Question Settings in Developer Options - Redmi Note 10S

Is it possible to enable Install via USB and USB debugging (Security settings) without having a Mi account on the device? And what does MIUI optimisation options do?

Yes. MIUI optimizations heavily restrict background apps which lead to battery savings among other things.

Yes for the first question? Then how?
miravision said:
Yes. MIUI optimizations heavily restrict background apps which lead to battery savings among other things.
Click to expand...
Click to collapse

You need to root your phone. Here is a termux script that will achieve what you want without Mi account.
Code:
su
setprop persist.security.adbinstall 1
Edit file /data/data/com.miui.securitycenter/shared_prefs/remote_provider_preferences.xml
and change value to true if it's set to false or add line before the closing </map> tag. Reboot
Code:
<boolean name="security_adb_install_enable" value="true" />
Code:
reboot

I guess rooting will have to wait... can''t void warranty in a new phone before I have had a chance to test it fully. But, thank you. I will save the above.

I'm trying to disable automatic updates , i disabled them everywhere i could , including developer options but when i enable wifi , the updater app notifies me that i have a new update. Indeed, it won't update without my confirmation but i want to get rid of notifications completely . The notifications for this updater system app can not be turned off . Any workaround for this ?

miravision said:
You need to root your phone. Here is a termux script that will achieve what you want without Mi account.
Code:
su
setprop persist.security.adbinstall 1
Edit file /data/data/com.miui.securitycenter/shared_prefs/remote_provider_preferences.xml
and change value to true if it's set to false or add line before the closing </map> tag. Reboot
Code:
<boolean name="security_adb_install_enable" value="true" />
Code:
reboot
Click to expand...
Click to collapse
should this be valid in MIUI 13?
I did save the xml file twice, but after reboot the line for "install enable" was gone.
Any further ideas to mod this - without logging in to Mi Account?
Thaks
linolino
oops EDIT: I did an reboot via button instead of entering "reboot" in adb/termux - so I can confirm the toggel button is still on after command "reboot" in case of pressing button for reboot it was reverted ;-)

@miravision
is there another line for MIUI.
"Install via USB" worked to be turned on.
But still "USB debugging (Security settings)" can't be turned on in developer options.
This would be the toggle from this repeating screen shot: https://github.com/Genymobile/scrcpy/issues/70
Thanks
linolino

miravision said:
You need to root your phone.
Click to expand...
Click to collapse
this is a chicken egg problem:
in turn, root requires unlocking the bootloader (which requires logging in with a mi account over a cellular data sim, it doesn't allow this over wifi)

