Some security brainstorming while using unlocked bootloader - Xiaomi Mi Max 2 Questions & Answers

*I've tried the search on xda but didn't find what is on my mind
** feel free to add the topic to the proper place
So here is it
Unlocked bootloader - decrypted storage - twrp recovery
Pretty much on a silver plate for any thief
.. If i encrypt the storage will i be able to access twrp with the code
And if i remove the installed rom and kept the internal data will it be available after the new rom flash
What is the best options to go with?

Related

[ROM] Stock US Unlocked/Developer Sense 7 Marshmallow AIO Thread (wp_mod) (s2s_mod)

The official Sense 7 for MM is out!!
For those who haven't or cannot receive the OTA and you cannot wait, here is it!
In this post you can find the followings:
Firmware
Aroma Stock Rom
Root Info (System/Systemless)
Disable S-ON System Write Protection
Sweep to sleep module
FAQ
Firmware
Here is the full firmware pack before flashing the rom. You can choose stock or the one with no red text.
Unzip the firmware zip, and change mid and cid in android-info.txt to your own one.
This firmware will not wipe data!! Flash without any fears
S-OFF Only!! S-ON users can try flashing this rom with older firmwares.
Stock: DevDB Download
No red text: DevDB Download
Aroma Stock Rom (With selectable root ,wp_mod, s2s_mod)
The installer will install everything for you.
If you want root, take a look at the next section for some info about root methods.
I haven't got much time, so I'm using block flashing for convenience. Will update to file based flashing if I had time, but users wouldn't feel any difference.
DevDB Link​
Important!! If you choose systemless root, please choose "Do not install SuperSU" when reboot in TWRP, because TWRP isn't updated to detect this new method. If you choose to install SuperSU within TWRP you'll get stuck in boot loop.
Root Info
Marshmallow root has been much more difficult than simply flash a zip in recovery, because it also requires a modified boot image to work. This root is achieved with SELinux enforced using Chainfire's method.
Chainfire gave us with two rooting methods include:
The traditional root in system, which breaks OTA functionality.
(It's more stable now)
New "systemless" approach, which means the root stuffs are only in DATA and BOOT, the system will stay intact and it will accept OTAs.
(Note that this method is still in beta stage according to CF)
If you are already on the stock rom and you want root, this is where you'd be interested with.
Choose your preferred root method above, and follow the correspond instructions below.
Instructions:
Traditional:
Flash m8-mm-su-boot.zip in attachment with TWRP
Flash SuperSU 2.52
Systemless:
Be sure you haven't used any other root method(like the traditional one above), if you've rooted with other methods, please re-flash your system back to pure stock
Flash m8-mm-su-boot-systemless.zip in attachment with TWRP
Download SuperSU-v2.56-20151030013730.zip in this thread, and flash it through TWRP
Important!! Please choose "Do not install SuperSU" when reboot in TWRP, because TWRP isn't updated to detect this new method. If you choose to install SuperSU within TWRP you'll get stuck in bootloop.
Disable S-ON System Write Protection
After you rooted, you might find out that your system partition is locked up, this is because of HTC's system write protection on S-ON devices, and here is a handy mod for you to bypass it. Original mod by flar2, I modified it to work on MM.
Instructions:
You have to use the traditional root method above to make this work!!
Flash m8-mm-wp_mod.zip in attachment
Sweep to Sleep module
A handy mod to turn of the screen by swiping the bottom of the screen. Original mod by flar2, I modified it to work on MM.
Instructions:
This will flash files to system, there is no point in using systemless method, but it should be OK
Flash m8-mm-s2s_mod.zip in attachment
FAQ
Q: After choosing full wipe, my contents in internal storage are all gone!!
A: No, it's not. It seems that Marshmallow treats my full wipe script differently. After each clean flash, it will move all previous files in /sdcard into /sdcard/0. You can just move them back to the proper locations. No big deal!
Q: I cannot install Busybox in system / I cannot use adaway !!
A: Flash wp_mod.
Q: I used systemless root and wanted to keep my system partition intact, how do I install Busybox?
A: Download Busybox Pro, type /su/bin as the installation path for busybox. You cannot do it using the free version, unfortunately.
Q: **** app cannot access external SDcard!!
A: Look at this explanation:
Since Kitkat (2 years ago man), we don't have direct external storage write permission. Google consider it insecure, so they implemented this feature. The reason why you can access external SDcard easily before is because most roms on XDA already contains a hack in /system/etc/permissions/platform.xml. You should not rely on this hack forever, please take a look below.
In lollipop and after, Google provided a much secure and better way to grant external storage access to third party apps, first of all take a look at this article for details:
http://www.androidpolice.com/2014/1...s-automatic-mediastore-and-improves-security/
So instead of using the old platform.xml hack in the old Kitkat days, adopt yourself with this new behavior of Android!! If a certain app cannot access SDcard, ASK THE DEVELOPER to add support for this API!!
Many apps already have support for this API. I'll take Titanium Backup for example, as lots of you cannot find the way to use it on externals SD. In Menu>>Preferences>>Backup Location, you can choose Document Provider on top of the detect button.
In the provider, open the menu on the top right corner and select "Show SDcard", then you'll see External Storage in the left side. Select external SDcard in the document provider and press the button on the bottom, the app will then be granted access to the whole external storage. You can then create a new folder in TiBack and select it as your backup location.
