Changelog:
V5.23 Fix for Android 6 (Freeze on boot logo)
Installation of kcal kernel module for supported kernels. Get the app from https://forum.xda-developers.com/android/software-hacking/dev-kcal-advanced-color-control-t3032080
V5.22 Bug in the vendor overlay creation. Existing directories (like /vendor/bin) have not been replicated correctly
V5.21 Fix issue when running on Linux (some CR/LF)
Patch libsepol in bootimg for backwards compatibility with Android 6
V5.20 Support for superuser as an alternative to SuperSU (https://github.com/phhusson/Superuser)
Fix for the missing internal storage link in TWRP
V5.11 Support for Android 7.0
Fix in the overlay layout which could prevent some libraries from loading and cause battery drain
V5.1 Support for Android 7.0
Updated bootimg to deal with Android 7.0 policies
New tool inside bootimg for adding new contexts to binary file contexts
New system overlay layout due to a more restrictive linker in Android 7
V5.0 New system overlay method using the /vendor directory. As this directory is also in the library search path even libraries can be easily replaced without modifying the system partition
System-less SuperSU integration improved (Version 2.76 or higher recommended)
System-less xposed integration (using the standard distribution)
Support for 32.A.0.253
V4.51 Fix for awk script for Linux kernel version detection when running on Linux
V4.5 Fixed adb and mtp file access in TWRP for 32.2.A.0.224
V4.42 Added support for Z2 (Sirius) and TWRP fstab fix for leo and aries (thanks to waleedsq81)
V4.41 Fixed issue with Y/N choice on non-english Windows. Added support for Z3 (leo)
V4.4 Support for Z3+/Z4, Tablet Z2, Tablet Z3 and Tablet Z4 added (Z4 still has an issue with TWRP, but DRM fix works)
SuperSU integration reworked in order to need less SELinux exceptions and to be more secure
All tasks can now be individually selected. Therefore there is no separate DRM only script required
V4.31 Renabled Z5P (satsuki) and Z5C (suzuran) for TWRP and drmfix
V4.3 Support for older Lollipop added
Script execution for Linux fixed
V4.24 Fix for for a bug in SuperSU integration in V4.23
V4.23 Fix for repacking 3rd party kernel (Some permissions were on custom directories were lost)
V4.22 Bugfix for readta (flash_dk reported unit not)
V4.21 Fix for the Linux binary of bootimg
V4.2 Updated TWRP to 3.0.2
V4.1
Fix for WideWine (if you have your device key) Thanks a lot to goofnorf101 for testing
unpackinitfs and makeinitfs in my bootimg tool now maintain date/time of files correctly
Automatic SuperSU installation
V4.0
Fix for older kernels (Lollipop)
Binary for Linux (The older version had the ARM version packaged)
Device is not stored in the kernel image anymore
TWRP updated to version 3.0.1
FAQ - Please read
Is is possible to have root with locked bootloader?
Short answer: no
Long answer: The locked bootloader only boots unmodified kernel packages signed by Sony. The stock kernel only mounts unmodified /system partitions (dm-veritiy) -> No modification without unlocking
So any change to the kernel (like this script) or system partition requires unlocked bootloader
What is dm-verity?
A hash checksum on all blocks of a filesystem in order to verify the integrity
What is Sony RIC?
A protection to avoid mounting the root filesystem or system read/write
What happens if I unlock my bootloader
The device key (TA unit 0x1046b) will be wiped, which deactives everything DRM related. In addition a full wipe of your phone will be perfomed.
So extract your TA partition before with this great tool http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597 from zxz0O0
If you already unlocked the bootloader before, then at least the credentials will be restored, which will reactivate stuff like x-reality and camera de-noise
Why do I need to flash my device key?
Without your device only some functions can be reactivated, like x-reality. Other functions like widevine do not work with out your device key.
How do I enter TWRP recovery?
