There seems to be a lot of concerns about being able to flash roms in the future without using recovery and tripping knox. Why do we really need a recovery to do this? Sure it's easier. The recovery simply extracts and archive and runs an updater-script to add/delete/update modded files and set proper permissions etc. These are basically shell commands. Why can ADB be used on a rooted device to accomplish the same?
I have written a few mods and deodexed my fair share of roms. This can all be done through ADB by extracting the files.. deodexing/modding them and putting them back. and change a few permissions.
This works great for quick edits but to do a complete rom this way would require quite an installer script.
I can see a rom package being uploaded to the device and an installer script executed via ADB to put everything in it's place.
And do we know exactly what trips knox? (other than trying to write an image file directly to the recovery partition?) Can dd be used to write a prepared image to the system partition without blowing things up?
I'm not trying to make all this sound like it's easy...it's not! just trying to change the "We can't do anything without a recovery" mindset.
I understand a program called fireflash is in development. I'm not sure of it's intended purpose other than a Mobile Odin replacement (which it is). I hope it evolves into a complete package flashing application and we can put all this fear of tripping knox and losing potential features to rest.
I encourage responses and expect these ideas to be blown full of holes. I'm used to it.
OK, but how to nandroid/restore?
Because you need a pc otherwise to do everything. Recovery can do it all on the phone.
You have to be outside the Android OS to flash anything of significance, recovery makes the most sense since that's what it's designed to do.
gpvecchi said:
OK, but how to nandroid/restore?
Click to expand...
Click to collapse
I look for the same answer. Nandroid online works fine. To restore it , we need something like dd command.
doesn't using Flashfire eliminate the need for a custom recovery? it can flash zip files and do backups.
Yup, if phone boots...
This link might help you to understand what, and why, Knox gets tripped;
http://www.samsung.com/uk/business/solutions-services/mobile-solutions/security/samsung-knox
Related
I'll start by saying here that I fully understand that what I'm saying may not apply to the international (non-GED) Xoom devices.
Maybe someone can shed some light on this. Why is it that every rooting method I see here seems to involve flashing some ZIP file that has a modified kernel or boot image? Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?
No. Before when I first bought my xoom I just rooted it, no custom kernel or rom. Now I've used both and benefits alot. As for example some games people complain laggs, with custom kernel ya can over clock and fix some of this. Then custom roms allow ya to use features not enabled by Google on default. For example the wifi xoom can not connect ad-hoc networks like mobile hotspots. Roms include this unless you wanna do it the hard way. Another nifty feature is the USB OTG to attach hard drives which Google allows ya to do like mice and keyboards but not external drives.
oldblue910 said:
Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?
Click to expand...
Click to collapse
I think you ARE missing something. The process you outlined with other GED devices is identical to the Motorola XOOM root process as well.
1. You use "fastboot oem unlock" to unlock the bootloader. (This only unlocks the bootloader so you can flash custom ones, recoveries, etc. but does NOT modify the current bootloader in any way.)
2. Flash clockwork with fastboot as well.
3. Install the Universal XOOM rooting ZIP through clockwork.
4. Done.
How is this any different?
The Universal XOOM root ZIP can be found @ http://forum.xda-developers.com/showthread.php?t=1242241 and does NOT contain any sort of modified Kernel or Boot image.
I don't know where you got your information from.
Sure it does. Take a look at the zip file (all those files in the kernel folder). Plus once it's done, stock recovery no longer auto flashes because something was changed in the boot image and the checksums don't match anymore.
Sent from my Xoom using Tapatalk
Well, I stand corrected! Yeah, I don't know why it modifies the boot image either then. I'd have just thought flashing clockwork and installing the binary should be fine.
I guess you need to talk to solarnz or one of the other more experienced XOOM devs...
sodaboy581 said:
Well, I stand corrected! Yeah, I don't know why it modifies the boot image either then. I'd have just thought flashing clockwork and installing the binary should be fine.
I guess you need to talk to solarnz or one of the other more experienced XOOM devs...
Click to expand...
