MI 9T Nethunter installation - Redmi K20 / Xiaomi Mi 9T Questions & Answers

Hello! Has anyone installed official Nethunter 2020-pre3 on this device? If so, could you please describe step-by-step how you managed to do that, what MIUI (or maybe custom ROM) you have, and how it works?

you can install, but you need kernel to get wifi to work. if someone implement nethunter wlan mon to kernel, then you could test vulnerabilities
there is also Andrax, but also requires kernel for monitoring

fotom-dotcom said:
Hello! Has anyone installed official Nethunter 2020-pre3 on this device? If so, could you please describe step-by-step how you managed to do that, what MIUI (or maybe custom ROM) you have, and how it works?
Click to expand...
Click to collapse
my phone is currently running the latest version of miui 11 and when I flash the kali nethunter kernel to my mi 9t, it gets stuck on boot, any solutions or step by step guide on how I can successfully install it?

Flash MIUI fastboot Rom (11.0.5) and boot to the system
Remove your Google and Mi account if you have one
Then install TWRP
Install Disable_DM-Veriety_Forcencrypt(find it on xda)
Reboot recovery
Install magisk and perform format data
Boot to the system and set up the phone
Then install magisk again
Install busybox app from playstore and install busybox itself to /system/xbin
Go to TWRP
Install latest NH image
Go to Mount and untick /System
Install Magisk (for the last time)
Wipe cache and dalvik, then reboot. You should see NH boot animation.
Go to NH app, grant all permissions and start chroot
Go to NH Store, in settings tap on expert mode and untick PrivilegeExtention
Update NH app to the latest version
And you're done! This step-by-step guide should help to install NH and make it work properly. Then just type "apt update && apt -y full-upgrade" in NH terminal and you're good to go

fotom-dotcom said:
Flash MIUI fastboot Rom (11.0.5) and boot to the system
Remove your Google and Mi account if you have one
Then install TWRP
Install Disable_DM-Veriety_Forcencrypt(find it on xda)
Reboot recovery
Install magisk and perform format data
Boot to the system and set up the phone
Then install magisk again
Install busybox app from playstore and install busybox itself to /system/xbin
Go to TWRP
Install latest NH image
Go to Mount and untick /System
Install Magisk (for the last time)
Wipe cache and dalvik, then reboot. You should see NH boot animation.
Go to NH app, grant all permissions and start chroot
Go to NH Store, in settings tap on expert mode and untick PrivilegeExtention
Update NH app to the latest version
And you're done! This step-by-step guide should help to install NH and make it work properly. Then just type "apt update && apt -y full-upgrade" in NH terminal and you're good to go
Click to expand...
Click to collapse
-I just installed Kali NetHunter last week to QFJEUXM v11.0.6 and Disable_DM-Veriety_Forcencrypt is NOT NEEDED (it is only needed for custom ROMs, no need for TWRP, Magisk or NetHunter overlay).
Ofc, every type when bootibg to TWRP (use official 3.4.0), type in your Android screen unlock pin to let TWRP on-the-fly decrypt Data (just like when booting to Android), but keeping your file system encrypted
With DFE you force complete decrypion of your Data - anybody who would boot into TWRP would be able to read/write to your Data without need to know your Androud screen unlock pin
(I don't know why people copy/paste this DFE into every guide: for TWRP, for rooting, etc - it is only needed for installation of custom ROMs because they are usually not properly ported to the device and they don't support stock file encryption, hence encryption must be removed by DFE for custom ROMs to be able to access Data)
- Also, I didn't remove my Google and Mi account, and I didn't format Data - no need for TWRP, not for Magisk, neither for NH.
Upon installing NH, I had all my apps, data, settings as before
- Btw, "apt update && apt -y full-upgrade" is covered by NetHunter app (comed with the installation) go to Custum commands tab, first option there
PS: Custom kernel is included to the pre-built NH image, as well as stock GApps

zgfg said:
-I just installed Kali NetHunter last week to QFJEUXM v11.0.6 and Disable_DM-Veriety_Forcencrypt is NOT NEEDED (it is only needed for custom ROMs, no need for TWRP, Magisk or NetHunter overlay).
Ofc, every type when bootibg to TWRP (use official 3.4.0), type in your Android screen unlock pin to let TWRP on-the-fly decrypt Data (just like when booting to Android), but keeping your file system encrypted
With DFE you force complete decrypion of your Data - anybody who would boot into TWRP would be able to read/write to your Data without need to know your Androud screen unlock pin
(I don't know why people copy/paste this DFE into every guide: for TWRP, for rooting, etc - it is only needed for installation of custom ROMs because they are usually not properly ported to the device and they don't support stock file encryption, hence encryption must be removed by DFE for custom ROMs to be able to access Data)
- Also, I didn't remove my Google and Mi account, and I didn't format Data - no need for TWRP, not for Magisk, neither for NH.
Upon installing NH, I had all my apps, data, settings as before
- Btw, "apt update && apt -y full-upgrade" is covered by NetHunter app (comed with the installation) go to Custum commands tab, first option there
PS: Custom kernel is included to the pre-built NH image, as well as stock GApps
Click to expand...
Click to collapse
Can u help me? https://drive.google.com/file/d/10KY4uZoZknjvQr8qDP7UHLDPInjIQVYg/view?usp=drivesdk

Can you help us with your step by step ? Thank you !
Can you help us with your steps ?
zgfg said:
-I just installed Kali NetHunter last week to QFJEUXM v11.0.6 and Disable_DM-Veriety_Forcencrypt is NOT NEEDED (it is only needed for custom ROMs, no need for TWRP, Magisk or NetHunter overlay).
Ofc, every type when bootibg to TWRP (use official 3.4.0), type in your Android screen unlock pin to let TWRP on-the-fly decrypt Data (just like when booting to Android), but keeping your file system encrypted
With DFE you force complete decrypion of your Data - anybody who would boot into TWRP would be able to read/write to your Data without need to know your Androud screen unlock pin
(I don't know why people copy/paste this DFE into every guide: for TWRP, for rooting, etc - it is only needed for installation of custom ROMs because they are usually not properly ported to the device and they don't support stock file encryption, hence encryption must be removed by DFE for custom ROMs to be able to access Data)
- Also, I didn't remove my Google and Mi account, and I didn't format Data - no need for TWRP, not for Magisk, neither for NH.
Upon installing NH, I had all my apps, data, settings as before
- Btw, "apt update && apt -y full-upgrade" is covered by NetHunter app (comed with the installation) go to Custum commands tab, first option there
PS: Custom kernel is included to the pre-built NH image, as well as stock GApps
Click to expand...
Click to collapse

mapachesan said:
Can you help us with your steps ?
Click to expand...
Click to collapse
Let me try to recall. Maybe I did some unnecessary steps and if I will go again I would try to do it in a more elegant way:
I had
- QFJEUXM v11.0.6
- Hasty kernel
- Magisk Canary, BusyBox for Android NDK (Systemless module, not app from Playstore) and several other Magisk modules
- TWRP 3.4.0
I never used any custom ROM, I never messed up with Persist, formatting Data, FDE and so - and it was not needed here either!!!
I did some backups but TG didn't need to use them, everything was preserved.
So I didn't remove Google or Mi account, didn't even remove lock-screen Pin (probably would be safer, just in case)
Maybe it was not needed but I flashed stock boot.img (to get rid of changes done by Hasty and Magisk).
I rebooted to Android and ofc lost TWRP - I had to flash it from fastboot again.
So I should have rebooted first to TWRP and only then to Android - that way TWRP would be preserved
Then I rebooted to TWRP and flashed nethunter-2020.2-davinci-miui-ten-kalifs-full.zip
Again I did a mistake (I was discussing something with my wife?) that I rebooted to Android and lost TWRP - I should have rebooted first to TWRP to preserve it
So I flashed TWRP again, booted to TWRP, made a backup of Boot image.
Booted to Android, opened Magisk Manager, patched the backed-up boot.emmc.win (Preserve DM and Preserve Encryption both On, Recovery mode Off).
Rebooted to TWRP, wiped Dalwik and Cache, and flashed the patched Boot img.
Rebooted to Android and I had Magisk with all my previous modules (incl. e.g. Viper4Android, BusyBox, etc).
Probably just flashing Magisk zip through TWRP would also work (but I usually prefer patching method)
Everything (apps, data, settings incl. unlock PIN, etc) was preserved.
It means also stock GApps, my Google account, Google apps (you name it) - all continued to work as in the stock firmware
Opened NetHunter app and Kali Chroot manager - granted root and other permissions.
Also, open Custom commands and Update Kali Metapackages (do it every few days to stay up-to-date)
Open also (I forgot, did it few days later), NetHunter Store, Settings, Expert mode and untick Privilege Extention.
Let it update NetHunter app
That's it, to my best memory
Edit:
One more tip, not related to NH but generally to SafetyNet and unlocked Bootloader
Install Magisk Hide Props Config (Magisk module) and reboot.
Run props from Terminal, choose Edit custom props (not Fingerprint option) redefine ro.product.model to e.g. Unknown and reboot - now, SafetyNet will pass!
Ofc, you should have Magisk Hide option in Magisk Manager ticked on (must be rebooted upon)
If Playstore shows Device is not certified, it can be easily fixed:
- AirPlane mode on
- Settings, Apps, Show System apps
- Search for Google and for Playstore app, Services and Framework do Delete Cache and Data
Reboot, AirPlane off, give a time for Playstore to sync and it will show Device is certified
PS:
For Ctrl c command (you will need e.g. for Wifite nethunting), install Hacker's Keyboard from Playstore
Whenever you need terminal, you can use NetHunter terminal (Android option) - it's better than Terminal app from Playstore.
How hunting can look like:
https://mega.nz/file/p5VlRA6b#btALUgFkxxJn0aZQdHs-oLVwTdeCKLSFsTfJrO4dbGc

