I have an official ROM but it's rooted and of course bootloader in unlocked: unfortunately Google Pay and some bank apps do not work.
I first removed root, by deleting /system/xbin/su but Google Pay still complains so I think I need to unlock bootloader.
I think I have two options:
- 1 - put phone in fastboot and run "fastboot oem lock" from adb
- 2 - use Mi Flash tool to flash an official ROM and choose "clean all and lock"
What would be the best?
Do I loose data with both or either methods?
I've read that method 2 may put the phone in an unusable state...
Thanks
If you could have modified any part of system, then option 2 is the only one that will allow you to get automatic updates and be sure you have the correct system. It will wipe data.
Option 1 will also wipe data, and could possibly allow Google Pay - but I thought they were only checking bootloader status as well in Android 11, so it seems there are changes left in system. Previously Google Pay was just worried about system changes to get root, which could be still not completely reversed.
There could also be some sort of bricking risk when locking, which if true, would make option highly unappealing!
I too got forced off my life of rooting and all the control and flexibility that gave me due to banking and work requirements. Really sad that we'll lose some of that choice, but it seems things will get even tighter in Android 11. I tried to get back to stock MIUI on my Mi 9 but due to maybe one dodgy flash of a custom ROM as Mi Flash wouldn't work, and I never got updates back.
If you could have modified any part of system, then option 2 is the only one that will allow you to get automatic updates and be sure you have the correct system. It will wipe data.
Click to expand...
Click to collapse
No changes made: I unlocked and rooted just to realize Google Pay is not working: not possible to add card.
Option 1 will also wipe data, and could possibly allow Google Pay - but I thought they were only checking bootloader status as well in Android 11, so it seems there are changes left in system.
Click to expand...
Click to collapse
Apologize but I don't understand this part.
By the way, I have Android 11, and if they are checking bootloader, since I removed root but left unlocked bootloader, it's normal that Google Pay does not work.
[/QUOTE]
There could also be some sort of bricking risk when locking, which if true, would make option highly unappealing!
Click to expand...
Click to collapse
Which option would be unappealing? Maybe you missed the number...
I don't care wiping data btw, I just want to go back to stock with unlocked bootloader, I'm just scared that option 2 could brick the device...
Whoops, sorry, option 1 is the one with the possible bricking risk.
I'd feel safest using Mi Flash to relock as part of putting back stock MIUI that should then get OTAs without problems. I don't see any benefit in option 1 anyway.
Option 1, (fastboot oem lock) could possibly brick your device if you're not 100% sure that your system partition is left unmodified (deleting files like system/bin/su marks partition as modified), so that's why it's done by magisk remover script rather than manually deleting files. I returned to locked stock couple of days ago using option 2 - mi flash and stock rom, for the same reasons - banking apps and failing safetynet. I care more about netflix in full HD without it breaking every 10 minutes then having root...
If you're afraid of bricking then use clean all option rather than clean all+lock, and after making sure it boots you can do fastboot oem lock.
Related
I need some help and I've looked all over but the information is fragmented and there is too many unfamiliar acronyms used which make it incredibly difficult for some like myself to catch up. So for the benefit of others who may be new I wanted to get some additional guidance.
I got the Pixel XL Google Version
Objectives:
1. Root with the ability to hide root so other apps will work
2. Native Mobile Hotspot
3. The ability to easily receive android updates without having to reflash etc..
4. Stay close to stock if possible, but willing to explore other options as long as security is trusted, and has good
compatibility.
5. Security is a concern, I tried a rom in the past with a Galaxy S4 and swear it had a backdoor installed in the rom.
What do you guys recommend? And how do I go about doing it?
Thank you!
If security is truly a concern you will not unlock your bootloader and root your phone.
Otherwise it all depends on which version phone you have, Verizon or Google?
1. You need magisk root for that.
3. No updates when you are rooted
4.5. Never heard of any custom rom with a backdoor. That's absolutely bull****. More likely it was an app you installed.
Unlocked bootloader is a security issue, so better to stay on full stock.
Root is a big security issue so better stay on full stock.
Jokes aside the only security issue is your phone gets stolen or you install apps outside playstore.
If you stay encrypted and use a hard pattern with fingerprint you are fine and there is always the way to delete your phone when it gets stolen.
mikaole said:
1. You need magisk root for that.
3. No updates when you are rooted
4.5. Never heard of any custom rom with a backdoor. That's absolutely bull****. More likely it was an app you installed.
Unlocked bootloader is a security issue, so better to stay on full stock.
Root is a big security issue so better stay on full stock.
I have the Pixel XL - Google Version
Jokes aside the only security issue is your phone gets stolen or you install apps outside playstore.
