Related
Hello everybody,
I created a tool for the nexus 9 that gets rid of the ForceEncrypt flag in a generic way (meaning it should work no matter what rom you are on). It does that by patching the currently installed boot.img.
Background
The Android CDD (Compatibility Definition Document) suggests that all devices SHOULD enable full disk-encryption (FDE) by default. Even though I support every step towards more security I have to criticize this approach. FDE comes at a price. Encryption takes time because some component has to de- and encrypt the stuff on the disk at some point and in the case of the nexus 9 (aka flounder) it's the CPU's task. Even though the nexus 9's CPU has 2 pretty fast cores you can still easily feel the difference between FDE in the on- or off-state. The I/O is faster and boot-times take only half as long. (I did not do any measurements)
There is an ongoing discussion about this topic in cyanogenmod's gerrit. Although it's a fun read it is pretty clear that this exchange of views is not going anywhere near a useful outcome.
Because performance is important to me and my tablet does not need the extra security I created the FED-Patcher (ForceEncrypt Disable Patcher)
How does it work?
FED-Patcher is a simple flashable ZIP that is supposed to be run in a recovery that has busybox integrated (like TWRP or CWM). This is what it does:
Checks if your device is compatible
Dumps the currently installed boot.img.
Unpacks the dump of your currently installed boot.img. The unpacking process is done via a self-compiled, statically linked version of unmkbootimg.
It patches the filesystem tables which include the force-encrypt flags. This process will change "forceencrypt" to "encryptable".
Then it patches the filesystem tables to not use dm-verity. This is done by removing the "verify" mount-parameter.
Creates a new boot.img. The unpacking process is done via a self-compiled, statically linked version of mkbootimg.
Flashes the modified boot.img
Supported devices
HTC Nexus 9 WiFi (flounder)
HTC Nexus 9 LTE (flounder_lte)
Motorola Nexus 6 (shamu)
Version History
v1 - Initial version with HTC Nexus 9 WiFi (flounder) support
v2 - Added Motorola Nexus 6 (shamu) support
v3 - Added support for HTC Nexus 9 LTE (flounder_lte)
v4 - Added support for signed boot-images
v5 - Changed error handling to compensate for missing fstab files. Some roms seem not to ship with the complete set of boot-files from AOSP.
v6 - FED-Patcher will enforce the same structure for the patched boot.img that the original boot.img had. Additionally, the kernel commandline will also be taken over. This should fix pretty much every case where devices would not boot after patching.
v7 - FED-Patcher will now disable dm-verity in fstab to get rid of the red error sign on marshmallow roms.
What do I need to make this work?
A supported device (Your nexus 9)
An unlocked bootloader
An already installed ROM with forceencrypt flag. (like cyanogenmod CM12.1)
A recovery that includes busybox (TWRP, CWM)
How do I use it?
Make a thorough, conservative backup of your data if there is any on your device
Go into your recovery (TWRP, CWM)
Flash fed_patcher-signed.zip
If your device is already encrypted (You booted your ROM at least once) you need to do a full wipe to get rid of the encryption. This full wipe will clear all your data on your data-partition (where your apps as well as their settings are stored) as well as on your internal storage so please, do a backup before. If you don't do a backup and want to restore your data... well... Call obama.
How do I know if it worked?
Go into your "Settings"-App. In "Security", if it offers you to encrypt your device it is unencrypted. If it says something like "Device is encrypted" it indeed is encrypted.
IMPORTANT: If you update your ROM you have to run FED-Patcher again because ROM-updates also update the boot-partition which effectively removes my patch. So, if you are on CM12.1 for example and you used my patch and do an update to a newer nightly you have to run FED-Patcher again. If you don't do so Android will encrypt your device at the first boot.
Is it dangerous?
Well, I implemented tons of checks that prevent pretty much anything bad from happening. But, of course, we're dealing with the boot-partition here. Even though I tested FED-Patcher quite a lot there is still room for crap hitting the fan.
Screenshot
Scroll down to the attached thumbnails.
Credits
* pbatard for making (un)mkbootimg (dunno if he is on xda)
* @rovo89 for his xposed framework - I used some of his ideas by reading the source of his xposed installer flashable ZIP for FED-Patcher.
Thanks for creating this! In theory, would this work for the Nexus 6 as well? It would seem like it's a similar process.
itlnstln said:
Thanks for creating this! In theory, would this work for the Nexus 6 as well? It would seem like it's a similar process.
Click to expand...
Click to collapse
Hey there,
yes, it would probably work because the process itself is pretty generic. The only real difference between devices is the device-path for the boot-partition as well as the path(s) for the fstab-file(s) inside the boot.img. Nothing that cannot be done - but I don't have a device for testing. If you feel adventurous I can do a nexus6 (shamu) version for you for testing. I will double check so it should not eff up your device .
EDIT: Not to forget, the nexus 9 is a 64bit device. mkbootimg as well as unmkbootimg are compiled for 64bit. I have to rebuild those two programs for 32bit to make them work for 32bit devices.
If you have time for a N6 build, that would be great. If not, it's not a big deal since there seems to be more support for that device.
itlnstln said:
If you have time for a N6 build, that would be great. If not, it's not a big deal since there seems to be more support for that device.
Click to expand...
Click to collapse
Well, it's pretty much done. Do you want to test a version that does not actually flash anything but do everything else - just to see if it works correctly?
Absolutely!
itlnstln said:
Absolutely!
Click to expand...
Click to collapse
Alright, here you go!
If no error occurs there will be the already modified boot.img file in your temp-directory of your nexus 6. You can send me this file to be completely sure that everything went according to plan. Here is the adb-command:
Code:
adb pull /tmp/fed_patcher/boot-new.img
If all goes well I will upload the new version with nexus 6 (shamu) support tomorrow.
Good night!
gladiac said:
Alright, here you go!
If no error occurs there will be the already modified boot.img file in your temp-directory of your nexus 6. You can send me this file to be completely sure that everything went according to plan. Here is the adb-command:
Code:
adb pull /tmp/fed_patcher/boot-new.img
If all goes well I will upload the new version with nexus 6 (shamu) support tomorrow.
Good night!
Click to expand...
Click to collapse
Thanks! It seemed to work OK. Here's the boot image.
itlnstln said:
Thanks! It seemed to work OK. Here's the boot image.
Click to expand...
Click to collapse
Thanks for your help! I just updated the flashable ZIP in the first post. Enjoy
gladiac said:
Thanks for your help! I just updated the flashable ZIP in the first post. Enjoy
Click to expand...
Click to collapse
You're the best! Thanks!
