So, i'm using a SM-N900 and i have flashed a custom boot image (along with rooting). The issue arises when I try to encrypt the phone, and it never works. I found that logcat prints out this message when it attempts to encrypt.
======================
The kernel binary has been changed.
The platform/kernel binaries should be synchronized for running Secure Storage.
Please use the same version of platform/kernel binaries.
======================
Click to expand...
Click to collapse
I'm wondering if there's some sort of security feature I can disable to allow my custom boot image to be encrypted, or if i just have to flash it a different way.
Thanks in advance
Since it's now possible to root with a developer kernel I was wondering if it would be possible to use that to reboot to a modified stock modified kernel.
One example is how the Xbox 360 hacks work. The bootloaders are signed so you can't load a modified hypervisor and kernel. So the way it was achieved was by using a hypervisor exploit to go back and load a modified bootloader with the signature checks removed and then soft rebooting into the entry point and then booting from there which made it so a modified hypervisor and kernel could be used. I contributed and wrote a few patches for that.
I'm not too familiar with the android boot process or how the root actually works I was wondering if there were any specifics about how it works.
If achieved it would be possible to use the development root to load a stock kernel that's modified and has root. So it would solve issues like battery and heat issues.
Thank you
Anth0ny229 said:
Since it's now possible to root with a developer kernel I was wondering if it would be possible to use that to reboot to a modified stock modified kernel.
One example is how the Xbox 360 hacks work. The bootloaders are signed so you can't load a modified hypervisor and kernel. So the way it was achieved was by using a hypervisor exploit to go back and load a modified bootloader with the signature checks removed and then soft rebooting into the entry point and then booting from there which made it so a modified hypervisor and kernel could be used. I contributed and wrote a few patches for that.
I'm not too familiar with the android boot process or how the root actually works I was wondering if there were any specifics about how it works.
If achieved it would be possible to use the development root to load a stock kernel that's modified and has root. So it would solve issues like battery and heat issues.
Thank you
Click to expand...
Click to collapse
This is interesting. Seems theoretically possible. I'd like to see where this goes.
Hi,
Samsung Galaxy J5 (2016) - SM-J510FN/DS
I have flashed the TWRP recovery (3.0.2) and then installed SU Root.
As I wanted to turn on "System UI Tuner" but it did not work, I turned off the "developer options" in the settings.
After restart my mobile is now in "Custom binary blocked by frp" [secure fail:kernel].
How can I solve that?
Winf2005 said:
Hi,
Samsung Galaxy J5 (2016) - SM-J510FN/DS
I have flashed the TWRP recovery (3.0.2) and then installed SU Root.
As I wanted to turn on "System UI Tuner" but it did not work, I turned off the "developer options" in the settings.
After restart my mobile is now in "Custom binary blocked by frp" [secure fail:kernel].
How can I solve that?
Click to expand...
Click to collapse
Please reflash the stock firmware. Alternatively I have read that flashing only the boot.img file ahould do the trick without erasing data but I can't really confirm this.
FRP lock is caused by the bootloader detecting that a change was made. To disable security detection you need to keep enabled OEM Unlock in Dev Settings. It gets deactivated always when you turn off dev options.
BTW Samsung removed the System UI tuner from Marshmallow so your best bet for that is an XPOSED module or a custom ROM based on android AOSP, roms that don't have that disabled. Samsung is stupid
Thank you!
The stock firmware was ~1.4GB. After flashing root has gone, but almost all configuration was still there. Either it was not overwritten or the backup of Samsung did the job...
Winf2005 said:
Thank you!
The stock firmware was ~1.4GB. After flashing root has gone, but almost all configuration was still there. Either it was not overwritten or the backup of Samsung did the job...
Click to expand...
Click to collapse
Oh well it did factory reset, right? Also the backup feature is mostly Gogle's that's how I manage to keep most of my information even tho I'm trying new ROMs every month.
The cool thing was, that the installed APPs have all been there. So yes, google maybe did a big part, but I think this was no complete factory reset. I did it completely after the official advice of Samsung's homepage.
When activating the oem unlock you can install Twrp, kernel or custom rom without the activation of FRP security that is activated when you establish a security pattern in the device
When the binary is blocked by the FRP you must install the factory firmware, then enter the recovery and do a factory reset since the FRP prevents external access to the system and data as prevention
You will be prompted for the email and password of the previously used account
Thanks a lot
Amarius1 said:
Please reflash the stock firmware. Alternatively I have read that flashing only the boot.img file ahould do the trick without erasing data but I can't really confirm this.
