Database Develop

Porting (Kang) Keymaster Firmware

Anyone ever attempted to kang Keymaster Firmware from a different device? I have tried the firmware from bacon, hammerhead, and g3. I have tried with and without the TARGET_KEYMASTER_WAIT_FOR_QSEE flag.
See these commits:
https://github.com/blastagator/cm_d...mmit/a50026b03824e65e852dc975e369f89a6e8e33a6
https://github.com/blastagator/them...mmit/b5951a58a4df5cabc8f928fae2476629cc73b1fa
https://github.com/blastagator/LGG2_Kernel/commit/655b64e43cbcd4550671cadf8bc19b6c495b3190
The result is always the same in dmesg:
Code:
[0][4371: keystore]QSEECOM: qseecom_load_app: App (keymaster) does'nt exist, loading apps for first time
[0][4371: keystore]QSEECOM: qseecom_load_app: scm_call failed resp.result unknown, -12
[0][4371: keystore]QSEECOM: qseecom_ioctl: failed load_app request: -14
This is the only related thing I've found:
http://androidforums.com/threads/beta-4-4-2-stock-kitkat.952314/
Very old and no answer.
I suspect the firmware might be signed to the device type and thus we might be SOL, but I was bored and messing around. Alternatively, perhaps the kernel is missing something. I looked for commits that may be missing from qseecom.c and smc.c, but nothing jumped out at me.
Figured I'd post a dev thread and maybe we can find an answer.
edit: This is my cheat sheet to myself, so far, for how to add hardware crypto to a device:
Code:
Needed commits:
Probable problem: G2 has no keymaster firmware, need to borrow someone else's
See this commit:
https://github.com/blastagator/themuppets_proprietary_vendor_lge/commit/b5951a58a4df5cabc8f928fae2476629cc73b1fa
g2-common/g2-common-vendor-blobs.mk
+ vendor/lge/g2-common/proprietary/vendor/firmware/keymaster/keymaster.b00:system/vendor/firmware/keymaster/keymaster.b00 \
+ vendor/lge/g2-common/proprietary/vendor/firmware/keymaster/keymaster.b01:system/vendor/firmware/keymaster/keymaster.b01 \
+ vendor/lge/g2-common/proprietary/vendor/firmware/keymaster/keymaster.b02:system/vendor/firmware/keymaster/keymaster.b02 \
+ vendor/lge/g2-common/proprietary/vendor/firmware/keymaster/keymaster.b03:system/vendor/firmware/keymaster/keymaster.b03 \
+ vendor/lge/g2-common/proprietary/vendor/firmware/keymaster/keymaster.mdt:system/vendor/firmware/keymaster/keymaster.mdt \
And, actually put the files in that folder, so they get copied.
CRUCIAL: MUST match this name and path!!! (Other things like keymaste.mdt and such are for if the files are in the modem)
Also, symlinks are NOT needed if we put the file into proprietary like this!
Device commit:
https://github.com/blastagator/cm_device_lge_g2-common/commit/a50026b03824e65e852dc975e369f89a6e8e33a6
BoardConfig
+# Encryption / Keymaster
+TARGET_HW_DISK_ENCRYPTION := true
+TARGET_KEYMASTER_WAIT_FOR_QSEE := true
+
NOTE: Not sure about wait_for_qsee --- MAYBE needed????
g2.mk
+# Keystore
+PRODUCT_PACKAGES += \
+ keystore.msm8974
+
Note: The resulting /system image will have TWO keystore files, this is correct
I checked a bacon image to confirm there are supposed to be two. One labeled msm8974 & one labeled default
Probable needed kernel changes:
Config
-# CONFIG_DM_REQ_CRYPT is not set
+CONFIG_DM_REQ_CRYPT=y
-# CONFIG_CRYPTO_DEV_QCRYPTO is not set
+CONFIG_CRYPTO_DEV_QCRYPTO=y
If dm-req-crypt.c doesn't build, need this commit:
https://github.com/blastagator/LGG2_Kernel/commit/50ddb1a013065cefa35151e9ded72aadcd210611
(platform: msm: Fix compile when CONFIG_PFT is not set)
include/linux/pft.h
-static inline int pft_get_key_index(struct inode *inode, u32 *key_index,
+static inline int pft_get_key_index(struct bio *bio, u32 *key_index,

blastagator said:
Anyone ever attempted to kang Keymaster Firmware from a different device?
Click to expand...
Click to collapse
Maybe, you have to add something like this:
https://github.com/CyanogenMod/andr...mmit/595cf776441389d147f4b4e7ec316aa02d74d14e

Rangell11 said:
Maybe, you have to add something like this:
https://github.com/CyanogenMod/andr...mmit/595cf776441389d147f4b4e7ec316aa02d74d14e
Click to expand...
Click to collapse
That is for if the firmware is in the /modem partition. I know it's finding the firmware because if I remove the files the error messages go away and the keystore service crashes without a specific error.
I've also insured permissions 0644 on the files and I've put selinux in permissive to see if that would help, but same errors.

blastagator said:
I've also insured permissions 0644 on the files and I've put selinux in permissive to see if that would help, but same errors.
Click to expand...
Click to collapse
Like this??
http://review.cyanogenmod.org/#/c/155981/
Did you try this?
http://review.cyanogenmod.org/#/c/137146/
PS:
I think our G2 not support TARGET_KEYMASTER_WAIT_FOR_QSEE flag.
http://review.cyanogenmod.org/#/c/102410/