I noticed in op it says "4 pretty fast cores". This puppy only has 2 cores. Just throwing it out there for readers that don't know. I'm sure it was just a minor oversight.
Sent from my Nexus 9
madbat99 said:
I noticed in op it says "4 pretty fast cores". This puppy only has 2 cores. Just throwing it out there for readers that don't know. I'm sure it was just a minor oversight.
Sent from my Nexus 9
Click to expand...
Click to collapse
Hi,
you are right, thanks. I just fixed the text in the op.
Hey everybody,
I will enable support for the Nexus 9 LTE (flounder_lte) this afternoon in FED-Pather v3. If you want other devices to be supported please tell me. Is there a list of android devices that have forced encryption?
So this works great, leaving device unencrypted. But anyone having issues with apps crashing? Most especially Google Play Services?
femmyade2001 said:
So this works great, leaving device unencrypted. But anyone having issues with apps crashing? Most especially Google Play Services?
Click to expand...
Click to collapse
This problem is new to me. My patch only modifies the boot-image so that it does not enforce encryption. It is merely a flag in fstab that gets changed and should not have anything to do with crashing apps. Anyway, do you have a logcat?
Hey everybody,
v3 is here with HTC Nexus 9 LTE (flounder_lte) support!
Enjoy
I'm getting an error with my N9 (WiFi). When I try flashing in TWRP, it throws this error:
! Unpacking failed
=> unmkbootimg return value: 0
E: Error executing updater binary in zip...
All I did was go into fastboot, flash the updated image for LMY48M, then go into TWRP to flash the fix. I even went back into fastboot to try re-flashing the boot.img.
itlnstln said:
I'm getting an error with my N9 (WiFi). When I try flashing in TWRP, it throws this error:
! Unpacking failed
=> unmkbootimg return value: 0
E: Error executing updater binary in zip...
All I did was go into fastboot, flash the updated image for LMY48M, then go into TWRP to flash the fix. I even went back into fastboot to try re-flashing the boot.img.
Click to expand...
Click to collapse
Hi, sorry to hear that. I will have a look into the boot.img that gets shipped with LMY48M. Not sure what is going on here.
itlnstln said:
I'm getting an error with my N9 (WiFi). When I try flashing in TWRP, it throws this error:
! Unpacking failed
=> unmkbootimg return value: 0
E: Error executing updater binary in zip...
All I did was go into fastboot, flash the updated image for LMY48M, then go into TWRP to flash the fix. I even went back into fastboot to try re-flashing the boot.img.
Click to expand...
Click to collapse
Alright - unmkbootimg fails because the boot.img that google ships has 256 Bytes of extra data (it is probably signed or something) at the beginning. If you strip that off it works correctly:
Code:
dd if=boot.img of=boot-stripped.img bs=256 skip=1
Well, this was unexpected. But nothing that cannot be dealt with. I will make my flashable ZIP search for the offset of the boot.img-signature inside the dumped boot.img and strip of the preceding data. The rest of the process should work as usual.
itlnstln said:
I'm getting an error with my N9 (WiFi). When I try flashing in TWRP, it throws this error:
! Unpacking failed
=> unmkbootimg return value: 0
E: Error executing updater binary in zip...
All I did was go into fastboot, flash the updated image for LMY48M, then go into TWRP to flash the fix. I even went back into fastboot to try re-flashing the boot.img.
Click to expand...
Click to collapse
Hi @itlnstln,
I just made a new version which should do the trick. I tested the new functionality to the best of my knowledge. If the script fails for some reason it wont flash anything - so the probability for actual damage is very low. Do you feel adventurous xD?
Please tell me if it worked for you or not.
Please also read the additional notes in post #2, as they are critical to getting Magisk working.
I decided to do some tinkering around with Magisk, and it actually DOES work on the kindles (at least the 8.9"). The problem is, Magisk's patcher just isolates the ramdisk part of the boot.img and doesn't add the boot signature or other magic back to the image when it's time to reflash the patched boot image. By dd'ing the signature (and other files) back to the image, I can get Magisk to successfully boot.
As part of the working POC (because it's exciting to actually see this!), I've uploaded the patched "Magiskified" boot image (which originally comes from the 20180319 LineageOS 14.1 ROM that was built about a week ago). For reference, this is patched by Magisk v16.0, and the setup is basically the same as the official boot.img makefile directions from CM12.1. (It was the most arbitrary source I found, and I doubt the magic used to create the boot images has changed, so I'm just using that script as a reference.) Try to stick to that ROM if you can - no telling what different ROM versions/variants might do if you're not careful.
I plan on releasing a flashable .zip soon (probably in a month? I have college to work through) to automate the patching process, and possibly even extract the official installer zips to work through Magisk's patching scripts manually so the required boot magic can be patched back into the image before it's ever flashed. (I'll try to take requests to manually patch other ROM boot.imgs if asked to in the meantime though.)
As a friendly reminder, please do NOT flash the official Magisk installer zips or any patched boot images that the app produces as is - they need to be "repatched" with the boot magic, or you'll have to fastboot flash your ROM's boot.img manually because the kindle will hang at the bootloader screen.
Important notes
The official Magisk v16.0 zip must be flashed on first install/reinstall in order to properly construct the environment. Flash the boot image attached in the OP immediately after without rebooting in between, or the image Magisk flashed will prevent the kindle from booting normally without advanced intervention.
SafetyNet does NOT pass the basic integrity OR advanced checks. At least, v16 doesn't. Maybe an earlier Magisk build does - feel free to try it once I get the automated patcher zip up and running.
For now, because you're flashing on LineageOS, you may want to flash the LOS 14.1 arm-based su removal zip from Lineage's downloads site. Verify you're downloading arm and not arm64.
How does one go about patching the boot image thats modified by magisk so it's able to be flashed?
kn0wbodh1 said:
How does one go about patching the boot image thats modified by magisk so it's able to be flashed?
Click to expand...
Click to collapse
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
monster1612 said:
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
Click to expand...
Click to collapse
Thank you very much for the detailed instructions. I'll be keeping an eye out for the automated patcher you mentioned. Would love to try out magisk on my 2015 fire.
kn0wbodh1 said:
Thank you very much for the detailed instructions. I'll be keeping an eye out for the automated patcher you mentioned. Would love to try out magisk on my 2015 fire.
Click to expand...
Click to collapse
The instructions only work against the 2012 fire (HD 8.9", 2nd generation). They will more than likely brick any other device. I don't recommend trying the instructions unless you're 100% sure your device is that specific model.