Other apps also follows the instructions above, you just have to manually set up the folder where the app can access, in the case which most of us would love to give access to the whole SDcard, I set the location to the root of external storage. Each app has independent permission, so you have to manually grant each app you wish to access external storage.
Q: I want OTA, what should I do?
A: Look at the following info
To accept OTA updates, you need the following:
Your MID should be 0P6B11000 or 0P6B12000
Your CID should be BS_US001 or BS_US002
You have to keep system partition untouched
You have to have stock recovery
So before anything, if you want to accept OTA, you have to change MID, CID, flash the stock firmware. The tricky part is the system partition and the recovery. The easiest way is when the OTA comes, flash the stock rom again without root, flash stock recovery through fastboot, then apply OTA. But if you like to go the hardcore way, here comes a tutorial:
fastboot flash systemless_boot.img
fastboot boot TWRP.img(so that you can use TWRP but you didn't actually flash it)
Flash systemless SuperSU
By doing so you can accept OTA at anytime.
Credits:
@Chainfire for the new root methods and SuperSU
@flar2 for wp_mod.ko and s2s_mod.ko
XDA:DevDB Information
Stock Sense 7 Marshmallow , ROM for the HTC One (M8)
Contributors
topjohnwu
ROM OS Version: 6.0.x Marshmallow
Version Information
Status: Stable
Created 2015-12-03
Last Updated 2015-12-03
Will this work on a CDMA device?
@topjohnwu nicework dude....
skinbis said:
Will this work on a CDMA device?
Click to expand...
Click to collapse
I'll take a look.
Sticky
Sent from my HTC6525LVW using Tapatalk
tell me the no red text will work on s-on?
i think both of this frimware not work on s-on
The suspension is almost as big as when MM first came out
Good work!
Where is the downloading link to the rom?
Edit:The rom is uploading....Sorry.
b-george said:
Good work!
Where is the downloading link to the rom?
Edit:The rom is uploading....Sorry.
Click to expand...
Click to collapse
Still uploading shouldn't take much longer about another half an hour or so.
topjohnwu said:
I'll take a look.
Click to expand...
Click to collapse
Thanks
Is it possible to flash on S-ON device?
It seems that the systemless boot isn't working as expected lol
Fixing
Edit: Fixed, everything is now uploading
Hi. Can i flash on 6 sense firmware ?
Wysłane z mojego HTC One M8 przy użyciu Tapatalka
Can u upload some pics ?
topjohnwu said:
It seems that the systemless boot isn't working as expected lol
Fixing
Edit: Fixed, everything is now uploading
Click to expand...
Click to collapse
Prepping my device in the meantime, thanks!
Any ETA on the upload?
topjohnwu said:
It seems that the systemless boot isn't working as expected lol
Fixing
Edit: Fixed, everything is now uploading
Click to expand...
Click to collapse
does the firmware provided here will wipe internal SD?
JEANRIVERA said:
does the firmware provided here will wipe internal SD?
Click to expand...
Click to collapse
Firmware updates never wipe that.
Zulake said:
Firmware updates never wipe that.
Click to expand...
Click to collapse
you are so wrong!!! there are firmware that does wipe internal SD that is the reason why asked
JEANRIVERA said:
you are so wrong!!! there are firmware that does wipe internal SD that is the reason why asked
Click to expand...
Click to collapse
Well I have never ever seen those, and I've been flashing ROM's since the HTC Desire HD.
Zulake said:
Well I have never ever seen those, and I've been flashing ROM's since the HTC Desire HD.
Click to expand...
Click to collapse
whats the procedure to flash a firmware please?

[App] [Root] OnePlus Data Protector

This app can be used to maximize the protection of the data on your rooted phone in situations in which someone has physical access to your device. It only works on OnePlus One 64GB phones (and might work on the 16GB edition).
Features:
Toggling tamper flag
Unlocking/locking bootloader without wiping your data
Disabling and enabling the recovery program (such as TWRP) from within Android
Use case:
Suppose you have rooted your phone and in the process you have also installed a custom recovery program. Anyone with physical access to your phone can now easily extract all files that are on your internal storage, by booting the phone into recovery mode and connecting it to a computer. Imagine that, to counter this problem, you install a recovery program that does not expose any files and only accepts signed flashable packages. Now, an intruder cannot access files through recovery mode, but can still flash a new recovery program that does expose files. To prevent this from happening, one must also lock the bootloader, to prevent malicious images from being flashed. This app makes taking these measures easy. It is able to completely block access to the recovery program by backing up and erasing the recovery partition, and toggle the bootloader lock. This will make it (nearly) impossible for anyone without special hardware, tools and soldering equipment and experience to gain access to your files.
Tested on:
OnePlus One 64GB, Resurrection Remix
Important:
If you lock your bootloader and disable your recovery, the only way to get to your data is through Android. If you corrupt Android in one way or another, i.e. it does not boot anymore, you have practically lost your data. I advise you to only disable access to the recovery program in situations in which there is an increased likelihood your phone will be stolen.
You can also use device encryption.