Rangell11 said:
Like this??
http://review.cyanogenmod.org/#/c/155981/
Click to expand...
Click to collapse
After clean boot I used "setenforce 0" to see if it would load after that. (keystore service keeps repeatedly attempting to load in the background and can be seen with 'dmesg'.) Disabling enforcing should have solved any selinux problem, but the same error persisted.
Rangell11 said:
Did you try this?
http://review.cyanogenmod.org/#/c/137146/
Click to expand...
Click to collapse
Keymaster is in the system partition and not the modem partition (for my tests anyway), so this wouldn't be needed. I will say the contact was not 'context=ubject_r:firmware_file:s0', it was listed as a regular system file, however, in permissive mode this should not matter. Maybe I will try another test when I have some time where the ROM is compiled permissive and the files have the correct context.
I don't think it is this issue though, as the keymaster firmware is found and qseecomd is attempting to load it.
Rangell11 said:
PS:
I think our G2 not support TARGET_KEYMASTER_WAIT_FOR_QSEE flag.
http://review.cyanogenmod.org/#/c/102410/
Click to expand...
Click to collapse
Thanks. I did some testing and tried both, no luck with either.
Looks like there are at least a couple updates to scm that I could try:
https://github.com/dorimanx/DORIMANX_LG_STOCK_LP_KERNEL/commits/master/arch/arm/mach-msm/scm.c
https://github.com/dorimanx/DORIMANX_LG_STOCK_LP_KERNEL/commits/master/drivers/misc/qseecom.c
Will try updating kernel when I have some free time.
edit: Pulled in a bunch of kernel changes and compiled the boot image to be permissive:
https://github.com/blastagator/LGG2_Kernel/commits/cm-13.0
Still the same error codes.
Code:
[ 0.480347 / 01-01 00:00:00.473] QSEECOM: qseecom_probe: support_bus_scaling=0x1
[ 0.480356 / 01-01 00:00:00.473] QSEECOM: qseecom_probe: disk-encrypt-pipe-pair=0x2
[ 0.480365 / 01-01 00:00:00.473] QSEECOM: qseecom_probe: file-encrypt-pipe-pair=0x0
[ 0.480374 / 01-01 00:00:00.473] QSEECOM: qseecom_probe: qsee-ce-hw-instance=0x0
[ 0.480382 / 01-01 00:00:00.473] QSEECOM: qseecom_probe: qseecom.appsbl_qseecom_support = 0x0
[ 0.480421 / 01-01 00:00:00.473] QSEECOM: qseecom_probe: secure app region addr=0x7b00000 size=0x500000
[ 3.174366 / 01-13 05:47:06.160] init: Starting service 'qseecomd'...
[ 3.207945 / 01-13 05:47:06.193] init: Starting service 'keystore'...
[ 3.221661 / 01-13 05:47:06.206] warning: `qseecomd' uses 32-bit capabilities (legacy support in use)
[ 3.476387 / 01-01 05:47:06.146] QSEECOM: qseecom_load_app: App (keymaster) does'nt exist, loading apps for first time
[ 3.476494 / 01-01 05:47:06.146] QSEECOM: qseecom_load_app: scm_call failed resp.result unknown, -12
[ 3.476511 / 01-01 05:47:06.146] QSEECOM: qseecom_ioctl: failed load_app request: -14
[ 3.477964 / 01-01 05:47:06.146] init: Service 'keystore' (pid 275) exited with status 1
[ 3.477985 / 01-01 05:47:06.146] init: Service 'keystore' (pid 275) killing any children in process group
The last 5 lines just repeat indefinitely.
.

blastagator said:
After clean boot I used "setenforce 0" to see if it would load after that. (keystore service keeps repeatedly attempting to load in the background and can be seen with 'dmesg'.) Disabling enforcing should have solved any selinux problem, but the same error persisted.
Click to expand...
Click to collapse
Do you know why they did not use this change for our G2?
http://review.cyanogenmod.org/#/c/89419/
http://review.cyanogenmod.org/#/c/89418/

Rangell11 said:
Do you know why they did not use this change for our G2?
http://review.cyanogenmod.org/#/c/89419/
http://review.cyanogenmod.org/#/c/89418/
Click to expand...
Click to collapse
qcrypto is currently disabled, so there wouldn't be a need to apply similar patches to the current kernel, unless HW encryption were figured out.
I added those two commits, but I doubt this is the issue.

@blastagator
I've pushed my keymaster to Github: https://github.com/GalaticStryder/hardware_qcom_keymaster
This is the one we use on bacon and onyx on AOSPA builds.
Backporting 3.10 qseecom isn't needed and probably will break the APIs the blobs were compiled for. I'm gonna test this on nougat as well right now.
I'd actually ask for your help on AOSPA, I've got a semi-working RIL and some other great stuff to play with but I can't get the built-in kernel to boot after flashing, only boots when flashing my kernel externally.
The image is bumped, the mkbootimg was revisited twice but there's no go. I don't want to ship a prebuilt image to workaround this. I've tried CM14 kernel with my GCC 4.9 patches for androidkernel- toolchain and Lambda as well.

GalaticStryder said:
@blastagator
I've pushed my keymaster to Github: https://github.com/GalaticStryder/hardware_qcom_keymaster
This is the one we use on bacon and onyx on AOSPA builds.
Backporting 3.10 qseecom isn't needed and probably will break the APIs the blobs were compiled for. I'm gonna test this on nougat as well right now.
I'd actually ask for your help on AOSPA, I've got a semi-working RIL and some other great stuff to play with but I can't get the built-in kernel to boot after flashing, only boots when flashing my kernel externally.
The image is bumped, the mkbootimg was revisited twice but there's no go. I don't want to ship a prebuilt image to workaround this. I've tried CM14 kernel with my GCC 4.9 patches for androidkernel- toolchain and Lambda as well.
Click to expand...
Click to collapse
Without going too far OT, do you have a thread for the AOSPA you're working on? Curious what manifest you're using.
re: keymaster - I pulled the blobs from Bacon and it looks like the cm-13 nightlies use the latest hardware_qcom_keymaster. I don't think there have really been any big changes to the API. I could be wrong though!

blastagator said:
Without going too far OT, do you have a thread for the AOSPA you're working on? Curious what manifest you're using.
re: keymaster - I pulled the blobs from Bacon and it looks like the cm-13 nightlies use the latest hardware_qcom_keymaster. I don't think there have really been any big changes to the API. I could be wrong though!
Click to expand...
Click to collapse
I'm making progress using everything from CAF and patching the needed parts on demand.
The stuff AOSPA already has in their Github I'm sending to Gerrit: https://gerrit.aospa.co/#/q/status:open
The parts I needed to dive deeper I've forked or created the repos manually: https://github.com/GalaticStryder
My next step is to "decommonize" the power package to be able to hint impulse instead of ondemand and to update MSM8974 code that is two years old.
The only problem I'm facing is that the otapackage seems to flash the boot.img in a bad manner, causing boot certification problem. If I manually flash the boot.img after the otapackage it works like a charm, the problem is somewhere in the boot flashing script part of the ota_from_target_files python script, might be pushing the boot.img using imgdiff and causing the bootloader to refuse due to mismatching certification inside the boot sector. This is my hypothesis but it might be what is happening.

GalaticStryder said:
I'm making progress using everything from CAF and patching the needed parts on demand.
The stuff AOSPA already has in their Github I'm sending to Gerrit: https://gerrit.aospa.co/#/q/status:open
The parts I needed to dive deeper I've forked or created the repos manually: https://github.com/GalaticStryder
My next step is to "decommonize" the power package to be able to hint impulse instead of ondemand and to update MSM8974 code that is two years old.
The only problem I'm facing is that the otapackage seems to flash the boot.img in a bad manner, causing boot certification problem. If I manually flash the boot.img after the otapackage it works like a charm, the problem is somewhere in the boot flashing script part of the ota_from_target_files python script, might be pushing the boot.img using imgdiff and causing the bootloader to refuse due to mismatching certification inside the boot sector. This is my hypothesis but it might be what is happening.
Click to expand...
Click to collapse
Well beyond the scope of my dive into android fun. Wish I could help! What is your ultimate goal? Paranoid Android?
It is also very exciting to see the push of Android stuff into the mainline kernel. Hope for the future!

