Hi everyone,
I have a Sony Z3 compact I just received, model D5803 running Android 6.0.1 with Firmware 23.5.A.0.575.
I really dislike Google and want to run a phone with the minimum of proprietary software (I guess blobs to communicate with the hardware are mandatory). I guess AOSP (any version, but a recent one would be better ) with F-Droid is a good solution.
Unfortunately when checking the sony website but it tells my the bootloader is not unlockable. What should I do? I'm running Ubuntu and have adb and fastboot installed.
I found [this topic](https://forum.xda-developers.com/z3-compact/general/recovery-root-mm-575-lb-t3418714) which tells it roots the phone (and has a GNU/Linux script) but how does that help me to install a Rom, for example the AOSP provided by Sony at /open-devices/list-of-devices-and-resources/ if the bootloader is still locked? What are TWRP and busybox, is that supposed to help?
Flaburgan said:
I found [this topic](https://forum.xda-developers.com/z3-compact/general/recovery-root-mm-575-lb-t3418714) which tells it roots the phone (and has a GNU/Linux script) but how does that help me to install a Rom, for example the AOSP provided by Sony at /open-devices/list-of-devices-and-resources/ if the bootloader is still locked? What are TWRP and busybox, is that supposed to help?
Click to expand...
Click to collapse
TWRP is a custom recovery that allows you to flash a ROM and other files, that are stored on the normal internal or external storage.
Busybox is a binary that gives you command line tools that are often included in a Linux install and some of which aren't included on normal Android. These are commands that other things may make use of, or that you can make use of at a terminal app or run from Tasker or similar app.
You want to look at backing up your TA partition, which stores your DRM keys, before unlocking the bootloader to install a custom ROM because some functionality, camera quality and anti-distortion, sound quality, and some other stuff which I don't remember, won't work if you go back to the stock ROM unless you have these keys backed up and then restored later. You need to unlock the bootloader in order to flash a custom ROM and doing this erases, permanently, these DRM keys, so they need to be backed up and then put back later if you relock the bootloader and flash a stock ROM.
If you look in the Original Development section, Jaguar Aries ROM has no Google Apps, had the latest patches up to Febuary, and had the best battery life of any custom ROM I've seen for this phone, right on par with stock. There are some builds of Lineage OS that are probably closer to being up to date as well and may have a better camera than Jaguar. The developer of Jaguar has moved on to another phone. That said, if you aren't experienced and don't know what TWRP is, then installing it is an extra step from other ROMs as well since it requires you to setup a firewall app to permit connections on data or wifi before you can use the wifi or data at all. I doubt Lineage OS has this, but presume that battery life would not be good.
Also, if you install microg apps, you can still use things such as cell and wifi based location, google push services, and ... I don't remember what else, however it hasn't been updated recently and many apps will complain and refuse to run saying that you need to update google play services, especially annoying for anything that uses push especially. Microg essentially sits in the place of where some functionality of Google Apps would and fills in some blanks.
When you don't have Google Apps installed, many paid apps will refuse to run as well, specifically the ones you paid for, because they can't verify the purchase with Google servers. There should be a **** list for any developers that don't cooperate when this is a problem for a user. I've only had one app developer help me on this, ever.
Thanks for your detailed answer!
You need to unlock the bootloader in order to flash a custom ROM and doing this erases, permanently, these DRM keys, so they need to be backed up and then put back later if you relock the bootloader and flash a stock ROM.
Click to expand...
Click to collapse
Does that mean that I can't use the DRM keys with another ROM? So I will never have the full quality of my hardware? Would using the AOSP rom provided by Sony solve that problem?
On which version of Android Jaguar Aries ROM is based? I searched for a lineageOS image but didn't find any for the Z3 Compact.
I had another z3c which died and was running Firefox OS, I'm fine with not having access to the Google Play store, I plan to install F-Droid and use only FOSS apps. In fact I would even prefer to go back to Firefox OS even if it is not maintained anymore, its UX is so much better than Android... That said, thanks for telling me about Microg, I didn't know it and that's true that many apps use Play services especially for push. Even Signal had that as a dependency (fortunately not anymore). Still, I would avoid any data coming out from my phone to by sent to Google servers, so I will probably avoid it.
Flaburgan said:
Thanks for your detailed answer!
Does that mean that I can't use the DRM keys with another ROM? So I will never have the full quality of my hardware? Would using the AOSP rom provided by Sony solve that problem?
On which version of Android Jaguar Aries ROM is based? I searched for a lineageOS image but didn't find any for the Z3 Compact.
I had another z3c which died and was running Firefox OS, I'm fine with not having access to the Google Play store, I plan to install F-Droid and use only FOSS apps. In fact I would even prefer to go back to Firefox OS even if it is not maintained anymore, its UX is so much better than Android... That said, thanks for telling me about Microg, I didn't know it and that's true that many apps use Play services especially for push. Even Signal had that as a dependency (fortunately not anymore). Still, I would avoid any data coming out from my phone to by sent to Google servers, so I will probably avoid it.
Click to expand...
Click to collapse
When you unlock the bootloader the DRM keys get erased permanently, so you'd need to root the phone and back up the partition where they are held before unlocking it. As far as I know, every custom ROM needs to have the bootloader unlocked. If there is an alternative way to install a ROM on a locked bootloader then it would be one of those scenarios where its installed while keeping the stock one, and I don't know if this has been done on the Z3c or not.
I also don't know if Sony's AOSP requires unlocking the bootloader or not.
Jaguar is based on 5.1.1
Its a mix of AOSP, Lineage, and was getting monthly backports of the latest security patches until Febuary when the developer no longer had a Z series phone for his own use. The only criticism it met was that the developer never released the source code for the entire ROM, just the kernel. He never replied to why that was. A lot of the custom ROMs out there are like this, so its still a case of who you choose to trust when it comes to this a lot of times. I liked it because the battery life was really good and assuming the security was what was advertised then that was also a real plus.
Many apps, by the way, were working fine with microg push but then with updates to apps, they complained about needing to update google services framework, which obviously was spoofed and microg hasn't been updated, and it happened to a lot of apps in a short period of time, so I assume there was a change enforced by Google for their requirements in the Play Store. If you just want it for location, for example if you use Osmand maps, then you don't have to enable the feature for push notifications nor have a google account associated with the phone, and it all works as user installed apps, so it can be undone without any real fear of the system getting modified after you try it out. There's a microg repo that can be added to fdroid. The location is based on either databases you download to the phone, which aren't very good, or also you can opt for cell location from Mozilla servers, and if you have to have wifi based location as well then you can hook into the Apple servers but the latter doesn't sound like something you want, if you want to do any of it at all that is.
I think most likely that GPS location would work without any need for microg.
The post you linked to with the Linux script installs TWRP to the /data partition, then you root it, then you back up the DRM keys after its rooted, then unlock the bootloader, install normal TWRP, and go from there. In Linux you'lle want to use the dd command to back up the DRM keys as all that's available on the forum is a Windows script (I think). There is info on it somewhere but it would be hard to find it. If you search my posts the thread will come up somewhere in the history. Anyway, the reason I broght this up is because the script in the thread for installing TWRP and rooting didn't work properly. I don't remember why, but I had to go through it line by line and enter the commands in from a termnial to get it right, I think there was some bad syntax. If you can't figure it out, quote one of my posts and ask, that way I get a notification that I was replied to, I think I have a fixed version of it on my drive somewhere if it causes a problem.
For the DRM keys you want to backup the TA partition bit for bit to a file. I backed up my Fota partition as well as I was unclear what role it plays. You also want to keep a copy of that particular Sony ROM file, and the two kernels involved, to flash with Flashtool in case you relock and restore so you can get root access to restore the partition while the bootloader is locked again.
May I ask why are you going FOSS only? if that's because privacy concerns, then FF OS is not the best solution... Because any Cloud-based OS is a little bit creepy, doesn't matter if it's ChromeOS from Google, or FirefoxOS from Mozilla.
There are plenty of Linux distros dedicated to run on Android phones, but it's not the best UX.
And yes, you can enjoy clean AOSP install (LOS is fine) without flashing G-Apps. But you won't have Google play at all! F-Droid is fine but you won't find there Gmail alternatives, you can't find Gmail even on Amazon AppStore... Sadly if you install Gmail then you'll find out that it installed bunch of google apps and hidden services behind the scenes... So only option is to use Gmail web app.