Related

Screen overlay detected

After updating my Huawei Mate S to Android Marshmallow EMUI 4.0.1 (CRR-L09C432B361) I am having screen overlay issue. Sorry, I can't give screenshot. Gallery, facebook upload, Gmail etc. are not working properly. I am getting a message like this- "Screen overlay detected- To change this permission setting you first have to turn off the screen overlay from Settings > Apps". When I click on Settings tab, it takes me to a settings section named "Draw over other apps". When I click on the relevant app, I find some of their permissions denied, which I can't turn on. I did some googling and found some other related posts mostly indicating to disable some kind of screen filtering apps or clean master which I don't have. Tried resetting, then wiping cache data, didn't fix. Tried disabling developer options, didn't work. Can anyone help to solve this issue.
As you probably know by now & as I understand it, this is a security measure, which will trigger Marshmallow to pop-up 'Screen overlay detected...' warnings each time you try to change an app's permissions (i.e. for the apps that are affected by this 'drawing over other apps' feature).
There are 2 ways to get around this so you are allowed to freely change apps' permissions (do one or the other - whichever is more convenient for you):
1. Go to Settings > Apps > access 'Advanced' (near the bottom) > under 'Advanced' subsection, access 'Draw over other apps'. Here, individually change the settings of ALL the apps to 'No' (in other words, disable 'Permit drawing over other apps' for every app). Once done, you can freely change apps' permissions in Settings > Apps > [name of app] > 'Permissions' without the annoying 'Screen overlay detected...' warning popping-up every time. Once you have correctly changed the permissions (for every app that's not working properly), you should return to individually change each of the apps' settings to 'Yes' in the 'Draw over other apps' section (in other words, re-enable 'Permit drawing over other apps' for every app).
or (easier for me)
2. Reboot your phone into Safe Mode (click here if you need to know how). Once in Safe Mode, you can freely change apps' permissions in Settings > Apps > [name of app] > Permissions without the annoying 'Screen overlay detected...' warning popping-up every time. Once you have correctly changed the permissions (for every app that's not working properly), restart the phone as normal.
For both of the above & If you prefer, all changeable apps' permissions can also be easily done via Settings > Apps > access 'Advanced' (near the bottom) > access 'App permissions'.
If some apps are still not working as they should, check to see that the affected apps have 'Yes' below their name in the Apps > Advanced > 'Draw over other apps' section, AND they have ALL their permissions enabled under the Settings > Apps > [name of app] > 'Permissions' section.
GaT7 said:
As you probably know by now & as I understand it, this is a security measure, which will trigger Marshmallow to pop-up 'Screen overlay detected...' warnings each time you try to change an app's permissions (i.e. for the apps that are affected by this 'drawing over other apps' feature).
There are 2 ways to get around this so you are allowed to freely change apps' permissions (do one or the other - whichever is more convenient for you):
1. Go to Settings > Apps > access 'Advanced' (near the bottom) > under 'Advanced' subsection, access 'Draw over other apps'. Here, individually change the settings of ALL the apps to 'No' (in other words, disable 'Permit drawing over other apps' for every app). Once done, you can freely change apps' permissions in Settings > Apps > [name of app] > 'Permissions' without the annoying 'Screen overlay detected...' warning popping-up every time. Once you have correctly changed the permissions (for every app that's not working properly), you should return to individually change each of the apps' settings to 'Yes' in the 'Draw over other apps' section (in other words, re-enable 'Permit drawing over other apps' for every app).
or (easier for me)
2. Reboot your phone into Safe Mode (click here if you need to know how). Once in Safe Mode, you can freely change apps' permissions in Settings > Apps > [name of app] > Permissions without the annoying 'Screen overlay detected...' warning popping-up every time. Once you have correctly changed the permissions (for every app that's not working properly), restart the phone as normal.
For both of the above & If you prefer, all changeable apps' permissions can also be easily done via Settings > Apps > access 'Advanced' (near the bottom) > access 'App permissions'.
If some apps are still not working as they should, check to see that the affected apps have 'Yes' below their name in the Apps > Advanced > 'Draw over other apps' section, AND they have ALL their permissions enabled under the Settings > Apps > [name of app] > 'Permissions' section.
Click to expand...
Click to collapse
Thanks mate for ur detailed instructions, it's solved and I am relieved...
plesae help
Feroztex said:
Thanks mate for ur detailed instructions, it's solved and I am relieved...
Click to expand...
Click to collapse
one does not work for me
I have a problem after update to B361, I can't use somes apks with my internet data (only with Wifi) like Youtube, Pokemon Go, Snapchat.
I checked and every app have all the permissions (incluyed internet data permissions) so I don't know what to do.
Any help?
Hi,
Try to flash this by TWRP Recovery, it should fix Screen overlay permissions
http://www.mediafire.com/?ouxua6rkkagi3g9
edzamber said:
Hi,
Try to flash this by TWRP Recovery, it should fix Screen overlay permissions
http://www.mediafire.com/?ouxua6rkkagi3g9
Click to expand...
Click to collapse
Don't you need the phone to be rooted to do that?
I suspect most users would have an unrooted phone.
GaT7 said:
Don't you need the phone to be rooted to do that?
I suspect most users would have an unrooted phone.
Click to expand...
Click to collapse
No, just need twrp Recovery or similar
edzamber said:
Hi,
Try to flash this by TWRP Recovery, it should fix Screen overlay permissions
http://www.mediafire.com/?ouxua6rkkagi3g9
Click to expand...
Click to collapse
Thanks man! it worked...do you have problems with apps using mobile data?? beacause i have somes apps that only works with wifi and every app is with all permissions
edzamber said:
Hi,
Try to flash this by TWRP Recovery, it should fix Screen overlay permissions
http://www.mediafire.com/?ouxua6rkkagi3g9
Click to expand...
Click to collapse
What exactly does this do? Install GooglePackageInstaller?
xdapowerapps said:
What exactly does this do? Install GooglePackageInstaller?
Click to expand...
Click to collapse
no, install from TWRP mode, it works for me, thanks my friend
edzamber said:
Hi,
Try to flash this by TWRP Recovery, it should fix Screen overlay permissions
http://www.mediafire.com/?ouxua6rkkagi3g9
Click to expand...
Click to collapse
Will this also work on Nougat? Running resurrection remix 5.8 on Mi max Hydrogen. Running LMT Pie launcher prevents me from granting any permissions or sideloading any APKs. Is this specifically for the Mate S?
If it's safe to flash on nougat on the Mi Max, I could try it on Mi Max.

