Related
minusculeShield 1.0
So after some time, I decided that the 4.3 update is worth doing slight modifications, even without the native Shield Services and PC Streaming able to be done remotely. I have gotten used to using Limelight anyways, so I decided to update my basic modified stock Shield ROM
First, I updated to the latest OTA 68, then went from there, the features are as follows:
- Two versions of the ROM, one with OTA and one without
- Includes a alternative Calculator (RealCalc), Zeam Launcher, Adblock, Xposed Framework (Along with an Xposed Module for adding a Play Store link to App info, and GravityBox for various system tweaks), MX Player, and ES File Explorer
- All but the most essential "system" apps are removed
- All "Gapps" are using Slimroms 4.3 Minimal Gapps
- Koush's Superuser/Superuser Binaries pre-installed
Same installation process as 0.5, excluding need to select Advanced Restore, you can restore like a normal Nandroid without specifying partitions
As always, make sure you wipe System, Data, Cache, and Dalvik before installing
If you have problems with the OTA-exempt version trying to OTA, if it prompts you, it will do it once, and once you "apply" the update (which it will never actually apply) the notification will go away
minusculeShield 0.5[Nandroid-Backup]
So, this is not really a ROM, but a Nandroid backup of my system without any partition but "/system."
This is almost as stripped down as the stock Shield ROM you can get. I have removed all but literally the most essential apps, and also removed the OTA functionality.
The idea for making this was that I couldn't stream remotely anymore since OTA 63, which I promptly set out to fix. I soon realized it was a problem with the Android side of things, as using it on 4.1.2 or 4.2.2 with their respective apps for that release seemed to work fine. OTA 63 (and 64, which is basically the same release, just for those who couldn't install 63) made the local streaming much less productive, as I immediately noticed lagspikes and a load of other problems, which I had never encountered before.
So, in a basic sense, this backup after installed, keeps the ability to stream remotely without troubles of performance or re-connection problems, uses a much more lightweight version of Gapps (Slimrom's version to be exact). It is based on agrabren's TweakerROM 1.1.0, which is a 4.2.2 base, and uses the original TegraZone Dashboard. It again removes OTA, so updating is not an option.
So, when you do install this backup, your internal "/sdcard" storage should no longer need the "nvidia" and "shield" folder, and you can delete those. They will most likely be recreated by some Shield services.
So on to installing and basic rundown in-case you past the above message and just want a bulleted list:
Installation:
Assumes the following:
1. Unlocked Bootloader
2. CWM installed
Installation procedure:
1. Download attached ZIP, extract to your internal SD card ("/sdcard") using the folder structure of "/sdcard/clockworkmod/backup/<extract contents of ZIP here>"
2. Boot into CWM and select backup and restore
3. Choose advanced restore
4. Choose minisculeShield, then "system"
5. Factory reset, wipe cache, data, and dalvik
6. Reboot and enjoy
Information on changes to original 4.2.2 ROM and other info:
- Removes OTA system
- Improves performance of streaming using original Dashboard, Shield Services, and Shield PC Streaming applications
- All but the most essential "system" apps are removed
- All "Gapps" are using Slimroms 4.2.2 Build 8 version
- Koush's Superuser/Superuser Binaries pre-installed
Download:
Version 0.5
Version 1.0 (OTA Enabled)
Version 1.0 (OTA Removed)
This is great. Will give this a shot today or tomorrow. Thanks!
themichael said:
This is great. Will give this a shot today or tomorrow. Thanks!
Click to expand...
Click to collapse
I'm glad, I thought people would be trampling each other to get a hold of some sort of fix to the remote streaming issue. I guess not. I know I was SUPER disappointed by the latest update for that exact reason.
Let me know if you have any problems, questions, or concerns. I am very new here, but I have been working with Android for almost as long as it came into existence. I started with Android 2.1, so I have learned a lot. I'm also a Unix (mainly the Linux variety) guy, so that goes hand in hand with Android.
I still get notification prompts for ota.
themichael said:
I still get notification prompts for ota.
Click to expand...
Click to collapse
This prompt is a one-time thing, if you attempt the install it will fail and never prompt again. I attribute this to a probably data not being cleared for the actual OTA I removed before doing the Nandroid, but I assure you, I have never gotten it again, and never had to install it past that. Basically, if you attempt the install, it will not restart, but rather just disappear, and even upon restart will just boot normally. Let me know if you've tried that what happens, as I still am using this Nandroid, and since I did indeed attempt (and fail) installing that OTA, it has never prompted again, and stayed where it was during Nandroid in terms of system apps and such
jarjarfinks said:
This prompt is a one-time thing, if you attempt the install it will fail and never prompt again. I attribute this to a probably data not being cleared for the actual OTA I removed before doing the Nandroid, but I assure you, I have never gotten it again, and never had to install it past that. Basically, if you attempt the install, it will not restart, but rather just disappear, and even upon restart will just boot normally. Let me know if you've tried that what happens, as I still am using this Nandroid, and since I did indeed attempt (and fail) installing that OTA, it has never prompted again, and stayed where it was during Nandroid in terms of system apps and such
Click to expand...
