Hi,
I know this has been requested before for a bunch of other devices and in other forums, but the request was never answered, mainly because other devices had other holes to plug...
basically, my request is to mod the clockwork recovery image in order to protect it with a password. Why, you ask? Simple. The Nexus S has a good protected bootloader (when "oem locked" -- which you can lock while mantaining a custom recovery and/or rooted ROM). When someone steals my rooted phone, the only way to break in is:
- Use the phone normally - PATCHED - I use a pattern lock code;
- Use ADB on the phone via USB access the phone - PATCHED - I disabled usb debugging on the system image;
- Use the bootloader to reflash a new system/recovery image - PATCHED - I "oem locked" the phone so the phone does not accept unsigned images, and also a "fastboot oem unlock" wipes the phone, protecting my private data;
- Boot into recovery - NOT PATCHED - There is no way to password protect a recovery image, as of now.
So, can anyone please attempt this? I'm thinking of trying it myself, but I have very little experience developing for android, and I don't know the source code.
My suggestion is to create a customizable password (maybe a simple 4 to 6 digit PIN code input via the volume keys) on first boot of the recovery image. Then, in subsequent boots, ask for the code before turning on ADB and before giving access to the other recovery options.
If you forget the code, well... you still can reflash a new recovery via the system image. Also you can still fully wipe the phone, so you'll never brick it or anything.
What you guys think? I personally am very sad with this situation. When you root you basically lose all physical security with regards to the data on your phone, I think we can do better.
Sounds like a good idea.
lgrangeia said:
Hi,
"oem locked" -- which you can lock while mantaining a custom recovery and/or rooted ROM
Click to expand...
Click to collapse
How do you do this?
EDIT: This is how ... http://forum.xda-developers.com/showthread.php?t=931865&highlight=oem+lock
I'll second this request. It will save me the pain of doing the following:
To secure my phone between "maintenance" events, I flash back the stock recovery image while I'm not actively performing "maintenance". Do this via adb while the phone is booted with:
flash_image recovery /sdcard/recovery.img
You'll obviously need to put a copy of the stock recovery on your sdcard, along with a copy of clockwork for when you need to do some "maintenance". Note that the flash_image binary isn't present in all ROMs. I know CM7 has it, and in the early days I copied one over from my old Nexus One ROM.
Then turn off USB debugging, OEM lock and password protect your phone.
bubbahump said:
I'll second this request. It will save me the pain of doing the following:
To secure my phone between "maintenance" events, I flash back the stock recovery image while I'm not actively performing "maintenance". Do this via adb while the phone is booted with:
flash_image recovery /sdcard/recovery.img
You'll obviously need to put a copy of the stock recovery on your sdcard, along with a copy of clockwork for when you need to do some "maintenance". Note that the flash_image binary isn't present in all ROMs. I know CM7 has it, and in the early days I copied one over from my old Nexus One ROM.
Then turn off USB debugging, OEM lock and password protect your phone.
Click to expand...
Click to collapse
And you also need one more thing: To be running a rooted ROM. I might want to be running a totally stock rom and use a custom recovery, in order to take advantage of nandroid backup/restore.
If you are running a stock system rom, you cannot reflash recovery from system.
Does anyone know where's the best place to reach the main dev of clockwork mod? is it koush? I might try to tweet him directly to this thread.
I've been thinking about the security of these phones lately as well and it seems there's a lot of holes that a tech-savvy thief could utilize on Android phones... especially one that has custom ROMs.
This suggestion sounds pretty good, but I might be a bit confused. Do you use a terminal emulator on the phone to type in that command to flash between clockwork and stock recovery? Also, if you do a fastboot oem lock when you have a custom ROM, do you have to wipe the whole phone again when you want to fastboot oem unlock to put on another ROM?
bubbahump said:
I'll second this request. It will save me the pain of doing the following:
To secure my phone between "maintenance" events, I flash back the stock recovery image while I'm not actively performing "maintenance". Do this via adb while the phone is booted with:
flash_image recovery /sdcard/recovery.img
You'll obviously need to put a copy of the stock recovery on your sdcard, along with a copy of clockwork for when you need to do some "maintenance". Note that the flash_image binary isn't present in all ROMs. I know CM7 has it, and in the early days I copied one over from my old Nexus One ROM.
Then turn off USB debugging, OEM lock and password protect your phone.
Click to expand...
Click to collapse
dinan said:
This suggestion sounds pretty good, but I might be a bit confused. Do you use a terminal emulator on the phone to type in that command to flash between clockwork and stock recovery? Also, if you do a fastboot oem lock when you have a custom ROM, do you have to wipe the whole phone again when you want to fastboot oem unlock to put on another ROM?
Click to expand...
Click to collapse
Dinan, I'm not 100% sure, but I think the bootloader lock/unlock only prevents you from flashing from the bootloader stage. So you can reflash a custom recovery from the system rom while "oem locked", but you cannot do that from the bootloader.
I thought a bit about this, and pluging this hole in the recovery will make the Nexus S very well protected against physical security attacks (especially since it doesn't even have a SD card slot).
So if I had flashed CM7, then reflashed the stock bootloader and did fastboot oem lock, in order to nandroid or flash a new ROM I would have to first flash clockwork recovery back? If that's the case, would I have to flash it through the terminal from the device or can it be done through adb (or ROM manager)?
lgrangeia said:
Dinan, I'm not 100% sure, but I think the bootloader lock/unlock only prevents you from flashing from the bootloader stage. So you can reflash a custom recovery from the system rom while "oem locked", but you cannot do that from the bootloader.
I thought a bit about this, and pluging this hole in the recovery will make the Nexus S very well protected against physical security attacks (especially since it doesn't even have a SD card slot).
Click to expand...
Click to collapse
dinan said:
So if I had flashed CM7, then reflashed the stock bootloader and did fastboot oem lock, in order to nandroid or flash a new ROM I would have to first flash clockwork recovery back? If that's the case, would I have to flash it through the terminal from the device or can it be done through adb (or ROM manager)?
Click to expand...
Click to collapse
CM7 does not flash your bootloader. Maybe you meant recovery?
you can have an "oem locked" handset and still flash your recovery (or your system) image via both recovery or system, if you have any of those customized/rooted.
