[Q] From TWRP back to stock Recovery & locked Bootloader, keeping root & Custom ROM?
Hey everyone,
around new years eve I found out that the Android Device Manger's remote wipe is not secure enough for my needs, as it doesn't wipe the data (pictures, app data etc.) on the virtual "sdcard" of the HTC One's storage. So a potential thief could easily access my Custom Recovery and simply by flashing a custom ROM gain access to the data.
I described the problem in more detail over here: http://forum.xda-developers.com/showthread.php?t=2598154
While unlocking a friend's phone I noticed that during the "fastboot oem unlock" procedure all data is wiped from the device. Something I totally forgot about.
This behavior is exactly what I want if my device gets stolen.
I can accept the hassle to deal with a temporary custom recovery or ways to perform an online nandroid, without the comfort of a Custom Recovery and having to lock the Bootloader again after every Custom ROM upgrade. (Yes, it will be a pain in the b*ttocks, but I want my data to be inaccessible.)
What do I have:
HTC One (international GSM version)
HTCdev.com unlocked
SuperCID
TWRP as Custom Recovery
Rooted CustomRom (SinLess in my case) installed
What I want:
Bootloader to be locked (so that you can't simply flash a Custom Recovery)
Stock Recovery (so that you can't simply flash a Custom ROM)
being able to make a nandroid backup, before unlocking again
keeping root and the Custom ROM
keeping SuperCID (req. for SinLess)
I don't want to make a mistake, so I am asking for some guidance. :angel:
I am assuming correctly that just flashing the Stock Recovery image is enough to get rid of TWRP?
I know that this temporary loading of a Recovery was a thing some time ago (HTC Desire), but I haven't looked into it for years now.
Is this still possible and how do I do it? Does this allow me to perform a nandroid backup with a locked bootloader?
Otherweise: If my bootloader is locked and my recovery reverted to stock, is there a way to nandroid backup my HTC One? I know about the App "Online Nandroid" (Play Store Link) that allows to perform a nandroid backup on a rooted phone without booting to recovery. Does it work with the HTC One?
What happens if I "relock" this htcdev.com unlocked phone? Will I simply be able to use "fastboot oem unlock" (followed by a full wipe) to unlock the bootloader again? Or are there more strings attached, like requiring htcdev.com again or any other problems?
Is the CID setting affected by any of this?
Am I missing something else?
Will the following routine be my way to go if I want to flash something (ROM, Kernel etc.)?
Backup Apps: Titanium Backup
Perform full nandroid Backup (App: Online Nandroid?)
Pull nandroid Backup, Titanium Backup Files and all Data from /sdcard/
Unlock phone --> result: full wipe of device (no big deal, as everything is backed up)
Flash Custom Recovery
Push Installation files for (rooted) Custom ROM, Kernel etc.
Push Titanium Backup Files
Install (rooted) Custom ROM, Kernel etc.
Boot Phone, set it up as usual and restore Titanium Backup
Push Data back to /sdcard/
Flash Stock Recovery
Relock Bootloader
Is this correct?
Or did I miss something?
Thanks in advance
noone? :angel:
I would highly appreciate any guidance on this. Thanks in advance
spaboleo said:
noone? :angel:
I would highly appreciate any guidance on this. Thanks in advance
Click to expand...
Click to collapse
Well, instead of doing what ur trying to do, you can encrypt the phone. A full phone encryption will prevent any changes made to any of the phone partitions. Thus, a ROM cannot be flashed in TWRP recovery, which serves your purpose and is easier than what u mentioned. However, decryption will factory reset the phone.
To answer your points:
1. Yes, flashing the Stock Recovery image will get rid of TWRP. But, im not 100% sure whether the ROM will work properly on stock recovery
2. You can definitely load a recovery without flashing it. Not tried on a locked bootloader. Sorry
3. Not sure whether the Root will be maintained after locking the bootloader and flashing stock recovery. If it is, then the Online Nandroid will definitely work
4. No strings attached. oem unlock will definitely do the trick
5. Nope, u will still be S-OFF. No CID is changed
spaboleo said:
no one?
Click to expand...
Click to collapse
Since you have s-off just use revone to unlock the bootloader without wiping data.