Click to collapse
Seemed to work. I'll let you know if anything changes.
same here , ive been on the evo 3d for a long time and learned alot , ill keep you posted as much as i can
milk070 said:
same here , ive been on the evo 3d for a long time and learned alot , ill keep you posted as much as i can
Click to expand...
Click to collapse
Is it me, or does the new GFE render the PC running it as "Busy" regardless of the version of the Android side? It was working prior to the GFE update 1.7.1.0, I just had to use the version of the PC Streaming, Dashboard, and Nvidia Shield Services apps in this Nandroid. It seems Nvidia has found a way to render it "Busy" the same problem I had before, no matter what ROM you use
Please test, and let me know, as I will have to find another way
Will cyanogenmod 13 come to the kindle fire hd 7 (Tate)?
Yep, @BuQQzz and I (mostly him, haha) are working on porting CM13 to this device, as well as the 8.9" (jem). I'm not exactly sure when a usable build will be uploaded, but it should be in the not-so-distant future.
I'm running 12.1 on mine and even though the rom is very lean the Kindle is always running slow. I have 2 questions concerning this. One, based on what you're seeing so far during development, is the rom running at a better speed?
Two, what steps can I take to make sure I am running the best I can for the best results?
The system was wiped completely. I did a super clean install, I've made a backup and moved it to my desktop (in case I need to push it), and I usually only do an update about once every two weeks. Mainly due to the fact that I have to jump through all the hoops of reinstalling Google Play Services, Google games, and the SuperSU beta.
If there are other things you think may help please give suggestions and advice. I can add external storage, however at the moment I do not have an SD card in the slot. To me since storage and RAM are two different things I am thinking it would make little difference to add external storage since I have very few apps downloaded on it.
Jaybone073 said:
I'm running 12.1 on mine and even though the rom is very lean the Kindle is always running slow. I have 2 questions concerning this. One, based on what you're seeing so far during development, is the rom running at a better speed?
Two, what steps can I take to make sure I am running the best I can for the best results?
The system was wiped completely. I did a super clean install, I've made a backup and moved it to my desktop (in case I need to push it), and I usually only do an update about once every two weeks. Mainly due to the fact that I have to jump through all the hoops of reinstalling Google Play Services, Google games, and the SuperSU beta.
If there are other things you think may help please give suggestions and advice. I can add external storage, however at the moment I do not have an SD card in the slot. To me since storage and RAM are two different things I am thinking it would make little difference to add external storage since I have very few apps downloaded on it.
Click to expand...
Click to collapse
1) The ROM currently doesn't even boot up at this point. It's an issue with SELinux that we're working to resolve.
2) I would suggest that you avoid having too many apps on the device - doing so tends to make app optimization take longer (which usually occurs after an OTA or a manual cache wipe). Also, try not to have too many xposed modules or other android mods on your device - if modules or frameworks conflict with each other or the base system, system stability and speed can be negatively impacted. As for the issues with having to reflash gapps, xposed, etc. after an OTA, I use CM Downloader (which is available on the Play Store) to automatically handle flashing other zips after the CM base ROM.
You're right - storage and RAM are two different things. Unless you're low on storage and/or need to share files between multiple devices, I wouldn't see a need for an SD card. Also, I'm fairly certain that the 2012 HD 7" (tate) doesn't have an SD card slot (are you using a 5th generation device?). This discussion is for the 2012 HD 7" models, not for other (or later) models; flashing a ROM meant for another device can and most likely will brick your kindle.
monster1612 said:
1) The ROM currently doesn't even boot up at this point. It's an issue with SELinux that we're working to resolve.
2) I would suggest that you avoid having too many apps on the device - doing so tends to make app optimization take longer (which usually occurs after an OTA or a manual cache wipe). Also, try not to have too many xposed modules or other android mods on your device - if modules or frameworks conflict with each other or the base system, system stability and speed can be negatively impacted. As for the issues with having to reflash gapps, xposed, etc. after an OTA, I use CM Downloader (which is available on the Play Store) to automatically handle flashing other zips after the CM base ROM.
You're right - storage and RAM are two different things. Unless you're low on storage and/or need to share files between multiple devices, I wouldn't see a need for an SD card. Also, I'm fairly certain that the 2012 HD 7" (tate) doesn't have an SD card slot (are you using a 5th generation device?). This discussion is for the 2012 HD 7" models, not for other (or later) models; flashing a ROM meant for another device can and most likely will brick your kindle.
Click to expand...
Click to collapse
I stand corrected. There is no external slot. I was mistaking the back logo panel as a possible external storage cover. My son has had the device for quite some time and he asked dad (me) to give it the "works". The device was running atrocious and much slower than it does now. I've had it for about 2 months and after installing the 2nd bootloader, rooting, twrp recovery..... You get the idea, I had it very stable and clean. It's been running quite well on 12.1 and I am pleased to see development still happening for such an older device.
As far as apps go, I have only installed what he likes. A few games (about 4) and a couple of social ones like Instagram and facebook for him. The real slowdown was actually with Facebook continually not updating and having errors. A recent reboot has fixed that. It also appears that the occasional reboot is actually helping the rom settle in.
I had previously tried the CyanDelta Updater on the play store and it didn't work well. I will now give CM Downloader a try to see of that keeps me from having to reflash the GApps and other apk that seem to force close that I had previously mentioned.