What "oem lock" means is that you cannot flash directly from the bootloader (fastboot flash), thats all.
PS: I really have no idea why this was moved to the general forum... this is a development request thread.
In short, what we need is a password protected bootloader which will require password for booting into fastboot or download mode or recovery.
Use Cerberus. Track, remote wipe, take photo, etc. It is embedded into /system and can't be removed with wipe data factory reset. Its all the security you need.
Sent from my Nexus S 4G using xda premium
lgrangeia said:
Hi,
I know this has been requested before for a bunch of other devices and in other forums, but the request was never answered, mainly because other devices had other holes to plug...
basically, my request is to mod the clockwork recovery image in order to protect it with a password. Why, you ask? Simple. The Nexus S has a good protected bootloader (when "oem locked" -- which you can lock while mantaining a custom recovery and/or rooted ROM). When someone steals my rooted phone, the only way to break in is:
- Use the phone normally - PATCHED - I use a pattern lock code;
- Use ADB on the phone via USB access the phone - PATCHED - I disabled usb debugging on the system image;
- Use the bootloader to reflash a new system/recovery image - PATCHED - I "oem locked" the phone so the phone does not accept unsigned images, and also a "fastboot oem unlock" wipes the phone, protecting my private data;
- Boot into recovery - NOT PATCHED - There is no way to password protect a recovery image, as of now.
So, can anyone please attempt this? I'm thinking of trying it myself, but I have very little experience developing for android, and I don't know the source code.
My suggestion is to create a customizable password (maybe a simple 4 to 6 digit PIN code input via the volume keys) on first boot of the recovery image. Then, in subsequent boots, ask for the code before turning on ADB and before giving access to the other recovery options.
If you forget the code, well... you still can reflash a new recovery via the system image. Also you can still fully wipe the phone, so you'll never brick it or anything.
What you guys think? I personally am very sad with this situation. When you root you basically lose all physical security with regards to the data on your phone, I think we can do better.
Click to expand...
Click to collapse
Here's a simple workaround for you, althought less convenient. Once you've made a nandroid backup, move it off your phone. Archive the image with a password and file name encryption on a computer. Extract the image from the archive when you want to restore it, then copy the extracted image to the phone to perform restore.
bubbahump said:
I'll second this request. It will save me the pain of doing the following:
To secure my phone between "maintenance" events, I flash back the stock recovery image while I'm not actively performing "maintenance". Do this via adb while the phone is booted with:
flash_image recovery /sdcard/recovery.img
You'll obviously need to put a copy of the stock recovery on your sdcard, along with a copy of clockwork for when you need to do some "maintenance". Note that the flash_image binary isn't present in all ROMs. I know CM7 has it, and in the early days I copied one over from my old Nexus One ROM.
Then turn off USB debugging, OEM lock and password protect your phone.
Click to expand...
Click to collapse
You can extract flash_image from the ROM Manager app. Unzip the apk file and you'll find it in there. Any rooted ROM can then have this file moved into /system/bin for example.
Rem3Dy said:
Use Cerberus. Track, remote wipe, take photo, etc. It is embedded into /system and can't be removed with wipe data factory reset. Its all the security you need.
Sent from my Nexus S 4G using xda premium
Click to expand...
Click to collapse
The OP is talking about the security issue, not about the data surviving oem unlock. At the moment, anyone who gets the phone can go into CWM, mount the internal storage, get the image off the phone and extract data from it. The OP is concerned about this security hole.
Rem3Dy said:
Use Cerberus. Track, remote wipe, take photo, etc. It is embedded into /system and can't be removed with wipe data factory reset. Its all the security you need.
Sent from my Nexus S 4G using xda premium
Click to expand...
Click to collapse
Nice. It turns out from little research that both Cerberus and "Theft Aware" have /system support. Call it "root" support if you will.
Now, Theft Aware is far more advanced in this regard in that it also hides the app as a system app with a custom name that you choose. Note that it requires some complexity if you want to uninstall (delete some files manually and stuff).
Theft Aware is also more polished and it seems more effort has been put into the 2.0 version.
Cerberus is more simpler and it feels I can trust them.
mightyiam said:
Nice. It turns out from little research that both Cerberus and "Theft Aware" have /system support. Call it "root" support if you will.
Now, Theft Aware is far more advanced in this regard in that it also hides the app as a system app with a custom name that you choose. Note that it requires some complexity if you want to uninstall (delete some files manually and stuff).
Theft Aware is also more polished and it seems more effort has been put into the 2.0 version.
Cerberus is more simpler and it feels I can trust them.
Click to expand...
Click to collapse
So theft aware is a flashable zip that you flash from recovery?
Sent from my Nexus S 4G using xda premium
Rem3Dy said:
So theft aware is a flashable zip that you flash from recovery?
Sent from my Nexus S 4G using xda premium
Click to expand...
Click to collapse
It has a "setup app" which you install which in turn installs the actual app. If you have writable /system it can install the app there or if you have ram FS then it can install using what you said.
Sent from my Nexus One using XDA App
Related
I am returning my nexus s back to bestbuy tomorrow. How do i go about unrooting it?
Thank you
(There isn't a Q and A section made up for the NS yet so i posted my question here)
"fastboot oem lock"
just relock the bootloader and restore to factory settings.... that's all they will check for...
jtn7040 said:
"fastboot oem lock"
just relock the bootloader and restore to factory settings.... that's all they will check for...
Click to expand...
Click to collapse
I did relock the bootloader but I still had root. I didn't factory restore yet but would that make a difference?
I just don't want to take it back up there and they find out its rooted.
Sent from my Evo using Swype and Tapatalk!
Can anyone please help with this? I'm trying to unroot this thing so that I can return it
I relocked the bootloader then did a factory reset and nothing changed..all my apps are still on the phone and the screens are still organized nor did the setup screen appear.
You need to use adb to go in the file system and delete all trace of superuser and busybox. That is the only things rooting does, places those files on your phone and changes file permissions. File permissions, they won't look for, but I've had best buy scroll through the app drawer on multiple occasions looking for superuser/rom manager.