Downloads:
OnePlus Data Protector 1.1
OnePlus Data Protector 1.0
XDA:DevDB Information
OnePlus Data Protector, Device Specific App for the OnePlus One
Contributors
_Tobias
Source Code: https://github.com/Tobiaqs/OnePlusDP
Version Information
Status: Stable
Current Stable Version: 1.1
Stable Release Date: 2017-07-18
Created 2017-07-17
Last Updated 2017-07-18
Would this be considered a workaround to not being able to encrypt the /data partition with f2fs? Or would they still have the ability to view my data in plain text?
Does this work with custom roms/kernels/firmware? Once I re-lock my bootloader, will I be able to unlock it again without wiping my device? I tried looking on github but there's no info about this.
ThunderThighs said:
Does this work with custom roms/kernels/firmware? Once I re-lock my bootloader, will I be able to unlock it again without wiping my device? I tried looking on github but there's no info about this.
Click to expand...
Click to collapse
Once you lock your bootloader, you will be able to unlock it without wiping your device, provided you unlock it through the app (or find another way to write the flag value to the aboot partition). This will work on almost all custom roms/kernels, however, disabling the recovery will probably not work if you for some reason have a resized recovery partition (not likely to be the case).
Unlocking it through fastboot will initiate a full wipe.
ThunderThighs said:
Would this be considered a workaround to not being able to encrypt the /data partition with f2fs? Or would they still have the ability to view my data in plain text?
Click to expand...
Click to collapse
Given enough hardware and tools, one would still be able to read from your memory chip, but not with just a USB cable. Encrypting the data partition, combined with the use of this app would be more secure.
I just noticed a bug. The app incorrectly shows the value of the unlocked flag. Setting the flag still works all the same.
This has been fixed in version 1.1.
Thank you for making this useful app. It really does work as advertised, and the only bug I experienced was fixed in v1.1.

[GUIDE]Unlocking Bootloader + Magisk Root for Huawei Mate 20 Pro

I read through quite a few post here to get everything sorted out and in order to save every one some time here is a summary of all the info I have gathered so far, and my way to thank the forum for offering me so many helpful tips. I'll try to keep this thread updated as information comes in.
All credit goes to their respective owners, I am only aggregating all the information here.
Current status on BL Unlock:
China version: OEM unlock not greyed out, direct BL unlock possible
EU/NA version (L09/L29/L0C): OEM unlock greyed out in developer options, BL unlock possible via FunkyHuawei method by upgrading to .170.
UPDATE 2019/01/02: Some users reported they have already received the .171 update from carrier (https://forum.xda-developers.com/showpost.php?p=78571337&postcount=6), if that is the case you can skip the FH Method part and go directly to unlock BL.
Note: Currently .170 is not GooglePay certified, so Google Pay won't work on this, if you must have Google pay please wait for your carrier to update to some version that support OEM unlock (tap build number 7x to get Developer Options in Settings -> System -> About Phone and then go to Settings -> System -> Developer Options and see if Enable OEM Unlock option is enabled).
Also current recovery install requires you to boot into recovery (Power and volume up with phone disconnected from USB) every single time if you want root, which is not perfect.
The only time you'd be required to wipe your phone is right after your BL is unlocked with fastboot OEM unlock, please make sure you have a backup before doing that step.
Where to get unlock code?
In order to get BL unlocked, you need both allow OEM unlock option NOT greyed out (i.e., you can enable it) AND a BL unlock code. BL unlock code can only be purchased either from FunkyHuawei (55 USD one time for BL unlock code only or if you buy an unlimited pass 132USD for unlimited flashing + BL unlock code (note that it is locked to your phone and can not be transferred)), or MinistryOfSolutions (30 Euro, https://ministryofsolutions.com/huawei-bootloader-unlock-service-all-new-models-new-firmwares, BL unlock code only).
FunkyHuawei Method (for non-China version)
1. Create an account in https://funkyhuawei.club/membersarea, buy 1 credit (if you just want to download .170 firmware, each credit cost 18USD).
2. Go to Select Firmware tab, use LYA-Global if you don't see the exact model. Then select .171 version.
3. Follow instructions here: https://pastebin.com/raw/Db5ZSyqu, you must download the specific HiSuite version (9.0.2.301)and the specific installer executable. Run the executable FHHiSuiteInstaller.exe as administrator (right-click and choose Run As Administrator) <- must run as admin since it will need to modify your host file. Make sure the script runs without error.
3.1 (Additional step for L0C): Edit the c:\users\YOURHOMEFOLDER\appdata\local\hisuite\userdata\updatedogdev\hisuiteconfig.xml file and change LYA-L29 to LYA-L0C everywhere it occurs and save the file. (Thanks to FunkyHuawei Support for pointing this one out).
4. Put the phone into fastboot mode (adb reboot-bootloader or with the phone off connect the usb cable while holding volume down, or boot the phone holding volume down with USB cable connected to PC).
5. Go to HiSuite on your PC and click on System Recovery (furthest to the right towards the bottom of the main screen), and let it do the magic. You will see some cmd windows pop up however it should get to the download progress with a percentage pretty fast, if you don't see that pop up then please check to make sure you have at least one credit in the FH Select Firmware tab and you have installed the specific versions of HiSuite and ran the installer as admin in Step 3.
