Related
Hi guys,
1. What is the advantage/disadvantage of flashing a custom kernel?
2. I recently flashed Cyanogenmod. It automatically installs a custom kernel right?
3. Using the Nexus 7 toolkit I reverted my N7 to stock recovery (from CWM) How should I make sure that it's been reverted to the latest stock version?
4. What does N7's stock factory image contain? (Stock ROM + Stock recovery + Stock kernel?) (found here: https://developers.google.com/android/nexus/images)
5. Is this correct? You can install a custom ROM without changing the kernel but in order to have more customization you have to flash a different kernel than the stock one.
6. Is this the correct order? Unlocking bootloader>rooting>Flashing custom recovery>Flashing custom kernel>Flashing custom ROM>...?
7. Difference between unlocking bootloader and rooting.
8. How to find out N7's latest stock kernel version.
Many thanx
Sent from my Nexus 7 using Tapatalk 4 Beta
valapsp said:
1. What is the advantage/disadvantage of flashing a custom kernel?
Click to expand...
Click to collapse
Same as those for a stock kernel. That is to say, every kernel has advantages and disadvantages. Some trade performance for battery life, others do the reverse. Some are more feature-heavy and potentially more unstable, others are feature-light but designed to be rock solid. With custom kernels on a Nexus device, you avoid one of the biggest dangers of custom kernels (instability due to lack of kernel source for developers to base their work on), but you still need to be careful. You don't necessarily know how proficient the author of a given kernel is, and the wrong one can make your device unusable/kill it.
valapsp said:
2. I recently flashed Cyanogenmod. It automatically installs a custom kernel right?
Click to expand...
Click to collapse
I believe it does. I don't remember which one though, since I don't use CM.
valapsp said:
3. Using the Nexus 7 toolkit I reverted my N7 to stock recovery (from CWM) How should I make sure that it's been reverted to the latest stock version?
Click to expand...
Click to collapse
You need to be more specific-- the latest stock ROM, or the latest stock recovery? If you're wondering about the ROM, you can check in Settings > About tablet > Status. When it comes to determining recovery version, I'm not so sure.
valapsp said:
4. What does N7's stock factory image contain? (Stock ROM + Stock recovery + Stock kernel?) (found here: https://developers.google.com/android/nexus/images)
Click to expand...
Click to collapse
I believe it contains stock ROM and kernel.
valapsp said:
5. Is this correct? You can install a custom ROM without changing the kernel but in order to have more customization you have to flash a different kernel than the stock one.
Click to expand...
Click to collapse
Generally correct. There's a subset of features that are kernel-dependent, not ROM dependent, so you should think of it as ROM customizations vs. kernel customizations. Some examples of the former include PIE menus and Paranoid Android's Halo feature. Examples of the latter might include tap2wake (double tap on a powered-off screen to turn it on), NTFS drive support for OTG, and so on.
valapsp said:
6. Is this the correct order? Unlocking bootloader>rooting>Flashing custom recovery>Flashing custom kernel>Flashing custom ROM>...?
Click to expand...
Click to collapse
Yes and no? It's one way of going about it, save for the last two things, which should be reversed. Since some ROMs include custom kernels, flashing a kernel and then a ROM runs the risk of having your kernel choice overwritten.
If all you need to do is flash a different ROM, you can go straight form unlocking the bootloader to flashing a recovery. You can also flash ROMs and kernels independently, so long as whatever kernel/ROM you're running initially doesn't have known incompatibilities with your new ROM/kernel.
valapsp said:
7. Difference between unlocking bootloader and rooting.
Click to expand...
Click to collapse
Unlocking your bootloader is like getting the key to a house. Rooting is getting permission from the landlord to do whatever the heck you want to the house. A locked bootloader means that the device is checking to ensure no unauthorized code is running at boot time, which prevents custom recoveries from being installed. Rooting only really matters when the device is booted up.
valapsp said:
8. How to find out N7's latest stock kernel version.
Click to expand...
Click to collapse
Google. Sorry, can't help you with this one.
That was a great answer @Rirere
Rirere said:
Same as those for a stock kernel. That is to say, every kernel has advantages and disadvantages. Some trade performance for battery life, others do the reverse. Some are more feature-heavy and potentially more unstable, others are feature-light but designed to be rock solid. With custom kernels on a Nexus device, you avoid one of the biggest dangers of custom kernels (instability due to lack of kernel source for developers to base their work on), but you still need to be careful. You don't necessarily know how proficient the author of a given kernel is, and the wrong one can make your device unusable/kill it.
I believe it does. I don't remember which one though, since I don't use CM.
You need to be more specific-- the latest stock ROM, or the latest stock recovery? If you're wondering about the ROM, you can check in Settings > About tablet > Status. When it comes to determining recovery version, I'm not so sure.
I believe it contains stock ROM and kernel.
Generally correct. There's a subset of features that are kernel-dependent, not ROM dependent, so you should think of it as ROM customizations vs. kernel customizations. Some examples of the former include PIE menus and Paranoid Android's Halo feature. Examples of the latter might include tap2wake (double tap on a powered-off screen to turn it on), NTFS drive support for OTG, and so on.
Yes and no? It's one way of going about it, save for the last two things, which should be reversed. Since some ROMs include custom kernels, flashing a kernel and then a ROM runs the risk of having your kernel choice overwritten.
If all you need to do is flash a different ROM, you can go straight form unlocking the bootloader to flashing a recovery. You can also flash ROMs and kernels independently, so long as whatever kernel/ROM you're running initially doesn't have known incompatibilities with your new ROM/kernel.
Unlocking your bootloader is like getting the key to a house. Rooting is getting permission from the landlord to do whatever the heck you want to the house. A locked bootloader means that the device is checking to ensure no unauthorized code is running at boot time, which prevents custom recoveries from being installed. Rooting only really matters when the device is booted up.
Google. Sorry, can't help you with this one.
Click to expand...
Click to collapse
First of all many many thanx to you because of your help. Yes I meant stock RECOVERY in question 3 also the way you explained question #7 is awesome.
Now I'm running stock ROM on CWM recovery and Franco kernel. My question is that will I be able to upgrade to Android 4.3 with this recovery and kernel? Or I have to flash the stock kernel or stock recovery or both?
Also how can I extract the stock kernel from the factory stock image file?