Security issues surounding bootloader unlocking and installing custom recovery

Given the situation that I needed to unlock bootloader and install TWRP inorder to be able to do full image backup (i.e. Nandroid), I have been wondering what are the underlying security issues to be faced after unlocking and installing TWRP (without moving onto root) in a specific situation where the device is lost or stolen?
Lets say if I am on stock OOS with encryption enabled + Fingerprint and password/pin set on lock screen + USB debugging disabled + locked bootloader + stock recovery, in the unfortunate event where my device were to get lost or stolen, I can expect my personal data to be safe from prying eyes since the person who has gotten a hold of my phone will have to do a factory reset to get into the phone or unlock bootloader which all meant my personal data will be wipe. So that's a good outcome in an unfortunate one.
But let's say if now I were to (i) unlock my bootloader and (ii) install TWRP (but retaining it as read only without system modification), (iii) restore all app, data and settings, and go on to (iv) perform a nandroid backup. And after that, proceed to (v) disable USB debugging and (vi) re-enable encryption and (vii) set fingerprint and password on lock screen. And I shall stopped there without rooting or flashing dm verity. Can I still expect my personal data to be safe from prying eyes in the event of lost or stolen? Meaning that whoever gets a hold of my device will likewise need to wipe it clean before he/she is able to use it? Is this the case or can the person access my data using some hacks now that the device runs custom recovery?
An interesting guide I had came across contained various means of accessing personal data (read - https://forum.xda-developers.com/showthread.php?t=2620456) by bypassing android password, patterns, etc set on the locked screen, and some methods required USB debugging to be enabled while some required custom recovery installed.
To be sure if I am still able to protect my personal data when device is stolen/lost with an unlocked/TWRP installed device, my curiosity took me on an investigative path using an old Samsung Note 3 to unlock bootloader and install TWRP, then proceed to enable encryption and disable USB debugging and set lockscreen password. And now for the next couple of days where I can find free time, I will try out all 7 methods to see if an unlocked Note3 with TWRP is susceptible to these security compromise. I will come back to this thread later to update my findings.
I really welcome any information or inputs too!
To summarize, the state of my old Note 3 used in this investigation is as follows:
1) Bootloader unlocked
2) TWRP (3.0.2) installed as "read only" without system modification
3) ROM (CM13) encryption enabled
4) Locked screen password set
5) Device not rooted
6) USB debugging disabled
When I boot into TWRP, I realized that even if I set it to read only, any person who has gotten hold of my device can set it to system modification since TWRP is not password or pin protected. Therefore setting to "read only" is sort of irrelevant in this investigation to find out how vulnerable the device is right now.
The second thing I realized, is TWRP will ask me for android password to mount my internal sdcard since my ROM is encryption enabled. This is a good thing, since in this case TWRP internal file manager will not be able to access my device internal sdcard containing some of my personal data.
The 1st method I tried is:
METHOD I
Solution For Everyone With Recovery (Cwm, Twrp, Xrec,Etc...) Installed:
INSTRUCTIONS:
1. Download this zip Pattern Password Disable (Download from attachments) on to your sdcard (using your PC, as you cant get into your phone, right )
2. Insert the sdcard into your phone
3. Reboot into recovery mode
4. Flash the zip
5. Reboot
6. Done!
Note : If You See The Gesture Pattern Grid Or Password After Restarting, Don't Worry. Just Try Any Random Pattern Or Password And it Should Unlock.
The steps I took:
A) Set TWRP to system modification
B) When TWRP asked me for password to mount partition, I choose "cancel" since I am trying to imitate the person who has gotten hold of my device won't be able to guess my password
C) Flashed the pattern password disable zip file
And voila!... my password on locked screen is still intact. Meaning that entering any random password does not gain access into android. Only the original password can.
Good news certainly. Don't know why this hack doesn't work, probably it is outdated or probably due to my system is still encrypted when I flashed the hack zip file.
As to the 2nd method, I didn't try out as I don't know how to use Cygwin...
METHOD 2
Solution For Everyone Without Recovery Installed - ADB :
What You Need:
=>A computer running a Linux distro or Windows+Cygwin
=>USB cable to connect your phone to the PC
=>Adb installed
How to install adb:
1. Open Terminal
2. Type:
Code:
sudo apt-get install android-tools-adb
Hit [Enter]
3. Follow the instructions until everything is installed.
INSTRUCTIONS:
1. Connect you (turned on) Phone to the Computer via USB.
2. Open a terminal window.
3. Type:
Code:
adb devices
adb shell
cd data/system
su
rm *.key
