Database Users

Keep Root through OTA

Read up on this in my Google New reader app.
Just installed it to see if it works on our tabs, and it appears to.
What I believe it does is make a backuo of your root.
Before you do an OTA, you uninstall root (after you've backed up root) through the app, then after OTA you restore your root.
For those of you that like to stay stock, but have root, here's the link.
https://market.android.com/details?id=org.projectvoodoo.otarootkeeper

interesting But i bet acer is Already working on patching this... I also think that is what takes them so long to push updates.. Patching holes. to prevent dev. on There devices that we PAID For ...APPLE Ceo did not die He Quit and it working with Elvis at Acer... Giggles..

erica_renee said:
interesting But i bet acer is Already working on patching this... I also think that is what takes them so long to push updates.. Patching holes. to prevent dev. on There devices that we PAID For ...APPLE Ceo did not die He Quit and it working with Elvis at Acer... Giggles..
Click to expand...
Click to collapse
I guess you didn't understand what it does?
Doesn't your sig say "reading is power"?

yes i read what it does.. Just not sure how long it will remain valid and i d/loaded it will check it out give it a try

erica_renee said:
yes i read what it does.. Just not sure how long it will remain valid and i d/loaded it will check it out give it a try
Click to expand...
Click to collapse
It does nothing to the bootloader, merely retains root. After you backup root with the app, you get your OTA, then restore your root through the app.

OK What i do not understand.. is IF it can retain root thru the OTA.. ota updates change they system file permissions and protects them. The use some type of exploit to root the device. This app is doing the same Am i correct.. And if i am acer can plug that exploit. Also.. is this works to reroot afer a ota unrootes the device.. why will this not just root the tablet as well. looks like someone could take it apart and create a new way to root the tablet without DOWNGRADING or flashing a new rom..
IS the above true or am i just STUPID For thinking all of this... the dev might know something that is not known on the a500 forums ...

I can tell you exactly how it works.
In Linux there is a command called chattr which allows you to change the attributes on a file like in Windows (readonly for example). However, in Linux it is much more powerful. So, what you do, is set the chattr bit so NOBOBY can modify a file. Not even root. If root wants to change it, then root has to remove that bit first.
So, if you want to keep root you chattr it. Then when the update.zip runs and walks through the /system folder it cannot remove the su sticky bit because it has been chattr'ed.
However, some updates delete everything in the /system/xbin folder therefore the tool makes a backup to another folder called /system/backupsu. This backup usually remains. Usually, that is, unless ACER loads a NEW /system image. Like they need to expand the size, or want to reload everything, then they lay down a NEW system image and it's gone. ALL GONE.
Some ask, why don't you chattr to another folder other then system, well most other mount points have su sticky bit turned off, therefore making su not work from another mount.
So will ACER plug the chattr hole? I don't think so, this in the kernel and part of the file system. They could walk the system mount and un-chattr everything, but then again you can just use another approach.
The chattr trick normally only works on simple OTA's. For example, I think when ACER went to 3.2 they relaid down system. I could be wrong, I'd have to check my notes. But thankfully, most vendors don't reload system that often so you'r find that chattr'ng the su file works 99% of the time.
Hope this helps,
TD
---------- Post added at 06:25 PM ---------- Previous post was at 06:10 PM ----------
Also, 411 on rooting.
To root, you find a hole and then set the 'sticky bit' on an executable so it now runs as root for example: rwsr-xr-x. Notice the 's' in the owner permissions. When this file is executed it runs with the owners permissions on the file system. So to make a simple root, just copy the ash shell to /system/xbin make the file owned by root and then set the sticky bit. Now, if you are not root, you just run /system/xbin/ash and because this version of ash is owned by root and has the sticky bit set, you get the root(#) because the ash shell is now running as root.
So, you use the exploit to gain root and then set up a program to give you root anytime you want it. Usually that program is named su. Now, when an update runs, it walks the entire /system tree resetting all files to rwxr-xr-x which removes the sticky bit and breaks root.
What is heartbreaking, is you now need to use the exploit to get root so you can set back your sticky bit. If the update patched your exploit then you have find another one.
So, the question is, once you get root, how do you keep it. Using chattr is one way therefore if the update removes your exploit, hopefully it doesn't matter because you 'locked in' your sticky bit with chattr.
This is why once any version is rooted you can root most any other version. It now becomes possible to move back and forth through OTA's while allowing you to keep root. But time traveling a root OTA is only possible into the future, you can never go back in time prior to the invention of the root. But you can always travel forward with root. This is exactly how we root the 3.2.1. We take a tablet that has 3.0.1 on it and use iconia root exploit to root it. Then we lock it, add other backdoors, and roll forward in time through the minefields of the OTA's until it stops. Hopefully, you still have root. In other words, it's the flux capacitor and is what makes future rooting possible.
So it doesn't matter, as long as you chattr (chatter), because who cares if ACER's heart goes pitter patter <<== Sounds like a Roll'n Stone lyrics <lol>
"Don't you know the crime rate is going up, up, up, up, up
To live on this forum you must be tough, tough, tough, tough, tough
You got rats at ACER dreaming of the west side
Software bugs on upgrades
What a mess, this forum says chatter (chattr), so my root won't be shattered
My brains been battered, splattered all over this forum
but what's that matter.
Ah look at me, my root is chattr'ed
I'm not wanting my root shattered
Look at me- I'm a chattr'ed, look at me
Man time to go drink heavily.