Click to collapse
And that's the thing...flashing just the binaries DOES work fine, at least on my Xoom. I wonder if it has something to do with the international non-GED Xooms...
Sent from my Xoom using Tapatalk
You do need a modified initramfs to root properly.
an insecure boot.img is the most useful part of being rooted.
And with one of those you don't even need clockworkmod.
flash it with fastboot / reboot / adb remount and then just push su and superuser set suid on su (10 seconds total - far less hassle than messing with clockworkmod).
I am a little surprised no one figured out how to root before unlocking. Would sure be handy to do a titanium backup before unlocking ( which wipes everything !! ) That said, it is just a minor inconvenience. Copy some stuff to the PC and I am good to go.
oldblue910 said:
I'll start by saying here that I fully understand that what I'm saying may not apply to the international (non-GED) Xoom devices.
Maybe someone can shed some light on this. Why is it that every rooting method I see here seems to involve flashing some ZIP file that has a modified kernel or boot image? Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?
Click to expand...
Click to collapse
You don't _need_ to flash an insecure kernel image; there's multiple paths to root. If you don't have a version of CWM for the device, then running the system insecure may be the only way to do it. Running the system in insecure mode does give you the ability to run adb as root amongst other things, however (so you can do things like adb remount).
Yeah I can see needing the insecure image in the case of not having ClockworkMod or if you need those extra commands in ADB. I was more just curious if running an insecure image was somehow a better practice than just flashing the androidsu.com zip. I guess it's 6 of one or a half dozen of the other in the end.
Thanks for the explanation!
Sent from my Xoom using Tapatalk
unrandomsam said:
an insecure boot.img is the most useful part of being rooted.
Click to expand...
Click to collapse
I suppose that depends on what you use root for, really. For instance, the ability to run adb as root means nothing to me really. I can count the number of times I've used adb on one hand. I more use root so I can take screenshots without hooking up to USB, and I also like having root access to the filesystem.
Plus, it seems that the insecure image is the reason why everyone says not to accept OTAs if you're running a rooted stock ROM. I've read horror stories of people accepting OTAs on a rooted stock ROM and ending up with bootloops and all kinds of other craptastic stuff. If you root with the boot image secure, you can accept OTAs and just re-root when it's done flashing.
Different strokes for different folks, right?
Sent from my Xoom using Tapatalk
mobileweasel said:
I am a little surprised no one figured out how to root before unlocking. Would sure be handy to do a titanium backup before unlocking ( which wipes everything !! ) That said, it is just a minor inconvenience. Copy some stuff to the PC and I am good to go.
Click to expand...
Click to collapse
This.
Most devices have temp root so you're able to run rooted app to fully backup before unlocking it. I've been holding off rooting on my wife's xoom because I don't want to wipe her saved data, but im really itching to mess with it, hehe. I heard with ICS you can do a full backup with adb, I believe you use the " adb backup" method.
The insecure boot image is need for two reasons.
1) without it you would not be able to adb mount the partitions while inside the Android os.
2) every time you boot into Android, a script it's ran to check for stock recovery and overwrite it, insecure boot images disable this (you can also disable by deleting the script files)
Sent from my Nexus S 4G
Hello, before doing anything I will be glad to know how to backup Kernel and Modem with adb or any other way, is there anyone that could help me!?
Thanks!
Use TWRP or CWM to backup the kernel, you also *need* to backup your EFS just in case it ever gets deleted but I have never once had an issue with that. I dont know of a way to backup your modem but I dont see why it is necessary. You can download any and all modem files online.
http://downloads.codefi.re/autoprime/LG/LG_G2/G2_modems
EniGmA1987 said:
Use TWRP or CWM to backup the kernel, you also *need* to backup your EFS just in case it ever gets deleted but I have never once had an issue with that. I dont know of a way to backup your modem but I dont see why it is necessary. You can download any and all modem files online.
http://downloads.codefi.re/autoprime/LG/LG_G2/G2_modems
Click to expand...
Click to collapse
I think is a better way to do it by ADB commands, suppose you mess up something when installing TWRP or CWM?... for I think knowing the way with ADB is better.
