Related
Hi everyone. As an obsessed flasher from my old HTC one 7 i couldnt wait much longer to unlock and root my beloved Nexus 6P.
I have a few questions as i keep seeing the words encrypted and decrypted flying around alot. I understand what encryption is, and what it is there for. What i don't understand is how to know when my phone is encrypted or not. For example, i have unlocked, flashed mod boot img. and then had to factory reset my phone to flash TWRP 2.7.8.1 ( which said decryption not needed) i then installed SuperSU for root. I have read that factory reset can remove decryption... but i have no idea how to check.
Do i need to re-encrypt my device, if so, how do i do this? Will encryption stop root or make TWRP not work properly in regards to flashing and backups.? Can i install custom kernels with a decrypted device or again shall i re-encrypt it?
I also see a screen when entering recovery and rebooting phone "Your device software cannot be checked for corruption, please lock bootloader". Is this normal or have i done something wrong?
Thanks in advance for your help!
so ive managed to find out that the message when in recovery or rebooting is normal for marshmallow. Can anyone help me in terms of the encyrption/decryption issue please?
Quick question:
I am very used to flashing so this isn't new to me. I recently updated to android build MHC19I. I'm use to the "lock your bootloader" warning, but now that I'm on TWRP 3.0.0-1, I'm also receiving the "your device is corrupt" warning. Now this doesn't seem to affect day to day use, so I don't seem to care, but am I doing something wrong? I usually wouldn't receive that message.
Thanks!
dbroer91884 said:
Quick question:
I am very used to flashing so this isn't new to me. I recently updated to android build MHC19I. I'm use to the "lock your bootloader" warning, but now that I'm on TWRP 3.0.0-1, I'm also receiving the "your device is corrupt" warning. Now this doesn't seem to affect day to day use, so I don't seem to care, but am I doing something wrong? I usually wouldn't receive that message.
Thanks!
Click to expand...
Click to collapse
Have you flashed SuperSU since flashing this version of TWRP? I haven't been able to pinpoint the cause of this message, but I believe it occurs when you have a modified /system partition (from installing TWRP). If I recall correctly (I had it a while ago) flashing SuperSU seemed to get rid of it. Could be a coincidence but that was my experience.
Heisenberg said:
Have you flashed SuperSU since flashing this version of TWRP? I haven't been able to pinpoint the cause of this message, but I believe it occurs when you have a modified /system partition (from installing TWRP). If I recall correctly (I had it a while ago) flashing SuperSU seemed to get rid of it. Could be a coincidence but that was my experience.
Click to expand...
Click to collapse
Here is the crazy thing.
So I hadn't flashed anything but TWRP, didn't modify the system partition at all, and that message would come up. I then flashed the latest Pure Nexus (actually then removed Root) and the message is now back to just the relock the bootloader message. I checked what build was used in that rom, and it is some crazy build (MHC19J) which isn't even available on the the Android Factory Images site. So I don't really know. As of now though, I'm just back to the normal lock your bootloader message.
dbroer91884 said:
Here is the crazy thing.
So I hadn't flashed anything but TWRP, didn't modify the system partition at all, and that message would come up. I then flashed the latest Pure Nexus (actually then removed Root) and the message is now back to just the relock the bootloader message. I checked what build was used in that rom, and it is some crazy build (MHC19J) which isn't even available on the the Android Factory Images site. So I don't really know. As of now though, I'm just back to the normal lock your bootloader message.
Click to expand...
Click to collapse
TWRP itself modifies the system partition in order to persist through reboots, I believe this is what causes the message to appear.
I think the Warnung is only red then the vendor image with the cert.check goes wrong the mhc19j is the last march build from the nexus5x and the devs changed the Rom for the angler- so try to flash the vendor image Märchen from Angler the mhc19i and the Rom certificate check goes right and the yellow Warnung is back.....i had for a few days the same Problem.... Download the vendor in the Rom thread and flsh it with wugs toolkit and then reboot.... Sry for my terrible english
Long-short: I bricked the phone flashing Exodus ROM. TWRP wants a password and nothing works: yes I typed the password in correctly. (TWRP version 3.0.2.0 clark)
Phone is encrypted. Exodus had a weird issue where even though I set it to no security on boot, it still required my pin. Even after I changed it to pattern. So it would boot, ask for PIN, boot, then pattern.
TWRP cannot install anything as it is read only and won't accept any password. For some odd reason, it no longer has pattern unlock.
I tried to restore to stock (5.1.1 and 6.0) following http://forum.xda-developers.com/moto-x-style/general/guides-how-to-guides-beginners-t3200808/page17.
RSDLite would fail: "Failed flashing process. 18/22 flash modem "NON-HLOS.bin" -> phone return fail."
Both 5.1.1 and 6.0 fails at this point.
Boy, do I need some help!
sunNsnow said:
Long-short: I bricked the phone flashing Exodus ROM. TWRP wants a password and nothing works: yes I typed the password in correctly. (TWRP version 3.0.2.0 clark)
Phone is encrypted. Exodus had a weird issue where even though I set it to no security on boot, it still required my pin. Even after I changed it to pattern. So it would boot, ask for PIN, boot, then pattern.
TWRP cannot install anything as it is read only and won't accept any password. For some odd reason, it no longer has pattern unlock.