4. Done...Now You Just Have To Reboot.
Note : If You See The Gesture Pattern Grid Or Password After Restarting, Don't Worry. Just Try Any Random Pattern Or Password And it Should Unlock.
Method 3 is irrelevant to this investigation therefore it has been omitted.
METHOD 3
Solution For Everyone Before Lock Accident :
SMS Bypass - Download Link - Install It On Your Device (Download from attachments)
This App Allows You To Remotely Bypass Your Phone's Screen Lock By Sending A SMS.
It Removes Your Gesture Pattern Or Password After Receiving A Preset Keyword Along With A Secret Code Via SMS.
SMS Bypass App Requires Root.
INSTRUCTIONS:
1.First, make sure you give permanent root access to the app.
2.Change the secret code to your preferred choice. The default password is : 1234
3.To reset your screen lock, send the following message from another phone:
Code:
secret_code reset
Example:
Code:
1234 reset
Note 1 : There is a space between your secret code and reset. Also the secret code is case sensitive.
Note 2 : There is an option available to change the preset keyword. Default is : reset - Your phone will restart and your lock screen will be reset.
Note 3 : If You See The Gesture Pattern Grid Or Password After Restarting, Don't Worry. Just Try Any Random Pattern Or Password And it Should Unlock.
Given that method 5 is in fact similar to method 2 therefore it has been omitted as well.
METHOD 5
Solution For Everyone Via Adb - File Removal :
INSTRUCTIONS:
=>Type This Command In Your Terminal (CMD Prompt) :
Code:
adb shell rm /data/system/gesture.key
Note : If You See The Gesture Pattern Grid Or Password After Restarting, Don't Worry. Just Try Any Random Pattern Or Password And it Should Unlock.
Method 6 will not work since that hack required USB debugging to be enabled.
METHOD 6
Solution For Everyone With USB Debugging Enabled :
INSTRUCTIONS:
Primary Step for all method:
Download & Extract to anywhere - Bypass Security Hack (Download from attachments)
Open SQLite Database Browser 2.0.exe in SQLite Database Browser.
Run pull settings.db.cmd inside By-pass security Hacks folder to pull out the setting file out of your phone.
Drag settings.db and drop to SQLite Database Browser 2.0.exe program.
Navigate to Browse data tab, At table there, click to list down the selection & selete secure
Instruction To Remove Pattern Lock:
Now, find lock_pattern_autolock, Delete Record
Close & save database
Run push settings.db.cmd and reboot your phone
Instruction To Remove PIN Lock:
Now, Find Or Create lockscreen.password_type, double-click & change it's value to 65536, Apply changes!
Now, find lock_pattern_autolock, Delete Record, If doesn't exist, Ignore
Close & save database
Run push settings.db.cmd and reboot your phone
Instruction To Remove Password Lock:
Now, find lockscreen.password_salt, Delete Record
Now, find lockscreen.password_type, Delete Record
Close & save database
Run push settings.db.cmd and reboot your phone
Note : If You See The Gesture Pattern Grid Or Password After Restarting, Don't Worry. Just Try Any Random Pattern Or Password And it Should Unlock.
I then tried out method 7 using the Aroma file manager however all these 3 versions (Version 2.00 [BETA1]- KACAPI, aromafm-1.91, and aromafm-1.90) does not open up after flashing the zip with system modification enabled on TWRP. Mostly likely these outdated versions of the Aroma file manager are not supported by the latest version of TWRP (3.0.2) since the developers have ceased all work related to it.
METHOD 7
Solution For Everyone With Recovery Installed :
INSTRUCTIONS:
1.Download and Copy Aroma File manager.zip (Download from attachments or http://forum.xda-developers.com/show....php?t=1646108) to your memory card.
2. Open your recovery (press volume Down + Power button or it can be different according to the phones. Generally the phones who have press able button on the middle they have to press all three buttons. Google for you pattern there are lots)
3. There’ll b an option in recovery called “mount”. Go in that option and then mount all the cache and everything it is there.
4. Then select “update” and select “apply update from SD/external” and select aroma file manger.zip file that you downloaded using above QR code above.
5. After Flashing or updating, the aroma file manger will open. Use volume keys for up/down and power button 2 select like you use to get into recovery.
6. In aroma File manager , Go to menu , which is located in bottom strip and then select Settings.
7. Go to bottom n select “mount all partition in startup ” then exit from aroma file manger.
8. Now after exit , re-update that aroma file again and it will open again.
9. Go to data >> and then System.
Then find ‘gesture.key’ (for pattern lock) and ’password.key’ (for password lock) then long touch on gesture.key or password.key and sum option will be prompted , choose delete and delete that file and restart.
Note : If You See The Gesture Pattern Grid Or Password After Restarting, Don't Worry. Just Try Any Random Pattern Or Password And it Should Unlock.
And now onto the last method which is method 4 using SQL command. After starting adb daemon, adb devices are not found and hence the following steps could not be taken. I think this could be due to the device having USB debugging disabled. Hmmm...