If you stay encrypted and use a hard pattern with fingerprint you are fine and there is always the way to delete your phone when it gets stolen.
Click to expand...
Click to collapse
My point about security really was that it's quite possible a ROM could have a backdoor. That a side..
Root is not a big security issue for me as long as the rom is trusted etc..
Shouldn't I be able to turn root off then be able to update and turn it back on again?
jadensmith said:
1. Root with the ability to hide root so other apps will work
Click to expand...
Click to collapse
It's possible to root to one slot with SuperSU while the other slot remains unrooted, and then the phone can be switched between slots with TWRP or fastboot commands. Kernels have been posted with safetynet patches, to hide that the bootloader is unlocked, but I'm not sure if any are available with the software version on my phone's current slot. As noted, Magisk can also hide root and that the bootloader is unlocked, so it's probably less hassle than trying to root and hide using SuperSU.
3. The ability to easily receive android updates without having to reflash etc.
Click to expand...
Click to collapse
FlashFire can use the OTA to update and stay rooted with SuperSU. The past couple months I've used FlashFire to update my phone, and it seems quicker and easier than the sideloading and reinstalling process I had been using. I'm not aware of anything similar to FlashFire for Magisk users, so to me it seems like you would have to decide if 1 or 3 is more personally important.
jadensmith said:
Shouldn't I be able to turn root off then be able to update and turn it back on again?
Click to expand...
Click to collapse
While reading I got the impression that I might be able to uninstall SuperSU and use the OTA update, but that didn't work with SuperSU the times I tried it, so I presume something SuperSU changed or something I did with root must have caused the update to fail. I haven't read the Magisk threads as much, yet I've seen that other SuperSU users also indicate that OTA updates no longer worked for them after rooting the phone.
alluringreality said:
It's possible to root to one slot with SuperSU while the other slot remains unrooted, and then the phone can be switched between slots with TWRP or fastboot commands. Kernels have been posted with safetynet patches, to hide that the bootloader is unlocked, but I'm not sure if any are available with the software version on my phone's current slot. As noted, Magisk can also hide root and that the bootloader is unlocked, so it's probably less hassle than trying to root and hide using SuperSU.
FlashFire can use the OTA to update and stay rooted with SuperSU. The past couple months I've used FlashFire to update my phone, and it seems quicker and easier than the sideloading and reinstalling process I had been using. I'm not aware of anything similar to FlashFire for Magisk users, so to me it seems like you would have to decide if 1 or 3 is more personally important.
That didn't work with SuperSU the times I tried it, so I presumed that something I did with root must have caused the update to fail to install.
Click to expand...
Click to collapse
Wow thanks for the great reply! It's so refreshing!
What do you mean by root one slot?
The phone has two "slots" for Android. The basic idea is that you have two copies of Android on the phone that share the same user data. On a stock phone it's intended to allow for less noticeable updates, and it also can allow the phone to fall back to the previous software version if something goes wrong with an update. On the May update my phone did automatically switch between slots, due to what is discussed in the second link below. The first link below gives some information and additional links to discussion about the slots on these phones.
http://www.androidpolice.com/2016/1...-partition-changes-and-new-fastboot-commands/
https://forum.xda-developers.com/an...signing-boot-images-android-verified-t3600606
Is it possible to keep stock or near stock and just have root with the ability to hide root, and hotspot?
That's all I really need. What would be the best way to to do this?
I've successfully flashed my first ROM. My purpose in doing so was to get the monthly Android security updates, and more broadly have my phone as secure as practical. In that vein, can I safely relock the bootloader? Should I? I am aware that many (most?) people here choose to keep the bootloader unlocked, and I respect that choice, but I'm seeking maximum security.
Searching here at XDA I see conflicting guidance. Some folks say that re-locking the bootloader with a custom ROM installed is begging to be bricked, while others say they have re-locked with no trouble. So what is your advice, why is that your opinion, and do you speak from experience?
I have not rooted the phone, nor do I plan to. I'm running AICP 8.1 on Nextbit Robin and don't plan to make any changes other than receive OTA updates. Should I make future changes beyond that I would not be bothered by the very minor inconvenience of having to unlock then relock it.
I too want to simply flash the stock recovery and lock my bootloader, but from what I've read to update the ROMs we need an unlocked bootloader. So that needs to be unlocked again does that mean everytime I lock-unlock I will be wiping my data all over? Thats would be a pain.
