Database Develop

[RECOVERY][tornado_348] TWRP 2.8.5.0 touch recovery [2015-02-27]

Team Win Recovery Project 2.x, or twrp2 for short, is a custom recovery built with ease of use and customization in mind. Its a fully touch driven user interface no more volume rocker or power buttons to mash. The GUI is also fully XML driven and completely theme-able. You can change just about every aspect of the look and feel.
Phone look:
Tablet look:
CHANGELOG for 2.8.5.0:
-Scale the GUI - TWRP can read the theme's resolution and scale it up or down to fit the theme to your screen's resolution
-Backups can now be cancelled while the backup is in progress (does not include restore because we don't want to leave your device in a bad state)
-Improve thread handling and move input handling into the main rendering thread to improve stability
-Make MTP work even if unplugged and plugged back in
-Unify scrollable list code and make kinetic scrolling feel more natural
-Fix handling of mapped zip files for OTA updates (CM12 updater)
-USB keyboards should now work on all devices that support USB host mode via a USB OTG cable
-Other small fixes and improvements
CHANGELOG for 2.8.4.0:
-Add flashing of boot and recovery images via the TWRP GUI (Find the Images button on the Install page)
-Fix some MTP related crashes and bugs
-Eliminate TWRP toggling USB IDs during boot if MTP is enabled
-Fix various adb sideload issues
-Improve threading of actions
-Eliminate separate thread for screen timeout
-Update libblkid to 2.25.0
-Use power button as back button on watch themes for easier navigation
-Add mutex locking to data manager
-Improve custom theme handling on encrypted devices
-Allow the stock theme to be offset by build flags so we can center a lower res theme on a higher res screen especially for watches with round screens
CHANGELOG for 2.8.3.0:
-MTP will now tell the host PC that storage is removed instead of disabling MTP completely
-MTP will now report the correct max file size based on the file system in use to the host PC (may fix transfer of large files)
-Update and improve fix permissions and make fixing contexts optional
-Update SuperSU in TWRP to 2.40 and update install process
-Make TWRP work properly on AArch64 (Nexus 9 is now built in true 64-bit binaries and libraries)
-Attempt to set correct permissions and contexts on all files placed in storage so backups will show in Android
-Fix kernel panic during MTP start on some devices
-Support unicode fonts on devices with True Type Font support
-Fix slider value not showing sometimes (vibration settings page)
-Toggle MTP off during adb sideload to set correct USB IDs
-Reduce library requirements for 5.0 L decrypt
-Other minor fixes and improvements
Note: Starting with TWRP 2.8.2.0 and higher, adb sideload uses a new sideload method originally implemented in AOSP recovery. You will need the latest adb binaries to use sideload in these newer versions of TWRP. The version required is 1.0.32. You can find the version by running "adb version" on your computer. The new sideload feature no longer stores the zip on your device. Instead, a fuse file system is created in RAM and the zip is streamed from your computer. This puts less wear and tear on storage and ensures that large zips will not fill up all of your RAM. The sideload may spit an error on your PC side, but the zip should install just fine on your device.
CHANGELOG for 2.8.2.0:
-Pull in all changes from Android 5.0 lollipop into TWRP
-Add decrypt support for Android 5.0 lollipop encrypted partitions including automatic decrypt when the default_password is in use
-Revert some changes to exFAT that were breaking exFAT support on some devices
-Other minor fixes and updates
Note: At this time we do not have a GUI representation for pattern unlock. You can still decrypt patterns though by translating the pattern dots to numbers. The pattern dots correspond to numbers in the following pattern:
1 2 3
4 5 6
7 8 9
So an upper-case L would translate to a password of 14789 entered on the keyboard. Eventually we plan to add a proper pattern unlock to TWRP but it is a relatively low priority at this point.
DOWNLOAD:
Most devices can be updated quickly and easily with the TWRP Manager app:
Play Store Link
1) Install TWRP Manager from the Play Store
2) Open TWRP Manager and provide root permissions
3) Hit Advanced->Install Recovery
4) Verify the correct device name on your screen then press Install Recovery if the correct device is showing
OR:
You can find more information and download links on our website!
BUGS:
If you have found a bug, please consider posting it to our github issues log. It's pretty much impossible for us to keep up with the more than 40 threads that we have for the devices that we "directly" support. If you have a significant problem that cannot be answered in this thread, your best bet is to PM me directly, contact us via our website, or find us in our IRC channel below. If you see someone that's struggling, feel free to point it out to us. We need your help to help us keep track of all of our devices! Thanks!
SUPPORT:
Live support is available via #twrp on Freenode with your IRC client or just click this link.

You should be able to root using Kingo App or through this towelroot port: http://forum.xda-developers.com/not...t-adb-ghettoroot-v0-1-towelroot-port-t2864125
Device specific page with install instructions.
Mirror with all current and past TWRP versions.

I am wondering why TWRP official site only carries US based models? Whereas we in Asia have a whole multitude of TWRP versions for hundreds and hundreds of models. Even if it is not officially released by TWRP Team it should at least have another "sponsored" site for TWRP collected all over Asia and have its own depositories.Then the official TWRP sites would pales in comparison if somebody would have collected TWRP from unofficial sources. I am using TWRP recovery strictly on my ROMs and only as last resort CWM.
This TWRP official site doesnt do justice to itself and you expect users /modders to download TWRP Manager App from Playstore when we all know that we would never ever find the TWRP version for our devices.??

Please support s4 mini sprint (sph l520).

cracktech said:
I am wondering why TWRP official site only carries US based models? Whereas we in Asia have a whole multitude of TWRP versions for hundreds and hundreds of models. Even if it is not officially released by TWRP Team it should at least have another "sponsored" site for TWRP collected all over Asia and have its own depositories.Then the official TWRP sites would pales in comparison if somebody would have collected TWRP from unofficial sources. I am using TWRP recovery strictly on my ROMs and only as last resort CWM.
This TWRP official site doesnt do justice to itself and you expect users /modders to download TWRP Manager App from Playstore when we all know that we would never ever find the TWRP version for our devices.??
Click to expand...
Click to collapse
I do appreciate your comments. Please allow me to add a few of my thoughts. TWRP is an open source project. When we set out to build TWRP we decided to make it open source in the beginning because we knew that being open source would allow the project to grow and spread much faster than if we tried to keep it closed source. We know that being open source would lead to lots of unofficial builds. The high number of unofficial builds was exactly our intent and we are happy to see so many unofficial builds out there.
The bulk of TWRP development is done by 2 to 4 people. The core work of building official TWRP and adding new devices is the work of only 2 people: myself and bigbiff. Both of us are located in the USA so it's only natural that the supported devices will have a strong trend towards USA devices. We are open to working with other developers to add devices. Many of the devices in our officially supported were added with the help and assistance of other developers like yourself porting TWRP to their device. After those developers port TWRP to their device, they contact us and supply device trees and testing so that we can add that device to our official list.
If you have a device that is not officially supported, feel free to port TWRP to the device, then supply your device tree to us so we can get it added for official support and continue to release new updates of TWRP for the device. We can't afford to buy all of the devices ourselves and many of the devices aren't available in our country anyway. We depend on the support of other developers to help reduce the burden of support and porting. Reducing this burden also helps us focus on what we do best: adding cool new features to TWRP for everyone to use.
We aren't going to take the time to comb the Internet for TWRP builds that may or may not work and that may be incomplete or improperly done. Many of the posts of these unofficial versions are in other languages that we cannot read without translation. We try to maintain a high quality product and it would be a bad idea for us to do this, especially when we would have no way to fix the problems.
I can confirm that we are working towards supporting multiple languages within TWRP. My hope is that the additional language support will cause TWRP to spread even more and reach more people who are unwilling or unable to use a TWRP that isn't in their native language. I'm also hopeful that more developers will reach out to us to add their devices and that more people will get involved with translating TWRP to other languages.

