Related
Hello, I am completely new so I apologize if this is the wrong place.
I wanted to be able to lock my bootloader but still use cyanogenmod, specifically, only allow roms that I have compiled myself and signed with my cert to work on my phone. I unpacked the stock recovery.img, and made the necessary changes to the ramdisk to replace the stock OnePlus key with my own. I then was then able to confirm that only my signed zips could be sideloaded, both official CM and OxygenOS zips failed - just as I wanted.
The issue is then that this only worked with an unlocked bootloader. When I locked it, the OP3 entered a boot cycle, with a strange graphical glitch appearing then the screen going black, again and again. I could then no longer boot to either recovery or cyanogenmod, nor could I unlock fastboot. This amazing guide got my phone working again.
I now have three questions. What prevented my phone booting after I locked it, how does the unbrick tool work, and is there anything I can alter, like certifications or hashes, lower down in the boot sequence to allow only my signed images to work (using the previous tool. I am unsure what QLoader is, some form of serial interface to the 820 to write to the storage chip?).
Thanks for any advice you can offer!
Update: I have unpacked boot.img provided in the unbrick tool. I cannot find any keys to modify in /res but I have found a file called "verify_keys". Does anyone know what I need to change in boot.img to allow my self-signed recovery and os to boot? Thanks
UPDATE 2:
From reading some Android notes it appears that instead of replacing the OEM key, you can also just use fastboot to flash keystores for self-signed recovery and roms. This still allows OEM signed images to run, but is certainly a step in the right direction. I have run into an issue with building a correct keystore. I can use keytool and import my previous certs, but "fastboot flash keystore examplename.keystore" fails. I saw "fastboot flash ssd keystore.dat" used, and it works with my current dot keystore file, but then after locking it fails to boot. I'm going to see how I can convert my .keystore to a .dat.
I've been meaning to ask this same question for a while now also, so I'm eager to see the response. I suspect the official OnePlus forums might be a good place to ask as well, since they are visited by engineers from OnePlus. For anyone else who's curious as to what's being discussed and better the understand the risks of an unlocked bootloader (and how to mitigate them), there's a brief article here as well as a paper.
It is always suggested that never re-lock the bootloader until there is valid reason to do it
JumboMan said:
It is always suggested that never re-lock the bootloader until there is valid reason to do it
Click to expand...
Click to collapse
Have you read any of the attached links in my last post? There are valid reasons for doing so.
Just to pose an oversimplified hypothetical, imagine going through immigration/customs in Saudi Arabia (or maybe even the U.S.) with a Android device that has an unlocked bootloader. The officer examines your possesions, then takes your laptop and phone into a back room. Your phone is powered down and encrypted so it's not like they can do anything, right? Wrong. They plug it into a forensics device and flash a surreptitious malware app onto /system before returning it back to you. Then, the next time you turn on your phone your encryption keys and all your data, all your communications are secretly transmitted. You never have a clue... With a locked bootloader and appropriate precautions, that would never be possible.
Update 3:
I am now following the official Android guide for creating a keystore. They show how to create a "keystore.img" not .dat, bu the error I got when trying "fastboot flash keystore ..." said something along the lines of the keystore not being a valid image. Hopefully this will work. After I get this working, I will move on to removing or damaging the OEM key, hence not even allowing OnePlus images to be sideloaded.
JumboMan said:
It is always suggested that never re-lock the bootloader until there is valid reason to do it
Click to expand...
Click to collapse
I do have a valid reason - security. An unlocked bootloader means any code can be flashed to my device. Even with encryption it is vulnerable to cold boot attacks, it makes it easier to bruteforce, and pulling encryption keys from memory.
chocol4te said:
I do have a valid reason - security. An unlocked bootloader means any code can be flashed to my device. Even with encryption it is vulnerable to cold boot attacks, it makes it easier to bruteforce, and pulling encryption keys from memory.
Click to expand...
Click to collapse
sir prefer not rooting and staying on stock ROM with locked bootloader.
emptyragnarok said:
sir prefer not rooting and staying on stock ROM with locked bootloader.
Click to expand...
Click to collapse
Look, I'm sorry, I don't need any more useless comments saying the solution to my problem is to not do anything like on every other forum I've tried. I am perfectly aware of how to lock the bootloader with a stock rom, but I don't want to use the stock rom. I want to use custom roms. From what I have done so far it appears to be possible, so don't tell me it's not, at least without a good reason.