Thanks for the quick response and advice.
Jaybone073 said:
I stand corrected. There is no external slot. I was mistaking the back logo panel as a possible external storage cover. My son has had the device for quite some time and he asked dad (me) to give it the "works". The device was running atrocious and much slower than it does now. I've had it for about 2 months and after installing the 2nd bootloader, rooting, twrp recovery..... You get the idea, I had it very stable and clean. It's been running quite well on 12.1 and I am pleased to see development still happening for such an older device.
As far as apps go, I have only installed what he likes. A few games (about 4) and a couple of social ones like Instagram and facebook for him. The real slowdown was actually with Facebook continually not updating and having errors. A recent reboot has fixed that. It also appears that the occasional reboot is actually helping the rom settle in.
I had previously tried the CyanDelta Updater on the play store and it didn't work well. I will now give CM Downloader a try to see of that keeps me from having to reflash the GApps and other apk that seem to force close that I had previously mentioned.
Thanks for the quick response and advice.
Click to expand...
Click to collapse
If you go into the CM Downloader app settings, you should be able to add in the zips (maximum of 6) you want flashed after a ROM update. Once that's complete, all you need to do is download an update and initialize the install process from within the app, and it'll handle flashing the zips. From personal experience on CM nightlies for jem (the 8.9" version), I tend to see stability break down after about 24 hours of device uptime without a reboot, so reboots do help significantly.
Any progress so far?
Pix12 said:
Any progress so far?
Click to expand...
Click to collapse
Currently, the generated zips take longer than cm12.1 to flash (but they still flash successfully). As for a functional ROM, that hasn't happened yet - it refuses to boot after about 5 seconds. last_kmsg says it's an SELinux issue.
THIS IS CURRENTLY NOT WORKING
A newer version is available here: https://forum.xda-developers.com/apps/supersu/suhide-lite-t3653855
suhide is an experimental (and officially unsupported) mod for SuperSU that can selectively hide root (the su binary and package name) from other applications.
Pros
- Hides root on a per-app base, no need to globally disable root
- Doesn't need Xposed
- Even supports SuperSU's ancient app compatibility mode (BINDSYSTEMXBIN)
- Passes SafetyNet attestation by default on stock ROMs (last officially tested on 2016.10.07)
Cons
- Ultimately a losing game (see the next few posts)
- No GUI (at the moment) - Unofficial GUI by loserskater
Requirements
- SuperSU v2.78 SR1 or newer (link)
- SuperSU installed in systemless mode
- Android 6.0 or newer
- TWRP (3.0.2 or newer, with access to /data - link!) or FlashFire (link)
Xposed
Xposed is not currently officially supported, but if you want to use it directly, you must be using @topjohnwu 's systemless xposed v86.2 exactly (attached at the bottom). It seems to mostly work during my non-extensive testing, but there are still some performance issues (both boot-time and run-time). Proceed with caution, expect bootloop.
Alternatively, there are some reports that the latest Magisk version + the latest systemless xposed (for Magisk) also works. I have not personally tested this.
CyanogenMod
I've personally tested with CM13 on i9300 without issue, however, several users are reporting it doesn't work for them. Proceed with caution, expect bootloop. Also, aside from just flashing SuperSU, you need to make sure /system/bin/su and /system/xbin/su are removed, or CM's internal root will still be used.
Usage
Install/Upgrade
- Make sure you have the latest SuperSU version flashed in systemless mode
- Make sure you are using the latest TWRP or FlashFire version
- Remove any and all Xposed versions
- If you have been having issues, flash suhide-rm-vX.YY.zip first, and note that your blacklist has been lost.
- Flash the attached suhide-vX.YY.zip
- If you are upgrading from suhide v0.16 or older, reflash SuperSU ZIP, and note that your blacklist has been lost.
- Optionally, flash the Xposed version linked above, and pray
At first install SafetyNet is automatically blacklisted.
If you have just flashed a ROM, it is advised to let it fully boot at least once before installing suhide.
Uninstall
- Flash the attached suhide-rm-vX.YY.zip. The version may appear older, the uninstall script doesn't change very often.
Blacklisting an app
You need the UID (10000 to 99999, usually 10xxx) of the app, which can be tricky to find, or the process name. There may be a GUI for this at some point.
(Note that all commands below need to be executed from a root shell)
If you know the package name, ls -nld /data/data/packagename will show the UID - usually the 3rd column.
Similarly, for running apps, ps -n | grep packagename will also show the UID - usually the 1st column.
Note that the process name is often the same as the package name, but this is not always the case. UID is more reliable for identifying a specific app, and it is also faster than blocking based on process names.
When you know the UID or process name:
Add to blacklist: /su/suhide/add UID or /su/suhide/add processname
Remove from blacklist: /su/suhide/rm UID or /su/suhide/rm processname
List blacklist: /su/suhide/list
All running processes for that UID or process name need to be killed/restarted for su binary hiding. For SuperSU GUI hiding, the device needs to be restarted. I recommend just (soft-)rebooting your device after making any changes.
Please keep in mind that many apps store their rooted state, so you may need to clear their data (and then reboot).