Thanks for your response! at least I know that the TEAM is an open source , open minded TEAM. I am not a developer per se as you all are ( I consider you all as the Gurus and I am just half a student) We need to have a depositories of all the versions thats flying around out there ( the bad side to the open source approach is when somebody made a blunder out of the Recovery but using the "TWRP" brand) like I recently experience when I tried to wipe dalvik-cache/cache it corrupted and removed with "root" and system partition. Luckily I had another backup and was able to use that version to RESTORE but after that I told my users to uninstall the so called TWRP 2.8.0.0 and revert back to 2.7.1. This would tarnish the TEAMS name as I exclusively port my ROMs with only TWRP 95% of the time. Anyway thanks again for your response , maybe I will set-up a depositories of TWRP and link up with the main TWRP depositories.
---------- Post added at 06:34 AM ---------- Previous post was at 06:18 AM ----------
I dont want to recommend Kingoroot/or other one-click root other than Vroot since it doesnt have any funny name files scattered all over the system folder (for example KingoRoot uses the name KingoRoot.apk as the Superuser app this might cause some problems when other Superuser app needs to replace another "Superuser.apk" app and in the xbin folder , instead of "su" binaries (be it Chinese "su" or otherwise) the Kingoroot renamed it "ksu" and that files are sometimes also left in the "bin" folder and they becomes orphan but operational files. (Maybe I got the names wrong but I know that KingoRoot doesnt follow the normal naming rules) Whereas Vroot/iRoot (as it now called) uses "Superuser" and "su" nomenclatures for easier recognition by e.g Chainfire SuperSU = "Superuser" and "su" binaries. and dont leave behind any orphan files. Vrot/iRoot has 98% success rate in rooting unrootable devices as I had experience. No need to test out any exploits just one-click root from PC and within 3-5 minutes you're all done!

Kazam Tornado 348 AKA. BLU Vivo Air AKA. Gionee Elife S5.1
Someone can check if that can RUN with BLU Vivo Air or Gionee Elife S5.1 ... Because Tornado 348 is EXACTLY THE SAME PHONE... Just a RE-BRAND to can be more Likely to a specific market =D
Gionee -> Asian/ Chinese Market
BLU -> North/South America
Kazam -> Europe Market i Think...
Anyone can check the reviews... SAME OS, SAME HARDWARE, SAME PHONE... ;D (I Will replay that on BLU Vivo Air General Topic)

I've had no luck getting twrp to work on my gionee elife s5.1
Tried flashing with mobileuncle, fastboot and "dd" through android terminal.
After flashing, a reboot to recovery just boots to fastboot...
-- edit --
Twrp manager app is still a no go -although it seems to be playing nicer after replacing the iroot/vroot superuser with superSU, the recovery partition location warning before installing is simply /dev/recovery. This is not the location on my device...
-- end edit --
The Chinese cwm for the gionee s5.1 floating around out there does work for me. Flashed it in fastboot...

The driver you used to get fastboot work is from where?.. We stay making a huge progress with Blu Vivo Air topic... The ideia is fuse kazam tornado menu topic with blu vivo air menu topic... And we stay in touch with Russian developers from 4PDA too... They have some news and i think their MiUi v6 work with your Gionee phone ;D

I can't find Kazam device in the TWRP Manager . Now I don't know how to install the recovery

Hello . Any other way to install twrp as i have a locked phone . Cant remove passcode. I had it laying around for some time and i cant find the password. Any idea ? thank you

Lineage OS use experience on MIX

Lineage OS use experience
1. Development used in the final version of the ADT， found after upgrade 7.0，logcat does not println log ，enter USB-driver ini add VID but not work ，finaly use eclipse install ADT offline zip or AS work；
2.USB ehernet and wireless sharing not work ，no one mentioned 。kernel of this piece I do not understand ，xiaomi github kernel code havenothing，MIX repair package 5、6 actually repair the kernel ，Wonder how these great gods how to find up the package up
3. Telecom in the 2 card I tried to change build.properties、 * # *#4636# *#* into the engineering model set the preferred mode ，but no matter how the restart will fall to register the network ；
4.NFC is not available
5. Fingerprint in Alipay is that is not available，but I see ZUK machine support do not know how to achieve
6.magisk there are several modules such as open google assistant that I tried it is possible
In fact, the kernel how to build is most important

Magisk for treble

I am using the version of magisk modified by @TeamMex for his Treble based Xperience ROM on Moto Z Play and I can't get magisk hide to work or modules to install. I found a work around for the modules but I really need magisk hide, is there a certain file I can make or copy from another device to force it to work? This is the log if any smart people want to give it a shot.

I'm completely in the dark about Treble, but after looking at your log I'm curious if you have root access at all? MagiskHide is triggering, but there's a whole lot of sqlite3 database issues, which makes me thing you have su problems.
Does that Magisk version happen to have verbose logging enabled so that you have a magisk_debug.log in /data/adb? If so, that log might show more.

Didgeridoohan said:
I'm completely in the dark about Treble, but after looking at your log I'm curious if you have root access at all? MagiskHide is triggering, but there's a whole lot of sqlite3 database issues, which makes me thing you have su problems.
Does that Magisk version happen to have verbose logging enabled so that you have a magisk_debug.log in /data/adb? If so, that log might show more.
Click to expand...
Click to collapse
in unnoficial treble need to handle other partition name as vendor in this case need to mount oem partition as vendor (if we try to use oficial magisk it make a bootloops)
Su works(you can modify system partition but not vendor trying to modify vendor makes a system freezing) but MagiskHide isn't here

Hi,
Regarding the Magisk for Treble devices, I found sparse and inconsistent info. So, I suggest to write up-to-date info and details.
So, I do this summary:
At time, no official support of Magisk for Treble devices.
Some unofficial ports exists: v16.0 from @pchatzop; v16.3 from @faizauthar12; etc.
I feel that not all treble devices has equal partitions, so the unofficial versions can, or can not, work in all devices.
And this is all the info that I see.
Please, can you help to complete it?
Thank you!