But then again, F-Droid is fine, there are many FOSS alternatives to youtube and other apps.
And if privacy (and security) is your concern, use LOS privacy guard / Android's builtin Permission Manager, and on Rooted ROMs you can use AFwall firewall which is the best.
Good luck
GadgetAvi said:
Because any Cloud-based OS is a little bit creepy, doesn't matter if it's ChromeOS from Google, or FirefoxOS from Mozilla.
Click to expand...
Click to collapse
Firefox OS is not a Cloud-based OS at all. It runs perfectly without internet connection.
GadgetAvi said:
F-Droid is fine but you won't find there Gmail alternatives, you can't find Gmail even on Amazon AppStore...
Click to expand...
Click to collapse
Be sure that if I don't want Google on my phone, my e-mails are already **not** on GMail...
Ok, if so, then you'll be fine with any AOSP clean rom. LOS is great, and F-Droid as well. Cheers!
PantsDownJedi said:
The post you linked to with the Linux script installs TWRP to the /data partition, then you root it, then you back up the DRM keys after its rooted, then unlock the bootloader, install normal TWRP, and go from there. In Linux you'lle want to use the dd command to back up the DRM keys as all that's available on the forum is a Windows script (I think).
Click to expand...
Click to collapse
I ran the commands and the phone is now booted on TWRP from the /data partition. I did a backup with TWRP of all proposed options (Boot, TrimArea, Recovery, System, Cache and Data). Is that "TrimArea" enough to have a backup of the DRM keys? The other topic talks about Backup-TA but looking at their github https://github.com/DevShaft/Backup-TA/releases it looks very old and unmaintained.
The current TWRP I'm running is 3.1.0-0.
Also, it looks like I'm not root (at least, su is not available). Do I have to install SuperSu by giving this zip https://download.chainfire.eu/696/supersu/ to TWRP?
Flaburgan said:
I ran the commands and the phone is now booted on TWRP from the /data partition. I did a backup with TWRP of all proposed options (Boot, TrimArea, Recovery, System, Cache and Data). Is that "TrimArea" enough to have a backup of the DRM keys? The other topic talks about Backup-TA but looking at their github https://github.com/DevShaft/Backup-TA/releases it looks very old and unmaintained.
The current TWRP I'm running is 3.1.0-0.
Click to expand...
Click to collapse
I don't know. I haven't looked at a TWRP backup to see what format it is. Back when Clockwork Mod was all that was available, it merely made a tar.gz of partitions. Ideally you want a bit for bit image of the TA partitions to make sure it was exactly what it was when you restore it. I don't know if that's necisarry, or if TWRP does this anyway, but using the dd command is still prudent.
You want to either use a terminal emulator app or run 'adb shell' at a linux terminal (much easier), run 'su' once in the phone environment, allow it at the phone supersu app popup, and then do it like this.
https://forum.xda-developers.com/showpost.php?p=61307511&postcount=6
And store a copy of the image file where it won't get lost.
Edit: Sorry, I didn't see the other post. Yes, you need to flash that supersu zip file. When you try to access root from an app or the command line, it will have a popup on the phone screen asking you if you want to allow access or not, so when you run it from a terminal, 'adb shell' to get into the phone OS, there will be a popup for allowing that often times. Then 'su' there's a popup from the supersu app you just flashed. Then 'cd' to the sdcard or external sd. Then the 'dd' command. The dd command in what I linked to is inevitbaly what all those .bat files in the Windows TA Backup thing does after it does a bit of looking around to find the TA partition for a particular phone model.
The md5sum part of what I linked to compares the partitionn itself to the image file you just wrote, you just look at it to see that there are two of them (that it didn't fail) and that they are the same.
The last part pulls the image file to the hard drive, but there are other ways to accomplish this obviously. If you have a cloud storage you can upload it there, or send it as an email attahment, put it on the external sd, etc etc.
Also, in many cases, once you unlock the bootloader to flash something else, you'lle need to install TWRP again from the command line, pushing it straight to a phone partition. You'lle need help with this if you haven't done it before.
Related
minusculeShield 1.0
So after some time, I decided that the 4.3 update is worth doing slight modifications, even without the native Shield Services and PC Streaming able to be done remotely. I have gotten used to using Limelight anyways, so I decided to update my basic modified stock Shield ROM
First, I updated to the latest OTA 68, then went from there, the features are as follows:
- Two versions of the ROM, one with OTA and one without
- Includes a alternative Calculator (RealCalc), Zeam Launcher, Adblock, Xposed Framework (Along with an Xposed Module for adding a Play Store link to App info, and GravityBox for various system tweaks), MX Player, and ES File Explorer
- All but the most essential "system" apps are removed
- All "Gapps" are using Slimroms 4.3 Minimal Gapps
- Koush's Superuser/Superuser Binaries pre-installed
Same installation process as 0.5, excluding need to select Advanced Restore, you can restore like a normal Nandroid without specifying partitions
As always, make sure you wipe System, Data, Cache, and Dalvik before installing
If you have problems with the OTA-exempt version trying to OTA, if it prompts you, it will do it once, and once you "apply" the update (which it will never actually apply) the notification will go away
minusculeShield 0.5[Nandroid-Backup]
So, this is not really a ROM, but a Nandroid backup of my system without any partition but "/system."
This is almost as stripped down as the stock Shield ROM you can get. I have removed all but literally the most essential apps, and also removed the OTA functionality.
The idea for making this was that I couldn't stream remotely anymore since OTA 63, which I promptly set out to fix. I soon realized it was a problem with the Android side of things, as using it on 4.1.2 or 4.2.2 with their respective apps for that release seemed to work fine. OTA 63 (and 64, which is basically the same release, just for those who couldn't install 63) made the local streaming much less productive, as I immediately noticed lagspikes and a load of other problems, which I had never encountered before.
So, in a basic sense, this backup after installed, keeps the ability to stream remotely without troubles of performance or re-connection problems, uses a much more lightweight version of Gapps (Slimrom's version to be exact). It is based on agrabren's TweakerROM 1.1.0, which is a 4.2.2 base, and uses the original TegraZone Dashboard. It again removes OTA, so updating is not an option.
So, when you do install this backup, your internal "/sdcard" storage should no longer need the "nvidia" and "shield" folder, and you can delete those. They will most likely be recreated by some Shield services.
So on to installing and basic rundown in-case you past the above message and just want a bulleted list:
Installation:
Assumes the following:
1. Unlocked Bootloader
2. CWM installed
Installation procedure:
1. Download attached ZIP, extract to your internal SD card ("/sdcard") using the folder structure of "/sdcard/clockworkmod/backup/<extract contents of ZIP here>"
2. Boot into CWM and select backup and restore
3. Choose advanced restore
4. Choose minisculeShield, then "system"
5. Factory reset, wipe cache, data, and dalvik
6. Reboot and enjoy
Information on changes to original 4.2.2 ROM and other info:
- Removes OTA system
- Improves performance of streaming using original Dashboard, Shield Services, and Shield PC Streaming applications
- All but the most essential "system" apps are removed
- All "Gapps" are using Slimroms 4.2.2 Build 8 version
- Koush's Superuser/Superuser Binaries pre-installed
Download:
Version 0.5
Version 1.0 (OTA Enabled)
Version 1.0 (OTA Removed)
This is great. Will give this a shot today or tomorrow. Thanks!
themichael said:
This is great. Will give this a shot today or tomorrow. Thanks!
Click to expand...
Click to collapse
I'm glad, I thought people would be trampling each other to get a hold of some sort of fix to the remote streaming issue. I guess not. I know I was SUPER disappointed by the latest update for that exact reason.
Let me know if you have any problems, questions, or concerns. I am very new here, but I have been working with Android for almost as long as it came into existence. I started with Android 2.1, so I have learned a lot. I'm also a Unix (mainly the Linux variety) guy, so that goes hand in hand with Android.
I still get notification prompts for ota.
themichael said:
I still get notification prompts for ota.
Click to expand...