Realized additional blobs for qseecom:
https://github.com/blastagator/them...mmit/09bc989cdb0db9bc47f7501dbf36be2a155ca168
Also, updated boardconfig since the bacon qseecomd supports TARGET_KEYMASTER_WAIT_FOR_QSEE
https://github.com/blastagator/cm_d...mmit/6ca7cd8835afa57ebec9b47fc56514d87ee95e34
Building now. Not sure if I can test tonight, but fingers crossed, maybe it will work!
No luck. Still the same errors:
Code:
12-31 23:22:39.385 2697 2697 I keystore: Found keymaster0 module Keymaster QCOM HAL, version 3
12-31 23:22:39.385 2697 2697 I SoftKeymaster: system/keymaster/soft_keymaster_device.cpp, Line 122: Creating device
12-31 23:22:39.385 2697 2697 D SoftKeymaster: system/keymaster/soft_keymaster_device.cpp, Line 123: Device address: 0xb6b64000
12-31 23:22:39.386 2697 2697 D QCOMKeyMaster: keymaster app is loaded
12-31 23:22:39.386 2697 2697 D QCOMKeyMaster: keymaster app got loaded at attempt number 0
12-31 23:22:39.386 2697 2697 D QSEECOMAPI: : QSEECom_get_handle sb_length = 0x2000
12-31 23:22:39.386 2697 2697 D QSEECOMAPI: : App is not loaded in QSEE
12-31 23:22:39.392 2697 2697 E QSEECOMAPI: : Error::Load image request failed ret = -1, errno = 14
12-31 23:22:39.392 2697 2697 E QSEECOMAPI: : Error::Loading image failed with ret = -1
12-31 23:22:39.393 2697 2697 D QSEECOMAPI: : QSEECom_get_handle sb_length = 0x2000
12-31 23:22:39.393 2697 2697 D QSEECOMAPI: : App is not loaded in QSEE
12-31 23:22:39.393 2697 2697 E QSEECOMAPI: : Error::Cannot open the file /firmware/image/keymaste.mdt
12-31 23:22:39.393 2697 2697 E QSEECOMAPI: : Error::Loading image failed with ret = -1
12-31 23:22:39.393 2697 2697 E QCOMKeyMaster: Loading keymaster app failed
12-31 23:22:39.393 2697 2697 E keystore: Error opening keystore keymaster0 device.
12-31 23:22:39.393 2697 2697 E keystore: keystore keymaster could not be initialized; exiting
Guessing there is some sort of signature check that is matching the expected device to the keymaster firmware file. Unfortunately qseecomapi and keymaster are closed source, so it is kind of a guessing game...
Code:
/**
* @brief Open a handle to the QSEECom device.
*
* - Load a secure application. The application will be verified that it is
* secure by digital signature verification.
* Allocate memory for sending requests to the QSAPP
*
* Note/Comments:
* There is a one-to-one relation for a HLOS client and a QSAPP;
* meaning that only one app can communicate to a QSAPP at a time.
*
* Please note that there is difference between an application and a listener
* service. A QSAPP must be loaded at the request of the HLOS,
* and all requests are orginated by the HLOS client.
* A listener service on the otherhand is started during start-up by a
* daemon, qseecomd.
*
* A HLOS application may create mutiple handles to the QSAPP
*
* @param[in/out] handle The device handle
* @param[in] fname The directory and filename to load.
* @param[in] sb_size Size of the shared buffer memory for sending requests.
* @return Zero on success, negative on failure. errno will be set on
* error.
*/
int QSEECom_start_app(struct QSEECom_handle **clnt_handle, const char *path,
const char *fname, uint32_t sb_size);
Perhaps something in one of the .prop files could be changed to trick the app into passing a device check, but again, this is all very speculative.

blastagator said:
Anyone ever attempted to kang Keymaster Firmware from a different device? I have tried the firmware from bacon, hammerhead, and g3. I have tried with and without the TARGET_KEYMASTER_WAIT_FOR_QSEE flag.
The result is always the same in dmesg:
Code:
[0][4371: keystore]QSEECOM: qseecom_load_app: App (keymaster) does'nt exist, loading apps for first time
[0][4371: keystore]QSEECOM: qseecom_load_app: scm_call failed resp.result unknown, -12
[0][4371: keystore]QSEECOM: qseecom_ioctl: failed load_app request: -14
Click to expand...
Click to collapse
Hello @blastagator,
were you able to fix that Keymaster Issue , if so mind telling us how ?
Because , iam facing similar issues in YU4711 (jalebi)

sooorajjj said:
Hello @blastagator,
were you able to fix that Keymaster Issue , if so mind telling us how ?
Because , iam facing similar issues in YU4711 (jalebi)
Click to expand...
Click to collapse
No. Tried several things with no luck.

What is a keymaster firmware?
And what is it good for?

wq0913562 said:
What is a keymaster firmware?
And what is it good for?
Click to expand...
Click to collapse
Maybe this config is need for porting firmware from different devices.

wq0913562 said:
What is a keymaster firmware?
And what is it good for?
Click to expand...
Click to collapse
cryerenable said:
Maybe this config is need for porting firmware from different devices.
Click to expand...
Click to collapse
No, it is used to enable hardware backed keystore (i.e. hardware accelerated encryption)

blastagator said:
No, it is used to enable hardware backed keystore (i.e. hardware accelerated encryption)
Click to expand...
Click to collapse
hello
i'm facing a similar problem on my lineage 13 port for the lg stylo 2 plus the qseecomapi is keeping looking for the keymaste.mdt file
E QSEECOMAPI: Error::Cannot open the file /firmware/image/keymaste.mdt errno = 2
E QSEECOMAPI: Error::Loading image failed with ret = -1
Click to expand...
Click to collapse
and our device does not have one do you know how to bybass this, ty.

messi2050 said:
hello
i'm facing a similar problem on my lineage 13 port for the lg stylo 2 plus the qseecomapi is keeping looking for the keymaste.mdt file
and our device does not have one do you know how to bybass this, ty.
Click to expand...
Click to collapse
I got frustrated with it. Only other idea I had was to port all common blobs from similar device and see if that works.

blastagator said:
I got frustrated with it. Only other idea I had was to port all common blobs from similar device and see if that works.
Click to expand...
Click to collapse
Are you still active?
Just found this. Not sure if it can help.
http://bits-please.blogspot.de/2016/06/extracting-qualcomms-keymaster-keys.html
https://android.googlesource.com/platform/hardware/qcom/keymaster/+/master
Maybe I'll give it a try to port keymaster now that we have updated 3.4.113 kernel...