In addition, the stock method isn't even the most secure the phone can be. OnePlus can still sign any code and run it on my device and hence requires my trust in a third party that I am unwilling to give. I only want my own code to run.
Update 4:
Using the unbrick utility, I have updated the MD5 partition with the checksums of my modified boot and recovery partitions. Unfortunately, I am now getting a checksum failed error, with both the MD5 and recovery partitions highlighted in red. So I was wrong about the checksum being compared with hashes in the MD5 partition. Does anyone know where the lowest level checksums are stored? Hopefully if I can change that, then locking the bootloader will be no issue.
chocol4te said:
Update 4:
Using the unbrick utility, I have updated the MD5 partition with the checksums of my modified boot and recovery partitions. Unfortunately, I am now getting a checksum failed error, with both the MD5 and recovery partitions highlighted in red. So I was wrong about the checksum being compared with hashes in the MD5 partition. Does anyone know where the lowest level checksums are stored? Hopefully if I can change that, then locking the bootloader will be no issue.
Click to expand...
Click to collapse
Bro I am not a prolike you but I understand your vision now,... and I am with you in that.... Open Source stuff and ANdroid as an Open source impify that only... We should have our custom code for locking and unlocking our bootloader so we can have the full control over our device.... If not and the guy that said that you can lock the bootloader with the stock rom didn't get that .. even with stock rom and recovery anyone can have the access of the phone by just unlocking the boot loader and that is simple. SO I GOT YOUR VISION AND I AM WITH YOU I WILL TRY TO UNDERSTAND THE LOCKING SYSTEM OF THE BOOT-LOADER AND I WILL TRY TO FIND THE LOCATION OF LOWER LEVEL CHECKSLUMS... WE will try and try untill we succeed.... I AM WITH YOU BRO!!!!!
indroider said:
Bro I am not a prolike you but I understand your vision now,... and I am with you in that.... Open Source stuff and ANdroid as an Open source impify that only... We should have our custom code for locking and unlocking our bootloader so we can have the full control over our device.... If not and the guy that said that you can lock the bootloader with the stock rom didn't get that .. even with stock rom and recovery anyone can have the access of the phone by just unlocking the boot loader and that is simple. SO I GOT YOUR VISION AND I AM WITH YOU I WILL TRY TO UNDERSTAND THE LOCKING SYSTEM OF THE BOOT-LOADER AND I WILL TRY TO FIND THE LOCATION OF LOWER LEVEL CHECKSLUMS... WE will try and try untill we succeed.... I AM WITH YOU BRO!!!!!
Click to expand...
Click to collapse
Thanks! I'm glad to hear it!
chocol4te said:
Thanks! I'm glad to hear it!
Click to expand...
Click to collapse
You're most welcome bro.
Did I just witness a major bro-down?
Awsome thread, I'd also like to put my OP3 in a state where only ROMs I signed my self will run...
Any further development??
Sent from my Pixel XL using XDA-Developers mobile app
---------- Post added at 05:42 PM ---------- Previous post was at 05:41 PM ----------
indieross said:
Did I just witness a major bro-down?
Click to expand...
Click to collapse
Whats a bro down?
Sent from my Pixel XL using XDA-Developers mobile app
indroider said:
Any further development??
Sent from my Pixel XL using XDA-Developers mobile app
---------- Post added at 05:42 PM ---------- Previous post was at 05:41 PM ----------
Whats a bro down?
Sent from my Pixel XL using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry, other stuff came up. I am still very interested in getting this to work, but I am really stuck if I can't understand why the MD5 verification error occurs when I use Loader to flash the modified images. I looked at CopperheadOS, and in their documentation they show how to re-lock the bootloader with a custom ROM. Here is the shell script they use to upload the OS.
Code:
fastboot flash bootloader bootloader-bullhead-bhz11f.img
fastboot reboot-bootloader
sleep 5
fastboot flash radio radio-bullhead-m8994f-2.6.33.2.14.img
fastboot reboot-bootloader
sleep 5
fastboot -w update image-bullhead-nbd90z.zip
As you can see they flash two images, boot loader and radio, then update the main ROM. Then apparently it boots fine and the bootloader is OEM locked inside the OS. This was for the Nexus 5X, but I want to find out if a similar process is possible on the OP3.