Click to collapse
This prompt is a one-time thing, if you attempt the install it will fail and never prompt again. I attribute this to a probably data not being cleared for the actual OTA I removed before doing the Nandroid, but I assure you, I have never gotten it again, and never had to install it past that. Basically, if you attempt the install, it will not restart, but rather just disappear, and even upon restart will just boot normally. Let me know if you've tried that what happens, as I still am using this Nandroid, and since I did indeed attempt (and fail) installing that OTA, it has never prompted again, and stayed where it was during Nandroid in terms of system apps and such
jarjarfinks said:
This prompt is a one-time thing, if you attempt the install it will fail and never prompt again. I attribute this to a probably data not being cleared for the actual OTA I removed before doing the Nandroid, but I assure you, I have never gotten it again, and never had to install it past that. Basically, if you attempt the install, it will not restart, but rather just disappear, and even upon restart will just boot normally. Let me know if you've tried that what happens, as I still am using this Nandroid, and since I did indeed attempt (and fail) installing that OTA, it has never prompted again, and stayed where it was during Nandroid in terms of system apps and such
Click to expand...
Click to collapse
Seemed to work. I'll let you know if anything changes.
same here , ive been on the evo 3d for a long time and learned alot , ill keep you posted as much as i can
milk070 said:
same here , ive been on the evo 3d for a long time and learned alot , ill keep you posted as much as i can
Click to expand...
Click to collapse
Is it me, or does the new GFE render the PC running it as "Busy" regardless of the version of the Android side? It was working prior to the GFE update 1.7.1.0, I just had to use the version of the PC Streaming, Dashboard, and Nvidia Shield Services apps in this Nandroid. It seems Nvidia has found a way to render it "Busy" the same problem I had before, no matter what ROM you use
Please test, and let me know, as I will have to find another way
First of all i highly recommend you update your phone to latest version of Flyme as of day i write this guide newest stable version is 7.0.0.0G. It brings various bug fixes as well as security update and new functions. It fixed the weather problem too when it would not appear on secondary screen. This is my experience based on the standard model with Helio P25 chip.
JUST IN CASE BACKUP ALL OF YOUR DATA FIRST
Grab it at http://www.flymeos.com/firmwarelist?modelId=88&type=1
Installation is pretty straightforward:
-switch off your phone
-now press volume up button and power button at same time, then release power button when meizu logo appears
-phone now will enter update mode, connect it to pc and it should show up as removable drive named recovery, copy the update.zip over it
-once copied tap the start button to begin. the process itself and first boot will take a while
-when done and phone boots up just log in to your accounts and set up everything as normal or whatever
ta-dah ! you should be running latest software now.
Next problem i've encountered was big number of unwanted apps and you will need working ADB for that. I've always used custom roms which did not contain bloatware. Now im giving you one of the way of disabling them (not permanent removal).
For this to be done you need to activate developer mode and usb debugging, simply go to settings->about phone->and now tap on your build number several times
After you activate it it will be available in accessibility options under developer settings. just check the usb debugging and you're good to go
DISCLAIMER: dont ask me about adb drivers for your phone, since i had issues installing them under win 10 x64 build 1803 i thought "aw f*ck it" and just did it on linux where everything worked out of the box.
The application you will need is called Ice Box (you will find it here https://play.google.com/store/apps/details?id=com.catchingnow.icebox&hl=en_US) and install it.
After you install the app its necessary that you remove ALL of your accounts including your Google account. We will need to grant the app device owner permission. Also if multi-user or guest mode has been set on your device, it need to be closed or deleted.
When you have that done just type in your command line , terminal or whatever "adb shell dpm set-device-owner com.catchingnow.icebox/.receiver.DPMReceiver "
Now reboot and add your accounts back, and disable/freeze uwanted apps.
Last - the night mode. As its no longer availble in Flyme 7 if you want to use it you need to manually bring it back by installing Flyme Lab and enabling it trough quickshortcutmanager. Install both apps, then open quickshortcutmanager and search for Flyme Lab. expand it and choose the activity named com.meizu.flymelab/com.meizu.flymelab.component.nightmode.NightModeSettingsActivity .Create shortcut and open it. You should be able to enter the night mode.
Nice guides, thanks.
It's also nice that Flyme 7 still supports rooting, therefore I'm using Titanium Backup to freeze unwanted apps. I bought it when I was using another phone so, for me, it's still worth it. Altough, for uninstalling system apps I'm using separate ADB commands for each app.
cris2d2 said:
Nice guides, thanks.
It's also nice that Flyme 7 still supports rooting, therefore I'm using Titanium Backup to freeze unwanted apps. I bought it when I was using another phone so, for me, it's still worth it. Altough, for uninstalling system apps I'm using separate ADB commands for each app.
Click to expand...
Click to collapse
Its first time for me writing a guide so good word is always appreciated. What im trying to show here is the no root way of getting rid of apps for ppl like me who dont want to root their phone. As i bought it literally two days ago and i dont want to mess with it too much and loose warranty or/and OTA updates.
I also been considering posting a root guide once i tried it myself to confirm it working.
non.verbal said:
Its first time for me writing a guide so good word is always appreciated. What im trying to show here is the no root way of getting rid of apps for ppl like me who dont want to root their phone. As i bought it literally two days ago and i dont want to mess with it too much and loose warranty or/and OTA updates.
I also been considering posting a root guide once i tried it myself to confirm it working.
Click to expand...
Click to collapse
Well, before I discovered a rooting method for Flyme 7, I used to uninstall apps by using ADB commands. So, yes, it is possible to remove unwanted system apps without root. But now, after rooting Flyme 7, I'm only using Titanium Backup to freeze unwanted system apps, not removing them.
As far as I know, rooting Meizu phones by the official method (from Settings) does not lead to losing warranty. Only OTA updates are lost, but this is not important, at least to me, because I can always check Flyme website for new updates and, if I want to update, I just download the file and flash it through standard Flyme recovery. There is no need, for me, to maintain OTA capability. Anyhow, Flyme updates are slow to non-existent, so we can't really complain about losing an update.
Thank you all. I'm happy with this phone at all, but software has few shortcomings and design flaws, in my opinion. Especially related to the integration with "flyme login" and Touchpal. This last one is very annoying because although I try to stop it, at each software update it comes back, more annoying than ever. So, I have some questions: which is the adb command to stop and freeze bloatware without rooting? Which is the official way to root the phone? Once rooted, is it possible to revert to the unrooted state? Some apps, actually, do not work on rooted phones. Thanks
pask876 said:
Thank you all. I'm happy with this phone at all, but software has few shortcomings and design flaws, in my opinion. Especially related to the integration with "flyme login" and Touchpal. This last one is very annoying because although I try to stop it, at each software update it comes back, more annoying than ever. So, I have some questions: which is the adb command to stop and freeze bloatware without rooting? Which is the official way to root the phone? Once rooted, is it possible to revert to the unrooted state? Some apps, actually, do not work on rooted phones. Thanks
Click to expand...
Click to collapse
I can't freeze (or disable) apps with ADB commands, only uninstall.
You need [email protected], App Inspector or similar (to find exact name of package for an app) and these commands:
adb devices
adb shell
pm uninstall -k --user 0 name_of_package
Example, for gmail:
pm uninstall -k --user 0 com.google.android.gm
Regarding rooting, as far as I know, the only method that works on Pro 7 / Pro 7 Plus is also supported by Meizu (but it breaks OTA updates).
The method is described in this video (in russian) but it's quite easy.
If you want to remove root (or if root breaks functionality) you have to reflash the same ROM from Recovery (without wipe).
Any air update coming soon? Or manually installation single option?
One word ahead: I am a huge fan of Custom Rom (LOS). Nevertheless some feature will be missed (volte) and performance might be not perfect (camera, dolby) due to proprietary firmware.
On the other hand I like to keep away from data collecting companies as google.
Isn't than a rooted and debloated stock image with microG instead of Gapps the best possible option? I did this once for an older Samsung and results was fine. But there is one thing I don't know: How it will act on updates. I don't want to miss security updates.
Any ideas? Or is it a bad idea at all? Curious to your feedback
I will extend this posts. Not only writing a step by step howto, but also explain the ideas behind. Maybe also some steps aside, mistakes I did.
So for the first steps look https://forum.xda-developers.com/t/...est-performance-privacy.4240057/post-84573619
EDIT Mai 1st 2021:
I get for some time a second phone and did some experiments. From what I see new - there is no real need to go the long, long way to root it. Even on a stock RAM you get get back control over your data!
The gapps are less important than I ever thought. If you get curious, just switch over here to get more information:
https://forum.xda-developers.com/t/...est-performance-privacy.4240057/post-84909643
(To avoid misunderstandings: I will not provide a ROM. There are some steps to go with existing stock ROM - as only this gives you full features.)
Isn't than a rooted and debloated stock image with microG instead of Gapps the best possible option?