Twrp (DEV-ONLY) compiling op6t (NEW-TEST) twrp-op6t-unified-test-0.6.img

I made this thread so all those trying to compile twrp for op6t can come together.
We can share ideas. What we have and have not got to work. What will work and what won't work.
Basically a thread where all information regarding twrp can be found in one location.
###########
#Please pm me #
##########
If using open source built roms and you have issues with twrp we may need to modify source in the rom or our twrp source.
Please report to rom maker as well.
Things to include.
What source 9.0 or 8.1
Compiling errors.
Post #2
Is where the download links are kept and updated.
Post #3 is where the other variations of twrp for source built roms or ports will be available to download if needed.

New test. twrp-op6t-test-0.3.img TEST ONLY!
@Dameon87 & myself have been working on this recovery for a while. We think it will get better. There are still bugs and issues with twrp. We would like your feedback.
Thanks
I am not responsible for anything that can happen to your device.
Rebuilt and fully working mke2fs
Decryption works
Storage works.
Please test and let us know what works and what doesn't.
twrp-op6t-test-0.2.img
https://www.androidfilehost.com/?fid=11410963190603862182
Updated twrp
Added more functionality ability to flash all zips and Ota's
Backup and restore all partitions including data.
Twrp-op6t-test-0.3.img
https://www.androidfilehost.com/?fid=11410963190603871199
New test twrp-unified-0.4.img
Everything working as usual
Cleaned up source and added @mauronofrio notch theme
Twrp-0.4.img
https://www.androidfilehost.com/?fid=11410963190603875438
Twrp installer thanks to @mauronofrio
https://www.androidfilehost.com/?fid=11410963190603876589
Updated twrp to decrypt 9.0.10
Twrp-0.5.img
https://www.androidfilehost.com/?fid=11410963190603879261
Twrp installer
https://www.androidfilehost.com/?fid=11410963190603879262
New test
Fixed screenshot color when taking screen shots in recovery.
Fixed touch vibration.
Please test and report back.
Twrp-0.6.img
https://www.androidfilehost.com/?fid...63190603880512
Twrp installer
https://www.androidfilehost.com/?fid...63190603880513
Device source
https://github.com/TWINNFAMOUS/android_device_oneplus_fajita
Bootable recovery source
https://github.com/OP6T-TWRP/android_bootable_recovery
Hope you all enjoy

This is where I will keep other twrp variations if needed for all source built roms and ports for our device. When available these will only be meant for testing. Thanks

twinnfamous said:
I made this thread so all those trying to compile twrp for op6t can come together.
We can share ideas. What we have and have not got to work. What will work and what won't work.
Basically a thread where all information regarding twrp can be found in one location.
Things to include.
What source 9.0 or 8.1
Compiling errors.
Click to expand...
Click to collapse
You're from the HTC u11 life! You made that phone awesome while I had it. Good to see you here!

I'm trying to build with 8.1 source and I get errors so build doesn't finish.
Is there anyone that's building successfully with 8.1?

Me, can you explain what are you doing exactly? Which source are you using?

mauronofrio said:
Me, can you explain what are you doing exactly? Which source are you using?
Click to expand...
Click to collapse
I'm trying with full omni source on 8.1. I've used the device source from both op6 & op6t without modifying just to see if it would be and it fails. I'll post output error soon as I can.
I don't have issues building with 9.0 source after I modify device source but it won't boot to twrp just stock recovery like it's not selecting the rite slot

twinnfamous said:
I'm trying to build with 8.1 source and I get errors so build doesn't finish.
Is there anyone that's building successfully with 8.1?
Click to expand...
Click to collapse
Make sure if you're using a newer version of Ubuntu with GCC 7+ you do: export LC_ALL=C
That should get you past the initial build errors.

Dameon87 said:
Make sure if you're using a newer version of Ubuntu with GCC 7+ you do: export LC_ALL=C
That should get you past the initial build errors.
Click to expand...
Click to collapse
Thanks for the info. I upgraded to linuxmint19 Recently. Guess I didn't pay attention to the changelog.

You also need to change two lines in the build/tools/buildinfo.sh :
echo "ro.build.version.release=$PLATFORM_VERSION"
echo "ro.build.version.security_patch=$PLATFORM_SECURITY_PATCH"
to:
echo "ro.build.version.release_orig=$PLATFORM_VERSION"
echo "ro.build.version.security_patch_orig=$PLATFORM_SECURITY_PATCH"

Dameon87 said:
You also need to change two lines in the build/tools/buildinfo.sh :
echo "ro.build.version.release=$PLATFORM_VERSION"
echo "ro.build.version.security_patch=$PLATFORM_SECURITY_PATCH"
to:
echo "ro.build.version.release_orig=$PLATFORM_VERSION"
echo "ro.build.version.security_patch_orig=$PLATFORM_SECURITY_PATCH"
Click to expand...
Click to collapse
And you need to increase the PLATFORM_VERSION to 16.1.0 ( in the new pixel 3 TWRPs is used 16 ) in build/core/version_defaults.mk to override Google's anti-rollback features

Dameon87 said:
You also need to change two lines in the build/tools/buildinfo.sh :
echo "ro.build.version.release=$PLATFORM_VERSION"
echo "ro.build.version.security_patch=$PLATFORM_SECURITY_PATCH"
to:
echo "ro.build.version.release_orig=$PLATFORM_VERSION"
echo "ro.build.version.security_patch_orig=$PLATFORM_SECURITY_PATCH"
Click to expand...
Click to collapse
mauronofrio said:
And you need to increase the PLATFORM_VERSION to 16.1.0 ( in the new pixel 3 TWRPs is used 16 ) in build/core/version_defaults.mk to override Google's anti-rollback features
Click to expand...
Click to collapse
The only issue I found was my lack of awareness. Ive been fighting with the 8.1 source all because the newer os I installed. I'm testing things out.
One thing I know is if the security patch level and date doesn't match what's in the phone then decryption won't work.
So I'm starting there.