"SOFTMOD" app
SORRY PPL COMPLETELY CONFUSED 2 DIFFERENT TOPICS IN 2 DIFFERENT THREADS - ALZHEIMER's RULES OK!! - Deleted this response

timmyDean your making my head spin. Thanks for the info.

ok as I was thinking this works unless acer pushes a full os.So I will continue to stay on custom roms.giggles

erica_renee said:
ok as I was thinking this works unless acer pushes a full os.So I will continue to stay on custom roms.giggles
Click to expand...
Click to collapse
Actually, I went back to 3.1 today to test it out. It worked through all updates, including full updates

kjy2010 said:
Actually, I went back to 3.1 today to test it out. It worked through all updates, including full updates
Awesome.
It seems interesting
Click to expand...
Click to collapse

kjy2010 said:
Actually, I went back to 3.1 today to test it out. It worked through all updates, including full updates
Click to expand...
Click to collapse
You the man. I could not recall if 3.0.1 to 3.1 to 3.2 did a system reload. What some OEM's do is erase /system. Lenovo did that when they went from 11 to 12 and then from 12 to 13. But, I could not recall if ACER did. You'll find that chattr works 99% of the time, maybe 100% on an ACER. That's why I turn off OTA's so they don't occur automatically. Then when one becomes available, I download and look at what they're changing before allowing it. This is really important now that they've locked the bootloader. If you take an OTA and it patches your root exploit, removes chattr, deletes your backup su, and breaks root then you might be stuck in the future with no root. If this happens you have to hope there's a way back without root.
So thanks.
---------- Post added at 03:28 PM ---------- Previous post was at 03:15 PM ----------
erica_renee said:
ok as I was thinking this works unless acer pushes a full os.So I will continue to stay on custom roms.giggles
Click to expand...
Click to collapse
Not a full system, it's how they load it is the key. They push full systems all the time and they really just copy over all new which keeps chattr'ed files. They really have to reformat /system (or destructively destroy it). They'll do this if they need to increase the size, change from ext3 to ext4, etc.
Hope this helps
TD

Thanks sirs for this if we get the doubtful ota I might do this n sell the tap to my little brother or keep it who knows lol
Sent from my HTC Inspire 4G using Tapatalk

timmyDean said:
You the man. I could not recall if 3.0.1 to 3.1 to 3.2 did a system reload. What some OEM's do is erase /system. Lenovo did that when they went from 11 to 12 and then from 12 to 13. But, I could not recall if ACER did. You'll find that chattr works 99% of the time, maybe 100% on an ACER. That's why I turn off OTA's so they don't occur automatically. Then when one becomes available, I download and look at what they're changing before allowing it. This is really important now that they've locked the bootloader. If you take an OTA and it patches your root exploit, removes chattr, deletes your backup su, and breaks root then you might be stuck in the future with no root. If this happens you have to hope there's a way back without root.
So thanks.
---------- Post added at 03:28 PM ---------- Previous post was at 03:15 PM ----------
Not a full system, it's how they load it is the key. They push full systems all the time and they really just copy over all new which keeps chattr'ed files. They really have to reformat /system (or destructively destroy it). They'll do this if they need to increase the size, change from ext3 to ext4, etc.
Hope this helps
TD
Click to expand...
Click to collapse
Yes i do understand. Maybe i did not explain what i was saying correctly.. Acer's update is not aware or looking for those files. There for they do not touch them. as they are just scanning and updating files to reflect there changes.. I to agree that its likely this will remain valid.Atleast we know it is for the os updates and release that are available up to now..

erica_renee said:
Yes i do understand. Maybe i did not explain what i was saying correctly.. Acer's update is not aware or looking for those files. There for they do not touch them. as they are just scanning and updating files to reflect there changes.. I to agree that its likely this will remain valid.Atleast we know it is for the os updates and release that are available up to now..
Click to expand...
Click to collapse
Exactly, so much for being blonde <lol>

5.4.0.0

Just got an update at 2:30CST.