Click to expand...
Click to collapse
I will assume you are comparing it with the latest LOS available.
Privacy-wise? Not really. Even if you remove GApps from the stock rom, Samsung will still collect data. You can limit that by:
1. Not using Samsung Account/Pay/Pass (as on why, read privacy policy)
2. Removing "com.hiya.star", which collects your location, tho it will break the "Places" feature in the Phone app.
3. Replacing Samsung Keyboard with an open-source alternative or disabling the autocorrect feature as it sends corrected texts to Samsung.
4. Not using Samsung Weather app/widget (as on why, read privacy policy)
After that and using some F-Droid apps I would say you have a pretty decent privacy.
Performace-wise? Absolutely. The battery life is a lot better compared to AOSP ROMs and thats not even taking into account that OneUI has the Ultra Power Saving Mode. The camera is miles ahead too and of course, VoLTE actually works.
How it will act on updates. I don't want to miss security updates.
Click to expand...
Click to collapse
I have tested that. If its just a security update, then it will install flawlessly. If its a feature update, some bloatware and Gapps may reinstall. I haven't experienced any update failing, but that may change in the future.
Any ideas? Or is it a bad idea at all? Curious to your feedback
Click to expand...
Click to collapse
If you really care about privacy, but dont want to miss out on features, then go ahead with debloating and degoogling the stock rom. Just note that some problems with compatibility and some rare random crashes may occur.
Retrecd said:
...
1. Not using Samsung Account/Pay/Pass (as on why, read privacy policy)
2. Removing "com.hiya.star", which collects your location, tho it will break the "Places" feature in the Phone app.
3. Replacing Samsung Keyboard with an open-source alternative or disabling the autocorrect feature as it sends corrected texts to Samsung.
4. Not using Samsung Weather app/widget (as on why, read privacy policy)
After that and using some F-Droid apps I would say you have a pretty decent privacy.
Click to expand...
Click to collapse
Sure, that was the ideas to remove as much of Google/Samsung stuff as possible and also use AFWall to limit data transfer. I am using FDroid already, there are good tools, respecting privacy.
So you went already same approach? There is already a thread about debloating, but I think what I want to do is even behind that. If you like, you can share more details. I would like create some kind of a howto ...
starbright_ said:
Sure, that was the ideas to remove as much of Google/Samsung stuff as possible and also use AFWall to limit data transfer. I am using FDroid already, there are good tools, respecting privacy.
So you went already same approach? There is already a thread about debloating, but I think what I want to do is even behind that. If you like, you can share more details. I would like create some kind of a howto ...
Click to expand...
Click to collapse
Here is an article on using ADB to remove bloatware: https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
Now here is a list of bloatware on the S10, remove it the way showcased in the article: https://forum.xda-developers.com/t/galaxy-s10-s10-debloat-bloatware-removal-list.3912073/
The list is a bit older, but most of the bloatware is still present in the latest version.
The same way you removed the bloatware, you remove the Gapps. Remove the following core Google packages:
Code:
com.google.android.gsf
com.android.vending
com.google.android.gms
If you want to remove more packages that aren't listen in the article install the "App Inspector" from Google Play or any APK site and find out the names of the packages.
Please read and share your ideas. I am sure that we only together can create the best possible solution. Maybe you know othere ways/apps to solve a problem. As of now I share my point of view.
My hope is, that at the end of this to have an "howto" covering as many aspects as required for this.
First thing nevertheless is install TWRP/Magisk, which seems to be more tricky than usual.
While you can debloat your ROM without root, there are imho 3 reasons for doing that:
microG needs be installed as a system-app to have working location service (get your location by GPS or by offline database)
you will have problems to install a firewall and adblocker. There are solution with don't need root (Netguard and Blockada), but both base on a "virtual" VPN connection and you can have only one at a time. So you do have either a Firewall or an AdBlocker, but not both.
The way of create and restore backups are much better with root. I can recommend TWRP itself for a general backup and migrate for apps/settings.
For those like me, coming from unrooted stock fw the recommendation is to
root with Magisk - details here
flash the TWRP - details here
spoofing the signature for usage of microG instead of playservices
install microG and "friends"
debloat stock ROM
migrate data from old to new device
starbright_ said:
First thing nevertheless is install TWRP/Magisk, which seems to be more tricky than usual.
Click to expand...
Click to collapse
Tricky indeed and even more tricky is installing updates. Once you know the procedure it's ok, but it is still a major hassle compared to a stock OTA update.
here
jelbo said:
Tricky indeed and even more tricky is installing updates. Once you know the procedure it's ok, but it is still a major hassle compared to a stock OTA update.
Click to expand...
Click to collapse
Sure, I am aware of that. I just read about it. But there is no other way except you are happy with stock. First time is always a nightmare, but I hope once get used to it.
Retrecd said:
Here is an article on using ADB to remove bloatware: https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
Now here is a list of bloatware on the S10, remove it the way showcased in the article: https://forum.xda-developers.com/t/galaxy-s10-s10-debloat-bloatware-removal-list.3912073/
The list is a bit older, but most of the bloatware is still present in the latest version.
The same way you removed the bloatware, you remove the Gapps. Remove the following core Google packages:
Code:
com.google.android.gsf
com.android.vending
com.google.android.gms
If you want to remove more packages that aren't listen in the article install the "App Inspector" from Google Play or any APK site and find out the names of the packages.
Click to expand...
Click to collapse
How did you managed that switch from Gapps to microG? I assume if you delete Gapps without MicroG installed you will get lot of problems.
How did you manage to spoof Stock Rom? Are you on 11?
Hi all. Very interesting conversation. Has someone successfully used microG on stock rom on a daily usage? In my past experience, using microG without signature spoofing is making a lot of apps not working properly...
lp35 said:
Hi all. Very interesting conversation. Has someone successfully used microG on stock rom on a daily usage? In my past experience, using microG without signature spoofing is making a lot of apps not working properly...
Click to expand...
Click to collapse
I think spoofing is a must have. I just evaluate how this can be done.
With Android 11 it is more difficult. I found that one (but not sure whether signature spoofing works):
https://forum.xda-developers.com/t/module-smali-patcher-7-3.3680053
this one:
https://forum.xda-developers.com/t/signature-spoofing-on-unsuported-android-11-r-roms.4214143/
or via NanoDroidPatcher
https://forum.xda-developers.com/t/...7-microg-pseudo-debloat-f-droid-apps.3584928/
It says:
11.0 / SDK 30 (R)
Patcher does not work from TWRP
Patcher works from Magisk if your ROM's services.jar already contains classes.dex
I checked that and /service/framework/service.jar contains that classes.dex
So I give this a try, downloaded the patcher and started it out of Magisk. Log looks ok so far. It requires reboot.
The problem with enabling Magisk is - you have to boot with "recovery" mode - and not sure, it fails several time (although USB is plugged) or phone reboots again and than Magisk is disabled - while booting into TWRP still works.
So my guess is: This causes some problem.
Step 3) - Spoofing
Have been successful:
I followed that thread:
Signature Spoofing on unsuported Android 11 (R) Roms
How to get Signature Spoofing working on Android 11 (R) Roms that have no support for Signature Spoofing? In my Case here I use a Samsung Galaxy S8 with an unofficial LineageOS 18.1 (Android 11) by stricted I use TWRP recovery but this should...
forum.xda-developers.com
But I just created a spoof_AVDapi30.zip. My thinking just flashing that one for spoofing seems to be wrong. Also flashing both: spoof and microG_AVD....
So what I did was flashing out of Magsik (Module install out of memory) NanoDroid-microG-23.1.2.20210117.zip and followed by spoof_AVDapi30.zip.
Power off. And take care you boot with Power + Vol+ + Bixby + USB Cable pressed until you see the splash-screen.
I really hope stock + MicroG takes off!
It is already. I started debloating - that is another step. See this thread:
Debloating S10e
I am still in testing phase and I would like to see once an FW-update via OTA will happen. Curious what will happen with my system.
starbright_ said:
It is already. I started debloating - that is another step. See this thread:
Debloating S10e
I am still in testing phase and I would like to see once an FW-update via OTA will happen. Curious what will happen with my system.
Click to expand...
Click to collapse
Amazing! Keep us posted!
Debloating is done.
Final step is takeover of my previous installation. I do that with the tool/app migrate. That works rather fine.
I am not using the special sections to export contacts, SMS ...