manos78 said:
Hi,
Regarding the Magisk for Treble devices, I found sparse and inconsistent info. So, I suggest to write up-to-date info and details.
So, I do this summary:
At time, no official support of Magisk for Treble devices.
Some unofficial ports exists: v16.0 from @pchatzop; v16.3 from @faizauthar12; etc.
I feel that not all treble devices has equal partitions, so the unofficial versions can, or can not, work in all devices.
And this is all the info that I see.
Please, can you help to complete it?
Thank you!
Click to expand...
Click to collapse
Hey
my custom release is only for "factory" partition
although, we ( z2_plus user ) doesn't need these custom binaries anymore
we're already rename our partition to "vendor"
here is the link

faizauthar12 said:
Hey
my custom release is only for "factory" partition
although, we ( z2_plus user ) doesn't need these custom binaries anymore
we're already rename our partition to "vendor"
here is the link
Click to expand...
Click to collapse
Thank you!
As soon I'll receive my new Moto G6+, I need to know how to "port" Magisk to this model...
Regarding your mod:
It can work with other devices despite the Z2+?
Why you write in "/system" (updater-script creates "/system/addon.d/")?
Any recomendation for doing the port?
Regards. :highfive:

TWRP install

Copying instructions that were in the miscellaneous thread while we were waiting for a proper sub forum. Keep in mind that the program to get TWRP onto the phone is in Chinese and will trigger an antivirus warning. Also TWRP will be in Chinese so users have to press the button on the right in the 1st screen to enable English.
TWRP is working for Nubia Z20 Chinease, Europe and American version
Download TWRP from this link
[Mod Edit] Download link removed due to GPL incompliance
Installing TWRP steps:
1. Enable usb debugging in nubia z20
2. Connect your mobile to the computer
3. Disable Anti-virus on your computer
4. Copy paste TWRP application to C:/adb
5. Click the only button on the TWRP interface
6. On the next screen, click the only button (fastboot twrp) on the screen
7. mobile will reboot to bootloader
8. reboot to recovery
9. if you have security code, input your security pin.
10. change language by clicking right side button
11. In twrp, you can flash global rom and magisk for root
For Rooting Nubia (all version)
1. Install TWRP from the above link
2. From TWRP, you can install magisk manager (latest) and reboot to system.
3. From Magisk application, download riru modules (core & hook) install and reboot.
4. Insatll Edxposed for xposed modules
Custom modules working for Nubia:
1. Gravity Box (working only for global roms)
2. Face unlock (Magisk module)
3. Instant Face unlock (Xposed module)
4. Pixelify (Magisk module0
5. Force touch enabler (Xposed module)
6. Xposed edge (Xposed module)
7. AR core patcher (Magisk module)
8. Google cam (Gcam shared earliet posts with attached xml scripts)
9. Youtube vanced
10. Whatsapp emojis
11. L Tweaks

Linux?
What should Linux users do?

Cheako said:
What should Linux users do?
Click to expand...
Click to collapse
Switch to windows? Seriously...at least for a short time. I'm a Linux user myself but always have a Windows machine handy for flashing

n1tro said:
Switch to windows? Seriously...at least for a short time. I'm a Linux user myself but always have a Windows machine handy for flashing
Click to expand...
Click to collapse
Thanks! I haven't used Windows since the late 90s and every time I try what you're suggesting I have a horrible time. It's not worth any amount of effort to have Windows for running this one application that does something ultimately resulting in Malware. That is to say running this program is analogous to running an application that, I not only don't have the source too, but indeed can't even explain what it does. That's the vary definition of malicious software, running software that has no explainable purpose.

It piss me off why every nubia TWRP is a .exe can you just install it yourself and make a backup of your recovery partition and send us the img ?
its here ***
[Mod Edit] Download link removed due to GPL incompliance

GPL Violation.
This program is obviously linked with a compiled image of TWRP, witch is GPL. The exe is encrypted, a form of UPX. Regardless it's against copyright to distribute without source.

RomanLeFrais said:
It piss me off why every nubia TWRP is a .exe can you just install it yourself and make a backup of your recovery partition and send us the img ?
its here ***
[Mod Edit] Download link removed due to GPL incompliance
Click to expand...
Click to collapse
Looks like a boot image, but triggers the same error on my device. From another thread we are discussing the differences of V1.x(NON-EU) and phones from the EU that are V2.x. The images I've found and have been using are V2.x and the phone is from US Amazon, not that you can't purchase EU phones from there. It's unknown what version my phone is.
I've been pointing out everywhere the GPL violations and that also applies here.

Tell me if I'm wrong but the only difference beteween eu and non-eu are the radio frequency and maybe some minor adjustement that don't affect the way TWRP work, and the only difference between 1.x and 2.x are the system update it also don't affect the way TWRP need to be compiled except for the included magisk install ect in the advanced tabs that Scarlet-glass added
If you want to have your own clean version you can always compile TWRP yourself to not deal with a GPL issue (Isn't it the GNU Free software license ?) Scarlet-glass released the device tree
UPX is a compression algorithm lol, to check if its obfuscated run Detect-it-Easy on it, I did and its not obfuscated take a look at my binwalk output
https://pastebin.com/7Ut6E5Zz
The executable maybe came from the person that make the "Global" ROM for all the aliexpress seller by removing the chinese app and installing google, they left their "weibo VIP channel" in /etc on the system part but I don't know how to join.
So anyway I doubt they copyrighted their TWRP image and its normal that the recovery image appear as a boot image because it is one lol

Apparently this device is not the same for EU users as America or China, that is to say one model for EU and another model for NON-EU(presumably China, India, Japan, Canada, US, ect). I was using V2.x(EU) files, but my phone is V1.x(NON-EU). The major version numbers are more like part of the model number than like a version indicator. Here is the full dump where I got the boot and recovery images, it's 2.2GB compressed
https://www.filehosting.org/file/details/835328/NX627J_NubiaEmergencyDownload_V103.7z
I'll try and post just the boot/recovery images here: https://mikemestnik.net/archives/
Code:
SHA256 (NX627J_NubiaEmergencyDownload_V103.7z) = bd412eeab191c001a4ee5b11bda8a2ec7273257ccd2e1d024e60e8c6a1bd174b
SHA256 (NX627J-stock-1_03.7z) = f53a120dc7e8029bf2bb0fb7a462d027376d63bb39e4b7f2ae2f55ae2bcba9ae