I have attached a zip containing all the files needed for adb. Since they no longer package adb with the sdk. Just open command prompt and cd to the directory containing adb. Make sure your phone has Usb Debugging enabled, then connect your phone.
You might need to download usb drivers in order for windows to recognize the device, but probably not. Once your phone is connected, do the following.
Code:
adb devices
adb shell
su
rm /system/app/Superuser.apk
rm /system/bin/su
rm /system/bin/busybox
rm /system/bin/rootshell
reboot
You need to restore a pre-unlock backup. I'm guessing you didn't bother backing up the phone?
http://forum.xda-developers.com/showthread.php?t=875184
http://forum.xda-developers.com/showthread.php?p=9869067#post9869067
shrivelfig said:
You need to restore a pre-unlock backup. I'm guessing you didn't bother backing up the phone?
http://forum.xda-developers.com/showthread.php?t=875184
http://forum.xda-developers.com/showthread.php?p=9869067#post9869067
Click to expand...
Click to collapse
Just look at my previous post, he doesn't have to do anything else.
ryude said:
You need to use adb to go in the file system and delete all trace of superuser and busybox. That is the only things rooting does, places those files on your phone and changes file permissions. File permissions, they won't look for, but I've had best buy scroll through the app drawer on multiple occasions looking for superuser/rom manager.
Code:
su
rm /system/app/Superuser.apk
rm /system/bin/su
rm /system/bin/busybox
rm /system/bin/rootshell
reboot
Click to expand...
Click to collapse
Personally, I doubt Best Buy will even check for root. You really think they're that clever at the returns desk? Seriously.
I've never read reports of people saying Best Buy wouldn't take my phone back because it was rooted, but I never looked for them either.
How would they even check for it? You should always factory reset a phone before returning it, so you're not going to have any apps on there where they can open the app drawer and see you've got a root-required app like Root Explorer or SuperUser. They're definitely not going to attach the phone to a computer and poke around with adb.
On top of that, where on the phone's receipt does it say "no refunds on rooted devices"? It doesn't. Let the factory or the open box buyer worry about, however Best Buy disposes of the phone.
I suspect that all they'll do is check the phone for physical damage. They might turn it on to make sure it's still functional, so the fastboot oem lock is a must, just to be safe.
If I were going to return mine, and had your concern, I'd just follow @ryude's instructions; seems less likely to screw things up than messing around with fastbooting an image dump, but both are pretty safe procedures.
Please come back and let us all know exactly how the return process goes for you. What they checked, what they asked. Thanks!
shrivelfig said:
You need to restore a pre-unlock backup. I'm guessing you didn't bother backing up the phone?
http://forum.xda-developers.com/showthread.php?t=875184
http://forum.xda-developers.com/showthread.php?p=9869067#post9869067
Click to expand...
Click to collapse
How was he supposed to backup the phone before unlocking it? You need clockwork recovery to do a nandroid, don't you? ROM manager requires root to work, right?
This isn't a challenge, just curious how you backed up your phone in a manner that lets you restore a non-rooted image before unlocking and rooting.
Also, this makes me wonder how you get rid of CWM Recovery. Removing su/busybox/root doesn't do it, and fastboot oem lock doesn't. Hmmm, need to research/read up on that.
Depends if CWM is built into the kernel or not. If so, just flash stock kernel and you'd have stock recovery again.
If it's the CWM you get from Rom Manager, you can remove it by pressing "Flash to SPRecovery" at the bottom of Rom Manager.
distortedloop said:
Also, this makes me wonder how you get rid of CWM Recovery. Removing su/busybox/root doesn't do it, and fastboot oem lock doesn't. Hmmm, need to research/read up on that.
Click to expand...
Click to collapse
Reflash the stock recovery image. There's a thread for that file.
Fastboot flash recovery recovery.img
Sent from my Nexus S
ryude said:
Depends if CWM is built into the kernel or not. If so, just flash stock kernel and you'd have stock recovery again.
If it's the CWM you get from Rom Manager, you can remove it by pressing "Flash to SPRecovery" at the bottom of Rom Manager.
Click to expand...
Click to collapse
nxt said:
Reflash the stock recovery image. There's a thread for that file.
Fastboot flash recovery recovery.img
Click to expand...
Click to collapse
Okay, thanks guys, you saved me a little searching. Not that I'm interested in doing this, but the original poster wants to remove all indications that he hacked his phone, so this is something he needs to consider.
I don't actually have a Nexus S, so the exact way to go about it I am not sure. I am just offering any help I can.
sorry...this won't be of any help...but if you can't figure out how to unroot the phone, you shouldn't be rooting it in the first place.
just saying....
good luck with the return, tho.
krumb said:
sorry...this won't be of any help...but if you can't figure out how to unroot the phone, you shouldn't be rooting it in the first place.
just saying....
good luck with the return, tho.
Click to expand...
Click to collapse
I agree, but saying that after the fact doesn't help anyone.
distortedloop said:
How was he supposed to backup the phone before unlocking it? You need clockwork recovery to do a nandroid, don't you? ROM manager requires root to work, right?
This isn't a challenge, just curious how you backed up your phone in a manner that lets you restore a non-rooted image before unlocking and rooting.
Also, this makes me wonder how you get rid of CWM Recovery. Removing su/busybox/root doesn't do it, and fastboot oem lock doesn't. Hmmm, need to research/read up on that.
Click to expand...
Click to collapse
Find a stock recovery image and
Code:
fastboot flash recovery stock-recovery.img
Voila.
distortedloop said:
How was he supposed to backup the phone before unlocking it? You need clockwork recovery to do a nandroid, don't you? ROM manager requires root to work, right?
This isn't a challenge, just curious how you backed up your phone in a manner that lets you restore a non-rooted image before unlocking and rooting.
Click to expand...
Click to collapse
I miss this step too, I was just too excited rooting.
Here's how to backup.
First you do the fastboot oem unlock, then you do the fastboot flash clockwork mod.
After that, BAM, boot into clockworkmod, and do a nandroid! That will backup your current stock Android. Save that nandroid backup.
Then you can proceed and actually finish the root.