Hi, a month ago i flashed oifficial magisk 16 zip on a 8.9 kindle fire hd, and as you said, dont boot anymore, just satys on the kindle fire logo, please can you tell me how can i restore my device?, i havent used it in almost 3 years and i dont have a clue on what to do, i just wanted to install viper4android and now is dead.
erick_gc said:
Hi, a month ago i flashed oifficial magisk 16 zip on a 8.9 kindle fire hd, and as you said, dont boot anymore, just satys on the kindle fire logo, please can you tell me how can i restore my device?, i havent used it in almost 3 years and i dont have a clue on what to do, i just wanted to install viper4android and now is dead.
Click to expand...
Click to collapse
https://forum.xda-developers.com/showthread.php?t=2128848&p=75525760
I know it's not for the 8.9" but I was able to get my 7" working by repeating the procedure in step 5. Magisk messes up the kernel on the Kindle so all you have to do is reflash the kernel. You'll need a fastboot cable to get in fastboot mode though.
Take a look at the few posts before the one I linked to.
just wondering if you've had any luck with the flashable zip for magisk? Not confident enough to try it manually. Thanks in advance.
monster1612 said:
Please also read the additional notes in post #2, as they are critical to getting Magisk working.
I decided to do some tinkering around with Magisk, and it actually DOES work on the kindles (at least the 8.9"). The problem is, Magisk's patcher just isolates the ramdisk part of the boot.img and doesn't add the boot signature or other magic back to the image when it's time to reflash the patched boot image. By dd'ing the signature (and other files) back to the image, I can get Magisk to successfully boot.
As part of the working POC (because it's exciting to actually see this!), I've uploaded the patched "Magiskified" boot image (which originally comes from the 20180319 LineageOS 14.1 ROM that was built about a week ago). For reference, this is patched by Magisk v16.0, and the setup is basically the same as the official boot.img makefile directions from CM12.1. (It was the most arbitrary source I found, and I doubt the magic used to create the boot images has changed, so I'm just using that script as a reference.) Try to stick to that ROM if you can - no telling what different ROM versions/variants might do if you're not careful.
I plan on releasing a flashable .zip soon (probably in a month? I have college to work through) to automate the patching process, and possibly even extract the official installer zips to work through Magisk's patching scripts manually so the required boot magic can be patched back into the image before it's ever flashed. (I'll try to take requests to manually patch other ROM boot.imgs if asked to in the meantime though.)
As a friendly reminder, please do NOT flash the official Magisk installer zips or any patched boot images that the app produces as is - they need to be "repatched" with the boot magic, or you'll have to fastboot flash your ROM's boot.img manually because the kindle will hang at the bootloader screen.
Click to expand...
Click to collapse
barcia99 said:
just wondering if you've had any luck with the flashable zip for magisk? Not confident enough to try it manually. Thanks in advance.
Click to expand...
Click to collapse
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
monster1612 said:
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
Click to expand...
Click to collapse
thank's much. i'll continue to do some research also. i've had this kindle since it came out and remains stable with root and twrp. runs smooth and just plain like it. only negative is no sd card slot. again thanks for your hard work.
Hoping for the automated package
Here's hoping you get time to finish the automated flash package. I am not confident enough to attempt this even with your detailed instructions.
monster1612 said:
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
Click to expand...
Click to collapse
Successfully patched the boot image and installed magisk 18 and installed some modules and they work
Trey n said:
Successfully patched the boot image and installed magisk 18 and installed some modules and they work
Click to expand...
Click to collapse
Great! Will you post the boot image? What modules have you tried? Is Wifi, Bluetooth, and LTE working?
kgiesselman said:
Great! Will you post the boot image? What modules have you tried? Is Wifi, Bluetooth, and LTE working?
Click to expand...
Click to collapse
took me a while but also finally got it all working. Thanks for this guide. It may help us in the 7, 8 and 10 tablets. I also note my Jem is currently on CM13
monster1612 said:
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
Click to expand...
Click to collapse
This works on the Kindle Fire HD 7 as well, just use the files from the Tate repository.
Devo7v said:
https://forum.xda-developers.com/showthread.php?t=2128848&p=75525760
I know it's not for the 8.9" but I was able to get my 7" working by repeating the procedure in step 5. Magisk messes up the kernel on the Kindle so all you have to do is reflash the kernel. You'll need a fastboot cable to get in fastboot mode though.
Take a look at the few posts before the one I linked to.
Click to expand...
Click to collapse
I also have the same issue, but I'm confused as to your referencing for Step 5, because the guide says specifically not to flash the freedom-boot image if you already have a custom ROM present. Can you reiterate on what to do, please, or can I ignore this warning?
BrianSamsungTab said:
I also have the same issue, but I'm confused as to your referencing for Step 5, because the guide says specifically not to flash the freedom-boot image if you already have a custom ROM present. Can you reiterate on what to do, please, or can I ignore this warning?
Click to expand...
Click to collapse
I reflashed the freedom-boot and got everything working properly. It's been a few months so I don't remember if i had to continue anything when it finally booted, but I do know that I didn't lose any data. I still don't know if you need to flash freedom-boot, but it works if you do.
a little late to the party but-
i recently made the mistake of installing magisk and it put the kindle in a bootloop. is there a way to push the stock boot.img with this method or is that too quick and dirty
any advice is appreciated. im tempted to just do a full wipe via the stock recovery but if theres a more surgical method id go for it. i also have a linux debian machine available.
LineageOS 15.1 (Beta v1.01) originally for Moto E5 Play (james) working on Moto E5 (Nora)
Very Important!!!!
I've just found the way to boot sucessfully LOS 15.1 on nora_row, the ROM was originally made by @MotoJunkie01, so I'm not taking this ROM as mine, I've mentioned that I'm not a dev, I just love to share what I found, I hope this won't cause any problem and it will be useful for you guys.
Previously I've shared how to root Moto E5 (Nora) because there wasn't any specific info for that variant, TWRP and Root Guide was only for Play/Plus, and then after some attemps, I finally found a way to use TWRP and how to flash LOS 15.1
Disclaimer
I'm not responsible for any dead SD cards/phones
If your phone turns into a nuclear bomb
If your dog/cat complain about you
Advertisment
The ROM is working almost fine but "Keep in mind that I have XT1944-2" also it is a beta ROM and if my previous guide of root didn't work properly, you shouldn't try to install it, because it may result on a brick or something else, as always is mentioned, try by your own risk.