Oh great...now what. Kingroot updated today. It keeps telling me I have root. I don't. But I did fool around with permissions in ADB...I was trying to issue it permissions it didn't have. It only started to tell me I had root after I did that. Though ADB gave me an error when adding some of them.

updated too, no chancelog

This is great! People - use No root Firewall to block OTA so you won't get it because this must mean there is an exploit in 5.3.3.0

savvytechwinner said:
This is great! People - use No root Firewall to block OTA so you won't get it because this must mean there is an exploit in 5.3.3.0
Click to expand...
Click to collapse
Or NetGuard. I bought a license a while back so it can resolve hostnames. I have every Amazon app on wifi lockdown and all of their current known servers and IPS blocked. It takes a bit to get used to and to figure out what apps use what IPs. But I finally got it set up pretty darn good. Still in 5.3.3.0 as well.
---------- Post added at 01:50 PM ---------- Previous post was at 01:42 PM ----------
savvytechwinner said:
This is great! People - use No root Firewall to block OTA so you won't get it because this must mean there is an exploit in 5.3.3.0
Click to expand...
Click to collapse
BTW look out for exploits of the CVE type. Those seem to be what a lot of Android exploits are written from. I managed to get a dirtycow cow sript to run, unfortunately all I got out of it was a wiped internal sdcard and no SuperUser. But it was the first time I've been able to execute a dirtycow script successfully on fireOS. Successful as in at least it ran.

savvytechwinner said:
This is great! People - use No root Firewall to block OTA so you won't get it because this must mean there is an exploit in 5.3.3.0
Click to expand...
Click to collapse
Doubtful - more likely extended feature/functionality (especially around Alexa), optimizations and bug fixes.

Davey126 said:
Doubtful - more likely extended feature/functionality (especially around Alexa), optimizations and bug fixes.
Click to expand...
Click to collapse
It might be Cast Screen. I just noticed they added an option in developers options for the wireless display certification. Also now have access to some Accessibility features that were hidden, almost like usage access but not quite.

DragonFire1024 said:
Or NetGuard. I bought a license a while back so it can resolve hostnames. I have every Amazon app on wifi lockdown and all of their current known servers and IPS blocked. It takes a bit to get used to and to figure out what apps use what IPs. But I finally got it set up pretty darn good. Still in 5.3.3.0 as well.
---------- Post added at 01:50 PM ---------- Previous post was at 01:42 PM ----------
BTW look out for exploits of the CVE type. Those seem to be what a lot of Android exploits are written from. I managed to get a dirtycow cow sript to run, unfortunately all I got out of it was a wiped internal sdcard and no SuperUser. But it was the first time I've been able to execute a dirtycow script successfully on fireOS. Successful as in at least it ran.
Click to expand...
Click to collapse
When you ran C0ward/DirtyC0W/moo it gave you temp root? Interestingly my tablet updated to Fire 5.4 >: | I don't know how. Also KingRoot used a different stragity in the new update - I think they released a few security patches

savvytechwinner said:
When you ran C0ward/DirtyC0W/moo it gave you temp root? Interestingly my tablet updated to Fire 5.4 >: | I don't know how. Also KingRoot used a different stragity in the new update - I think they released a few security patches
Click to expand...
Click to collapse
I never saw a #. All I know it the script ran, finished but I didn't have su so far as I could tell. I tried sudo and su and got "not found". Rootchecker said no root as well. But the internal sdcard storage was completely erased.
EDIT: this is the one I ran: https://github.com/timwr/CVE-2016-5195 It was updated recently to fix the exploit couldn't be downloaded error. It ran for a while too. All the way. At the end said done. I guess it meant done erasing your card lol.

DragonFire1024 said:
It might be Cast Screen. I just noticed they added an option in developers options for the wireless display certification. Also now have access to some Accessibility features that were hidden, almost like usage access but not quite.
Click to expand...
Click to collapse
Quite possible. Amazon and other distributors have been working through ridiculous DRM restrictions in the US and elsewhere. One reason you see additional content now available for download on standard Android devices. Possible they have secured agreements around generic casting. Obviously shameless speculation but I can see those dots being connected.

DragonFire1024 said:
I never saw a #. All I know it the script ran, finished but I didn't have su so far as I could tell. I tried sudo and su and got "not found". Rootchecker said no root as well. But the internal sdcard storage was completely erased.
EDIT: this is the one I ran: https://github.com/timwr/CVE-2016-5195 It was updated recently to fix the exploit couldn't be downloaded error. It ran for a while too. All the way. At the end said done. I guess it meant done erasing your card lol.
Click to expand...
Click to collapse
Here is a question. When an actual SDcard is placed into the slot, what are the permissions? Are they set the same across all devices?

I have 5.4.0.0 waiting in system updates. It's trying to get past my firewall.

I got my 7" 7th gen already updated to 5.3.3.0 rigjt after first power on I went out 10 mins and it updated while I was outside... I'm so unlucky

The firmware is available for download now, so I got it, and extracted the bootloader files.
Surprisingly, the preloader_prod.img and lk.img files haven't changed since 5.3.3.0 (which seems to suggest that a rollback might be possible???) but tz.img and preloader.img have.
The build.prop file contains
Code:
ro.build.mktg.fireos=Fire OS 5.4.0.0
ro.build.version.name=Fire OS 5.3.4.0 (579225620)
They must have been in a hurry... also what about the size? They lost more than 10%...

steve8x8 said:
The firmware is available for download now, so I got it, and extracted the bootloader files.
Surprisingly, the preloader_prod.img and lk.img files haven't changed since 5.3.3.0 (which seems to suggest that a rollback might be possible???) but tz.img and preloader.img have.
The build.prop file contains
Code:
ro.build.mktg.fireos=Fire OS 5.4.0.0
ro.build.version.name=Fire OS 5.3.4.0 (579225620)
They must have been in a hurry... also what about the size? They lost more than 10%...
Click to expand...
Click to collapse
A rollback won't do any good if there's no root.