Thanx again.
valapsp said:
First of all many many thanx to you because of your help. Yes I meant stock RECOVERY in question 3 also the way you explained question #7 is awesome.
Now I'm running stock ROM on CWM recovery and Franco kernel. My question is that will I be able to upgrade to Android 4.3 with this recovery and kernel? Or I have to flash the stock kernel or stock recovery or both?
Also how can I extract the stock kernel from the factory stock image file?
Thanx again.
Click to expand...
Click to collapse
The OTA updates are normally only applied to the rom/system, so in theory you should be able to just run the OTA update with the stock rom, the worst that would mainly happen is losing rooting because the system partition gets replaced with a fresh install of the newest operating system (but your /data retains your settings and user data).
I use TWRP recovery instead of CWM, and TWRP when you're bout to exit it will detect if your system has Supersu or not and will offer to install it for you (from there once you boot into the system you can use it to install the su binary for you thus re-rooting).
In the end it's a personal choice. With custom roms like I'm using, there's no real "OTA" update (just a notice that the rom creators use to notify you of new versions which are downloaded to the device, and you just reboot into recovery to flash them). Custom roms typically get updated a few days to a few weeks after google updates if they're AOSP based.
The stock kernel would normally be the boot image, I don't know how you would do it with clockwork mod, but in TWRP you can simply make a backup of the boot partition to retain the original stock kernel. (It will of course only work on AOSP-based roms if you choose to just flash the stock kernel, but the ones that are made for the rom, or custom kernels tend to offer optimizations over the original stock one).
Thanks, I meant extracting the stock kernel from factory image file found here:
https://developers.google.com/android/nexus/images
By the way I don't have the stock kernel anymore to back it up.
Sent from my Nexus 7 using Tapatalk 4 Beta
valapsp said:
Thanks, I meant extracting the stock kernel from factory image file found here:
https://developers.google.com/android/nexus/images
By the way I don't have the stock kernel anymore to back it up.
Sent from my Nexus 7 using Tapatalk 4 Beta
Click to expand...
Click to collapse
Ahh I see, well if your's is the Wifi-only version then would be something like this https://developers.google.com/android/nexus/images#nakasijdq39
The firmwares are basically gzipped tarballs (in a linux system tar zxvf would normally unpack em, otherwise 7zip for windows does a good job of unpacking it into a folder).
Alternatively you can just download the kernel itself (Post #3) http://forum.xda-developers.com/showthread.php?t=2151154
Edit: Yes if you un-gzip/untar the original firmware, then unpack image-nakasi-jdq39.zip inside of that, there will be a boot.img that's where the kernel lives. The boot.img can be flashed via fastboot to the boot partition (I'd advise reading up on this first before actually doing it). Though like linked above, there are some recovery-flashible versions of the stock kernel you can use instead.
kbeezie said:
Ahh I see, well if your's is the Wifi-only version then would be something like this https://developers.google.com/android/nexus/images#nakasijdq39
The firmwares are basically gzipped tarballs (in a linux system tar zxvf would normally unpack em, otherwise 7zip for windows does a good job of unpacking it into a folder).
Alternatively you can just download the kernel itself (Post #3) http://forum.xda-developers.com/showthread.php?t=2151154
Edit: Yes if you un-gzip/untar the original firmware, then unpack image-nakasi-jdq39.zip inside of that, there will be a boot.img that's where the kernel lives. The boot.img can be flashed via fastboot to the boot partition (I'd advise reading up on this first before actually doing it). Though like linked above, there are some recovery-flashible versions of the stock kernel you can use instead.
Click to expand...
Click to collapse
thanks, I actually did unzip the stock firmware seconds ago and was posting the results then I saw your edit.
Just there are some confusions here: what is that userdata.img? also what is bootloader-grouper-4.18.img
valapsp said:
thanks, I actually did unzip the stock firmware seconds ago and was posting the results then I saw your edit.
Just there are some confusions here: what is that userdata.img? also what is bootloader-grouper-4.18.img
Click to expand...
Click to collapse
bootloader img would be the original stock bootloader for the Nexus 7, chances are you never replaced it, you only unlocked it. There's usually no reason to replace the bootloader with a custom one since all you need to do is unlock it.
userdata.img would be the /data partition. The firmware download basically has a image for all of the partition in the original out-of-the-box stock state. Technically you don't even to flash it, as long as you wiped /data before rebooting (since that would be the same as a clean install if you instead flashed the system and boot partition).
Edit: If I were messing with it to get back stock rom (but not messing with recovery, cuz custom recovery is still handy to have), I would only flash the boot.img and system.img , then log into Recovery and wipe data (ie: factory reset which wipes cache and /data but doesn't touch /data/media), Then I would be able to reboot into a clean stock install of the rom.
(from there I could just make a backup from recovery so I wouldn't have to do a fastboot flash again).
kbeezie said:
The OTA updates are normally only applied to the rom/system, so in theory you should be able to just run the OTA update with the stock rom, the worst that would mainly happen is losing rooting because the system partition gets replaced with a fresh install of the newest operating system (but your /data retains your settings and user data).
I use TWRP recovery instead of CWM, and TWRP when you're bout to exit it will detect if your system has Supersu or not and will offer to install it for you (from there once you boot into the system you can use it to install the su binary for you thus re-rooting).
In the end it's a personal choice. With custom roms like I'm using, there's no real "OTA" update (just a notice that the rom creators use to notify you of new versions which are downloaded to the device, and you just reboot into recovery to flash them). Custom roms typically get updated a few days to a few weeks after google updates if they're AOSP based.
The stock kernel would normally be the boot image, I don't know how you would do it with clockwork mod, but in TWRP you can simply make a backup of the boot partition to retain the original stock kernel. (It will of course only work on AOSP-based roms if you choose to just flash the stock kernel, but the ones that are made for the rom, or custom kernels tend to offer optimizations over the original stock one).
Click to expand...
Click to collapse
Unfortunately, how many times does should matter? Theoretically, you should be able to do OTAs while rooted by downloading the ZIP and flashing in recovery, but if you've made changes to /system (uninstalling a system app, or adding a helper), you might get the stupid script_assert error. Of course, you could just push the whole /system back to your device...although that can be just as annoying.
I wish there were away to turn off the script_asserts safely, but they do exist for a reason.
@valapsp
Small but important clarification.
valapsp said:
5. Is this correct? You can install a custom ROM without changing the kernel but in order to have more customization you have to flash a different kernel than the stock one.