I tried to restore to stock (5.1.1 and 6.0) following http://forum.xda-developers.com/moto-x-style/general/guides-how-to-guides-beginners-t3200808/page17.
RSDLite would fail: "Failed flashing process. 18/22 flash modem "NON-HLOS.bin" -> phone return fail."
Both 5.1.1 and 6.0 fails at this point.
Boy, do I need some help!
Click to expand...
Click to collapse
It sounds like one of your partitions is messed up, same thing happened to me (my thread is in this forum, about a week old if you want to read)
Long story short, I could not fix this. I sent it to Motorola despite not having a warranty and it sounds like they fixed it by flashing factory software, I'll find out Tuesday.
Sent from my m8wl using Tapatalk
I managed to get the phone working. I decided to boot the phone (after RSDLite failed) to see if it worked: it did. It ran setup, failing to see wifi, but got through without crashing.
I did lots of things attempting to restore to stock, RSDLite restore, a manual way for the prior Moto X (it was late, I was tired), I was several lines into the command line when I realized the instructions is for the prior Moto X. I'm not sure if it helped that I was using the correct Stock file from for the Pure.
My last attempt was the easy stock restore "ROM" to 5.1.1. The phone booted, I re-rooted the phone, installed TWRP, nandroid back to the last stable save.
What borked the phone was the a dirty flash from Exodus ROM 2016-08-16 to 2016-08-18. Exodus started the TWRP issues with the password despite a pattern lock. My password worked before dirty flash, and the phone bricked, afterwards.
I got lucky: I would have had to buy a new phone (need it for work).
--
sunNsnow
Disclaimer: I have done these steps multiple times and haven't come across any issues
Read All Step carefully. Any issues or damage to your phone that occurs while doing this I am not responsible.
If TWRP asks you for Password to decrypt data & maybe you have important data in you device, So you can't format data.
Follow these steps:
1. Download the OxygenOS full zip file (tested on 4.0.1 & above)
2. Open TWRP.
3. When It asks for password, cancel it.
4. Click "Read Only" button.
5. Install the OxygenOS zip file.
6. Reboot.
7. The OS may misbehave.
8. Open TWRP again. & Boom! No encryption password.
9. Connect to PC and copy the Important data.
10. Flash Any ROM now.
Thanks!
Recently I had to type in the password but I didn't know that it is possible to bypass it with this...
svandasek said:
Thanks!
Recently I had to type in the password but I didn't know that it is possible to bypass it with this...
Click to expand...
Click to collapse
Glad it helped you
ah.... if i only knew :crying:
That's good from a data recovery point of view... but it just sucks from a security point of view.
Not sure if I should be happy or concerned
TWRP Encryption ByPass
maddler said:
That's good from a data recovery point of view... but it just sucks from a security point of view.
Not sure if I should be happy or concerned
Click to expand...
Click to collapse
Agree .... that seems like a gaping security vulnerability. :-/
maddler said:
That's good from a data recovery point of view... but it just sucks from a security point of view.
Not sure if I should be happy or concerned
Click to expand...
Click to collapse
There's no need to be concerned (about this, specifically).
tk8lm6 said:
Agree .... that seems like a gaping security vulnerability. :-/
Click to expand...
Click to collapse
Actually, this is a case where this device is more secure than previous devices. The encryption key for your user data is divided into two parts. First is the part you type in when booting. The other half is stored in the "secure element" (TrustZone) inside the processor, and is unique to your phone. How the OP3 improves this is that it actually stores two versions of the device-specific key. One is used when the system is trusted (the kernel is signed and dm-verity passes), and the other is used when it is untrusted. This is part of what wipes your data when you unlock the bootloader. The security benefit comes from the SoC locking down the encryption keys when verification fails. Going back to the stock ROM causes all of the verification to pass, and the keys stored in the TrustZone are allowed to unlock your data partition.
On the other hand, if this allows you to bypass manually-enabled encryption, that would be a major security problem.
What interests me is that installing OOS should replace TWRP with the stock recovery image, but this appears not to have happened. Or did you have to flash TWRP again from fastboot after booting into OOS?
smaeul said:
There's no need to be concerned (about this, specifically).
Actually, this is a case where this device is more secure than previous devices. The encryption key for your user data is divided into two parts. First is the part you type in when booting. The other half is stored in the "secure element" (TrustZone) inside the processor, and is unique to your phone. How the OP3 improves this is that it actually stores two versions of the device-specific key. One is used when the system is trusted (the kernel is signed and dm-verity passes), and the other is used when it is untrusted. This is part of what wipes your data when you unlock the bootloader. The security benefit comes from the SoC locking down the encryption keys when verification fails. Going back to the stock ROM causes all of the verification to pass, and the keys stored in the TrustZone are allowed to unlock your data partition.
On the other hand, if this allows you to bypass manually-enabled encryption, that would be a major security problem.
What interests me is that installing OOS should replace TWRP with the stock recovery image, but this appears not to have happened. Or did you have to flash TWRP again from fastboot after booting into OOS?
Click to expand...
Click to collapse
No arguing that previous versions were less secure. But, still, as long as there's a way to bypass encryption that's a security failure.
Encrypted data shouldn't be made available unless proper key(s) or passwords have been provided.
If that's the way that's meant to work, then that's flawed by design.
smaeul said:
There's no need to be concerned (about this, specifically).