It's a damn shame when Amazon won't even let you run Live Wallpapers. They really know how to take all the fun out of it. A real shame.

DragonFire1024 said:
It's a damn shame when Amazon won't even let you run Live Wallpapers. They really know how to take all the fun out of it. A real shame.
Click to expand...
Click to collapse
Although I agree with your sentiments Amazon is not alone in that choice. Seen several custom ROMs omit the necessary underpinnings for live wallpapers citing resource consumption (dubious claim IMO) and additional complexity/size for a service that only serves one purpose. Latter might be Amazon's motivation.

Davey126 said:
Although I agree with your sentiments Amazon is not alone in that choice. Seen several custom ROMs omit the necessary underpinnings for live wallpapers citing resource consumption (dubious claim IMO) and additional complexity/size for a service that only serves one purpose. Latter might be Amazon's motivation.
Click to expand...
Click to collapse
I have had a few of the several Live Wallpapers on my XT907 for sometime now. It drains little if any noticable resources and or battery power. Amazon has it set so you can only have wallpapers if the images are uploaded to prime photos.

DragonFire1024 said:
I have had a few of the several Live Wallpapers on my XT907 for sometime now. It drains little if any noticable resources and or battery power. Amazon has it set so you can only have wallpapers if the images are uploaded to prime photos.
Click to expand...
Click to collapse
Well that's a dart in the ass. Really no call for such a restriction IMHO.

Davey126 said:
Well that's a dart in the ass. Really no call for such a restriction IMHO.
Click to expand...
Click to collapse
I can get the wallpapers to run...just not as wallpapers. Activity Launcher brings them out, but They run over the top of everything. And they aren't gifs so I can't upload them and even if I could i would need to register back with Amazon.

Going back to stock rom, coming from lineageos 16 ????? Lenovo Tab4 10 Plus TB-X704F

Hey guys,
since I dont get neither Netflix nor Disney+ to work on my TB-X704F after having flashed LOS 16, I want to go back to stock rom. I've already tried to use Lenovo Smart Assistant but the flashing procedure always fails. I also tried QComLoader but also fails at 5%.
Is there a working way on going back to stock rom having TRWP ans LOS 16 installed???
Due to the fact that Netflix and Disney+ arent working (already tried Magisk module to change the tablets' fingerprint), I need to go back to stock rom.
Thanks in advance!!!!

Please use this tool to flash the stock rom: https://qfiltool.com/qfil-tool-v2-0-2-3

need help here. I'm flashed LineageOS previously. Can't install NetFlix hence i want to switch back to stock. I've installed the drivers and QFIL software. however when the device is off, i hold the volume up button then plug in the usb, but the QFIL software still show port not available. I entered the TWRP screen asking me to whether i can choose Boot to FFBM. Restart Bootloader.. etc. what should i choose?

I assume by "magisk module", you mean the termux props method? That's worked for me on several devices.
Also I really don't know how I can help you past that, most stock firmwares aren't designed to be flashed on modified devices. Very few manufacturers even support that (Samsung, LG and OnePlus are falriy major exceptions)
Edit: just realised the age of the thread, apologies.

rhchia said:
need help here. I'm flashed LineageOS previously. Can't install NetFlix hence i want to switch back to stock. I've installed the drivers and QFIL software. however when the device is off, i hold the volume up button then plug in the usb, but the QFIL software still show port not available. I entered the TWRP screen asking me to whether i can choose Boot to FFBM. Restart Bootloader.. etc. what should i choose?
Click to expand...
Click to collapse
I've got the same problem. What did you do in the end?

K14_Deploy said:
I assume by "magisk module", you mean the termux props method? That's worked for me on several devices.
Also I really don't know how I can help you past that, most stock firmwares aren't designed to be flashed on modified devices. Very few manufacturers even support that (Samsung, LG and OnePlus are falriy major exceptions)
Edit: just realised the age of the thread, apologies.
Click to expand...
Click to collapse
What exactly is the termux props method?
Is that to fix Magisk not authenticating? Or to allow the tool QFIL to restore stock?

boomhaueruk said:
What exactly is the termux props method?
Is that to fix Magisk not authenticating? Or to allow the tool QFIL to restore stock?
Click to expand...
Click to collapse
I mean the MagiskHide Props Config, which requires Termux. Basically you install the module, give Termux root and configure props with it. Then you use MagiskHide to hide magisk from them.
On the topic of reverting to stock, it's not possible. Custom firmware is almost always a one way process, and you understand if you do it things like the OP has described can and will happen. People who want things to "just work" use stock firmware, or an Apple device, it was never designed to not need tinkering.