Integration into SuperSU
This mod isn't stable, and probably will never be (see the next few posts). As SuperSU does aim to be stable, I don't think they're a good match. But who knows, it all depends on how things progress on the detection side.
Detections
This mod hides the su binary pretty well, and does a basic job of hiding the SuperSU GUI. The hiding is never perfect, and suhide itself is not undetectable either. This will never be a perfectly working solution.
Debugging bootloops
- Get your device in a booting state
- Make sure you have TWRP or a similar recovery
- Install LiveBoot (link)
- If you are not a LiveBoot Pro user, enable the Freeload option
- Enable the Save logs option
- Recreate the bootloop
- In TWRP, get /cache/liveboot.log , and ZIP+attach it to a post here.
Download
Attached below.
Any rm version should work to uninstall any suhide version.
There may be multiple versions of suhide attached, please look carefully which one you are downloading!
YOU ARE EXPLICITLY NOT ALLOWED TO REDISTRIBUTE THESE FILES
(pre-v0.51: 17410 downloads)
Hiding root: a losing game - rant du jour
Most apps that detect root fall into the payment, banking/investing, corporate security, or (anit cheating) gaming category.
While a lot of apps have their custom root detection routines, with the introduction of SafetyNet the situation for power users has become worse, as developers of those apps can now use a single API to check if the device is not obviously compromised.
SafetyNet is of course developed by Google, which means they can do some tricks that others may not be able to easily do, as they have better platform access and control. In its current incarnation, ultimately the detection routines still run as an unprivileged user and do not yet use information from expected-to-be-secure components such as the bootloader or TPM. In other words, even though they have slightly more access than a 3rd party app, they still have less access than a root app does.
Following from this is that as long as there is someone who is willing to put in the time and effort - and this can become very complex and time consuming very quickly - and SafetyNet keeps their detection routines in the same class, there will in theory always be a way to beat these detections.
While reading that may initially make some of you rejoice, this is in truth a bad thing. As an Android security engineer in Google's employ has stated, they need to "make sure that Android Pay is running on a device that has a well documented set of API’s and a well understood security model".
The problem is that with a rooted device, it is ultimately not possible to guarantee said security model with the current class of SafetyNet tamper detection routines. The cat and mouse game currently being played out - SafetyNet detecting root, someone bypassing it, SafetyNet detecting it again, repeat - only serves to emphasize this point. The more we push this, the more obvious this becomes to all players involved, and the quicker SafetyNet (and similar solutions) will grow beyond their current limitations.
Ultimately, information will be provided and verified by bootloaders/TrustZone/SecureBoot/TIMA/TEE/TPM etc. (Samsung is already doing this with their KNOX/TIMA solutions). Parts of the device we cannot easily reach or patch, and thus there will come a time when these detection bypasses may no longer viable. This will happen regardless of our efforts, as you can be sure malware authors are working on this as well. What we power-users do may well influence the time-frame, however. If a bypass attains critical mass, it will be patched quickly.
More security requires more locking down. Ultimately these security features are about money - unbelievably large amounts of money. This while our precious unlocked bootloaders and root solutions are more of a developer and enthusiast thing. While we're all generally fond of shaking our fists at the likes of Google, Samsung, HTC, etc, it should be noted that there are people in all these companies actively lobbying to keep unlocked/unlockable devices available for us to play with, with the only limitation being that some financial/corporate stuff may not work if we play too hard.
It would be much easier (and safer from their perspective) for all these parties to simply plug that hole and fully lock down the platform (beyond 3rd party apps using only the normal APIs). Bypassing root checks en masse is nothing less than poking the bear.
Nevertheless, users want to hide their roots (so do malware authors...) and at least this implementation of suhide is a simple one. I still think it's a bad idea to do it. Then again, I think it's a bad idea to do anything financial related on Android smartphone that isn't completely clean, but that's just me.
Note that I have intentionally left out any debate on whether SafetyNet/AndroidPay/etc need to be this perfectly secure (most people do their banking on virus ridden Windows installations after all), who should get to decide which risk is worth taking, or even if Google and cohorts would be able to design the systems more robustly so the main app processor would not need to be trusted at all. (the latter could be done for Android Pay, but wouldn't necessarily solve anything for Random Banking App). While those are very interesting discussion points, ultimately it is Google who decides how they want this system to work, regardless of our opinions on the matter - and they want to secure it.
--- reserved ---
Changelogs
2016.10.10 - v0.55 - RELEASE NOTES
- Some code cleanup
- Support for blocking based on process name
- Should fix some crashes (requires uninstall/reinstall to activate)
2016.10.07 - v0.54 - RELEASE NOTES
- Fix for latest SafetyNet update
2016.09.19 - v0.53 - RELEASE NOTES
- Haploid container (monoploid)
2016.09.18 - v0.52 - see v0.51 release notes below
- Fix root loss on some firmwares
2016.09.18 - v0.51 - RELEASE NOTES
- Complete redesign
- Zygote proxying (haploid)
- Binder hijacking (diploid)
- su.d instead of ramdisk modification
- Xposed supported (-ish)
2016.09.04 - v0.16 - RELEASE NOTES
- Fix some SELinux access errors
- Should now work on devices that ask for a password/pattern/pin immediately at boot - for real this time!
