will EU ROM help me with instagram issue?
how can I do it?
can ROM migration somehow change the IMEI code? My device is registered in Indonesia, and according to new laws here, if the IMEA changes, I will need to register it again, and it could be a problem
Thank in advice. :angel:
I would suggest you to flash the best custom miui rom out there: Xiaomi EU. Visit the below link and read the rom features section to get an idea.
https://xiaomi.eu/community/threads/miui-12-0-stable-release.56191/
I'm suggesting this because, you can keep your bootloader unlocked and SafetyNet passes by default (Google Pay). Instagram will work properly and fyi, changing roms doesn't change IMEI unless you dont mess it up. Instead of TWRP, use OrangeFox recovery:
https://orangefox.download/device/raphael
BACKUP First before proceeding.
This is the download link for latest stable custom miui eu rom 12.0.5.0:
https://sourceforge.net/projects/xi...MI9TPro_V12.0.5.0.QFKCNXM_v12-10.zip/download
Thanks for your reply
Siddk007 said:
I'm suggesting this because, you can keep your bootloader unlocked and SafetyNet passes by default (Google Pay). Instagram will work properly and fyi, changing roms doesn't change IMEI unless you dont mess it up. Instead of TWRP, use OrangeFox recovery:
Click to expand...
Click to collapse
The instructions in a link you provided above are about TWRP usage. Should I just replace all steps related to TWRP with OrangeFox?
Also, there are some steps to unlock the bootloader. Should I skip it because bootloader is already unlocked in my case?
Siddk007 said:
BACKUP First before proceeding.
Click to expand...
Click to collapse
Is there some specific backup tool or I can still use my Google Account backup options? Is there any way to keep all my apps (or at least settings) after new ROM installed?
romahaaa said:
Thanks for your reply
The instructions in a link you provided above are about TWRP usage. Should I just replace all steps related to TWRP with OrangeFox? - YES
Also, there are some steps to unlock the bootloader. Should I skip it because bootloader is already unlocked in my case? - YES, skip it
Is there some specific backup tool or I can still use my Google Account backup options? Is there any way to keep all my apps (or at least settings) after new ROM installed?
Click to expand...
Click to collapse
- first of all copy all the files on your phone's internal storage to a pc/laptop.
- Google backup should work, but i'm not sure.
- Better to reinstall all the apps and set it up since, the rom is totally fresh and latest.
installation steps:
remove any password/pin if set.
After flashing orangefox recovery,
wipe system, data, cache, dalvik, vendor.
install rom. wait for atleast 15 mins to boot.
btw, is your system is encrypted?
Siddk007 said:
btw, is your system is encrypted?
Click to expand...
Click to collapse
Just checked - yes, it's encrypted. As I understand I need to disable it? Should I do it only for installation and after set it back encrypted?
Also, from the other instructions people recommend to logout from Mi account/Google account and remove pin code and fingerprints before flash operations.
romahaaa said:
Just checked - yes, it's encrypted. As I understand I need to disable it? Should I do it only for installation and after set it back encrypted?
Also, from the other instructions people recommend to logout from Mi account/Google account and remove pin code and fingerprints before flash operations.
Click to expand...
Click to collapse
If you want to disable it, you will have to format your data which will wipe your phone completely. Or you can leave it encrypted.
Yes, remove google/mi account and remove pin/password before flash.
Siddk007 said:
If you want to disable it, you will have to format your data which will wipe your phone completely. Or you can leave it encrypted..
Click to expand...
Click to collapse
Don't see any reason to disable it then if it's possible to change a ROM keeping that setting.
Will try run the process today-tomorrow
So, I did it spending tons of time.
Unfortunately Google Play app is still not visible in GooglePlay store, probably because of unlocked bootloader.
The tons of instructions I didn't find any detailed but simple enough. Here are some easy steps:
1. Make sure you got all suitable software and drivers installed. This needed to run terminal `fastboot` command, what is a part of google `developer_tools` package. In my case I had it before. To check, does it exist or not you can just run `adb -devices` in terminal and it shoul show you the list of android device connected by USB
2. Create a local backup using MIUI Back up and restore menu in settings. Same created backup folder on you PC
3. Remove all locks/fingerprints
4. Logout from Google account. I couldn't logout from Mi account, but that didn't affect somehow
5. Start flashing:
5.1. download Orange Fox and extract. We need only .img file from the archive
5.2. run `fastboot flash reboot` to allow device start in boot mode
5.2. run `flash recovery <path to recovery.img from Orange Fox>`
5.3. after completed, hold Volume - and power button until MI logo appear
5.4. copy Orange Fox zip archive to device internal storage, run the installation and reboot
5.5. crete a backup in Orange Fox
5.5. while in Orange Fox bootloader copy ROM zip archive to internal storage. Wipe the data: data, cache, dalvik. Wipe system and vendor if only you are sure what are you doing. I wiped because it's needed for "clean" install in my case. DONT reboot after.