Contacts will be exported from the app itself and than imported in new device.
Is this dead? Hehe
No it is working. Have you tried that?
I couldn't deinstall com.samsung.android.kgclient and blocking its UID (with awfall) causes some battery drain. Maybe I have to live with not blocking this.
Anyhow, I am wondering whether debloating is required at all. Cutting the connection to Ethernet (to not talk "home") might be enough.
I don't not have enough understanding of what will be better: remove or just block.
A removed app might not spend time on connecting servers again and again, while a missed service can cause trouble if you don't expect that.
Probably it is best to uninstall apps you are really sure there are no dependencies to others and block the others-
starbright_ said:
Step 3) - Spoofing
Have been successful:
I followed that thread:
Signature Spoofing on unsuported Android 11 (R) Roms
How to get Signature Spoofing working on Android 11 (R) Roms that have no support for Signature Spoofing? In my Case here I use a Samsung Galaxy S8 with an unofficial LineageOS 18.1 (Android 11) by stricted I use TWRP recovery but this should...
forum.xda-developers.com
But I just created a spoof_AVDapi30.zip. My thinking just flashing that one for spoofing seems to be wrong. Also flashing both: spoof and microG_AVD....
So what I did was flashing out of Magsik (Module install out of memory) NanoDroid-microG-23.1.2.20210117.zip and followed by spoof_AVDapi30.zip.
Power off. And take care you boot with Power + Vol+ + Bixby + USB Cable pressed until you see the splash-screen.
Click to expand...
Click to collapse
So just install those inside of magisk and reboot? I'll give it a shot.
Dead thread, I see.
steventorres said:
Dead thread, I see.
Click to expand...
Click to collapse
What are you continuously posting about dead thread? Any question or any feedback? Strange. It is is all set and done. What do you expect?
@VenfefulRat:
This wasn't a real question, right. It was stated to do it out of magsik. It would be great to have some feedback.
@All: A forum lives from reading (to gain knowlegde ) and posting (sharing experience, ask questions, give feedback). If someone ask and he gets answer I would expect a feedback or at least a like (as a sign it has been read). Otherwise people stop posting and the only left here are those who ask or feed the troll.
Hey everyone,
after some trial and error, I was able to pass Safety Net.
I just want to mention what I did in the process to get there. May have been a combination of things or just one...
1. I followed this guide, but make sure you notice that It's for the Pixel 5 not 5a. But the process is similar. This process didn't fix the issue. However, it's also a good how-to on how to root. I did also modify the props to the 3a.
How to Root the Pixel 5 & Still Pass SafetyNet — Full Guide for Beginners & Intermediate Users
The Pixel 5 is a great value proposition in this era of $1,500 phones. With its reasonable price tag, fully open-sourced software, and unlockable bootloader, it's also an ideal phone for rooting.
android.gadgethacks.com
2. When that didn't work, I followed this video, and hid all my banking apps besides the Google Play Services:
3. When that didn't work, I installed these both using Magisk from this post:
Magisk General Support / Discussion
This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases. All information, including troubleshoot guides and notes, are in the Announcement Thread
forum.xda-developers.com
4. Cleared my data and cache with Google Play and GPay + any other banking apps.
That worked for me!
EDIT: IF GOOGLE MAPS reports the wrong location, its likely XPrivacy-LUA, Google Services. Uncheck some of them.
Oh man....the only thing holding me back is the safety net thing, and it looks like we have a work around tell someone has an actual method made for this phone. Not sure if I'm ready to actually mess with this yet...but thanks for the post, bro!
anubis2k3 said:
Oh man....the only thing holding me back is the safety net thing, and it looks like we have a work around tell someone has an actual method made for this phone. Not sure if I'm ready to actually mess with this yet...but thanks for the post, bro!
Click to expand...
Click to collapse
Didnt think it was that big of a deal to me. But it was fun with a new phone with nothing on it.
This was the Magisk module that worked to pass safety net for me. I didn't need any others.
Releases · kdrag0n/safetynet-fix
Google SafetyNet attestation workarounds for Magisk - kdrag0n/safetynet-fix
github.com
Google Pay "appears" to be working too. Haven't gone out and tried it yet though.
joemommasfat said:
Google Pay "appears" to be working too. Haven't gone out and tried it yet though.
Click to expand...
Click to collapse
That's the part that I use the most, and the reason I haven't rooted yet. Please let us know if it works. Much appreciated!
I can confirm that using google pay (newer GPay app) on my rooted 5a works at merchants. I've already used it several times over the last week or so with no problems.
Deadmau-five said:
3. When that didn't work, I installed these both using Magisk from this post:
Click to expand...
Click to collapse
Why? Isn't the shim version just for Samsungs? Either way, it's the same mod, just different versions.
Someone who actually knows what they're doing needs to write up a tutorial. Following instructions posted by people who have no idea what they're doing but "it works" for them is dangerous.
borxnx said:
Why? Isn't the shim version just for Samsungs? Either way, it's the same mod, just different versions.
Someone who actually knows what they're doing needs to write up a tutorial. Following instructions posted by people who have no idea what they're doing but "it works" for them is dangerous.
Click to expand...
Click to collapse
You're absolutely correct about the dangers in following instructions posted by who knows who. I'll go further and say when it comes to root and associated items stay away from anything posted on a site other than XDA. In many cases even if the instructions were correct at some point in time they may well be outdated now.
I haven't rooted yet for a few reasons yet but will, hopefully sometime very soon. In the meantime I can state the following:
They're is no need to modify props. Modifying props to identify as a different phone would only be required for custom ROMs that don't handle it themselves (or some non-certified Chinese phones, which doesn't apply here). If you're running stock just leave that portion alone. And, if I'm not mistaken (although not 100% certain) I think safetynet-fix takes care of that for you in any case.
You will definitely need kdragOn/safetynet-fix.
Hopefully that's all you need.
I'm not sure which version of Magisk you'll need. Unless you know what you're doing and how to get out of trouble I recommend staying away from the current alphas, they're extremely cutting edge and you can expect problems.
Best best is to check the following threads and see what's going on:
Actually see this post and the 2 posts immediately following
Magisk General Support / Discussion
This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases. All information, including troubleshoot guides and notes, are in the Announcement Thread
forum.xda-developers.com
That should pretty much cover things for the moment. If nobody else (@hfam ?) has done it by the time I get around to rooting I'll write something up specific for the 5a.
I only mentioned what works for me since there was no step-by-step guide.
Dangerous how? Doing any mods to your phone is "dangerous". I fail to see how this is more so than others. Modifying your phone is risky.
If it didn't work I wouldn't have posted this guide. I only mentioned the steps that I took. It's not really a guide, just how I passed safety net.
But, my 5a has still been working great since then. GPay included.
jcmm11 said:
You're absolutely correct about the dangers in following instructions posted by who knows who. I'll go further and say when it comes to root and associated items stay away from anything posted on a site other than XDA. In many cases even if the instructions were correct at some point in time they may well be outdated now.
I haven't rooted yet for a few reasons yet but will, hopefully sometime very soon. In the meantime I can state the following:
They're is no need to modify props. Modifying props to identify as a different phone would only be required for custom ROMs that don't handle it themselves (or some non-certified Chinese phones, which doesn't apply here). If you're running stock just leave that portion alone. And, if I'm not mistaken (although not 100% certain) I think safetynet-fix takes care of that for you in any case.
You will definitely need kdragOn/safetynet-fix.
Hopefully that's all you need.
I'm not sure which version of Magisk you'll need. Unless you know what you're doing and how to get out of trouble I recommend staying away from the current alphas, they're extremely cutting edge and you can expect problems.
Best best is to check the following threads and see what's going on:
Actually see this post and the 2 posts immediately following
Magisk General Support / Discussion
This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases. All information, including troubleshoot guides and notes, are in the Announcement Thread
forum.xda-developers.com
That should pretty much cover things for the moment. If nobody else (@hfam ?) has done it by the time I get around to rooting I'll write something up specific for the 5a.
Click to expand...
Click to collapse
Just a quick note to say I just finished with everything (new Pixel 5a 5G, rooted + Safety net, restored all my apps, etc) and it's a flawless victory, ALL banking apps work great, SafetyNet passes, no hiccups.
I'd be happy to craft up a step by step and post it if there's some interest. It's not often I get to give back to this outstanding community, so it's the least I can do jumping on the opportunity. UFC 266 Main card is just starting, so I'll get started right after the fight and post it here in this thread.