Restart your phone and press the volume key up as soon as the LED switches to yellow
I want to use a custom kernel with the DRM fix
Just say "N" to all other options. Nevertheless be prepared for problems if the custom kernel does not match your Android version.
What should I do if there is an update to this script?
First check if you really need to run this update by checking the changelog. E.g. if it says binary for Linux fixed and you are using Windows then probably you don't care. If you did not change your Android version then all you have to do is to update the kernel package with fastboot flash boot. If you do not use the automatic SuperSU integration then you have to reinstall SuperSU in TWRP.
This tool repacks an existing kernel package (usually the stock kernel) in order to make it rootable and adds TWRP recovery as well. Version 4 has been succesfully tested with LP and MM.
In particular it adresses the following issues:
DM-Verity: Android is now using dm-verity to verfy the integrity of the system partition. Until you switch it off your phone won't boot after modifying /system
SONY RIC: RIC is blocking the write access to the system partition
DRM Keys: After unlocking the bootloader your device key is wiped, which deactivates some functionaliy. E.g. x-reality, denoise in camera aso.
Recompiling the kernel is not required as only the init ramdisk needs to be modified. You can run these scripts either in Windows or Linux.
Thanks to the excellent work of zxz0O0 you can now backup the TA partition before unlocking the bootloader with this tool http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
If you managed to backup your TA partition before you unlocked the bootloader then this version will fully reactivate your keys as well. (many thanks to addicted1900 for helping me with the testing)
As there has been some confusion I would like to point out one more time that you cannot run any kernel package which is not signed by Sony without unlocking the bootloader. So this works only with unlocked bootloader.
As it seems that it is not clear to everyone I also want to mention that <...> is a placeholder. E.g. <extracted kernel> means that you should replace it with then name of your extracted kernel, which could be kernel.elf
There was a report that having SuperSU in the system partition installed may lead to a bootloop. Therfore you shoud first install the bootimage created by this script and then install SuperSU afterwards, as it will then use the system-less strategy.
In order to use these scripts you need the kernel boot image of your current version. There two different ways to obtain it:
Method1:
If you have a .ftf image then open it with zip application (7Zip, WinZip, Windows Compressed Folder) and extract kernel.sin. Afterwards use Flashtool -> Tools -> SIN Editor to extract the kernel. You should end up with the boot image with extension .elf.
Method2:
Run your favourite recovery and connect via
Code:
adb -d shell
Now run
Code:
find /dev -name boot
dd if=<output of the find command before> of=/sdcard/kernel.img
Once you have the kernel image you are ready to use the script.
The newest version support superuser as an alternative to SuperSU. This is available open source and can be verified. In order to integrated you need the current superuser.zip from http://superuser.phh.me/superuser.zip and to be install the app afterwards from Google Play (look for superuser phh) or build it yourself from github.
To integrate the kernel part just place superuser.zip in the rootkernel directory.
You can also still use SuperSU, although it is causing a huge battery draining on my Z5 with Android 7.0 If you place SuperSU in the same directory (SuperSU*.zip, case sensitive) then it will be also installed automatically . It did all the tests with 2.76, but newer versions should work as well. Please be aware that you can not update SuperSU within the application. For a newer SuperSU version you need to rerun the script.
If you want to integrate xposed as well just place the distribution for you device and Android version in the same directory. (e.g. xposed-v86-sdk23-arm64.zip). Only support with Android 6.0 (sdk 23) and higher.
xPosed for Android 7.0+ is still not available.
Code:
rootkernel <extracted kernel> boot.img
You are prompted for several choices:
Sony RIC is enabled. Disable?
I prefer not to disable it in order to keep my phone more secure. Unfortunately there are a lot of bad guys in this world and SELinux and RIC still can save us if someone discovers a new kernel exploit.
Sony RIC basically prevents mounting the /system partition for write. You can still modify it in recovery of of course, but if you require write access to /system without entering recovery then you need to disable it.