Then when you want to restore, just boot into clockwork, restore that original nandroid and you have stock android, now just fastboot flash original recovery, then fastboot oem lock to lock the bootloader and that's it. do a wipe, and you're clean.
stock recovery.img isn't working I just tried. it's throwing an error. same for stock boot.img
one thing I love about galaxy s phones, we have the easiest recovery. Why did Google/Samsung change something that was so perfect?
jroid said:
stock recovery.img isn't working I just tried. it's throwing an error. same for stock boot.img
Click to expand...
Click to collapse
What error does it give when attempting to flash stock recovery or boot img? Was hoping to have a backup ready before I flashed my recovery.
[GUIDE] Root & recovery WITHOUT oem unlock & wipe (2.3.2 & older, plus now 2.3)
UPDATE #2 - Fitchman has reported successful root and rom flash without unlocking the bootloader by using Ginger Break. Full details in this post: http://forum.xda-developers.com/showpost.php?p=13236136&postcount=135
UPDATE - IMPORTANT: This method does not work with Android 2.3.3. Search the forum or this post in this thread for a way to update to 2.3.3 and root without unlocking if you haven't updated yet.
Alternatively, use this method on 2.3.2 and lower, then use titanium to back up everything, store it on your laptop (along with all your sdcard's data), then do the oem unlock step first and then continue from there with the rest of the guide.
Not my original idea, but a consolidation of a discussion between inakipaz and shrivelfig and myself in another thread and being posted here for easier finding by future root-seekers.
Shrivelfig's tested the method to re-root a previously rooted pone with a re-locked bootloader, and inakipaz has done it on a phone that's never had the bootloader unlocked.
The advantage here is that those who chose not to root when they first got the phone won't lose any app data or sdcard data like the methods that have you unlock the bootloader do. The disadvantage is your bootloader remains locked, which may prevent you flashing certain things in the future.
edit: see ravidavi's posts below; he's shown you can even flash custom roms that are clockwork compatible while having a locked bootloader with this method.
Download these two files:
clockwork recovery v3.0.0.5 or clockwork recovery v3.0.0.5 mirror if above not working
su-2.3.6.1-ef-signed.zip
Koush's blog for the latest clockwork updates (find Nexus S in the list).
Also, if you don't already have the necessary android sdk and drivers on your computer, get them from here: http://developer.android.com/sdk/index.html and install them. Some Windows users report better luck just installing pdanet. There's a decent guide for Windows users on installing the sdk here.
Place the recovery file on your laptop where you can access it while using the sdk fastboot commands.
Place the su zip one in the top level folder of your sdcard.
Put your phone in fastboot mode (power off, then hold volume up and power key at the same time until the phone boots to a white screen).
Use fastboot to boot the phone into the clockwork recovery:
Code:
fastboot boot recovery-clockwork-3.0.0.5-crespo.img
If you're not sure how to get fastboot working on your computer, follow the excellent instructions that Allgamer gives in this GUIDE, but don't do the oem unlock command!
Once in clockwork, flash the su file to the phone by following these steps below.
To navigate in the clockwork recovery, you use the volume keys to scroll up/down through the menus, and the on/off button to select what's highlighted.
(note: some report success without these first 3 steps, others don't get a succesful root without, I recommend doing them)
select mounts and storage.
select mount /system
select go back
select install ZIP from sdcard
select choose zip from sdcard
select su-version#-signed.zip file you downloaded earlier
select yes - install su-version#-signed.zip
confirm it says "Install from sdcard complete"
select go back
select reboot
After the phone reboots, you should be rooted, with a locked bootloader, and none of your data erased.
That said, never hurts to have a backup of your precious data on the sdcard that you can copy over to the computer.
This method doesn't install busybox, so go to the Market and download/install busybox directly, or get Titanium Backup and check it's "problems?" button and let it install busybox for you. There's also an app called root checker that supposedly verifies you have a working root on your phone.
Once you have a successful root installed, I'd suggest getting back into clockwork recovery and running a nandroid back up from clockwork's backs and restore menu. Then copy that file from your sdcard (in the /clockwork/backups folder) to your laptop for safe-keeping and an easy full system restore to a known working config.
Usual disclaimers about I'm not responsible for damage to your phone or loss of data apply. Use any rooting method at your own risk.
Thanks and all the real credit go to inakipaz, shrivelfig and allgamer, and of course to koush, and ChainsDD for the superuser apk.
Worked perfectly. I used fastboot from my Mac (outlined in the stickied Mac Root thread). Root checker verifies that I have root.
And by the way, my phone and I are both root/ROM cherry. First android phone, first time rooter. Will work up the guts to flash a ROM soon, but of course there's no chance of doing THAT without unlocking the bootloader.
Thanks to all involved in this!
yeah! good work!
Srsly. Awsom.
Someone sticky this....
Question: When you do the fastboot boot command, does that overwrite the stock recovery with Clockwork? Or is it just booting into the recovery img without actually flashing it?
I would think this method also gives you a way to back up before unlocking the bootloader.
1) fastboot boot into Clockwork as described here
2) Full nandroid backup from Clockwork
3) Mount "SD" from Clockwork over USB, copy everything to computer (since it wipes everything)
4) Go back and unlock the bootloader as usual, resulting in a full wipe
5) Flash Clockwork Recovery again through whichever method
6) Mount "SD" from Clockwork over USB, copy the backup back to phone
7) Restore nandroid
And now you've unlocked the bootloader without amnesia =)
ravidavi said:
And by the way, my phone and I are both root/ROM cherry. First android phone, first time rooter. Will work up the guts to flash a ROM soon, but of course there's no chance of doing THAT without unlocking the bootloader.
Thanks to all involved in this!
Click to expand...
Click to collapse
Are you sure you need to unlock the bootloader to flash a ROM? Now that you have root, try installing ROM Manager from the Market, and see if it lets you flash custom recovery with bootloader still locked. If so, then yes you can install a ROM!
Also, the fact that you're able to boot into Clockwork using "fastboot boot" - that also means you can install a ROM .zip file right from there.
cmstlist said:
Question: When you do the fastboot boot command, does that overwrite the stock recovery with Clockwork? Or is it just booting into the recovery img without actually flashing it?
Click to expand...
