Anyone know if Triangle Away app or the following command will reset the binary counter after flashing a custom ROM?
Code:
$ su
# dd if=/dev/zero of=/dev/block/mmcblk0 bs=1 count=1 seek=3145732
Thanks!
anyone?
I don't this means what you think this means...
/Inigo
I would try the process to remove the custom icon first before trying to manually update the database using a tool designed for a different version of the OS.
This was posted by another member in a separate thread. My suggestion would be to read all of the information provided in the links that the other member posted. I have read that people have used triangle away on their S4s, but you are taking responsibility for your own phone so you should probably read as much as you can before trying anything. The search function should work if you have any more questions. Good luck.
http://forum.xda-developers.com/showpost.php?p=41405015&postcount=9
I had a problem with my SM-N9005.
They lost her baseband (baseband null) and also IMEI (IMEI null) with a malicious app.
So, no one baseband can't be flashed, but this was solved just flashing a PIT FILE + KIT KAT ROM + some commands in ADB (adb shell, su... etc).
Like in this topic:
http://forum.xda-developers.com/showthread.php?t=2567133
But I have a GT-I9500, with baseband... But IMEI is generic... Well, I can try to repair it with a repairer box.
But I'd like to know if exists some similar way to restore the partitions of S4 (and maybe the partition with the IMEI and the CERT), like I did with my SM-N9005.
Well, exists here some similar thread for S4 GT-I9500?
Like for example, installing together some ROM with a PIT file, and after tiping commands like this at some ADB program?
Comands like this?
adb shell
su
dd if=/external_sd/mmcblk0p1 of=/dev/block/mmcblk0p1
dd if=/external_sd/mmcblk0p2 of=/dev/block/mmcblk0p2
...
dd if=/external_sd/mmcblk0rpmb of=/dev/block/mmcblk0rpmb
Well... If exists a similar method... I'd like to try...
Thanks!
you can copy PIT using adb shell
dd if=/dev/block/mmcblk0 of=/sdcard/out.pit bs=8 count=580 skip=2176.
Under odin there is option to creat pit partition.
You can copy all your partition before repartition.
Hi all, first post here. I would like to thank all the community of xda for their work and try to give back a little bit with this how to!
Introduction
When setting a screen lock pattern / pin / password and making it a requirement to boot the phone, that becomes both the power on decryption method and screen lock unlock method.
With Android Marshmallow I was able to use a strong encryption password for my phone on boot / power on while having a simpler pin for screen lock usage using an application called SnooperStopper. As a bonus that application does failed screen lock monitoring and forces a shutdown of the phone after a configurable number of failed attempts.
On Android Nougat however I was not able to use SnooperStopper, since it would fail to detect root (SuperSU, Magisk or Lineage OS built in root support), neither using Cryptfs Password which SnooperStopper is based on and had the same root detection problem. Also tried issuing the cryptfs commands directly in a shell but broke the encryption on the phone and failed to boot.
I changed the perspective and instead of trying to change the encryption password after setting a simple screen lock pin, I would set a strong screen lock password which also updates the power on password and later change the screen lock only. This method worked, so below is a guide on how to do it.
How to
How to use a separate screen lock / boot encryption password.
Background
For this method I used Freedom OS customized stock rom on a LG G4 H815, rooted with Magisk.
IMPORTANT: Before starting make sure to make a backup of your files!
Step 1:
Set the phone to unencrypted state. Either format /data partition using TWRP or decrypt the phone to preserve data.
Step 2:
(optional, since you may already be running on the ROM you want to keep)
Install Freedom OS customized stock ROM.
Step 3:
Setup you desired screen lock method, for example a PIN.
Step 4:
Backup screen lock files. Enable USB debugging on your device, connect your phone to your computer and issue the following commands from a terminal:
The following command uses Magisk su path. If you are using another root method see below:
Code:
[COLOR="Indigo"]adb shell
mkdir /sdcard/pinlock
/sbin/su -c "/system/bin/sh -"
cp /data/system/device_policies.xml /sdcard/pinlock/
cp /data/system/gatekeeper* /sdcard/pinlock/
cp /data/system/locksettings* /sdcard/pinlock/
exit
exit[/COLOR]
For other root method, replace line 3 with:
Code:
[COLOR="Indigo"]/system/xbin/su -c "/system/bin/sh -"[/COLOR]
These are the files that get copied for PIN screen lock.
Code:
[COLOR="indigo"]/data/system/device_policies.xml
/data/system/gatekeeper.password.key
/data/system/gatekeeper.pattern.key
/data/system/locksettings.db
/data/system/locksettings.db-shm
/data/system/locksettings.db-wal[/COLOR]
Step 5:
Setup a strong screen lock password, the one you would like to use as a power decryption on password.
Step 6:
Encrypt phone. Go to Settings / General / Security / Encryption / Encrypt phone.