Click to expand...
Click to collapse
Essentially 100% of custom ROMs install a kernel. (Actually, a kernel plus a ramdisk packaged together as a single ("bootable image") file, typically named "boot.img".) So your preexisting boot image containing the kernel is always overwritten during a ROM installation. See next answer.
valapsp said:
6. Is this the correct order? Unlocking bootloader>rooting>Flashing custom recovery>Flashing custom kernel>Flashing custom ROM>...?
Click to expand...
Click to collapse
Almost, but not quite. If you want to use a different kernel than what ships with a given ROM, you flash it after you have installed the ROM, not beforehand. See prior answer.
One more thing. Since you are new to this stuff, I'll make a suggestion:
Learn how to create and restore full Nandroid backups (using the custom recovery) immediately. And get in the habit of copying them off your tablet to your PC. You will thank me later for this advice.
have fun
Rirere said:
Unfortunately, how many times does should matter? Theoretically, you should be able to do OTAs while rooted by downloading the ZIP and flashing in recovery, but if you've made changes to /system (uninstalling a system app, or adding a helper), you might get the stupid script_assert error. Of course, you could just push the whole /system back to your device...although that can be just as annoying.
I wish there were away to turn off the script_asserts safely, but they do exist for a reason.
Click to expand...
Click to collapse
Hi, Rirere...
This is my understanding as well... (sort of! - I've always been a bit hazy on this topic).
My take on it is this...
The OTA would only fail, if it found files in /system that SHOULD BE THERE, but have been removed, modified, or replaced by the user (or via some app run by the user).
Logically (one would think), the OTA can't check for files THAT SHOULDN'T BE THERE (How would it know what to look for?) but have been ADDED by the user... like the su binary that confers root.
So, an OTA on pure ROOTED (but in all other regards, unadulterated) stock you would expect to succeed... you'd just lose root (and from what I've read elsewhere, your Custom Recovery). Both of which are trivial to recover.
Is my understanding correct... or have I missed something?
Rgrds,
Ged.
GedBlake said:
Hi, Rirere...
This is my understanding as well... (sort of! - I've always been a bit hazy on this topic).
My take on it is this...
The OTA would only fail, if it found files in /system that SHOULD BE THERE, but have been removed, modified, or replaced by the user (or via some app run by the user).
Logically (one would think), the OTA can't check for files THAT SHOULDN'T BE THERE (How would it know what to look for?) but have been ADDED by the user... like the su binary that confers root.
So, an OTA on pure ROOTED (but in all other regards, unadulterated) stock you would expect to succeed... you'd just lose root (and from what I've read elsewhere, your Custom Recovery). Both of which are trivial to recover.
Is my understanding correct... or have I missed something?
Rgrds,
Ged.
Click to expand...
Click to collapse
I believe you are correct! Theoretically, the script could rather easily check for added files by checksumming the entire /system partition before running the update (using a fast hash algorithm-- you're only looking for the presence of any changes, afterall). And I did have one OTA that went fine, other than losing root back on my Galaxy Nexus.
Again though, it's a classic case of should versus real life. Some root methods might alter things in /system without your knowing, or root actions might alter permissions. Either way, it's a tricky, nasty little game.
So far as recoveries go: yeah, OTAs have a nasty habit of trying to do that. Some of the more advanced recoveries can resist being overwritten though/slipstream a root ZIP into the update process.
GedBlake said:
The OTA would only fail, if it found files in /system that SHOULD BE THERE, but have been removed, modified, or replaced by the user (or via some app run by the user).
Click to expand...
Click to collapse
Typically the OTAs also update the boot image, so the boot partition (LNX) is also checked. The stock recoveries almost always use the same kernel (with a different ramdisk) as the boot image, so they are usually rewritten too.
Owners of tilapia N7 devices have reported successful flashing of everything but radio firmware images when they used a custom recovery to process the OTA bundle. Not a disaster, as their devices will still function with old radio firmware, but it puts them in an unusual position of being unable to use the OTA to subsequently update the radio, even if they restore the stock recovery (the system files and boot images will have been changed, so almost all of the checksums will fail). At that point, using fastboot is an alternate option, but then the newbs will need to read about OTA images, unpack them, yadda yadda yadda.
IMO it is just a dumb idea applying OTAs to anything but a pure stock device. And when I say pure stock, I mean including the stock recovery. The boot loader can be left unlocked, but that's about it.
There are a lot of ways to skin the cat, but IMO the best way to proceed is to operate with two parallel but independent tracks of Nandroid backups/restores: one track is a sequence of pure stock, and the other your customized ROM du jour.
Let's presume you have a Nandroid backup of the pure stock ROM. Make a backup of your current (customized) ROM & get it copied off the tablet (in the event of a disaster), restore the pure stock ROM nandroid backup, flash the stock recovery back to the tab, and then take the OTA.
At this point:
[ unlocked bootloader ] soft-boot (no flashing) a custom recovery using fastboot, and then make yet another Nandroid backup of the newly updated stock ROM including the recovery image. (This becomes the new baseline for future OTAs)
[ locked bootloader ] re-root with motochopper, capture the (new) stock recovery partition using 'dd', flash a custom recovery ('dd' or other method), make a Nandroid of this. (These two backups become the new baseline for future OTAs)
Then, repeat any rooting customizations (if you are a "lightly customized rooted stock" kinda person), and restore apps (Market apps only!) with TiBu.
This may seem like a great deal of work, but it is the only way to insure that you can revert to a prior starting position. Look: after going down a road like this you can even restore the old customized ROM backup to make TiBu app backups after the fact, simply because you can return to any point in time if you have made a backup (and kept a copy of it off the tablet).
Everybody makes mistakes - even the experts. But the lazier folks are (read: toolkit user) the more likely is a disaster. Everybody needs to make backups.
What will happen if I change some values in build.prop editor? I won't be able to install stock ROMs anymore? Or what?
Sent from my Nexus 7 using xda app-developers app
valapsp said:
What will happen if I change some values in build.prop editor? I won't be able to install stock ROMs anymore? Or what?
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
Depends on how you mean "install", you can always install via .img or recovery flashing method, but course that will overwrite your build.prop with the provided version and you would just have to re-edit the values again.