Actually, this is a case where this device is more secure than previous devices. The encryption key for your user data is divided into two parts. First is the part you type in when booting. The other half is stored in the "secure element" (TrustZone) inside the processor, and is unique to your phone. How the OP3 improves this is that it actually stores two versions of the device-specific key. One is used when the system is trusted (the kernel is signed and dm-verity passes), and the other is used when it is untrusted. This is part of what wipes your data when you unlock the bootloader. The security benefit comes from the SoC locking down the encryption keys when verification fails. Going back to the stock ROM causes all of the verification to pass, and the keys stored in the TrustZone are allowed to unlock your data partition.
On the other hand, if this allows you to bypass manually-enabled encryption, that would be a major security problem.
What interests me is that installing OOS should replace TWRP with the stock recovery image, but this appears not to have happened. Or did you have to flash TWRP again from fastboot after booting into OOS?
Click to expand...
Click to collapse
I've tried many times. OOS replaces TWRP only on CLEAN Instal for me.
hey guys, i tried to flash oos 5.0 zip, before that i was on another rom. wiped data, system, cache and flashed oos 5.0. and now internal storage is encrypted. how do i flash the zip in twrp now?
manchitro said:
hey guys, i tried to flash oos 5.0 zip, before that i was on another rom. wiped data, system, cache and flashed oos 5.0. and now internal storage is encrypted. how do i flash the zip in twrp now?
Click to expand...
Click to collapse
Just flash it.
Wait, are you saying by just installing a zip, the encrypion hardware pass is gone? WTF.. Is such "hack" available on other devices? Xiaomi redmi(s) for example?
hey i am not able to see any of my files or the zip itself within? is there anything to resolve that?
i can boot into os but for whatever reason cant get to twrp. i have the backup .imgs on my pc now too can i sideload a restore?
im stuck not able to get twrp to see any of my storage and i cant get into twrp twice in a row, so if i fastboot and flash twrp thru adb and then boot into twrp, it asks me for the password, if i hit cancel it just shows 0 storage. ive tried to go to adb sideload but it just sits there. I have the backup i made thru twrp before trying to update.
SourPower said:
hey i am not able to see any of my files or the zip itself within? is there anything to resolve that?
i can boot into os but for whatever reason cant get to twrp. i have the backup .imgs on my pc now too can i sideload a restore?
im stuck not able to get twrp to see any of my storage and i cant get into twrp twice in a row, so if i fastboot and flash twrp thru adb and then boot into twrp, it asks me for the password, if i hit cancel it just shows 0 storage. ive tried to go to adb sideload but it just sits there. I have the backup i made thru twrp before trying to update.
Click to expand...
Click to collapse
Yeah same issue here, as soon as I go in twrp and can't type the password, I can't access my files which is expected behavior, so I don't understand how you can access the file to flash from twrp.
Can someone detail please?
---------- Post added at 07:06 PM ---------- Previous post was at 06:40 PM ----------
Actually I just found a way out to get to previous twrp version, and all is back to normal
From your running ROM, you can download the application twrp (root needed oc)
Then you can use it to flash recovery.
I always keep former version file so I could revert to bluspark twrp that was working before. All worked as expected!
Still not solving the encryption password issue when flashing new recent twrp..
Android 10 Encryption / Security Issue - ADB Encryption Bypass?
rahulrs0029 said:
Disclaimer: I have done these steps multiple times and haven't come across any issues
Read All Step carefully. Any issues or damage to your phone that occurs while doing this I am not responsible.
If TWRP asks you for Password to decrypt data & maybe you have important data in you device, So you can't format data.
Follow these steps:
1. Download the OxygenOS full zip file (tested on 4.0.1 & above)
2. Open TWRP.
3. When It asks for password, cancel it.
4. Click "Read Only" button.
5. Install the OxygenOS zip file.
6. Reboot.
7. The OS may misbehave.
8. Open TWRP again. & Boom! No encryption password.
9. Connect to PC and copy the Important data.
10. Flash Any ROM now.
Click to expand...
Click to collapse
Does this only affect the TWRP -encryption, because when you set your lockscreen password (for the auto-encrypted userdata partition in Android 10, for example) the data can't be decrypted without this password..?
I have discovered another security issue however on a rooted device:
On my Magisk-rooted and encrypted Note 10+/Exynos (Android 10) I just found out, that the userdata (data/data ) partition is UNENCRYPTED and fully readable when viewed with an ADB viewer from my PC although the device is in lockscreen mode / locked!
This doesn't happen after reboot before the first unlock! After the device has been unlocked, accessed via ADB and re-locked (but not rebooted) it is (still) unencrypted, even after rebooting the PC!
Here the lockscreen password would not make much sense at every screenlock - it just unlocks the screen which can be bypassed and all data can be read via ADB anyway - it would only make sense once at boot. Is there a way to have two passwords (1 at boot and an easier one at screenlock) for example?
Is this issue related to Magisk? And can it be fixed?
monicaONxda said:
Does this only affect the TWRP -encryption, because when you set your lockscreen password (for the auto-encrypted userdata partition in Android 10, for example) the data can't be decrypted without this password..?