K14_Deploy said:
I mean the MagiskHide Props Config, which requires Termux. Basically you install the module, give Termux root and configure props with it. Then you use MagiskHide to hide magisk from them.
On the topic of reverting to stock, it's not possible. Custom firmware is almost always a one way process, and you understand if you do it things like the OP has described can and will happen. People who want things to "just work" use stock firmware, or an Apple device, it was never designed to not need tinkering.
Click to expand...
Click to collapse
Goodness, I'm not a person who needs a 'just work' situation. It took weeks to get this onto stock and I've spent a long time reading up trying to fix Magisk. Surely there has to be a point when you're actually using the device and not just fixing it!
Basic things like being able to download and use apps...that seems like a reasonable request.
I think there's 'tinkering' and 'it doesn't work!'
Also, I've rolled back to stock roms before on various phones, recovery and so on - not with this tablet admittedly. Surprised it seems such a difficult or - as you say - impossible process. But hey.
That said, I appreciate the help! I really do.
So; I need to find 'Termux'. https://termux.com/
This says I get it from 'F Droid'. But I then found a link on their webpage to this;
https://f-droid.org/repo/com.termux_117.apk
I'm assuming that's the right one.
It looks like a terminal?
Googling for Termux Magiskhide props config got me to this youtube video;
It's in Indonesian, but shows you some steps. Would that be the best place to find instructions?

boomhaueruk said:
Goodness, I'm not a person who needs a 'just work' situation. It took weeks to get this onto stock and I've spent a long time reading up trying to fix Magisk. Surely there has to be a point when you're actually using the device and not just fixing it!
Basic things like being able to download and use apps...that seems like a reasonable request.
I think there's 'tinkering' and 'it doesn't work!'
Also, I've rolled back to stock roms before on various phones, recovery and so on - not with this tablet admittedly. Surprised it seems such a difficult or - as you say - impossible process. But hey.
That said, I appreciate the help! I really do.
So; I need to find 'Termux'. https://termux.com/
This says I get it from 'F Droid'. But I then found a link on their webpage to this;
https://f-droid.org/repo/com.termux_117.apk
I'm assuming that's the right one.
It looks like a terminal?
Googling for Termux Magiskhide props config got me to this youtube video;
It's in Indonesian, but shows you some steps. Would that be the best place to find instructions?
Click to expand...
Click to collapse
Is this going to be a problem?
Magisk is dropping support for hiding root access from apps
Magisk, the popular Android rooting tool, will continue to be developed by topjohnwu, but without its root hiding feature called MagiskHide.
www.xda-developers.com

boomhaueruk said:
Goodness, I'm not a person who needs a 'just work' situation. It took weeks to get this onto stock and I've spent a long time reading up trying to fix Magisk. Surely there has to be a point when you're actually using the device and not just fixing it!
Basic things like being able to download and use apps...that seems like a reasonable request.
I think there's 'tinkering' and 'it doesn't work!'
Also, I've rolled back to stock roms before on various phones, recovery and so on - not with this tablet admittedly. Surprised it seems such a difficult or - as you say - impossible process. But hey.
That said, I appreciate the help! I really do.
So; I need to find 'Termux'. https://termux.com/
This says I get it from 'F Droid'. But I then found a link on their webpage to this;
https://f-droid.org/repo/com.termux_117.apk
I'm assuming that's the right one.
It looks like a terminal?
Googling for Termux Magiskhide props config got me to this youtube video;
It's in Indonesian, but shows you some steps. Would that be the best place to find instructions?
Click to expand...
Click to collapse
You can install Termux from the Play Store if you have GApps. I did and it worked. And yes, it is a terminal. I've just upgraded to 17.1 on this device so I'm going to be doing it again sooner rather than later anyway.

K14_Deploy said:
You can install Termux from the Play Store if you have GApps. I did and it worked. And yes, it is a terminal. I've just upgraded to 17.1 on this device so I'm going to be doing it again sooner rather than later anyway.
Click to expand...
Click to collapse
Thanks.
I guess my other issue is I'm not actually sure what steps I'm supposed to do next.
That youtube video looks really dodgy!
It's nice to find someone else on this device. Mine has sat unused for months, I've decided to finally either get it to work properly or bin it. Todays the day.