Procedure to lock things down:
Code:
fastboot flash recovery stock_recovery.img
fastboot oem lock
Procedure to return to unlocked/custom recovery:
Code:
adb push revone /data/local/tmp
adb shell
su
cd /data/local/tmp
chmod 755 revone
./revone -u
reboot bootloader
fastboot flash recovery twrp_recovery.img
You could also do revone with file explorer and terminal emulator and then flash TWRP directly in the OS using Flashify. This would allow you to return to unlocked with custom recovery without needing a computer.
raghav kapur said:
Well, instead of doing what ur trying to do, you can encrypt the phone. A full phone encryption will prevent any changes made to any of the phone partitions. Thus, a ROM cannot be flashed in TWRP recovery, which serves your purpose and is easier than what u mentioned. However, decryption will factory reset the phone.
To answer your points:
1. Yes, flashing the Stock Recovery image will get rid of TWRP. But, im not 100% sure whether the ROM will work properly on stock recovery
2. You can definitely load a recovery without flashing it. Not tried on a locked bootloader. Sorry
3. Not sure whether the Root will be maintained after locking the bootloader and flashing stock recovery. If it is, then the Online Nandroid will definitely work
4. No strings attached. oem unlock will definitely do the trick
5. Nope, u will still be S-OFF. No CID is changed
Click to expand...
Click to collapse
Thank you
Well I looked into encryption and it would require to use a PIN or Password lock instead of the Patternlock I prefer.
There was some mod that derived a PIN from a pattern input to work around this limitation, but I don't think it's the best idea to fiddle around with system files of that level.
But after reacing cschmitt's post, about the fact that there is a way to unlock the bootloader without wiping, my whole thoughts from the initial post are pointless
I guess using Android encryption is the only way.
Is it possible to use phone encryption together with location-based (wifi-based) disabling of the encryption using the "SecureSettings Plugin" for Tasker?
cschmitt said:
Since you have s-off just use revone to unlock the bootloader without wiping data.
Procedure to lock things down:
Code:
fastboot flash recovery stock_recovery.img
fastboot oem lock
Procedure to return to unlocked/custom recovery:
Code:
adb push revone /data/local/tmp
adb shell
su
cd /data/local/tmp
chmod 755 revone
./revone -u
reboot bootloader
fastboot flash recovery twrp_recovery.img
You could also do revone with file explorer and terminal emulator and then flash TWRP directly in the OS using Flashify. This would allow you to return to unlocked with custom recovery without needing a computer.
Click to expand...
Click to collapse
Wow! Thanks for pointing that out.
So the bootloader lock does not offer the sufficient protection that I am looking for
Unless...I return to S-On each and every time a I want to flash a rom or an Update.
Can I be sure that with S-On revone does not work to unlock the bootloader without wiping?
(edit: Warning Comment: don't do that...read below)
Thanks everyone
spaboleo said:
Thank you
Well I looked into encryption and it would require to use a PIN or Password lock instead of the Patternlock I prefer.
There was some mod that derived a PIN from a pattern input to work around this limitation, but I don't think it's the best idea to fiddle around with system files of that level.
But after reacing cschmitt's post, about the fact that there is a way to unlock the bootloader without wiping, my whole thoughts from the initial post are pointless
I guess using Android encryption is the only way.
Is it possible to use phone encryption together with location-based (wifi-based) disabling of the encryption using the "SecureSettings Plugin" for Tasker?
Wow! Thanks for pointing that out.
So the bootloader lock does not offer the sufficient protection that I am looking for
Unless...I return to S-On each and every time a I want to flash a rom or an Update.
Can I be sure that with S-On revone does not work to unlock the bootloader without wiping?
Thanks everyone
Click to expand...
Click to collapse
Nope, sorry. Remote encryption is impossible. You will need to manually choose the encryption option in security settings
P.S. Please hit the THANKS button if you think I helped you
spaboleo said:
Wow! Thanks for pointing that out.
So the bootloader lock does not offer the sufficient protection that I am looking for
Unless...I return to S-On each and every time a I want to flash a rom or an Update.
Can I be sure that with S-On revone does not work to unlock the bootloader without wiping?
Click to expand...
Click to collapse
The locked bootloader still offers the same level of protection. Unlocking via fastboot still wipes data, and the only way to unlock it via revone (which does not wipe data) is to be booted into the OS, which is protected by your password/PIN/pattern lock. (You might want to disable ADB while not using it, but in current versions ADB require authorization before it will connect to a new computer, and that would require unlocking your device with the password/PIN/pattern in order to approve the connection.)
If you have a locked bootloader with stock recovery it's not possible to use revone to unlock the bootloader via fastboot or adb, so you're still protected.
You cannot use revone to unlock bootloader if s-on.
An whatever you do do not go back to s-on.
cschmitt said:
The locked bootloader still offers the same level of protection. Unlocking via fastboot still wipes data, and the only way to unlock it via revone (which does not wipe data) is to be booted into the OS, which is protected by your password/PIN/pattern lock. (You might want to disable ADB while not using it, but in current versions ADB require authorization before it will connect to a new computer, and that would require unlocking your device with the password/PIN/pattern in order to approve the connection.)