I have discovered another security issue however on a rooted device:
On my Magisk-rooted and encrypted Note 10+/Exynos (Android 10) I just found out, that the userdata (data/data ) partition is UNENCRYPTED and fully readable when viewed with an ADB viewer from my PC although the device is in lockscreen mode / locked!
This doesn't happen after reboot before the first unlock! After the device has been unlocked, accessed via ADB and re-locked (but not rebooted) it is (still) unencrypted, even after rebooting the PC!
Here the lockscreen password would not make much sense at every screenlock - it just unlocks the screen which can be bypassed and all data can be read via ADB anyway - it would only make sense once at boot. Is there a way to have two passwords (1 at boot and an easier one at screenlock) for example?
Is this issue related to Magisk? And can it be fixed?
Click to expand...
Click to collapse
Anyone with thoughts on this...?
monicaONxda said:
Anyone with thoughts on this...?
Click to expand...
Click to collapse
There are two, separate passwords. One for the encryption and one for the lock screen. And they don't have to be the same.
If you remove the encryption by formatting /data and then boot up on stock OOS, it will encrypt /data with a default password. TWRP can decrypt /data because it knows the default password that's used.
When you set the lock screen password you have the option to set the encryption password to be the same or not.
So, you could set the lock screen and encryption password to be something and then change the lock screen password only to be something different.
ADB can only access /data after it has been decrypted, ie the phone has booted up. But only if: 1. ADB is enabled, 2. You have given permission on your phone to trust the PC connecting to the phone.
So, there's no back doors here. If you have set an encryption password, you can't access the data without having entered the password. And you can't access the phone data without entering the lock screen password. And you can't access the data via ADB unless you have given the specific PC permission from your phone.
Of course, if you use the default encryption password and have TWRP installed, you might just as well not have a password at all. But that's up too you.
Sent from my OnePlus 3T using XDA Labs
BillGoss said:
When you set the lock screen password you have the option to set the encryption password to be the same or not.
So, you could set the lock screen and encryption password to be something and then change the lock screen password only to be something different.
Click to expand...
Click to collapse
For which roms is this working? I guess this behaviour is rom spefic. E.g. for all lineageos 15.1 and 16.0 roms and all roms based on tje same code base, the above procedure (setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password".
The only way I know of to get a seperate passphrase for boot and lockscreen on los15, los16 and roms based on these is this:
https://forum.xda-developers.com/on...eplus-3-3t-t3866517/post80390263#post80390263
nvertigo67 said:
For which roms is this working? I guess this behaviour is rom spefic. E.g. for all lineageos 15.1 and 16.0 roms and all roms based on tje same code base, the above procedure (setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password".
The only way I know of to get a seperate passphrase for boot and lockscreen on los15, los16 and roms based on these is this:
https://forum.xda-developers.com/on...eplus-3-3t-t3866517/post80390263#post80390263
Click to expand...
Click to collapse
'setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password"' - Ah, sorry, I didn't realise that. I was saying this based on what I had done on another phone.
Sent from my OnePlus 3T using XDA Labs
BillGoss said:
'setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password"' - Ah, sorry, I didn't realise that. I was saying this based on what I had done on another phone.
Sent from my OnePlus 3T using XDA Labs
Click to expand...
Click to collapse
I'm pretty sure this behavior is rom dependent and not device dependent. E.g.: in los14 and early los15 builds the user was able to set lockscreen passphrase and boot passphrase seperately from rom's settings. This has been removed from aosp (officially because of "security concerns"; but I guess these "concerns" has been too many users with too less knowledge have locked up the boot process).
For me the cryptfs cli is perfectly ok, for the average user the behaviour you've expirienced may feel more comfortable. But the longer I think about, the more I like the seperate setting... YMMV.
I am not responsible for your bricked phone or pigeon poo on your toupe. Do at your own risk.
Many thanks to @SupahCookie for idea and motivation!
INTENTIONALLY DOES --NOT-- LOCK BOOTLOADER!!!
Get factory images here:
https://forum.xda-developers.com/mo...ock-images-t3736767/post75236696#post75236696
THIS GUIDE IS FOR FACTORY/STOCK ROMs - NOT YOUR AVERAGE CUSTOM ROM which may not have bootloaders!!! (thanks!!!!! @echo92 )
FIX:
IF YOU ARE ABLE TO GET TO FASTBOOT THIS SHOULD WORK.
IF YOU HAVE 8.x bootloaders AND ARE DOWNGRADING TO 7, use "Alternative to RSDlite" below.
1 boot to win - 7 or 10 works fine.
2 boot phone to fastboot, and connect phone to computer.
3 start RSDlite
pick a ROM. I believe I used a 7.1.1 rom
3Nov9-ADDISON_NPNS26.118-22-2-8_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
RSDlite installed it and fixed the problem.
- -
I was then able to use RSDlite to install @rafikowy 's signed 8.0 . - going up from 7 to 8.
- -
- -
If you are on 8.x bootloaders and want to go to 7.x bootloaders, use this (RSDlite throws an error and stops):
ALTERNATIVE TO RSDlite:
1 I used 7zip to extract that 7.1.1 zip (or any ROM zip) into a folder x,
2 add all the adb and fastboot junk to folder x,
3 add the attached file (rename it to flash.bat) to folder x.
4 boot phone to fastboot and connect to computer.
5 click on flash.bat - it throws a lot of "slot" errors but works just fine.