So then look up the ADB commands for it. If you use ADB though you NEED a computer to fix your phone. Having a flashable recovery kernel on your phone means you can recover any time. If you are so broken that you cant flash a kernel in recovery then you will need far more ADB help than a kernel backup anyway.
EniGmA1987 said:
So then look up the ADB commands for it. If you use ADB though you NEED a computer to fix your phone. Having a flashable recovery kernel on your phone means you can recover any time. If you are so broken that you cant flash a kernel in recovery then you will need far more ADB help than a kernel backup anyway.
Click to expand...
Click to collapse
I have experience with my Samsung Galaxy S2, I'm asking this because this G2 seems a bit more complicated, for example people having bootloops when install TWRP and I want to avoid that...
G2 isnt complicated at all compared to any modern phone, besides a Nexus. As long as you root and flash your first recovery properly then there are no issues. It is all the people being dumb and wanting to use just some app to try and do everything that are having problems. Use ADB to root your phone and use ADB to run loki and flash your recovery and you will have no issues. People are just forgetting about their locked bootloader and needing to use Loki to bypass the lock, then they complain about a screwed up device because they didnt do anything properly.
Flashify, which makes installing recoveries, etc super easy, has an option to back those up.
Barsky said:
Flashify, which makes installing recoveries, etc super easy, has an option to back those up.
Click to expand...
Click to collapse
HOPE THIS WORKS:fingers-crossed::fingers-crossed::fingers-crossed::fingers-crossed:
flashing a custom kernel and hopefullly this does the job of backing it and restoring it the original one!!:fingers-crossed::fingers-crossed:
I'm currently on 4.2.2 and I'm trying to figure out the quickest way to 5.0, or whatever is the most recent, to be able to get back up to speed. I'm also wanting to finally unlock my phone and get TWRP too after I get my phone updated to the most recent version. Thanks for any help!
4.4.2 not 4.2.2
Sent from my SM-N900V using XDA-Developers mobile app
Go back to factory 4.4.2 no root. Take new update to 5.0 OF1 from Verizon then root phone install Super SU make shure you have root. Then unlock bootloader install TWRP and you're ready to flash. Everything you'll need is in the General Forum
Sent from my SM-N900V using XDA Free mobile app
buckeyestilidie said:
4.4.2 not 4.2.2
Click to expand...
Click to collapse
Yeah I was sort of wondering about that - i think that would predate even MI9.
Is your phone already rooted, or not? The 'samsung_unlock_n3' thing can provide you with immediate access to a custom recovery (twrp-3.0.2-0-hltevzw-4.{x}.img with {x} = 3 or 4). Perform the retail-to-DevEd conversion with 'samsung_unlock_n3', and after you verified that it worked, just 'dd' the recovery image into the recovery partition with a root shell. No Odin, no incrementing your bootloaders, no re-rooting a stock device.
Then boot into the TWRP recovery with a 3-finger salute (Vol-Up+Home+Pwr), blow the Knox Warranty fuse by booting TWRP, take a TWRP backup, get it off onto some safe media, and you are ready to start doing what you want. Try the -4.3 image if the -4.4 wont boot.
Note: hltevzw, *not* hlte
bftb0 said:
Yeah I was sort of wondering about that - i think that would predate even MI9.
Is your phone already rooted, or not? The 'samsung_unlock_n3' thing can provide you with immediate access to a custom recovery (twrp-3.0.2-0-hltevzw-4.{x}.img with {x} = 3 or 4). Perform the retail-to-DevEd conversion with 'samsung_unlock_n3', and after you verified that it worked, just 'dd' the recovery image into the recovery partition with a root shell. No Odin, no incrementing your bootloaders, no re-rooting a stock device.
Then boot into the TWRP recovery with a 3-finger salute (Vol-Up+Home+Pwr), blow the Knox Warranty fuse by booting TWRP, take a TWRP backup, get it off onto some safe media, and you are ready to start doing what you want. Try the -4.3 image if the -4.4 wont boot.