Click to collapse
"fastboot boot" only launches the recovery no unlock needed. "fastboot flash" flash the recovery
cmstlist said:
Are you sure you need to unlock the bootloader to flash a ROM? Now that you have root, try installing ROM Manager from the Market, and see if it lets you flash custom recovery with bootloader still locked. If so, then yes you can install a ROM!.
Click to expand...
Click to collapse
It worked! Here's the process I used, starting from a completely unmodded Nexus S.
1: Use the method detailed here to gain root access without unlocking the bootloader.
2: Using a root-enabled file explorer (I used Super Manager), rename install-recovery.sh (in /etc) to install-recovery.sh.old . You'll need to remount as r/w to do this. NOTE: You don't *have* to do this step, but if you don't, then you can only use clockwork once after which it will be erased on reboot.
3: Using ROM Manager, install Clockwork Recovery.
4: Pleasure yourself, because your bootloader is still locked and nothing was erased.
I have yet to try actually flashing a custom ROM. Does this mean that it can also be done without unlocking bootloader?
Well damn, whaddaya know. I just flashed MoDaCo r10 without unlocking the bootloader, and without losing any personal data on /sdcard.
I figure someone at XDA should like this.
Pretty much followed distortedloop's advice. Starting from a fully stock Nexus S with Android 2.3.2 (GRH78C):
* Root using the method on this thread.
* Rename install-recovery.su to install-recovery-old.su. (in /bin)
* Install Clockwork Recovery from ROM Manager.
* Download whatever ROM you want (compatible with Clockwork), rename to update.zip, and copy to sdcard.
* Reboot into Clockwork.
* Wipe cache, reset to factory (IF REQUIRED BY NEW ROM). This was my first install of MoDaCo, and that requires it. This step does NOT erase your personal files on sdcard, just all android-related files.
* Install update.zip from Clockwork.
* Continue self-pleasuring ... you now have a custom rom without touching your bootloader or wiping your personal sdcard data.
Maybe it's just because I'm a noob here, but it seems to me that this is a BIG deal. All root/ROM installation methods that I've seen so far have required an unlocked bootloader. This seems to be the first time a Nexus S has been unlocked and custom-ROM'd without unlocking the bootloader and wiping the entire /sdcard.
Ravi
Yeah, it's pretty clear that the unlock the bootloader step isn't necessary for most of what we want to do. Just a habit from earlier devices, perhaps?
What's really odd is now we have to wonder what's the purpose of the oem unlock erasing your sdcard? Speculation was that it was a security feature to keep people from accessing your data if they stole your phone; they couldn't flash something on the phone to get access, but clearly they can. Fastboot into a custom recovery and you own the phone.
Perhaps this is a security hole Google will try to fix some day?
At any rate, I wish we'd discovered this sooner, it would have saved several people some grief in having to lose saved games (Angry Birds!) when they finally decided to root.
distortedloop said:
Yeah, it's pretty clear that the unlock the bootloader step isn't necessary for most of what we want to do. Just a habit from earlier devices, perhaps?
...
At any rate, I wish we'd discovered this sooner, it would have saved several people some grief in having to lose saved games (Angry Birds!) when they finally decided to root.
Click to expand...
Click to collapse
You say "for most of what we want to do." Could you think of a case where you would need to unlock it now? It's now shown to be unnecessary for rooting and installing custom recovery/ROM.
Is there any way to get the word out? This thread isn't stickied, and all the stickied threads on rooting & custom ROMs currently assert that you have to unlock the bootloader.
Ravi
ravidavi said:
You say "for most of what we want to do." Could you think of a case where you would need to unlock it now? It's now shown to be unnecessary for rooting and installing custom recovery/ROM.
Click to expand...
Click to collapse
I'm thinking that something like Superboot might need to have the bootloader unlocked, since it replaces the boot image, right? But I'm not sure.
ravidavi said:
Is there any way to get the word out? This thread isn't stickied, and all the stickied threads on rooting & custom ROMs currently assert that you have to unlock the bootloader.
Ravi
Click to expand...
Click to collapse
There's only a page and a half of posts in the development section right now, so it's not likely to disappear any time soon, but you could ask a mod (theimpaler747 is ours) via PM to sticky it. I thought about asking myself, but seemed a bit tacky to ask for my own thread.
Meanwhile, I'd been linking people to various posts I'd made in other threads suggesting this might work, but once inakipaz and shrivelfig confirmed it, I'm just now pointing people here. I just hope people see this before wiping their phones unnecessarily.
Really, the other guides should just be updated to skip the oem unlock step. That's really the only different thing we're doing here.
i'm just waiting for more people "newbies" to confirm this actually works for them, before making it a sticky
In theory if you really really screw up your phone, you might need fastboot flash in order to recover it. But if fastboot also lets you boot into an img recovery... then you still have a recovery route that doesn't require unlocking.
Sent from my Nexus One using XDA App
I know it's a noob question and all since all you're doing is flashing a custom recovery but will you still be able to get OTA updates after doing this as well?
Sent from my Nexus S using XDA App
qreffie said:
I know it's a noob question and all since all you're doing is flashing a custom recovery but will you still be able to get OTA updates after doing this as well?
Sent from my Nexus S using XDA App
Click to expand...
Click to collapse
yes because you still have the original recovery installed
distortedloop said:
Perhaps this is a security hole Google will try to fix some day?
Click to expand...
Click to collapse
This would be my guess.
But how? Is it possible to plug this with just a software update? Time will show, I guess.
This (security hole) should also make it possible to do perfect out-of-the-box OS backups. And restores. The problem is that nobody's going to do a backup without playing with their shiny new toy first.
shrivelfig said:
This would be my guess.
But how? Is it possible to plug this with just a software update? Time will show, I guess.
This (security hole) should also make it possible to do perfect out-of-the-box OS backups. And restores. The problem is that nobody's going to do a backup without playing with their shiny new toy first.
Click to expand...
Click to collapse
I can confirm that the Nexus One does not allow this "fastboot boot" on a locked bootloader. Maybe this was just an oversight?
It is entirely possible to plug this with a software update: Samsung/Google could issue a signed update that includes a bootloader upgrade. This has been done many times by HTC for example.
I can confirm that this method works, without unlocking the BL or erasing the SD part.