BUGS
Working:
RIL
Bluetooth
WiFi
Not Working:
Camera
You tell me
Requirements
1. The most important and obviously, unlocked bootloader, a computer, and just basic knowldge
2. Stock ROM zip, in case of something is wrong and because you'll need to extract boot.img, here are the links and a guide to recover your phone in case of brick: https://forum.xda-developers.com/moto-e5/how-to/firmware-moto-e5-xt1944-4-dual-sim-t3820901
3. TWRP recovery. You can get it here: https://forum.xda-developers.com/moto-e5/development/recovery-twrp-moto-e-5-play-james-t3796323
4. You may wonder how to install TWRP, I must admit that it's not possible on Nora (causes brick) but searching here in XDA I've found that you can boot into TWRP without installing and also if you make a backup it will work in case of emergency
5. Platform tools folder that contains fastboot and adb drivers (your boot.img must be extracted here): https://www.dropbox.com/s/c3c8rev5e40gy5b/platform-tools-latest-windows.zip?dl=0
6. Remember to put the ROM and Gapps on your SD:
ROM: https://drive.google.com/open?id=1F2rC7zIZPqod3vMC1t22uhNYMQbf56K6
Gapps: https://drive.google.com/drive/folders/1rHf5XIs7XK3kWFFLekjrK0ub_bKnSlUI
Instructions
1. First of all boot into bootloader or fastboot (power & volume down) and connect your phone to your PC
2. At this point it is supposed that you have downloaded platform tools folder and all necessary zips (stock ROM, LOS, gapps), then inside the folder press Shift+Right Click, and select "open CMD window here" for Windows 7, on Windows 8 and up just click "Archive", then when CMD it's open, type: fastboot boot twrp_james.img Your phone automatically will reboot into TWRP.
3. The recovery will delay 1 or 2 minutes to start and it will ask us for our key to decrypt data. Just press cancel, because we don't have that key, and that option is not working and swipe to allow modifications. Don't mount anything, what it is already mounted is fine, only you can mount SD Card, in case that is not mounted, if you don't have a SD Card you wouldn't be able to make a backup
4. Go to backup section, and choose SD Card to put your backup there, remember that the Backup couldn't be saved on Internal Storage because the ROM will wipe Internal Storage and System, then if you choose all the partitions nothing wrong would happen, but if you are not pretty sure, just skip data and cache
5. The time that TWRP will took to backup depends on the things that you have on your system (Ignore red letters that show some errors)
6. Then go to Wipe section and swipe to perform a factory data reset. Now, select Wipe and then Format Data, and follow all prompts to commence formatting and then go to reboot section and choose bootloader because remember that TWRP is not installed and we nned to reboot the recovery, then use again CMD to boot into TWRP
7. Then we are again on TWRP, then press Install, select SD Card and look for the ROM zip and Gapps and swipe to flash, it's very fast the installation, wait until it finish and reboot your device into bootloader, It will be with red letters, but don't be affraid.
8. Another important thing, that ROM, contains boot.img from Moto E5 Play, that's what I told you, that you will need to use boot.img from stock ROM, then go to Platform Tools Folder and again open CMD (Shift+Left Click for W7) and type: fastboot flash boot boot.img Wait until it finish and type fastboot reboot
9. And that's all, first boot will delay, be patience. Additionally I couldn't find a way to skip force encrypt, so the phone will be encrypted and it will reboot, sometimes if you reboot the ROM it would reboot again, it's normal, As this ROM it's unnofficial it will show tha your device is uncertified but you can hide that notifications and use your phone normally.
Magisk, Xposed and Substratum work, but choose carefully what are you going to install because some modules will cause problems or a bootloop, if you need some help write your comments and experiences. YouTube for some reason open but didn't shows anything.
THANKS & MENTIONS:
Thanks to @SuperR. for his awesome Windows Kitchen;
Thanks to @CodyF86 for breaking ground and building TWRP for the james;
Thanks and credits to @phhusson for his Phh-Treble Vanilla GSIs;
Thanks to @Deivid_21 for sharing working gapps
Thanks to the entire LineageOS team;
This is great news. Slowly but surely, development for the entire Moto E5 series is growing. Great work on this OP.
MotoJunkie01 said:
This is great news. Slowly but surely, development for the entire Moto E5 series is growing. Great work on this OP.
Click to expand...
Click to collapse
Yeah thank you, but I was unable to find a no verity kernel for E5, Play and Plus have got it, but this one not, then thanks for sharing a LOS 15.1 it's cool just the only bug was the camera but because of that encryption the ROM became laggy, I wish I could have a good computer to compile but well it seems to hard, anyway i hope more coming ROMS because it's sad that LOS 16 it's already released and we hardly have got just one but it's appreciated the time and effort for this one
Fersho said:
Yeah thank you, but I was unable to find a no verity kernel for E5, Play and Plus have got it, but this one not, then thanks for sharing a LOS 15.1 it's cool just the only bug was the camera but because of that encryption the ROM became laggy, I wish I could have a good computer to compile but well it seems to hard, anyway i hope more coming ROMS because it's sad that LOS 16 it's already released and we hardly have got just one but it's appreciated the time and effort for this one
Click to expand...
Click to collapse
Yeah that's my dilemma as well. I have neither the time nor regular access to a high quality machine to compile. I have a port for Lineage 16.0 for the E5 Play which boots and functions somewhat. When I can smooth some things out and get it a bit more stable, I'll post it as well.
You should post a no-verity kernel for the E5 for others to use. It would be appreciated I'm sure.
MotoJunkie01 said:
Yeah that's my dilemma as well. I have neither the time nor regular access to a high quality machine to compile. I have a port for Lineage 16.0 for the E5 Play which boots and functions somewhat. When I can smooth some things out and get it a bit more stable, I'll post it as well.
You should post a no-verity kernel for the E5 for others to use. It would be appreciated I'm sure.
Click to expand...
Click to collapse
For real? I would really love to test Pie, pls upload it, then I'm trying to post a no-verity kernel but then how am I going to extract the necessary things? I had seen a tutorial to unpack boot.img but then I don't know how to disable dm vrity or where are the files located on Moto E5 Play/Plus kernel
Fersho said:
For real? I would really love to test Pie, pls upload it, then I'm trying to post a no-verity kernel but then how am I going to extract the necessary things? I had seen a tutorial to unpack boot.img but then I don't know how to disable dm vrity or where are the files located on Moto E5 Play/Plus kernel
Click to expand...
Click to collapse
Here is an easier method -- install the stock boot image on your device using either fastboot or TWRP. Then, in TWRP, install this boot image patch script -- https://drive.google.com/file/d/1oLrNL3OYhwlCCLOtLdQEQM4tGsIucsPQ/view?usp=drivesdk
It will unpack, patch, repack and flash the modified boot image back to your boot partition, disabling dm-verity. Then use TWRP to make a backup of your /boot partition. Using a file manager, rename the backup from boot.emmc.win to boot.img and you're done. You'll then have a no-verity kernel in boot.img format. The file can then be installed by other members using fastboot or TWRP.