RomanLeFrais said:
Tell me if I'm wrong but the only difference beteween eu and non-eu are the radio frequency and maybe some minor adjustement that don't affect the way TWRP work, and the only difference between 1.x and 2.x are the system update it also don't affect the way TWRP need to be compiled except for the included magisk install ect in the advanced tabs that Scarlet-glass added
If you want to have your own clean version you can always compile TWRP yourself to not deal with a GPL issue (Isn't it the GNU Free software license ?) Scarlet-glass released the device tree
UPX is a compression algorithm lol, to check if its obfuscated run Detect-it-Easy on it, I did and its not obfuscated take a look at my binwalk output
https://pastebin.com/7Ut6E5Zz
The executable maybe came from the person that make the "Global" ROM for all the aliexpress seller by removing the chinese app and installing google, they left their "weibo VIP channel" in /etc on the system part but I don't know how to join.
So anyway I doubt they copyrighted their TWRP image and its normal that the recovery image appear as a boot image because it is one lol
Click to expand...
Click to collapse
The file you are talking about and the one that is currently posted are nothing alike.
Code:
[email protected]:~/Downloads$ binwalk nubia\ Z20-for\ Android\ P-TWRP-3.3.1.exe
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 Microsoft executable, portable (PE)
372399 0x5AEAF SHA256 hash constants, little endian
4642204 0x46D59C MySQL ISAM compressed data file Version 10
13113062 0xC816E6 gzip compressed data, last modified: 2019-08-30 09:47:28
42228777 0x2845C29 End of Zip archive, footer length: -25518
42279022 0x285206E PARity archive data - file number 7950
42571120 0x2899570 XML document, version: "1.0"
This reminds me to add checksums to my uploads!

Cheako said:
The file you are talking about and the one that is currently posted are nothing alike.
This reminds me to add checksums to my uploads!
Click to expand...
Click to collapse
I first decompressed with upx
Code:
upx -d nubia\ Z20-for\ Android\ P-TWRP-3.3.1.exe
Edit: I downloaded 1.03 and 2.03 and try to look for diff in some files with
Code:
vimdiff <(xxd "EUROPE-ASIA/file" ) <(xxd "US/file" )
and they are a little different I didn't try the android files (system,vendor,boot etc) because they are too big though

RomanLeFrais said:
I first decompressed with upx
Code:
upx -d nubia\ Z20-for\ Android\ P-TWRP-3.3.1.exe
Edit: I downloaded 1.03 and 2.03 and try to look for diff in some files with
Code:
vimdiff <(xxd "EUROPE-ASIA/file" ) <(xxd "US/file" )
and they are a little different I didn't try the android files (system,vendor,boot etc) because they are too big though
Click to expand...
Click to collapse
help me please i am some speak english. my nubia z20 brick . i need stock rom my phone global en v203 i want to chinese rom but my phone brick.
i need rom i need help

Not working for me.....
Not able to install TWRP.
Have also tried to install img.
Have typed in "adb reboot bootloader" in command window, and the phone reboot.
But when typing "fastboot flash recovery recovery.img", it get stuck on "waiting for device".
Anyone have the correct USB driver?
Or is the problem windows 10?
Btw, USb debugging is on, and OEM unlocking is on.
Ui is CNCommon_V2.17.
The China special with no update function, beside update by usb-c OTG, wich don't work.

Why can not create backup from TWRP, both to the internal memory and to the flash card via OTG, writes an error.

Olfoss said:
Not able to install TWRP.
Have also tried to install img.
Have typed in "adb reboot bootloader" in command window, and the phone reboot.
But when typing "fastboot flash recovery recovery.img", it get stuck on "waiting for device".
Anyone have the correct USB driver?
Or is the problem windows 10?
Btw, USb debugging is on, and OEM unlocking is on.
Ui is CNCommon_V2.17.
The China special with no update function, beside update by usb-c OTG, wich don't work.
Click to expand...
Click to collapse
please answer me

n1tro said:
Copying instructions that were in the miscellaneous thread while we were waiting for a proper sub forum. Keep in mind that the program to get TWRP onto the phone is in Chinese and will trigger an antivirus warning. Also TWRP will be in Chinese so users have to press the button on the right in the 1st screen to enable English.
TWRP is working for Nubia Z20 Chinease, Europe and American version
Download TWRP from this link
https://drive.google.com/file/d/1rpyehWTPdzzNLhZVqvOuaPmoZ0bG0gak/view?usp=sharing
Installing TWRP steps:
1. Enable usb debugging in nubia z20
2. Connect your mobile to the computer
3. Disable Anti-virus on your computer
4. Copy paste TWRP application to C:/adb
5. Click the only button on the TWRP interface
6. On the next screen, click the only button (fastboot twrp) on the screen
7. mobile will reboot to bootloader
8. reboot to recovery
9. if you have security code, input your security pin.
10. change language by clicking right side button
11. In twrp, you can flash global rom and magisk for root
For Rooting Nubia (all version)
1. Install TWRP from the above link
2. From TWRP, you can install magisk manager (latest) and reboot to system.
3. From Magisk application, download riru modules (core & hook) install and reboot.
4. Insatll Edxposed for xposed modules
Custom modules working for Nubia:
1. Gravity Box (working only for global roms)
2. Face unlock (Magisk module)
3. Instant Face unlock (Xposed module)
4. Pixelify (Magisk module0
5. Force touch enabler (Xposed module)
6. Xposed edge (Xposed module)
7. AR core patcher (Magisk module)
8. Google cam (Gcam shared earliet posts with attached xml scripts)
9. Youtube vanced
10. Whatsapp emojis
11. L Tweaks
Click to expand...
Click to collapse
please can you improve twrp for android 11 this way

I can't. I'm not a developer. The information above was done by someone else before the forum was created. I only copied the content over.
This phone has almost no support unless you are using the Chinese version. Nubia does not care about the global market as they make enough money selling phones within China in my opinion.

n1tro said:
I can't. I'm not a developer. The information above was done by someone else before the forum was created. I only copied the content over.
This phone has almost no support unless you are using the Chinese version. Nubia does not care about the global market as they make enough money selling phones within China in my opinion.
Click to expand...
Click to collapse
i will never buy a nubia phone again.

I upgraded to android 11 beta for nubia z20, it installed without issue, but I was not satisfied with the upgrade because I could not access my contacts. I tried to reinstall the standard ROM back, it loads the nubia logo and then shows the warning “Device is corrupted. It can't be trusted and won't boot. " I have flashed the Nubia z20 unbrick tool v1.03 and this does not help either, please help

[GUIDE] Re-locking the bootloader on the OnePlus 6t with a self-signed build of LOS