5.6. Run ROM installation. After completed and you are still loaded automatically to Orange Fox, this means you need to format data partition. Select Menu > Partitions > Data in Orange Fox. Reboot. MIUI setup will start

Question PIXEL 5a Stable Build Available

If you haven't already, you should be receiving a notification that the Stable Android 12 or "S" Build is lurking in the shadows of your Pixel 5a handset. If you're currently on the (only) beta version we received OTA, your update won't inconvenience you for too long, as it weighs in at <4 mb, all in.
Safe Journey's...evnStevn
The factory images are up on Google's developer site, and when I tickled the system update found the 12 upgrade. I'm downloading the factory image now (for rooting with Magisk) then will upgrade to 12. Then more to learn...
CarinaPDX said:
The factory images are up on Google's developer site, and when I tickled the system update found the 12 upgrade. I'm downloading the factory image now (for rooting with Magisk) then will upgrade to 12. Then more to learn...
Click to expand...
Click to collapse
Right-On, I'm not ready for that, the Big League's (yet) as I'm still down here playing T-ball !
CarinaPDX said:
The factory images are up on Google's developer site, and when I tickled the system update found the 12 upgrade. I'm downloading the factory image now (for rooting with Magisk) then will upgrade to 12. Then more to learn...
Click to expand...
Click to collapse
Attempted the upgrade last night, seems there's some new things required if you want to flash the modified boot image and successfully boot. I believe you need to wipe the data partition and also pass along a few flags during install. However, temp root is an option if you want to avoid that for now (I did) by simply booting the image in fastboot vs flashing it. Just FYI!
Edit. Sounds like SafetyNet won't pass yet if you do end up going the permanent route? I could be wrong but I believe that's what's I've read. I just checked on mine and the temporary boot image does seem to so that's good.
If you read this thread you will see how to do it, as done on beta releases. https://forum.xda-developers.com/t/guide-flash-magisk-on-android-12.4242959/ It is possible to achieve permanent root on 12 without wiping the personal data but it is a delicate dance. I have not tried it yet but as I understand it the process is to unroot 11 and at least remove Magisk modules, take the 12 update, boot into bootloader and use fastboot to remove boot verification and replace vbmeta.img, then flash patched boot.img, reboot and reinstall magisk. It seems there is a problem with just flashing the new factory image with the wipe option (-w) removed. Instead of fastboot flashing the patched boot.img it is also possible to directly patch the boot.img from Magisk while temporarily booted from the patched boot.img (via fastboot), again after removing the verification checks. It may be critical as to when the 5a is rebooted or not; it needs to have a normal reboot after the OTA upgrade in order to complete the upgrade, then boot to bootloader for fastboot operations. I am going to go back and make instructions for myself before proceeding, and will do a Titanium backup before doing anything else.
Edit: it appears that some have achieved permanent root and still passed the SafetyNet check. IIRC it was done through the OTA upgrade path but I need to check that. If you are willing to wipe your data then just installing the factory image and then doing the fastboot commands it might work but that is not clear. Too many attempts at root and SafetyNet failed while flailing so hard to know right now if there are good alternatives to OTA.
CarinaPDX said:
If you read this thread you will see how to do it, as done on beta releases. https://forum.xda-developers.com/t/guide-flash-magisk-on-android-12.4242959/ It is possible to achieve permanent root on 12 without wiping the personal data but it is a delicate dance. I have not tried it yet but as I understand it the process is to unroot 11 and at least remove Magisk modules, take the 12 update, boot into bootloader and use fastboot to remove boot verification and replace vbmeta.img, then flash patched boot.img, reboot and reinstall magisk. It seems there is a problem with just flashing the new factory image with the wipe option (-w) removed. Instead of fastboot flashing the patched boot.img it is also possible to directly patch the boot.img from Magisk while temporarily booted from the patched boot.img (via fastboot), again after removing the verification checks. It may be critical as to when the 5a is rebooted or not; it needs to have a normal reboot after the OTA upgrade in order to complete the upgrade, then boot to bootloader for fastboot operations. I am going to go back and make instructions for myself before proceeding, and will do a Titanium backup before doing anything else.
Edit: it appears that some have achieved permanent root and still passed the SafetyNet check. IIRC it was done through the OTA upgrade path but I need to check that. If you are willing to wipe your data then just installing the factory image and then doing the fastboot commands it might work but that is not clear. Too many attempts at root and SafetyNet failed while flailing so hard to know right now if there are good alternatives to OTA.