boomhaueruk said:
Thanks.
I guess my other issue is I'm not actually sure what steps I'm supposed to do next.
That youtube video looks really dodgy!
Click to expand...
Click to collapse
Ok, so...
Make sure Magisk has "MagiskHide Props Config" and "Busybox For Android NDK" and root fully enabled. Hide must be disabled. If this isn't the case, do so and then reboot.
Open Termux. Type 'su' to give root access. Then type 'props' and follow the menu for your device. Type '1' for 'Edit device fingerprint'. Type 'f' for 'Pick a certified fingerprint'. Type '13' for 'Lenovo'. Type '2' for 'Lenovo Tab 4 8 Plus TB-8704F (8.1.0)'. If you have another device you might be out of luck. Type 'y' for 'yes'. Wait. Type 'y' again to reboot.
Configure MagiskHide to hide these parts of GPS + any other root sensitive apps. The screenshot I have was taken from a OnePlus but it shows the GPS that needs to be hidden. The less you can get away with hiding the better for performance reasons. Also make sure to repackage Magisk as 'Settings' and change the name of the 'TWRP' folder using a root file explorer (for some reason I don't have one) to... I'm partial to 'f**kyougoogle' personally, but anything will do. Reboot again and Disney+ should work just fine. If it doesn't, I can't help you.
I'd recommend moving to 18.1 before doing this, you'll have to start from square 1 but it means you're more up to date and won't have to do it again until someone builds 19.1 for this device. Can confirm, that build works.
This isn't without risk. Some apps specifically wanting android 11 might not work right. But it SHOULD fix root sensitive apps that use Safetynet. I also can't say anything about Widevine compatibility as I don't have Disney+ on this device.
boomhaueruk said:
Thanks.
I guess my other issue is I'm not actually sure what steps I'm supposed to do next.
That youtube video looks really dodgy!
It's nice to find someone else on this device. Mine has sat unused for months, I've decided to finally either get it to work properly or bin it. Todays the day.
Click to expand...
Click to collapse

K14_Deploy said:
Ok, so...
Make sure Magisk has "MagiskHide Props Config" and "Busybox For Android NDK" and root fully enabled. Hide must be disabled. If this isn't the case, do so and then reboot.
Open Termux. Type 'su' to give root access. Then type 'props' and follow the menu for your device. Type '1' for 'Edit device fingerprint'. Type 'f' for 'Pick a certified fingerprint'. Type '13' for 'Lenovo'. Type '2' for 'Lenovo Tab 4 8 Plus TB-8704F (8.1.0)'. If you have another device you might be out of luck. Type 'y' for 'yes'. Wait. Type 'y' again to reboot.
Configure MagiskHide to hide these parts of GPS + any other root sensitive apps. The screenshot I have was taken from a OnePlus but it shows the GPS that needs to be hidden. The less you can get away with hiding the better for performance reasons. Also make sure to repackage Magisk as 'Settings' and change the name of the 'TWRP' folder using a root file explorer (for some reason I don't have one) to... I'm partial to 'f**kyougoogle' personally, but anything will do. Reboot again and Disney+ should work just fine. If it doesn't, I can't help you.
I'd recommend moving to 18.1 before doing this, you'll have to start from square 1 but it means you're more up to date and won't have to do it again until someone builds 19.1 for this device. Can confirm, that build works.
This isn't without risk. Some apps specifically wanting android 11 might not work right. But it SHOULD fix root sensitive apps that use Safetynet. I also can't say anything about Widevine compatibility as I don't have Disney+ on this device.
Click to expand...
Click to collapse
Thanks.
OK. So, I've attached a few pics to show you where I am.
Booted, checked into Magisk for those settings. I can see 'Magiskhide', so I can untick that, but how do I ensure "Magisk has "MagiskHide Props Config" and "Busybox For Android NDK" and root fully enabled"
Root wise, I'm pretty sure it is, but yes, not sure how I double check!

boomhaueruk said:
Thanks.
OK. So, I've attached a few pics to show you where I am.
Booted, checked into Magisk for those settings. I can see 'Magiskhide', so I can untick that, but how do I ensure "Magisk has "MagiskHide Props Config" and "Busybox For Android NDK" and root fully enabled"
Root wise, I'm pretty sure it is, but yes, not sure how I double check!
Click to expand...
Click to collapse
They are Magisk modules, you go to there the puzzle piece is and search for them.

boomhaueruk said:
Thanks.
OK. So, I've attached a few pics to show you where I am.
Booted, checked into Magisk for those settings. I can see 'Magiskhide', so I can untick that, but how do I ensure "Magisk has "MagiskHide Props Config" and "Busybox For Android NDK" and root fully enabled"
Root wise, I'm pretty sure it is, but yes, not sure how I double check!
Click to expand...
Click to collapse
OK, found 'root checker' on the play store. And Termux.
so I have root.

K14_Deploy said:
They are Magisk modules, you go to there the puzzle piece is and search for them.
Click to expand...
Click to collapse
Ah! Got it. Ok, went into Magisk, went to the puzzle piece, found them both and...
Ah, I've just seen you've said "I'd recommend moving to 18.1 before doing this, you'll have to start from square 1 but it means you're more up to date and won't have to do it again until someone builds 19.1 for this device. Can confirm, that build works."
Right. I'd better go and find all the instructions for that. I've forgotten how I got this thing onto custom firmware, but I've got recovery installed.

boomhaueruk said:
Ah! Got it. Ok, went into Magisk, went to the puzzle piece, found them both and...
Ah, I've just seen you've said "I'd recommend moving to 18.1 before doing this, you'll have to start from square 1 but it means you're more up to date and won't have to do it again until someone builds 19.1 for this device. Can confirm, that build works."
Right. I'd better go and find all the instructions for that. I've forgotten how I got this thing onto custom firmware, but I've got recovery installed.
Click to expand...
Click to collapse
Go to the 18.1 thread on this forum and look for the instructions for flashing without being on stock. Also use TWRP 3.4.0.0. You will need a computer, as you have to wipe internal storage and use ADB.