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
chocol4te said:
Sorry, other stuff came up. I am still very interested in getting this to work, but I am really stuck if I can't understand why the MD5 verification error occurs when I use Loader to flash the modified images. I looked at CopperheadOS, and in their documentation they show how to re-lock the bootloader with a custom ROM. Here is the shell script they use to upload the OS.
As you can see they flash two images, boot loader and radio, then update the main ROM. Then apparently it boots fine and the bootloader is OEM locked inside the OS. This was for the Nexus 5X, but I want to find out if a similar process is possible on the OP3.
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
Click to expand...
Click to collapse
Ok.. Great to hear... Let me if you need any help.. I m here
chocol4te said:
Sorry, other stuff came up. I am still very interested in getting this to work ... ...
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
Click to expand...
Click to collapse
This sounds exactly like what I was looking for. Have you been able to progress? Do you think that the bootloader and the radio are somehow linked in the boot verification sequence?
---------- Post added at 05:51 AM ---------- Previous post was at 05:43 AM ----------
chocol4te said:
UPDATE 2:
From reading some Android notes it appears that instead of replacing the OEM key, you can also just use fastboot to flash keystores for self-signed recovery and roms. This still allows OEM signed images to run, but is certainly a step in the right direction. I have run into an issue with building a correct keystore. I can use keytool and import my previous certs, but "fastboot flash keystore examplename.keystore" fails. I saw "fastboot flash ssd keystore.dat" used, and it works with my current dot keystore file, but then after locking it fails to boot. I'm going to see how I can convert my .keystore to a .dat.
Click to expand...
Click to collapse
Have you read this: https://mjg59.dreamwidth.org/31765.html
Please don't ask why (the answer will be: "because I'm stupid"), but I relocked my bootloader and now my Swift 2 Plus won't boot anymore. When turning it on, it vibrates and the Wileyfox logo flashes for less than a second. After that the screen stays black and nothing happens. Same thing when I try to boot into recovery. I can only boot into the bootloader but I can't flash any images or unlock it again ("FAILED (remote: oem unlock is not allowed)").
Is there any way I can revive my phone or is it lost?
I think your only way is to flash twrp again with fastboot install method :
//twrp.me/devices/wileyfoxswift2.html
And then flash the stock rom :
//cyngn.com/support
hope it will helps you!
---------- Post added at 02:07 PM ---------- Previous post was at 02:05 PM ----------
Sorry, I'm a new user so I can't post link, you've just have to ad "https" at the beginning of the line.
Thanks for answering, but I can't do that, because the bootloader is locked and protected from unlocking. I guess the only thing I can do is ask the support if they can provide the mbn and xml files that are needed for unbricking with QFIL (I can boot into edl mode as I recently found out). They probably won't but it's worth a shot.
If you use the signed zip ( not the fastboot image) the default recovery should be able to install it.
It doesn't boot to recovery. Only fastboot and edl mode work.
You could try flashing fastboot image from http://cyngn.com/support
Sent from my Swift 2 using XDA-Developers mobile app
Thanks, but that doesn't work with a locked bootloader (already tried).
It seems like the only way to revive it is with QFIL, but for doing that it needs the matching mbn and xml files that aren't included in the factory images. Wileyfox support wasn't helpful, either.
xrmnx said:
Thanks, but that doesn't work with a locked bootloader (already tried).
Click to expand...
Click to collapse
Can't we put the dirty cow bug to a use now? It should work on the phone unless it has the latest security patches, right? And with root privileges you should be able to flash a new recovery or reset the phone.:fingers-crossed:
I'm actually not sure, if I still have root privileges. It could be that I turned it off inside the SuperSU app.
I tried to flash the stock rom and that didn't work, though. Do I have to do something different than usually to flash with root privileges?
boa05 said:
Can't we put the dirty cow bug to a use now? It should work on the phone unless it has the latest security patches, right? And with root privileges you should be able to flash a new recovery or reset the phone.:fingers-crossed:
Click to expand...
Click to collapse
I read a little about dirty cow, now (didn't know much about it before), but if I understand it right, I need adb to upload files onto the phone, right? Sadly, adb doesn't work. Only fastboot :/
Hmmm, there is a similar thread for the Nexus 5X. You might want to check it out if you haven't already ( http://forum.xda-developers.com/nexus-5x/help/nexus-5x-permanently-bricked-locked-t3232105/page2 ).