What is this tutorial?
This tutorial will:
Creating an unofficial build of LineageOS 17.1 suitable for using to re-lock the bootloader on a OnePlus 6/6t
Take you through the process of re-locking your bootloader after installing the above
This tutorial will NOT:
Remove *all* warning messages during boot (the yellow "Custom OS" message will be present though the orange "Unlocked bootloader" message will not)
Allow you to use official builds of LineageOS 17.1 on your device with a re-locked bootloader (more details near the end of the tutorial)
This tutorial will assume you are working on an Ubuntu 18.04 installation, if you are using Windows or another Linux distro, the commands may be different.
Supported devices:
Current both the OnePlus 6 (enchilada) and 6t (fajita) have been tested, but newer phones should work as well.
For simplicities sake, all further references will only be to the 6t (fajita).
Pre-requisites:
a mid level knowledge of terminal commands and features
a supported phone
a PC with enough CPU/RAM to build LineageOS 17.1 (recommended 8 cores, 24g of RAM)
a working USB cable
fastboot/adb installed and functional
LineageOS 17.1 source code downloaded
at least one successful build of LineageOS
at least one successful signing of your build with your own keys
Misc. notes:
the basics of building/signing of LineageOS is outside the scope of this tutorial, refer to the LineageOS Wiki for details on how to complete these tasks
you'll be modifying some code in LineageOS, so if you are not comfortable using basic editing utilities as well as patch, do not proceed any further
the path to your LineageOS source code is going to be assumed to be ~/android/lineageos, if it is somewhere else, substitute the correct path in the tutorial
the path to your private certificate files is going to be assumed to be ~/android-certs, if it is somewhere else, substitute the correct path in the tutorial
*** WARNING ****
This process may brick your device. Do not proceed unless you are comfortable taking this risk.
*** WARNING ****
This process will delete all data on your phone! Do not proceed unless you have backed up your data!
*** WARNING ****
Make sure you have read through this entire process at least once before attempting, if you are uncomfortable with any steps include in this guide, do not continue.
And now on with the show!
Step 1: Basic setup
You need a few places to store things, so create some working directories:
Code:
mkdir ~/android/fajita
mkdir ~/android/fajita/oos
mkdir ~/android/fajita/images
mkdir ~/android/fajita/images_raw
mkdir ~/android/fajita/patches
mkdir ~/android/fajita/pkmd
You also need to add "~/android/lineageos/out/host/linux-x86/bin" to your shell's profile path. Make sure to close and restart your session afterwards otherwise the signing will fail later on with a "file not found" error message .
Step 2: Download the latest OxygenOS from OnePlus
Go to https://www.oneplus.com/support/softwareupgrade and download the latest OOS update, store it in ~/android/fajita/oos
Step 3: Extract the vendor.img from OOS
Run the following commands to extract the vendor.img from OOS:
Code:
cd ~/android/fajita/oos
unzip [oos file name you downloaded] payload.bin
cd ../images_raw
python ~/android/lineageos/lineage/scripts/update-payload-extractor/extract.py --partitions vendor --output_dir . ../oos/payload.bin
You should now have a ~1g file named vendor.img in the images_raw directory.
Step 4: Update fajita's BoardConfig.mk
You will need to add a few parameters to the end of ~/android/lineageos/device/oneplus/fajita/BoardConfig.mk, they are:
Code:
BOARD_PREBUILT_VENDORIMAGE := /home/<userid>/android/fajita/images_raw/vendor.img
AB_OTA_PARTITIONS += vendor
BOARD_AVB_ALGORITHM := SHA256_RSA2048
BOARD_AVB_KEY_PATH := /home/<userid>/.android-certs/releasekey.key
Note you cannot use "~"" in the path names above to signify your home directory, so give the full absolute path to make sure the files are found.
Step 5: Update sdm845-common's BoardConfigCommon.mk (optional)
LineageOS by default disables Android Verified Boot's partition verification, but you can enable it now as all the required parts will be in place. However, you may not want to if you intend to make other changes to the system/boot/vendor partitions (like Magisk, etc.) after you have re-locked the bootloader.
To enable partition verification do the following:
Code:
cd ~/android/lineageos/devices/sdm845-common
sed -i 's/^BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2/#BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2/' BoardConfigCommon.mk
Step 6: Patch the AOSP/LineageOS releasetools
Two releasetools included with LineageOS need to be patched as they otherwise will not properly process a pre-built vendor.img.
The required patches can be found here:
https://raw.githubusercontent.com/W.../source/add_img_to_target_files.py-17.1.patch
https://raw.githubusercontent.com/W...r/source/sign_target_files_apks.py-17.1.patch
Download both and store in ~/android/fajita/patches.
Now apply them with the following commands:
Code:
cd ~/android/lineageos/build/tools/releasetools
patch add_image_to_target_files.py ~/android/fajita/patches/add_image_to_target_files.py-17.1.patch
patch sign_target_files_apks.py ~/android/fajita/patches/sign_target_files_apks.py-17.1.patch
Step 7: Build LineageOS
You are now ready to build:
Code:
cd ~/android/lineageos
source build/envsetup.sh
croot
breakfast fajita
mka target-files-package otatools
Step 8: Prepare vendor.img
As part of the build process above, your raw vendor.img will been copied to the $OUT directory and a new hashtree (what AVB uses to verify the image) will have been added to it.
You need to use this new version in the signing process but due to how the build system works, this is not done by default.
So, let's put it where it is needed:
Code:
cp $OUT/obj/PACKAGING/target_files_intermediates/lineage_fajita-target_files-eng.*/IMAGES/vendor.img ~/android/fajita/images
Step 9: Sign the APKs
You are now ready to sign the apks with sign_target_files_apks:
Code:
./build/tools/releasetools/sign_target_files_apks -o -d ~/.android-certs --prebuilts_path ~/android/fajita/images $OUT/obj/PACKAGING/target_files_intermediates/*-target_files-*.zip signed-target_files.zip
Note the new "--prebuilts_path" option, which points to where your new vendor.img file is located.
Step 10: Build the OTA
Now it is time to complete the OTA package:
Code:
./build/tools/releasetools/ota_from_target_files -k ~/.android-certs/releasekey --block signed-target_files.zip lineage-17.1-[date]-UNOFFICIAL-fajita-signed.zip
Note, replace [date] with today's date in YYYYMMDD format.
Step 11: Create pkmd.bin for your phone
Before you can lock your phone, you have to tell it what your public key is so it knows it can trust your build.
To do this you need to create a pkmd.bin file:
Code:
~/android/lineageos/external/avb/avbtool extract_public_key --key ~/.android-certs/releasekey.key --output ~/android/fajita/pkmd/pkmd.bin
Step 12: Flashing your LineageOS build
It's time to flash your build to your phone. The following steps assume you have already unlocked your phone and have flashed an official version of LineageOS to it. You don't need to have flashed LineageOS yet, you could use TWRP through "fastboot boot" if you prefer.
Reboot your phone in to recovery mode
In LineageOS Recovery select "Apply update"
From your PC, run:
Code:
adb sideload ~/android/lineageos/lineage-17.1-[date]-UNOFFICIAL-fajita-signed.zip
When the sideload is complete, reboot in to LineageOS. Make sure everything looks good with your build.
You may also need to format your data partition at this time depending on what you had installed on your phone previously.
Step 13: Flashing your signing key
Now it's time to add your signing key to the Android Verified Boot process. To do so, do the following:
Reboot your phone in to fastboot mode
From your PC, run:
Code:
fastboot flash avb_custom_key ~/android/fajita/pkmd/pkmd.bin
fastboot reboot bootloader
fastboot oem lock
On your phone, confirm you want to re-lock and it will reboot
Your phone will then factory reset and then reboot in to LineageOS.
Which of course means you have to go through the first time setup wizard, so do so now.
Step 14: Disable OEM unlock
Congratulations! Your boot loader is now locked, but you can still unlock it again using fastboot, so it's time to disable that as well.
Unlock you phone and go to Settings->About phone
Scroll to the bottom and find "Build number"
Tap on it you enable the developer options
Go to Settings->System->Advanced->Developer options
Disable the "OEM unlocking" slider
Reboot
Step 15: Profit!
Other things
The above will build a standard USERDEBUG version of LineageOS, however this will still allow LineageOS Recovery to sideload non-signed files. If you have implemented step 5 above, then this protects your system/vendor/boot/dtbo partitions, but none of the others. Likewise USERDEBUG builds will allow for rolling back to a previous version. To increase security and disallow both of these scenarios you may want to build a USER version of LineageOS to install. However this brings in other issues, such as flashing newer firmware from OnePlus so make sure you understand the implications of both choices. For more details on build types, see https://source.android.com/setup/develop/new-device#build-variants.
In the above example the releasekey from your LineageOS install has been used to sign AVB, but AVB supports other key strengths up to SHA512_RSA8192. You could create a key just for signing AVB that used different options than the default keys generated to sign LineageOS.
If you want to remove you signing key from your phone, you can do it by running "fastboot erase avb_custom_key".
The changes you made to the make files and releasetools may conflict with future updates that you pull from LineageOS through repo sync, if you have to reset the files to get repo sync to complete successfully, you'll have to reapply the changes afterwards.
So why can't I do this with official LineageOS builds?
For Android Verified Boot (AVB) to work, it must have the hash values for each of the system/vendor/boot/dtbo partitions stored in vbmeta. Official LineageOS builds do not include the vendor.img in them (for fajita at least, other phones may), instead simply using the existing partition on the phone.
That means that there is no vendor.img information in vbmeta for the official builds, which means AVB will fail to verify it during boot and give the red corruption message and halt the boot process after you have re-locked the bootloader.
And since you cannot add to vbmeta without the LineageOS private key, which only the LineageOS signing server has, you cannot add it.
This means you must do a full build with new signing keys to make it work.
Theoretically you could pick apart a LineageOS release, rehash the system/vendor/boot/dtbo and then recreate vbmeta and the payload.bin file, but that brings a host of other issues. For example, since such a "build" would look like a full LinageOS release, if you ever accidentally let the updater run it would brick (soft) that slot and you'd have swap back to your other slot to boot again. In an extreme case, if you managed to corrupt the second slot somehow you'd have to wipe your entire and recover from the brick with one of the available tools to do so.
Ok, what messages do I see during the boot process then?
During a boot you will of course see the standard OnePlus power up screen, followed by the yellow "custom os" message an then the stardard LineageOS boot animation.
For more details on AVB boot messages, see https://source.android.com/security/verifiedboot/boot-flow
So what do those two patches to the release tools do?
AOSP/LineageOS's add_image_to_target_files.py detects if a vendor.img file already exists, and if so, simply includes it in the build process. The patch adds one extra step, so that AVB is being enabled for the build, it will replace the existing hashtree on vendor.img using the same salt and other options as will be used on system/boot/dtbo. This ensure that when vbmeta is generated, it has the right information from vendor.img.
The script is called from the make system as part of the "mka target-files-package otatools" and the appropriate parameters from the make system, like "BOARD_PREBUILT_VENDORIMAGE", are used to create arguments to the script to build the standard image files as well as include the prebuilt vendor.img.
This script is used both during the initial build as well as the signing process, but this change is only targeted at the build time implementation. During signing, the script uses whatever hashtrees are in place and does not regenerate them.
AOSP/LineageOS's sign_target_files_apks.py is responsible for signing the APKs that have been built as part of "mka target-files-package otatools", unfortunately it is not part of the "make" system, so settings like "BOARD_PREBUILT_VENDORIMAGE" do not impact the script. This means that sign_target_files_apks.py does not have any knowledge that it should be including a pre-built vendor.img, even though it is in the $OUT directory waiting to be used.
The patch adds a new parameter to the script (--prebuilts_path), so that during the signing process, any image files found in the provided path, will be included in the process. So make sure that only vendor.img is in the provided directory. This is a directory instead of a single file as future uses may be to include things like firmware, other partition types, etc. in to the signing process.
Thank you's
Obviously to all of the members of the LineageOS team!
LuK1337 for supporting fajita
optimumpro for the OnePlus 5/5t re-locking guide (https://forum.xda-developers.com/oneplus-5/how-to/guide-relock-bootloader-custom-rom-t3849299) which inspired this one
Quark.23 for helping with the process and testing on enchilada