Did you mean OTA wise? If the update doesn't check for the hash of the build.prop, it will likely just replace it with a newer version if anything has changed from the last version to the new version.
As others have said, worse case scenario, the OTA fails to proceed due to errors and you would just have to manually update it yourself, as you could just flash a new boot.img and system.img from google's site (just have to remember anything you added on top of system or custom kernels will of course be reverted, so they will need to be reapplied).
Settings and user apps and such all live in /data , so it should just simply boot up as an upgraded system but with everything else intact (course I always make a backup via my custom recovery just in case).
kbeezie said:
Depends on how you mean "install", you can always install via .img or recovery flashing method, but course that will overwrite your build.prop with the provided version and you would just have to re-edit the values again.
Did you mean OTA wise? If the update doesn't check for the hash of the build.prop, it will likely just replace it with a newer version if anything has changed from the last version to the new version.
As others have said, worse case scenario, the OTA fails to proceed due to errors and you would just have to manually update it yourself, as you could just flash a new boot.img and system.img from google's site (just have to remember anything you added on top of system or custom kernels will of course be reverted, so they will need to be reapplied).
Settings and user apps and such all live in /data , so it should just simply boot up as an upgraded system but with everything else intact (course I always make a backup via my custom recovery just in case).
Click to expand...
Click to collapse
Thanks, and does backing up thru cwm also back up the build.prop?
valapsp said:
Thanks, and does backing up thru cwm also back up the build.prop?
Click to expand...
Click to collapse
Yes, but not in the way you're thinking. If you back up the whole system, CWM will package each partition up (/system /data , etc), so when you flash a new rom or system on, you can't just selectively restore build.prop since restoring in CWM Would also restore the entire system partition.
You can while in recovery, mount /system and do something like
adb pull /system/build.prop , and save a copy of it on your computer, so you can go back in and change the affected values back if for some reason you needed to.
If you're familiar with ghosting, nandroid backups (what CWM and most others do, minus some variations), are basically exact clones of all the files on each partition. Older recoveries actually took an image snapshot, newer ones basically pack all the files in a compressed archive (With some kind of note of what partition type it was, ext4, etc). The latter can easily be unpacked with tar, or 7zip, etc, but disk images are a different matter.
I can't remember which one CWM does exactly since on my DZ I use 4EXT, and on my Nexus devices I use TWRP.
kbeezie said:
Yes, but not in the way you're thinking. If you back up the whole system, CWM will package each partition up (/system /data , etc), so when you flash a new rom or system on, you can't just selectively restore build.prop since restoring in CWM Would also restore the entire system partition.
You can while in recovery, mount /system and do something like
adb pull /system/build.prop , and save a copy of it on your computer, so you can go back in and change the affected values back if for some reason you needed to.
If you're familiar with ghosting, nandroid backups (what CWM and most others do, minus some variations), are basically exact clones of all the files on each partition. Older recoveries actually took an image snapshot, newer ones basically pack all the files in a compressed archive (With some kind of note of what partition type it was, ext4, etc). The latter can easily be unpacked with tar, or 7zip, etc, but disk images are a different matter.
I can't remember which one CWM does exactly since on my DZ I use 4EXT, and on my Nexus devices I use TWRP.
Click to expand...
Click to collapse
Thanks, an easier way is to copy the build.prop thru a file manager.
But since I'm on my geek mood today I wanna know if it's possible to extract the backed up (Nandroid) file and find the build.prop somewhere there.
Sent from my Nexus 7 using xda app-developers app
valapsp said:
Thanks, an easier way is to copy the build.prop thru a file manager.
But since I'm on my geek mood today I wanna know if it's possible to extract the backed up (Nandroid) file and find the build.prop somewhere there.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
If it's a backup done with 4EXT or TWRP most certainly since it's just a tarball package (or tar+gzipped if you enabled compression) and can be easily unpacked by tar, or any popular archive utility like 7Zip for windows. (restoration generally just looks at the file info to see what partition type it's supposed to be, formats the partition as such, and then just un-tars the content, with the permissions and such retained).
If it's older where it's an actual jaffs (may have spelled that wrong) disk image, I'm not sure off the top of my head how you would mount it as a disk , and then mount the ext4 or ext3 partition in order to get to it. I would assume ClockworkMod would have upgraded their backup method to the same as TWRP or 4EXT, but it's possible that they didn't for compatibility reasons.
I've come most recently from a Galaxy S4 with a locked bootloader using safestrap, and before that from an S3 with an unlocked bootloader.
On the S3, with it's unlocked bootloader I flashed roms without really worrying that much about kernals or rom "bases"
When I used safestrap I understood it was really important that the rom I was flashing was based on the "base" I was locked into by virtue of the particular OTA I was on.
Now that I have my verizon G2 i've rooted the 12b ota with ioroot and i'm about to install a recovery using freegee, but before I go forward I'd like to understand a little bit more how careful do I have to be to find out what "base" the rom i'm about to flash was built on/for? can install a rom or restore a backup that is based on a different verizon ota then my own? I understand tha Loki is a "bypass" and not a bootloader unlock, but I'm not really sure what that means.
Please enlighten me.
Unlike an actual bootloader unlock, Loki is dependent upon the kernel.
When you boot the phone, the bootloader loads the kernel into the memory and then verifies it. In that order. If the signature verification is successful, the bootloader proceeds with the boot process. If it does not, the boot process is aborted and a security error is displayed.
The key to the Loki exploit is actually at the step where the kernel is loaded into the memory. The flaw in the bootloader is that it relies upon the boot image header to determine the location at which to load the kernel and the ramdisk in the memory. The signature verification occurs after this. The exploit works by using an address in the boot image header that actually overwrites the part of the bootloader in the memory that does the signature verification. Shellcode added by the user is loaded to where the ramdisk is expected to reside and patches up boot image header and loads the kernel and ramdisk into the memory at the correct location, and then returns a value that would indicate that signature verification was successful, and thus the bootloader proceeds with the boot process with the custom kernel.
All in all it's pretty simple, and quite brilliant.
If you are installing a custom ROM or kernel, all of boot images have this exploit written into them, otherwise they will not boot. As an end user, all you need to really worry about is things like checking integrity, as if you flash a damaged image it will not run the exploit as it is supposed to and fail to boot, you'll get a security error, and basically have no option other than to flash completely back to stock (or if you end up in fastboot, flash a good boot image and recovery that properly exploit the bootloader and can boot the ROM you have installed or recovery). It's not much different from an actual bootloader unlock to the user, as if you get a bad download and flash it you're going to have problems no matter what. Check your md5s always!