Install TWRP recovery? Here you should say yes unless you are trying to patch a non-stock kernel, which comes already with a recovery
Install busybox? For security reasons I prefer not to install. In recovery you have it anyway. This choice is only available if you chose install TWRP
Found SuperSU-v....zip. Install? Integrates SuperSU. For this option to show up you have to place the SuperSU package into the same directory with the name SuperSU*.zip (case sensitive)
Found superuser.zip. Install? Integrates superuser. For this option to show up you have to place superuser.zip into the same directory (case sensitive)
# Make su permissive (Permits any action as su)? This only appears if you install superuser. Permissive means you can anything as root, without it is restricted mainly to file operations (sufficient for e.g. Titanium Backup)
Found xposed-v....zip. Install? Integrates xposed system-less. For this option to show up you have to place the xposed for your device and Android version into the same directory. (e.g. xposed-v86-sdk23-arm64.zip)
Install DRM fix? Installs the DRM fix. First it tries to use the device key which you flashed with flash_dk. If it does not exist it uses an alternative method which cannot fix everything (e.g. Widevine will not work, but X-reality, Camera denoise etc. will work)
Now put your phone into fastboot mode (Volume Up + connect USB) and then run:
To test it without actually flashing it:
Code:
fastboot boot boot.img
For flashing it:
Code:
fastboot flash boot boot.img
If you managed to backup for TA partition before then you can reactivate your original device key as follows:
Code:
flash_dk <ta backup image> DK.ftf
Flashing this file with flashtool will write your device key to an alternative unit, from where the drmfix library will pick it up.
This is a one-time task. It will survive a complete reset of the phone or Android system upgrade. The device key has a length of just 16 bytes, so it is correct that the resulting DK.ftf has a size of only aprox. 500 bytes.
If you like my work you can buy me a coffee
Some background information:
There are two main tools involved (for both Android and Windows)
- busybox
Probably everyone knows it
- bootimg
A multicall binary with several tools for unpacking and packing the boot image as well as adapting the SELinux policy. Part of the code is written by me from scratch, some other parts are cherry picked from other projects. I will also provide the source for it. As Windows doesn't have softlinks I modified the tools for unpacking and packing the init ramdisk to write text files with __lnk__ at the end instead.
Would be great if someone shared E6653 stock .200 kernel boot.img or flashable zip so we can try this out
Funkmasterchilla said:
Would be great if someone shared E6653 stock .200 kernel boot.img or flashable zip so we can try this out
Click to expand...
Click to collapse
Do you want the kernel.sin of stock . 200?
lordriguez said:
Do you want the kernel.sin of stock . 200?
Click to expand...
Click to collapse
I am downloading the whole firmware again from xperifirm. Thank you mate !
Edit: Working great! I'll stick to stock kernel now since Androplus' consumes more battery while asleep !
Edit2: I successfully flashed recoveries in command window from my PC but can't access TWRP at boot though, no LED flashing.
Edit3: Ok that's cuz there's no recovery boot script obviously, my bad. That's above my pay grade, if somebody is kind enough to create a stock. 200 with recoveries it'd be much appreciated PM me if so
Edit!: I flashed monx new stock based kernel
Thank you Tobias !
tobias.waldvogel said:
Hi everyone,
as most of you know, even after unlocking the bootloader there are a few more requirements before you can modify the system partition, i.e. install SuperSU, xposed etc.
- Android is now using dm-verity to verfy the integrity of the system partition. Until you switch it off your phone won't boot after modifying /system
- SONY RIC is blocking the write access to the system partition
The good news is, that it is not required to recompile the kernel. It is sufficent to modify the init scripts inside the init ram disk. So you can just stick to the stock kernel.
I created a package which precisely does this job for you. Just run it from TRWP after installing a new Android version
With this you don't have to wait anymore until someone creates the right kernel package for your phone
PS: It leaves a copy of the new boot image in the internal sdcard if you want to save it somewhere. (boot.img) It can be flashed with fastboot if required.