I pulled this log from the phone it's only a part of it.
I've been trying everything and this is where it fails at in recovery.
e4crypt_initialize_global_de fail
So I started looking at any logs I can find in the phone and found this. Thought it might be helpful.
All the de folder locations are in the log
Also we use keymaster 4 that shows in The log as well.
I'm still using 8.1 source with 9.0 bootable recovery.
I'm thinking of focusing on trying to get get it to work with 9.0 source.
Log.
Mount system_root for mountting system
[ 1.120382] e4crypt_initialize_global_de
[ 1.120509] Keyring created with id 744456481 in process 530
[ 1.126746] I:List of Keymaster HALs found:
[ 1.126902] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.141729] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaulte4crypt_init_user0
[ 1.147584] Skipping non-de-key .
[ 1.147590] Skipping non-de-key ..
[ 1.152120] I:List of Keymaster HALs found:
[ 1.152266] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.160865] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaultInstalled de key for user 0
[ 1.160871] e4crypt_prepare_user_storage
[ 1.166977] ensure policy /data/system_de/0
[ 1.167599] I:Found policy 8372743e0b3d7924 at /data/system_de/0 which matches expected value
[ 1.167608] ensure policy /data/misc_de/0
[ 1.168197] I:Found policy 8372743e0b3d7924 at /data/misc_de/0 which matches expected value
[ 1.168206] ensure policy /data/user_de/0
[ 1.169338] I:Found policy 8372743e0b3d7924 at /data/user_de/0 which matches expected value
[ 1.358232] I:FBE enable...
[ 1.358334] Unable to locate gatekeeper password file '/data/system/gatekeeper.pattern.key'
[ 1.358412] (4294937945 ticks)(pid:530)[bootable/recovery/oem/src/main/oem.cpp]tree_init:90:efault password, decrept...
[ 1.358454] Unable to locate gatekeeper password file '/data/system/gatekeeper.pattern.key'
[ 1.358516] Skipping non-key .
[ 1.358549] Skipping non-key ..
[ 1.364930] I:List of Keymaster HALs found:
[ 1.365014] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.373672] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaultSuccessfully retrieved key
[ 1.373733] Installed ce key for user 0
[ 1.373765] e4crypt_prepare_user_storage
[ 1.377707] ensure policy /data/system_ce/0
[ 1.378426] I:Found policy d0acf3009500dfb4 at /data/system_ce/0 which matches expected value
[ 1.378462] ensure policy /data/misc_ce/0
[ 1.379037] I:Found policy d0acf3009500dfb4 at /data/misc_ce/0 which matches expected value
[ 1.379069] ensure policy /data/data
[ 1.380547] I:Found policy d0acf3009500dfb4 at /data/data which matches expected value
[ 1.380597] Decrypted Successfully!

twinnfamous said:
I pulled this log from the phone it's only a part of it.
I've been trying everything and this is where it fails at in recovery.
e4crypt_initialize_global_de fail
So I started looking at any logs I can find in the phone and found this. Thought it might be helpful.
All the de folder locations are in the log
Also we use keymaster 4 that shows in The log as well.
I'm still using 8.1 source with 9.0 bootable recovery.
I'm thinking of focusing on trying to get get it to work with 9.0 source.
Log.
Mount system_root for mountting system
[ 1.120382] e4crypt_initialize_global_de
[ 1.120509] Keyring created with id 744456481 in process 530
[ 1.126746] I:List of Keymaster HALs found:
[ 1.126902] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.141729] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaulte4crypt_init_user0
[ 1.147584] Skipping non-de-key .
[ 1.147590] Skipping non-de-key ..
[ 1.152120] I:List of Keymaster HALs found:
[ 1.152266] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.160865] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaultInstalled de key for user 0
[ 1.160871] e4crypt_prepare_user_storage
[ 1.166977] ensure policy /data/system_de/0
[ 1.167599] I:Found policy 8372743e0b3d7924 at /data/system_de/0 which matches expected value
[ 1.167608] ensure policy /data/misc_de/0
[ 1.168197] I:Found policy 8372743e0b3d7924 at /data/misc_de/0 which matches expected value
[ 1.168206] ensure policy /data/user_de/0
[ 1.169338] I:Found policy 8372743e0b3d7924 at /data/user_de/0 which matches expected value
[ 1.358232] I:FBE enable...
[ 1.358334] Unable to locate gatekeeper password file '/data/system/gatekeeper.pattern.key'
[ 1.358412] (4294937945 ticks)(pid:530)[bootable/recovery/oem/src/main/oem.cpp]tree_init:90:efault password, decrept...
[ 1.358454] Unable to locate gatekeeper password file '/data/system/gatekeeper.pattern.key'
[ 1.358516] Skipping non-key .
[ 1.358549] Skipping non-key ..
[ 1.364930] I:List of Keymaster HALs found:
[ 1.365014] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.373672] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaultSuccessfully retrieved key
[ 1.373733] Installed ce key for user 0
[ 1.373765] e4crypt_prepare_user_storage
[ 1.377707] ensure policy /data/system_ce/0
[ 1.378426] I:Found policy d0acf3009500dfb4 at /data/system_ce/0 which matches expected value
[ 1.378462] ensure policy /data/misc_ce/0
[ 1.379037] I:Found policy d0acf3009500dfb4 at /data/misc_ce/0 which matches expected value
[ 1.379069] ensure policy /data/data
[ 1.380547] I:Found policy d0acf3009500dfb4 at /data/data which matches expected value
[ 1.380597] Decrypted Successfully!
Click to expand...
Click to collapse
Was this taken from the default/stock recovery or just a standard boot? I've been using the twrp-8.1 branch (Which uses android_bootable_recovery 9.0 branch by default now). I've tried a multitude of things, but I simply just get the e4crypt_initialize_global_de fail error as well. I think the way things are done for the Pixel 3/XL are the way to proceed, but aside the device tree we don't have much else to go on.

Dameon87 said:
Was this taken from the default/stock recovery or just a standard boot? I've been using the twrp-8.1 branch (Which uses android_bootable_recovery 9.0 branch by default now). I've tried a multitude of things, but I simply just get the e4crypt_initialize_global_de fail error as well. I think the way things are done for the Pixel 3/XL are the way to proceed, but aside the device tree we don't have much else to go on.
Click to expand...
Click to collapse
Maybe Fstab files need modifying
The recovery.fstab I pulled out of the boot.Img has a data partition labeled f2fs
And a Data partition labeled ext4

twinnfamous said:
Maybe Fstab files need modifying
The recovery.fstab I pulled out of the boot.Img has a data partition labeled f2fs
And a Data partition labeled ext4
Click to expand...
Click to collapse
Already tried that but I didn't really get anything different. There's a few issues that are happening I think.
Dmesg repeats this over and over and over:
<3>[19700123_15:34:23.729788]@4 FG: fg_psy_get_property: unsupported property 27
<14>[19700123_15:34:26.049860]@4 init: starting service 'boot-1-0'...
<11>[19700123_15:34:26.050060]@4 init: property_set("ro.boottime.boot-1-0", "798060609590") failed: property already set
<11>[19700123_15:34:26.050448]@0 init: cannot execve('/sbin/[email protected]'): No such file or directory
<14>[19700123_15:34:26.051342]@4 init: Sending signal 9 to service 'boot-1-0' (pid 762) process group...
<14>[19700123_15:34:26.051372]@4 init: Successfully killed process cgroup uid 0 pid 762 in 0ms
Then just getting this according to the recovery.log:
I:File Based Encryption is present
e4crypt_initialize_global_de returned fail
e4crypt_initialize_global_de returned fail
e4crypt_initialize_global_de returned fail