This is pretty cool. I wish I new about this before I unlocked the bootloader days after I received my phone. I too wonder if this was intentional or an oversite. Google did want this phone to be for developers, but like other's said, this is also a bit of a security hole. The wiping of the sd card on unlock would protect the person if the phone was stolen, like if there was confidential corporate stuff on there. Even if you password protect your phone, someone could fastboot clockwork, mount the sd card and retrieve all the information that was on there.
cmstlist said:
It is entirely possible to plug this with a software update: Samsung/Google could issue a signed update that includes a bootloader upgrade. This has been done many times by HTC for example.
Click to expand...
Click to collapse
It's also been done by Samsung with some versions of the Galaxy S line (some of the "leaked" roms, and even one official kies push (IIRC) changed the bootloader, causing people the ability to use 3 button mode for Odin access, and causing others to lose it.
I'll start by saying here that I fully understand that what I'm saying may not apply to the international (non-GED) Xoom devices.
Maybe someone can shed some light on this. Why is it that every rooting method I see here seems to involve flashing some ZIP file that has a modified kernel or boot image? Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?
No. Before when I first bought my xoom I just rooted it, no custom kernel or rom. Now I've used both and benefits alot. As for example some games people complain laggs, with custom kernel ya can over clock and fix some of this. Then custom roms allow ya to use features not enabled by Google on default. For example the wifi xoom can not connect ad-hoc networks like mobile hotspots. Roms include this unless you wanna do it the hard way. Another nifty feature is the USB OTG to attach hard drives which Google allows ya to do like mice and keyboards but not external drives.
oldblue910 said:
Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?
Click to expand...
Click to collapse
I think you ARE missing something. The process you outlined with other GED devices is identical to the Motorola XOOM root process as well.
1. You use "fastboot oem unlock" to unlock the bootloader. (This only unlocks the bootloader so you can flash custom ones, recoveries, etc. but does NOT modify the current bootloader in any way.)
2. Flash clockwork with fastboot as well.
3. Install the Universal XOOM rooting ZIP through clockwork.
4. Done.
How is this any different?
The Universal XOOM root ZIP can be found @ http://forum.xda-developers.com/showthread.php?t=1242241 and does NOT contain any sort of modified Kernel or Boot image.
I don't know where you got your information from.
Sure it does. Take a look at the zip file (all those files in the kernel folder). Plus once it's done, stock recovery no longer auto flashes because something was changed in the boot image and the checksums don't match anymore.
Sent from my Xoom using Tapatalk
Well, I stand corrected! Yeah, I don't know why it modifies the boot image either then. I'd have just thought flashing clockwork and installing the binary should be fine.
I guess you need to talk to solarnz or one of the other more experienced XOOM devs...
sodaboy581 said:
Well, I stand corrected! Yeah, I don't know why it modifies the boot image either then. I'd have just thought flashing clockwork and installing the binary should be fine.
I guess you need to talk to solarnz or one of the other more experienced XOOM devs...
Click to expand...
Click to collapse
And that's the thing...flashing just the binaries DOES work fine, at least on my Xoom. I wonder if it has something to do with the international non-GED Xooms...
Sent from my Xoom using Tapatalk
You do need a modified initramfs to root properly.
an insecure boot.img is the most useful part of being rooted.
And with one of those you don't even need clockworkmod.
flash it with fastboot / reboot / adb remount and then just push su and superuser set suid on su (10 seconds total - far less hassle than messing with clockworkmod).
I am a little surprised no one figured out how to root before unlocking. Would sure be handy to do a titanium backup before unlocking ( which wipes everything !! ) That said, it is just a minor inconvenience. Copy some stuff to the PC and I am good to go.
oldblue910 said:
I'll start by saying here that I fully understand that what I'm saying may not apply to the international (non-GED) Xoom devices.
Maybe someone can shed some light on this. Why is it that every rooting method I see here seems to involve flashing some ZIP file that has a modified kernel or boot image? Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?
Click to expand...
Click to collapse
You don't _need_ to flash an insecure kernel image; there's multiple paths to root. If you don't have a version of CWM for the device, then running the system insecure may be the only way to do it. Running the system in insecure mode does give you the ability to run adb as root amongst other things, however (so you can do things like adb remount).
Yeah I can see needing the insecure image in the case of not having ClockworkMod or if you need those extra commands in ADB. I was more just curious if running an insecure image was somehow a better practice than just flashing the androidsu.com zip. I guess it's 6 of one or a half dozen of the other in the end.
Thanks for the explanation!
Sent from my Xoom using Tapatalk
unrandomsam said:
an insecure boot.img is the most useful part of being rooted.
Click to expand...
Click to collapse
I suppose that depends on what you use root for, really. For instance, the ability to run adb as root means nothing to me really. I can count the number of times I've used adb on one hand. I more use root so I can take screenshots without hooking up to USB, and I also like having root access to the filesystem.
Plus, it seems that the insecure image is the reason why everyone says not to accept OTAs if you're running a rooted stock ROM. I've read horror stories of people accepting OTAs on a rooted stock ROM and ending up with bootloops and all kinds of other craptastic stuff. If you root with the boot image secure, you can accept OTAs and just re-root when it's done flashing.
Different strokes for different folks, right?
Sent from my Xoom using Tapatalk
mobileweasel said:
I am a little surprised no one figured out how to root before unlocking. Would sure be handy to do a titanium backup before unlocking ( which wipes everything !! ) That said, it is just a minor inconvenience. Copy some stuff to the PC and I am good to go.
Click to expand...
Click to collapse
This.
Most devices have temp root so you're able to run rooted app to fully backup before unlocking it. I've been holding off rooting on my wife's xoom because I don't want to wipe her saved data, but im really itching to mess with it, hehe. I heard with ICS you can do a full backup with adb, I believe you use the " adb backup" method.
The insecure boot image is need for two reasons.
1) without it you would not be able to adb mount the partitions while inside the Android os.