A few of the suggestions were to try with:
Code:
fastboot flashing unlock
or
Code:
fastboot format userdata
fastboot format cache
I don't know if it will be of any help but it is worth a shot.
You could try to flash individual portions of the stock image like the recovery or the userdata but I doubt that it will be successful.
PS: From the thread above, for some reason removing the SIM card allowed them to enter recovery.
Thanks, but none of these solutions works. Already tried all of them a couple of times....
Hmmm, how about you try to trick it then?
Grab the official signed firmware, place it on SD Card and try with:
Code:
fastboot update <path/to/zip>
or this one to try to wipe the device? (dunno if the command is still in use, though)
Code:
fastboot -w
If this doesn't work as well, I guess it will be a waiting game for QFIL files.
Pak0St said:
Hmmm, how about you try to trick it then?
Grab the official signed firmware, place it on SD Card and try with:
or this one to try to wipe the device? (dunno if the command is still in use, though)
If this doesn't work as well, I guess it will be a waiting game for QFIL files.
Click to expand...
Click to collapse
I tried to flash/update every official rom (with and without -w) there is, but I never put it on an SD-card. Does that make a difference? If so, this might be one ofhe stupidest mistakes I ever made :/
I'll try in a few days. Not much time, at the moment...
Yes... Waiting for QFIL files is what I'm prepared for...
The idea with the SDCard is just a random thought. There is a slight chance to trigger the allowed update policies.
Usually you place the update.zip through adb (not possible in this situation) but placing it on the sdcard is possible.
Still, QFIL is the safest bet once someone uploads the files.
Pak0St said:
Still, QFIL is the safest bet once someone uploads the files.
Click to expand...
Click to collapse
That's what I thought. Since I couldn't find any (yet), is there a way to extract the QFIL files from a working phone (I bought another one since I needed a phone)? I don't think so, but I hope I'm wrong...
xrmnx said:
That's what I thought. Since I couldn't find any (yet), is there a way to extract the QFIL files from a working phone (I bought another one since I needed a phone)? I don't think so, but I hope I'm wrong...
Click to expand...
Click to collapse
I'm in the same boat here, same phone and same issue. Did you find a way to fix it? already searched all internet for a fix. Thanks a lot
Sorry, but for some reason I never saw your answer... I never found a solution either, though
how to unlock bootloader
Use fast boot to unlock the bootloader again.
connect your Swift 2 to your PC and in a command prompt type the following "fastboot oem unlock"
When you press enter, check the phone and using the volume keys you need to select yes and then press power to execute.
Your bootloader should then be unlocked again. Good Luck.
so today i decided to root my Redmi note 8T. and now i deeply regret it. I had no idea what i was doing and now im ended up with "The system has been destroyed". what can i do now? ive tried flashing a new rom on to it with mi flash tool, but it gave me a "can not find flash_all_lock.bin" so now i cant do anything. the only thing i can get into is fastboot mode. what can i do to fix this?
help is much appreciated.
hecc_itsme said:
so today i decided to root my Redmi note 8T. and now i deeply regret it. I had no idea what i was doing and now im ended up with "The system has been destroyed". what can i do now? ive tried flashing a new rom on to it with mi flash tool, but it gave me a "can not find flash_all_lock.bin" so now i cant do anything. the only thing i can get into is fastboot mode. what can i do to fix this?
help is much appreciated.
Click to expand...
Click to collapse
well this is easy to do. I mean both easy to fix and as you now know easy get into this situation.
Little background info here will help you understand what has happened.
Android systems have gone to what is know as avb type system (A.ndroid V.erified B.oot), which means the system knows when the factory supplied software has been changed. The message you received basicly is just telling you , "hey this software is not the same as when it left the factory"
The system know this has been changed by checking files signature information. This signature is stored in a separate partition. The "vbmeta" partition.
When you use any modified system, you are supposed to tell the vbmeta partition to ignore the changes.
You do this by flashing the vbmeta.img to it's partition with a command to disable verification.
***Update will come here when I cut and paste the command and file from the many other threads here with the Info****. Or maybe you do a search and find it before I get to it.
here is a link to the answer
https://forum.xda-developers.com/showpost.php?p=82470133&postcount=6
got it fixed.
mrmazak said:
well this is easy to do. I mean both easy to fix and as you now know easy get into this situation.
Little background info here will help you understand what has happened.