Dameon87 said:
Already tried that but I didn't really get anything different. There's a few issues that are happening I think.
Dmesg repeats this over and over and over:
<3>[19700123_15:34:23.729788]@4 FG: fg_psy_get_property: unsupported property 27
<14>[19700123_15:34:26.049860]@4 init: starting service 'boot-1-0'...
<11>[19700123_15:34:26.050060]@4 init: property_set("ro.boottime.boot-1-0", "798060609590") failed: property already set
<11>[19700123_15:34:26.050448]@0 init: cannot execve('/sbin/[email protected]'): No such file or directory
<14>[19700123_15:34:26.051342]@4 init: Sending signal 9 to service 'boot-1-0' (pid 762) process group...
<14>[19700123_15:34:26.051372]@4 init: Successfully killed process cgroup uid 0 pid 762 in 0ms
Then just getting this according to the recovery.log:
I:File Based Encryption is present
e4crypt_initialize_global_de returned fail
e4crypt_initialize_global_de returned fail
e4crypt_initialize_global_de returned fail
Click to expand...
Click to collapse
This is probably why it won't even boot twrp built with 9.0

twinnfamous said:
This is probably why it won't even boot twrp built with 9.0
Click to expand...
Click to collapse
Are you doing a minimal build env, or pulling in the entire Omni tree? There is only a twrp-8.1 branch for the minimal manifest, but that does pull in android_bootable_recovery 9.0 branch. I can get both to compile and boot fine.

Dameon87 said:
Are you doing a minimal build env, or pulling in the entire Omni tree? There is only a twrp-8.1 branch for the minimal manifest, but that does pull in android_bootable_recovery 9.0 branch. I can get both to compile and boot fine.
Click to expand...
Click to collapse
Full sources on both 8.1 and 9.0

twinnfamous said:
Full sources on both 8.1 and 9.0
Click to expand...
Click to collapse
Alright I'm doing a full sync of the omni repo and will give that a try next. I had been just using the minimal manifest.

[EvolutionX (3.5) Erfan GSIs] [Android 10 ]

New v3.5 port from Oneplus 6 https://forum.xda-developers.com/showpost.php?p=81186001&postcount=6
port from Redmi 4A https://forum.xda-developers.com/showpost.php?p=81186219&postcount=7
From Base Firmware : EvolutionX_3.3_violet-10.0-20191112-1125-OFFICIAL.zip
Raw Image Size: 2.86 GiB
Thank to TeamGSI
======================
Download:
GSI : https://drive.google.com/drive/folders/1-7N6Z9NUb-9ut8Zz8M51FAwUC11AKTaa
File Name : EvolutionX-Aonly-10-20191119-GSI.img-1621.z7 (extracted before flashing)
TWRP : https://mega.nz/#!sHoXlaDK!ZIfuRrtl7IGsruGMIWDrbvudKgxcYdiEd-6iQS2YFNg
File Name : TWRP-20191001-3.3.1.0-clover.img
Vendor & boot : Pie ( Treble ) https://mega.nz/#!xaolTKoS!pdfjw02cw3dImfB4vlyXwINALQUewQ5lJBBjSUDKxcM
File Name : vendor_197.zip
Latest Official Clover Firmware https://mega.nz/#!QDplSYab!mrB5f8875VghQHfrrGvid4iJICMopkq3anZCipLWzqo
File Name : fw_clover_miui_MIPAD4_9.8.29_6647b25a58_8.1.zip
Erfan tools : https://mega.nz/#!xXpViC4Y!UsRgGMYNtiaLvfdXSuzamfaxsM_FOs-9xrZrPu5QCP8
File Name : allzygotefix2.zip
Phh Magisk : Magisk-v20.2-b29f0ca4-phh.zip
https://mega.nz/#!tKxngSaD!jdDHi4-QFMX2bNgQVPi50ZrpovbNRuD61aAeIt02lCI
GMS : https://mega.nz/#!cOhmgIoY!cTYxxYpc36tMl0QnndRcaPUDQ6BpO7tG0yiPQ2i7QXo
=================
Step
-wipe--Format Data
-wipe--Advanced wipe---Dalvik , Cache , Data , System , Vendor
-Option wipe--Advanced wipe---tick Data menu----Repair or change file System-----Change File System and select F2FS
-flash Firmware
-flash Vendor
-flash GSI as System Image
-flash allzygotefix2.zip (for A-only GSI when work with Android 10)
-Reboot to System
Don't worry about " Android System error message , its only one warning --we will fix at the end.
click "OK"
-Setting menu --Display---Smallest width = set to 540 dp or more than that , Icon shape = up to you
-Setting menu --Evolution settings---enable Users and Logout ( Multi user )
Don't forgotten to setup SD Card ===(Support exFAT) for me use as removable.
-Setting menu -- About phone ===changes device name from POCO F1 to anything you like or Mipad4
==============
-Flash Magisk (phh Magisk) https://sourceforge.net/projects/expressluke-gsis/files/Extras/phh-magisk-ten/
-Reboot--update it if need
-Magisk manager --install belows modules from here ---> https://github.com/ElderDrivers/EdXposed
1. Magisk-riru-core-v19.5.zip ( save)
2. Magisk-EdXposed-YAHFA-v0.4.6.0_beta.....xxxx.zip
-Reboot
-install Edxposed Manager.apk
open it set active status
-Reboot by granted Magisk super user permission
-Add & activated eXposed modle--com.cofface..ivader
=======================================
-install updated GMS ( Google Services)
-Reboot
-Setup and login your google account
Now your Play Protect is certified. and all green Safetynet check success.
======================================
-Check your FingerPrint.
-Check your BlueTooth
-Check your Mobile Data ( VoTLE )
-Check your Auto rotate
-Your Camera
All working
=========================
Fix error " Android System: your vendor image does not match the system......."
-edit (system/vendor----> bulid prop)
change line " ro.vendor.build.fingerprint = xxx to ro.build.fingerprint=xxx
and/or
-edit (system ---> bulid prop)
change " ro.treble.enabled=true" to " ro.treble.enabled=false"
- reboot
=========================
Viper4Android FX from magisk'repo
v.2.7.1.0
-install with Magisk manager
-reboot and open program-- follow suggestion from screen
==========================
Supported Youtube Vanced.
++++++++++++++++++++++++++++++++++++++++++++++++++
GCAM
https://www.celsoazevedo.com/files/android/google-camera/dev-parrot043/#apk1213
+++++++++++++++++++++++++++++++++++++++++++++++++