METHOD 4
Solution For Everyone Via Adb - SQL Command :
INSTRUCTIONS:
=>Type This Commands Separated In Your Terminal (CMD Prompt) :
Code:
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
.quit
=>Now You Just Have To Reboot.
Note : If You See The Gesture Pattern Grid Or Password After Restarting, Don't Worry. Just Try Any Random Pattern Or Password And it Should Unlock.
After going through all these methods, I am inclined to think that personal data is still protected in an unlocked/TWRP installed device as long as USB debugging is DISABLED and ROM is encrypted and fingerprint/password set on lock screen. What do you think?
As long as your data is encrypted, it is safe and not accessible to any 3rd party.
But with an unlocked bootloader, you are open to a new forms of attacks like:
1. someone could steal your phone, modify your system to leak your data / password and then return it to you. Since dm-verity is OFF, you will not know, that your system is compromised.
2. someone could use a remote exploits (to launch his code and gain root privileges) to modify your system and leak your data / password and since dm-verity is OFF, you will not know, that your system is compromised.
+ with the unlocked bootloader, FRP is not working, so a thief can just reset your phone and sell it.
If your data security is a huge concern to you, DO NOT unlock the bootloader.
If you are a potential target to a hacker attacks, DO NOT use a OnePlus phone. Get a Nexus 6P or a Pixel.
Also make sure, that your apps are not leaking your data. Apps with a storage permission and access to the internet could leak your data.
Michalko5896 said:
As long as your data is encrypted, it is safe and not accessible to any 3rd party.
But with an unlocked bootloader, you are open to a new forms of attacks like:
1. someone could steal your phone, modify your system to leak your data / password and then return it to you. Since dm-verity is OFF, you will not know, that your system is compromised.
Click to expand...
Click to collapse
Many thanks for your response! This is very useful information to me.
Am I right to assume that even if my device is unlocked but with encryption enabled and no root, the person who has gotten hold of my phone will still be able to flash "dm-verity and forced encryption disabler" zip and supersu zip files to root my device in TWRP even when he fails to enter the password prompted by TWRP?
And this force encryption disabler as the name suggest only disable force encryption and it does not decrypt my already encrypted personal data? Which means he still does not have access to my data and after he had done the system modification and returns the phone back to me, the first thing I should do is to wipe clean every partition and restore back my nandroid which would consist of backups to all partitions. So it seems this is an acceptable risk all for the convenience of performing nandroid backup via the unlock/TWRP route.
2. someone could use a remote exploits (to launch his code and gain root privileges) to modify your system and leak your data / password and since dm-verity is OFF, you will not know, that your system is compromised.
+ with the unlocked bootloader, FRP is not working, so a thief can just reset your phone and sell it.
If your data security is a huge concern to you, DO NOT unlock the bootloader.
If you are a potential target to a hacker attacks, DO NOT use a OnePlus phone. Get a Nexus 6P or a Pixel.
Also make sure, that your apps are not leaking your data. Apps with a storage permission and access to the internet could leak your data.
Click to expand...
Click to collapse
Very good point here. May I ask in what ways are Nexus 6P and Pixel more secure than Oneplus? Pixel seemed quite an attractive phone.
I am on OOS 3.5.3, is there anyway to find out what apps have access to internet and restrict that?
The app permission section of settings only allows changing permission to storage (among others) but I couldn't find any internet access permission.
The main security risk is that it allows anyone to flash something harmful without you knowing on to your system. Your data may be encrypted and protected but they can still flash something onto another partition.
You could be happily using your phone unaware there's a rogue app capturing and sending data to someone.
Zegnalabel said:
Many thanks for your response! This is very useful information to me.
Am I right to assume that even if my device is unlocked but with encryption enabled and no root, the person who has gotten hold of my phone will still be able to flash "dm-verity and forced encryption disabler" zip and supersu zip files to root my device in TWRP even when he fails to enter the password prompted by TWRP?
And this force encryption disabler as the name suggest only disable force encryption and it does not decrypt my already encrypted personal data? Which means he still does not have access to my data and after he had done the system modification and returns the phone back to me, the first thing I should do is to wipe clean every partition and restore back my nandroid which would consist of backups to all partitions. So it seems this is an acceptable risk all for the convenience of performing nandroid backup via the unlock/TWRP route.