So this is an experiment I want to run from quite long and might do it sometime next month maybe. I will be wiping-unlocking-flashing-locking and see again if I can unlock without wiping my data and lock again, this way I can know for sure if this is doable because most online answers are weirdly confusing.
javelinanddart found that locking the bootloader on the Robin results in similar behavior as on the Nexus devices. The phone will check and make sure that the key used to sign the recovery partition remains the same as it was when your device got relocked, so as a result, TWRP should still work, and updating to a new version of TWRP would work too since it's (presumably) signed with the same key. System partition checking is handled by the kernel itself (dm-verity), but all the custom roms for the Robin have that disabled, so that wouldn't be a problem.
I've also been running custom roms with my bootloader locked and haven't run into any issues with flashing roms with TWRP.
I will be honest though, since TWRP lets you do so much to your phone, relocking your bootloader wouldn't really help security wise. You can pull up a damn root shell right in TWRP, for crying out loud.
@jabashque
Wait so are you saying despite locking the bootloader I can still go in custom recovery? Whats the point then?
I mean for me why I a considering locking the bootloader is so that if I lose my phone no one can access my data. As of now with custom ROM anyone has free access to my data via TWRP/custom recovery.
/root said:
@jabashque
Wait so are you saying despite locking the bootloader I can still go in custom recovery? Whats the point then?
I mean for me why I a considering locking the bootloader is so that if I lose my phone no one can access my data. As of now with custom ROM anyone has free access to my data via TWRP/custom recovery.
Click to expand...
Click to collapse
I suppose you could flash Lineage recovery instead, which was designed to be an OEM-grade recovery and doesn't include the ability to pull up a root shell or use adb.
Grab that here: http://downloads.codefi.re/jdcteam/javelinanddart/ether/ether-lineage-recovery-20180310_170949.img
Personally, I locked my bootloader so that I could actually see my custom splash screen without having to press the power button to dismiss the warning message.
EDIT: the build of Lineage recovery I linked still has adb shell access enabled it seems; I was wrong on that. Also, I haven't tried flashing another rom's system partition that's been signed with different keys.
jabashque said:
I suppose you could flash Lineage recovery instead, which was designed to be an OEM-grade recovery and doesn't include the ability to pull up a root shell or use adb.
Grab that here: http://downloads.codefi.re/jdcteam/javelinanddart/ether/ether-lineage-recovery-20180310_170949.img
Personally, I locked my bootloader so that I could actually see my custom splash screen without having to press the power button to dismiss the warning message.
Click to expand...
Click to collapse
So for an OTA update do I have to wipe all data to unlock again? I am on Omni btw.
I only unlock my bootloader to flash a cool splash screen then relock it. Even if the bootloader is locked I can still flash custom ROMs using ADB sideload. Works like a charm every time. I'm running the AEX custom ROM with Android 8.1.0
akeemk said:
I only unlock my bootloader to flash a cool splash screen then relock it. Even if the bootloader is locked I can still flash custom ROMs using ADB sideload. Works like a charm every time. I'm running the AEX custom ROM with Android 8.1.0
Click to expand...
Click to collapse
But you still locking it while on TWRP isn't it? Which means anyone has access to shell via TWRP defeats the purpose of security provided by a locked bootloader, isn't it?
/root said:
But you still locking it while on TWRP isn't it? Which means anyone has access to shell via TWRP defeats the purpose of security provided by a locked bootloader, isn't it?
Click to expand...
Click to collapse
I guess that's why Nextbit never had a problem with us unlocking the phone's bootloader.
Hello,
Is it possible to get root access on the Moto Z Play without needing TWRP? I tried to use this guide but my phone doesn't want to flash TWRP. It may require a unlocked bootloader. My question is that is it possible to get root on this phone without TWRP or unlocked bootloader?
PS. I only want root access to get Viper4Android/ Dolby. If there are any other alternatives, please let me know below.
Thanks,
mPreet
mPreet said:
Hello,
Is it possible to get root access on the Moto Z Play without needing TWRP? I tried to use this guide but my phone doesn't want to flash TWRP. It may require a unlocked bootloader. My question is that is it possible to get root on this phone without TWRP or unlocked bootloader?
PS. I only want root access to get Viper4Android/ Dolby. If there are any other alternatives, please let me know below.
Thanks,
mPreet
Click to expand...
Click to collapse
Your title says without unlock bootloader - no
Your text says without twrp - you can fastboot boot twrp.img - that will boot to it but not flash it permanently. But, again, not if the bl is not unlocked - gotta have that.
KrisM22 said:
Your title says without unlock bootloader - no
Your text says without twrp - you can fastboot boot twrp.img - that will boot to it but not flash it permanently. But, again, not if the bl is not unlocked - gotta have that.
Click to expand...