Once you're done, you can simply use TWRP to reinstall or restore your previous ROM configuration.
MotoJunkie01 said:
Here is an easier method -- install the stock boot image on your device using either fastboot or TWRP. Then, in TWRP, install this boot image patch script -- https://drive.google.com/file/d/1oLrNL3OYhwlCCLOtLdQEQM4tGsIucsPQ/view?usp=drivesdk
It will unpack, patch, repack and flash the modified boot image back to your boot partition, disabling dm-verity. Then use TWRP to make a backup of your /boot partition. Using a file manager, rename the backup from boot.emmc.win to boot.img and you're done. You'll then have a no-verity kernel in boot.img format. The file can then be installed by other members using fastboot or TWRP.
Once you're done, you can simply use TWRP to reinstall or restore your previous ROM configuration.
Click to expand...
Click to collapse
It doesn't works, also using zip on LOS/Stock it doesn't boot
Fersho said:
It doesn't works, also using zip on LOS/Stock it doesn't boot
Click to expand...
Click to collapse
I will patch a boot image to disabled dm-verity for the Moto E5. I'll post soon as I get some free time.
MotoJunkie01 said:
I will patch a boot image to disabled dm-verity for the Moto E5. I'll post soon as I get some free time.
Click to expand...
Click to collapse
Thanks, but finally I removed encryption, but men, it was very hard for me and it took me like 3 or 4 hours, but well the procedure is a llitle bit confusing, and I couldn't create a boot.img just ported the ones already shared for Play/Plus and seemed to work "fine", If I got some time I would make another tutorial but I guess that it will be long
Here is a no-verity kernel for the xt1944-2 Moto E5
From Build No. OPP27.91-25
https://drive.google.com/file/d/1NcyuFRgvvRiS5MT5Jxl3uS3XHCnULBMc/view?usp=drivesdk
In case anybody needs it.
MotoJunkie01 said:
Here is a no-verity kernel for the xt1944-2 Moto E5
From Build No. OPP27.91-25
https://drive.google.com/file/d/1NcyuFRgvvRiS5MT5Jxl3uS3XHCnULBMc/view?usp=drivesdk
In case anybody needs it.
Click to expand...
Click to collapse
Thank You, Do you believe that I don't have XT1944-2 I have XT1944-4 I notice that when I've seen something in settings, then It's only flash the kernel and that's all?
Fersho said:
Thank You, Do you believe that I don't have XT1944-2 I have XT1944-4 I notice that when I've seen something in settings, then It's only flash the kernel and that's all?
Click to expand...
Click to collapse
I'll do a no-verity for xt1944-1 also. In fact, I'll try and cover all variants for which I have firmware access. You can try to boot the kernel for xt1944-2 prior to flashing it, by using:
fastboot boot no-verity_xt1944-2.boot.img
If it boots, you should be safe in flashing it to your /boot partition. In any event, I'll post some no-verity kernels for the Moto E5 variants.
so if i have the xt1944-3 can I use this tutorial? and what twrp recovery should I use..? or should i just wait
SeerePetrova said:
so if i have the xt1944-3 can I use this tutorial? and what twrp recovery should I use..? or should i just wait
Click to expand...
Click to collapse
Well I've only tested on XT1944-2/4 you should try by your own risk, then for TWRP use the one that is made for Moto E5 Play, then boot into TWRP using fastboot boot "twrp-james.img" don't try to install because it wont work
Any plans to get the remaining hardware working? I tried flashing factory Vendor image from the XT1921-1 retail firmware for the hell of it to see if that might change anything with the camera and flash, but it didn't. LOS logs a crash.
01-04 06:43:08.824 F/libc (622): CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found
01-04 06:43:08.825 F/libc (622): Fatal signal 6 (SIGABRT), code -6 in tid 622 (motorola.hardwa), pid 622 (motorola.hardwa)
01-04 06:43:09.162 F/DEBUG (712): pid: 622, tid: 622, name: motorola.hardwa >>> /vendor/bin/hw/[email protected] <<<
01-04 06:43:09.162 F/DEBUG (712): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
01-04 06:43:09.180 F/DEBUG (712): Abort message: 'CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found'
Click to expand...
Click to collapse
I might not have been looking in the right place but the imgtuner file name in /vendor/lib/hw is: [email protected]
If I had any idea how to fix this I would try.
weakNPCdotCom said:
Any plans to get the remaining hardware working? I tried flashing factory Vendor image from the XT1921-1 retail firmware for the hell of it to see if that might change anything with the camera and flash, but it didn't. LOS logs a crash.
I might not have been looking in the right place but the imgtuner file name in /vendor/lib/hw is: [email protected]
If I had any idea how to fix this I would try.
Click to expand...
Click to collapse
I was hoping the camera commits had been added to the GitHub repositories by now, but they have not as of this date. A manual fix can likely be accomplished by replacing the camlibs in the Lineage build with the camlibs from the stock build. Unfortunately, due to my work schedule, I don't get a lot of spare time for development, but if anybody wants to try, simply copying/replacing the camlibs from stock to Lineage should fix the camera.
MotoJunkie01 said:
I was hoping the camera commits had been added to the GitHub repositories by now, but they have not as of this date. A manual fix can likely be accomplished by replacing the camlibs in the Lineage build with the camlibs from the stock build. Unfortunately, due to my work schedule, I don't get a lot of spare time for development, but if anybody wants to try, simply copying/replacing the camlibs from stock to Lineage should fix the camera.
Click to expand...
Click to collapse
Im new to the android rom/firmware file structure. just want to make sure I understand. are you referring to the .so camera libraries in vendor/lib? or do you mean the actual /core/java/android/hardware framework files in the source?
Res Remix system-180818-arm-aonly-gapps.img
camera works good... flash too
apparently i still have force encrypt though and the phone can definitely get laggy
tbirdguy said:
Res Remix system-180818-arm-aonly-gapps.img
camera works good... flash too
apparently i still have force encrypt though and the phone can definitely get laggy
Click to expand...
Click to collapse
That's right, camera and flashlight are working on RR OS GSI Official, but that lag is horrible, well it's only while scrolling and system ui, but the rest of the apps are working fine, to disable encryption you must flash no verity kernel that it's attached on previous commentaries and also to edit fstab.qcom then you'll skip encryption, but it doesn't affect on performance because even you skipped encryption the device still laggy, also on Pie is the same, but some extra bugs like graphic glitches, anyway I couldn't find a way to fix that lag, even using apps like L Speed
Fersho said:
That's right, camera and flashlight are working on RR OS GSI Official, but that lag is horrible, well it's only while scrolling and system ui, but the rest of the apps are working fine, to disable encryption you must flash no verity kernel that it's attached on previous commentaries and also to edit fstab.qcom then you'll skip encryption, but it doesn't affect on performance because even you skipped encryption the device still laggy, also on Pie is the same, but some extra bugs like graphic glitches
Click to expand...