Perhaps worth noting is that this exploit has been patched in the official kit-kat releases. I do not know too much about the new bootloader, but I am told that it includes steps that verify it's own integrity so it will not boot if it is overwritten. Since the old bootloader won't boot official 4.4.2, there is currently no way to get both official 4.4.2 and a custom recovery.
Sent from my Nexus 7 using Tapatalk
Thanks
Thanks, but I'm still confused about the practical ramifications.
When I choose a rom to install does it need to specifically be built on the 12b ota? when I'm on a particular ota can I restore a backup that was had a different base? both of those things were things I couldn't do with safestrap, but I could on my bootloader-unlocked phones
Edited my first post with a little more info. Loki had to be updated for 12B. Most ROMs and kernels have been updated but some won't work. I would read the ROMs thread to make sure. I am on 12B currently and I have not run into any problems with it yet, but it never hurts to read the thread for the things you are flashing and seeing if others are having a problem. This is not like safestrap where you are limited to the stock kernel (or one specific kernel if you have kexec). Any kernel that is properly Loki'd will be bootable as long as you don't do something like try to boot an AOSP ROM on a stock kernel. There are a few incompatibilities between ROMs and kernels that arise from various ROMs moving away from AOSP but this has nothing to do with this specific exploit and would happen regardless of bootloader unlocking/hacking methods
Sent from my Nexus 7 using Tapatalk
So, I'm aware the A7 has verified boot. That sucks.
And from what I've read that means if I unlock my bootloader I will trip SafetyNet and can not use Android Pay, Pokemon Go, Snapchat, etc. This fits what I've experienced myself: SafetyNet passes on stock with BL locked, but fails on stock with BL unlocked.
But, from what else I've read, verified boot can be disabled, or at least I thought.
I tried this: no-verity zip. No dice.
Also tried freeza's BeastMode kernel, for which he said he started working on a patch which would remove the verified boot flag and allow SafetyNet to work again.
That didn't work either.
I even checked the source code of his kernel, and it looks like it was patched.
I don't know what to do at this point. I need SafetyNet to pass, but I'd really like an extra level of customization...
Anyone else having this problem? Anyone have any ideas?
Wait. Freeza said he would work on it he has not released an update to his kernel since he said that so you haven't tried his attempt yet.
nujackk said:
Wait. Freeza said he would work on it he has not released an update to his kernel since he said that so you haven't tried his attempt yet.
Click to expand...
Click to collapse
Well gosh I hope you're right, but his changelog definitely says he put it in his vR12
-that safetynet patch for unlocked bootloader.
Click to expand...
Click to collapse
Well my bad, I didn't check Change log but swore he had 12 out before he agreed to that. Anyway did you post on his thread it wasn't working for you?
Could be they already patched safetynet doesn't usually take them too long to defeat anything done here.
MelloZ said:
I tried this: no-verity zip. No dice.
Also tried freeza's BeastMode kernel,
That didn't work either.
Click to expand...
Click to collapse
You are mixing two battles here:
One against the System verification. This check is in the stock bootloader and it doesn't boot when the system partition is modified in any way. The No-Verify patch you mention allows you to modify the system partition.
The other Battle is against SafetyNet protection against the new feature detecting unlocked bootloaders. That requires another patch. Magisk provides a generic patch for that but I have not been able to use Magisk+phh Superuser for Magisk to root the system. Not yet.
Hopefully @jcadduono has created a flashable patch using TWRP for the stock boot that applies the no-verify, bootloader unlock cloacking and it also provides support for Kcal functionality of our Axon 7 Hardware. KCAL support allows full control of the color calibration for Qualcomm MDSS 8x10/8x26/8974/8084/8939 family. You can access that functionality and customize the screen color calibration with the add-on App (requires root). Now you can unleash the full power of the AMOLED screen.
After applying that patch you will see that your system is again SafetyNet compliant. This will remain even when you modify the system partition.
I hope this could solve your problem with the KCAL support bonus.
Oki said:
You are mixing two battles here.
Click to expand...
Click to collapse
Thanks for clarifying that. I suppose the word root "verify" being in both of them confused my noobish brain.
Oki said:
Hopefully @jcadduono has created a patch flashable using TWRP for the stock boot that applies the no-verify, bootloader unlock cloacking and it also provides support for Kcal functionality of our Axon 7 Hardware
Click to expand...
Click to collapse
I'll be sure to try that out. I had seen his whole NetHunter kernel before, but I felt like I didn't need that whole Kali suite; I just want to use Android Pay.
Didn't know he had a patch for only the Safetynet thing.
MelloZ said:
Thanks for clarifying that. I suppose the word root "verify" being in both of them confused my noobish brain.
I'll be sure to try that out. I had seen his whole NetHunter kernel before, but I felt like I didn't need that whole Kali suite; I just want to use Android Pay.
Didn't know he had a patch for only the Safetynet thing.
Click to expand...
Click to collapse
The NetHunter kernel works standalone from the rest of NetHunter. You don't need all the NetHunter stuff.
It's why my thread starts with [Kernel+] - the kernel zip is totally separate!
The kernel is lightweight and the additional drivers only exist in memory and don't use any CPU unless they are triggered by a USB OTG device that uses them.
That being said, I haven't tested safetynet with it, but I heard some people were using it with HideSU. (that may be the key?)
Also, I suggest using the minimal one I posted somewhere in the thread, I think I broke USB completely with that last NetHunter kernel upload so I'll have to look into fixing that soon.
At the moment I'm working on a Nougat kernel. I have a near full functional CAF Nougat kernel based on latest tag of LA.UM.5.5.r1. It's only missing microphone input on stock but I know it works because for whatever reason the microphone is working in LineageOS 14.1 (although the speaker isn't, but LineageOS is later in interests)
Also testing out Linux 4.4!
jcadduono said:
That being said, I haven't tested safetynet with it, but I heard some people were using it with HideSU. (that may be the key?)
At the moment I'm working on a Nougat kernel. I have a near full functional CAF Nougat kernel based on latest tag of LA.UM.5.5.r1. It's only missing microphone input on stock but I know it works because for whatever reason the microphone is working in LineageOS 14.1 (although the speaker isn't, but LineageOS is later in interests)
Also testing out Linux 4.4!