New & Update from ExpressLuke GSI ( compiled from source)
=============================
ROM Name: Evolution X 3.3 ( EvolutionX_3.3_ARM64A-10.0-20191202-0048-UNOFFICIAL.img)
ROM Version: 10
ROM Security Patch: 5 November 2019
Architecture: ARM64
Partition Layout: A
GSI Patch Base: phh v204
Built in GApps?: Yes
Changelog: https://pastebin.com/raw/0SwBzV6e
MEGA: Download
( https://mega.nz/#!QJkF3KxY!-trp3Q9NJDqtKoTddxeg3yn-bu6JU_6XuokZs-ri7B4)
SourceForge: Download
(https://sourceforge.net/projects/ex...191202-0048-UNOFFICIAL.img.xz/download)Google
Drive: Download (https://drive.google.com/a/turbox.uk/uc?id=1U0Nhpow2IMXUTV_ZQIfC9JAEocPc3Qik&export=download)
####Please use magisk-phh
Note !!!!!!
1. you must flash "Permissiver_v5.zip" cause GSI image not included. ( if not will Boot Fastboot Mode )
2. No need to install new update GMS apk.
3. Default Camera not working. use GCAM instead
4. Chrome crash.
-----> Please test wifi speed. mine very low 30 Mbit/Sec
-----> Evolution setting--->Power menu --->ERROR

EVOLUTIONX 3.4 (Recommended)
Download A-Only: Google Drive (https://drive.google.com/uc?export=download&id=16_3QYEeq8DnLI92xQvY6u4hSNpZ4-sYj)
File name: EvolutionX-Aonly-10-20191210-ErfanGSI.img.gz
Information:
Android Version: 10
Brand: Xiaomi
Model: MI 8
Codename: dipper
Build Type: aosp_dipper-user
Build Number: QQ1A.191205.011
Incremental: eng.DarkAn.20191207.000600
Tags: test-keys
Security Patch: 2019-12-05
Fingerprint: Xiaomi/dipper/dipper:8.1.0/OPM1.171019.011/V9.5.5.0.OEAMIFA:user/release-keys
Description: dipper-user 8.1.0 OPM1.171019.011 V9.5.5.0.OEAMIFA release-keys
Raw Image Size: 2.60 GiB

Many thanks for your contributions to our device!
it works great , everything works except the auto rotate, is always in vertical

UPDATE EvolutionX v3.5
Information:
Android Version: 10
Brand: OnePlus
Model: ONEPLUS A6003
Codename: OnePlus6
Build Type: aosp_enchilada-userdebug
Build Number: QQ1B.191205.011
Incremental: eng.bliss.20191212.000302
Tags: test-keys
Security Patch: 2019-12-05
Fingerprint: OnePlus/OnePlus6/OnePlus6:8.1.0/OPM1.171019.011/06140300:user/release-keys
Description: OnePlus6-user 8.1.0 OPM1.171019.011 273 release-keys
Raw Image Size: 2.81 GiB
====================================
Download A-Only: Google Drive (https://drive.google.com/uc?export=download&id=13OJZ6ABa5zLMdCGAGaW3nuNczGV8VAuE)
<<<<<<<< Not boot with my vendor for mipad >>>>>>>>>>>>>

Update EvolutionX 3.5
Information:
Android Version: 10
Brand: Xiaomi
Model: Redmi 4A
Codename: rolex
Build Type: aosp_rolex-userdebug
Build Number: QQ1B.191205.011
Incremental: eng.ubuntu.20191212.104649
Tags: test-keys
Security Patch: 2019-12-05
Fingerprint: Xiaomi/rolex/rolex:7.1.2/N2G47H/V9.2.6.0.NCCMIEK:user/release-keys
Description: rolex-user 7.1.2 N2G47H V9.2.6.0.NCCMIEK release-keys
Raw Image Size: 2.35 GiB
=====================================
Download A-Only: Google Drive (https://drive.google.com/uc?export=download&id=1jxyN2uiNo8rk2o4az6r8BR3nfqxqHfF6)
Bug: Evolution setting---power menu (crash) but can use advanced boot with power button.

I tried several times and always get the same problem : the autorotate not works,
I installed other Roms and in every rom I have the same probem with the autorotate
I also tried the roms from https://forum.xda-developers.com/mi-pad-4 and is the same, Im afraid my autorotate die...
I tried the sensors app in google play and says all my sensors not works...
Any idea to try to solve giroscopie?
I tried various roms and I think this one works very well :
https://forum.xda-developers.com/mi-pad-4/development/rom-lineageos-17-0-t3989187

Fix error " Android System: your vendor image does not match the system......."
-edit (system/vendor----> bulid prop)
change line " ro.vendor.build.fingerprint = xxx to ro.build.fingerprint=xxx
and/or
-edit (system ---> bulid prop)
change " ro.treble.enabled=true" to " ro.treble.enabled=false"
- reboot
Click to expand...
Click to collapse
Everything works fine except the error every bootup is not fixed. I cannot find "ro.vendor.build.fingerprint" in build prop. I managed to set this "ro.treble.enabled=false". However, the error persists.
Also, how do I prevent the screen from turning off when I close the flip cover?

Redmi Note9 Codename Merlin -- Cant find the Testpoints for EDL - see Picture

Hello, i need some Help for the EDL Flash on Redmi Note9 Codename Merlin.
Fastboot and Recovery does not work. Reboot after Redmi Sign.
Bootloader is open, Backcover is open. What must i do now?
Please help me for finding Testpoint.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

First, close your device and keep it untouched.
Next, follow this guide:
[GUIDE] How to bypass authentication and flash in EDL with NO auth for FREE
Thanks to: chaosmaster / k4y0z: GitHub / XDA xyzz / xyz`: GitHub / XDA Dinolek: GitHub / XDA How to install: 1. Download the attached file: VD171_MTK-bypass.zip. 2. Extract the file and open the folder. 3. Run and install python...
forum.xda-developers.com

VD171 said:
First, close your device and keep it untouched.
Next, follow this guide:
Click to expand...
Click to collapse
Thanks but i have a mistake at the end from the bat.
[2021-08-05 06:32:01.748392] Waiting for device
[2021-08-05 06:32:19.245436] Found port = COM9
[2021-08-05 06:32:19.429782] Device hw code: 0x707
[2021-08-05 06:32:19.429782] Device hw sub code: 0x8a00
[2021-08-05 06:32:19.429782] Device hw version: 0xca00
[2021-08-05 06:32:19.429782] Device sw version: 0x0
[2021-08-05 06:32:19.429782] Device secure boot: True
[2021-08-05 06:32:19.438464] Device serial link authorization: True
[2021-08-05 06:32:19.438464] Device download agent authorization: True
[2021-08-05 06:32:19.438464] Disabling watchdog timer
[2021-08-05 06:32:19.438464] Disabling protection
Traceback (most recent call last):
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\src\exploit.py", line 36, in exploit
udev._ctx.managed_claim_interface = lambda *args, **kwargs: None
AttributeError: 'NoneType' object has no attribute '_ctx'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\main.py", line 213, in <module>
main()
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\main.py", line 58, in main
result = exploit(device, config.watchdog_address, config.payload_address, config.var_0, config.var_1, payload)
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\src\exploit.py", line 38, in exploit
raise RuntimeError("libusb is not installed for port {}".format(device.dev.port)) from e
RuntimeError: libusb is not installed for port COM9
Drücken Sie eine beliebige Taste . . .