zgfg said:
Let me try to recall. Maybe I did some unnecessary steps and if I will go again I would try to do it in a more elegant way:
I had
- QFJEUXM v11.0.6
- Hasty kernel
- Magisk Canary, BusyBox for Android NDK (Systemless module, not app from Playstore) and several other Magisk modules
- TWRP 3.4.0
I never used any custom ROM, I never messed up with Persist, formatting Data, FDE and so - and it was not needed here either!!!
I did some backups but TG didn't need to use them, everything was preserved.
So I didn't remove Google or Mi account, didn't even remove lock-screen Pin (probably would be safer, just in case)
I did it, but the NH app doesn't work (version 2020.02) you saw the video uploaded on google drive
Maybe it was not needed but I flashed stock boot.img (to get rid of changes done by Hasty and Magisk).
I rebooted to Android and ofc lost TWRP - I had to flash it from fastboot again.
So I should have rebooted first to TWRP and only then to Android - that way TWRP would be preserved
Then I rebooted to TWRP and flashed nethunter-2020.2-davinci-miui-ten-kalifs-full.zip
Again I did a mistake (I was discussing something with my wife) that I rebooted to Android and lost TWRP - I should have rebooted first to TWRP to preserve it
So I flashed TWRP again, booted to TWRP, made a backup of Boot image.
Booted to Android, opened Magisk Manager, patched the backed-up boot.emmc.win (Preserve DM and Preserve Encryption both On, Recovery mode Off).
Rebooted to TWRP, wiped Dalwik and Cache, and flashed the patched Boot img.
Rebooted to Android and I had Magisk with all my previous modules (incl. e.g. Viper4Android, BusyBox, etc).
Probably just flashing Magisk zip through TWRP would also work (but I usually prefer patching method)
Everything (apps, data, settings incl. unlock PIN, etc) was preserved.
It means also stock GApps, my Google account, Google apps (you name it) - all continued to work as in the stock firmware
Opened NetHunter app and Kali Chroot manager - granted root and other permissions.
Also, open Custom commands and Update Kali Metapackages (do it every few days to stay up-to-date)
Open also (I forgot, did it few days later), NetHunter Store, Settings, Expert mode and untick Privilege Extention.
Let it update NetHunter app
That's it, to my best memory
Edit:
One more tip, not related to NH but generally to SafetyNet and unlocked Bootloader
Install Magisk Hide Props Config (Magisk module) and reboot.
Run props from Terminal, choose Edit custom props (not Fingerprint option) redefine ro.product.model to e.g. Unknown and reboot - now, SafetyNet will pass!
Ofc, you should have Magisk Hide option in Magisk Manager ticked on (must be rebooted upon)
If Playstore shows Device is not certified, it can be easily fixed:
- AirPlane mode on
- Settings, Apps, Show System apps
- Search for Google and for Playstore app, Services and Framework do Delete Cache and Data
Reboot, AirPlane off, give a time for Playstore to sync and it will show Device is certified
PS:
For Ctrl c command (you will need e.g. for Wifite nethunting), install Hacker's Keyboard from Playstore
Whenever you need terminal, you can use NetHunter terminal (Android option) - it's better than Terminal app from Playstore.
How hunting can look like:
https://mega.nz/file/p5VlRA6b#btALUgFkxxJn0aZQdHs-oLVwTdeCKLSFsTfJrO4dbGc
Click to expand...
Click to collapse
>Miui beta chinese 20.7.16
I did it, but the NH app doesn't work (version 2020.02) you saw the video uploaded on google drive
https://drive.google.com/file/d/10KY4uZoZknjvQr8qDP7UHLDPInjIQVYg/view?usp=drivesdk

View attachment 5063369
Irineu F said:
>Miui beta chinese 20.7.16
I did it, but the NH app doesn't work (version 2020.02) you saw the video uploaded on google drive
https://drive.google.com/file/d/10KY4uZoZknjvQr8qDP7UHLDPInjIQVYg/view?usp=drivesdk
Click to expand...
Click to collapse
Sorry but recording by camera or what was very bad, cannot read anything.
Please use stock Screen recorder - see a screenshot.
Also, you can take screenscots by sliding three fingers, this is useful for capturing short lasting notifications and so - second screenshot
Isn't your notification saying something about Chroot (cannot read from your movie) - it should look like on my screenshots
Check slso if root is granted and all permissions given - further screenshots
Edit:
Make sure you also have Busybox for Android NDK (Magisk module) installed

Irineu F said:
>Miui beta chinese 20.7.16
I did it, but the NH app doesn't work (version 2020.02) you saw the video uploaded on google drive
https://drive.google.com/file/d/10KY4uZoZknjvQr8qDP7UHLDPInjIQVYg/view?usp=drivesdk
Click to expand...
Click to collapse
Manually grant all the permissions to the NH app and it should work.

zgfg said:
View attachment 5063369
Sorry but recording by camera or what was very bad, cannot read anything.
Please use stock Screen recorder - see a screenshot.
Also, you can take screenscots by sliding three fingers, this is useful for capturing short lasting notifications and so - second screenshot
Isn't your notification saying something about Chroot (cannot read from your movie) - it should look like on my screenshots
Check slso if root is granted and all permissions given - further screenshots
Edit:
Make sure you also have Busybox for Android NDK (Magisk module) installed
Click to expand...
Click to collapse
on the notification screen, NH says Chroot is not installed, I don't know how to give manual permission, because NH is installed as a System App, so it should have all permissions

Adoantony said:
on the notification screen, NH says Chroot is not installed, I don't know how to give manual permission, because NH is installed as a System App, so it should have all permissions
Click to expand...
Click to collapse
Have you tried?
See my screenstots from previous post.
Settings, Apps, Manage apps, Show system apps, open e.g. NetHunter app, App Permissions...

zgfg said:
Have you tried?
See my screenstots from previous post.
Settings, Apps, Manage apps, Show system apps, open e.g. NetHunter app, App Permissions...
Click to expand...
Click to collapse
https://mega.nz/file/zpYRmYaA#Kav_NBBRi6esWuQ4u0Z9EQDPfLfke2CSwUbZ_hM605o

Adoantony said:
https://mega.nz/file/zpYRmYaA#Kav_NBBRi6esWuQ4u0Z9EQDPfLfke2CSwUbZ_hM605o
Click to expand...
Click to collapse
Your app settings look different, what is exactly your model and firmware (ROM)
https://mega.nz/file/JhE2BKxL#VRl4ph_dQ41b2zdREtRwrgK9hSheWPkMz8ZXp2vNeDo

zgfg said:
Your app settings look different, what is exactly your model and firmware (ROM)
https://mega.nz/file/JhE2BKxL#VRl4ph_dQ41b2zdREtRwrgK9hSheWPkMz8ZXp2vNeDo
Click to expand...
Click to collapse
https://drive.google.com/file/d/10Y1PFZ3BJsVfYK0lj2XIC6OzEOCXr6nJ/view?usp=drivesdk
Rom beta chinese
do you think i should try to use at Rom Global?

Adoantony said:
https://drive.google.com/file/d/10Y1PFZ3BJsVfYK0lj2XIC6OzEOCXr6nJ/view?usp=drivesdk
Rom beta chinese
do you think i should try to use at Rom Global?
Click to expand...
Click to collapse
On their page they it's not specified which stock firmware for Mi 9T the pre-built image is for:
https://www.offensive-security.com/kali-linux-nethunter-download/
I'm using with QFJEUXM 11.0.6 - global eu, MiUI 11, don't know for other firmwares like Chinese, MIUI 12

zgfg said:
On their page they it's not specified which stock firmware for Mi 9T the pre-built image is for:
https://www.offensive-security.com/kali-linux-nethunter-download/
I'm using with QFJEUXM 11.0.6 - global eu, MiUI 11, don't know for other firmwares like Chinese, MIUI 12
Click to expand...
Click to collapse
fingerprint doesn't work does it?