Android systems have gone to what is know as avb type system (A.ndroid V.erified B.oot), which means the system knows when the factory supplied software has been changed. The message you received basicly is just telling you , "hey this software is not the same as when it left the factory"
The system know this has been changed by checking files signature information. This signature is stored in a separate partition. The "vbmeta" partition.
When you use any modified system, you are supposed to tell the vbmeta partition to ignore the changes.
You do this by flashing the vbmeta.img to it's partition with a command to disable verification.
***Update will come here when I cut and paste the command and file from the many other threads here with the Info****. Or maybe you do a search and find it before I get to it.
Click to expand...
Click to collapse
well. i got the system is destroyed thing fixed by unlocking again with the unlock tool , i guess i didnt give enough context. i was trying to re-lock it after regretting ever touching that "Unlock Now" button and i tried the command line method that every video i found used. and thats what threw me in that hell. i still havnt figured out how to re-lock the bootloader though. any chance you know how? thanks.
hecc_itsme said:
well. i got the system is destroyed thing fixed by unlocking again with the unlock tool , i guess i didnt give enough context. i was trying to re-lock it after regretting ever touching that "Unlock Now" button and i tried the command line method that every video i found used. and thats what threw me in that hell. i still havnt figured out how to re-lock the bootloader though. any chance you know how? thanks.
Click to expand...
Click to collapse
yes.
you seemed to have been on the correct path before. but maybe you didn't have the fastboot rom downloaded.
The message you had as an error was "flash-all-lock file not found" this file (just a windows batch file by the way).
if you made ANY changes with unlocked bootloader, then locking it most dangerous.
Its recommended to use the flash-all-lock method.
maybe, if you are having trouble with the manual flashing, you can use a "tool" to do all the work. Like this one
https://forum.xda-developers.com/redmi-note-8/how-to/tool-tool-one-driverstwrpfactory-t4009869
mrmazak said:
yes.
you seemed to have been on the correct path before. but maybe you didn't have the fastboot rom downloaded.
The message you had as an error was "flash-all-lock file not found" this file (just a windows batch file by the way).
if you made ANY changes with unlocked bootloader, then locking it most dangerous.
Its recommended to use the flash-all-lock method.
maybe, if you are having trouble with the manual flashing, you can use a "tool" to do all the work. Like this one
https://forum.xda-developers.com/redmi-note-8/how-to/tool-tool-one-driverstwrpfactory-t4009869
Click to expand...
Click to collapse
Does that actually work? Kinda scared to do things now. If it works, why isn't it the first result that comes up when someone Googles it? It would be so much easier
any idea what this means in mi flash... error:Not catch checkpoint (\$fastboot -s .* lock),flash is not done
bluefender said:
any idea what this means in mi flash... error:Not catch checkpoint (\$fastboot -s .* lock),flash is not done
Click to expand...
Click to collapse
Not sure. I did see other person post that they had that message, and can't remember what they did to get around. But this should show up if you search the note 8 forums
mrmazak said:
yes.
you seemed to have been on the correct path before. but maybe you didn't have the fastboot rom downloaded.
The message you had as an error was "flash-all-lock file not found" this file (just a windows batch file by the way).
if you made ANY changes with unlocked bootloader, then locking it most dangerous.
Its recommended to use the flash-all-lock method.
maybe, if you are having trouble with the manual flashing, you can use a "tool" to do all the work. Like this one
https://forum.xda-developers.com/redmi-note-8/how-to/tool-tool-one-driverstwrpfactory-t4009869
Click to expand...
Click to collapse
so, it would be dangerous if i already flashed twrp on it?
mrmazak said:
well this is easy to do. I mean both easy to fix and as you now know easy get into this situation.
Little background info here will help you understand what has happened.
Android systems have gone to what is know as avb type system (A.ndroid V.erified B.oot), which means the system knows when the factory supplied software has been changed. The message you received basicly is just telling you , "hey this software is not the same as when it left the factory"
The system know this has been changed by checking files signature information. This signature is stored in a separate partition. The "vbmeta" partition.
When you use any modified system, you are supposed to tell the vbmeta partition to ignore the changes.
You do this by flashing the vbmeta.img to it's partition with a command to disable verification.
***Update will come here when I cut and paste the command and file from the many other threads here with the Info****. Or maybe you do a search and find it before I get to it.
here is a link to the answer
https://forum.xda-developers.com/showpost.php?p=82470133&postcount=6
Click to expand...