FRP lock is caused by the bootloader detecting that a change was made. To disable security detection you need to keep enabled OEM Unlock in Dev Settings. It gets deactivated always when you turn off dev options.
BTW Samsung removed the System UI tuner from Marshmallow so your best bet for that is an XPOSED module or a custom ROM based on android AOSP, roms that don't have that disabled. Samsung is stupid
Click to expand...
Click to collapse
I have saved my data on Galaxy J5 2016. You advice to reflash only original "boot.img" is excelent cure.
I have reflashed my phone about 3 times and the last resulting in a fresh start without carrying over any data. My original rooting method was system mode which left me unable to accept OTA updates and was unstable. I am now using systemless magisksu and systemless Xposed with a untouched system partition. And at first I was able to play games like fire emblem heroes and pokemon go without trouble, then after a while I noticed that the same issues were happening again. Fire emblem gives a error code dispite me having hide magisk and automagisk enables for it, same for pokemon go. No matter what I do or how many times I reinstall I always get the errors.
I have read that you cannot hide root if you have a unlocked bootloader which I do. I have a stock ROM but a unlocked bootloader because I have a developer global installed. Do I need to modify my boot.img to not have the flag?
With original developer I think that you can relock the bootloader.... But you have to flash the original recovery too... I think I tried and it stuck so you might consider flashing via fastboot the original developer. I am not sure what happens to root
To lock bootloader you have to go to fastboot mode and type fastboot oem lock
jimger said:
With original developer I think that you can relock the bootloader.... But you have to flash the original recovery too... I think I tried and it stuck so you might consider flashing via fastboot the original developer. I am not sure what happens to root
To lock bootloader you have to go to fastboot mode and type fastboot oem lock
Click to expand...
Click to collapse
1. i have heard that relocking bootloader is actually more dangerous then unlocking and i have permabricked a 3s before and
2. no way will i unhack and relock just so that i can use some apps that to ignorant to leave rooted people alone. i will have to find away to make a custom kernal that removed the saftynet flag. someone was talking about that for another phone.
I don't think it is easy to brick redmi 3s.... Have you tried getting it into edl?
For me even when I had it with black screen I could "do" stuff to it. You can relock it if you use miflash and put developer and/or stable from en.miui.com. It will replace both your system and your recovery but also delete your media to your internal "sd".
I use an xposed module that responds well to safetynet but actually it doesn't really pass. Android pay can't be activated (to me) and I am not sure about pokemon or whatever because I don't use it. But safety net passes. I use an app from play store safetynet helper which in latest version included a basic integrity check. Well my device responds ok to cts profile but fails to basic integrity. Not sure why exactly but even thought I have magisk+ supersu in systemless mode I have touched the /system partition perhaps with adaway or I don't know for sure. I don't know how undroid checks for tampered system partition. I have miui-globe rom which is not official
jimger said:
I don't think it is easy to brick redmi 3s.... Have you tried getting it into edl?
For me even when I had it with black screen I could "do" stuff to it. You can relock it if you use miflash and put developer and/or stable from en.miui.com. It will replace both your system and your recovery but also delete your media to your internal "sd".
I use an xposed module that responds well to safetynet but actually it doesn't really pass. Android pay can't be activated (to me) and I am not sure about pokemon or whatever because I don't use it. But safety net passes. I use an app from play store safetynet helper which in latest version included a basic integrity check. Well my device responds ok to cts profile but fails to basic integrity. Not sure why exactly but even thought I have magisk+ supersu in systemless mode I have touched the /system partition perhaps with adaway or I don't know for sure. I don't know how undroid checks for tampered system partition. I have miui-globe rom which is not official
Click to expand...
Click to collapse
trust me i have tried everything to unbrick that phone it is IMPOSSIBLE no one can fix it, it just sits as spare parts in my storage now as i brought another one
https://forum.xda-developers.com/xiaomi-redmi-3s/help/bricked-redmi-3s-identify-test-force-t3438220
http://en.miui.com/thread-326730-1-1.html
http://en.miui.com/thread-373634-1-1.html
and even when my phone isn't rooted like after a fresh miflash after like 20 minutes the test fails but for that little time before then everything is ok.
Which test?
I saw that you ordered the deep flash cable and still not ok?
Have you tried the modified reboot to edl?
Also have you got x64 windows with test mode enabled?
https://forum.xda-developers.com/redmi-note-3/how-to/guide-reboot-to-edl-mode-fastboot-test-t3398718
jimger said:
Which test?
I saw that you ordered the deep flash cable and still not ok?
Have you tried the modified reboot to edl?
Also have you got x64 windows with test mode enabled?
https://forum.xda-developers.com/redmi-note-3/how-to/guide-reboot-to-edl-mode-fastboot-test-t3398718
Click to expand...