Adoantony said:
fingerprint doesn't work does it?
Click to expand...
Click to collapse
Just tested five times, it worked (now) for me (frankly, better than expected)
Generally, I'm disappointed with this FOD, I've tried all tricks suggested on forums but never made it working satisfactory, with no stock firmware (one day almost reliable, next day completely useless) hence I better stopped using it months ago (before installing NH)

zgfg said:
Just tested five times, it worked (now) for me (frankly, better than expected)
Generally, I'm disappointed with this FOD, I've tried all tricks suggested on forums but never made it working satisfactory, with no stock firmware (one day almost reliable, next day completely useless) hence I better stopped using it months ago (before installing NH)
Click to expand...
Click to collapse
thanks for answering me <3
do you have a telegram?

Related

lgd800 to cwm13 with + magisk

Hey I'm looking around and found 2 interesting posts.
http://forum.xda-developers.com/lg-...fficial-cyanogenmod-13-lg-g2-t3264508/page422
http://forum.xda-developers.com/lg-g2/help/starting-root-recovery-custom-rom-t3440752/page1
Click to expand...
Click to collapse
Pretty good instructions? I'm dancing around threads all over. I can't seem to get twrp onto a lollipop build. If I have twrp installed and try to manually go to LP from kk I get a bootloop the last few tries. If I have lp installed I can't seem to get autorec to respond, no matter which cfsu.
@blastagator:
Can you possibly list your steps for cwm and working magisk on your d800? Maybe I need to wipe all but internal, install lp bootstack in twrp-updated to one of your newer versions, install cwm? Is it clean from there to magisk and phhsu, magisk hide, phhapp? Will I need bumpboot ever for this?
andrew2432 said:
Hey I'm looking around and found 2 interesting posts.
Pretty good instructions? I'm dancing around threads all over. I can't seem to get twrp onto a lollipop build. If I have twrp installed and try to manually go to LP from kk I get a bootloop the last few tries. If I have lp installed I can't seem to get autorec to respond, no matter which cfsu.
@blastagator:
Can you possibly list your steps for cwm and working magisk on your d800? Maybe I need to wipe all but internal, install lp bootstack in twrp-updated to one of your newer versions, install cwm? Is it clean from there to magisk and phhsu, magisk hide, phhapp? Will I need bumpboot ever for this?
Click to expand...
Click to collapse
I do not use CWM, so I can't help you with that.
Basic Sequence (assuming starting from completely stock):
Use your favorite rooting tool - OneClick Root still works (I think)
Then install AutoRec (appropriate version for your ROM)
That gets you TWRP - boot TWRP with the key combo
Flash newest TWRP - reboot recovery
Flash bootstack to match new ROM (LP for LP or MM)
Advanced wipe, wipe /data, /system, /cache, /sd, /dalvik
Reboot Recovery
Copy new ROM to phone
Install new ROM
Reboot phone, profit
for magisk, flash magisk zip and then flash boot bump zip
IMPORTANT: If ROM has built-in su (like CM13 DOES) you need to delete that from the device.
I'd recommend deleting these BEFORE installing magisk (but I don't know if it actually matters)
For CM13, enable root in the developer menu
use your favorite console app
Code:
su
mount -o remount,rw /system
rm /system/xbin/su
rm /system/bin/su
Some ROMs might have an su file in /sbin and you might need to remount / as rw to remove that. For CM13 it is just those two files.
blastagator said:
I do not use CWM, so I can't help you with that.
Basic Sequence (assuming starting from completely stock):
Use your favorite rooting tool - OneClick Root still works (I think)
Then install AutoRec (appropriate version for your ROM)
That gets you TWRP - boot TWRP with the key combo
Flash newest TWRP - reboot recovery
Flash bootstack to match new ROM (LP for LP or MM)
Advanced wipe, wipe everything
Reboot Recovery
Copy new ROM to phone
Install new ROM
Reboot phone, profit
for magisk, flash magisk zip and then flash boot bump zip
IMPORTANT: If ROM has built-in su (like CM13 DOES) you need to delete that from the device.
I'd recommend deleting these BEFORE installing magisk (but I don't know if it actually matters)
For CM13, enable root in the developer menu
use your favorite console app
Some ROMs might have an su file in /sbin and you might need to remount / as rw to remove that. For CM13 it is just those two files.
Click to expand...
Click to collapse
Ahh cm is just the recovery not the rom, you use it and not twrp? The newest twrp for g2d800 is yours...twrp-d800-bump-blastagator?? What rom do you use? Will I be able to transfer files to the phone after wiping? I guess it stays in recovery after a wipe...just not used to that I guess.
Get twrp, flash bootstack...from you, wipe all, push my rom, flash rom, boot to phone. Experience my first ever custom os for a bit....Remove su with adb, boot to recovery, magisk, bump, phhsu zip, boot to phone. Install magisk 2.1, enable hide, reboot, phhsu app, ???, profit.
1. How can I thank ALL your posts ever?
2. Cwm nightly is the rom, the other is the recovery?
andrew2432 said:
Ahh cm is just the recovery not the rom, you use it and not twrp? The newest twrp for g2d800 is yours...twrp-d800-bump-blastagator?? What rom do you use? Will I be able to transfer files to the phone after wiping? I guess it stays in recovery after a wipe...just not used to that I guess.
Get twrp, flash bootstack...from you, wipe all, push my rom, flash rom, boot to phone. Experience my first ever custom os for a bit....Remove su with adb, boot to recovery, magisk, bump, phhsu zip, boot to phone. Install magisk 2.1, enable hide, reboot, phhsu app, ???, profit.
1. How can I thank ALL your posts ever?
2. Cwm nightly is the rom, the other is the recovery?
Click to expand...
Click to collapse
Recovery lives in /recovery partition, so I guess I should clarify, don't wipe EVERYTHING, lol. I can't remember if I enabled ability to wipe recovery, DONT DO THAT :silly:
edit: Advanced wipe, wipe /data, /system, /cache, /sd, /dalvik
But, as for everything else, recovery will live through wiping /system /data, etc. You need to backup anything you want to save though. Wipe will destroy everything.
Other than that, you pretty much got the rest.
edit 2: http://download.cyanogenmod.org/?device=d800
See image for ROM vs CM Recovery.
CWM = Clockwork Mod (a different recovery)
CM = CyanogenMod (a ROM)
.
@blastagator:
Haha I may have noticed that during the process. The bumpbootv1.0 is the one to use for even these newer methods?? That was what q2 really was supposed to be. I keep mentioning you because I assume it helps you see my posts, I assume your pretty busy. Some of those posts and files are rom when the g2 was almost new lol thanks seriously for getting back so fast I wish I could help this community more but I'm a skid
EDIT: awesome, I have to run all Internet functions off of the sprint lte network and was downloading one of those behemoths during that posts....that let's me know my efforts aren't in vain
andrew2432 said:
@blastagator:
Haha I may have noticed that during the process. The bumpbootv1.0 is the one to use for even these newer methods?? That was what q2 really was supposed to be. I keep mentioning you because I assume it helps you see my posts, I assume your pretty busy. Some of those posts and files are rom when the g2 was almost new lol thanks seriously for getting back so fast I wish I could help this community more but I'm a skid
Click to expand...
Click to collapse
Please read my edits and don't kill your phone. I am not always so timely in my responses :good:
Other than that, good luck!
There are tons of posts that go into more detail about what I wrote. Just make sure you have a plan before you do it. Think: Measure twice, cut once.
This g2 I found service locked while cleaning out a rental property. I have a galaxy s5 stupid sprint for my primary. I use the g2 for...well everything game and other related. until my Hotspot mod on my galaxy suddenly stopped working on lp. I blame the man
Äptiva is the one I read about a gutted 802 into an 800 or something, got you guys confused!!
@blastagator
Didn't work...steps followed what OS do you use? Do you use you d80030b or something else? No sn or pgo
If I update autorec twrp to your 3.0.2-1 will it hold through a manual FOTA update to 5.0? I use GPS system app for location. Is it possible moving to system then unrooting causes these bootloops and such? My g2 passes sn but I cm and gApps is causing issues? Logged into sc, pass sn, no pgo
andrew2432 said:
@blastagator
Didn't work...steps followed what OS do you use? Do you use you d80030b or something else? No sn or pgo
If I update autorec twrp to your 3.0.2-1 will it hold through a manual FOTA update to 5.0? I use GPS system app for location. Is it possible moving to system then unrooting causes these bootloops and such? My g2 passes sn but I cm and gApps is causing issues? Logged into sc, pass sn, no pgo
Click to expand...
Click to collapse
CM13.
If you're trying to get safety net to work, you have to enable magisk hide (in the magisk app)
Also, if you're using xposed, you can't use safety net.
@blastagator
Yeah done and done. Only things I can figure is installed the application side of phh su last, and gaps after being phh rooted.? I'm gonna check for su files with es here shortly. Safety net passes, snapchat works, just not pgo
Enabled hide after installing application and got root access when ticking hide. Literally the only thing that won't work is pgo, haven't tried android pay yet
No xposed I bought a way around that, not causing the issue because I haven't installed it on the d800
andrew2432 said:
@blastagator
Yeah done and done. Only things I can figure is installed the application side of phh su last, and gaps after being phh rooted.? I'm gonna check for su files with es here shortly. Safety net passes, snapchat works, just not pgo
Enabled hide after installing application and got root access when ticking hide. Literally the only thing that won't work is pgo, haven't tried android pay yet
No xposed I bought a way around that, not causing the issue because I haven't installed it on the d800
Click to expand...
Click to collapse
If the safety net test app passes, it should be working. perhaps downgrade your pogo a version or two, maybe they added something else.
Well, it's on a WiFi only, no SIM device...
I'm thinking this is the issue I'm experiencing now. Which may stem from an update. An older apk is a good idea, I was able to log on with magisk v6 a bit a go and when magisk 7 and 8 first came out I could.