Click to expand...
Click to collapse
Sure it works. The trick is to have TWRP 3.0.3 and flash SuperSU 2.79+SUhide 0.55+Your kernel patch+Xposed 82.6+Root Switch 1.3.3.2 application. When using PoGo, Android Pay or any other SafetyNet app just open Root Switch and disable temporary the root. Xposed will continue working!!!! For some reason the other alternative, Magisk, doesn't work.
By the way, ensure your kernels also support F2FS filesystem for system and cache partitions!!!!
Oki said:
By the way, ensure your kernels also support F2FS filesystem for system and cache partitions!!!!
Click to expand...
Click to collapse
no, that's stupid. ext4 is faster for indexing and reading, f2fs only has advantages in write performance.
cache isn't even used by the OS and making that f2fs will just break things.
i use ext4 on my data partition since i don't do a whole lot of write operations, and it makes the loading screen in TWRP go from 40 seconds to 3 seconds.
ext4 is also far more reliable on random power less or kernel crashes.
f2fs is a mess.
that being said, you can enable it by opening the zip file for the kernel installer and editing patch.d/*-f2fs-fstab
all you have to do is remove the # in front of the partitions you want f2fs added for near the bottom, just below the comment telling you what to do
Oki said:
Sure it works. The trick is to have TWRP 3.0.3 and flash SuperSU 2.79+SUhide 0.55+Your kernel patch+Xposed 82.6+Root Switch 1.3.3.2 application. When using PoGo, Android Pay or any other SafetyNet app just open Root Switch and disable temporary the root. Xposed will continue working!!!! Magisk doesn't work for some reason.
Click to expand...
Click to collapse
You have SuperSU2.79 working? With TWRP 3.0.3-0 (the official one) and stock B29 it fails every time. :/
MelloZ said:
You have SuperSU2.79 working? With TWRP 3.0.3-0 (the official one) and stock B29 it fails every time. :/
Click to expand...
Click to collapse
It is extrange, It failed with TWRP 3.0.2, that was the reason of flashing an older SuperSU ZIP. The latest TWRP version flashes2.79 properly on the B29 stock ROM.
Does anybody know how to get pay working on CM13?
ant456 said:
Does anybody know how to get pay working on CM13?
Click to expand...
Click to collapse
I haven't used CM on the A7 myself, but I've read a lot about it.
CM is pre-rooted, right? I believe you need to delete /system/bin/su and /system/xbin/su and then you can try systemless root+hidesu+root switch if you need root.
You can delete them from TWRP>Advanced>File Manager.
SuperSu full unroot may work too, but it might not get xbin/su
MelloZ said:
I haven't used CM on the A7 myself, but I've read a lot about it.
CM is pre-rooted, right? I believe you need to delete /system/bin/su and /system/xbin/su and then you can try systemless root+hidesu+root switch if you need root.
You can delete them from TWRP>Advanced>File Manager.
SuperSu full unroot may work too, but it might not get xbin/su
Click to expand...
Click to collapse
I think the problem is the unlocked bootloader but when I flash the Kali zip it breaks wifi on cm13
ant456 said:
I think the problem is the unlocked bootloader but when I flash the Kali zip it breaks wifi on cm13
Click to expand...
Click to collapse
From the Kali thread OP:
jcadduono said:
I present to you: Kali NetHunter 3.15.3 for the ZTE Axon 7.
(yes, a custom kernel for the ZTE Axon 7 on MiFavor!)
Click to expand...
Click to collapse
"on MiFavor"
You're not really supposed to use that kernel on CM...
Alright so I apologize in advance if this thread has been posted a million times and believe me, I've spent the last 4-5 days combing through to make sure I could get every detail of this process done correctly. So I'm not just blindly asking for instructions on how to root my phone. Apologies also if I posted this in the wrong place.
For starters, I'm using Moto G4 Plus XT1641 6.0.1 Build Number MPJ24.139-23.3. My carrier is Koodo in Canada (unsure if that's important but I'll need to being it up again for another point). The files I downloaded were from a youtube tutorial and this includes ADB program, TWRP img 3.0.2.0, supersu zip 2.46 and Motorola Drivers 2.5.4, SOME of which I think may have been outdated versions.
So Saturday night I tried to root my phone with those files. I followed some more guides, I unlocked my bootloader and I think I mostly did everything right except for getting the right supersu version as I've seen up to version 2.82. I think this may have been my first mistake but maybe someone correct me if I'm wrong? My other mistake was not making a backup in TWRP. I'd read about possible wifi problems after rooting so I grabbed the elemental package and possibly even flashed that wrong. I can't even remember the steps of what I did but I'm sure it was all wrong.
Main point, after all that I didn't have ccell service, wifi, etc. The common problems that arise when you do it wrong. I ended up just taking my phone in and getting a new phone. Exact same one, same model. And this brings me to where I am now. I've downloaded some new files and I want to make sure that I've got everything right as to avoid misunderstanding some key parts to the process.
Minimal ADB and Fastboot 1.4.2, twrp-3.1.1-0-athene.img, SuperSU-v2.82-201705271822, Motorola Drivers 2.5.4, and lastly XT1641_ATHENE-TELUS_MPJ24.139-23.3_cid50_subsidy-TELUS_CFC.xml. Notice how that last one says Telus? It's the parent company of Koodo so I'm hoping I can use that as a failsafe.
I think I've covered all the key points so to sum up:
1. Did I use the wrong supersu zip version and could that be a reason why I had no wifi/cell service? Is that also possible because I may have flashed the wrong carrier athene file?
2. Are the files I have downloaded now the correct ones I need and up to date?
3. I'm following this guide. With the files I have downloaded, is it still a correct step by step process? Are there other guides that work better?(thats not a knock on the original guide I'm refering to). https://forum.xda-developers.com/moto-g4-plus/how-to/root-systemless-rooting-supersu-2-74-2-t3405772
I think I've got the right know how and tools to root my phone but I'm just nervous of doing what I did before again and would like some reassurance that I'm doing it right. I've just come from jailbreaks, the world of root is much different. I appreciate any help or tips you guys can throw me!
Hmm, that's odd how you lost radio signal when you rooted, did you obtain radio signal back after you unrooted?