Click to expand...
Click to collapse
Hmm... I don't understand what this zip file do with phone.... Can you explain more primitive for me?!
Is that for recover stock kernel with stock drm keys?! I understand correct?!
zavpasha said:
Hmm... I don't understand what this zip file do with phone.... Can you explain more primitive for me?!
Is that for recover stock kernel with stock drm keys?! I understand correct?!
Click to expand...
Click to collapse
Before you can start to install thing like SuperSU and xposed you have to change the kernel, otherwise your phone won't boot anymore. In the past you had to wait for someone to come up with a compatible kernel for your phone, now this package just converts your existing kernel.
Regarding the DRM please install the package from the DRM restore thread.
Funkmasterchilla said:
I am downloading the whole firmware again from xperifirm. Thank you mate !
Edit: Working great! I'll stick to stock kernel now since Androplus' consumes more battery while asleep !
Edit2: I successfully flashed recoveries in command window from my PC but can't access TWRP at boot though, no LED flashing.
Edit3: Ok that's cuz there's no recovery boot script obviously, my bad. That's above my pay grade, if somebody is kind enough to create a stock. 200 with recoveries it'd be much appreciated PM me if so
Edit!: I flashed monx new stock based kernel
Thank you Tobias !
Click to expand...
Click to collapse
Thanks for the feedback. Future versions of this package will add TRWP as well. I am currently working on it.
tobias.waldvogel said:
Thanks for the feedback. Future versions of this package will add TRWP as well. I am currently working on it.
Click to expand...
Click to collapse
As promised the new package with TWRP is out
tobias.waldvogel said:
As promised the new package with TWRP is out
Click to expand...
Click to collapse
Great work thanks ,
How would I go about disabling the vibration for recovery?
Sent from my E6653 using Tapatalk
Well, the script which checks if recovery should be started is bin/init inside the zip. If you don't like the vibrate then just remove the line and run the package again
Gesendet von meinem E6683 mit Tapatalk
huh, so it is possible to have 2 recoveries at the same time? (and why would anyone want 2 recoveries? )
Three Recoveries are als possible
CWM, Phils Touch & TWRP
Sent from my E6653 @ XDA Portal
Sorry for being noob.
I miss my Oneplus one where things were so easy.
After unlocking BL what do i do with this zip.
Is it going to Root my phone and Install TWRP?
Thanks for help.
I flash the v2 and i got bootloop. 4 time red LED and the phone reboot and all over again. What's the problem?
Hi Tobias,
can you please build a v2 for the z5 compact too?
thx
stiffmeister
FakeSmile said:
I flash the v2 and i got bootloop. 4 time red LED and the phone reboot and all over again. What's the problem?
Click to expand...
Click to collapse
On which model did you use it and with which firmware version?
If you used flashtool before then you can just flash the kernel one more time (i.e. deselect everything else).
stiffmeister75 said:
Hi Tobias,
can you please build a v2 for the z5 compact too?
thx
stiffmeister
Click to expand...
Click to collapse
This should work on Z5 compact with stock kernel as well, without any change.
In case of any issues you can flash the kernel again via flashtool
If it did not work you can pass me the generated boot.img from your interal sdcard for further analysis
hi tobias,
i didn't try the v2, because i thought, that the twrp recovery wouldn't be compatible.
but when you say it's ok, than i'll try it
br
stiffmeister
stiffmeister75 said:
hi tobias,
i didn't try the v2, because i thought, that the twrp recovery wouldn't be compatible.
but when you say it's ok, than i'll try it
br
stiffmeister
Click to expand...
Click to collapse
I flashed zombie kernel without making backup of stock kernel, can you share it with me so I can try this method (I doubt it will work on zombie)
ps : I have .200 fw
tobias.waldvogel said:
On which model did you use it and with which firmware version?