Android Pay Compatibility?

Hi,
Wondering if anyone has succeeded in using Android Pay on their Mi Note 2?
I have the bootloader unlocked on mine and while I've had a play with Magisk and such, unsurprisingly since the bootloader is unlocked I'm not getting anywhere.
I'm aware there are kernel hacks that can return support to unlocked devices but I'm having a hard time telling if I'd require the full kernel source in order to implement them or if there are any other ways around this or if it is simply to MIUI being an unsupported ROM. I have heard that running stock MIUI with a an originally locked bootloader still fails SafetyNet and is incompatible. With the difficulties Xiaomi place on unlocking/relocking the bootloader etc
I was hoping someone who is still running stock would be able to verify it works on a stock device
If you could also post a screenshot of the ROM you're using that would be great. With so many devices shipping with vendor ROMs rather than the official it only complicates things further.
I'm happy to keep trying and post a tutorial for others if I can get it working but frankly at this stage if the issue is MIUI itself rather than the state of the bootlock then I'd rather not waste any more hours on this.
Cheers,
StoneTrap
Can confirm Android Pay works - I am using a rom provided by Hong Kong Goldway. I haven't rooted yet but I will see if it works afterwards.
thedeejay said:
Can confirm Android Pay works - I am using MIUI Global Stable 8.0.9.0.0. I haven't rooted yet but I will see if it works afterwards.
Click to expand...
Click to collapse
That's great to know.
I'm guessing your bootloader is still locked if you're unrooted. I'm fairly sure that's the only thing left tripping safetynet. AFAIK there's no bypass until we can build our own kernel but I'd love for someone to porve me wrong.
Did you try to lock bootloader again?
I think the Magisk trick is for hiding root, not unlocked bootloader.
terstor said:
Did you try to lock bootloader again?
I think the Magisk trick is for hiding root, not unlocked bootloader.
Click to expand...
Click to collapse
Thanks for the reply.
Like I said, I realise the issue is the unlocked bootloader. I know what Magisk is for
What I was asking is if a full kernel source is needed to build a hacked kernel that supports an unlocked bootloader meeting SafetyNet or if there are is any way of patching or rebuilding a pre-existing one?
There are already compatibility issues with some MIUI versions and Android Pay even with a locked bootloader. Rather than testing every rom myself I was wondering if anyone here had any experience with it working on a certain rom.
I know that you know
I'm just curious if android pay will work again if you lock bootloader again for example using 'fastboot oem lock'.
If someone is unlocking bootloader to install custom recovery only, it would be good idea to unlock -> install recovery -> lock -> install android Pay.
But does anyone know if this will work? Is this fastboot "lock" differs from the original "lock"?
terstor said:
I know that you know
I'm just curious if android pay will work again if you lock bootloader again for example using 'fastboot oem lock'.
If someone is unlocking bootloader to install custom recovery only, it would be good idea to unlock -> install recovery -> lock -> install android Pay.
But does anyone know if this will work? Is this fastboot "lock" differs from the original "lock"?
Click to expand...
Click to collapse
Ah sorry it's hard to tell sometimes when people are making posts just to hit that first 5 posts for access. If there was a signed recovery file, Magisk would be perfect for all sorts of hi-jinx (Like for example on the ZTE Axon 7)
Unfortunately because of the way xiaomi controls unlocking the bootloader there is no way to have a custom recovery and a locked bootloader. The recovery would have to be signed by xiaomi in order to boot it.
Signing system components isn't something I know much about, all we seem to have access to is the firehose in the fastboot images but even then with the way xiaomi have locked down fastboot it seems to require some kind of authorisation first.
I was able to flash the custom recovery with a locked bootloader by modifying a fastboot image before flashing and reclocking. This just forces the phone into EDL mode when trying to boot into recovery. The system itself continues to work and will quickly overwrite the unsigned recovery with the MIUI one if an attempt to boot into recovery doesn't happen.
The locks are all the same, this can be checked with
Code:
fastboot oem device-status
on locked and unlocked phones.
Ok, so if I understood correctly, custom recovery will stop working when i will lock the bootloader.
Sorry for the little offtop, but i have another question connected with this issue. And i can't verify it by myself because i'm still waiting for unlock approval. What will happen in this scenerio:
stock rom *stable* (not dev) -> unlock bootloader -> install custom recovery -> flash eg. SuperSu.zip (to get root) via recovery -> instal magisk/xposed -> lock bootloader.
3 questions:
1. Will root 'survive' after locking or not?
2. Will xposed/magisk survive and works correctly or not?
3. OTA updates will be available or not?
I can confirm locking the boot loader and flashing original firmware global works with Android pay
Sent from my Mi Note 2 using Tapatalk
I am able to get Xiaomi Mi Note 2 and Android Pay working WITH Magisk and unlocked bootloader.
1. Install Magisk
2. Install this patch
There are some issues with files unmounting correctly. I had to manually stop and start magisk hide to get this working.
But right now, I have Android Pay confirmed working, with an unlocked phone.
thedeejay said:
I am able to get Xiaomi Mi Note 2 and Android Pay working WITH Magisk and unlocked bootloader.
1. Install Magisk
2. Install this patch
There are some issues with files unmounting correctly. I had to manually stop and start magisk hide to get this working.
But right now, I have Android Pay confirmed working, with an unlocked phone.
Click to expand...
Click to collapse
Sorry, I have one more question. Which root did you use? (SuperSU, MagiskSU, or ?)
Felixweaster said:
Sorry, I have one more question. Which root did you use? (SuperSU, MagiskSU, or ?)
Click to expand...
Click to collapse
MagiskSU
thedeejay said:
MagiskSU
Click to expand...
Click to collapse
Sorry, which ROM do you install in phone?
I installed the modified MIUI 8 China Developer ROM 7.5.6 without root in my phone.
After flash Magisk V.12 in twrp 3.0.2.0, the Magisk do nothing in my phone.
Felixweaster said:
Sorry, which ROM do you install in phone?
I installed the modified MIUI 8 China Developer ROM 7.5.6 without root in my phone.
After flash Magisk V.12 in twrp 3.0.2.0, the Magisk do nothing in my phone.
Click to expand...
Click to collapse
I am using MIUI Global Stable 8.2.5. However, with the patch (which I think you haven't installed), it shouldn't matter which ROM you are using - China or Global, Stable or Dev. What the patch does is mainly changes the build.prop to a recognised device version and a few other things on the back end to hide being unlocked.
thedeejay said:
I am using MIUI Global Stable 8.2.5. However, with the patch (which I think you haven't installed), it shouldn't matter which ROM you are using - China or Global, Stable or Dev. What the patch does is mainly changes the build.prop to a recognised device version and a few other things on the back end to hide being unlocked.
Click to expand...
Click to collapse
My problem is nothing working after flash Magisk only or with patch!! Q___Q!
I will test and discuss with other people and developer on Sunday with new ROM.
Thank you very much.
Felixweaster said:
My problem is nothing working after flash Magisk only or with patch!! Q___Q!
I will test and discuss with other people and developer on Sunday with new ROM.
Thank you very much.
Click to expand...
Click to collapse
Can you send a copy of your Magisk log? Go to Magisk -> Log and click on Magisk.
I have a feeling that the issue may be that Magisk might not be unmounting correctly. There is quite a bit of a discussion on this (as well as even MORE patches to get this to work)
(and to make sure, you also don't have xposed?)
thedeejay said:
Can you send a copy of your Magisk log? Go to Magisk -> Log and click on Magisk.
I have a feeling that the issue may be that Magisk might not be unmounting correctly. There is quite a bit of a discussion on this (as well as even MORE patches to get this to work)
(and to make sure, you also don't have xposed?)
Click to expand...
Click to collapse
You can find the log as attached.
I did NOT have xposed.
Felixweaster said:
You can find the log as attached.
I did NOT have xposed.
Click to expand...
Click to collapse
It is mounting xposed so you still have traces of it left. Go through these steps:
flash this file in TWRP: - Xposed Uninstaller
Reboot. Check if Magisk is working. If it is not, reboot back into TWRP and flash Magisk v12.0 again: Latest Magisk
Reboot. Do a few keypresses before going back into TWRP. Flash This patch here: Xiaomi safetynet fix v1.3
Reboot back into system, and check if SafetyNet is working (can be done in Magisk Manager). If it isn't, reboot into TWRP once again and flash THIS one here: Magisk v12.0 fix
(So total of 4 files that need to be flashed and cycled through).
Also make sure that you DO NOT clear cache/dalvik cache at any stage!
Give that a shot and let me know how it goes.
thedeejay said:
It is mounting xposed so you still have traces of it left. Go through these steps:
flash this file in TWRP: - Xposed Uninstaller
Reboot. Check if Magisk is working. If it is not, reboot back into TWRP and flash Magisk v12.0 again: Latest Magisk
Reboot. Do a few keypresses before going back into TWRP. Flash This patch here: Xiaomi safetynet fix v1.3
Reboot back into system, and check if SafetyNet is working (can be done in Magisk Manager). If it isn't, reboot into TWRP once again and flash THIS one here: Magisk v12.0 fix
(So total of 4 files that need to be flashed and cycled through).
Also make sure that you DO NOT clear cache/dalvik cache at any stage!
Give that a shot and let me know how it goes.
Click to expand...
Click to collapse
After flash Xposed Uninstaller & reboot => magisk nothing working
After flash Magisk v12.0 => magisk nothing working
After flash Magisk v12.0 again & Xiaomi safetynet fix v1.3 => magisk nothing working
After flash Magisk v12.0 again & Xiaomi safetynet fix v1.3 again & Magisk v12.0 fix => magisk nothing working
After flash Xiaomi official root
I get the same error log as attached.
I also attach the recovery log in attachment.
When I check the recovery log, there are something strange as below.
============
MagiskBoot (by topjohnwu) - Boot Image Modification Tool
Loading cpio: [ramdisk.cpio]
grep: init.rc: No such file or directory
sed: init.rc: No such file or directory
sed: init.rc: No such file or directory
Cannot open init.rc
MagiskBoot (by topjohnwu) - Boot Image Modification Tool
Loading cpio: [ramdisk.cpio]
Cannot find the file entry [sepolicy]
MagiskBoot (by topjohnwu) - Boot Image Modification Tool
Loading cpio: [ramdisk.cpio]
Can't open 'sepolicy': No such file or directory
Could not load policy
Cannot open sepolicy
......
......
- Flashing new boot image
I:Set overlay: ''
5745+0 records in
5745+0 records out
23531520 bytes (22.4MB) copied, 0.291553 seconds, 77.0MB/s
- Unmounting partitions
losetup: /dev/block/loop0: No such device or address
umount: can't unmount /system: Device or resource busy
- Done
I:Updater process ended with RC=0
I:Legacy property environment disabled.
I:Install took 30 second(s).
I:Install zip Success,and install cofface-no-verity by cofface.
================
1. After flash the TWRP Unofficial TWRP 3.1.0-0 Mi Note 2 (scorpio)
2. Mount the /system read-write (I'm NOT sure do it cause something wrong?)
3. flash Magisk v12.0 => magisk working, saftnet false
4. Xiaomi safetynet fix v1.3 => magisk working, saftnet false
5. flash Magisk v12.0 fix => magisk working, saftnet true (before check saftnet, I found Magisk Hide in Magisk Manager and I also selected the safetynet attest app.)
Three more question
1. When you flash Magisk, is the /system read-only ?
2. Where do you have Magisk v12.0 fix ??
3. Why do you ask to flash Xiaomi safetynet fix v1.3 not Xiaomi safetynet fix v1.6 ?
thedeejay!! Thank you very much!!