Great to see ya again @jcmm11! Coming back to root a new phone feels like a family reunion, so great to see many of you active folks still here helping out!!
hfam
Alright, as promised, here is my writeup for a step-by-step tutorial for rooting your new Pixel 5a and getting SafetyNet up and going. I know it looks like a book, but I wanted to put it into plain language and attempt to explain the process for everyone, even absolute first timers. I know when I first started I really appreciated when the person helping didn't presume I had any knowledge, so for those that may have some experience, sorry for the wordiness. I'll also include how I apply updates when a new Android security update is pushed out. I understand that there are now elegant ways to accept OTA updates, but that is out of the scope of this tutorial as I have always had issues with OTA, and have to catch up on how that works myself. I can attest to years of using this method though (using a full factory image) to perform the "monthly" security updates, and I have never had anything but full success, so I'll share that here below the rooting tutorial.
*Disclaimer and heads-up* this is for an UNLOCKED PIxel 5a purchased directly from Google Store. At the time of this writing that is the only place I'm aware of which currently offers the PIxel 5a. Once carriers like Verizon, etc, offer this device, there may be some changes to the process, so just know up front this is for the unlocked Pixel 5a*
*WARNING*! When you unlock the bootloader on your phone it WILL WIPE YOUR PHONE and reset it to factory. If you've already used your phone and set it up, you're going to lose that setup. If you can't bear it, then the rest of this isn't for you, as root cannot be achieved without unlocking the bootloader.
First, you'll need a few things
- https://developers.google.com/android/images
and download the latest FACTORY IMAGE for "barbet", which is the Pixel 5a. You want to download the SAME VERSION that is currently installed on your device. At the time of this writing, it's the September release.
From that same page, you will need the ADB+Fastboot platform tools which will allow you to perform the required tasks, download from this link:
- https://developer.android.com/studio/releases/platform-tools.html
I use Windows 10, and extract this tools download to a folder in the root of C: called "platform-tools". You will then need to add "c:\platform-tools" to your environment path.
On the Pixel 5a, you need to enable developer options. Go into Settings/About Phone/and tap "Build Number" 7 times. This enables developer options and it will let you know when you've unlocked this as you tap 7 times. Once developer options is unlocked, go back to Settings/System/Advanced, and you'll see Developer Options is now available.
Select Developer Options, and enable "USB Debugging" and also enable "OEM Unlocking".
(**NOTE** For now at least, until you decide how you want to proceed with handling updates in future (more on that later), I strongly recommend turning OFF "Automatic System Updates" as well, just a few items below "OEM Unlocking". This prevents any updates happening automatically on a phone reboot. You don't want to wake up and find an OTA update pushed out and removed root, or worse. You can always turn it back on later.)
Plug your phone into a USB port on your PC. Allow the PC to do it's thing. You can open up Computer Management on the PC (right click the windows menu button icon lower left of your toolbar and select "Computer Management". Select "Device Manager" on the left panel. You should see "Android ADB Device" appear at the top of the right pane list of devices. if not, then visit:
Install OEM USB drivers | Android Studio | Android Developers
Discover links to the web sites for several original equipment manufacturers (OEMs), where you can download the appropriate USB driver for your device.
developer.android.com
and download the appropriate USB driver for your system and retry the above directions.
First thing we have to do is unlock the bootloader.
On the PC, open a command prompt and change directory to "C:\platform-tools" as discussed above.
Now, type in "adb reboot bootloader". The phone will reboot into bootloader. (you may receive a dialog on the phone which says something to the effect of not recognizing the PC. Go ahead and allow it, check the box to allow it in the future, and proceed.
Phone is now at the bootloader, and shows you some info letting you know it's so, including that the bootloader is locked. Also, look at the Device Manager we opened earlier and confirm that you see Android ADB Device (or similar) which confirms your PC recognizes the phone and setup for ADB commands .
To unlock the bootloader, in the command prompt type:
fastboot flashing unlock
This will unlock the bootloader, you will likely see a warning that it's going to wipe the phone. Proceed and allow the unlock. The phone will then reboot and take you to your wiped phone just as you received it out of the box, except the bootloader is now unlocked and Developer Options are still available. Let the phone continue through it's first-time setup, and leave the phone plugged into the PC. If you unplugged no biggie, but we're going right back to the PC shortly and it will need to be plugged back in before the next step to accept the file we're going to push to it.
Now, you want to open a browser on the phone and go to (at the time of this writing, v23.0 is the current stable Magisk):
Release Magisk v23.0 · topjohnwu/Magisk
This release is focused on fixing regressions and bugs. Note: Magisk v22 is the last major version to support Jellybean and Kitkat. Magisk v23 only supports Android 5.0 and higher. Bug Fixes [App]...
github.com
Scroll down and under "Assets" select that Magisk 23.apk file, download and install it. Open Magisk if it doesn't open on install, and just let it sit, we're coming back to it shortly.
PATCHING THE BOOT.IMG FILE
On the PC, go back to the Factory Image you downloaded, and extract it to a temporary directory. You will see 6 files; a few "flash-all" files, a radio image, a bootloader image, and a ZIP file called "image-barbet-XXXXXXXXXXX.zip (the xxx's are whatever the version number is you've downloaded). Double click that ZIP file and you will see a dozen files. The one we need to root the device is "boot.img".
Copy (don't move!!) this file to c:\platform-tools. Now, go back to your command prompt (still pointing to c:\platform-tools) and type in:
adb push boot.img /sdcard/Download
Now back on the phone, within the Magisk app we left open, at the top where it says Magisk, choose to install. A dialog box will open, select Patch Boot File Image. Point the process to your /sdcard/Download, and select the boot.img file we just pushed there. Now allow it to patch the boot.img and Magisk will show you it's patching it, and in a moment tell you it was successful. Close the Magisk app, open "Files" and direct it to sdcard/Download. Note the name of the patched boot file, which is called "magisk_patched-XXXXX_xxxxx.img (the X's are the Magisk version, and the x's are 5 random chars). Feel free to leave it there as you go back to the PC...
Back on the PC, in the command prompt, now type:
adb pull /sdcard/Download/magisk_patched-XXXXX_xxxxx.img
make certain you get the name exact or it won't go, no worries, just get it correct. The file now resides in the "c:\platform-tools" directory along with the unpatched "boot.img" and your ADB+Fastboot tools.
Just about done rooting, here we go!
Now, in the command prompt type:
adb reboot bootloader
The phone reboots into bootloader. Now type:
fastboot flash boot magisk_patched-XXXXX_xxxxx.img (again, use the numbers and letters in YOUR patched file!)
Lastly, type:
fastboot reboot
Your phone reboots, and you should be rooted!! Unplug your phone from the PC, open up Magisk App and confirm, the Magisk entry at the top of the main Magisk App screen should now show you the version you installed, etc!
Time to get your banking apps (and any others that may detect unlocked bootloaders/root/etc) working!
In the Magisk App, on the bottom of the screen is a 4 item menu bar. Select the right-most icon, which is "Modules". At the top of the screen select "sorting order" and sort alphabetically. Scroll down to "riru" and select the module that is JUST "RIRU", (not any of the other "riru _______" modules). Choose to download it, then choose to install it. You'll be prompted to reboot the phone, so reboot the phone.
Next, we're going to install drag0n's Universal SafetyNet fix (at the time of this writing it's currently v 2.1.1) You will need to download this via a browser on your phone, so open a web browser and go to:
GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
On the right-hand side, you'll find "Releases", and v2.1.1 is the latest. Select that, then scroll down to "Assets" and download "safetynet-fix-v2.1.1.zip" By default this will download to sdcard/Download.
Go back into the Magisk App, select the "Modules" menu as above, and at the very top select the "Install from Storage" bar. Point to the file we just downloaded and install it (don't extract it, etc, it requires the zip exactly as downloaded and will do it's thing). Again, it will install the module and prompt you to reboot. Reboot.
Almost there!
At this point, if you havent installed your banking apps, do so. DON'T RUN THEM, just install them. I also have a Nintendo Switch Online app which failed because of root, so if you also have or want this app, install it now, again, do NOT run it yet, just install. Same with any other apps you are aware which have root/bootloader unlocked issues, get them installed, but don't run 'em.