If you used flashtool before then you can just flash the kernel one more time (i.e. deselect everything else).
Click to expand...
Click to collapse
E6653 on .200 firmware
Hi recently i bought the huawei pro 9 i found that a certain twrp works but.. After i change the build. Prop in the system readonly the selinux reverse the files removing all the changes made to the system
I would ask to know if there is a way to save permanent changea (disabling the selinux to permissive won't help because after restart it will change back to enforce with appertnly the init file which load enforcing the selinux and protected by the context image which reverse all the changes.. + there is a process that wont let me flash zips causing the system to reboot after trying to flash with twrp i think it might be watchdog.. Is there any expert who can help me out how to disable this watchdog process and make the changes to the system partition permanent?
Thanks
Nogut 7.0 huawei 9 pro
If you're running a custom kernel & have VoLTE and/or RCS enabled by CSC or manually, chances are you have these icons in the status bar. Here's an alternate method on how to hide them if you don't like them as much as I do rather than editing the icons in imsservice.apk. With the editing imsservice.apk method changes need to made whenever imsservice.apk versions change.
This is not limited to the Note 8, will work on other devices also. Custom recovery like TWRP & root required.
This is not a full guide but I may add something later. Just info on how to hide the icons & it's not hard.
Info to read before starting
Custom kernels usually have ro.debuggable set to 1 like with eng & userdebug builds. This allows the system to be debuggable & allows you run root permissions in adb using the adb root command. On production builds like final release stock kernel ro.debuggable is set to 0. This will not allow you to run the adb root command, it will tell you adbd cannot run as root in production builds. You can still grant root access using adb shell su. So if you need ro.debuggable=1, then this is not for you.
This does not disable the VoLTE & RCS services, it simply hides the icons from the status bar like stock.
Disclaimer
I am not responsible for any damage or mishaps. If you follow as instructed everything will go fine, it's just a simple edit. As always, make a full backup or at least just the boot partition just in case.
We need to edit default.prop & set ro.debuggable to 0. This is loaded in ramdisk so you can not simply use a file explorer to edit default.prop. Changes will not be saved after reboot.
Extract boot.img (kernel image) from flashable kernel zip. This is usually named according to the device, something like "greatlte-eur.img" for Note 8. Using your choice of method/software unpack boot.img (I use MTK Extractor). Edit default.prop & change ro.debuggable=1 to ro.debuggable=0. Save changes & repack. Replace the boot.img in the zip with the newly edited boot.img (rename file if required, needs to be the same as originally in the zip). Flash zip in TWRP, reflash root, reboot to system & enjoy!
Note 8 alternatives & additional.
Before I figured this out I noticed that @pappschlumpf Smurf kernel v2.0.4 (only) & Aurora kernel have ro.debuggable set to 0. You can simply flash these kernels & the VoLTE/RCS icons will be hidden. As mentioned, stock kernel is also set to 0 & is why you won't see the icons with stock kernel. @Mentalmuso Weta BR5 ROM Base #2 now has these changes made to the kernels included with his ROM.
If you don't use VoLTE & RCS services, you can simply disable them in IMS Settings & the icons will turn off.
To enable the VoLTE quick settings tile, add this to your unencrypted cscfeatures.xml or others.xml. This will not hide the VoLTE icon in the status bar if present but the toggle is useful to turn off VoLTE service when you don't need it like if you are in an area where VoLTE service is spotty. (Only add the value in blue as you will have other values already)
Code:
[COLOR=blue][COLOR=Black]<CscFeature_SystemUI_ConfigDefQuickSettingItem>[/COLOR]VoLte[COLOR=Black]</CscFeature_SystemUI_ConfigDefQuickSettingItem>[/COLOR][/COLOR]
(I'll add a guide here later if needed)
If you don't want to, you don't need the zip to flash the kernel image. You can simply extract the boot.img from the zip. Unpack, edit, repack, then flash the .img using TWRP with the flash image option (be sure to flash to boot partition when asked), no file rename needed. Reflash root then reboot.