6. Once everything is completed please verify to see if your firmware version is .171.
Unlock Bootloader
Again, get the BL code and go to Settings -> System -> Developer Options and make sure Enable OEM Unlock option is enabled. Also check to make sure you have everything backed up. Also enable USB Debugging in the same screen as well.
Rest is pretty standard:
Code:
adb devices (will bring up the authorization window on your phone, click on Always Trust)
adb reboot-bootloader
fastboot devices (make sure the device is in fastboot mode)
fastboot oem unlock *UNLOCK CODE*
at this point there will be a format operation performed on the phone, if it didn't complete successfully don't worry, your phone is wiped. During the boot you should see a black window with yellow text of warnings to tell you your phone is unlocked and not secured.
Go through all the steps to initialize the phone, turn on Developer options again, and enable USB Debugging again.
Root
1. Download and install Magisk Manager from this XDA post: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
2. Switch channel, go to Magisk Manager -> Settings -> Update Channel , set it to Custom, and the URL is https://bit.ly/2N8UVlq (at the moment, per https://forum.xda-developers.com/apps/magisk/dev-magisk-canary-channel-bleeding-edge-t3839337). Go back to main screen and down swipe to refresh, it should say Latest Version > v18.0.
3. You will need to find the stock RECOVERY_RAMDIS.img file, I used HW Firmware Finder (https://forum.xda-developers.com/tools/general/huawei-firmware-finder-team-mt-t3469146) to help me with the task, however I couldn't find the L0C update file and ended up using L09 update file instead, which appear to work. I also couldn't find the update.zip for .171 so I ended up using the latest full update version that was available to me (http://update.hicloud.com:8180/TDS/...69/g1750/v181585/f1/full/update_full_base.zip).
4. Unzip the file, drag out UPDATE.APP file in the zip package, and opened it with Huawei Firmware Extractor (I used 0.9.9.5 in this thread: https://forum.xda-developers.com/showthread.php?t=2433454). Extract and open the UPDATE.APP in update file. If you get a checksum error make sure to uncheck both of the verify checksum in Settings -> Extract.
5. Now you should see a RECOVERY_RAMDIS.img file, right click and extract it.
6. Send the RECOVERY_RAMDIS.img file back to your phone (anywhere is fine), go back to Magisk Manager -> Install -> Patch boot, get the patched_boot.img file from the phone back to the PC.
UPDATE 2019/01/02: @pvillasuso was kind enough to post the ramdisk image (both original and Magisk modified) for Mate 20 Pro LYA-L09 (Firmware version .171):https://forum.xda-developers.com/showpost.php?p=78575496&postcount=13, obviously use it at your own risk.
7. Go to fastboot mode again:
Code:
adb devices
adb reboot-bootloader
fastboot devices
fastboot flash recovery_ramdisk "PATH_TO_patched_boot.img"
fastboot reboot
Now your phone should be back to normal with no root yet, turn off your phone and turn it back on by booting into recovery (Power and volume up with phone disconnected from USB)
Boot up and if you go to Magisk now you should be able to see Magisk installed with Installed Version same as Latest Version.
Congrats you are now rooted!
In future you will need to boot into recovery each time to maintain root (which requires you to turn phone off and power + vol up), if you prefer not to do so @ThatsJustLogic suggested you can use the app https://forum.xda-developers.com/showpost.php?p=78569733&postcount=2 to add a one-click reboot from your dropdown menu.
Credits:
@ThatsJustLogic - Figured out the installation steps to patch ramdisk: https://forum.xda-developers.com/showpost.php?p=78554707&postcount=125
@duraaraa - Guy behind FunkyHuawei for figuring out the .171 upgrade and make everything works smoothly https://forum.xda-developers.com/mate-20-pro/how-to/unlock-rebrand-unbrick-update-t3855065
@mutahharbashir - Guy behind MinistryOfSolutions for the unlock BL code.
And creators of Magisk, HWFirmwareFinder, HWUpdateExtractor.
zhuanyi said:
Now your phone should be back to normal with no root yet, turn off your phone and turn it back on by booting into recovery (Power and volume up with phone disconnected from USB)
Click to expand...
Click to collapse
To stop you needing to do this on every boot this app: https://play.google.com/store/apps/details?id=com.superthomaslab.rootessentials allows you to add a "Reboot Recovery" button to your notification tray so its just a one tap reboot instead of holding volume up when you want to reboot after applying a change or something its something small but it saves some hassle.
Awwsome, thank you so much. Now I can finally use Google pay on global firmware 9.0.0.171. It's working perfectly
This is amazing development
Hi, can someone post his oeminfo?
On firmware versions; I have an Australian L29 running an ota update v 168. Oem unlock is available, and Google pay works.
Thank you for the guide.
Can we re-brand from Chinese to international now?
thunderpossuem said:
On firmware versions; I have an Australian L29 running an ota update v 168. Oem unlock is available, and Google pay works.
Click to expand...
Click to collapse
How come? Can you post a screenshot with developer options on yhe screen?? Oh, you have. Can this mean that we will be able to unlock bootloader for free when v168 update arrives to other countries??
Sent from my LYA-L29 using XDA Labs
The 171 official firmware also allows OEM Unlock..
Maybe wait until you get the new update , save a few bucks
deepsrd said:
The 171 official firmware also allows OEM Unlock..
Maybe wait until you get the new update , save a few bucks
Click to expand...