Nice , Will this enable widewine L1?

jsidney96 said:
Nice , Will this enable widewine L1?
Click to expand...
Click to collapse
I don't believe there is a connection between the two.

WhitbyGreg said:
I don't believe there is a connection between the two.
Click to expand...
Click to collapse
If you unlock bootloader on phones supporting L1 they drop to L3. I know some Oneplus phones (op6 etc.) did not support L1 even on stock.

cowgaR said:
If you unlock bootloader on phones supporting L1 they drop to L3. I know some Oneplus phones (op6 etc.) did not support L1 even on stock.
Click to expand...
Click to collapse
Yeah.. It brings it to L1
Great writeup @WhitbyGreg
As Android security gets tighter and tighter, hoping one day all ROMs would support AVB by default..
---------- Post added at 06:16 PM ---------- Previous post was at 05:48 PM ----------
Curious question here,
WhitbyGreg said:
*** will build a standard USERDEBUG version of LineageOS, however this will still allow LineageOS Recovery to sideload non-signed files. If you have implemented step 5 above, then this protects your system/vendor/boot/dtbo partitions, but none of the others. Likewise USERDEBUG builds will allow for rolling back to a previous version. To increase security and disallow both of these scenarios you may want to build a USER version of LineageOS to install. However this brings in other issues, such as flashing newer firmware from OnePlus so make sure you understand the implications of both choices***
Click to expand...
Click to collapse
After a launch of any phone, how drastic are such firmware updates to bother about? In other words, Unless we're in stock ROM is it mandatory to update phone firmware?

arvindgr said:
Yeah.. It brings it to L1
Click to expand...
Click to collapse
Good to know.
arvindgr said:
Great writeup @WhitbyGreg
As Android security gets tighter and tighter, hoping one day all ROMs would support AVB by default..
Click to expand...
Click to collapse
That would be nice but more importantly, more phones need to support re-locking.
arvindgr said:
Curious question here,
After a launch of any phone, how drastic are such firmware updates to bother about? In other words, Unless we're in stock ROM is it mandatory to update phone firmware?
Click to expand...
Click to collapse
Reasonably important, after all, if you never get firmware updates you'll have outdated security patching for the firmware. Some official LOS builds require newer versions of the firmware as they are released and won't install without it.