Now, we're going to use MagiskHide to hide these apps and complete the process for passing SafetyNet and running apps which may not run due to root.
in the Magisk App, at that 4 item menu bar at the bottom, select the 2nd from left, or "MagiskHide". Select the MagiskHide item and it will open to a scan of all the apps on your system. By default I believe Magisk sets up to hide Google Play Services. You will see it selected, and all the other apps on your system unselected. Select each of the banking apps, the Nintendo Switch Online (if you have it), and any other apps that YOU ARE SURE will complain about unlocked bootloaders and/or root. Any onilne gaming that's popular are good choices, but again, it's easiest to NOT RUN them PRIOR to hiding them via MagiskHide. Pokemon GO comes to mind as one I've seen that needs hiding, etc, so make it easy on yourself and do a little research on any suspect apps prior to running them, then hide them if needed.
Anyhow, select your banking apps to hide them.
Now, we're going to check SafetyNet to make sure youll now pass.
On the Home menu in the Magisk App, select "Check SafetyNet". You will be prompted to download some proprietary SafetyNet shhhhhhhtuff....so let it download. Once done, SafetyNet check will open, and you should show a blue screen which says SUCCESS, and "basicintegrity" and "ctsProfile" will be checkmarked, evalType will show BASIC.
You're good to go, rooted, SafetyNet works perfect, and you can now open your banking apps and should open right up!!
If you find any specific issues about specific apps not working, or detecting root, etc, the best place to get help is in the Magisk General Discussion forum:
Magisk General Support / Discussion
This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases. All information, including troubleshoot guides and notes, are in the Announcement Thread
forum.xda-developers.com
I owe those folks eternally for showing me what I know, and always having the answers for any issues I've ever had. Some of the nicest, smartest people Ive had the pleasure of knowing, they're always helpful, and even maintain fantastic sites for FAQ and chock full of great info about every aspect of Magisk.
BONUS ITEM: As I indicated above, I'd share the method I know, trust, and have used many many times, trouble free, to apply a system update to the phone without overwriting anything, and not hitting any issues many encounter using the OTA method (though I understand that's been vastly improved, I haven't educated myself as to that process and will likely continue to use this method).
Security Update (monthlies) Process using Full System Image
As above, download the newest Full Factory Image from the site. Extract this full image to a directory inside C:\platform-tools
In this directory, if you're on Windows, open the "flash-all.bat" file (don't run it, open it with Notepad or something similar, I really like Notepad++ as it's free, has a LOT of great functionality and, like the native Notepad, doesn't do any goofy formatting/fonting/etc when modifying and saving a file.)
In flash-all.bat, look for the "-w" entry in the fastboot command near the end of the file and REMOVE ONLY THE "-w", leaving the line correctly formatted (don't leave an extra space or something goofy), then save the file over the top of the original with the same name. This will remove the overwriting of your data when pushing the image, the "-w" tells the process to overwrite, so we remove it.
Open up a Windows Explorer and go to your c:\platform-tools directory. Delete (or move to another location) any "boot.img" files along with any "magisk_patched-XXXXX_xxxxx.img" files from previous operations. Also note and confirm that you have correctly extracted the latest Full System Image to it's own directory, residing in c:\platform-tools.
Now, connect your phone to the PC. Open your command prompt and point to "C:\platform-tools" again. Type: cd <name of Full system Image directory>
In command prompt, type:
adb reboot bootloader
The phone is now in bootloader. In command prompt, confirm you're pointing to "C:\platform-tools\<Full System Image extract dir>" Type:
flash-all
This will do a full factory image push to your phone, you'll see a couple quick writes and phone reboots, then begins writing the rest of the image to your phone, but since we removed the "-w" from "flash-all.bat", it's NOT overwriting your data, just the necessary system files to update it to the latest version!
Reboot your phone, let it do any optimizing and updating it needs to do, and don't run anything yet, we're not quite done, just let the phone settle in and finish booting and doing it's thing.
Now, go back and perform the steps above listed under "PATCHING THE BOOT.IMG FILE" to patch the newest boot.img from the Full System Image we just updated the phone with (push the boot.img to sdcard/Download, patch with Magisk App, pull magisk_patched-XXXXX_xxxxx.img to your PC, blast it back using fastboot), and you've now rerooted the phone.
Lemme just say again that I know this was a friggin' book, and I tried to make it as clear and plain language as I could to help even a first timer, so my apologies if it seems like an onerous process. It's really not, and once you've done this once or twice, it's a cakewalk and takes about 10 minutes of your time from start to finish to do the whole system update and reroot. Again, the newer methods to take OTA without losing root may be something you'd like to look into, i definitely will, but I'm very confident in sharing this method as I know it works like a champ and is foolproof if you take your time the first few times and make sure you do what's required (remove the "-w" from the flash-all.bat, etc)
Lastly, I've been using this method since the Pixel 2, and just performed it on my new 5a, it worked exactly as it has for years for me on the P2, so you can be confident moving forward that, if you follow instructions and take your time until it's all familiar, you'll be successful in rooting, passing SafetyNet, and applying system updates without screwing up the A/B slots or overwriting your data in the process.
I hope this helps even one person, and since I rarely find myself able to give back to the community in any real meaningful way (many of these folks are WAAAY beyond my modest skills and know so much!!), I hope that this provides some folks with a useful and meaningful tutorial, providing confidence that anyone can root their P5a (or about any Pixel it seems) without being a Magisk/Android prodigy.
@Didgeridoohan, @pndwal, @zgfg, @jcmm11, and so many others over the years have been so helpful, I couldn't have done any of this without their selfless help, so give those folks a big thanks also if this is any help to you.
Best of luck,
hfam
Thanks for the write-up @hfam, it's good to know that some of the steps that i tried aren't really necessary, like using props config or hiding the actual magisk app.
Appreciate you!
nsoult said:
Thanks for the write-up @hfam, it's good to know that some of the steps that i tried aren't really necessary, like using props config or hiding the actual magisk app.
Appreciate you!
Click to expand...
Click to collapse
Awww, thanks! Glad to do it and really hope it helps some folks tackle rooting their phones and passing SN!
Rooted with magisk v.23 - flashed zip as a module
So has anyone installed the October update yet?
GrandAdmiral said:
So has anyone installed the October update yet?
Click to expand...
Click to collapse
Yep, good to go. I used the same method I shared above.
Is this working with Android 12? Which Magisk version to use?
This method did not work for Android 12. I updated my rooted phone to android 12 OTA. It returned to stock. I followed the method above to patch the factory boot.img file with magisk. After flashing my phone in bootloader with the patched boot.img, my phone will not reboot. says:
failed to load/verify boot images
Any advice? My Magisk is v23. Do I need to use a beta version?
Poking around in this thread, it seems that android 12 root is a much more involved process, requiring factory wipe and additional steps.
[Guide] Flash Magisk on Android 12
Trying to root the Pixel 5 running Android 12 by flashing a magisk-patched boot image results in the phone only booting to fastboot mode ("failed to load/verify boot images") Some users have reported that booting (instead of flashing) the patched...
forum.xda-developers.com
tintn00+xda said:
This method did not work for Android 12. I updated my rooted phone to android 12 OTA. It returned to stock. I followed the method above to patch the factory boot.img file with magisk. After flashing my phone in bootloader with the patched boot.img, my phone will not reboot. says:
failed to load/verify boot images
Any advice? My Magisk is v23. Do I need to use a beta version?
Click to expand...
Click to collapse
As you stated, you are correct. You need to perform a full wipe or flash the factory image with a wipe and then root works fine and phone boots. Tried myself and works fine.
Hi guys,
new here and went through quite a few threads on Magisk before posting.
Situation is as follows:
- got my Xiaomi Mi 11 Ultra from Aliexpress a few days ago.
- the seller unlocked the bootloader and instealled global ROM instead of the original Chineese ROM.
- the phone works fine, but Google Wallet would not allow me to add any of my credit/debit cards for contactless payments showing the usual "Your phone doesn't meet security requirements"
- NETFLIX wouldn't work.
- Quite a few of my banking apps work fine, including HSBC bank, Paypal, Revolut, IG Index and some others as well.
The obvious solution is to go ahead with Magisk Hide (or what's currently available instead as Hide module is phased out as far as I understand).
Now, I'm really new to all this (have rooted a couple of phones/tablets a few years back) and have a few questions:
1. I was going through the process of installing Magisk on my phone, folloing the instructions here: https://www.xda-developers.com/how-to-install-magisk/?newsletter_popup=1
So according to this, I'm supposed to find a boot.img file in the ROM archive as far as I understand, but my issue is that I don't have the installed ROM details or data as it wasn't me who installed the ROM in the first place.