2) every time you boot into Android, a script it's ran to check for stock recovery and overwrite it, insecure boot images disable this (you can also disable by deleting the script files)
Sent from my Nexus S 4G
Hi Everyone,
I've been using these forums for along time and have not really had the opportunity to give back until now. Let me give you all the details to my problem and the solution to help anyone else in the same if not similar situation. Apologies if this thread has any errors just let know and I'll try to fix them. Also I am confident enough to use command line to do the things I talk about below, so you'll have to be as well if you want to use the methods described. I assume you have some level of technical ability to do this.
Phone details:
Nexus 4, bootloader unlocked, twrp custom recovery installed, rooted, running 4.4.2.
Problem:
I managed to drop my phone after having it for a year. The screen on front cracked and i couldn't use the touch. This caused a problem using the custom recovery (I use TWRP) because it was touch as well. Most of the information on my phone was backup up, my whatsapp is set to backup and push to my box account nightly using titanium backup, my pictures get uploaded to dropbox, instagram has my instagram, etc, etc. But, there were a few files I really needed in my downloads folder. I spent the whole weekend looking for articles and forum posts to help get my data off. Many required installing an app of sorts and then remote controlling the device. I could install the apps using the play store, but as couldn't get passed my lock screen, which is a combination of widget locker and the standard pin unlock screen I couldn't authorise or configure anything.
Solution:
Anyway, here is what i did. I already had WUGFresh's Nexus Root Toolkit and used adb to pull the files and fastboot to flash clockworkmod custom recovery with no touch. Here are the details.
I loaded the phone into recovery which allowed me to use adb. To use adb I opened the WUG Fresh Nexus Root Toolkit, clicked launch Advanced utilities (bottom left). Then used Manual Input (Launch CMD Prompt). Here I used the command 'adb pull /sdcard c:/pull' which grabbed all my files and dumped on the c: in a folder called pull. You can probably also use this method to copy other files from the phone, but i didn't try that.
In order to clear all my data (which i needed to do so the insurance company couldn't read it), I needed to flash clockworkmod custom recovery without touch. I got this from the CWM website and downloaded the appropriate img file for my device. I then booted my phone into fastboot. I used the fastboot help command to find out what the command was to flash a new recovery and did it. The command was 'fastbboot flash recovery c:/put/path/to/file.here'. This loaded the CWM recovery so i could wipe all my data. I just loaded into recovery and wiped all my data.
Summary:
I recommend you use a utility like titanium backup to automate a backup of all your important apps and their data on a nightly/weekly basis so if you ever get into a situation like myself you have some data to easily recover.
I hope this helps people going forward.
Arun.
You didn't need wug's, you could have just used adb to pull the files in recovery. You also could have run fastboot -w and it would have wiped your device. No need to put cwm on your device
Sent from my Nexus 5 using XDA Free mobile app
jd1639 said:
You didn't need wug's, you could have just used adb to pull the files in recovery. You also could have run fastboot -w and it would have wiped your device. No need to put cwm on your device
Click to expand...
Click to collapse
Thanks for the extra information, but I only used WUG's NRT because I already had it installed on my computer. The fastboot note is useful though, I don't think I read through the help list properly otherwise I would've done that. I also wrote this for people with a little amount of technical knowledge, and installing WUG's NRT is really simple to do and has a GUI.
Hello fellow XDAers,
Here's my dilemma: when I get my 6P I want to keep my bootloader locked for security reasons. However, I also want to change the DPI, preferably in build.prop. The only way to do this is to unlock, edit, and relock. Which is fine until I have to flash a new stock system image. Is it possible to do that with a locked bootloader and modified system? I was thinking I may be able to keep it rooted, flash TWRP from terminal emulator when I need it, then flash the image from recovery.
Sent from my Nexus 6 using Tapatalk
I'm not at all sure about this, but does adb or fastboot allow copy-pasting to the system partition over non-rooted devices? I don't really think so, but just going to guess..
Code:
adb pull /system/build.prop
Modify the file via Notepad++ and save.
Code:
adb push build.prop /system
adb shell
cd system
chmod 644 build.prop
Again, I'm not a hundred percent sure of this method, and I don't have any non-rooted devices laying around to check.. :silly:
If I recall correctly, I saw someone do something like this here on XDA itself.. I forget who posted it and where the post is but lemme know if it worked for you?
GuitarGuy96 said:
I'm not at all sure about this, but does adb or fastboot allow copy-pasting to the system partition over non-rooted devices? I don't really think so, but just going to guess..
Code:
adb pull /system/build.prop
Modify the file via Notepad++ and save.
Code:
adb push build.prop /system
adb shell
cd system
chmod 644 build.prop
Again, I'm not a hundred percent sure of this method, and I don't have any non-rooted devices laying around to check.. :silly:
If I recall correctly, I saw someone do something like this here on XDA itself.. I forget who posted it and where the post is but lemme know if it worked for you?
Click to expand...
Click to collapse
I don't think that'll worked with a locked bootloader. Can anybody confirm?
The real issue is that I wouldn't be able to apply OTAs without unlocking, because system would be modified. I need a way to return to stock (flash with TWRP?), apply the OTA (do I need stock recovery?), and keep TWRP so I can edit build.prop again with adb. That seems like it would work, but the OTA might replace TWRP with stock so I'd be screwed.
Sent from my Nexus 6 using Tapatalk
GuitarGuy96 said:
I'm not at all sure about this, but does adb or fastboot allow copy-pasting to the system partition over non-rooted devices? I don't really think so, but just going to guess..
Code:
adb pull /system/build.prop
Modify the file via Notepad++ and save.
Code:
adb push build.prop /system
adb shell
cd system
chmod 644 build.prop
Again, I'm not a hundred percent sure of this method, and I don't have any non-rooted devices laying around to check.. :silly:
If I recall correctly, I saw someone do something like this here on XDA itself.. I forget who posted it and where the post is but lemme know if it worked for you?
Click to expand...
Click to collapse
how can you push files to a read-only partition? you need to gain RW privileges to the folder, which in this case is ROOT (or ADMIN). the only way to root is to flash the recovery. the only way to flash the recovery is to unlock the bootloader.
you can re-lock the bootloader post root. you can even remove root and the custom recovery after modifying your system files. just remember, any OTA you receive will bomb because key files don't match and you'll have to redo everything you did to secure your phone.
i'm curious as to what exploits are out there that depend on an unlocked bootloader. if you're not flashing ROM data, what's the concern? avoid malicious sites, lock/encrypt your device and find a good tracker. that's about all you can do.