6 reboot your phone if it hasn't already and go through the 7.x install stuffs.
7 you will not show an IMEI if you are coming from an 8.x bootloader. However, it IS there.
NOTE: you may need to add a line to the flash.bat if there are more/less sparsechunk's in your FACTORY/STOCK ROM...
THIS IS NOT FOR CUSTOM ROMs!!!!!!!
EDIT: 3-8-19: I just did this myself to go back very briefly to 7.1 - be sure you don't flash TWRP to it if your going to take OTAs - it will brick it. boot to TWRP if you need TWRP briefly: fastboot boot twrpimg.img
----------
If you can boot to fastboot screen, you can do anything.
Never OTA a ROM if you have modified recovery (TWRP, etc) or if magisk is present.
https://forum.xda-developers.com/mo...p-flashing-t3813498/post77011495#post77011495
I changed the attached file to add pause and reboot and exit to make it slightly more automated.
I have successfully used this many times going back and forth. If you can boot to fastboot screen, you can save your phone and flash anything you want.
You may wish to advise users that if they downgrade to Nougat not to use Nougat OTA updates. The reason being that a downgraded stock Oreo device may still have the Oreo bootloader on it. Thus, attempting to use Nougat OTA updates may hard brick their device (as the bootloader is likely corrupted, meaning no fastboot).
Users could either use the Feb 2018 NPN26.118-22-2-17 firmware from your link https://mirrors.lolinet.com/firmware/moto/addison/official/RETAIL/ as that was the last Nougat firmware (and thus no Nougat OTA updates) or avoid using OTA updates whilst downgraded.
echo92 said:
You may wish to advise users that if they downgrade to Nougat not to use Nougat OTA updates. The reason being that a downgraded stock Oreo device may still have the Oreo bootloader on it. Thus, attempting to use Nougat OTA updates may hard brick their device (as the bootloader is likely corrupted, meaning no fastboot).
Users could either use the Feb 2018 NPN26.118-22-2-17 firmware from your link https://mirrors.lolinet.com/firmware/moto/addison/official/RETAIL/ as that was the last Nougat firmware (and thus no Nougat OTA updates) or avoid using OTA updates whilst downgraded.
Click to expand...
Click to collapse
Interesting. I used the above GUIDE to go up and down a number of times on my phone (about 20 total) , installing and running on both 7 and 8, and then went down to a Nov 7.1.1 and let it ota all the way up to 8.0 and that is what I am using now. I found that when i used a factory zip, and the above procedure, it corrected the bootloaders to the appropriate version that i was flashing - either RSDlite or the more manual path which ignores the errors worked for me.
Using the above procedure , you get the correct bootloaders, which are in the zip.
Please correct me if i am wrong!
KrisM22 said:
Interesting. I used the above GUIDE to go up and down a number of times on my phone (about 20 total) , installing and running on both 7 and 8, and then went down to a Nov 7.1.1 and let it ota all the way up to 8.0 and that is what I am using now. I found that when i used a factory zip, and the above procedure, it corrected the bootloaders to the appropriate version that i was flashing - either RSDlite or the more manual path which ignores the errors worked for me.
Using the above procedure , you get the correct bootloaders, which are in the zip.
Please correct me if i am wrong!
Click to expand...
Click to collapse
That's intriguing - we saw previously on Z Play that users downgrading their stock firmware (e.g. https://forum.xda-developers.com/moto-z-play/help/hard-brick-moto-z-play-patch-abril-t3782927 )and then using OTA updates hard bricked their device (hence the number of users asking for a blankflash, as fastboot no longer works). I don't know if these users hard bricked by downgrading their firmware too far and then flashed an OTA radically different to their previous firmware, or whether it's a risk that's taken by any downgrading of firmware.
When you used fastboot, did you see any 'security downgrade errors' when you flashed the bootloader, and is your bootloader version now C180, as you've flashed the Oreo OTA?
echo92 said:
That's intriguing - we saw previously on Z Play that users downgrading their stock firmware (e.g. https://forum.xda-developers.com/moto-z-play/help/hard-brick-moto-z-play-patch-abril-t3782927 )and then using OTA updates hard bricked their device (hence the number of users asking for a blankflash, as fastboot no longer works). I don't know if these users hard bricked by downgrading their firmware too far and then flashed an OTA radically different to their previous firmware, or whether it's a risk that's taken by any downgrading of firmware.
When you used fastboot, did you see any 'security downgrade errors' when you flashed the bootloader, and is your bootloader version now C180, as you've flashed the Oreo OTA?
Click to expand...
Click to collapse
YES - that's why I wrote these 3 guides - before, it was quite possible to wind up with a bootloader mix - esp depending on the zip you use! - factory/stock only!!!
I added a line to the guide saying that it is only intended to be used for the factory/stock zips as these have (I believe) the bootloaders appropriate to the ROM.
Many thanks for pursuing this! - I wonder if we'll have to exclude certain ROMs that are in the factory lists?????
echo92 said:
That's intriguing - we saw previously on Z Play that users downgrading their stock firmware (e.g. https://forum.xda-developers.com/moto-z-play/help/hard-brick-moto-z-play-patch-abril-t3782927 )and then using OTA updates hard bricked their device
Click to expand...