- Binderjacking improvements for Nougat
2016.08.31 - v0.12 - RELEASE NOTES
- Fix some issues with suhide-add/rm scripts
- Fix not working at all on 32-bit devices
- Should now work on devices that ask for a password/pattern/pin immediately at boot
- Rudimentary GUI hiding
- No longer limited to arm/arm64 devices: support for x86/x86_64/mips/mips64 devices added
2016.08.29 - v0.01
- Initial release
As always thank you Chainfire! I will try and edit this post.
Edit @Chainfire this seems to work for enabling Android Pay! I didn't get the chance to actually pay yet. But it did let me add my card and did not display the message about a failed authorization of Android check! Before I couldn't even get past that first screen.
Edit 2: @Chainfire It seems to of had an adverse effect on Snapchat. I cleared cache on the app, uninstalled and reinstalled and restarted. It kept Force closing after a photo no matter what. I used suhide-rm and it seems to have fixed the app from any issues. Thanks again and hopefully we'll get you some more reports. Either way your solution works!
Tested on stock rooted 7.0 Nexus 6p.
@Chainfire
What was your reason for doing this project?
Sent from my Nexus 6P using XDA-Developers mobile app
Ofthecats said:
What was your reason for doing this project?
Click to expand...
Click to collapse
For building it, curious if the method I came up with would work well. For releasing, if others are doing it, join them or be left behind.
I'm assuming with custom ROM android pay still won't work right?
HamsterHam said:
I'm assuming with custom ROM android pay still won't work right?
Click to expand...
Click to collapse
I'd just give it a try. It's spoofing the specific app, not the entire ROM that matters. It's fairly simple to try.
Installed on LG G4 w/ V20g-EUR-XX update and rerooted with TWRP 3.0.2-0 and SuperSU-v2.76-2016063161323. seems to be working fine, for the moment. Thank you for the update.
So far so good, I was able to add card to android pay. I would try using it during lunch and report back. Again, thanks for the continuous hard work.
djide said:
So far so good, I was able to add card to android pay. I would try using it during lunch and report back. Again, thanks for the continuous hard work.
Click to expand...
Click to collapse
What was the UID or process you found to blacklist it with?
Sent from my ONEPLUS A3000 using Tapatalk
how to install it? which file should I flash ? Both?
I can't see to add an app using terminal.
I'm typing in
/data/adb/suhide-add 10284
Says file not found. Can someone help, cheers.
Joshmccullough said:
What was the UID or process you found to blacklist it with?
Click to expand...
Click to collapse
Android Pay comes blacklisted out-of-the-box
HamsterHam said:
I can't see to add an app using terminal.
I'm typing in
/data/adb/suhide-add 10284
Says file not found. Can someone help, cheers.
Click to expand...
Click to collapse
Are you in Android or TWRP ?
ls -l /data/adb/
Chainfire said:
Android Pay comes blacklisted out-of-the-box
Click to expand...
Click to collapse
Derp. That's what I get for not reading the entire sentence under 'Install' in the OP......thanks!
PedroM.CostaAndrade said:
how to install it? which file should I flash ? Both?
Click to expand...
Click to collapse
Please don't quote a large post like that just to ask a single question.
Please read the first post, so you know what to do.
OnePlus 2 here, stock 6.0.1, systemless rooted with SuperSU Pro v2.76, flahed using Flashfire.
Passes SafetyNet check, does not pass my bank's root check, propably for the reasons the OP states above.
thdervenis said:
OnePlus 2 here, stock 6.0.1, systemless rooted with SuperSU Pro v2.76, flahed using Flashfire.
Passes SafetyNet check, does not pass my bank's root check, propably for the reasons the OP states above.
Click to expand...
Click to collapse
You need to blacklist the UID for your bank. Directions are in the OP.
Hi everyone,
I have a Sony Z3 compact I just received, model D5803 running Android 6.0.1 with Firmware 23.5.A.0.575.
I really dislike Google and want to run a phone with the minimum of proprietary software (I guess blobs to communicate with the hardware are mandatory). I guess AOSP (any version, but a recent one would be better ) with F-Droid is a good solution.
Unfortunately when checking the sony website but it tells my the bootloader is not unlockable. What should I do? I'm running Ubuntu and have adb and fastboot installed.
I found [this topic](https://forum.xda-developers.com/z3-compact/general/recovery-root-mm-575-lb-t3418714) which tells it roots the phone (and has a GNU/Linux script) but how does that help me to install a Rom, for example the AOSP provided by Sony at /open-devices/list-of-devices-and-resources/ if the bootloader is still locked? What are TWRP and busybox, is that supposed to help?
Flaburgan said:
I found [this topic](https://forum.xda-developers.com/z3-compact/general/recovery-root-mm-575-lb-t3418714) which tells it roots the phone (and has a GNU/Linux script) but how does that help me to install a Rom, for example the AOSP provided by Sony at /open-devices/list-of-devices-and-resources/ if the bootloader is still locked? What are TWRP and busybox, is that supposed to help?
Click to expand...
Click to collapse
TWRP is a custom recovery that allows you to flash a ROM and other files, that are stored on the normal internal or external storage.