Since update to Pie, it become much more difficult to mod firmware keeping it close to stock as possible. For Android 8.0 it was easy to keep TWRP + Unrooted state + Full Disk Encryption with only DM-verity disabled and Encryptable fstab option. You had an option to encrypt device and then root it with Magisk without breaking /Data. But now, trying to follow same path on Android 9.0 I encounter strange problems: after disabling DM-Verity lockscreen mechanism brakes - I am unable to set PIN/Password, it breaks everything resulting reflashing firmware. If I root device right after DM-verity disabling and fstab changes to optional encryption - PIN/Password works good, but I cant encrypt device because rooted device cannot be encrypted. Maybe somebody have thoughts about how to encrypt/password protect rooted or modified Note9 running Android 9.0? I cant downgrade to 8.0 since it shipped with new version of boot.
Maybe there is the way to enable File Based Encryption?
Narkozzz said:
Since update to Pie, it become much more difficult to mod firmware keeping it close to stock as possible. For Android 8.0 it was easy to keep TWRP + Unrooted state + Full Disk Encryption with only DM-verity disabled and Encryptable fstab option. You had an option to encrypt device and then root it with Magisk without breaking /Data. But now, trying to follow same path on Android 9.0 I encounter strange problems: after disabling DM-Verity lockscreen mechanism brakes - I am unable to set PIN/Password, it breaks everything resulting reflashing firmware. If I root device right after DM-verity disabling and fstab changes to optional encryption - PIN/Password works good, but I cant encrypt device because rooted device cannot be encrypted. Maybe somebody have thoughts about how to encrypt/password protect rooted or modified Note9 running Android 9.0? I cant downgrade to 8.0 since it shipped with new version of boot.
Maybe there is the way to enable File Based Encryption?
Click to expand...
Click to collapse
there is a rom in dev section called dev base from alxandr that allows you to do this. just read OP and maybe a few of the posts. might be good to search that thread for "encryptio"n to see if there arent a any caveats. plus since rom is updated regularly and updating while keeping encryption enabled and not loosing data and rerootting/twrp is something that probably manualy doing each time there is a new firmware must be quite a task. flashing the rom zip with the proper switches added to the rom.zip name is easy and fast.(plus its a stock rom). all in all it should make your life easier.
My phone is converted to ww from cn out of the box and then I checked my phone in device info and in description is CN and my fingerprint is WW, what should i do to make it both to WW??
I manually update my phone using WW updates
BoyPogi said:
My phone is converted to ww from cn out of the box and then I checked my phone in device info and in description is CN and my fingerprint is WW, what should i do to make it both to WW??
I manually update my phone using WW updates
Click to expand...
Click to collapse
Do this at your own risk, it could make your device unbootable requiring raw rom flash to fix. Back up everything first.
I had this issue with latest WW 2009.49. I used root explorer apk to change anything I could find in build.prop from CN to WW, leaving rest of the titles same. You'll find it under system/vendor/build.prop in root. Using root explorer click and hold file to highlight, 3 for menu and select open with text editor. Make the changes, save and exit. Reboot, check rom version again with device info hw to see if it's changed to WW.
If your phone has latest .49 on both slots (you can check with 'device info hw' from playstore. Click on fingerprint under system and it'll show which slot you're currently on plus rom/firmware version. Boot to other slot, check both slots are same firmware. If they are, repeat process again with editing build.prop.
Don't copy and paste 1st edited file to other running slot, it most likely won't boot. Make the edits twice if both slot firmwares are equal. After edit, reboot. CTS now passes for me using magisk hide ?
Root explorer
https://mega.nz/file/eyJBgSJT#sMRuIpGTNqqFvtcgRsxZO3PrLHvKfQNxPdN98pjyGvA