If you have a locked bootloader with stock recovery it's not possible to use revone to unlock the bootloader via fastboot or adb, so you're still protected.
You cannot use revone to unlock bootloader if s-on.
An whatever you do do not go back to s-on.
Click to expand...
Click to collapse
I was initially S-OFF. I had to S-ON the phone to give it for warranty repair. I can simply use Rumrunner to S-OFF the phone again right? Or are there any other complications?
Thank you
raghav kapur said:
I was initially S-OFF. I had to S-ON the phone to give it for warranty repair. I can simply use Rumrunner to S-OFF the phone again right? Or are there any other complications?
Click to expand...
Click to collapse
There have been a number of cases of going back to s-on with locked bootloader and then not being able to unlock the bootloader again or regain root, so could not s-off again.
cschmitt said:
The locked bootloader still offers the same level of protection. Unlocking via fastboot still wipes data, and the only way to unlock it via revone (which does not wipe data) is to be booted into the OS, which is protected by your password/PIN/pattern lock. (You might want to disable ADB while not using it, but in current versions ADB require authorization before it will connect to a new computer, and that would require unlocking your device with the password/PIN/pattern in order to approve the connection.)
If you have a locked bootloader with stock recovery it's not possible to use revone to unlock the bootloader via fastboot or adb, so you're still protected.
You cannot use revone to unlock bootloader if s-on.
An whatever you do do not go back to s-on.
Click to expand...
Click to collapse
Thank you!
I thought the revone command was operable via fastboot/adb from the bootloader as well.
That is good news.
So one question remains.
Is there a way to access data from the stock recovery (maybe locating via "adb shell ls..." and then using "adb pull...") when s-off with a locked bootloader?
Assuming adb is turned off in the OS (developer options) if not used?
If this isn't possible this seems to be the perfect solution
I thank you sincerely!
spaboleo said:
So one question remains.
Is there a way to access data from the stock recovery (maybe locating via "adb shell ls..." and then using "adb pull...") when s-off with a locked bootloader?
Assuming adb is turned off in the OS (developer options) if not used?
Click to expand...
Click to collapse
All that's available in stock recovery in the ability to flash an HTC signed zip (official OTA, for example) and to factory reset.
There is no backup/restore/adb access/file manager like in a custom recovery.
Perfect :good: :laugh:
Sorry for asking that many questions, but as user the motto is "better safe than sorry".
I unlocked and s-offed my HTC One around June-August 2013 and besides a quick TWRP update here and there and a monthly ROM upgrade there was absolutely no need to fiddle around with it more.
Aftermarket development has become that reliable that it's actually possible to find a good "set it and forget it" daily driver setup.
And since I am not a developer and don't deal with those questions on a regular basis, I'm always not 100% sure if I get all the facts right.
Thanks for helping me out with this one!
I'm going to try it next weekend or next week: Going to backup my data and simulate a potential theft with the locked bootloader and reverted to stock recovery. Remote-Wiping the device, unlocking the bootloader conventionally via fastboot and making sure that this wipes all user-data on the phone. And then I'm going to give that booted into OS, revone unlock a try and simulate a potential rom upgrade, just as you described it.
Right now I just can't risk my daily driver phone, as I wouldn't have the time to set it up again.
Thanks for your extended help
Finally feeling secure again on Android.
Newbie to the 'Dark Side of the Android World' and just curious.
well, after rooting your phone you only need to flash custom recovery once then you can access it as many times as you want
Your question is a little bit weird. Can you link me to a place of reference? Or at least explain what you are actually wanting to do?
Flashing TWRP is a one-time action, once flashed it remain on your Xperia SP. However, FlashTool doesn't offer flashing TWRP to other partitions via fastboot other than the "boot" partition. So far, the only way to correctly flash TWRP is via a recovery.
If you indeed flashed TWRP image via FlashTool, then you are actually putting TWRP into your boot partition, and this makes your device to only boot into TWRP infinitely until you flash a ROM (which will of course again override the boot partition).
The reason why I asked is because this method of accessing recovery is posted in my custom ROM guide, so I want to know if you get this kind of idea from my guide.
Thanks
My phone is not rooted (in case that make a difference on what method should be used in this case)
I would like to make a full image backup of the phone, factory-reset it, and then re-image it from this backup at a later date.
What is the best method to do the full backup (image) and later restore for a non-rooted phone?