Note: hltevzw, *not* hlte
Click to expand...
Click to collapse
Okay that was a lot of information I'm not too sure about lol yes I am rooted and I'm pretty sure I'm using safestrap as my recovery.
Sent from my SM-N900V using XDA-Developers mobile app
bftb0 said:
Yeah I was sort of wondering about that - i think that would predate even MI9.
Is your phone already rooted, or not? The 'samsung_unlock_n3' thing can provide you with immediate access to a custom recovery (twrp-3.0.2-0-hltevzw-4.{x}.img with {x} = 3 or 4). Perform the retail-to-DevEd conversion with 'samsung_unlock_n3', and after you verified that it worked, just 'dd' the recovery image into the recovery partition with a root shell. No Odin, no incrementing your bootloaders, no re-rooting a stock device.
Then boot into the TWRP recovery with a 3-finger salute (Vol-Up+Home+Pwr), blow the Knox Warranty fuse by booting TWRP, take a TWRP backup, get it off onto some safe media, and you are ready to start doing what you want. Try the -4.3 image if the -4.4 wont boot.
Note: hltevzw, *not* hlte
Click to expand...
Click to collapse
This seems like an easier way then mentioned above, but I'm vague on the terminology used. Could you elaborate on the ideas you explained?
Sent from my SM-N900V using XDA-Developers mobile app
buckeyestilidie said:
This seems like an easier way then mentioned above, but I'm vague on the terminology used. Could you elaborate on the ideas you explained?
Click to expand...
Click to collapse
I started writing a SBS (step by step), but as I took the time to make sure that nobody would shoot themselves in the foot with my instructions, I realized that it would take a huge amount of effort once all the caveats and "be careful here"s are included.
The only reason that I took the path I did is that I don't care much for dodgy/opaque rooting methods, so I just preferred to try a route that avoided losing root, even temporarily.
It basically boils down to writing the recovery image (e..g twrp-3.0.2-0-hltevzw-4.3.img or twrp-3.0.2-0-hltevzw-4.4.img) directly to the recovery partition (/dev/block/mmcblk0p15) from the rooted ROM using the "dd" program after you have unlocked the bootloader. You can find those recovery images here, and raw-writing looks like this (note root prompt '#' symbol) :
Code:
# dd if=twrp-3.0.2-0-hltevzw-4.4.img bs=2048 of=/dev/block/mmcblk0p15
***
(You need root for both this operation and to unlock the bootloader, so it makes most sense to unlock the bootloader first).
Note that the above says nothing at all about how to prepare for disasters before you travel down this path. All of that is your responsibility; if reading this makes you uncomfortable, then you shouldn't be doing it.
Among the things that I prepared beforehand: TiBu backups; full tar image of the "internal" /sdcard; full backup of external SDcard; Safestrap TWRP backups of all slots; raw dumps of all of the partitions p1-p22; debrick images (first 256 MB of /dev/block/mmcblk0) both before and after the CID-changing unlock method, another p6 (= aboot) partition raw copy *after* the unlock CID change, etc.
After I had a real recovery running on the phone, the first thing I did was to take TWRP backups of everything and got those backups off the phone as well.
Even after that, I think I forgot something: I think safestrap backs up the "loopback mount blobs" for the non-stock slots somewhere in /data/media - so they are not captured by backups of "real" TWRP (in the real recovery partition), nor in backups of the "internal" SDcard. They are captured by the psuedo-recovery that Safestrap uses, but the ability to use them may depend on having the stock slot be the active slot before you take the (real) TWRP backup. You will see similar instructions elsewhere: e.g. "get your rooted ROM running in the stock slot before you begin, and make sure the stock slot is the active slot"
*** The partitioning numbering scheme is not guaranteed to be identical on devices other than the SM-N900V Verizon Samsung Galaxy Note 3. If you have in mind using a command like this on another device, a better means for naming the destination (output file of=) target is "by-name", e.g.
dd ... of=/dev/block/platform/msm_sdcc.1/by-name/recovery ...