Click to collapse
well since i now want to re-lock it i tried doing that but the same problem still occurs.
hecc_itsme said:
so, it would be dangerous if i already flashed twrp on it?
Click to expand...
Click to collapse
Yes it will.
mrmazak said:
Yes it will.
Click to expand...
Click to collapse
so should i just give up on trying to re-lock it?
hecc_itsme said:
so should i just give up on trying to re-lock it?
Click to expand...
Click to collapse
Make sure your system is untouched before relocking. Flash a full fastboot ROM and select clean all and lock. Then your phone can lock and boot up with no problem. Note: Don't flash global version system on a Chinese hardware or vice versa or you will brick.
mrmazak said:
well this is easy to do. I mean both easy to fix and as you now know easy get into this situation.
Little background info here will help you understand what has happened.
Android systems have gone to what is know as avb type system (A.ndroid V.erified B.oot), which means the system knows when the factory supplied software has been changed. The message you received basicly is just telling you , "hey this software is not the same as when it left the factory"
The system know this has been changed by checking files signature information. This signature is stored in a separate partition. The "vbmeta" partition.
When you use any modified system, you are supposed to tell the vbmeta partition to ignore the changes.
You do this by flashing the vbmeta.img to it's partition with a command to disable verification.
***Update will come here when I cut and paste the command and file from the many other threads here with the Info****. Or maybe you do a search and find it before I get to it.
here is a link to the answer
https://forum.xda-developers.com/showpost.php?p=82470133&postcount=6
Click to expand...
Click to collapse
Do i need to flash vbmeta if i don't flash any custom rom ??? I mean just flash twrp and reboot to stock miui????
vinay069 said:
Do i need to flash vbmeta if i don't flash any custom rom ??? I mean just flash twrp and reboot to stock miui????
Click to expand...
Click to collapse
Yes, if you do not, then the stock recovery gets restored.
mrmazak said:
Yes, if you do not, then the stock recovery gets restored.
Click to expand...
Click to collapse
Ok it so it means vbmeta doesn't destroy system in stock miui rom.... Thanks .... I was very curious about this
hecc_itsme said:
so should i just give up on trying to re-lock it?
Click to expand...
Click to collapse
Just flash fastboot rom via miflash and select "clean_all_and_lock" before flashing. Works perfectly.
vinay069 said:
Do i need to flash vbmeta if i don't flash any custom rom ??? I mean just flash twrp and reboot to stock miui????
Click to expand...
Click to collapse
i think just flashing twrp is enough to make it dangerous, since thats the only thing i did, and the only thing i get is the system has been destroyed. so yeah, i just gave up. i mean it doesnt effect me much anyways
Good evening Good People
So I have an HTC One M9 showing kernel v "3.10.84-perf-geb5d15 [email protected] #1 SMP PREEMPT"; build "3.38.710.7 CL683910 release-keys"; Android Security Patch Level 2016-03-01. Bought from my daughter who got it on Amazon where history undefined...
Someone has been at it because the factory update to 3.50.710.1 downloads (800-odd MByte - thanks :/) )but won't install and (MOST OF ALL) the EU:Exit app from gov.uk (that I have to use for a client on Monday 17-8-2020) won't run because the signature (or whatever it is) fails on the boot image.
So please can I ask:
1. Does this boot image look like it is original or is it a hack?
2. If this was installed is the original boot ROM preserved or overwritten?
3. Does anyone have a copy of a good factory install image that is this version or later, that I can beg for, that will pass the signature check by our esteemed governmetal app?
4. Does anyone have any good ideas about patching the boot ROM checksum to make it look "ok"?
TIA
PS any chance of setting up a factory boot image repository?
(re-posted from https://forum.xda-developers.com/one-m9/help/official-ruu-htc-one-m9-4-30-617-12-t4135531/post83272099
Update:
nick_theboatman said:
... build ... 3.3.710.7
Click to expand...
Click to collapse
Typo - should read 3.38.710.7
nick_theboatman said:
1. Does this boot image look like it is original or is it a hack?
Click to expand...
Click to collapse
So while in download mode I noticed that it said "OFFICIAL"
( ... don't know whether to beieve that or not...)
and the machine is S-ON.
So should be be ok... obviously not.
nick_theboatman said:
2. If this was installed is the original boot ROM preserved or overwritten?
Click to expand...