Click to collapse
Just FYI the no verity kernel results in a bootloop on the TMO XT1921-3
"NOST" - short for "No Service Tool" (or "Nokia Service Tool" but that sounds too official and boring ) is a small hobby project I've been working on in the last couple of days.
It aims to make the service tool for Nokia 8 (and HMD Phones in general) more useable, user-friendly, and straigtforward to use, and after having to test it myself, and also
making a small beta test in the Telegram group for Nokia 8, I feel like posting it here so others can try it out too if they want.
First, to be clear: NOST is not completely my work. It is based on OST LA 6.0.4, which was made by HMD/Foxconn. Unlike the previous OST Patches, NOST does not replace
the executable with a hacked one, but instead wraps it and patches the methods that need patching at runtime. The result is that the changes are completely opensource
and readable by others, while the underlying OST files are not modified at all. I tried to base it on a different (i.e. newer) version of OST, but those are pretty much unpatchable,
at least not with a serious amount of reverse engineering, which brings not only time issues but legal ones as well.
NOST changes a couple of things, compared to the unmodified OST LA:
It removes the need for authentification against HMD/FIH servers (really, shoutout to the one who made the original hack, even though I could not use their code)
Moved the logs folder to the same folder as the application, as opposed to somewhere on the system to make debugging easier
The options for flashing firmware images appear reliable now. (At least for me they only appeared sometimes if not never on the original OST).
Removed one of the options that if it appeared crashed the flashing process ("Check System AP Status")
One user of the Telegram group had issues where OST would crash because it detects an invalid locale setting in Windows. NOST just catches that issue and defaults to english
Removed the "Edit Phone Information" button. It never worked and it's only purpose was to make the "Next" button appear, which works like it should now as well.
NOST refuses to flash your phone if your bootloader isn't unlocked critically. The old OST would just try to flash but never make any progress which confuses inexperienced users.
Perhaps the most important change: NOST allows to flash modified firmware images without the need to extract and modify them by hand.
With the original OST, people who wanted to reflash their phone had to download a firmware bundle, extract and edit it to be able to use it with OST LA 6.0.4, since the newer versions
had unpatchable issues that prevent using them. Repacking the images in a format OST expects wasn't possible either since that enabled some sort of signature algorithm on the modified
images and caused the flashing to fail. NOST solves this problem by allowing the use of a different packaging format. Those binaries still need to be extracted but it is done transparently in
the background without the user having to download any other tools. The formats that can be used in images are .zip and .qlz
.zip Firmwares:
.zip firmware files are simply archives of the (edited) files that would normally be extracted from an .nb0 file. This means, if you extract a .nb0 with the extractor found on XDA, the contents
of the *_unpacked folder it creates should be the contents of your .zip.
.qlz Firmwares:
.qlz files are based on QuickLZ compression, which gives them a small size but also a low decompression time.
The tool to generate them is called exdupe. Generating these images is pretty straigtforward. Assuming you are on windows, download the exdupe
tool from the link above (or take it from the NOST Tools/ folder) and copy it into the folder that contains the unpacked .nb0.
Code:
- exdupe.exe
- <nb0 name>_unpacked/
- <nb0 name>.mlf
- ....
Open a commandline in that folder, and run the following command:
Code:
exdupe.exe <name of the folder to compress> <name of the firmware file>.qlz
You should already see how fast it compresses the firmware folder now. As a reference: Compressing the latest Nokia 8 firmware (about 4GB) takes maybe 30 seconds and yields a 2GB file.
Repacked Firmware Bundles:
I created .qlz images of the May and November firmwares, as well as one of the various Pie Maintainance Releases.
You can find them here: https://tmsp.io/fs/xda/nb1/firmware
I already successfully reverted from December Security Patch to November using NOST, and then updated back using OTA Sideloading without problems.
As always when working with flashing tools, proceed with caution!
How to unlock to critical:
KonikoO said:
For those who wonder how to unlock into critical state :
Reboot into bootloader download mode and execute those commands :
fastboot flash unlock *unlock .bin*
fastboot flashing unlock_critical
Afterwards you should be able to flash provided .qlz with NOST.
Click to expand...
Click to collapse
Download:
The actual tool: https://github.com/StollD/NOST/releases
Drivers: https://github.com/StollD/nokia-driver-installer/tree/master/out
Source Code: https://github.com/StollD/NOST
License:
OST LA 6.0.4 is copyrighted by the respective authors. It is not modified permanently.
The custom NOST code is licensed under the GNU General Public License.
Icon by Freepik © Flaticon
I tried this is working,nice tool.
Thanks dev.
Thank you THMSP! very cool?
Sent from my TA-1004 using XDA Labs
Can flash the May and November update but cannot flash latest Pie with this tool. I flashed Pie but returned back to November update?
Lee Castro said:
Can flash the May and November update but cannot flash latest Pie with this tool. I flashed Pie but returned back to November update?
Click to expand...
Click to collapse
Yes, you can revert back from Pie to Oreo using this. What is the issue with Pie for you?
THMSP said:
Yes, you can revert back from Pie to Oreo using this. What is the issue with Pie for you?
Click to expand...
Click to collapse
What I mean is if I flash the Pie file you provided I just returned back to Android 8.1 Novemeber update no changes at all. Maybe there something wrong with the Pie file you uploaded. But the rests are all working fine with the tool.
Lee Castro said:
What I mean is if I flash the Pie file you provided I just returned back to Android 8.1 Novemeber update no changes at all. Maybe there something wrong with the Pie file you uploaded. But the rests are all working fine with the tool.
Click to expand...
Click to collapse
Thanks for the hint, I will take a look. Probably just derped when pulling partitions and renaming the images (might have worked in my November folder by accident).
EDIT: I repulled the images from Pie (I indeed somehow worked in my November folder when making the image), repackaged them and updated the version in the drive folder. You should now be able to flash Pie. Sorry for the mistake.
THMSP said:
Thanks for the hint, I will take a look. Probably just derped when pulling partitions and renaming the images (might have worked in my November folder by accident).
EDIT: I repulled the images from Pie (I indeed somehow worked in my November folder when making the image), repackaged them and updated the version in the drive folder. You should now be able to flash Pie. Sorry for the mistake.
Click to expand...
Click to collapse
Thanks again,This is really a big help.