Busybox is a binary that gives you command line tools that are often included in a Linux install and some of which aren't included on normal Android. These are commands that other things may make use of, or that you can make use of at a terminal app or run from Tasker or similar app.
You want to look at backing up your TA partition, which stores your DRM keys, before unlocking the bootloader to install a custom ROM because some functionality, camera quality and anti-distortion, sound quality, and some other stuff which I don't remember, won't work if you go back to the stock ROM unless you have these keys backed up and then restored later. You need to unlock the bootloader in order to flash a custom ROM and doing this erases, permanently, these DRM keys, so they need to be backed up and then put back later if you relock the bootloader and flash a stock ROM.
If you look in the Original Development section, Jaguar Aries ROM has no Google Apps, had the latest patches up to Febuary, and had the best battery life of any custom ROM I've seen for this phone, right on par with stock. There are some builds of Lineage OS that are probably closer to being up to date as well and may have a better camera than Jaguar. The developer of Jaguar has moved on to another phone. That said, if you aren't experienced and don't know what TWRP is, then installing it is an extra step from other ROMs as well since it requires you to setup a firewall app to permit connections on data or wifi before you can use the wifi or data at all. I doubt Lineage OS has this, but presume that battery life would not be good.
Also, if you install microg apps, you can still use things such as cell and wifi based location, google push services, and ... I don't remember what else, however it hasn't been updated recently and many apps will complain and refuse to run saying that you need to update google play services, especially annoying for anything that uses push especially. Microg essentially sits in the place of where some functionality of Google Apps would and fills in some blanks.
When you don't have Google Apps installed, many paid apps will refuse to run as well, specifically the ones you paid for, because they can't verify the purchase with Google servers. There should be a **** list for any developers that don't cooperate when this is a problem for a user. I've only had one app developer help me on this, ever.
Thanks for your detailed answer!
You need to unlock the bootloader in order to flash a custom ROM and doing this erases, permanently, these DRM keys, so they need to be backed up and then put back later if you relock the bootloader and flash a stock ROM.
Click to expand...
Click to collapse
Does that mean that I can't use the DRM keys with another ROM? So I will never have the full quality of my hardware? Would using the AOSP rom provided by Sony solve that problem?
On which version of Android Jaguar Aries ROM is based? I searched for a lineageOS image but didn't find any for the Z3 Compact.
I had another z3c which died and was running Firefox OS, I'm fine with not having access to the Google Play store, I plan to install F-Droid and use only FOSS apps. In fact I would even prefer to go back to Firefox OS even if it is not maintained anymore, its UX is so much better than Android... That said, thanks for telling me about Microg, I didn't know it and that's true that many apps use Play services especially for push. Even Signal had that as a dependency (fortunately not anymore). Still, I would avoid any data coming out from my phone to by sent to Google servers, so I will probably avoid it.
Flaburgan said:
Thanks for your detailed answer!
Does that mean that I can't use the DRM keys with another ROM? So I will never have the full quality of my hardware? Would using the AOSP rom provided by Sony solve that problem?
On which version of Android Jaguar Aries ROM is based? I searched for a lineageOS image but didn't find any for the Z3 Compact.
I had another z3c which died and was running Firefox OS, I'm fine with not having access to the Google Play store, I plan to install F-Droid and use only FOSS apps. In fact I would even prefer to go back to Firefox OS even if it is not maintained anymore, its UX is so much better than Android... That said, thanks for telling me about Microg, I didn't know it and that's true that many apps use Play services especially for push. Even Signal had that as a dependency (fortunately not anymore). Still, I would avoid any data coming out from my phone to by sent to Google servers, so I will probably avoid it.
Click to expand...
Click to collapse
When you unlock the bootloader the DRM keys get erased permanently, so you'd need to root the phone and back up the partition where they are held before unlocking it. As far as I know, every custom ROM needs to have the bootloader unlocked. If there is an alternative way to install a ROM on a locked bootloader then it would be one of those scenarios where its installed while keeping the stock one, and I don't know if this has been done on the Z3c or not.
I also don't know if Sony's AOSP requires unlocking the bootloader or not.
Jaguar is based on 5.1.1
Its a mix of AOSP, Lineage, and was getting monthly backports of the latest security patches until Febuary when the developer no longer had a Z series phone for his own use. The only criticism it met was that the developer never released the source code for the entire ROM, just the kernel. He never replied to why that was. A lot of the custom ROMs out there are like this, so its still a case of who you choose to trust when it comes to this a lot of times. I liked it because the battery life was really good and assuming the security was what was advertised then that was also a real plus.
Many apps, by the way, were working fine with microg push but then with updates to apps, they complained about needing to update google services framework, which obviously was spoofed and microg hasn't been updated, and it happened to a lot of apps in a short period of time, so I assume there was a change enforced by Google for their requirements in the Play Store. If you just want it for location, for example if you use Osmand maps, then you don't have to enable the feature for push notifications nor have a google account associated with the phone, and it all works as user installed apps, so it can be undone without any real fear of the system getting modified after you try it out. There's a microg repo that can be added to fdroid. The location is based on either databases you download to the phone, which aren't very good, or also you can opt for cell location from Mozilla servers, and if you have to have wifi based location as well then you can hook into the Apple servers but the latter doesn't sound like something you want, if you want to do any of it at all that is.