Very good point here. May I ask in what ways are Nexus 6P and Pixel more secure than Oneplus? Pixel seemed quite an attractive phone.
I am on OOS 3.5.3, is there anyway to find out what apps have access to internet and restrict that?
The app permission section of settings only allows changing permission to storage (among others) but I couldn't find any internet access permission.
Click to expand...
Click to collapse
Your data is safe, it can't be decrypted, even with an unlocked bootloader And yes, if you wipe every partition, lock the bootloader and got no dm-verity error, after your stolen phone was returned to you, you should be safe.
Both Nexus 6P and Pixel are much safer than OnePlus, because they are getting a complete security patches every month. OnePlus is getting an imcomplete security patches and much later after their release.
You can limit access to internet via app settings. Open "about app", data usage and there you can turn off both access to wifi and mobile data.
Upgrade to OOS 4.0, it cointains important security patches and enhancements.
Michalko5896 said:
Your data is safe, it can't be decrypted, even with an unlocked bootloader And yes, if you wipe every partition, lock the bootloader and got no dm-verity error, after your stolen phone was returned to you, you should be safe.
Both Nexus 6P and Pixel are much safer than OnePlus, because they are getting a complete security patches every month. OnePlus is getting an imcomplete security patches and much later after their release.
You can limit access to internet via app settings. Open "about app", data usage and there you can turn off both access to wifi and mobile data.
Upgrade to OOS 4.0, it cointains important security patches and enhancements.
Click to expand...
Click to collapse
Thank you so much! Found the data usage setting and updated to 4.0. :laugh:
Michalko5896 said:
As long as your data is encrypted, it is safe and not accessible to any 3rd party.
But with an unlocked bootloader, you are open to a new forms of attacks like:
1. someone could steal your phone, modify your system to leak your data / password and then return it to you. Since dm-verity is OFF, you will not know, that your system is compromised.
2. someone could use a remote exploits (to launch his code and gain root privileges) to modify your system and leak your data / password and since dm-verity is OFF, you will not know, that your system is compromised.
...
Click to expand...
Click to collapse
Quick question, does the latest systemless SuperSU still leave dm-verity OFF ? It was my understanding that using it you don't need to flash the dm-verity-OFF script, is that true?
xclub_101 said:
Quick question, does the latest systemless SuperSU still leave dm-verity OFF ? It was my understanding that using it you don't need to flash the dm-verity-OFF script, is that true?
Click to expand...
Click to collapse
For root, you need to unlock the bootloader. And with the bootloader unlocked, dm-verity is not working and thus attacker could modify your system.
Michalko5896 said:
For root, you need to unlock the bootloader. And with the bootloader unlocked, dm-verity is not working and thus attacker could modify your system.
Click to expand...
Click to collapse
The bootloader being locked/unlocked should have little to do (directly) with dm-verity, dm-verity is only hash-checking the system partition.
That being said after some checking various detailed threads from Chainfire apparently SuperSU is still removing the dm-verity on the system partition since other than rooting in itself most rooted people also tend to touch the system partition with stuff like busybox and so on, so I guess this is it.
xclub_101 said:
The bootloader being locked/unlocked should have little to do (directly) with dm-verity, dm-verity is only hash-checking the system partition.
That being said after some checking various detailed threads from Chainfire apparently SuperSU is still removing the dm-verity on the system partition since other than rooting in itself most rooted people also tend to touch the system partition with stuff like busybox and so on, so I guess this is it.
Click to expand...
Click to collapse
well, google is stating, that unlocking bootloader will turn off the dm-verity.
This is an interesting discussion- I have a Nexus 5X, but I use a custom configuration:
1) locked bootloader
2) verity turned on for the system partition so that I can check the key fingerprint and verify integrity.
3) customized cm recovery - I installed my adb keys so I can connect to it. I also changed the signing keys, so I have to sign any roms that get flashed.
4) encrypted userdata with pattern protection. I think a password would be stronger, but I'm using a larger, complex pattern. Fingerprint unlock is turned on, which has its own attack surface.
I think the fingerprint sensor is the biggest risk. This is mitigated at reboot since the pattern will be required. If I built the recovery properly, the only way to flash anything would be to have access to my signing keys or adb keys. Of course, this is all still vulnerable to any unpatched exploits.