Wow, this is something we've been all seeking for a long time now ! For those who wonder how to unlock into critical state :
Reboot into bootloader download mode and execute those commands :
fastboot flash unlock *unlock .bin*
fastboot flashing unlock_critical
Afterwards you should be able to flash provided .qlz with NOST.
hey there! wonderful tool to have. Thank u so much
Not working in my laptop say a software need a to update
Blackhacker07 said:
Not working in my laptop say a software need a to update
Click to expand...
Click to collapse
If you have dependency issues I would suggest to install OST LA 6.0.4 first, so you get its dependencies, until I can make a proper installer for NOST.
THMSP said:
If you have dependency issues I would suggest to install OST LA 6.0.4 first, so you get its dependencies, until I can make a proper installer for NOST.
Click to expand...
Click to collapse
Could you perhaps figure out how to get rid of the unlocked bootloader message?
ironman38102 said:
Could you perhaps figure out how to get rid of the unlocked bootloader message?
Click to expand...
Click to collapse
Are you talking about the error message that appears when you press the Next button to start flashing?
If yes, your bootloader needs to be unlocked to critical, then the message won't appear.
If you are unsure if your bootloader is unlocked to critical, do "fastboot oem device-info", it will tell you.
If you mean the message that your phone displays when booting with an unlocked bootloader then sorry, I doubt that's possible (I think it is embedded into the bootloader).
THMSP said:
Are you talking about the error message that appears when you press the Next button to start flashing?
If yes, your bootloader needs to be unlocked to critical, then the message won't appear.
If you are unsure if your bootloader is unlocked to critical, do "fastboot oem device-info", it will tell you.
If you mean the message that your phone displays when booting with an unlocked bootloader then sorry, I doubt that's possible (I think it is embedded into the bootloader).
Click to expand...
Click to collapse
Actually its in splash.img that can be dumped. Its the hex editing possibly that might be a problem for someone not familiar with it
How to flash it's says this...
Blackhacker07 said:
How to flash it's says this...
Click to expand...
Click to collapse
What do you mean?
KonikoO said:
Wow, this is something we've been all seeking for a long time now ! For those who wonder how to unlock into critical state :
Reboot into bootloader download mode and execute those commands :
fastboot flash unlock *unlock .bin*
fastboot flashing unlock_critical
Afterwards you should be able to flash provided .qlz with NOST.
Click to expand...
Click to collapse
Thank you so much for this advice. I wouldn't have ever figured out how to unlock critical on my own and that was the thing that was preventing me from flashing. I tried searching the other OST LA flashing threads as well but this info seemed to have been missing, or then i completely missed it. Thank you so much anyways. If anybody else is trying to figure out why their OST LA or NOST is giving them the se_err_adb_cmd_get_fail_result error, this should help. I just used the unlock.key in place of the *unlock.bin* in your command and it worked.
Can you please upload Oreo December update stock and patched boot image. TIA
Yesterday I noticed that my Pie Image was still not quite useable, since it contained a corrupted system partition.
This seems to have happened because of my Magisk Setup and me only replacing the boot partition image and not uninstalling Magisk completely.
I rebuilt the image, to be fully stock, and also included the latest B07 update that @hikari_calyx uploaded yesterday. You can get it from the drive link in the OP.
Code:
#include <std_disclaimer.h>
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research about modifying your android system before flashing this!
* YOU are choosing to make these modifications, and if you point the finger at
* me for messing up your device, I will laugh at you. Hard. A lot.
*/
(if you expected the Resident Evil references to stop, you just got gnomed)
What is this?
T-Virus (for treble-virus) is a tool that takes a stock Nokia 8 firmware and "infects" it with various parts from the Nokia 8 Sirocco firmware, generating a firmware bundle that is compilant with Project Treble and that can be flashed to a Nokia 8 using NOST.
Firmware Sources
The base of T-Virus is the stock Nokia 8 firmware image (5150 / April Security patch at the time of writing). When being run, the build script takes those files and replaces the partition table with the one from Nokia 8 Sirocco. This required for creating a vendor partition that the stock Nokia 8 does not have. The vendor image is taken from the Sirocco firmware as well. During the build, the vendor image is mounted as rw, and various files are copied over from the stock Nokia 8 system image, or get patched to properly support the minor hardware differences between the two phones. Those actions are defined through very basic scripts inside of the vendor folder in the repository.
The boot image is a modified version of my umbrella kernel, which has support for early mounting vendor. It also includes a TWRP build with full support for Project Treble.
SELinux Hell
Because Android does some very weird stuff with SELinux contexts, you cannot launch a service file when it has an unknown context. We have to fix that by force-setting the SELinux context manually, but due to how SELinux works, this is only possible on a Linux system without SELinux. This means, that you cannot build this on a distribution with SELinux (Fedora in my case). I fixed the problem by building the images in a Ubuntu VM.
How to build?
First you have to download the latest firmware image from https://tmsp.io/fs/xda/nb1/firmware, and the exdupe tool from https://www.quicklz.com/exdupe
Extract the firmware into a folder and then clone the repository, like this:
Code:
$ mkdir firmware
$ ./exdupe -R ~/Downloads/NB1-5150-0-00WW-B03.qlz firmware/
$ git clone https://github.com/resident-nokia/t-virus
$ cd t-virus
The build script has two options you have to set: a version and the path to the extracted firmware. This means you have to run it like this:
Code:
$ ./build.sh --version v0.1 --firmware ../firmware
Leave it running and when it asks you, enter your sudo password. This is required to mount the Android ext4 partitions and edit the files that are only accessable by the (Android) root user, and retain their permissions.
When the script has finished the flashable firmware image will be inside of the out folder. You can optionally package this as a .qlz file again using exdupe.
What works?
It boots
Data decryption in recovery
Flashing GSIs / OpenGApps in recovery
WiFi
Mobile Data
Bluetooth
Sound
Vibration
Calling
Hardware buttons
Fingerprint
Camera
GPS
NFC
SDCard
Multi SIM
4k Video
What doesn't work, or isn't tested
Haptic feedback for Hardware buttons
Bluetooth headphones don't get registered properly
Nokia OZO audio support is missing
Fingerprint sensor is reported as being on the back of the phone
There might be issues with USB transfer under Windows
VoLTE (untested)
How to install?
WARNING: This might not be useable as a daily driver. Continue only if you are able to troubleshoot things if neccessary (bootloops, bricking the phone, causing the alarm app to declare nuclear war)
You can download the latest release from the releases page on the repository. It is a .qlz firmware, so you will have to flash it through NOST. You will need a completely unlocked bootloader. When flashing, make sure to select the "Erase Userdata" option, not doing this will most certainly bootloop the phone.