K14_Deploy said:
Go to the 18.1 thread on this forum and look for the instructions for flashing without being on stock. Also use TWRP 3.4.0.0. You will need a computer.
Click to expand...
Click to collapse
I may stay where I am on Android 9. I've just seen it doesn't support sim and I sort of need that.
I can always come back and do that later, right?
I'm a bit worried about bricking it too. I might just get myself onto Android 9 working with the fix for now. It took me so long to get it onto custom rom the first time.

boomhaueruk said:
I may stay where I am on Android 9. I've just seen it doesn't support sim and I sort of need that.
I can always come back and do that later, right?
I'm a bit worried about bricking it too. I might just get myself onto Android 9 working with the fix for now. It took me so long to get it onto custom rom the first time.
Click to expand...
Click to collapse
Yeah of course, but you will have to start over if / when you upgrade

Ah. Hit a snag.
You said "Type '2' for 'Lenovo Tab 4 8 Plus TB-8704F (8.1.0)"
I've got the TB-8704L, the 10 inch.
Let me see if anythings listed.

Firestick Lite (Sheldon) 7.2.2.3/7.2.2.8 Launcher Replacement and Debloat (No Root)

Delete... Now obsolete on current OS

Hello.
I have a Fire TV Stick Lite running 7.2.2.8.
Gone through the post and applied the "Debloat the Lite of Unnecessary Sh*te", installed all the apks. I went with Wolf 0.1.7 as the launcher.
When running FTVLaunchX I had to run the below two lines first and then perform the permissions.
settings put secure enabled_accessibility_services de.codefaktor.ftvlaunchx/de.codefaktor.ftvlaunchx.HomeService
settings put secure accessibility_enabled 1
The original Amazon launcher still loads first and then Wolf kicks in. I can still access the Amazon launcher by pressing the home key. Also there doesn't seem to be that much change on the main Amazon launcher if any at all.
Am I missing something? Or was I expecting too much?
***** UPDATE
I have tried "Launcher Manager (FireOS 6 & 7)_1.0.2" instead of LaunchX and this seems to work fine for me. Boots straight into Wolf and the Home button also links to Wolf.
Thanks

Deleted Thread, Obsolete tutorial

I now have it running like a dream with Wolf 0.1.7, looks really nice just how I would want it from stock. Thanks for your help.

Delete Thread.... OBSOLETE TUTORIAL ( No good to anyone now running latest firmwares)

Hello.
After the full debloat I noticed that I wasn't able to connect to the fire stick from my phone with app like you tube and prime video. The phone was just hanging on "connecting to fire stick" when clicking on the "cast" button. After a few attempts I found out that the service "com.amazon.avod" was responsable for making the connection possible from phone. When I enabled it back it started working as normal.

OBSOLETE TUTORIAL FOR FIRESTICK SHELDON. MODS/ADMIN PLEASE DELETE THIS THREAD.. THANKS

Still running a version of 7228 but this must have been patched now, just get loads of Java exceptions when trying to do anything

brezzz said:
Still running a version of 7228 but this must have been patched now, just get loads of Java exceptions when trying to do anything
Click to expand...
Click to collapse
Should be working fine ... If you're using remote adb shell try pasting in smaller groups of the disable commands.
I noticed it tends to produce errors and crashes the remote adb app when pasting large clusters or the whole list of commands.
I just used it today on a Lite edition Firestick 2020 running 7.2.2.8 new UI.
I kanged @0815hoffi hardwork as some people I know were asking for a debloat AND Custom Launcher guide.... I just copied and pasted hoffis scripts minus the (adb shell part)
E.G "pm disable-user --user 0 *****"
Regards
Edit : OP updated...double tested again on two different models Lite and Newer FTVS-2021

Anything like this for the latest OS?

Bertonumber1 said:
Delete Thread.... OBSOLETE TUTORIAL ( No good to anyone now running latest firmwares)
Click to expand...
Click to collapse
well you usually don't delete something ! you can just ADD a note " with latest firmware is not working " .. by doing what you did " obsolete .. " " delete " .. you just created more confusion !
EVERYTHING become obsolete.. if you are worried about it just add a note

simika said:
well you usually don't delete something ! you can just ADD a note " with latest firmware is not working " .. by doing what you did " obsolete .. " " delete " .. you just created more confusion !
EVERYTHING become obsolete.. if you are worried about it just add a note
Click to expand...
Click to collapse
Not that i need to explain myself however i will in this case.
Firstly, due to the amount of people notifying me this was not working on newer fota update i had no choice but to remove it and prevent error.
Secondly, i wrote the post and decided it was best to delete it for the time being because... It was my post.
And finally.. The adb commands given in the first post do not work on any newer ota past 7.2.2.8 due to amazon telemetry within the ui/ launcher... so... until i have time to add my new tutorial for debloating/launcher replacement the post remains as is to prevent user error and screwed devices.
"simply adding a note" is a dumb idea as people being people would still attempt the commands on newer fireos... And who gets the stick for that when it goes wrong? Not you... Me.
Regards