Trying to use Tasker Secure Settings to disable volume warning on Samsung S5.

Trying to use Secure Tools to disable volume warning Samsung S5 running Marshmallow. I installed everything and ran adb command. No error, but when I search for Secure Tools it says Not Installed. Then I read this doesn't work on Marshmallow?
My phone is NOT rooted. Any help would be much appreciated.
Thanks - Frankie
Frankie-o said:
Trying to use Secure Tools to disable volume warning Samsung S5 running Marshmallow. I installed everything and ran adb command. No error, but when I search for Secure Tools it says Not Installed. Then I read this doesn't work on Marshmallow?
My phone is NOT rooted. Any help would be much appreciated.
Thanks - Frankie
Click to expand...
Click to collapse
I'm confused. What app are you referring to? "AutoTool's secure settings" or the app "Secure settings" or something else that I'm missing?
TASKER and AUTO TOOLS
I guess I forgot to mention that I'm user Tasker to do this... Thank you.
Be very specific what you are using and what you are trying.
Trying to disable high volume warning on Samsung S5
Using Tasker Auto Tools to run a command on my phone that will allow me to override the Volume High Warning on the Samsung S5 phone. It's supposed to enable WRITE SECURE SETTINGS with this command - and the command runs fine but it's not working for me. But when I go back to the app and look for Secure Settings, it's not there.
adb shell pm grant com.joaomgcd.autotools android.permission.WRITE_SECURE_SETTINGS
Auto tools is a plugin to tasker.
The "adb shell pm grant com.joaomgcd.autotools android.permission.WRITE_SECURE_SETTINGS" is one of two steps required to give the type of system level OS access this tool needs. The first thing that should be done is to enable "allow modify system settings" for AutoTools.
From the AutoTools Secure Settings page:
To use this, AutoTools needs to be granted permission to change secure settings on your device
If you're on Android 6 or above click here to grant AutoTools the first Settings permission
Then follow these steps to grant AutoTools the Secure Settings permission:
Enable Developer Mode: Go to Android Settings -> About Phone and look for the Build Number option. Touch it multiple times until developer mode is enabled.
Enable USB Debugging: Go to Android Settings -> and look for the Developer Options option. In there, enable the USB debugging option.
Install ADB on your PC: Check here for a quick way to do it.
Connect device to PC: Connect your device to a PC and look on your phone. A prompt should show up asking you to allow your phone to be debugged by your PC. Accept this.
Grant permission: Open a command line on your PC and write
adb shell pm grant com.joaomgcd.autotools android.permission.WRITE_SECURE_SETTINGS
Congratulations, AutoTools should now be able to use the "Secure Settings" action!
Click to expand...
Click to collapse
Once those things are done ( I typically reboot for no good reason ☺ ), then go to tasker, add an action in a task, then: plugin -> Auto tools -> secure settings (scroll down the list) you'll end up in a screen where you can configure the AutoTools secure settings action.
WOW! I think I did it.. I just hope I can do it again - this was my "test" phone. I think I was messed up by doing the "search" for secure settings because it said it wasn't installed.. Yet I had looked for the secure settings option and didn't find before - although I had already done all the steps. Somehow I got on to a screen that said the app (I forget the exact words) didn't have permission to change the settings, and to press NO if I wanted to allow the permissions - and I pressed no! I had already created the task to disable the warning - but it's been so long, I'm not sure how I did that - but the bottom line is I think it's working.. I had found several sites that said this wouldn't work with Marshmallow unless the phone was rooted, and my phones are not rooted.. so that makes me skeptical, but I did a reboot, and the warning didn't come back. Thanks a ton for your help.. Let's hope I can re-create on the phone that really needs it.
In case this is found by someone else, many of those "how to use secure settings" posts from lollipop and marshmallow predate the (awareness of the) approach used by AutoTools. People spent a lot of effort trying to force an unsupported, outdated app (the original secure settings) to work in a systemless root environment.
I'm sad to say this did NOT work on my test phone.. It looked like it did, but it didn't.