Click to collapse
yes and yes the cable did not do anything
trust me i have tried everything anyone can ever imagine.
xdarkmario said:
yes and yes the cable did not do anything
trust me i have tried everything anyone can ever imagine.
Click to expand...
Click to collapse
Well don't know Then you are one of the very few... I can't tell anything else
If you reflash in fastboot it will be relocked. And there is no problem at all....
I am still having issues with this, i dont have the knowledge for compiling a kernel from source. no matter what i try i just cant bypass this stupid saftynet. if i flash the phone from scratch it will allow me to use saftynet protected app for a little bit but on reboot or something i cant use use it again.
As far as I know, developer ROMs don't pass SafetyNet, only the stable ROMs. And only with locked bootloader and without any modifications (root, xposed, magisk, etc.). For locking bootloader I recommend you to flash a fastboot ROM in fastboot mode and in MiFlash choose flash all and lock option, this way you will not brick your phone. But if it's not working and as I see you can unlock your bootloader, I recommend you xiaomi.eu ROMs. If all is true, the next release (both of beta and stable) will bypass SafetyNet (of course without modifications, but with this ROM don't lock your bootloader). But since it's based on china ROMs, beta releases are suspended until august. From the stable ROMs MIUI 8.2 doesn't pass SafetyNet yet, so you have to wait to MIUI 8.5.
22Dávid22 said:
As far as I know, developer ROMs don't pass SafetyNet, only the stable ROMs. And only with locked bootloader and without any modifications (root, xposed, magisk, etc.). For locking bootloader I recommend you to flash a fastboot ROM in fastboot mode and in MiFlash choose flash all and lock option, this way you will not brick your phone. But if it's not working and as I see you can unlock your bootloader, I recommend you xiaomi.eu ROMs. If all is true, the next release (both of beta and stable) will bypass SafetyNet (of course without modifications, but with this ROM don't lock your bootloader). But since it's based on china ROMs, beta releases are suspended until august. From the stable ROMs MIUI 8.2 doesn't pass SafetyNet yet, so you have to wait to MIUI 8.5.
Click to expand...
Click to collapse
i know how to relock my bootloader, i have done it before and relocked it as well as my xiaomi account is allowed to do so but for what i do i at least a rooted phone at the least. xposed it a heavy want but not mandatory like root is. i also need to be on the global weekly because the stable haven't added EXfat support yet.
Use magisk 13.3 =_=
jimger said:
I don't think it is easy to brick redmi 3s.... Have you tried getting it into edl?
For me even when I had it with black screen I could "do" stuff to it. You can relock it if you use miflash and put developer and/or stable from en.miui.com. It will replace both your system and your recovery but also delete your media to your internal "sd".
I use an xposed module that responds well to safetynet but actually it doesn't really pass. Android pay can't be activated (to me) and I am not sure about pokemon or whatever because I don't use it. But safety net passes. I use an app from play store safetynet helper which in latest version included a basic integrity check. Well my device responds ok to cts profile but fails to basic integrity. Not sure why exactly but even thought I have magisk+ supersu in systemless mode I have touched the /system partition perhaps with adaway or I don't know for sure. I don't know how undroid checks for tampered system partition. I have miui-globe rom which is not official
Click to expand...
Click to collapse
All the neccessary apps ( android pay & Pokemon ) use basic integrity
I'm hoping to get a little feedback on some questioning.
1). I see that everyone has concluded that since there is no bootloader unlock for G930V that it would not be possible to flash a custom Kernel?
* is Flashfire an alternative ?
2). provided you are able compile the kernel source hosted @opensource.samsung.com
* Could you flash this kernel as you do the EngBoot kernel ?
No. Signed bootloader means that you can only used signed kernels. Even the root method we have is using an eng boot image signed by samsung. You can use flashfire (once rooted) to replace system files (as some roms do) on the 930V but even if you were to overwrite boot partition the phone wouldn't boot. This will be the case until someone finds an exploit to unlock the bootloader or samsung starts some unlock program for this variant (unlikely)
djh816 said:
No. Signed bootloader means that you can only used signed kernels. Even the root method we have is using an eng boot image signed by samsung. You can use flashfire (once rooted) to replace system files (as some roms do) on the 930V but even if you were to overwrite boot partition the phone wouldn't boot. This will be the case until someone finds an exploit to unlock the bootloader or samsung starts some unlock program for this variant (unlikely)
Click to expand...
Click to collapse
Thank you. Now, is there a way that i could compile and load modules ? using the current returns an invalid version comparison and recommends 2.18.31-#####-eng ?