After the installation completed, your phone will reboot into phh's AOSP GSI. If you want to use a different GSI (you most likely will), follow these steps:
Download your favorite GSI
Unpack every form of compression, so you end up with a .img file
Boot into recovery
Copy the .img to the internal storage of your phone, or to your SDCard
Select "Install" -> "Install .img", select the image file you copied and flash it to your system partition
Then install OpenGApps or any other modifications you like.
Wipe /data to allow the new system image to boot properly and then reboot
To update to a newer version without having to erase userdata, download the zipped vendor image from the release page, and flash the image inside in TWRP.
If you want to go back to stock, simply download the 5150-revert firmware and flash it with NOST, with the "Erase Userdata" option enabled. It will revert all changes T-Virus made to your phone. Firmwares from https://tmsp.io/fs/xda/nb1 will not work.
Links?
Repository: https://github.com/resident-nokia/t-virus
Download: https://github.com/resident-nokia/t-virus/releases
Reverting to stock: https://github.com/resident-nokia/t-virus/releases/tag/5150-revert
What if I have a bug?
Upload a proper bugreport. This means logcat and dmesg. If you don't know how to get them, google it. Also, describe the issue and provide steps to replicate it. Everything else will be ignored.
I don't daily drive this phone anymore. I am doing this just because it is an interesting technical challenge. I don't have as much motivation to fix bugs than someone who daily drives it.
I want to say thank you!
I usually don't do this, but since this involved a lot of work on my side, I would be grateful if you would want to say thank you by buying me a coffee (or two): https://paypal.me/thmsp
Ok. After the flashing we have a phone "infected" by the Project Treble. But what it gives to end-user? What is profit of this?
kosmatyj said:
Ok. After the flashing we have a phone "infected" by the Project Treble. But what it gives to end-user? What is profit of this?
Click to expand...
Click to collapse
The ability to install GSIs (Generic System Images). Basically everything from here: https://forum.xda-developers.com/project-treble/trebleenabled-device-development
Oh! Sounds pretty good! Thanks. Will think about it. Really expands posiibilities and needs to be tested.
---------- Post added at 10:54 ---------- Previous post was at 10:29 ----------
Q: Should Ihave an Android Pie be installed first or it can be flashed over ony ROM version (I currently have Nougat ROM installerd on my Nokia 8)?
kosmatyj said:
Q: Should Ihave an Android Pie be installed first or it can be flashed over ony ROM version (I currently have Nougat ROM installerd on my Nokia 8)?
Click to expand...
Click to collapse
It could work, since it is a modified firmware for reflashing, but just to be sure, update to Pie through OTA. That's what this has been tested with and you won't update your bootloader in the process which eliminates some possible incompatibilities.
What is password for t-virus-20190703.qlz? Should I flash the TV-20190703-vendor.zip before or t-virus-20190703.qlz is all I need?
kosmatyj said:
What is password for t-virus-20190703.qlz? Should I flash the TV-20190703-vendor.zip before or t-virus-20190703.qlz is all I need?
Click to expand...
Click to collapse
It's all in the instructions. There is no password on the qlz file. You can't extract it, you have to flash it using NOST. The zip is for updating from previous versions and not for the initial installation.
Oh, I understood. No need to unpack, just download and flash over NOST, right? Thanks ones more. It is new for me, that`s why I have so much questions.
kosmatyj said:
Oh, I understood. No need to unpack, just download and flash over NOST, right? Thanks ones more. It is new for me, that`s why I have so much questions.
Click to expand...
Click to collapse
Yes. Just follow the instructions in NOST and select the T-Virus .qlz when it asks you to. Also, make sure you select the "Erase Userdata" option in the drop down menu that appears after selecting the .qlz.
Thank you for this - hope you enjoy the couple of coffee's
Amazing work. Can the current Android Q GSI be used?
comatrices said:
Amazing work. Can the current Android Q GSI be used?
Click to expand...
Click to collapse
When I tried it it didn't boot. Your mileage may vary, but you probably have to wait until the source code for Q has been published and people can build real phh GSIs from it.
Hello! Author, don`t you planning to build the same but for Android 8.1? Your work is great anyway but would be just amazing to have an Oreo in this appearance. Thank you.
kosmatyj said:
Hello! Author, don`t you planning to build the same but for Android 8.1? Your work is great anyway but would be just amazing to have an Oreo in this appearance. Thank you.
Click to expand...
Click to collapse
Just flash an Oreo GSI? I know you can run Pie GSIs on Oreos vendor, so it should work fine the other way around.
Nah! Didn`t work. After "android" logo it drops into download mode. AOSP 32 (last version of A 8.1 GSI).
kosmatyj said:
Nah! Didn`t work. After "android" logo it drops into download mode. AOSP 32 (last version of A 8.1 GSI).
Click to expand...
Click to collapse
I am not exactly sure if I understand you correctly, but Nokia 8 is not an A-only device, it is an AB device. You need to flash the AB image of AOSP, not the A one.
Right, I did exactly like you said. system-arm64-ab-vanilla-nosu - image that I flashed couple minutes ago. Downloaded from here: https://github.com/phhusson/treble_experimentations/releases/tag/v32
I`m sorry about my English. I`m Russian.
kosmatyj said:
Right, I did exactly like you said. system-arm64-ab-vanilla-nosu - image that I flashed couple minutes ago. Downloaded from here: https://github.com/phhusson/treble_experimentations/releases/tag/v32
I`m sorry about my English. I`m Russian.
Click to expand...
Click to collapse
Ok, then it probably doesn't work the other way around (Oreo with Pie vendor). An Oreo-based T-Virus is unlikely to happen though, because Siroccos Oreo vendor has some problems (calls not going through properly), and I dont want to maintain two versions of it because, as said in the OP, I don't use my Nokia 8 anymore. It seems like Pie is all you can get with this for now, sorry.
Hi all. Just to make it clear. The procedure for the Nokia 8 is:
1. Unlock Bootloader
2. Do "critical unlock" (fastboot flashing unlock_critical)
3. Flash "t-virus-20190703.qlz" with NOST?
Did i miss something? Whats with Security Enabled Linux?
just4me12 said:
Hi all. Just to make it clear. The procedure for the Nokia 8 is:
1. Unlock Bootloader
2. Do "critical unlock" (fastboot flashing unlock_critical)
3. Flash "t-virus-20190703.qlz" with NOST?
Did i missed something? Whats with Security Enabled Linux?
Click to expand...
Click to collapse
That's right. Don't forget to add "erase data" option while flashing t virus with NOST otherwise you'll end up in a bootloop.