Is there any way to find out what ROM is installed and perhaps I could download the package and get the boot.img file from there? (ramdisk parameter show YES)
2. I will be installing ADB on my computer to be able to install Magisk as per the following instructions: https://www.xda-developers.com/install-adb-windows-macos-linux/
is there anything else I'd need?
3. Lastly, there is a bunch of good tutorials on your tube on how to use the latest Magysk + shamiko module etc. If someone knows a really good one, I would appreicate if you could post it
Would really appreciate any other feedback etc for a person who is completely new to this
Thank you very much!
I'm not sure how to completely proceed as I am totally unfamiliar with Xiaomi, but I had a couple of ideas...
Kotofeus said:
- the seller unlocked the bootloader and instealled global ROM instead of the original Chineese ROM.
The obvious solution is to go ahead with Magisk Hide (or what's currently available instead as Hide module is phased out as far as I understand).
Now, I'm really new to all this (have rooted a couple of phones/tablets a few years back) and have a few questions:
1. I was going through the process of installing Magisk on my phone, folloing the instructions here: https://www.xda-developers.com/how-to-install-magisk/?newsletter_popup=1
So according to this, I'm supposed to find a boot.img file in the ROM archive as far as I understand, but my issue is that I don't have the installed ROM details or data as it wasn't me who installed the ROM in the first place.
Click to expand...
Click to collapse
I imagine you can find exactly what ROM you are using in the Settings -> "About Phone" or something similar; Probably under something like "Android version" or "Build number". You can google search (most likely by build number or something similar) and find the Factory image needed to flash/install the ROM. Once you download that specific ROM installation file (most likely a .zip file), you should be able to extract it (or go inside the zipped file and extract the specific boot.img file) to be able to patch it in Magisk.
Kotofeus said:
2. I will be installing ADB on my computer to be able to install Magisk as per the following instructions: https://www.xda-developers.com/install-adb-windows-macos-linux/
is there anything else I'd need?
Click to expand...
Click to collapse
Best place to get the adb (and you'll also need fastboot.exe so you'll also get it from) is from the Platform Tools from Google's developer's site here: https://developer.android.com/studio/releases/platform-tools
I'm unsure (but I doubt) if Xiaomi Mi 11 Ultra has 2 slots (A and B), but if it does, don't download the latest version of platform tools but version r33.0.3 because any version r34.0.0 and above has a known bug that will wreck devices with 2 slots (namely Google Pixels).
Anything else you'd need is to be sure to have USB debugging enabled and the proper Google USB drivers installed on your computer (there are Windows, Mac, and Linux drivers that can be installed).
Kotofeus said:
3. Lastly, there is a bunch of good tutorials on your tube on how to use the latest Magysk + shamiko module etc. If someone knows a really good one, I would appreicate if you could post it
Click to expand...
Click to collapse
There are a number of root hide methods that hide root from Netflix and Google Wallet. One usually starts with using Magisk and Zygisk Denylist and making sure that Wallet, Netflix, Google Play Services, Google Play Store, Google Play Protect, and Google Service Framework are all "ticked" with all their sub-selections ticked as well. Also, be aware that after implementing any/all of these, usually clearing all these Google services data and cache is required & a reboot of the device is a must, but re-entering your cards will also be required as well; as well as signing back into some Google services. Then, if all that doesn't work, there's Universal SafetyNet Fix -- or even Displax's Mod branch if the official USNF isn't enough. Then also any of the further root hiding methods; Shamiko, Magisk Delta, HideMyApp, etc..
Kotofeus said:
Would really appreciate any other feedback etc for a person who is completely new to this
Thank you very much!
Click to expand...
Click to collapse
Again, I'm coming only from Pixels and have absolutely no experience with Xiaomi and I can't be sure any of these will apply since you have a "custom" ROM (sort of) so things might not be as usual. These are just general dealings with Magisk and Android OS as I know them... But you state that you are "completely new to this", so I'm just trying to cover all the bases as much as I can, even if you would be already knowledgeable of them. If anything, these can be taken as just ideas and/or pointing to a direction that might work...
simplepinoi177 said:
I'm not sure how to completely proceed as I am totally unfamiliar with Xiaomi, but I had a couple of ideas...
I imagine you can find exactly what ROM you are using in the Settings -> "About Phone" or something similar; Probably under something like "Android version" or "Build number". You can google search (most likely by build number or something similar) and find the Factory image needed to flash/install the ROM. Once you download that specific ROM installation file (most likely a .zip file), you should be able to extract it (or go inside the zipped file and extract the specific boot.img file) to be able to patch it in Magisk.
Best place to get the adb (and you'll also need fastboot.exe so you'll also get it from) is from the Platform Tools from Google's developer's site here: https://developer.android.com/studio/releases/platform-tools
I'm unsure (but I doubt) if Xiaomi Mi 11 Ultra has 2 slots (A and B), but if it does, don't download the latest version of platform tools but version r33.0.3 because any version r34.0.0 and above has a known bug that will wreck devices with 2 slots (namely Google Pixels).
Anything else you'd need is to be sure to have USB debugging enabled and the proper Google USB drivers installed on your computer (there are Windows, Mac, and Linux drivers that can be installed).
There are a number of root hide methods that hide root from Netflix and Google Wallet. One usually starts with using Magisk and Zygisk Denylist and making sure that Wallet, Netflix, Google Play Services, Google Play Store, Google Play Protect, and Google Service Framework are all "ticked" with all their sub-selections ticked as well. Also, be aware that after implementing any/all of these, usually clearing all these Google services data and cache is required & a reboot of the device is a must, but re-entering your cards will also be required as well; as well as signing back into some Google services. Then, if all that doesn't work, there's Universal SafetyNet Fix -- or even Displax's Mod branch if the official USNF isn't enough. Then also any of the further root hiding methods; Shamiko, Magisk Delta, HideMyApp, etc..
Again, I'm coming only from Pixels and have absolutely no experience with Xiaomi and I can't be sure any of these will apply since you have a "custom" ROM (sort of) so things might not be as usual. These are just general dealings with Magisk and Android OS as I know them... But you state that you are "completely new to this", so I'm just trying to cover all the bases as much as I can, even if you would be already knowledgeable of them. If anything, these can be taken as just ideas and/or pointing to a direction that might work...
Click to expand...
Click to collapse
Thank you very much for taking time and going through all my queries, really appreicate it!
I started losing hope really as looked through a number of vide tutorials involving installing magisk via custom recovery, which would mean I needed to install a custom recovery first... so this was becoming a bit of a Russian Doll thing and a never ending quest.
Looked at "Detailed info and specs" on my phone and I have:
Baseband version
Kernel Version
I presume I can search by Kernel Version to find the ROM - will try that.
If I can't find the ROM, than the only way is to try and install custom recovery, download Magisk apk, rename it into zip, get into custom recovery mode and try to flash the zip file. Saw a few tutorials on youtube like that and it looked fairly straightforward, however not sure how easy or difficult it would be to install a custom recovery like TWRP on this phone.
I also looked through a tutorial of using Magisk with Zygisk and Denylist and again, looked pretty straightforward, but Magisk needs to be properly installed of course.
Yes, thank you - I understand that you need to clear cash and re-enter the cards once again, that would have been the least of my troubles.
Will try to search that kernel number on google once I have a moment and see if I get any luck.
Will also reasearch on how to install TWRP. If that's easier than I may go with that option instead of extracting and patching the boot.img
Kotofeus said:
Looked at "Detailed info and specs" on my phone and I have:
Baseband version
Kernel Version
I presume I can search by Kernel Version to find the ROM - will try that.
Click to expand...
Click to collapse
You can't find what MIUI version you have? That's all you basically need...
From a small bit of research, you state you are on a "global ROM" of a Xiaomi Mi 11 Ultra, which should just be a "global" version of the MIUI. You just need to find the MIUI global version and extract it (boot.ini) from the firmware update file. Once you find the version, you could search and find the firmware update file in places like here: https://xiaomirom.com/en/rom/mi-11-pro-ultra-11-ultra-star-global-fastboot-recovery-rom/ or other sites I imagine.
It's just important that you get the exact right version of the MIUI Global ROM you are currently running as patching and flashing a boot.ini of a different version could soft-brick/bootloop your device....