Rooted Pixel 4 - Android QQ2A.200305.003 OTA - Decrypt?

Hi (newbie here).
I have a Pixel 4. I did a factory reset / wipe, unlocked the bootloader, sideloaded Android 10 QQ2A.200305.003 (OTA) installed the latest Magisk Manager, Magisk and BusyBox Android NDK and I have su in adb shell.
I took a physical image of the phone, which I did using dd / nc. It worked like a charm except that some of the files / partitions are encrypted. If I have to I'll take a logical of the partitions that I need using rsync or tar but I'd prefer to have a physical image, I can pick apart "offline". I see on the web that using TWRP you can install a zip file that will disable enforce encryption, verity, disk quota.
I can't use TWRP and I'm not sure how to go about it with Magisk, if at all possible. There are a few options in Magisk that mention enforcing encryption and verity in the advanced options, but un-checking those boxed doesn't appear to do anything.
When I check via the phone GUI in system, security, advanced, encryption, it appears encrypted but it doesn't allow me to un-encrypt. I've seen some information that would lead me to believe that I could have done something during the initial setup to disable encryption (and I have no issue going that route) but it appeared to be more of a Pixel 3 thing.
Anyway, I hope I've explained myself properly.
Thank you for your patience.
Denis

[GUIDE][J7ELTE]MicroG and Xposed for LineageOS 17.1

Disclaimer
Your warranty is now void.
I am not responsible for any bricked devices.
After some trial and error. I finally got microg running on LOS 17.1 or Android 10/Q. Tested on J700H (should work on J700F, etc. except for T which I assume has different properties)
The installation is quite tricky for some bug reasons (Traditionally Installing Microg will result into, no app notifications.)
So for the people who want to install Microg in their LOS ROM make sure to follow this guide.
For people who doesn't know about MicroG
https://www.reddit.com/r/MicroG/comments/9jceaj
Before we start, there is also this https://lineage.microg.org/. Which gives you preloaded MicroG ROM but the problem is, the ROM itself isn't that updated (Last updated 2-2-2021)
But the good thing is, you only have to flash it with TWRP and voila. You got MicroG and LOS, just a little bit older.
For people who wants to have the latest nightly Lineage OS 17.1 and at the same time having microg follow these steps carefully.
Requirements:
Lineage OS 17.1 https://download.lineage.microg.org/j7elte/ (Download the latest Nightly Zip only, forget the recovery zip)
Working TWRP (if you dont have any https://forum.xda-developers.com/t/...y-amp-amp-amp-root-samsung-galaxy-j7.3203632/) Please be careful
Apply this guide, but change the TWRP file to the latest one here https://dl.twrp.me/j7elte/
Magisk https://github.com/topjohnwu/Magisk/releases/download/v21.2/Magisk-v21.2.zip
MicroG GMS Core https://github.com/microg/GmsCore/r...7.204714/com.google.android.gms-204714034.apk
^^^^^
It's important to download this version else your notifications wont work
File downloaded must be "com.google.android.gms-204714034.apk" DOUBLE CHECK!
For some reason, the latest MicroG automatically closes it's device registration upon exiting the app, thereby disabling Cloud Messaging as a result. Which means notifications wont even show up.
MicroG GSF Proxy https://microg.org/fdroid/repo/com.google.android.gsf-8.apk
OpenGapps [arm, android 10, pico zip] https://opengapps.org/ (But I thought it was microg? Yup this is only temporary but part of the procedure)
Lucky Patcher or anything that can uninstall system apps (I recommend lucky patcher since it doesn't require any play services to run. If you try to uninstall google play services with an app that relies on play services it will crash)
Latest Bootloader, make sure to flash the latest bootloader using odin before proceeding to install LOS otherwise it wont work.
Check sammobile for the latest firmware
NEVER SKIP REBOOT. Else you're just making things complicated.
Go to settings > Tap Build Number 7 times > Developer Options > enable OEM unlock
Reboot to TWRP recovery and Full Wipe (Data, Cache, Dalvik, System)
Install Lineage OS 17.1 (Dont boot to system yet)
Install Magisk Zip
Install Gapps Pico Zip
Boot to System
Run Magisk, just press okay when it tries to update the app on startup. Check if Magisk is Installed: 21.1 (No need to Update App or Magisk if those numbers are shown, if it's N/A then update it)
If magisk asks you to reboot then do it (Especially if you updated it)
On the magisk app, click the puzzle icon on the bottom right. This is the magisk module, now search for Riru, download & Install (after installation dont reboot yet)
Next look for the Riru - EdXposed module (Then reboot)
I'm not sure of this one but check if EdExposed app is present on your homescreen then proceed, if not then search for EdExposed Manager apk, download & install.
If you're doing things right, upon opening EdExposed Manager, framework should be active. If not then retrace your steps
On EdExposed Manager, swipe right, then click download, search for FakeGApps and install. (You need to activate the module then reboot)
Install Lucky Patcher and grant root. Uninstall Google Play Services and Google Services Framework using lucky patcher (Things will start force closing which means it's working, reboot your device)
Install MicroG GMS Core (Make sure you download the file I listed above or else notifications wont work)
Install MicroG GSF
Open MicroG Settings on Homescreen, do a self-check. See if everything is checked, tap to grant it permission. (If system spoofs signature is unchecked, retrace your steps from no. 13)
Restart your phone (do not skip this step)
Open MicroG Settings, turn on Google Device Registration & Cloud Messaging
Restart your phone again (do not skip this step!! notification wont still work at this point)
Install Push Notification Tester on playstore to test
Have a cup of coffee and congratulate yourself. You now have MicroG on Lineage OS 17.1
Long term note: For example if an app notification doesnt work. Check MicroG settings > Cloud Messaging.
If the app doesn't appear there (also if the app exists way before you installed MicroG) you may have to reinstall that app to be able to get notifications
Purpose of this guide: Installing these kind of things are now difficult since Android 10. So many bugs and stuffs not working that's why I created this guide to at least contribute a little.
I'm thankful for the people who Lineage OS, made my phone so smooth.
Credits:
MicroG - https://microg.org/
LineageOS - https://lineageos.org/
Magisk - https://github.com/topjohnwu/
TWRP - https://twrp.me/
Video proof that MicroG works. GCM Notification Test via Discord https://streamable.com/d9f1qy

H918 Rooted and Encrypted on Stock?