Click to collapse
That's just what i thought
Sent from my LYA-L29 using XDA Labs
Thanks for the guide , Im rooted now !
One question , I have the patched_boot.img file , is it the same for everyone ?
I can share it and it will save some extra steps
Let me know
pvillasuso said:
Thanks for the guide , Im rooted now !
One question , I have the patched_boot.img file , is it the same for everyone ?
I can share it and it will save some extra steps
Let me know
Click to expand...
Click to collapse
The patched file will work for anyone who has the mate 20 pro and the same FW version as you. Theres no extra steps it just removes the finding the FW, extracting and patching the image yourself They will still need magisk and the canary channel.
If you are going to share I would specify Firmware version and attach a non patched one incase people have issues and want to revert.
My phone model : Mate 20 Pro LYA-L09 (Firmware version 9.0.0.211)
patched_boot.img > https://www.mediafire.com/file/fp3jk281d47bh6k/patched_boot.img/file
Apply on your own risk , worked for me !
Hi, glad to hear that even L0C model has to the chance to root. Just wondering after flash the global .171 version which should solve the OEM greyed-out problem, the next step is to purchase a BL unlock code? And is there a chance that after BL and FRP unlocked. My model (LYA-L0C) can be rebrand to another one?
deepsrd said:
The 171 official firmware also allows OEM Unlock..
Maybe wait until you get the new update , save a few bucks
Click to expand...
Click to collapse
Indeed it is 18 USD saved, also hopefully it is more compatible with your phone.
Can you give an example of your path to "PATH_TO_patched_boot.img"
I must be getting syntax incorrect for the file in internal storage download folder, and I have tried everything with and without / leaving out folders.
is this ota proof?
Some rooting questions....
Hi.
I will try to be brief and on topic. Feel free to remove post if not according to Xda forum rules.
Long story short. I am an heavy iOS user from the apple jailbreak scene. I am no developer (only user) and now I have taken the big step from IOS to Android.
Huawei mate 20 pro broke my curiosity. I have always "jailbroken" my iPhone since 2007 and now I am considering root of my HM20PRO.
I have some questions before I try this and brick my phone.
I have Norwegian model, LYA-L29 with 9.0.0.153 (c432) software. (BL unlock greyed out here as well)
How is the partitions setup on this device?
Easy explanation of RAM disk, main disk or whatever?
Do I always have the option to revert to stock setup no matter what? With simple erase/wipe/recover?
Is hisuite the recovery software to use if I want to go back?
Is it possible to unlock the boot loader and go back to 9.0.0.153??
Is the software builds so the highest number software has the latest fixes? (108,122,153,168,171 +++)
Do i loose the safety net like google pay, and other apps that can see that my phone is rooted?
Is there an app to run to trick the apps into believing that the phone is not rooted? (like on iOS)
Hope that someone can take the time to help me with my questions.
The boot via ramdisk/fastboot or what you call it to get rooted is only nesecary on each boot up right? You stay rooted until the next shutdown?
(Semi.tethered on iOS)
sorry for the noob questions, but I am new with this so thanks...
Regards,
Kenneth - Trondheim, Norway
PS:I have to say the switch from iOS to android and Huawei mate 20 pro have been great so far (except new replacement phone on the first day with green screen on BOE screen.) Now all is good.
Main reasons to root android?
I like to have different custom gestures through out the software. And also tweaked apps and notification tweaks, icons.
fromiOS2Android said:
Hi.
How is the partitions setup on this device?
Easy explanation of RAM disk, main disk or whatever?
Do I always have the option to revert to stock setup no matter what? With simple erase/wipe/recover?
Is hisuite the recovery software to use if I want to go back?
Is it possible to unlock the boot loader and go back to 9.0.0.153??
Is the software builds so the highest number software has the latest fixes? (108,122,153,168,171 +++)
Do i loose the safety net like google pay, and other apps that can see that my phone is rooted?
Is there an app to run to trick the apps into believing that the phone is not rooted? (like on iOS)
The boot via ramdisk/fastboot or what you call it to get rooted is only nesecary on each boot up right? You stay rooted until the next shutdown?
(Semi.tethered on iOS)
Main reasons to root android? I like to have different custom gestures through out the software. And also tweaked apps and notification tweaks, icons.
Click to expand...
Click to collapse
Hi, first of all, welcome to Android
My advice is to NOT root until you got an answer to all your questions
I'll let some pros answer the technical questions on the partitions) but here's what I can tell you:
- Main reason to root for me is adblockers and (not a must though) custom roms.
- There is a function within magisk to hide root from apps.
- On the fixes, yes, 171 is the one that allows root and that's also the latest one with all the fixes.
- Once you root you stay rooted, you don't have to repeat the whole process at every boot.
- From what I read in several threads, right now you can't revert to older firmwares. Also, the 171 seems to be market specific, what I will do is to wait until the update gets rolled out in my market by Huawei, I read that the unlock bootloader option is then available officially.
- I would also like to know about google pay (does it brake with root?) and are there other functions that break (camera functions,etc) like it does on other phones (sony for instance)
charliebigpot said:
- I would also like to know about google pay (does it brake with root?) and are there other functions that break (camera functions,etc) like it does on other phones (sony for instance)
Click to expand...