Click to collapse
If you have TWRP (or I assume any custom recovery) present when you try to ota, it can download just fine and then reboot to the update. I had TWRP and wound up in a situation where my phone would only boot to twrp no matter what I flashed or restored. I booted phone to fastboot, RSDlite'ed that 11-09-17 factory zip and all was well. In that particular case I did not fully install 7.x but immediately RSDlite'ed rafikowy's 8.0 signed stock and went on with my testing. Since then I always boot to TWRP rather than intalling it and do my thing. (thanks @jceballos )
When you used fastboot, did you see any 'security downgrade errors' when you flashed the bootloader, and is your bootloader version now C180, as you've flashed the Oreo OTA?
Click to expand...
Click to collapse
Sorry - since it throws a million errors I never look at it if it works.
The particular build I am on at the moment - is BL: C1.82
This one started from that Nov '17 build and ota'ed all the way to 8.0 Apr.
I root and unroot as needed per rafikowy's method but using a boot to TWRP - never an install TWRP.
I'll put up a new guide ref ota and recovery and brick.
KrisM22 said:
If you have TWRP (or I assume any custom recovery) present when you try to ota, it can download just fine and then reboot to the update. I had TWRP and wound up in a situation where my phone would only boot to twrp no matter what I flashed or restored. I booted phone to fastboot, RSDlite'ed that 11-09-17 factory zip and all was well. In that particular case I did not fully install 7.x but immediately RSDlite'ed rafikowy's 8.0 signed stock and went on with my testing. Since then I always boot to TWRP rather than intalling it and do my thing. (thanks @jceballos )
Sorry - since it throws a million errors I never look at it if it works.
The particular build I am on at the moment - is BL: C1.82
This one started from that Nov '17 build and ota'ed all the way to 8.0 Apr.
I root and unroot as needed per rafikowy's method but using a boot to TWRP - never an install TWRP.
I'll put up a new guide ref ota and recovery and brick.
Click to expand...
Click to collapse
1) If you have TWRP, then using an OTA will fail - as you've not got stock recovery (and likely other modifications, including possibly a system partition set to read-write status). As you noted, having TWRP seems to cause a bootloop when rebooting - I'm not sure if the OTA sets a boot flag to stay in recovery until the update is completed. For the G4/Plus, there's a possible solution by wiping the misc partition but I don't know if there's a similar partition for Z Play devices: https://forum.xda-developers.com/moto-g4/help/troubleshooting-twrp-boot-loop-ota-t3714325
The only other solution I've seen is a clean flash of the stock ROM to get your device booting properly.
Booting to TWRP rather than flashing would mean your stock recovery is still present on your device. The only downside is if you need to make modifications, you'd need your computer to boot to TWRP.
2)BL C1.82 seems to be the bootloader provided by the Oreo April 2018 security patch update, so your device looks to be on the right bootloader. It's still curious that the Nov 2017 firmware worked whereas countless other 'factory' stock ROMs caused hard bricks when downgraded to and then OTA updates were installed.
As you mentioned, custom ROMs don't have bootloaders and thus don't care about your bootloader version usually (though I've seen some ROMs require a certain bootloader). However, stock ROMs and stock OTA updates do have bootloaders, which is why downgrading can be risky.
echo92 said:
1) If you have TWRP, then using an OTA will fail - as you've not got stock recovery (and likely other modifications, including possibly a system partition set to read-write status). As you noted, having TWRP seems to cause a bootloop when rebooting - I'm not sure if the OTA sets a boot flag to stay in recovery until the update is completed. For the G4/Plus, there's a possible solution by wiping the misc partition but I don't know if there's a similar partition for Z Play devices: https://forum.xda-developers.com/moto-g4/help/troubleshooting-twrp-boot-loop-ota-t3714325
The only other solution I've seen is a clean flash of the stock ROM to get your device booting properly.
Booting to TWRP rather than flashing would mean your stock recovery is still present on your device. The only downside is if you need to make modifications, you'd need your computer to boot to TWRP.
2)BL C1.82 seems to be the bootloader provided by the Oreo April 2018 security patch update, so your device looks to be on the right bootloader. It's still curious that the Nov 2017 firmware worked whereas countless other 'factory' stock ROMs caused hard bricks when downgraded to and then OTA updates were installed.
As you mentioned, custom ROMs don't have bootloaders and thus don't care about your bootloader version usually (though I've seen some ROMs require a certain bootloader). However, stock ROMs and stock OTA updates do have bootloaders, which is why downgrading can be risky.
Click to expand...
Click to collapse
Downgrading is a piece of cake if you don't use RSDlite - it throws an error and stops. Using the bat file it can happily throw all the errors it wants and all I care is at the end I have what I want.
It does indeed change the entire environment when you bat file the zip contents. You can bat file to get from 8 to 7 and then use RSDlite to flash a different 7 OR 8 zip file. There is no resulting difference in whether you RSDlite it or bat file it - the bat file simply comes from the .xml file that is within the zip. There is very little or no difference between that among addison factory/stock zips. Other zips are different (custom ROMs.)
Grab any factory/stock zip for addison and expand it and you will see modems, bootloaders, indeed absolutely everything you would find on that phone if you went to a store and bought it. SupahCookie simply added a couple lock command lines because it was intended for folks who somehow thought that if phone was locked they could take it back to the store and get their money back. Or some such. I found that ATT folk didn't care if you were on CM or whatever if you just needed to swap SIMs or whatever.