Is there any way to have this phone rooted with encryption working? I would use Lineage, but it doesn't support VoLTE. I'm aware that TWRP will very likely never work again once the phone is encrypted, but that just means that I would have to flash everything I need before encrypting.
I'm on AO 20h ROM currently. My idea was (after making sure I never need TWRP again)
1. Flash stock 20h kernel zip without dm-verity and forced encryption disabled
2. Flash stock 20h boot.img (not sure if this step is necessary)
3. Reboot into system
Does this have the possibility of working? If not, what do I need to do to make this work?
Also, where can I find the stock kernel and boot.img?
I attempted to just flash the boot.img I extracted from the 20h kdz. This didn't work, because when I rebooted it just brought me to fastboot every time.
Edit: Second attempt was to extract the 20h kdz to get both the boot.img and the system.bin files. Then I patched the boot.img with Magisk Manager on my other phone, and moved it back to the sd card. To get the system.img from the 52 binary files, I used the KDZ Extractor which has an option to merge system files into an image. My plan was to flash from TWRP the system.img and then the patched boot.img, but when I went to install the system image, I got a warning message that the image was too big. It shows as 6GB on my computer, and the system partition is 5.4GB.
The only other idea I had in mind was to flash the 20h kdz, but interrupt the installation before it boots for the first time and "encrypts", then go into fastboot and flash the modified boot.img, but this seems excessively risky.
Edit Again: I DID IT!
And I'm not even locked out from using TWRP! Though I'm stuck on Nougat - 10p - with the method I used.
1. Patch extracted 10p boot image with Magisk app
2. Flash 10p with LGUP
3. Flash TWRP to recovery with Lafsploit, reboot to recovery
4. Factory reset from TWRP
5. While still in TWRP, flash the patched boot.img from 1.
Now my next goal is to deodex and try to get signature spoofing working so I can use MicroG. I've tried the Smali Patcher, which appeared to work, but it gets stuck on the T-Mobile splash screen. Same thing happens when I try to install Xposed with any method.
Hi there Pineapple!
Not too many people do care about H918 anymore. I am just like you trying to get something done, so reading everything I can find. I will point out the things I've learned already, but do remember I am not a dev, nor a senior member, not even a very experienced one.
So, above you were saying :
1. Flash stock 20h kernel zip without dm-verity and forced encryption disabled
2. Flash stock 20h boot.img (not sure if this step is necessary)
Well, the "boot.img" contains the Kernel and the Ram Disk, or at least this is what I've read in Android Internals - Jonathan Levin [1st Ed] free on his site. So, now it should be clear that if you'd do 2, it will overwrite 1.
About Encryption and Root:
ENCRYPTION:
Encrypt your phone before rooting, -> root, -> apply ROM. Not the other way around! Tested on Android 4-6.
Once you root or install various ROMs you lose the ability to encrypt your device.
You will have either hanging, rebooting, or the animation stalling
Discussed: http://forum.xda-developers.com/showthread.php?t=2791587 and
http://androidforums.com/threads/how-to-encrypt-a-rooted-device.866968/
Un-root if already rooted. Encrypt. Re-root.
If you Root with SuperSu, you have to manually kick start SuperSU when rooting after the encryption is in effect
Also see about issues with TWRP and Encryption in some devices
(Unable to decrypt the data partition on boot due to bug in TWRP)
(yep, H918, and it seems to be happening on stock ROMs as opposed to AOSP)
not sure if on H918 it is related or not to TWRP bug
Secure Boot (aka dm-verity) also complicates persistent rooting. <- look like you already took measures here
Xposed:
Xposed now also exists as a MAGISK MODULE, so no longer DETECTED if installed thru MAGISK <-try this
Had some issues with Android 7 (Nougat) but most were fixed. <-maybe try different version?
De-Odex
Why? Are you going to be theming your apps? AFAIK,
ODEX = (pre) Optimized Dalvik Exe file format (compressed, not fully compiled yet), separate from .apk
android apps are stored in .apk packages, not as easy nor fast to run as if already Odex-ed
De-Odexing just means having your apps on ROM sort of "collected" back to ".apk". You need that where you want to have an easy access to app resources, i.e. for theming.
QUESTIONS:
1. Could you, please, post the versions of all the components you've used? Like TWRP, Magisk..
2. So, microG doesn't work on rooted stock Nougat on H918? (Damn, I wanted to de-google)
Descent2 said:
So, above you were saying :
1. Flash stock 20h kernel zip without dm-verity and forced encryption disabled
2. Flash stock 20h boot.img (not sure if this step is necessary)
Well, the "boot.img" contains the Kernel and the Ram Disk, or at least this is what I've read in Android Internals - Jonathan Levin [1st Ed] free on his site. So, now it should be clear that if you'd do 2, it will overwrite 1.
About Encryption and Root:
ENCRYPTION:
Encrypt your phone before rooting, -> root, -> apply ROM. Not the other way around! Tested on Android 4-6.
Once you root or install various ROMs you lose the ability to encrypt your device.
You will have either hanging, rebooting, or the animation stalling
Discussed: http://forum.xda-developers.com/showthread.php?t=2791587 and
http://androidforums.com/threads/how-to-encrypt-a-rooted-device.866968/
Un-root if already rooted. Encrypt. Re-root.
If you Root with SuperSu, you have to manually kick start SuperSU when rooting after the encryption is in effect
Also see about issues with TWRP and Encryption in some devices
(Unable to decrypt the data partition on boot due to bug in TWRP)
(yep, H918, and it seems to be happening on stock ROMs as opposed to AOSP)
not sure if on H918 it is related or not to TWRP bug
Secure Boot (aka dm-verity) also complicates persistent rooting. <- look like you already took measures here
Click to expand...
Click to collapse
Yes, while doing this I did learn that the boot image contains the kernel. Looking back, that statement seems silly now that I know that. You are correct about encrypting before root. I did boot into the ROM and did the initial setup, then went back to TWRP (which thankfully had no error decrypting) to flash Magisk via the patched boot image. I did get rid of secure boot too, but I don't know if it was necessary in this case.
Descent2 said:
Xposed:
Xposed now also exists as a MAGISK MODULE, so no longer DETECTED if installed thru MAGISK <-try this
Had some issues with Android 7 (Nougat) but most were fixed. <-maybe try different version?
Click to expand...
Click to collapse
I tried three different ways of installing Xposed. First was through the Magisk Module, but this just made me get stuck on the T-Mobile screen. Had to remove the module from TWRP. Second was "systemlessly" as described here: https://magiskroot.net/install-systemless-xposed-framework-nougat/ . This had the same result. Third was by using only the Xposed Installer 3.1.5 apk, which didn't seem to do anything at all.
Descent2 said:
De-Odex
Why? Are you going to be theming your apps?
Click to expand...
Click to collapse
Deodexing the ROM is necessary to add signature spoofing, which is necessary to install MicroG, so it can pretend to be the real Google Play Services. Usually in the past I've done this with the Nanodroid patcher https://nanolx.org/nanolx/nanodroid but it didn't work here, which was odd because it did work on the Alpha Omega Oreo ROM (which didn't have working encryption).
Descent2 said:
QUESTIONS:
1. Could you, please, post the versions of all the components you've used? Like TWRP, Magisk..
2. So, microG doesn't work on rooted stock Nougat on H918? (Damn, I wanted to de-google)
Click to expand...
Click to collapse
1. The TWRP that's on the laf partition is the one that FWUL 2.7 installed. The TWRP that's on my recovery is 3.5.2_9-0-h918.img. This is the latest official release. To unpack the boot image from the stock kdz, I used LG Firmware Extract 1.2.6.1. I moved the boot image onto another phone which had the latest Magisk Manager app on it (23.0) to patch it with Magisk.
2. Not so far it hasn't. I've deleted everything Google with System App Uninstaller, /d/gapps, and adb. So I'm going without Google Services or MicroG for now. I'd like to change that though, since MicroG makes it far more livable.
So, you have the same end goal as I do - privacy. Have you considered buying the de-googled phone from Brax?
Honestly, this never ending enigma with H918 has me wondering if I should just do that. I mean, I don't sweat some learning and work, but now that the V20 forum is basically dead....
Descent2 said:
Have you considered buying the de-googled phone from Brax?
Honestly, this never ending enigma with H918 has me wondering if I should just do that. I mean, I don't sweat some learning and work, but now that the V20 forum is basically dead....
Click to expand...
Click to collapse
That reminds me of the people on ebay who try to sell 12 year old Thinkpads for 3-4x what they're worth just because they flashed coreboot on them. Except it's way easier to install a custom ROM on a Pixel than it is to flash coreboot. The Pixels are also very different phones than the V20 - no removable battery, ir blaster, 3.5mm jack, good DAC - but if you want the most private and secure smartphone, a Pixel with GrapheneOS (not Lineage) is what you want. Flash it yourself, it's way easier to do it to Pixels than LG's.
Same here.
May-be not that crazy, 3-4 times, but yeah, he sells Google Pixel 4 XL 128 GB with lineage for over $700 where that same phone is $380 on Swappa, lol. It's not as drastic as you memory of e-bay, but it is twice the worth, still.