Click to collapse
Using Magisk Hide on Google Pay will prevent it from detecting root, however if SafetyNet fails then it probably still won't work.
There are a few Magisk modules that can (apparently) force SafetyNet to pass, however I haven't ever used any of them.

Root [TWRP + Magisk] kills device Security :: Pin/Fingerprints broken

Hello XDA, I'm going to keep this short and sweet - I was able to root my device using the TWRP + Magisk method and some online guides. I believe after experimenting and flashing over the weekend, there is a bug, race condition, or something that prevents bio metrics and security from properly working on the Note 9.
If I set a pin, as it's required for me to add my fingerprints - when I later try to unlock the phone, the device will say the wrong pin. Deleting the cache, reading guides etc will only get you in a bootloop.
I'm in a state right now where I'm rooted with no device security, as adding a pin will effectively brick the device until flashing with Stock Android again.
_______
I was able to root last week Friday. I didn't bother setting a pin as I was happy to have root. Yesterday, I decided to go ahead and set my pin and soon enough, was prompted to use it to disable security.
I really thought I had mistakenly confirmed a stray character in my pin, and after toying, researching, and flashing my device over the weekend, Ive come to a crux where I could use some expert assistance.
Some guides I used had links to an RMM disabled or some ****, another guide had two zips for a different type of disabler. I'm not linking them, because apparently none of them work, but I believe this is where the problem lies. I think one of the zips is to remove the OEM Integrity Check or some **** Samsung wrote to secure the device. One of the packages I flashed took all those packages but nothing has worked.
Setting your pin during setup, or later in settings yields the same results - you will lock yourself out until you flash Stock Android to restart the process.
We're almost there guys, just need to be able to lock my device like a normal cellhpone user - thank you
dekalbcountyman said:
Hello XDA, I'm going to keep this short and sweet - I was able to root my device using the TWRP + Magisk method and some online guides. I believe after experimenting and flashing over the weekend, there is a bug, race condition, or something that prevents bio metrics and security from properly working on the Note 9.
If I set a pin, as it's required for me to add my fingerprints - when I later try to unlock the phone, the device will say the wrong pin. Deleting the cache, reading guides etc will only get you in a bootloop.
I'm in a state right now where I'm rooted with no device security, as adding a pin will effectively brick the device until flashing with Stock Android again.
_______
I was able to root last week Friday. I didn't bother setting a pin as I was happy to have root. Yesterday, I decided to go ahead and set my pin and soon enough, was prompted to use it to disable security.
I really thought I had mistakenly confirmed a stray character in my pin, and after toying, researching, and flashing my device over the weekend, Ive come to a crux where I could use some expert assistance.
Some guides I used had links to an RMM disabled or some ****, another guide had two zips for a different type of disabler. I'm not linking them, because apparently none of them work, but I believe this is where the problem lies. I think one of the zips is to remove the OEM Integrity Check or some **** Samsung wrote to secure the device. One of the packages I flashed took all those packages but nothing has worked.
Setting your pin during setup, or later in settings yields the same results - you will lock yourself out until you flash Stock Android to restart the process.
We're almost there guys, just need to be able to lock my device like a normal cellhpone user - thank you
Click to expand...
Click to collapse
did you encrypt your device? when you reboot, do you see an animation of a pad lock?
bober10113 said:
did you encrypt your device? when you reboot, do you see an animation of a pad lock?
Click to expand...
Click to collapse
Bober, first of all thanks for taking YOUR TIME to respond - as a senior member I feel like we can make progress
No, my phone is not encrypted - there is no lock when booting up, just the Stock Samsung animation
I do not use any system encryption or anything like that. I’m a hardware first guy, and use a suite of my own private encrypted cloud software
I played with my Note 9 before I rotted cow TWRP + Magisk - all tutorials out there mentioned flashing various encryption/security zips which I have - I think those zoos are geared for Knox
After you root the phone, you cannot set any type of biometric security or pin or you will be stuck in a bootloop/lock loop as the device is unable to authenticate your pin
dekalbcountyman said:
Bober, first of all thanks for taking YOUR TIME to respond - as a senior member I feel like we can make progress
No, my phone is not encrypted - there is no lock when booting up, just the Stock Samsung animation
I do not use any system encryption or anything like that. I’m a hardware first guy, and use a suite of my own private encrypted cloud software
I played with my Note 9 before I rotted cow TWRP + Magisk - all tutorials out there mentioned flashing various encryption/security zips which I have - I think those zoos are geared for Knox
After you root the phone, you cannot set any type of biometric security or pin or you will be stuck in a bootloop/lock loop as the device is unable to authenticate your pin
Click to expand...
Click to collapse
Are you using Snapdragon or Exynos?
mmjs14 said:
Are you using Snapdragon or Exynos?
Click to expand...
Click to collapse
Sir, I am using a
Galaxy Note 9
SM-N960F Internationals Unlocked
Alpine White
Exynos
Boot loader is TWRP and OEM Unlock is staying open permanently
I have all the hardware required, just need to overcome this software quirk so I can lock my phone when I’m not using it
dekalbcountyman said:
Bober, first of all thanks for taking YOUR TIME to respond - as a senior member I feel like we can make progress
No, my phone is not encrypted - there is no lock when booting up, just the Stock Samsung animation
I do not use any system encryption or anything like that. I’m a hardware first guy, and use a suite of my own private encrypted cloud software
I played with my Note 9 before I rotted cow TWRP + Magisk - all tutorials out there mentioned flashing various encryption/security zips which I have - I think those zoos are geared for Knox
After you root the phone, you cannot set any type of biometric security or pin or you will be stuck in a bootloop/lock loop as the device is unable to authenticate your pin
Click to expand...