Step 7:
Reboot and go to setting to require password to start phone. Go to Settings / General / Security / Encryption / Secure start-up.
Step 8:
Restart the phone to verify that you are required to type in your password to boot and that it works.
Step 9:
Restore screen lock files by issuing the following commands from a terminal.
The following command uses Magisk su path. If you are using another root method see below:
Code:
[COLOR="indigo"]adb shell
/sbin/su -c "/system/bin/sh -"
cp /sdcard/pinlock/* /data/system/[/COLOR]
For other root method, replace line 2 with:
Code:
[COLOR="indigo"]/system/xbin/su -c "/system/bin/sh -"[/COLOR]
Step 10:
Final step. Reboot your phone! You will need to use the strong password to boot up but when unlock your screen you will be prompted for the simpler PIN or the unlock method selected.
This worked for me on a customized Nougat stock ROM, a strong boot password and a PIN screen unlock. Post your setup if it worked for you using a different combination. The principle should work on stock, customized stock and custom roms.
References
Freedom ROM
https://forum.xda-developers.com/g4/development/h815-freedom-rom-t3630056
Magisk root
https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
Snooper Stopper
https://f-droid.org/packages/cz.eutopia.snooperstopper/
Cryptfs Password
https://f-droid.org/packages/org.nick.cryptfs.passwdmanager/
Updated Method
There's no need to have the phone in unencrypted state for this method to work.
Step 1
Setup the screen unlock method that you prefer. If your phone is encrypted answer no if asked if you want to require the pin / pattern / password to start the device.
Step 2
Copy the screen lock files using adb shell while the phone is connected in usb debug mode.
Code:
[COLOR="Indigo"]adb shell
mkdir /sdcard/screenlock
/sbin/su -c "/system/bin/sh -"
cp /data/system/device_policies.xml /sdcard/screenlock/
cp /data/system/gatekeeper* /sdcard/screenlock/
cp /data/system/locksettings* /sdcard/screenlock/
exit
exit[/COLOR]
Step 3
Encrypt your phone if not encrypted already, then setup the screen unlock method you want to use for device boot. If asked to require the pin / pattern / password to start the device, answer yes. If not asked go to Settings / General / Security / Encryption / Secure start-up and enable it.
Step 4
Restore the screen lock files from the previous backup.
Code:
[COLOR="indigo"]adb shell
/sbin/su -c "/system/bin/sh -"
cp /sdcard/screenlock/* /data/system/
exit
exit[/COLOR]
Step 5
Reboot.
You should have now a different boot decryption password from screen unlock password (or whatever method you selected).
If you want to force the phone to shutdown after a configurable number of failed screen unlock attempts, then install Snooper Stopper. The app does not work in Nougat to change the encryption password but still works to force the phone to shutdown after certain screen unlock failed attempts.
A public service announcement.
A new tool (mtk-su) by @diplomatic (link) is able to achieve a temporary yet full featured root shell on any OS version for the original BLU R1 (and most likely, on BLU R1 PLUS), see this post for proof. Use mtk-su_r11.zip, version in armv7-kernel folder, and you will get a rooted shell. To install permanent root, you will need to unlock your bootloader.
Perhaps, @mrmazak would be kind enough to update his R1 bootloader unlock tool to all OS versions It should be possible to update bootloader unlock for R1 PLUS up to the latest OS version (@lopestom), given that there is now a full featured root shell with rw system access.
bibikalka said:
A public service announcement.
A new tool (mtk-su) by @diplomatic (link) is able to achieve a temporary yet full featured root shell on any OS version for the original BLU R1 (and most likely, on BLU R1 PLUS), see this post for proof. Use mtk-su_r11.zip, version in armv7-kernel folder, and you will get a rooted shell. To install permanent root, you will need to unlock your bootloader.
Perhaps, @mrmazak would be kind enough to update his R1 bootloader unlock tool to all OS versions It might also be possible to accomplish bootloader unlock for R1 PLUS, given that there is now full featured root shell.
Click to expand...
Click to collapse
since you have your R1 powered up already, can you let me know if that temp root shell gives access to /dev/block.
as in can you test if a dd command to /dev/block is allowed. if it is then this will make a nice replacement to dirty-cow method..
mrmazak said:
since you have your R1 powered up already, can you let me know if that temp root shell gives access to /dev/block.
as in can you test if a dd command to /dev/block is allowed. if it is then this will make a nice replacement to dirty-cow method..
Click to expand...
Click to collapse
Yep, seems to work OK:
Code:
[email protected]_HD:/data/local/tmp $ ./mtk-su_arm7 -v
armv7l machine
param1: 0x1000, param2: 0x8040, type: 7
Building symbol table
...
