Before I attempt since i only have o e device currently would like to have developer tell me what disabling verity for the fs_mgr flags in fstab since dm verity needs it
On top of that if android.veritymode was changed from environment to eio mode would it aid in easier exploiting? Also since dm is always checking leaving in enforcement mode and forcing device to procure a bad block can throw to EIO mode? Would that aid in assistance in under standing bootloader working to somehow acquire the public key to we can run customs?
Related
hi guys i have a serious problem after rooting my verizon s5 bok3 i can't access to my private mode i got this message "failed to enable private mode" any one can help me please and sorry for my english
If I remember correctly rooting disables Private Mode, since it breaks some features Samsung uses to ensure private mode data stays private. Just my theory.
For days, I'm dealing with instruments made the new update, and then give drk error while processing the root. Then we assign software which let FRP and FRP side of the device remains attached and are taking drk error. SM-g928c sğrekl device enters a recovery partition. A good walk through the FRP I drk hats, but I could not figure out what software çözece sboot or anything else in any way I get an error when assigning software. Please help me
ebtasarim said:
For days, I'm dealing with instruments made the new update, and then give drk error while processing the root. Then we assign software which let FRP and FRP side of the device remains attached and are taking drk error. SM-g928c sğrekl device enters a recovery partition. A good walk through the FRP I drk hats, but I could not figure out what software çözece sboot or anything else in any way I get an error when assigning software. Please help me
Click to expand...
Click to collapse
Before flashing any of custom stuffs like twrp, root etc; you have to enable 'Oem unlock' and 'USB debugging' under Settings » Developer options. Hopefully helps to avoid this issue.
Hello all,
I'm in possession of a Huawei P8 Lite of which the owner lost the passphrase. The question is whether the photos on the device can still be recoved. The bootloader of the device is currently locked. Debug mode is not enabled (nor is my computer authorized).
I was hoping that it would be possible to unlock the bootloader (which supposedly does not trigger a factory reset on this model?) - and then install a custom recovery from where I could backup the pictures. In order to unlock the bootloader, I would need IMEI-1 + IMEI-2 and the S/N. I was able to obtain one of the IMEIs by typing *#06# on the emergency call screen. Is there a way to obtain the other codes somehow (perhaps via fastboot)? Once I obtain the necessary information, my assumption is that I would be able to get an unlock code from Huawei after which I can unlock from fastboot. (Or does OEM unlock still need to be enabled from the developer options in Android?)
Edit: seems like the S/N is shown when connecting in fastboot mode and listing "fastboot devices".
Edit2: seems like obtaining the IMEI through the emergency call functionaltiy combined with the S/N is enough: I modified the "Product ID Generator" tool to include the "ALE-L21" model, and now it generates valid Product IDs that can be used on the Huawei website to obtain an unlock code.
Alternatively, I've noticed that there's an "emergency data backup" mode on this model, which I accidentally entered. I was hoping anyone knows more about this mode (note that this is different from the fastboot & rescue mode). I got booted into this mode because somehow the ext4 partition failed to mount during one of the many times I rebooted the phone. This mode also allowed me ADB access - however, this was a rescue OS which did not actually contain the user data. I would like to attempt to boot into this mode again, gain root access via a kernel exploit, and either read out the unlock code from /dev/block/mmcblk0p** or directly copy the media onto an SD card. Does anyone know how to "trigger" booting into this mode? The kernel code for the p8 lite seems to have a flag "CONFIG_FEATURE_HUAWEI_EMERGENCY_DATA" which enables this feature.
Pointers welcome
Note, I'm not desperate to recover the data - but this has become more of a "challenge" I'd like to solve.
Edit: I was able to unlock the bootloader with details obtained from the device. Unlocking the device did not initiate a wipe. Now it comes down to installing a recovery image and pulling the data
ce3c said:
Hello all,
I'm in possession of a Huawei P8 Lite of which the owner lost the passphrase. The question is whether the photos on the device can still be recoved. The bootloader of the device is currently locked. Debug mode is not enabled (nor is my computer authorized).
I was hoping that it would be possible to unlock the bootloader (which supposedly does not trigger a factory reset on this model?) - and then install a custom recovery from where I could backup the pictures. In order to unlock the bootloader, I would need IMEI-1 + IMEI-2 and the S/N. I was able to obtain one of the IMEIs by typing *#06# on the emergency call screen. Is there a way to obtain the other codes somehow (perhaps via fastboot)? Once I obtain the necessary information, my assumption is that I would be able to get an unlock code from Huawei after which I can unlock from fastboot. (Or does OEM unlock still need to be enabled from the developer options in Android?)
Edit: seems like the S/N is shown when connecting in fastboot mode and listing "fastboot devices".
Edit2: seems like obtaining the IMEI through the emergency call functionaltiy combined with the S/N is enough: I modified the "Product ID Generator" tool to include the "ALE-L21" model, and now it generates valid Product IDs that can be used on the Huawei website to obtain an unlock code.