I DON'T want to lock the phone as it prevents me from modifying forever. Oh yeah that reminds me I was going to post the obligatory guide (again) about how to flash a white boot logo so you don't get that message - it's still there LOL but since the font is in white, you can't see it.
I have a Moto Z2 Play and used this to get out of a rather sticky situation.. My IEMI shows 0 now and I'm curious if there's a way to fix this? Also, You say you've done OTA updates? My phone is telling my I have some, is it safe to try?
Necrowr said:
I have a Moto Z2 Play and used this to get out of a rather sticky situation.. My IEMI shows 0 now and I'm curious if there's a way to fix this? Also, You say you've done OTA updates? My phone is telling my I have some, is it safe to try?
Click to expand...
Click to collapse
Thanks for feedback and great on success.
IMEI will show zero if using oreo, It will show again if using N. Remember that if you go from O to N you need to use the "Alternative to RSD" as RSD will simply throw an error and stop.
If you have TWRP and/or Magisk you must get rid of them before ota - if twrp present you will soft brick and have to do alternative again - flash a stock recovery. Simply uninstalling/flash magisk will probably not be enough - it will likely d/l but error part way through update. If you are sitting on rafikowy's stock oreo, and haven't modified it, you should be fine. I know Apr and June are out there. I flashed his stock 8.0 and took June fine. Z2 should be no different though of course I can't guarantee it
If you have success, let us know what you have done so others looking in will know. Thanks!
KrisM22 said:
Thanks for feedback and great on success.
IMEI will show zero if using oreo, It will show again if using N. Remember that if you go from O to N you need to use the "Alternative to RSD" as RSD will simply throw an error and stop.
If you have TWRP and/or Magisk you must get rid of them before ota - if twrp present you will soft brick and have to do alternative again - flash a stock recovery. Simply uninstalling/flash magisk will probably not be enough - it will likely d/l but error part way through update. If you are sitting on rafikowy's stock oreo, and haven't modified it, you should be fine. I know Apr and June are out there. I flashed his stock 8.0 and took June fine. Z2 should be no different though of course I can't guarantee it
If you have success, let us know what you have done so others looking in will know. Thanks!
Click to expand...
Click to collapse
I actually flashed to this: ALBUS_C_7.1.1_NPS26.118-24_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip Which is a 7.1.1 variant and it is showing 0 when I check settings and when I dial *#06#. However upon connecting to the computer and running mfastboot getvar imei it returned a value. I only did the steps above which would mean I don't have TWRP or Magisk (when I fastboot and click recovery I get "no command")
****** Additional information *********
XT1710-01 Duel Sim Variant
I started your steps, only being able to access fastboot. The device would throw an error (I don't recall exactly but it ended up showing me them in the bootloader logs) whenever I tried to start it, or go to recovery. #DefinitelyThoughtItWasDead
Necrowr said:
I actually flashed to this: ALBUS_C_7.1.1_NPS26.118-24_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip Which is a 7.1.1 variant and it is showing 0 when I check settings and when I dial *#06#. However upon connecting to the computer and running mfastboot getvar imei it returned a value. I only did the steps above which would mean I don't have TWRP or Magisk (when I fastboot and click recovery I get "no command")
****** Additional information *********
XT1710-01 Duel Sim Variant
I started your steps, only being able to access fastboot. The device would throw an error (I don't recall exactly but it ended up showing me them in the bootloader logs) whenever I tried to start it, or go to recovery. #DefinitelyThoughtItWasDead
Click to expand...
Click to collapse
What rom was on phone when you got it and what have you done to it? Has it ever run 8.x?
original country of phone?
The bat file will always throw a lot of slot errors.
https://mirrors.lolinet.com/firmware/moto/albus/official/RETUS/
or
https://mirrors.lolinet.com/firmware/moto/albus/official/RETAIL/
might have some stock ROMs of interest...
KrisM22 said:
What rom was on phone when you got it and what have you done to it? Has it ever run 8.x?
original country of phone?
The bat file will always throw a lot of slot errors.
might have some stock ROMs of interest...
Click to expand...
Click to collapse
It had 7.1.1 stock. I rooted it, and then flashed Resurrection Remix (which was yes 8.1 I believe) and the upgraded bootloader. I then found out my service wouldn't work with that.. so I attempted to flash back to stock which gave me a flurry of issues.. eventually getting to nothing but fastboot working. Flashed back to working with your guide to 7.1.1
If it helps in in fastboot it tells me BL: C0.CD
Necrowr said:
It had 7.1.1 stock. I rooted it, and then flashed Resurrection Remix (which was yes 8.1 I believe) and the upgraded bootloader. I then found out my service wouldn't work with that.. so I attempted to flash back to stock which gave me a flurry of issues.. eventually getting to nothing but fastboot working. Flashed back to working with your guide to 7.1.1
If it helps in in fastboot it tells me BL: C0.CD
Click to expand...
Click to collapse
Custom ROMs won't usually update the bootloader (even if they are newer) as stock ROMs typically only have the bootloader firmware.
You could look into flashing the stock Oreo albus 8.0 ROM https://forum.xda-developers.com/z2-play/how-to/fastboot-rom-oreo-retail-via-fastboot-t3786153 or the 8.0 June 2018 firmware https://forum.xda-developers.com/z2-play/how-to/fastboot-rom-albusretail8-0-0opss27-76-t3822195 but please check that firmware has been released for your device variant.