New UID/GID: 0/0
starting /system/bin/sh
[email protected]_HD:/data/local/tmp # dd if=/dev/block/mmcblk0p7 of=/sdcard/p7t.bin
32768+0 records in
32768+0 records out
16777216 bytes transferred in 3.630 secs (4621822 bytes/sec)
This is way better than DirtyCow !
bibikalka said:
Yep, seems to work OK:
Code:
[email protected]_HD:/data/local/tmp $ ./mtk-su_arm7 -v
armv7l machine
param1: 0x1000, param2: 0x8040, type: 7
Building symbol table
...
New UID/GID: 0/0
starting /system/bin/sh
s[email protected]_HD:/data/local/tmp # dd if=/dev/block/mmcblk0p7 of=/sdcard/p7t.bin
32768+0 records in
32768+0 records out
16777216 bytes transferred in 3.630 secs (4621822 bytes/sec)
This is way better than DirtyCow !
Click to expand...
Click to collapse
that seems soo simple.
changed the dirty-cow section of the tool to use this mtk-su
and based on the read-me says, this command should work, as an all in one.
Code:
example based on file name used in tool
adb shell "/data/local/tmp/mtk-su -c dd if=/data/local/tmp/unlock of=/dev/block/mmcblk0p17"
can you test it?
Code:
adb push mtk-su /data/local/tmp/mtk-su
adb shell chmod 0777 /data/local/tmp/mtk-su
adb shell "/data/local/tmp/mtk-su -c dd if=/dev/block/mmcblk0p7 of=/sdcard/p7t.bin"
mrmazak said:
that seems soo simple.
changed the dirty-cow section of the tool to use this mtk-su
and based on the read-me says, this command should work, as an all in one.
Code:
example based on file name used in tool
adb shell "/data/local/tmp/mtk-su -c dd if=/data/local/tmp/unlock of=/dev/block/mmcblk0p17"
can you test it?
Code:
adb push mtk-su /data/local/tmp/mtk-su
adb shell chmod 0777 /data/local/tmp/mtk-su
adb shell "/data/local/tmp/mtk-su -c dd if=/dev/block/mmcblk0p7 of=/sdcard/p7t.bin"
Click to expand...
Click to collapse
Just tested the last bit of code, all worked properly! Ended up reading mmcblk0p7 as expected! So please proceed
bibikalka said:
Just tested the last bit of code, all worked properly! Ended up reading mmcblk0p7 as expected! So please proceed
Click to expand...
Click to collapse
I think it is ready.
Biggest unknown part is, weather it works on V9.x
We assume the only change made was the kernel patch that blocked dirty-cow. what if bootloader has unlock codes removed.
Any how I put it up on the unlock thread, And it needs a tester.
mrmazak said:
I think it is ready.
Biggest unknown part is, weather it works on V9.x
We assume the only change made was the kernel patch that blocked dirty-cow. what if bootloader has unlock codes removed.
Any how I put it up on the unlock thread, And it needs a tester.
Click to expand...
Click to collapse
Well - it's not like the bootloader is set in stone You can overwrite any /dev/block, so if there are issues, why not return all stuff - preloader & bootloaders to the V6.6 ? Then even the MTK tool would work. I don't recall there was anti-rollback protection implemented. I guess your tool tries to be the least invasive, but the full featured root gives options for a total downgrade.
bibikalka said:
Well - it's not like the bootloader is set in stone You can overwrite any /dev/block, so if there are issues, why not return all stuff - preloader & bootloaders to the V6.6 ? Then even the MTK tool would work. I don't recall there was anti-rollback protection implemented. I guess your tool tries to be the least invasive, but the full featured root gives options for a total downgrade.
Click to expand...
Click to collapse
one of the options in the tool , is to roll-back the pre-loader.
did that long ago.
didn't try with shell , only with twrp. Similar to the way the OTA changed it. and it requires you to unlock again. but it has been repeatable process.
Would this work with r1 hd from Amazon?
Hey guys, looking for little bit f help.
Actually I hardbricked by R1 plus accidentanly. Unable to find it's firmware anywhere on the internet. Xepirifirm didn't had this model in it previously. Could you please let me know where could I find it ROM and also how to boot up my phone again?
This method allows you to be able to write the flash token on a Verizon HTC 10. This method should be able to work on rooted phones, if you're able to get a temp-root, you should be able to run this command. Here's a video tutorial, watch on 2.0x speed to cut to the chase. This overwrites a byte and sets it to the number 'one' which allows you to get the identifier token from HTC download mode.
Copy and paste EXACTLY as you see it. Do it at your OWN RISK! I am not liable for any damages to your device. This was done strictly on a Verizon phone and I DO NOT recommend any other version.
Steps from the terminal root, termux, adb shell(from your computer), or custom recovery
copy and paste EXACTLY
printf '\x10' | dd conv=notrunc of=/dev/block/mmcblk0p50 bs=1 seek=$((0x0007FFFF))
from here you can fastboot oem get_identifier_token and follow the tutorial from htcdev.com
Do you think this could work on a Motorola device?