Click to expand...
Click to collapse
Thanks for the link. I downloaded the full Android 12 image, installed it, disabled verity and wiped my data via fastboot, then flashed the magisk-patched boot. Worked like a charm and safetynet passed after hiding Magisk and installing Riru and the universal-safetynet-fix.
michaelc5047 said:
Thanks for the link. I downloaded the full Android 12 image, installed it, disabled verity and wiped my data via fastboot, then flashed the magisk-patched boot. Worked like a charm and safetynet passed after hiding Magisk and installing Riru and the universal-safetynet-fix.
Click to expand...
Click to collapse
I am hoping to avoid wiping data by taking the OTA and then rooting - I just need to find the time to backup and write down the process first. I knew that the update could be done directly with the factory image, then rooted, but that requires the data wipe. If I encounter a problem that is the fallback approach - then restore data with Titanium.
I don't mind wiping data once. But if I have to wipe data for each update just to root, I'll stay on 11 for now until there's a better way to root
Exactly.... I'll wait for a better way to upgrade and keep my root on 12
You don't "keep your root" on 11 updates; you unroot, take the OTA, then root again with a newly patched boot.img. And the data isn't wiped when moving to 12 if done through the OTA, just like 11 updates. If flashing a factory image the data is always wiped. What is different with 12 is that there is a verification of the boot.img and this has to be turned off (because the boot.img is patched), with a single fastboot command. It does appear to be sensitive to some details, so best to have a detailed procedure written down before starting the process. But those that have done it do not report a long or difficult process - just a finicky one.
CarinaPDX said:
You don't "keep your root" on 11 updates; you unroot, take the OTA, then root again with a newly patched boot.img. And the data isn't wiped when moving to 12 if done through the OTA, just like 11 updates. If flashing a factory image the data is always wiped. What is different with 12 is that there is a verification of the boot.img and this has to be turned off (because the boot.img is patched), with a single fastboot command. It does appear to be sensitive to some details, so best to have a detailed procedure written down before starting the process. But those that have done it do not report a long or difficult process - just a finicky one.
Click to expand...
Click to collapse
Ok ...have you done it yet?....can you tell me your process or elaborate more to my understanding
CarinaPDX said:
You don't "keep your root" on 11 updates; you unroot, take the OTA, then root again with a newly patched boot.img. And the data isn't wiped when moving to 12 if done through the OTA, just like 11 updates. If flashing a factory image the data is always wiped. What is different with 12 is that there is a verification of the boot.img and this has to be turned off (because the boot.img is patched), with a single fastboot command. It does appear to be sensitive to some details, so best to have a detailed procedure written down before starting the process. But those that have done it do not report a long or difficult process - just a finicky one.
Click to expand...
Click to collapse
I want to upgrade ota....but what do i have to do to achieve root without loosing files, setup, etc
No, I have not done it yet - oddly enough I have other things needing doing. The information needed to do it is in this thread: https://forum.xda-developers.com/t/guide-flash-magisk-on-android-12.4242959/ Unfortunately since it started during the 12 beta program, and there was a lot of trial and error, it is necessary to work through the long thread and sort out the process - which appears to be fairly simple (if inflexible).
When updating or upgrading there are always two paths to take: 1) take the OTA that is offered (after unrooting), or 2) flashing the full factory image. Generally speaking, OTAs are designed to keep the user data untouched [edit: not untouched but just converted where needed for the new system] and the factory image is intended to put the phone to factory condition (i.e. no user data present - starts from scratch). Updates (i.e. not upgrades between Android major versions) over-the-air (OTA) are replacing blocks of the stored image, which is very efficient, but requires a pristine stored image (hence the need to unroot to pass the check). Upgrades (new Android versions) seem to download the entire image, IIUC, and then clean up any data (like config files) that are not compatible with the new system. Sometimes the result has been less than perfect, although it is mostly reliable. Ultimately a factory image is the guarantee of getting a known good system, which can then be set up to the user's taste. Backing up user data (e.g. with Titanium Backup) and restoring can make this easier but again, config files from the previous system if restored on the new system can cause problems. Some people prefer to flash the factory image and reinstall the apps as new to get the highest confidence in the result. Most of us just take the OTA and trust the process, prepared to wipe config files or even flash the full factory image if there is a problem. Your choice.
After I write a procedure for myself, and successfully upgrade, I will post it.
So those of us that never rooted can just skip the unroot process and do the rest I assume?