A few things I noted:
1)You may wish to update your device to a newer build, you might get an OTA inviting you to update to MPJ24-139-63 (or 139-64), which was the latest Marshmallow build. Once you've rooted, you will not be able to install OTA updates until you have unrooted and restored the stock recovery (from the same build as you currently have). If you get an OTA notification for any build beginning with NPJ, that's for Nougat.
2)If you plan to stay on Marshmallow, you don't need the ElementalX kernel - a custom kernel like ElementalX is compulsory on Nougat, whereas Marshmallow is not as strict with regards to rooting.
3) I hope the carrier ROM is okay, though from other reports, flashing the incorrect ROM can corrupt device partitions, leaving with no IMEI/no service/no FP. We have possible ways of repairing that though.
The tools you've downloaded seem to be okay and Bender's guide is still okay - even though the tools they've used are out of date - so the general procedure would be (up to you if you've updated MM at this point):
Install adb on your computer.
Boot your device to the bootloader.
Flash TWRP 3.1.1 athene (either the offficial TWRP or an unofficial build from shreps or oadam11) as directed.
Reboot to recovery (to make sure the recovery sticks).
Back up all partitions on your device, make the name descriptive.
Make another backup of the boot partition - this contains your stock kernel, useful for switching root manager.
Once the backups have been made, flash SuperSU v2.82.
Wipe cache/Dalvik
Reboot.
echo92 said:
Hmm, that's odd how you lost radio signal when you rooted, did you obtain radio signal back after you unrooted?
A few things I noted:
1)You may wish to update your device to a newer build, you might get an OTA inviting you to update to MPJ24-139-63 (or 139-64), which was the latest Marshmallow build. Once you've rooted, you will not be able to install OTA updates until you have unrooted and restored the stock recovery (from the same build as you currently have). If you get an OTA notification for any build beginning with NPJ, that's for Nougat.
2)If you plan to stay on Marshmallow, you don't need the ElementalX kernel - a custom kernel like ElementalX is compulsory on Nougat, whereas Marshmallow is not as strict with regards to rooting.
3) I hope the carrier ROM is okay, though from other reports, flashing the incorrect ROM can corrupt device partitions, leaving with no IMEI/no service/no FP. We have possible ways of repairing that though.
The tools you've downloaded seem to be okay and Bender's guide is still okay - even though the tools they've used are out of date - so the general procedure would be (up to you if you've updated MM at this point):
Install adb on your computer.
Boot your device to the bootloader.
Flash TWRP 3.1.1 athene (either the offficial TWRP or an unofficial build from shreps or oadam11) as directed.
Reboot to recovery (to make sure the recovery sticks).
Back up all partitions on your device, make the name descriptive.
Make another backup of the boot partition - this contains your stock kernel, useful for switching root manager.
Once the backups have been made, flash SuperSU v2.82.
Wipe cache/Dalvik
Reboot.
Click to expand...
Click to collapse
Thanks for the reply, it helps me feel a little more confident in what I'm doing. I didn't get my cell service back as I just took my phone into Koodo and they just gave me a new one. A few questions.
Are there some clear guides on how to recover from lost wifi and cell service? I've seen a few but it appears they all have different directions so as a newcomer to Android it does seems a bit confusing to what the right way to do it is. I'm also hoping someone can chime in on the Telus carrier IMG file as that seems to be my backup in case anything goes terribly wrong again. I'd hate to have to bring my phone back again a second time. Also, is it an easy process to make a backup of the kernel in TWRP? I've figured out how to make a backup of the normal partition, just hoping backing up the kernel is just as easy.
I think I'm near ready to take the root plunge in the coming days. It's good to see such a strong community here. Totally different from the jailbreak scene.
lemonlimejones said:
Thanks for the reply, it helps me feel a little more confident in what I'm doing. I didn't get my cell service back as I just took my phone into Koodo and they just gave me a new one. A few questions.
Are there some clear guides on how to recover from lost wifi and cell service? I've seen a few but it appears they all have different directions so as a newcomer to Android it does seems a bit confusing to what the right way to do it is. I'm also hoping someone can chime in on the Telus carrier IMG file as that seems to be my backup in case anything goes terribly wrong again. I'd hate to have to bring my phone back again a second time. Also, is it an easy process to make a backup of the kernel in TWRP? I've figured out how to make a backup of the normal partition, just hoping backing up the kernel is just as easy.
I think I'm near ready to take the root plunge in the coming days. It's good to see such a strong community here. Totally different from the jailbreak scene.
Click to expand...
Click to collapse
Hmm, I'm not aware of any guides specifically dealing with lost Wi-Fi and lost mobile signal. There are a few posts where we've had some success in getting radios back, but it involves either hex editing https://forum.xda-developers.com/showpost.php?p=72340548&postcount=98 or flashing hw, modem or fsg partitions from a working device (in this case, XT1641) The instances I've seen of lost Wi-Fi/mobile signal appear to have occurred during a stock ROM fastboot flash, but hoping someone can chime in as to whether it was just flashing the wrong region firmware or something else.
If you want to back up your kernel in TWRP:
Boot to TWRP
Tap 'Backup' on the main menu
Select only the 'boot' partition - this is the partition that contains your kernel (should be stock and clean if you've not rooted).
Rename the file to remind you it's your kernel.
Swipe to back up.
If you need to revert to this kernel, unroot first (depending on your root manager, you may have to boot and then unroot. I recall SuperSU unroots via the SuperSU app settings), then boot to TWRP.
Tap 'Restore' on the main menu
Navigate to your boot backup
Flash your boot backup
You should now have a clean stock kernel, so if you wish to switch root managers, you should be able to obtain root with your new root manager. We want a clean kernel (no modifications made) since uninstalling the old root may leave traces of root on your existing kernel, and thus may cause issues if you re-root with a different manager.
Good luck in rooting
echo92 said:
Hmm, I'm not aware of any guides specifically dealing with lost Wi-Fi and lost mobile signal. There are a few posts where we've had some success in getting radios back, but it involves either hex editing https://forum.xda-developers.com/showpost.php?p=72340548&postcount=98 or flashing hw, modem or fsg partitions from a working device (in this case, XT1641) The instances I've seen of lost Wi-Fi/mobile signal appear to have occurred during a stock ROM fastboot flash, but hoping someone can chime in as to whether it was just flashing the wrong region firmware or something else.