But then again, considering how much Rob is doing for the community to propagate the awareness, may-be this isn't all that high of a price. Some busy people won't even blink at his prices, but would never invest this much time to decipher everything. Sadly, I, myself is a sucker for the know how, instead of focusing on making money.
You are right in that I did pick this phone as "last phone with removable battery" myself. I actually do remove the battery from time to time when I don't want to be tracked, and drop the phone in the steel covered glove compartment, where no weaker field communication can ever reach it.
Hey, thank you so much for the version numbers, if I decide to go that way, I'll use those exact ones! (So far, do not want to cross into ARB1, but it seems that the lafsploit only works with 10p...)
You know, the Patcher is also available from NanoDroid installed as a Magisk module. Their (Nano) description here:
GitHub - Nanolx/NanoDroid: [MIRROR] See https://gitlab.com/Nanolx/NanoDroid for main repository
[MIRROR] See https://gitlab.com/Nanolx/NanoDroid for main repository - GitHub - Nanolx/NanoDroid: [MIRROR] See https://gitlab.com/Nanolx/NanoDroid for main repository
github.com
states that NanoDroid includes:
on-device framework-patcher for microG support (signature spoofing), with automatic de-odexing up to Android 8.1
Is that the method you tried?
Nanolx says that his patcher patches the sig spoofing support into one of the three locations: Magisk NanoDroid module, Magisk itself and /system. When you were using the patcher, did you see any of these choices?
Also, do you know that the dev of Magisk now works for Google? Now, I know that absolute majority of people would not see anything weird here, but I do, cause I don't trust Google, and thus want to de-google my phone. Specifically, a small conflict of interest while working for google and developing a software that supposed to oversee and support the escape from that same Google by de-googling the phone. Some stockholders might find this quite funny and demand that something is done about this.
I would try older Magisk. I know from other threads, that on 10p, some of the versions of Magisk that did work were: 16.0, 21.0, 21.4 ...
Descent2 said:
You know, the Patcher is also available from NanoDroid installed as a Magisk module. Their (Nano) description here:
GitHub - Nanolx/NanoDroid: [MIRROR] See https://gitlab.com/Nanolx/NanoDroid for main repository
[MIRROR] See https://gitlab.com/Nanolx/NanoDroid for main repository - GitHub - Nanolx/NanoDroid: [MIRROR] See https://gitlab.com/Nanolx/NanoDroid for main repository
github.com
states that NanoDroid includes:
on-device framework-patcher for microG support (signature spoofing), with automatic de-odexing up to Android 8.1
Is that the method you tried?
Nanolx says that his patcher patches the sig spoofing support into one of the three locations: Magisk NanoDroid module, Magisk itself and /system. When you were using the patcher, did you see any of these choices?
Also, do you know that the dev of Magisk now works for Google? Now, I know that absolute majority of people would not see anything weird here, but I do, cause I don't trust Google, and thus want to de-google my phone. Specifically, a small conflict of interest while working for google and developing a software that supposed to oversee and support the escape from that same Google by de-googling the phone. Some stockholders might find this quite funny and demand that something is done about this.
I would try older Magisk. I know from other threads, that on 10p, some of the versions of Magisk that did work were: 16.0, 21.0, 21.4 ...
Click to expand...
Click to collapse
As long as Magisk itself is FOSS and hasn't been proven to be spyware, I'll trust it. The later versions actually have gotten better about privacy, since it now doesn't require internet. And the goal of the Magisk project isn't to de-google your phone. It can aid in de-googling, because you can uninstall system apps, but Magisk is just to gain root.
As for how I tried to use the patcher, I tried from TWRP, which gave me the error "failed to mount /system unsupported a/b device," and then if I tried to flash it from Magisk Manager it gave the error "failed to deodex services.jar"
When you say you tried to flash it from TWRP / Magisk Manager, it is not clear to me if you understand that Nano Patcher is also available as a Magisk module, and if you have tried to add that Magisk nano module or used the Patcher by itself as provided by NanoDroid in a stand alone installer. Since I haven't used Magisk yet myself, I do not know if has the flashing capability and that is what you referred to, or if that meant you added the module. Like I said, still learning here.
I do understand that Magisk is only a systemless root , not a patcher or microG.
The H918 is not an A/B device. Not on Nougat nor Oreo in any case. Obviously, you know that.
So, your device is being misidentified as a much newer device.
I think that if you had tried a version of Magisk or the Patcher that is not YET aware of A/B devices, then possibly such mis-identification would not happen.
Of course the fact that it happens thru TWRP, gives Magisk somewhat an alibi.
I still think it is worth trying. May-be older Patcher first, then with older Magisk.
I keep holding Magisk in my attention because without it doing its job correctly, you could not take the next step, the one that isn't working.
Finally, Try some of these: https://download.lineage.microg.org/h918/ ROMs, they already have signature spoofing handled. I would think an older one might work, as I saw several threads mentioning that the later versions of LOS don't run well on H918.
Also, here is thread you might want to read and post your situation into:
[MODULE/SYSTEM] NanoDroid 23.1.2.20210117 (microG, pseudo-debloat, F-Droid + apps)
NanoDroid NanoDroid is a installer for various OpenSource related things, most noticably microG and F-Droid. It supports direct /system installation, both devices with or without A/B partition scheme, aswell as Magisk Mode (module) installation...
forum.xda-developers.com
That thread discusses NanoDroid used as a Magisk Module, and there are few users experiencing a similar situation (with different errors) and some advices.
Descent2 said:
When you say you tried to flash it from TWRP / Magisk Manager, it is not clear to me if you understand that Nano Patcher is also available as a Magisk module, and if you have tried to add that Magisk nano module or used the Patcher by itself as provided by NanoDroid in a stand alone installer. Since I haven't used Magisk yet myself, I do not know if has the flashing capability and that is what you referred to, or if that meant you added the module. Like I said, still learning here.
Click to expand...
Click to collapse
I'm taking the nanodroid patcher zip from their website and attempting to flash in TWRP, which I've successfully done before on other phones. I also tried using the same zip and installing it as a module in Magisk. I don't think there's a separate file meant specifically for use as a Magisk module. I believe the a/b error in TWRP has something to do with the fact that when I'm in TWRP and I go into the "Mount" menu and select System, the check box only remains ticked for about 5 seconds, then it automatically unmounts again. No idea what the problem is there. I suspect if that weren't an issue, I'd get the same exact error that I get when trying to use the patcher with Magisk.
As for LineageOS for MicroG, that's what I was using before going back to stock, and it was great. But it's sadly unusable as a phone because of the lack of VoLTE. If not for that, this could easily be my "forever phone" with the huge battery.
I'm also now having a strange issue where many system functions (recents, settings menus, autorotate, second screen, statusbar) are running unusably slow, while any other app runs perfectly fine. I have to do more testing to figure out what this is, though. Edit: stuck at T-Mobile logo again. Gonna try to do all this with stock Oreo.
Oops, I am sorry, I forgot, you have said that in your first post that you already tried LOS, man. So, we are stuck? It gets stuck on T-Mobile splash, meaning this is a bootloop, or rather a bootfreeze. I think your other issues must be related to this issue that is preventing you from patching for signature spoofing.
I've been reading up trying to find what is going on with your phone, and I stumbled against this:
You simply swipe the bar to allow TWRP to make modifications to your /system partition. Swiping on this particular screen, you are giving TWRP permission to mount your /system partition as R/W (Read & Write) as opposed to the default of /system being mounted as R/O (Read Only). However, please beware and know what you are doing. If you so much as mount /system as R/W via TWRP, regardless if you actually make changes, a kernel secured with dm-verity (device mapping verification) will prevent your device from booting into the Android OS. Never mount /system as R/W without first verifying whether your kernel has dm-verity enabled. If dm-verity or AVB 2.0 (Android Verified Boot) is enabled, flashing a systemless root script like Magisk 16.0 will patch dm-verity to disabled, as well as disable force encryption in the fstab.
You said you disabled the secure boot. This is aka dm-verity .
Now in your case, you are using the encryption, which needs dm-crypt to be active, correct? These two are related because they both are managed by a DM - device mapper.
When you said you have disabled the secure boot (dm-verity), do you mean that you have maybe chose some options when patching the boot.img with Magisk ? Or did you do it thru some other method?