I don't know if updating your baseband to stock Oreo formally may fix your IMEI issue.
Necrowr said:
It had 7.1.1 stock. I rooted it, and then flashed Resurrection Remix (which was yes 8.1 I believe) and the upgraded bootloader. I then found out my service wouldn't work with that.. so I attempted to flash back to stock which gave me a flurry of issues.. eventually getting to nothing but fastboot working. Flashed back to working with your guide to 7.1.1
If it helps in in fastboot it tells me BL: C0.CD
Click to expand...
Click to collapse
"BL: C0.CD" even right after flashing that albus 7.1.1 using "alternative" above?
What happens if you flash one of the oreo roms from the links I gave you above?
Yeah, RR wouldn't change bootloaders... so you upgraded bootloaders independendently?- that could easily lead to a soft brick... -
I read RR on Z2 and it says nothing about bootloaders even though it says 8.1 based, so i wonder if it needs 7.x bootloaders? I did not read entire thread...
In a reverse, I would wonder if you put an 8 on there if you wouldn't see your IMEI. (On the Z if you flash 8 You won't see the IMEI until you return to 7.)(wondering if z2 is reversed)
KrisM22 said:
"BL: C0.CD" even right after flashing that albus 7.1.1 using "alternative" above?
What happens if you flash one of the oreo roms from the links I gave you above?
Yeah, RR wouldn't change bootloaders... so you upgraded bootloaders independendently?- that could easily lead to a soft brick... -
I read RR on Z2 and it says nothing about bootloaders even though it says 8.1 based, so i wonder if it needs 7.x bootloaders? I did not read entire thread...
In a reverse, I would wonder if you put an 8 on there if you wouldn't see your IMEI. (On the Z if you flash 8 You won't see the IMEI until you return to 7.)(wondering if z2 is reversed)
Click to expand...
Click to collapse
Yes, right after flashing that is the BL that fastboot is showing me. I don't recall updating the bootloader so to speak, however RR did require an updated variant of twrp which I flashed 3.2.2 I believe to get (unsure if that would have changed the bootloader or not). I also tried flashing a stock Oreo (which you've stated stock Roms usually only have the bootloaders so maybe somewhere during this process I updated it?). I wish I had all the notes for what I did to give more precise information, but I'm in a position where I really need my phone so I kinda just panicked and started flashing things when my service wouldn't work.
I'm highly considering trying to run an OTA (though very afraid of bricking). - On a side note though, it wouldn't even tell me I had OTA's until I did the steps in the original post here (doing the different 7.1.1. and 8.0 flashes, it wouldn't ever tell me I had updates, and now it does).
*** Edit ***
Looks like I'm able to enter stock recovery, which makes me believe everything is stock at the moment.
Necrowr said:
Yes, right after flashing that is the BL that fastboot is showing me. I don't recall updating the bootloader so to speak, however RR did require an updated variant of twrp which I flashed 3.2.2 I believe to get (unsure if that would have changed the bootloader or not). I also tried flashing a stock Oreo (which you've stated stock Roms usually only have the bootloaders so maybe somewhere during this process I updated it?). I wish I had all the notes for what I did to give more precise information, but I'm in a position where I really need my phone so I kinda just panicked and started flashing things when my service wouldn't work.
I'm highly considering trying to run an OTA (though very afraid of bricking). - On a side note though, it wouldn't even tell me I had OTA's until I did the steps in the original post here (doing the different 7.1.1. and 8.0 flashes, it wouldn't ever tell me I had updates, and now it does).
*** Edit ***
Looks like I'm able to enter stock recovery, which makes me believe everything is stock at the moment.
Click to expand...
Click to collapse
If you flashed a stock O that would have changed bl to O, but doing the above with the stock 7.1.1 would have changed them back to N. No matter (other than academic) that you don't remember the path - flashing a stock anything reverts it to that point in time. However, IMEI may have been moved - don't know. It will likely show on EITHER 7.x or 8.x stock - just don't know which.
If you flash a stock 8.x from those links I gave you above, it should offer you ota, ASSUMING there are any at this point in time(Z has 2). Adding Magisk at any point seems to hose you for receiving any more ota's - don't understand why, even with magisk uninstall, so that would mean going back to the latest stock and losing what you have (which is why I try to take a TBPro and copy that backup to PC (because re-flashing 8.x stock will likely reset internal storage.).
yes, if you enter stock recovery, you are likely at stock, though you could reflash the latest 7 or 8 stock to be sure, depending on which you want to use as base. Since 8 is having security fixes released, I choose 8 and will likely have no more interest (no time!) in 7.
So, ran the OTA and it was fine running the update and staying on N. I also downloaded the OTA for Oreo, when trying to update the recovery error'd out. It looked like the error said "Error in modem unexpected results" or something similar.
Necrowr said:
So, ran the OTA and it was fine running the update and staying on N. I also downloaded the OTA for Oreo, when trying to update the recovery error'd out. It looked like the error said "Error in modem unexpected results" or something similar.
Click to expand...
Click to collapse
did it offer to let you d/l it again? you could try that.
However, there exist O stock zips in those links I gave you so you could just flash the latest...