This guide was very helpful to me when re-locking my Oneplus 7T and enabling hash/hashtree verification. A dude on telegram had actually sent me the link and I only briefly skimmed over. Ironically when looking for patches to fix my issues after attempting to include pre-built vendor/odm and failing I cross referenced and ended up back here.
Here's where I originally found them:
https://review.lineageos.org/c/LineageOS/android_build/+/278015
https://review.aosip.dev/c/AOSIP/platform_build/+/13385
I myself have made some more patches to ensure every possible pre-built image gets signed on my builds. After some experimentation I have found it possible to have Magisk with hash verification enabled
https://github.com/Geofferey/omni_android_build/commits/geofferey/android-10
There is also a fix to ensure appropriate args get passed when regenerating hashtree for pre-built vendor.

Geofferey said:
This guide was very helpful to me when re-locking my Oneplus 7T and enabling hash/hashtree verification.
Click to expand...
Click to collapse
So you can confirm you have relocked the bootloader on the 7T with AVB enabled?
Geofferey said:
A dude on telegram had actually sent me the link and I only briefly skimmed over. Ironically when looking for patches to fix my issues after attempting to include pre-built vendor/odm and failing I cross referenced and ended up back here.
Here's where I originally found them:
https://review.lineageos.org/c/LineageOS/android_build/+/278015
https://review.aosip.dev/c/AOSIP/platform_build/+/13385
Click to expand...
Click to collapse
Yes, those are my patches that I've submitted to LOS, I also have two other patches submitted to allow for other prebuilt images (aka firmware images) to be included in the build process.
Geofferey said:
I myself have made some more patches to ensure every possible pre-built image gets signed on my builds. After some experimentation I have found it possible to have Magisk with hash verification enabled
https://github.com/Geofferey/omni_android_build/commits/geofferey/android-10
There is also a fix to ensure appropriate args get passed when regenerating hashtree for pre-built vendor.
Click to expand...
Click to collapse
I'll take a look and see if I need to update any of my submissions, thanks.

I will have to update those commits with you as author. I messed that up and set person who picked yours as author. I am sorry. BTW thank you for those patches they were a lifesaver and inspired me.
Yes, I can confirm re-lock with AVB enabled on 7T works and also with hash verification. If I flash an image not signed by the build process with hash verification enabled I go red. Currently I am working on getting magisk directly integrated with build instead of using prebuilt patched imgs that cause builds to not pass CTS.

Geofferey said:
Currently I am working on getting magisk directly integrated with build instead of using prebuilt patched imgs that cause builds to not pass CTS.
Click to expand...
Click to collapse
Why do you want to put Magisk if you went to all the trouble of having avb with a locked bootloader? Isn't rooting defeating the purpose of avb?

quark23 said:
Why do you want to put Magisk if you went to all the trouble of having avb with a locked bootloader? Isn't rooting defeating the purpose of avb?
Click to expand...
Click to collapse
No, it does not defeat the purpose... Hashtree verification will still happen since root can be included in the build as opposed to flashing after the fact. In a way it's actually even more advised. The way I think, having root may lead to a means of being exploited but true AVB closes the door to any persistent rootkits that may try to modify partitions at block level. If ANYTHING modifies the verified partitions phone will refuse to boot and I will be protected. Doing exactly what AVB is supposed to do, verify the phone is in it's intended state. I also think of phone as a computer, you have root access on Linux, Windows and even Mac for Christ sake, why shouldn't it be the same for phones? The ONLY reason we don't by default is so manufacturers and carriers can stay in control. I've been rooting and modifying phones for years without AVB and yet to have a known breech of my data besides the Google apps constantly collecting on me. This just adds another level of security that I used to sacrifice in order to have root access.
Here is my PoC to include Magisk in builds so dm-verity can be kept enabled. Just two commits. If someone could make this better that would be really cool.
https://github.com/Geofferey/omni_android_build/commit/d60958780e6b26d7cb0cec5939b82df3df74a68f
https://github.com/Geofferey/android_vendor_magisk

I have rooted for testing and you don't gen any warning. The way avb works on my phone is it discards any modification after reboot. With no warning at boot time. If you get hacked, you can have persistent hacks with root. Make a modification from twrp with avb enabled and see for yourself.
You break the Android security model by rooting the phone. If you need certain things you can include them at build time, such as a custom hosts file.
Also, what can you do with root that does not alter the hashtree?
The power you mention is of no real use yet you expose yourself by having it. Sure, you can go by without any issues. The problem is if you happen to get hacked, the attacker has full control over your phone. You won't br able to get rid of it by rebooting.
Also I see no way for google to collect data in this setup, with or without root. Afwall has an equivalent in android 10 (that mobile data & wifi setting) and inter process comms are the real issue if you are worried about rogue apps. Afwall leaks dns requests like crazy anyway.
I say you are better off letting root go and include what you need at build time. I see that as better spent effort than trying to add root.

quark23 said:
I have rooted for testing and you don't gen any warning. The way avb works on my phone is it discards any modification after reboot. With no warning at boot time. If you get hacked, you can have persistent hacks with root. Make a modification from twrp with avb enabled and see for yourself.
Click to expand...
Click to collapse
So you built your ROM from source with root included, had TWRP go through signing and was able to modify system and other partitions without receiving a device corrupt message? I highly doubt AVB is even implemented appropriately if you were able to do so. If it is implemented it sounds like the old version, tho I remember if I violated FS too much it wouldn't be able to fix and failed to boot. Having a locked bootloader because AVB is enabled does not mean dm-verity is enabled. Also, it should be nearly impossible to just write things like files to /system or w.e. if you are on a device that ships with 10.
quark23 said:
You break the Android security model by rooting the phone. If you need certain things you can include them at build time, such as a custom hosts file.
Click to expand...
Click to collapse
I know it does, but I am not doing such small things as modifying a host file. The kinds of things I include in my personal ROMs require such a high level of access to the point where I can not write SE polices that will allow me to pass CTS and spit out user builds without serious modifications to the build env.
quark23 said:
Also, what can you do with root that does not alter the hashtree?
The power you mention is of no real use yet you expose yourself by having it. Sure, you can go by without any issues. The problem is if you happen to get hacked, the attacker has full control over your phone. You won't b able to get rid of it by rebooting.
Click to expand...
Click to collapse
The act of flashing Magisk is what breaks AVB, if you include it in the ROM at build time like I am doing then it doesn't need to be flashed. It makes modifications to the system by binding data from the wipeable data partition to /system/. If something utilizes that to install a backdoor or tunnel it goes bye-bye when I wipe. If something utilizes it to flash anything or modify system device no boot.
quark23 said:
Also I see no way for google to collect data in this setup, with or without root. Afwall has an equivalent in android 10 (that mobile data & wifi setting) and inter process comms are the real issue if you are worried about rogue apps. Afwall leaks dns requests like crazy anyway.
Click to expand...
Click to collapse
You're kidding right? Android solely exist as a mean for Google to collect data. That was the whole idea behind Android. Buy & develop an OS that any manufacturer can put on their device, let them certify for Google Play Services and collect the data that powers their ad platform. They certainly didn't opensource their baby for free. If you allow ports 80 and 443 out with inbound related allowed, that's all they need.
quark23 said:
I say you are better off letting root go and include what you need at build time. I see that as better spent effort than trying to add root.
Click to expand...
Click to collapse
I'd just rather the manufactures and Google would implement a root solution that plays nice with Androids security instead of making us resort to violating it. It's funny to me that we find it acceptable for these fools to maintain control of something you purchased with your hard earned dollars because they think we are too stupid to have it. Like I stated root and admin privileges are fully available to us on nearly any PC but phones for some reason are an exception.
_________________________________________________
I could rant and debate about this forever... Fact of matter is, you don't have to disable every Android security feature to have root.