Click to collapse
ive never seen this. what firmware are you on?
have you tried to download the very latest and completely wipe your phone? use samfirm tool 0.3.6 do dl the latest.
fill up all the slots with the md5 files u dled with samfirm and flash using odin( in csc slot use csc.md5 instead of home_csc.md5.)
go dl
magisk zip:
https://github.com/topjohnwu/Magisk/releases/download/v19.2/Magisk-v19.2.zip
and apk:
https://github.com/topjohnwu/Magisk/releases/download/manager-v7.2.0/MagiskManager-v7.2.0.apk
ketan oem fix +root
https://www.androidfilehost.com/?w=files&flid=281291
once back on latest stock firmware root again using twrp 3.2.x.x tar
flash it with odin but go to option and uncheck autoreboot
and flash twrp.tar in the AP slot.
once successful, manualy reboot phone to recovery( dont let it boot to homescreen! so hold vol up + Bixby +power
once in twrp swipe to get in recovery. go to wipe button and Format ( type yes) and go to reboot button and choose reboot to recovery
once back to recovery go again to wipe button and choose factory wipe.
once done flash dr ketan oem and root zip. ( within the aroma setup of that zip choose yes to both option for root and kernel)
once finished you can now flash the latest magisk.zip as dled earlier.
now reboot and setup your device. once done you can install magisk manger .apk that was dled earlier.
Bober, I did your steps exactly as described and used the links you provided and got it working w/ Biometric Security
I've flashed my phone like 20 times so the process took like 15 minutes max - this was also the first time I flashed all the files in the firmware download. Other guides out there tell me I only need to load the AP slot when flashing for this phone.
The "ketan oem fix +root" is the only security/system level zip I flashed using TWRP - besides looking like an early 2000s rootkit, the Terms of Use had an old version listed and said the binary was from 2015
I couldn't take screens, but everything went well when I checked the version
Thank You so much - in the future, will this root method hold for the life of the Note 9? Like when the new Android after Pie is released, will it be as simple as
1. Backing Up Phone
2. Flashing Android 10 Stock via Odin
3. Reflashing TWRP and Rooting
or is there a more streamlined approach to this? Thanks mate
dekalbcountyman said:
Bober, I did your steps exactly as described and used the links you provided and got it working w/ Biometric Security
I've flashed my phone like 20 times so the process took like 15 minutes max - this was also the first time I flashed all the files in the firmware download. Other guides out there tell me I only need to load the AP slot when flashing for this phone.
The "ketan oem fix +root" is the only security/system level zip I flashed using TWRP - besides looking like an early 2000s rootkit, the Terms of Use had an old version listed and said the binary was from 2015
I couldn't take screens, but everything went well when I checked the version
Thank You so much - in the future, will this root method hold for the life of the Note 9? Like when the new Android after Pie is released, will it be as simple as
1. Backing Up Phone
2. Flashing Android 10 Stock via Odin
3. Reflashing TWRP and Rooting
or is there a more streamlined approach to this? Thanks mate
Click to expand...
Click to collapse
actualy the root method that dr ketan created is just a way to bypass an issue that not all phones have(rmm state aka binaries error when booting.
but technically the method should be;
flash twrp, format, reboot again to recovery and flash official magisk .zip
you can also rely on rom developpers to flash their version instead of stock android via odin. this allows you to not always have to go through the twrp/root procedure each time and also rom devs include nice additional features.
anyways glad i could help.

Setup EU ROM with locked bootloader on K20 Pro Global ROM

Hi,
I read a tons of topics here, but more I read more it become unclear to me. I need your help to understand how it works, please.
Step-by-step:
I have bought my Redmi K20 Pro from AliExpress 1.5 years ago with Global ROM installed and unlocked bootloader initially
At the time when I was in Europe the biggest disadvantage using the device was that I couldn't set Google Pay to my device. Now I am in Indonesia and Google Pay is not commonly used here, so it's not the big problem now, but anyway, I would like to fix it.
Currently I am doing a lot of work in Instagram, and the huge problem I realized that my device doesn't work properly with Instagram stories. If I use in-app camera to record the story it looks laggy SO MUCH. Also if I am trying to upload pre-recorded video using native camera app to instagram story, video is still laggy and furthermore it's quality is horrible. Seems like it's compressed from 1080p to 360p. Just weeks ago another problem appears that uploading the videos > 15sec the Instagram app doesn't split it to the blocks (where you can add some notes/text/graphics separately to each block) but uploading as a multiple stories with a same graphics and text I selected before uploading. There are tons of complains about it and seems related exactly to this phone model, but still no solutions.
What I want to do is:
install EU ROM with a hope that Instagram will work properly there
Lock bootloader to setup Google Pay
Checking this forum and other resources I found the info that it's not always possible safely migrate to EU from GLOBAL. Furthermore, many people do not recommend to lock bootloader if it was unlocked.