I think most likely that GPS location would work without any need for microg.
The post you linked to with the Linux script installs TWRP to the /data partition, then you root it, then you back up the DRM keys after its rooted, then unlock the bootloader, install normal TWRP, and go from there. In Linux you'lle want to use the dd command to back up the DRM keys as all that's available on the forum is a Windows script (I think). There is info on it somewhere but it would be hard to find it. If you search my posts the thread will come up somewhere in the history. Anyway, the reason I broght this up is because the script in the thread for installing TWRP and rooting didn't work properly. I don't remember why, but I had to go through it line by line and enter the commands in from a termnial to get it right, I think there was some bad syntax. If you can't figure it out, quote one of my posts and ask, that way I get a notification that I was replied to, I think I have a fixed version of it on my drive somewhere if it causes a problem.
For the DRM keys you want to backup the TA partition bit for bit to a file. I backed up my Fota partition as well as I was unclear what role it plays. You also want to keep a copy of that particular Sony ROM file, and the two kernels involved, to flash with Flashtool in case you relock and restore so you can get root access to restore the partition while the bootloader is locked again.
May I ask why are you going FOSS only? if that's because privacy concerns, then FF OS is not the best solution... Because any Cloud-based OS is a little bit creepy, doesn't matter if it's ChromeOS from Google, or FirefoxOS from Mozilla.
There are plenty of Linux distros dedicated to run on Android phones, but it's not the best UX.
And yes, you can enjoy clean AOSP install (LOS is fine) without flashing G-Apps. But you won't have Google play at all! F-Droid is fine but you won't find there Gmail alternatives, you can't find Gmail even on Amazon AppStore... Sadly if you install Gmail then you'll find out that it installed bunch of google apps and hidden services behind the scenes... So only option is to use Gmail web app.
But then again, F-Droid is fine, there are many FOSS alternatives to youtube and other apps.
And if privacy (and security) is your concern, use LOS privacy guard / Android's builtin Permission Manager, and on Rooted ROMs you can use AFwall firewall which is the best.
Good luck
GadgetAvi said:
Because any Cloud-based OS is a little bit creepy, doesn't matter if it's ChromeOS from Google, or FirefoxOS from Mozilla.
Click to expand...
Click to collapse
Firefox OS is not a Cloud-based OS at all. It runs perfectly without internet connection.
GadgetAvi said:
F-Droid is fine but you won't find there Gmail alternatives, you can't find Gmail even on Amazon AppStore...
Click to expand...
Click to collapse
Be sure that if I don't want Google on my phone, my e-mails are already **not** on GMail...
Ok, if so, then you'll be fine with any AOSP clean rom. LOS is great, and F-Droid as well. Cheers!
PantsDownJedi said:
The post you linked to with the Linux script installs TWRP to the /data partition, then you root it, then you back up the DRM keys after its rooted, then unlock the bootloader, install normal TWRP, and go from there. In Linux you'lle want to use the dd command to back up the DRM keys as all that's available on the forum is a Windows script (I think).
Click to expand...
Click to collapse
I ran the commands and the phone is now booted on TWRP from the /data partition. I did a backup with TWRP of all proposed options (Boot, TrimArea, Recovery, System, Cache and Data). Is that "TrimArea" enough to have a backup of the DRM keys? The other topic talks about Backup-TA but looking at their github https://github.com/DevShaft/Backup-TA/releases it looks very old and unmaintained.
The current TWRP I'm running is 3.1.0-0.
Also, it looks like I'm not root (at least, su is not available). Do I have to install SuperSu by giving this zip https://download.chainfire.eu/696/supersu/ to TWRP?
Flaburgan said:
I ran the commands and the phone is now booted on TWRP from the /data partition. I did a backup with TWRP of all proposed options (Boot, TrimArea, Recovery, System, Cache and Data). Is that "TrimArea" enough to have a backup of the DRM keys? The other topic talks about Backup-TA but looking at their github https://github.com/DevShaft/Backup-TA/releases it looks very old and unmaintained.
The current TWRP I'm running is 3.1.0-0.
Click to expand...
Click to collapse
I don't know. I haven't looked at a TWRP backup to see what format it is. Back when Clockwork Mod was all that was available, it merely made a tar.gz of partitions. Ideally you want a bit for bit image of the TA partitions to make sure it was exactly what it was when you restore it. I don't know if that's necisarry, or if TWRP does this anyway, but using the dd command is still prudent.
You want to either use a terminal emulator app or run 'adb shell' at a linux terminal (much easier), run 'su' once in the phone environment, allow it at the phone supersu app popup, and then do it like this.
https://forum.xda-developers.com/showpost.php?p=61307511&postcount=6
And store a copy of the image file where it won't get lost.
Edit: Sorry, I didn't see the other post. Yes, you need to flash that supersu zip file. When you try to access root from an app or the command line, it will have a popup on the phone screen asking you if you want to allow access or not, so when you run it from a terminal, 'adb shell' to get into the phone OS, there will be a popup for allowing that often times. Then 'su' there's a popup from the supersu app you just flashed. Then 'cd' to the sdcard or external sd. Then the 'dd' command. The dd command in what I linked to is inevitbaly what all those .bat files in the Windows TA Backup thing does after it does a bit of looking around to find the TA partition for a particular phone model.