I didn't build with magisk, I just flashed after building.
But you can try and modify anything on /system or /vendor from twrp, without magisk, without locking the bootloader, and see what happens. Avb discards the modification, but doesn't warn you. Curious of your findings regarding this. If you then flash magisk, you ofc break the hashtree and avb and the mods remain persistent.
I understand that you are building with magisk included in the hashtree. What I am wondering is what exactly are you wanting root for? What are you doing with root that does not break the hashtree?
Regarding the data collection, you lost me. What exactly is being collected on a LOS userbuild without google services? Got any dns logs or mitm wireshark packets to show? What service exactly is collecting what kind of data? Google's dns servers can be replaced before building, Greg has some scripts for that. Captive portal can also be replaced or turned off. Apart from that, and any apps you add yourself, what kind of data is being collected as I want to check it out myself. I've monitored my phone and it's pretty silent. Whatever goes out is from additional apps I use. But I don't see anything from LOS. Really curious about this.
Regarding your last point I think it's something akin to risking shooting yourself in the foot by having root by default. I understand (somewhat) the security model and I find it smart to not have it by default. Also Android uses selinux more than your standard linux distro does. There are some differences in the security models between android and pc linux distro.
I'm really hapoy that AOSP exists. Also pretty happy with the LOS project. My problem is with the outdated blobs. Maybe I'll get a Pixel at some point and give GrapheneOS a go. Seems like a really nice project.
Managed to get hardened malloc + Vanadium on LOS atm and I'm liking the browser. Overall I think AOSP is a great project. Not a fan of google's privacy policy but they do make great stuff.

quark23 said:
I understand that you are building with Magisk included in the hashtree. What I am wondering is what exactly are you wanting root for? What are you doing with root that does not break the hashtree?
Click to expand...
Click to collapse
Ah, there lies the real question. I am including in my personal builds a Debian Linux chroot that gets extracted to /data/ so I can run Linux services, etc. I have customized the chroot with Openvpn so that it connects to my server and essentially allows me back into device wherever it may lay. Basically I am adding in the stuff of nightmares that all this security is supposed to prevent. That is why I want dm-verity, because I know I am leaving my self partially open by doing so. I have a decent understanding of dm-verity and have confirmed that it does and will protect me against the scenarios I imagine. BTW it operates completely differently in locked state vs. unlocked.
quark23 said:
Regarding the data collection, you lost me. What exactly is being collected on a LOS userbuild without google services?
Click to expand...
Click to collapse
Well, if you're the type of person who doesn't require Google Play Services, nothing of course. I was merely stating that Google had open sourced Android in hopes that manufacturers would adopt the OS and qualify their devices for Google PS so that it could be used as a data collection platform. You won't easily see all the information Google collects in a Wireshark log because it is encrypted of course. LOS better be silent as hell without it or I'd contact that dev with a strongly worded message lmfao.
quark23 said:
Regarding your last point I think it's something akin to risking shooting yourself in the foot by having root by default. I understand (somewhat) the security model and I find it smart to not have it by default. Also Android uses selinux more than your standard linux distro does. There are some differences in the security models between android and pc linux distro.
Click to expand...
Click to collapse
Oh I DO NOT think it should just be enabled by default. If I had my way it would be enabled in dev ops requiring authentication and protected via a different password than the one you use to unlock the device once setup. You'd also require those "root" privileges to OEM unlock once enabled. While those features were enabled you'd be warned on boot as well but without locking you out of apps etc because that kind of sensitive data should be handled by TEE and TZ. In a real Linux operating system that hasn't been fundamentally raped to offer a false sense of security in the name of protecting carriers and manufactures you can modify SE linux policies etc, not while live but without compiling from source. A lot of us forget most these security features exist more to protect their interest and attempt to hide what's going on behind the scenes. I've actually heard of some pretty shady stories where manufacturers in China place ad-tappers that run in background on devices running GooglePS to be sold in US, so it definitely doesn't protect you if the person building your phone is shade.
quark23 said:
I'm really hapy that AOSP exists. Also pretty happy with the LOS project. My problem is with the outdated blobs. Maybe I'll get a Pixel at some point and give GrapheneOS a go. Seems like a really nice project.
Managed to get hardened malloc + Vanadium on LOS atm and I'm liking the browser. Overall I think AOSP is a great project. Not a fan of google's privacy policy but they do make great stuff.
Click to expand...
Click to collapse
Me too mate. . AOSP has taught me a lot about development and coding in general. Sadly outdated blobs are a usually a by-product of using pre-builts from manufacturers that don't update as often. Pixel would be way to go if that's a concern. I honestly just think a lot of the security is abused to suit their needs. I am just trying to turn it around to work for me where it can.

If you repo sync you should run the vendor files script as there's a couple of new files added. The Muppets github has been updated with them as well. If you don't your build will fail at first power on.

A quick question, forgive me if this is obvious: am I correct in assuming that one the above has been completed and the device is using a locally-built copy of Lineage OS, that I cannot take advantage of OTA updates? I just want to know what I'm getting in to before wiping my phone multiple times.
Thanks in advance, this thread is massively helpful.

nictabor said:
A quick question, forgive me if this is obvious: am I correct in assuming that one the above has been completed and the device is using a locally-built copy of Lineage OS, that I cannot take advantage of OTA updates? I just want to know what I'm getting in to before wiping my phone multiple times.
Thanks in advance, this thread is massively helpful.
Click to expand...
Click to collapse
Correct, though if you setup your own update server you can still use the inbuilt updater app if you want.

I just happened across this thread searching for a proper way to generate the custom avb key. I thought i had found it at one time on aosp documentation but i lost/forgot where it was.
Anyways, I have a quick q about this. Would I be correct in assuming that if i wanted gapps to be available in my build, I would need to include it during build time and not be able to flash it as per the typical methods?
I am pretty sure I won't be able to but wanted to ask here for you guys' experiences.
Also, @WhitbyGreg you should be able to i believe. just setup the url properly and host it somewhere with direct download links. (This also requires setup of json for the updater to monitor for updates)

klabit87 said:
Would I be correct in assuming that if i wanted gapps to be available in my build, I would need to include it during build time and not be able to flash it as per the typical methods?
Click to expand...
Click to collapse
Correct (at least as far as I know), once the bootloader is relocked any modification of the system partition (like adding the play services) would trigger an AVB failure.