CarinaPDX said:
No, I have not done it yet - oddly enough I have other things needing doing. The information needed to do it is in this thread: https://forum.xda-developers.com/t/guide-flash-magisk-on-android-12.4242959/ Unfortunately since it started during the 12 beta program, and there was a lot of trial and error, it is necessary to work through the long thread and sort out the process - which appears to be fairly simple (if inflexible).
When updating or upgrading there are always two paths to take: 1) take the OTA that is offered (after unrooting), or 2) flashing the full factory image. Generally speaking, OTAs are designed to keep the user data untouched [edit: not untouched but just converted where needed for the new system] and the factory image is intended to put the phone to factory condition (i.e. no user data present - starts from scratch). Updates (i.e. not upgrades between Android major versions) over-the-air (OTA) are replacing blocks of the stored image, which is very efficient, but requires a pristine stored image (hence the need to unroot to pass the check). Upgrades (new Android versions) seem to download the entire image, IIUC, and then clean up any data (like config files) that are not compatible with the new system. Sometimes the result has been less than perfect, although it is mostly reliable. Ultimately a factory image is the guarantee of getting a known good system, which can then be set up to the user's taste. Backing up user data (e.g. with Titanium Backup) and restoring can make this easier but again, config files from the previous system if restored on the new system can cause problems. Some people prefer to flash the factory image and reinstall the apps as new to get the highest confidence in the result. Most of us just take the OTA and trust the process, prepared to wipe config files or even flash the full factory image if there is a problem. Your choice.
After I write a procedure for myself, and successfully upgrade, I will post it.
Click to expand...
Click to collapse
Ok cool and thanks....that was awesome info
anubis2k3 said:
So those of us that never rooted can just skip the unroot process and do the rest I assume?
Click to expand...
Click to collapse
That is the case. It seems that some with 12 beta got tripped up by not getting unrooting/removing Magisk and/or its modules right so that is one less thing to worry about. If you have never rooted then the OTA should work as expected. Rooting can be done in two ways, either by achieving a temporary root and using magisk to directly patch the boot.img, or by patching the boot.img and flashing it, right after removing verification and flashing the new vbmeta.img (in both cases). Of course you first have to unlock the bootloader and enable USB debug, install the Android tools on your computer (minimum version: you only need ADB and fastboot), and connect your computer to the phone with a USB cable. Again, refer to that thread or wait until I can write something up.
CarinaPDX said:
That is the case. It seems that some with 12 beta got tripped up by not getting unrooting/removing Magisk and/or its modules right so that is one less thing to worry about. If you have never rooted then the OTA should work as expected. Rooting can be done in two ways, either by achieving a temporary root and using magisk to directly patch the boot.img, or by patching the boot.img and flashing it, right after removing verification and flashing the new vbmeta.img (in both cases). Of course you first have to unlock the bootloader and enable USB debug, install the Android tools on your computer (minimum version: you only need ADB and fastboot), and connect your computer to the phone with a USB cable. Again, refer to that thread or wait until I can write something up.
Click to expand...
Click to collapse
How do one remove verification?
I haven't been able to permanently root android 12 without wiping my data. I'm not talking about upgrading from 11 to 12. I'm talking about after installing 12, I still have my data. Any attempt to permanently root 12 causes errors unless I wipe my data. This was detailed quite a bit in the link you posted. Have you tried permanently rooting 12 and keeping your data?
As I said before, I have not had time to try the upgrade. Also, that thread has multiple conflicting posts which is why I know it will take time to go through and parse out what works and what doesn't. There are posts IIRC where root was achieved with data retained - but exactly how that was accomplished is not clear (or even if that really did happen). Since we have not had our phones for long there shouldn't be too much in data to lose, and there is always Titanium, so I will give it a go when I have time.
One of the things that I would like cleared up is if the way to 12 and root is to stop the OTA upgrade process at some point and remove verification and/or root before continuing, or possibly root fails because it is attempted before the upgrade is complete. IIRC the OTA has at least one reboot involved, with some processing after the reboot (probably fixing the data to be 12-compatible). Clearly if the upgrade can be done while retaining data and then successfully rooted then it must be done in a precise way; the lack of precise explanations of successful roots is very disappointing.
Edit: If it does turn out that data must be wiped every time 12 is rooted then that means backing up and restoring will be needed for each update, as well as unroot/root, and possibly removing verification each time. That would be a huge PITA. Let's hope that isn't so.
BlvckSensei816 said:
How do one remove verification?
Click to expand...
Click to collapse
It is explained in the thread I linked. But at this point unless you are willing to wade through 14 [make that 16 and counting...] pages of posts it is better to wait until someone posts a good procedure. Anyone not familiar with flashing is liable to get into trouble and needing a factory flash. However good 12 is, it is not so good that we can't wait a bit.

Categories

Resources