Click to collapse
I cant tell yet if the boot image is original or not; if it is original then I need to find out why the OTA update won't install
nick_theboatman said:
3. Does anyone have a copy of a good factory install image that is this version or later, that I can beg for, that will pass the signature check by our esteemed governmetal app?
Click to expand...
Click to collapse
Found this:
0PJAIMG_HIMA_UHL_M60_SENSE70_MR_hTC_Asia_AUS_3.50.710.1_Radio_01.01_U11440801_96.01.51207G_F_release _479644_signed_2_4.zip
here:
http://forum.gsmdevelopers.com/htc-one-m7-m8-m9-m10/303-htc-m9-official-stock-roms-updated-26-04-17-a.html
but it is the Asian one and I haven't worked out how to patch this yet to make it "WWE" - even if that can be done...
nick_theboatman said:
4. Does anyone have any good ideas about patching the boot ROM checksum to make it look "ok"?
Click to expand...
Click to collapse
So far no idea.
nick_theboatman said:
PS any chance of setting up a factory boot image repository?
Click to expand...
Click to collapse
I went hunting for an RUU. Or a TWRP image. Or whatever...
So Flippy498 has done a good job (so please can a sysop add this as a sticky or something...) here:
https://docs.google.com/spreadsheets/d/15K6xhb6wtosp9j8yu4xHBZ6n9v5OaFSW6ZVWxC4u_qc/pubhtml
but these are not particularly up-to-date (except that what I am looking for is 2016)
And I'm now up to 72 hours on this and haven't yet done a successful restore so that the OTA update will go in.
But I did:
- have adb and fastboot working (linux host Baby);
- unlock the bootloader using a key from htcdev.com, which worked;
- which then did a reboot and rebuild, and I established "new machine" when I did first boot configure;
- install TWRP which worked;
- try to run that EU:Exit app, was told "install playstore Services Update" which it did;
- try the app again and this time it ran... all the way to "you cant do this on a UK passport you twat".
I cant tell which step did the fix (so I don't like that) so I need to do that job for my client but after that I want to get the update in.
So I'll report back
Hello community, I need some explanation first if my approach is incorrect. I am trying to downgrade to Android 10, but i was soul-crashed after reading some information about the bit/binary value that samsung uses on its firmware(basically you cant downgrade if this value is not equal to your targeted frimware). However even though i feel scammed by Samsung, i would like to ask you the community as my final resort to guide me.
Is there some way i can trick SW REV checker or delete this partition containing this binary file?. Does "deleting" it affect my ability to boot into the download mode?
{Temp_User} said:
Hello community, I need some explanation first if my approach is incorrect. I am trying to downgrade to Android 10, but i was soul-crashed after reading some information about the bit/binary value that samsung uses on its firmware(basically you cant downgrade if this value is not equal to your targeted frimware). However even though i feel scammed by Samsung, i would like to ask you the community as my final resort to guide me.
Is there some way i can trick SW REV checker or delete this partition containing this binary file?. Does "deleting" it affect my ability to boot into the download mode?
Click to expand...
Click to collapse
you can downgrade by simply flashing system,kernel and vendor from android 10 on twrp
JuanTamqd21 said:
you can downgrade by simply flashing system,kernel and vendor from android 10 on twrp
Click to expand...
Click to collapse
Hi, thank you for the reply.
Sorry for the late reply. I will try this today
JuanTamqd21 said:
you can downgrade by simply flashing system,kernel and vendor from android 10 on twrp
Click to expand...
Click to collapse
Okay. I am may be misunderstanding something because this way did not work for me. Do I have to manually extract files from the lz4 files?
{Temp_User} said:
Okay. I am may be misunderstanding something because this way did not work for me. Do I have to manually extract files from the lz4 files?
Click to expand...
Click to collapse
well, I can provide vendor and kernel in telegram. You can also get them by extracting lz4 files
make sure its from Android 10/Q/one ui 2.x firmware
I have with me the latest (previous) android 10 . I have extracted correctly ( used 7-zip zstd ) the lz4 files and flashed the vendor, system and kernel in that order.
upon reboot, I can not get past the splash screen. However i do see that an error appears on top left of my screen as CHECK FAIL binary 7(BOOT). The words are not clear though.
What did i do wrong?
JuanTamqd21 said:
well, I can provide vendor and kernel in telegram. You can also get them by extracting lz4 files
make sure its from Android 10/Q/one ui 2.x firmware
Click to expand...