I keep seeing references to "No Verity Opt Encrypt" without a good explanation of what it is or how to use it or when to use it. I am curious if you have applied that or not, and if you did, where did you read about it.
So, my current thinking is that if you actually failed to disable the dm-verity, this should take you to the bootloop or freeze. May-be DM failed to separate the two and kept both enabled?
The fact that you have touched the /system as r/w according to green above, should trip the dm-verity to bootloop you, if dm-verity is somehow still enabled.
I still do not understand though, why you are receiving a failure to patch.
Also, you have mentioned that you have used a "Smali Patcher". Knowing nothing about nothing, I of course assumed you meant to type "Small Patcher" , i.e. some patcher. Now cleaning up the details I looked it up. Oops. It is actually a real thing. It supposed to examine your system in step 1, and generate a Magisk module, and in step 2, you add that module to Magisk and check it as enabled. I just want to confirm that this is exactly what you have done and this brought you to T-mobile splash screen.
I actually may try LOS for microG, what version did you have that was great?
Because from what I was reading the LOS for 918 has many issues (no 5G tether, no 2nd screen, no WiFi call, etc)
Descent2 said:
Oops, I am sorry, I forgot, you have said that in your first post that you already tried LOS, man. So, we are stuck? It gets stuck on T-Mobile splash, meaning this is a bootloop, or rather a bootfreeze. I think your other issues must be related to this issue that is preventing you from patching for signature spoofing.
I've been reading up trying to find what is going on with your phone, and I stumbled against this:
You simply swipe the bar to allow TWRP to make modifications to your /system partition. Swiping on this particular screen, you are giving TWRP permission to mount your /system partition as R/W (Read & Write) as opposed to the default of /system being mounted as R/O (Read Only). However, please beware and know what you are doing. If you so much as mount /system as R/W via TWRP, regardless if you actually make changes, a kernel secured with dm-verity (device mapping verification) will prevent your device from booting into the Android OS. Never mount /system as R/W without first verifying whether your kernel has dm-verity enabled. If dm-verity or AVB 2.0 (Android Verified Boot) is enabled, flashing a systemless root script like Magisk 16.0 will patch dm-verity to disabled, as well as disable force encryption in the fstab.
You said you disabled the secure boot. This is aka dm-verity .
Now in your case, you are using the encryption, which needs dm-crypt to be active, correct? These two are related because they both are managed by a DM - device mapper.
When you said you have disabled the secure boot (dm-verity), do you mean that you have maybe chose some options when patching the boot.img with Magisk ? Or did you do it thru some other method?
I keep seeing references to "No Verity Opt Encrypt" without a good explanation of what it is or how to use it or when to use it. I am curious if you have applied that or not, and if you did, where did you read about it.
So, my current thinking is that if you actually failed to disable the dm-verity, this should take you to the bootloop or freeze. May-be DM failed to separate the two and kept both enabled?
The fact that you have touched the /system as r/w according to green above, should trip the dm-verity to bootloop you, if dm-verity is somehow still enabled.
I still do not understand though, why you are receiving a failure to patch.
Also, you have mentioned that you have used a "Smali Patcher". Knowing nothing about nothing, I of course assumed you meant to type "Small Patcher" , i.e. some patcher. Now cleaning up the details I looked it up. Oops. It is actually a real thing. It supposed to examine your system in step 1, and generate a Magisk module, and in step 2, you add that module to Magisk and check it as enabled. I just want to confirm that this is exactly what you have done and this brought you to T-mobile splash screen.
I actually may try LOS for microG, what version did you have that was great?
Because from what I was reading the LOS for 918 has many issues (no 5G tether, no 2nd screen, no WiFi call, etc)
Click to expand...
Click to collapse
The "No Verity Opt Encrypt" is a file that disables verity and forced encryption. If you rename the zip, though, you can make it only disable verity or only disable forced encryption. I did flash it with no-dm-verity, but from what you found it looks like Magisk does this for us so it's probably not necessary.
The fact that it bootlooped isn't due to me mounting it. I did that several times before without bootlooping. The issue I had with it was that it automatically unmounted /system after a few seconds, which is why I believe I can't deodex from TWRP.
For the Smali patcher, I don't remember how I attempted to use it. So far my attempts to root and encrypt stock Oreo haven't gotten very far, so I'm going to try this again.
I just used the latest version. I don't use 5G tether so I wouldn't know. The 2nd screen "works" but it just extends the main screen, making the cameras into a notch type thing. I can live without wifi calling, but lte calling won't work, which is, again, the only thing keeping me from using Lineage MicroG.
DUH !
I can't believe sometimes how dumb I actually am. Of course, it says right in the name of the file: "No Verity + Optional Encryption" ! [slamming my forehead into the table] I swear I read it thousand times, but for some reason it did not make any sense to me. I knew it does something about this subject, but I never took it literally!
Thank you for letting me know.
It is cool how the arguments are sent by renaming the patch instead of using the optional parameters. I like that. Magisk does that as well. You flash Magisk.zip and it installs Magisk. You rename it to unistall.zip and flash that, and it uninstalls Magisk.
Please, keep posting if anything changes. If I read something that makes me think I've picked up the scent again, I will let you know. For now I don't know what else to read.
PineappleMousepad said:
I've deleted everything Google with System App Uninstaller, /d/gapps, and adb.
Click to expand...
Click to collapse
You uninstalled Android Device Bridge? I am curious as to why? I mean, yeah, it's Google, but it's most likely harmless, and very useful. Does it call home or something? At some level the entire Android is Google. Yeah it comes from HA, but Google pays. And money talks. I am curious why.
Anyway, I might have found something , I am not sure, but it looks interesting:
So, I am reading this:
Internal Details
The Magic Mask for Android
topjohnwu.github.io
It says:
Paths in /data​
Some binaries and files should be stored on non-volatile storages in /data. In order to prevent detection, everything has to be stored somewhere safe and undetectable in /data. The folder /data/adb was chosen...
Click to expand...
Click to collapse
Did removing ADB, somehow messed up the /data/adb folder, and then that messed up Magisk? Is this why some of the operations you have attempted have failed? Like you'd install a module and it would be like you didn't even do anything?
I didn't remove adb. I debloated using System App Uninstaller. For some things that didn't work I used /d/gapps. For other things that didn't work I used adb.
Been messing around with Oreo the past couple days.
I *can* get stock Oreo to work with root and even MicroG - everything works great. Except it refuses to encrypt. The option is there in the menu to "Encrypt Phone". The battery was above 80% and plugged in, I tap the button, and it just takes me to the T-Mobile splash screen and quickly to the lock screen. I know MicroG isn't causing it, since it has this issue with or without MicroG. I get the same result whether I installed 20h from a TWRP flashable zip or if I installed 20h from the kdz with the kdz writer tool https://forum.xda-developers.com/t/tool-kdz-writer.3649818/. It isn't an issue with the recovery partition, as I left that stock and just use TWRP from LAF.
The less ideal option for Oreo at the moment is to have it completely stock from LGUP and just debloat with adb. This means no root or MicroG, but those are the least of the issues. It looks like if you uninstall Google Play Services without also installing MicroG, you get constant error messages saying "Messages has stopped working." No problem, just remove the messages app and use QKSMS, right? Well removing Messages breaks Contacts, which is also the dialer. Removing the dialer and contacts, replacing them with Simple Dialer and Simple Contacts works, but then you get the constant error message "LG IMS has stopped working." Removing LG IMS gets rid of the error messages but, predictably, breaks VoLTE.
Edit: It may not have been Google Play Services that broke the Messages app.
Quick reaction. You are likely right. It probably wasn't the removal of GPS that broke Messaging. There are so many different fixes for that error on the net (which you probably have already mostly tried), that it suggests many different causes for the error.
But, interesting how all that stuff is chained. Almost looks as if intended that way. Don't deny them saying a good bye to google outright, just make it an incredibly deep rabbit hole.
This comes to mind: try "freezing" messaging or anything lower on this chain, in hopes that it is the uninstall that removes some shared dependency and that they haven't thought of you trying to freeze them. I know you wouldn't care all that much if the chain didn't end with VoLTE.

Categories

Resources