I didn't use that notation here because Safestrap plays games trying to protect the real boot partition by altering these symlinks, so you need to verify they really point where you think they do before you use them. (e.g. iirc, safestrap symlinks boot -> /dev/null and userdata -> mmcblk0p25 -> mount point of data blob for active slot)
I've been doing some research to understand rooting, unlocking, and other Android stuff, but one thing I still haven't figured out is how people "make" a stock recovery image, so that for example after flashing TWRP you can go back to the stock recovery (which I read is one way to install future updates). I think in general it would be possible if rooted, but for ZE551KL, so far I'm pretty sure the only way to root is to unlock and install TWRP. So, how would one make a backup of the stock recovery? If it can't be backed up without root, do people get it from somewhere else, firmware releases maybe? I looked but seems to be mostly a giant system.new.dat file...
Past that specific question, where can I learn more about the partition structure of my phone? Like where is the recovery in the file system?
Thanks for the help!
Weird question, I know, I know, just don't ask why I'm doing this.
Is there a way I can do it? I saw somewhere that there were command scripts on it but it doesn't work without root and based on reading the forum there isn't anything I can do to root it. So is there another way?
Try to flash twrp from odin without unlocking the bootloader it should (hard)brick your device but you cn boot from sd (google search and recover without losing any data
Lol idk why you would want to do this but flashing twrp will just say fail if you try to flash that in odin but Lol here downgrade the device to BPB1 https://www.androidfilehost.com/?fid=24438995911970571 then root the device using this guide https://forum.xda-developers.com/verizon-galaxy-s5/general/root-method-og5-ok3-t3290370 or this guide https://forum.xda-developers.com/ve...oot-method-t3561529/post71202995#post71202995 then download flashfire from the play store add this file to flash fire https://www.androidfilehost.com/?fid=23991606952607139 that contains the NCG Bootloader which wont flash in odin but should flash in flash fire doing this will completely hard brick the device where it wont boot anymore only to a black screen if you plug the device into your computer and it shows qualcomm high speed usb (might now show it) as the device connected lol you did it ??
Possibly to claim the warranty, if Knox isn't tripped.
The easiest, and most complete, way would be by using root. Using any other method can be fixed via Odin.
If you go the root way, if you have an eMMc 15 chip, just literally delete every folder using the File Manager in TWRP. No Odin flash can fix losing that data. Unfortunately, it will be quite obvious to a smart technician what you did they if "they" send it in to see what happened.
I'm not sure if you can do the same thing via SafeStrap, since both of my S5's are "originals" and use Samsung eMMc's and are Dev Unlocked.
If you don't mind me asking, why do you want to kill your S5?
The only reason I ask is because depending in the reason, it could be a simple solution or there may be no good solution.
EDIT:
Btw, you can root your phone no matter what eMMc chip the device has.
You just can't upgrade to Marshmallow afterwards. So you can still kill your device, with root, by downgrading to an older Android Version.
The easiest way to kill your device, without tripping Knox, and therefore prevent any questions about why your Knox flag might be tripped, is to use SafeStrap to delete everything, if you can. Like I said, I haven't had to use SafeStrap so I'm not sure what it's limitations are but if your phone is rooted, I'm sure it has very few differences/limitations when compared to TWRP.
Bottom line, root your phone, install SafeStrap, then use the File Manager to delete EVERYTHING. Save the /data section for last. I wish I could properly tell you the safe order to delete the files before your phone reboots on you but I've never had the need to kill a phone or had someone request how to. Maybe @GeTex or @jrkruse has more experience/better recommendations about how the best way to go about this might be. I doubt jrkruse will reply but GeTex seems to reply when needed. Hopefully she can provide insight/advice.
Another quick strategy is just to nuke the bootloader partition. This must be done using root from either safestrap or TWRP. Just type this command into the terminal with root permissions then reboot:
dd if=/dev/random of=/dev/block/platform/msm_sdcc.1/by-name/aboot
This will fill the aboot partition with random characters, leaving it unrecoverable even with an SD card. The only way to recover a phone from this is through the use of JTAG to manually rewrite the partition (requires disassembling the phone)