Click to collapse
please provide an in-depth process?
Okay, so after a number of attempts i finally have android 10/Q on my phone. Keep in mind that i am not tech savvy, as all this was a guessing game(well not all of it)
I will share my story and hope it may be useful to others who intend to downgrade their android version.
SW REV ERRORSYou cannot and you should not change the bit version. If you see this error, it means you tried to flash a firmware or maybe just a boot file that is outdated or incompatible with the current secure boot loader.
With my limited knowledge, I went with what was easier for me at the time of writing this,
Flash latest firmware for model A505F,(yours may differ) using Odin.(SUCCESS)Boot into system normally.(make sure the OEM unlock is greyed out.Flash the latest custom recovery(TWRP or 'sky hawk recovery project', I chose the latter. )Boot into your recovery and Format data., also make advanced wipes. System kernel vendor Dalvik Cache Data.Pay attention to what exactly you are wiping.With your targeted firmware (A10) somewhere nearby, I recommend to use a reliable tool to extract the lz4 compressed file. I used this to get 'system.img' 'vendor.img' 'boot.img' . If you are on windows, look at the type column in your file explorer or enable 'view filename extension'.Flash/Install the image files in your recovery. Be patient.
Here is the tricky part for me. the boot loader wont accept this older kernel.(thus the boot loops).
A faster way to work around this, is installing a custom kernel that supports android 10. e.g. quantum kernel.
You may have to reboot a number of times before you can get past the splash screen. Be patient.Success, you now have a weird but working system. (I call it weird because the kernel you will use will carry along with its bugs e.g. camera fails, random reboots.)You can not update the system. this may be due to the different AP/CP/CSC/ match. This is not a step by step guide, i am only sharing with the public what i did to get my final point.
Of course this goes without saying that you are attempting a risky route and you the user shall carry all responsibility.
{Temp_User} said:
Okay, so after a number of attempts i finally have android 10/Q on my phone. Keep in mind that i am not tech savvy, as all this was a guessing game(well not all of it)
I will share my story and hope it may be useful to others who intend to downgrade their android version.
SW REV ERRORSYou cannot and you should not change the bit version. If you see this error, it means you tried to flash a firmware or maybe just a boot file that is outdated or incompatible with the current secure boot loader.
With my limited knowledge, I went with what was easier for me at the time of writing this,
Flash latest firmware for model A505F,(yours may differ) using Odin.(SUCCESS)Boot into system normally.(make sure the OEM unlock is greyed out.Flash the latest custom recovery(TWRP or 'sky hawk recovery project', I chose the latter. )Boot into your recovery and Format data., also make advanced wipes. System kernel vendor Dalvik Cache Data.Pay attention to what exactly you are wiping.With your targeted firmware (A10) somewhere nearby, I recommend to use a reliable tool to extract the lz4 compressed file. I used this to get 'system.img' 'vendor.img' 'boot.img' . If you are on windows, look at the type column in your file explorer or enable 'view filename extension'.Flash/Install the image files in your recovery. Be patient.
Here is the tricky part for me. the boot loader wont accept this older kernel.(thus the boot loops).
A faster way to work around this, is installing a custom kernel that supports android 10. e.g. quantum kernel.
You may have to reboot a number of times before you can get past the splash screen. Be patient.Success, you now have a weird but working system. (I call it weird because the kernel you will use will carry along with its bugs e.g. camera fails, random reboots.)You can not update the system. this may be due to the different AP/CP/CSC/ match. This is not a step by step guide, i am only sharing with the public what i did to get my final point.
Of course this goes without saying that you are attempting a risky route and you the user shall carry all responsibility.
Click to expand...
Click to collapse
Hello, you will not be able to downgrade your phone to Android 11, if it is not on theese firmware updates:
Of course, the reason is, that the binaries of newer updates are higher, than 7 (A505FNPUU7CUC2).
vmirrimv said:
Of course, the reason is, that the binaries of newer updates are higher, than 7 (A505FNPUU7CUC2).
Click to expand...
Click to collapse
So long as we both happy and got what we wanted. I finally have a working android 10 on my device(coming from a11)
vmirrimv said:
Hello, you will not be able to downgrade your phone to Android 11, if it is not on theese firmware updates:
Click to expand...
Click to collapse
You are correct. I gave up on changing the binaries after seeing it was impossible.
Camera should still work on custom android 10 one ui roms and GSI. I think I tested them before.