---------- Post added at 11:17 AM ---------- Previous post was at 11:14 AM ----------
one more thing. in general, OTAs don't typically replace your recovery.img (that i recall). it's called recovery so that you can RECOVER. flashing that ROM store seems like it would cause problems should the OTA fail. plus, don't most OTAs need the recovery partition to install anyway?
Cheater912 said:
Hello fellow XDAers,
Here's my dilemma: when I get my 6P I want to keep my bootloader locked for security reasons. However, I also want to change the DPI, preferably in build.prop. The only way to do this is to unlock, edit, and relock. Which is fine until I have to flash a new stock system image. Is it possible to do that with a locked bootloader and modified system? I was thinking I may be able to keep it rooted, flash TWRP from terminal emulator when I need it, then flash the image from recovery.
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
Everything you want to do starts with unlocking the bootloader, you can't write to something without write access, Sorry. I see what you want to do, but it's not possible.
Big Cam said:
Everything you want to do starts with unlocking the bootloader, you can't write to something without write access, Sorry. I see what you want to do, but it's not possible.
Click to expand...
Click to collapse
I'd unlock the bootloader to root the phone, then lock it again. Everything is writable with a locked bootloader as long as it's done on the phone, not through adb/fastboot.
Sent from my Nexus 6 using Tapatalk
Cheater912 said:
I'd unlock the bootloader to root the phone, then lock it again. Everything is writable with a locked bootloader as long as it's done on the phone, not through adb/fastboot.
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
this is the correct answer. the countless #s of exploits found to gain root, without unlocking the bootloader supports this. the reason unlocking the bootloader to gain root is the "only method" to do so is because in other cases you're relying on an exploit that gives you a back door to getting elevated privileges within the system. most of these are or do get closed, so exploits are NOT the correct method for gaining root.
so i reiterate - can someone please provide a case study where having an unlocked bootloader provides system privilege to malicious apps, etc., that would cause a security concern from within a device?
as far as i understand, the "only" reason to lock the bootloader is to preserve the system ROM image (for recovery, troubleshooting, experience, etc.). as a user, you become the responsible party for flashing non-OEM-approved images, exposing yourself to the risk. translation - if you download something that requires you to flash a partition from within the phone, you are the one putting yourself at risk.
640k said:
this is the correct answer. the countless #s of exploits found to gain root, without unlocking the bootloader supports this. the reason unlocking the bootloader to gain root is the "only method" to do so is because in other cases you're relying on an exploit that gives you a back door to getting elevated privileges within the system. most of these are or do get closed, so exploits are NOT the correct method for gaining root.
so i reiterate - can someone please provide a case study where having an unlocked bootloader provides system privilege to malicious apps, etc., that would cause a security concern from within a device?
as far as i understand, the "only" reason to lock the bootloader is to preserve the system ROM image (for recovery, troubleshooting, experience, etc.). as a user, you become the responsible party for flashing non-OEM-approved images, exposing yourself to the risk. translation - if you download something that requires you to flash a partition from within the phone, you are the one putting yourself at risk.
Click to expand...
Click to collapse
You can't boot the phone without decrypting the data partition. That stops an exploit in the OS.
Sent from my Nexus 6 using Tapatalk
You can easily do it following these steps:
Enable ABD Debugging,
Using the CMD window in platform tools (same areas you use for flahsing)
adb devices
adb shell
wm density xxx && reboot
The xxx will be your new density and its as easy as that. I use it all of them time this way because its easier when you don't want to root
Pilz said:
You can easily do it following these steps:
Enable ABD Debugging,
Using the CMD window in platform tools (same areas you use for flahsing)
adb devices
adb shell
wm density xxx && reboot
The xxx will be your new density and its as easy as that. I use it all of them time this way because its easier when you don't want to root
Click to expand...
Click to collapse
That always screws with Hangouts pictures, SwiftKey, and random stuff in the Play Store. Does it not for you? What do you set it to?
Sent from my Nexus 6 using Tapatalk
Cheater912 said:
That always screws with Hangouts pictures, SwiftKey, and random stuff in the Play Store. Does it not for you? What do you set it to?
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
Nope it works fine for me. I set it to 485 usually and don't have any issues
Edit: I forgot to mention that Android Pay won't work with custom dpi settings for some reason. I contacted Google about that issue and they are looking into fixing it.
btw is there a risk now to re-lock your device if you are not 100% stock because you could be stuck in a bootloop ?
I don't have a N6 or N9 but I read a few threads about the "enable OEM unlock" in Developer options that could lead to a lot of troubles if you re-lock your device....
Matrix_19 said:
btw is there a risk now to re-lock your device if you are not 100% stock because you could be stuck in a bootloop ?
I don't have a N6 or N9 but I read a few threads about the "enable OEM unlock" in Developer options that could lead to a lot of troubles if you re-lock your device....
Click to expand...
Click to collapse
That's true. I'd lock it with TWRP installed, then flash stock recovery with flashify once safely booted.
Sent from my Nexus 6 using Tapatalk
Cheater912 said:
That's true. I'd lock it with TWRP installed, then flash stock recovery with flashify once safely booted.
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
Cna you flash a recovery from a locked BL in TWRP? Call me old fashioned but i didn't think that's was possible
All this playing around with locking and unlocking the bootloader is going to cause someone to wipe some data.
You wipe the phone when you unlock the BL. This is why it is suggested to just go ahead and do it.
There is no real security risk unless you flash something malicious. Don't flash stuff from unknown sources.. DUH!
Unless you have root, you cannot write to anything but data partitions and even then security keeps you boxed in.
There will be no exploit to gain root with a locked BL Who is going to spend the time when root access is a couple of adb command and two file flashes away?
Anyway that's just MHO.
Pilz said:
Cna you flash a recovery from a locked BL in TWRP? Call me old fashioned but i didn't think that's was possible
Click to expand...
Click to collapse
Yes, you can do whatever you want with a locked bootloader as long as it's done on the phone (not through adb/fastboot).
Sent from my Nexus 6 using Tapatalk