The md5sum part of what I linked to compares the partitionn itself to the image file you just wrote, you just look at it to see that there are two of them (that it didn't fail) and that they are the same.
The last part pulls the image file to the hard drive, but there are other ways to accomplish this obviously. If you have a cloud storage you can upload it there, or send it as an email attahment, put it on the external sd, etc etc.
Also, in many cases, once you unlock the bootloader to flash something else, you'lle need to install TWRP again from the command line, pushing it straight to a phone partition. You'lle need help with this if you haven't done it before.
I'm at my wits end trying to get Magisk back!
(The backstory is that I had been running a DirtyUnicorns OS for a year just fine, but then Pokemon Go started failing to login. So it was time to update.)
Using a Samsung Tab 4 (SM-T330NU)
Formatted and installed stock OS/boot
Used Odin to flash "twrp-3.0.0-3"
Used TWRP recovery to update to "twrp-3.3.1-0"
Installed "Lineage OS 17" (and added Gapps) - made sure it booted and all was well
Booted into TWRP recovery and installed the latest "Magisk-v20.4"
Wiped cache and rebooted
Installed the latest "MagiskManager-v7.5.1" and got "Magisk is not installed"
After a great deal of searching I learned how this is supposed to be corrected:
Took the boot.img from the Lineage OS 17 zip,
Used Magisk to patch it, creating "magisk_patched.img"
Used TWRP recovery to install "magisk_patched.img" to the boot section
Wiped cache and rebooted
Still getting "Magisk is not installed"
Booted into TWRP recovery and installed the latest "Magisk-v20.4" just in case
Still getting "Magisk is not installed"
This is all after roadblocks for hours a day for a week trying to pass safetynet using Magisk on Lineage OS 16 for about a week, so I thought this fresh start would be easier and now I'm pulling my hair out.
Any suggestions would be helpful. I just want to be able pass safetynet and my ctsProfile match fails. Which I can't even begin to work on without Magisk core.
Thanks in advance.
First thing I would check is if the Manager is installed to external/adoptable storage. The Manager can't work properly like that...
https://www.didgeridoohan.com/magisk/Magisk#hn_Magisk_not_installed
Didgeridoohan said:
First thing I would check is if the Manager is installed to external/adoptable storage. The Manager can't work properly like that...
https://www.didgeridoohan.com/magisk/Magisk#hn_Magisk_not_installed
Click to expand...
Click to collapse
Thanks for the quick reply!
How do I check to see where it's installed and/or reinstall it to the proper storage? Because that could be it.
There's no SD card or USB device plugged in and I couldn't find more information online (I even scoured didgeridoohan.com before posting here).
Also, and this may be helpful, it appears the device is not rooted. Fx file explorer and root checker apps confirm this. So it's possible even with the steps I followed that Magisk core really isn't installed and the apk is telling the truth (I'm just at a loss to know how that's possible after flashing the zip and flashing the patched boot file, both in twrp).
If you have no SD card installed adoptable storage won't be an issue.
You can easily verify through TWRP if the core Magisk files have been installed. Check in /data/adb/magisk. It should contain busybox, magisk, magiskboot and magiskinit binaries, together with addon.d, boot_patch and util_functions scripts.
Seeing the recovery log from when you attempt to install the Magisk zip in TWRP might show us something. Also try the could also be a good idea trying the Canary release to see if there's any difference from stable v20.4.
(This thread can be locked/(closed?)/answered)
I tried my damnedest and nothing worked. So I wiped/formatted lineage-17.1-20200512 and installed lineage-17.1-20200419. THIS was the ease with which I was accustomed to installing Magisk (Recovery install and immediately working on boot). Sadly, other problems abound and they are outside the scope of this subforum.
Just in case anyone reads this and cares:
- GPS Joystick was a no-go because apparently Lineage has a not-so-nifty feature that blocks the "draw over apps" android feature if your RAM is below some secret threashhold, which prevents the entire app from functioning.
- Fake GPS can take getting used to, and I'm used to it and love it, but the location and routing keeps crashing in the background, which means pogo closes when I tab back to start it back up again.
- Regardless of which I use I am rubberbanding back to my house... despite using all the tricks I can find or think of (yes, including 'smali patcher', specific app settings, systemizing the GPS app, setting off/on mock locations, etc)... but I think it's because this OS has no unique setting for the GPS data to be "device only".
Problems one and two are due to the ****ty ram on this Samsung tablet, which I've always known was an issue, so I suppose it might just be time to buy a phone specifically for this purpose. From what I read, the best cost effective option is an iPhone SE, and I'm truly not an Apple fan (I certainly would not risk my own phone being bricked or even merely wiped).
Not sure how I used it for the last year without this many issues, but it seems like that's over now unless I want to deal with DirtyUnicorn OS again, and that was it's own nightmare sometimes.
Thanks all for reading, but especially Didgeridoohan for replying and for all the resources on your pages and threads.