If you want to back up your kernel in TWRP:
Boot to TWRP
Tap 'Backup' on the main menu
Select only the 'boot' partition - this is the partition that contains your kernel (should be stock and clean if you've not rooted).
Rename the file to remind you it's your kernel.
Swipe to back up.
If you need to revert to this kernel, unroot first (depending on your root manager, you may have to boot and then unroot. I recall SuperSU unroots via the SuperSU app settings), then boot to TWRP.
Tap 'Restore' on the main menu
Navigate to your boot backup
Flash your boot backup
You should now have a clean stock kernel, so if you wish to switch root managers, you should be able to obtain root with your new root manager. We want a clean kernel (no modifications made) since uninstalling the old root may leave traces of root on your existing kernel, and thus may cause issues if you re-root with a different manager.
Good luck in rooting
Click to expand...
Click to collapse
That's perfect thank you so much. Am I right to assume that if I get into a jam then I can just restore/reflash my backups and I'll be back to normal?
To be safe, flash the ElementalX kernel before rooting.
reCoded said:
To be safe, flash the ElementalX kernel before rooting.
Click to expand...
Click to collapse
See this is where I get confused, the guy above you said ElementalX isn't needed on Marshmallow but you say i should use it anyway? I've seen a few differing opinions on what should and shouldn't be done, just not sure which one is the right answer.
lemonlimejones said:
See this is where I get confused, the guy above you said ElementalX isn't needed on Marshmallow but you say i should use it anyway? I've seen a few differing opinions on what should and shouldn't be done, just not sure which one is the right answer.
Click to expand...
Click to collapse
ElementalX v0.07 is not required on Marshmallow (provided you are planning on staying on 6.0.1), you can root the stock ROM kernel. You may wish to flash the ElementalX kernel anyway as this custom kernel gives you more control and tuning options compared to the stock kernel. On stock Nougat, because the anti-rooting kernel security is much stricter and enforced (whereas on Marshmallow I don't think it's enforced), then you need ElementalX or vegito or a custom kernel to bypass the security, by in effect replacing the stock secure kernel with a kernel that doesn't have those restrictions. Without replacing the stock kernel on stock Nougat systems, you can run into a bootloop.
As an MM kernel as mentioned before has weaker security regarding rooting, it's up to you if you choose to root the stock kernel or ElementalX.
I've rooted MM (MPJ24.139-63) in the past with SuperSU (v2.79) and only used TWRP and SuperSU.
In response to your other post, the backups should get you out of a jam, since what you're doing should only affect the partitions you've backed up previously (they in theory shouldn't go anywhere near your modem, bootloader or critical firmware). Bear in mind that the TWRP backup if restored in full will revert your messages and data to that backup. You may wish to use Titanium Backup or other tools to take occasional snapshots of your apps data that you can restore should you have to roll back.
lemonlimejones said:
See this is where I get confused, the guy above you said ElementalX isn't needed on Marshmallow but you say i should use it anyway? I've seen a few differing opinions on what should and shouldn't be done, just not sure which one is the right answer.
Click to expand...
Click to collapse
If you're on Nougat, then you should use ElementalX. If you're on Marshmallow, you don't need it.
echo92 said:
ElementalX v0.07 is not required on Marshmallow (provided you are planning on staying on 6.0.1), you can root the stock ROM kernel. You may wish to flash the ElementalX kernel anyway as this custom kernel gives you more control and tuning options compared to the stock kernel. On stock Nougat, because the anti-rooting kernel security is much stricter and enforced (whereas on Marshmallow I don't think it's enforced), then you need ElementalX or vegito or a custom kernel to bypass the security, by in effect replacing the stock secure kernel with a kernel that doesn't have those restrictions. Without replacing the stock kernel on stock Nougat systems, you can run into a bootloop.
As an MM kernel as mentioned before has weaker security regarding rooting, it's up to you if you choose to root the stock kernel or ElementalX.
I've rooted MM (MPJ24.139-63) in the past with SuperSU (v2.79) and only used TWRP and SuperSU.
In response to your other post, the backups should get you out of a jam, since what you're doing should only affect the partitions you've backed up previously (they in theory shouldn't go anywhere near your modem, bootloader or critical firmware). Bear in mind that the TWRP backup if restored in full will revert your messages and data to that backup. You may wish to use Titanium Backup or other tools to take occasional snapshots of your apps data that you can restore should you have to roll back.
Click to expand...
Click to collapse
Right on, I think I feel comfortable with this now! One more question though, with newer versions of SuperSU is it still necessary to make the command echo systemless=true or was that mostly for older versions? Also if that part is needed, should I run SuperSU from the data folder in TWRP?
lemonlimejones said:
Right on, I think I feel comfortable with this now! One more question though, with newer versions of SuperSU is it still necessary to make the command echo systemless=true or was that mostly for older versions? Also if that part is needed, should I run SuperSU from the data folder in TWRP?
Click to expand...
Click to collapse
The 'echo systemless=true', as I understand it, isn't required on SuperSU 2.79 or newer, so if you're flashing 2.82, you should be able to flash as is without having to run the command too Also makes uninstalling easier!
I'm hoping to get a little feedback on some questioning.
1). I see that everyone has concluded that since there is no bootloader unlock for G930V that it would not be possible to flash a custom Kernel?
* is Flashfire an alternative ?
2). provided you are able compile the kernel source hosted @opensource.samsung.com
* Could you flash this kernel as you do the EngBoot kernel ?
No. Signed bootloader means that you can only used signed kernels. Even the root method we have is using an eng boot image signed by samsung. You can use flashfire (once rooted) to replace system files (as some roms do) on the 930V but even if you were to overwrite boot partition the phone wouldn't boot. This will be the case until someone finds an exploit to unlock the bootloader or samsung starts some unlock program for this variant (unlikely)
djh816 said:
No. Signed bootloader means that you can only used signed kernels. Even the root method we have is using an eng boot image signed by samsung. You can use flashfire (once rooted) to replace system files (as some roms do) on the 930V but even if you were to overwrite boot partition the phone wouldn't boot. This will be the case until someone finds an exploit to unlock the bootloader or samsung starts some unlock program for this variant (unlikely)
Click to expand...
Click to collapse
Thank you. Now, is there a way that i could compile and load modules ? using the current returns an invalid version comparison and recommends 2.18.31-#####-eng ?