Bertonumber1 said:
Not that i need to explain myself however i will in this case.
Firstly, due to the amount of people notifying me this was not working on newer fota update i had no choice but to remove it and prevent error.
Secondly, i wrote the post and decided it was best to delete it for the time being because... It was my post.
And finally.. The adb commands given in the first post do not work on any newer ota past 7.2.2.8 due to amazon telemetry within the ui/ launcher... so... until i have time to add my new tutorial for debloating/launcher replacement the post remains as is to prevent user error and screwed devices.
"simply adding a note" is a dumb idea as people being people would still attempt the commands on newer fireos... And who gets the stick for that when it goes wrong? Not you... Me.
Regards
Click to expand...
Click to collapse
for sure you got your reason ( unless you would have gone out of your mind lol )
i'm just saying that is better to edit the original post and write NOT WORKIN ON LATEST FIRMWARE ( or after 7.2.2.8) than if people are not able to read the post well they should learn !

[Guide] Building a TWRP Fire TV Stick Rom [WIP]

Since @burcbuluklu did such a nice job of creating this for mantis (4k), I've decided to copy that concept for sheldon.
I've created a couple different images, which I'll post in the next few days hopefully.
Sorry for the delay. I've actually managed to get further with this then I expected. The wait will be worth it. I've managed to bring back the OOBE (the welcome setup you have to run through when the stick is brand new). There's one last piece I would like to figure out before I post the image.
I'm looking for help on creating a script that will trigger after the OOBE is complete. There is a flag that gets set after successful completion of the OOBE so that value could be read on boot for example and then trigger the script. Would also want to ensure the script only runs once. It will just be a basic debloating script. This is the last piece of the puzzle. This is a bit out of my skill set. If you can give me a hand with this I'll be able to post a really nice complete image.
--------------------------------------
I've now managed to get around the following problem, though not as cleanly as I would like.
Unfortunately, I'm stuck at a critical part. I need to remove my amazon account before I can share it.
I've approached it in two ways but neither have been successful. First is to remove my account after everything has been setup and done, this would be a bit preferable as I've already done all the work to create this. Second is to not have to sign in with amazon to begin with. Basically disable the OOBE, build up the ROM and then re-enable OOBE so when it gets flashed it's easy to run through that part of the setup. If OOBE can't be re-enabled, then the setup to connect your remote will be the same as in the 4K thread, hopefully.
I had played with various ways to get around OOBE, getting ADB enabled out of the box etc, all with various levels of success on mantis but for whatever reason I can't get ADB enabled on sheldon. For clarification, the intent is to get ADB enabled via recovery so it's accessible before having to run through OOBE.
EDIT:
The only plausible way I've figured out is to use "deregister". Not sure how much "personal info" is left as it says it won't remove all personal info but I used a dummy account anyway. The other factor that is different from mantis/6.2.7.6, is to complete OOBE after the stick has been deregistered, the stock amazon launcher must still be enabled. When trying with another launcher set via launch manager, OOBE won't complete as it gets into a loop during the registration stage. Definitely unfortunate as I would have liked the user to end up on the customer launcher (wolf in this case) rather then having to enable it after getting through the OOBE. If anyone has a better way please let me know.

Can't you just enable ADB through IDME?

Finnzz said:
Can't you just enable ADB through IDME?
Click to expand...
Click to collapse
I'm not familiar with IDME. I couldn't find a whole lot on it. Mind pointing me in the right direction?

bnevets27 said:
I'm not familiar with IDME. I couldn't find a whole lot on it. Mind pointing me in the right direction?
Click to expand...
Click to collapse
IDME is part of the Amazon feature layer added to all their bootloaders. It includes flags to enable ADB, enable ADB with root, and enable ADB without authorization.
You can check it out if you boot up FireOS and use the command 'ADB shell IDME print'. Fos_flags is the value you are interested in in this case.
The fos_flag value can be set from within FireOS using ADB, or from fastboot. These values are written to the end of the bootloader partition, or backup bootloader. It's magic is "beefdeed", and you could edit it directly.
For more information go to Amazon's FireTV open source page, download the source for Sheldon and search the bootloader source for IDME.h

reserved

reserved

@Finnzz thanks for the suggestion but I wasn't able to figure out IDME. Looks pretty interesting though. End result is was easier to just run through the OOBE. Now that I have an image it doesn't matter too much anymore. And I think I've managed to remove all account traces. Though I still want to figure out how to get adb access and bypass the OOBE. I've seen @SweenWolf do it for mantis. Of course I can do it with an image restore but that's not really the same thing. It's not really need but interesting anyhow.
Getting close to a release, just need help making a script that triggers after the OOBE is complete. More info on that in the OP.