Thank you
You can temporarily boot to a custom recovery like TWRP easily with Nexus root tool kit.
Advanced Utilities - Launch - Fastboot Boot - Custom Recovery
and make a nandroid backup.
I think you need to have your Bootlocker unlocked though....
From a very quick and unscientific Google scan it looks as if pure1water is right - you'll have to unlock your bootloader, which means YOU'LL WIPE YOUR PHONE!!!
(Just making sure... )
To install TWRP you don't need to be rooted.
There are lots of guides, so I won't repeat the detail. You can use Wugfresh's Nexus Root Toolkit (NRT) to set up your PC/laptop drivers so that you can use ADB.
Developer options/enable USB debugging/reboot to bootloader/temporarily fastboot TWRP (or install it permanently, since you'll be using it to restore)/take TWRP backup/copy to PC for safety.
It's well-known that XDA doesn't really approve of NRT when used as a way to circumvent knowledge. Use it for the driver setup, then read a great deal about how to do these steps that I've skipped quickly over above. That way you'll be able to recover when (not "if") you make a mistake and get a bootloop without asking panicky questions in the forum.
to install twrp for a one time use only..
fastboot boot recovery recoveryname.img
to install twrp permanently..
fastboot flash recovery recoveryname.img
If you bootloader isn't already unlocked I think the best you can get is backing up your apps and app data with helium..
It wont be nearly as good as a full TWRP backup but will be able to get a lot of stuff backed up.
I know this doesn't answer your question directly, but just so you know there is at least a little bit of backing up you can do without root or an unlocked bootloader to boot or flash twrp.
https://play.google.com/store/apps/details?id=com.koushikdutta.backup&hl=en
I can't figure out why anyone who knows enough to worry about full phone backups wouldn't have unlocked the bootloader on their Nexus 6 as the very first order of business.
But if you haven't unlocked the bootloader (which will wipe your phone), then the best you can do is to root it, install Titanium Backup, and do a full backup Apps+data. That's not as good or nice as a bootloader level backup, but will get most of the job done for a restore.
quadcrap1 said:
But if you haven't unlocked the bootloader (which will wipe your phone), then the best you can do is to root it, install Titanium Backup, and do a full backup Apps+data.
Click to expand...
Click to collapse
Don't you need to have your bootloader unlocked before rooting though?
suppose I unlock my bootloader, install custom recovery like TWRP and now, If I wish to RE LOCK my bootloader ( dont ask why), is it necessary to have the STOCK recovery installed before relocking or custom recovery will be fine?
Thanks.
Relocking the bootloader is NOT recommended. That said, you can and should keep TWRP if you choose to lock it.
Oh okay. I read somewhere that if you choose to re lock your bootloader you have to go FULL STOCK ( ROM + Recovery). I guess that might not be the case for nexus devices?
Relocking the bootloader will wipe your data, but it doesn't play cop and make sure everything is stock. All the bootloader does is pass off control of the device from the low level firmware that we cannot access to either the recovery or Android itself. Locking the bootloader only ensures that the possessor of the device cannot change the contents of the partitions from outside the device using ADB. A device with TWRP and a locked bootloader can still install custom ROMs, and possibly even root.
However, there is practically zero reason to ever lock the bootloader once unlocked, leaving people to wonder why you would want to.
Solution: Not sure why or how, but I got it to actually boot into the new system that I flashed. Now all is good and working as it should
So rooted stock ROM, but with TWRP, unlocked boot loader and USB debugging enabled... I'm No stranger to flashing custom ROMs in TWRP and flashing stock ROMS longhand by fastboot commands.
Using MacOS with latest platform-tools...
So today I decided to flash resurrection remix. Downloaded it to storage as usual for flashing via TWRP, flashed it successfully. Only it would not boot. It started going to the stock boot screens and said it could not decrypt... or something.
Anyway where I am right now is that I can boot into TWRP or boot loader just fine. But in boot loader I can't get get it to see my phone using
Code:
./adb devices
Only... for some reason in TWRP if I do ./adb devices, it sees my phone and reports back the correct device ID.
What now? I want to flash back to stock again, but I don't know how to flash line by line without being in boot loader. But in boot loader I can't see the phone?
I know there has to be hope if I can see it in TWRP. But I have no system I can boot to.
-Peter
Great that it works for you now.
For what it's worth, I think that the reason it didn't boot was that the stock rom had encrypted your phone. Current custom roms unfortunately use a different encryption, so that the whole data partition needs to be formatted. I assume that's what you ended up doing.
As to the bootloader, it was never intended to work with adb, only with fastboot.