Alternatively, I've noticed that there's an "emergency data backup" mode on this model, which I accidentally entered. I was hoping anyone knows more about this mode (note that this is different from the fastboot & rescue mode). I got booted into this mode because somehow the ext4 partition failed to mount during one of the many times I rebooted the phone. This mode also allowed me ADB access - however, this was a rescue OS which did not actually contain the user data. I would like to attempt to boot into this mode again, gain root access via a kernel exploit, and either read out the unlock code from /dev/block/mmcblk0p** or directly copy the media onto an SD card. Does anyone know how to "trigger" booting into this mode? The kernel code for the p8 lite seems to have a flag "CONFIG_FEATURE_HUAWEI_EMERGENCY_DATA" which enables this feature.
Pointers welcome
Note, I'm not desperate to recover the data - but this has become more of a "challenge" I'd like to solve.
Edit: I was able to unlock the bootloader with details obtained from the device. Unlocking the device did not initiate a wipe. Now it comes down to installing a recovery image and pulling the data
Click to expand...
Click to collapse
Now simply install twrp, connect to PC and you will be able to see all the files in Explorer
faby GT said:
Now simply install twrp, connect to PC and you will be able to see all the files in Explorer
Click to expand...
Click to collapse
With twrp you can delete lockscreen specific files to remove lock
Audriuskins said:
With twrp you can delete lockscreen specific files to remove lock
Click to expand...
Click to collapse
If you think about this, you can see how easy it is to unlock a phone (also for bad purposes...)
Agreed, I'm surprised that Huawei didn't force a device wipe before allowing OEM unlock. Especially because you can obtain all the details you need from the phone to obtain an unlock code on the Huawei website.
I indeed ended up installing TWRP and remove the password.key file to remove the lock
Maybe I forgot to unlock the oem when I wanted to reflash my phone .but it’s late when I found it because it can’t enter the system. could someone help me ? :crying:
it shows that when I enter the download mode
Custom Binary (EFS) Blocked by oem lock. Sometimes it’s
System Rev . Invalid magic string
And when I reboot it shows NAO : PASSED (TIME OUT). Test number :0
Basically what the title says, Back in September 12, 2021, at 4 AM I had woken up out of nowhere and I thought I'd wanted to give that engineering firmware of my lavender a try, but then I did something bad, after digging in what the issue was and why my phone wasn't booting and was stuck in the splash screen (fastboot wasn't working either), I found out that there was a firmware OEM security certificate mismatch between the UEFI Bootloader (XBL.ELF) and the "Application Bootloader" which in android's case is "Kernel Flinger" (abl.elf), the mismatch between the certificates causes the phone to not load abl.elf and it ends up getting stuck at the splash screen and does nothing.
TL;DR my phone's hard bricked and won't boot up, fastboot won't work either.
I tried to unbrick it through the "Emergency Download Mode", also known as EDL Mode, but to no avail, I keep getting the exact same error I did before the battery this phone originally came from had died.
The error is "TARGET SAID: ERROR: Only nop and sig tag can be received before authentication."
I believe I'm getting stuck at xiaomi's authentication thing but I've tried everything, flashing stock ROM, flashing engineering ROM, trying the patched firehose that was available since a long time, trying the patched firehose that was in xiaomiengs, nothing.
Before the battery had died though, if I remember correctly, when I hadn't connected the battery to the phone and turned in on in a long time, after replugging everything and turning it on, the phone would power on it's battery LED and after getting it in EDL, instead of getting an EDL Authentication error, I was getting some weird write error and it would stop, after resetting the phone back, I'd get the same write error, I'm going to retest the thing where it'd get a write error and get past the EDL auth, but I'll have to wait.
I hope you all can give me some tips on how I can unbrick it and hopefully salvage this phone, then I can have it next to my Poco X3 NFC which I got 1 month ago and 23 days ago.
Oh and also if you were wondering why I was trying to flash the engineering firmware again through EDL even though it supposedly hard bricked my phone, that's not the case at all, what actually hard bricked it was that I had flashed MIUI 10's abl.elf (Application Bootloader/Kernel Flinger) and after rebooting, it didn't boot.
I'll admit that it was very dumb of me to flash just one firmware image out of all of them, but I should mention that I did it out of being afraid over the fact that flashing the engineering firmware might've caused my device to be stuck with it until I flashed the stock/production firmware through EDL Mode, now, I know I could've flashed it through fastboot but there was another problem with fastboot and it was that it would not flash anything due to a "image size mismatch error".
What were my findings after all? Well, Lavender (AKA Redmi Note 7) seems to have encryption stuff built right into it's bootloader which was what forced me to factory reset the device (Wipe out the data partition or "userdata"), I forgot to test whether disabling encryption wouldn't cause the entire encryption to not work (It does the same in stock/production firmware).
Another thing I also found out was that the UEFI Bootloader of the engineering firmware build is that it seemed to not have OEM certificates setup properly so it allowed the booting of MIUI 12.5's Kernel Flinger binary (abl.elf), one thing that confuses me is the fact that it wouldn't boot MIUI 10's Kernel Flinger binary (abl.elf).
Okay, update here, I've been messing around, getting help from some people in Telegram and I've managed to get past EDL Auth, unfortunately for me, it says "Failed to open the SDCC Device slot 0 partition" when attempting to flash.
I tried through Qualcomm's Product Configuration Assistant Tool and I got that error, I tried through QFIL, same error, I tried through Mi Flash and various different versions, still same error.
Does anyone have any idea what the error could mean? I hope it doesn't mean that my phone's eMMC isn't dead, because from what I remember it isn't.