The questions are:
Is it possible to do what I want safely? Migrate to EU ROM and lock bootloader
will EU ROM help me with instagram issue?
how can I do it?
can ROM migration somehow change the IMEI code? My device is registered in Indonesia, and according to new laws here, if the IMEA changes, I will need to register it again, and it could be a problem
Thank in advice. :angel:
I would suggest you to flash the best custom miui rom out there: Xiaomi EU. Visit the below link and read the rom features section to get an idea.
https://xiaomi.eu/community/threads/miui-12-0-stable-release.56191/
I'm suggesting this because, you can keep your bootloader unlocked and SafetyNet passes by default (Google Pay). Instagram will work properly and fyi, changing roms doesn't change IMEI unless you dont mess it up. Instead of TWRP, use OrangeFox recovery:
https://orangefox.download/device/raphael
BACKUP First before proceeding.
This is the download link for latest stable custom miui eu rom 12.0.5.0:
https://sourceforge.net/projects/xi...MI9TPro_V12.0.5.0.QFKCNXM_v12-10.zip/download
Thanks for your reply
Siddk007 said:
I'm suggesting this because, you can keep your bootloader unlocked and SafetyNet passes by default (Google Pay). Instagram will work properly and fyi, changing roms doesn't change IMEI unless you dont mess it up. Instead of TWRP, use OrangeFox recovery:
Click to expand...
Click to collapse
The instructions in a link you provided above are about TWRP usage. Should I just replace all steps related to TWRP with OrangeFox?
Also, there are some steps to unlock the bootloader. Should I skip it because bootloader is already unlocked in my case?
Siddk007 said:
BACKUP First before proceeding.
Click to expand...
Click to collapse
Is there some specific backup tool or I can still use my Google Account backup options? Is there any way to keep all my apps (or at least settings) after new ROM installed?
romahaaa said:
Thanks for your reply
The instructions in a link you provided above are about TWRP usage. Should I just replace all steps related to TWRP with OrangeFox? - YES
Also, there are some steps to unlock the bootloader. Should I skip it because bootloader is already unlocked in my case? - YES, skip it
Is there some specific backup tool or I can still use my Google Account backup options? Is there any way to keep all my apps (or at least settings) after new ROM installed?
Click to expand...
Click to collapse
- first of all copy all the files on your phone's internal storage to a pc/laptop.
- Google backup should work, but i'm not sure.
- Better to reinstall all the apps and set it up since, the rom is totally fresh and latest.
installation steps:
remove any password/pin if set.
After flashing orangefox recovery,
wipe system, data, cache, dalvik, vendor.
install rom. wait for atleast 15 mins to boot.
btw, is your system is encrypted?
Siddk007 said:
btw, is your system is encrypted?
Click to expand...
Click to collapse
Just checked - yes, it's encrypted. As I understand I need to disable it? Should I do it only for installation and after set it back encrypted?
Also, from the other instructions people recommend to logout from Mi account/Google account and remove pin code and fingerprints before flash operations.
romahaaa said:
Just checked - yes, it's encrypted. As I understand I need to disable it? Should I do it only for installation and after set it back encrypted?
Also, from the other instructions people recommend to logout from Mi account/Google account and remove pin code and fingerprints before flash operations.
Click to expand...
Click to collapse
If you want to disable it, you will have to format your data which will wipe your phone completely. Or you can leave it encrypted.
Yes, remove google/mi account and remove pin/password before flash.
Siddk007 said:
If you want to disable it, you will have to format your data which will wipe your phone completely. Or you can leave it encrypted..
Click to expand...
Click to collapse
Don't see any reason to disable it then if it's possible to change a ROM keeping that setting.
Will try run the process today-tomorrow
So, I did it spending tons of time.
Unfortunately Google Play app is still not visible in GooglePlay store, probably because of unlocked bootloader.
The tons of instructions I didn't find any detailed but simple enough. Here are some easy steps:
1. Make sure you got all suitable software and drivers installed. This needed to run terminal `fastboot` command, what is a part of google `developer_tools` package. In my case I had it before. To check, does it exist or not you can just run `adb -devices` in terminal and it shoul show you the list of android device connected by USB
2. Create a local backup using MIUI Back up and restore menu in settings. Same created backup folder on you PC
3. Remove all locks/fingerprints
4. Logout from Google account. I couldn't logout from Mi account, but that didn't affect somehow
5. Start flashing:
5.1. download Orange Fox and extract. We need only .img file from the archive
5.2. run `fastboot flash reboot` to allow device start in boot mode
5.2. run `flash recovery <path to recovery.img from Orange Fox>`
5.3. after completed, hold Volume - and power button until MI logo appear
5.4. copy Orange Fox zip archive to device internal storage, run the installation and reboot
5.5. crete a backup in Orange Fox
5.5. while in Orange Fox bootloader copy ROM zip archive to internal storage. Wipe the data: data, cache, dalvik. Wipe system and vendor if only you are sure what are you doing. I wiped because it's needed for "clean" install in my case. DONT reboot after.
5.6. Run ROM installation. After completed and you are still loaded automatically to Orange Fox, this means you need to format data partition. Select Menu > Partitions > Data in Orange Fox. Reboot. MIUI setup will start

Categories

Resources