Frettchen-Kalle said:
Thanks but i have a mistake at the end from the bat.
[2021-08-05 06:32:01.748392] Waiting for device
[2021-08-05 06:32:19.245436] Found port = COM9
[2021-08-05 06:32:19.429782] Device hw code: 0x707
[2021-08-05 06:32:19.429782] Device hw sub code: 0x8a00
[2021-08-05 06:32:19.429782] Device hw version: 0xca00
[2021-08-05 06:32:19.429782] Device sw version: 0x0
[2021-08-05 06:32:19.429782] Device secure boot: True
[2021-08-05 06:32:19.438464] Device serial link authorization: True
[2021-08-05 06:32:19.438464] Device download agent authorization: True
[2021-08-05 06:32:19.438464] Disabling watchdog timer
[2021-08-05 06:32:19.438464] Disabling protection
Traceback (most recent call last):
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\src\exploit.py", line 36, in exploit
udev._ctx.managed_claim_interface = lambda *args, **kwargs: None
AttributeError: 'NoneType' object has no attribute '_ctx'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\main.py", line 213, in <module>
main()
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\main.py", line 58, in main
result = exploit(device, config.watchdog_address, config.payload_address, config.var_0, config.var_1, payload)
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\src\exploit.py", line 38, in exploit
raise RuntimeError("libusb is not installed for port {}".format(device.dev.port)) from e
RuntimeError: libusb is not installed for port COM9
Drücken Sie eine beliebige Taste . . .
Click to expand...
Click to collapse
Did you install the python module pyusb?
Did you try to run as administrator?

thank you VD171
it works perfektly now.
i trie it with 12.04 global, then auto update to 12.08 und at last auto update to 12.01 (android11)
bootloader is 2nd time open now .-)
it try 3.41 recovery with admin fastboot command and all seen fine - but not so is.
Cant boot in twrp - there is no twrp? and now?
//edit
i think this was it (no twrp) that me brick the phone the first time flash custom rom ;-)

Frettchen-Kalle said:
thank you VD171
it works perfektly now.
i trie it with 12.04 global, then auto update to 12.08 und at last auto update to 12.01 (android11)
bootloader is 2nd time open now .-)
it try 3.41 recovery with admin fastboot command and all seen fine - but not so is.
Cant boot in twrp - there is no twrp? and now?
//edit
i think this was it (no twrp) that me brick the phone the first time flash custom rom ;-)
Click to expand...
Click to collapse
Good work, my friend.
I suggest you to try all recovery project you can, and then you can choose one:
[RECOVERY PROJECT] Collection of TWRP & PBRP & SHRP & ORANGEFOX for MERLIN (Redmi Note 9 / Redmi 10X 4G)
Works with: - Xiaomi Redmi Note 9 - Xiaomi Redmi 10X 4G Warnings: - This is not a development thread. This is a help thread. - I didn't build any of them. Use at your own risk. - I don't have the source code for any of them. Use at your own...
forum.xda-developers.com

Traceback (most recent call last):
File "main.py", line 3, in <module>
from src.exploit import exploit
ImportError: No module named src.exploit
Для продолжения нажмите любую клавишу . . .

WiFi not working after installing LineageOS for microG

Hi there! I'm trying to flash LineageOS-microG version (https://lineage.microg.org), but after successful (?) installation WiFi isn't working, I'm getting an error "Failed or timed out awaiting driver ready":
Code:
09-25 19:15:36.920 894 894 E WifiHAL : Timed out wating on Driver ready ...
09-25 19:15:36.921 894 894 E [email protected]: Failed or timed out awaiting driver ready
09-25 19:15:36.921 894 894 E [email protected]: Failed to start legacy HAL: TIMED_OUT
09-25 19:15:36.929 1307 3910 E HalDevMgr: executeChipReconfiguration: configureChip error: 9 (, timed out)
09-25 19:15:36.929 1307 3910 E WifiVendorHal: Failed to create STA iface
09-25 19:15:36.929 1307 3910 E WifiNative: Failed to create iface in vendor HAL
09-25 19:15:36.930 1307 3910 E WifiClientModeManager: Failed to create ClientInterface. Sit in Idle
I've downloaded latest "-microG-bramble-recovery.img" and "-microG-bramble.zip" form https://download.lineage.microg.org/bramble/, flashed recovery, rebooted into it and flashed zip as described in official LineageOS wiki https://wiki.lineageos.org/devices/bramble/install#installing-lineageos-from-recovery.
After rebooting and post-install setup WiFi is not working :/
Official LineageOS images works fine. So, what I'm doing wrong?
I've also unpacked "payload.bin" from this image https://download.lineage.microg.org/bramble/lineage-18.1-20210914-microG-bramble.zip with some python script https://github.com/cyxx/extract_android_ota_payload and there are some noticeable differences in official and microG LineageOS editions:
LineageOS-microG payload.bin:
Code:
4,0K ./vbmeta_system.img
8,0K ./vbmeta.img
16M ./dtbo.img
96M ./boot.img
96M ./vendor_boot.img
280M ./system_ext.img
553M ./product.img
710M ./vendor.img
1,1G ./system.img
2,8G .
Official LineageOS payload.bin:
Code:
4,0K ./vbmeta_system.img
8,0K ./vbmeta.img
44K ./devcfg.img
56K ./qupfw.img
80K ./xbl_config.img
88K ./featenabler.img
124K ./uefisecapp.img
192K ./aop.img
236K ./keymaster.img
404K ./hyp.img
1,0M ./abl.img
2,9M ./tz.img
3,5M ./xbl.img
16M ./dtbo.img
96M ./boot.img
96M ./vendor_boot.img
147M ./modem.img
280M ./system_ext.img
710M ./vendor.img
948M ./product.img
2,6G ./system.img
4,9G .
Does this mean that LineageOS-microG images are broken in some way or something?
Thanks!

I had the same issues with newer versions for Pixel 5, only initial 18.1 works fine. LineageOS for microG have huge issues with connectivity for redfin, they even don't have reachable support anywhere...
Update: I just managed to install a version of Lineage-18.1-20211021-microg-redfin-recovery.img (newest) with a fully operating MicroG and a working flawlessly WiFi/cellular connectivity - I used CalyxOS installer (to update Pixel 5 firmware during the installation), then I unlocked the bootloader (in CalyxOS dev. options and later in fastboot by typing "fastboot flashing unlock" through adb), and get rid of Calyx by making a wipe and install LineageOS recovery and LineageOS for microG image.
CalyxOS has installation module for Pixel 4, so I hope it could be helpful for you.

I have the same problem. The last build of Los4microG that works is the from May 21. Would a simple firmware update do the trick as well?