[HOW-TO] Reset and restore quick setting to default

This is damn useful after doing dirty rom flashes.
I mean normally after you flash a rom without doing wipe, you might miss out new quick setting(wifi, bluetooth, data toggles on swiping down top screen to see notification)
adb shell settings put secure sysui_qs_tiles default
originally found here https://plus.google.com/+KieronQuinn/posts/3ZUzZhGa83s
can confirm this still works on 2020! i'm using miui on redmi note 8 and have no "edit" quick tiles, using this command i can bring back those missing quick tiles. thanks!
Yes thanks this worked for me in 2020 for Xiaomi Mi 10 Pro that was missing the quick setting toggle choices/second page and the edit toggles facility.
ninekaw9 said:
This is damn useful after doing dirty rom flashes.
I mean normally after you flash a rom without doing wipe, you might miss out new quick setting(wifi, bluetooth, data toggles on swiping down top screen to see notification)
adb shell settings put secure sysui_qs_tiles default
originally found here https://plus.google.com/+KieronQuinn/posts/3ZUzZhGa83s
Click to expand...
Click to collapse
I have the same problem: no second page, no edit button for quick toggles.
Unfortunately, the suggested solution with the adb command does not work for me because of some security issu:
Code:
adb shell settings put secure sysui_qs_tiles default
Security exception: Permission denial: writing to settings requires:android.permission.WRITE_SECURE_SETTINGS
java.lang.SecurityException: Permission denial: writing to settings requires:android.permission.WRITE_SECURE_SETTINGS
at com.android.providers.settings.SettingsProvider.enforceWritePermission(SettingsProvider.java:2050)
at com.android.providers.settings.SettingsProvider.mutateSecureSetting(SettingsProvider.java:1570)
at com.android.providers.settings.SettingsProvider.insertSecureSetting(SettingsProvider.java:1530)
at com.android.providers.settings.SettingsProvider.call(SettingsProvider.java:437)
at android.content.ContentProvider.call(ContentProvider.java:2161)
at android.content.ContentProvider$Transport.call(ContentProvider.java:477)
at com.android.providers.settings.SettingsService$MyShellCommand.putForUser(SettingsService.java:375)
at com.android.providers.settings.SettingsService$MyShellCommand.onCommand(SettingsService.java:277)
at android.os.ShellCommand.exec(ShellCommand.java:104)
at com.android.providers.settings.SettingsService.onShellCommand(SettingsService.java:49)
at android.os.Binder.shellCommand(Binder.java:881)
at android.os.Binder.onTransact(Binder.java:765)
at android.os.Binder.execTransactInternal(Binder.java:1021)
at android.os.Binder.execTransact(Binder.java:994)
Any suggestions on how I can make that work?
Edit: My phone is Xiaomi Mi 9T with global ROM, all updates installed.
Solution: "USB debugging (Security settings)" must also be activated. This requires a Mi-Account for the Xiaomi cloud the be entered in the phone settings.
After that, the adb command has worked and has solved the problem:
Code:
adb shell settings put secure sysui_qs_tiles default
Now I have a second page in the quick toggles and I can edit them. (I did not need to reboot the phone.)

Question [ROOT] Editing file build.prop

Hello,
Has anyone tried to modify the build.prop file on the OP10?
Like, audio.safemedia.bypass=true to remove the high volume warning (I don't know if it actually works)
If you know of any other cool lines to add feel free to share them here
Did you manage to edit it, I attempted however found the build.prop stops some access needed to allow r/w to the system
Line needed being:
ro.debuggable=1
So you want to add the line via
Magiskhide
you can add custom lines via terminal after the reboot
ALT Option
Flash
Mod
I didn't know about these solutions, I'm going to look into it.
Thanks
To save some time the first option , possibly due to how it loads the config does disable fingerprint. Assuming default setup.
(I did go in-depth with setting up the fingerprint details for the first module but for some reason the line to disable the audio warning just breaks it)
I did not try delayed as i kept trying all sorts of other options. The second however works with the fingerprint with no tweaks however i personally removed two lines for the stepping of the volume , keeping the line to disable the warning.
In summary, remove the first module if you have done it and experience the fingerprint issue, reboot twice to clear system cache, reinstall the first module but don't put in the custom line via terminal.
(leave setup in the zip as it won't be active till terminal activation, saves time)
Install the second module and reboot. You get safety net pass and the warning disabled.
I had to mess around with this as it was annoying me, i had missed the issue due to doing the pattern password then rebooting ect so i didn't realize the fingerprint issue till a hour later

Categories

Resources