Click to collapse
So just to make sure that I understand, I have to get the unlock key from Motorola in order to unlock the bootloader. There is no other way around it, right.
mPreet said:
So just to make sure that I understand, I have to get the unlock key from Motorola in order to unlock the bootloader. There is no other way around it, right.
Click to expand...
Click to collapse
Pretty much - the process of obtaining your key will void your remaining Motorola warranty (though you may still have some protection depending on your local consumer laws), and the process of actually using the unlock key on your device will wipe your device in a factory reset. Ensure you back up your device (and adopted SD card as well) beforehand.
After that, you should be able to flash or boot TWRP, then root and flash Viper4Android (or ARISE Soundsystems) or Dolby. If you get OTA updates, you will not be able to flash them unless you can revert back to full stock, so ensure you have a TWRP backup without modifications or access to a stock ROM of the same build that you have now.
mPreet said:
So just to make sure that I understand, I have to get the unlock key from Motorola in order to unlock the bootloader. There is no other way around it, right.
Click to expand...
Click to collapse
correct. afaik.
echo92 said:
Pretty much - the process of obtaining your key will void your remaining Motorola warranty (though you may still have some protection depending on your local consumer laws), and the process of actually using the unlock key on your device will wipe your device in a factory reset. Ensure you back up your device (and adopted SD card as well) beforehand.
After that, you should be able to flash or boot TWRP, then root and flash Viper4Android (or ARISE Soundsystems) or Dolby. If you get OTA updates, you will not be able to flash them unless you can revert back to full stock, so ensure you have a TWRP backup without modifications or access to a stock ROM of the same build that you have now.
Click to expand...
Click to collapse
If I just boot off the TWRP instead of flashing, would that backup constitute as stock? So boot the TWRP instead of flashing then make a backup before rooting.
Thanks,
mPreet
mPreet said:
If I just boot off the TWRP instead of flashing, would that backup constitute as stock? So boot the TWRP instead of flashing then make a backup before rooting.
Thanks,
mPreet
Click to expand...
Click to collapse
be aware you will be walking on shaky ground. Be sure you have a spare phone that works in case you brick this one.
Just want to know how i can go about re locking the device to set up G-pay
Don't want to end up bricking the device,
Anyone able to assist?
If you are 100% stock, and have a backup of everything of importance, as this will wipe your device, just execute: fastboot flashing lock
I relocked my bootloader on Q DP3, no luck using Google Pay. The beta rom is not CTS compatible.
collindubya said:
Just want to know how i can go about re locking the device to set up G-pay
Don't want to end up bricking the device,
Anyone able to assist?
Click to expand...
Click to collapse
Several people in the Pixel 3 forum are reporting issues with Google Pay on Beta 3, but I used it Tuesday afternoon with no issue. I haven't tried again yet but I updated in the afternoon and rebooted to complete the update when I got in my car to go home. Stopped at the store on the way and used Google Pay without issue.
Gpay works. Did you wipe your wipe after relocking it? I know it says it wipes it. But doesn't truly wipe everything unless you access factory recovery and wipe it there too. I relocked my bl and gpay works fine. Beta 3 is certified now. Look in play store settings. Certified. So everything will work now. Having the oem ticked on with the bl locked will also deny some features. That switch has to be off to be truly locked. After relocking you have to go into settings and flip that off. It will be on after relocking.
I was given a Pixel 2 XL by a friend, and it had an unlocked bootloader, but I couldn't tell whether or not he tried to root it. And I couldn't use some GPay features, which I'd like to. So to be safe, I went through the process of flashing a stock image using Google's instructions: boot bootloader via ADB, didn't have to unlock my bootloader as it was already unlocked, and then used flash-all with the stock Android 11 image I had downloaded from Google. Didn't re-lock because I still wasn't sure that it was because of the unlocked bootloader that I couldn't use those features, but upon trying to use them I found it that it is. So now I'd like to lock the bootloader, which Google also has instructions for, but I'm concerned because everything I read makes re-locking sound like a toss-up that might end in a bricked phone.
Do I have need to be worried? Some things I read say to do a factory reset before flashing, some say to flash it more than once, before re-locking the bootloader; is that necessary? Should I factory reset before using ADB/Fastboot to re-lock it? Should I re-flash the stock image, just to be paranoid about it? Or was it sufficient the first time, with no need to reset beforehand because locking the bootloader will erase all my user data anyway?
I just really don't want to brick my phone trying to get it back to a normal, stock state.
Download the latest update and install that. Doing that will wipe the phone and remove root. It'll be like taking it off of the box brand new.
BEFORE you relock it, reboot it and make sure it works. Once you're satisfied that it works, then relock it.
Larzzzz82 said:
Download the latest update and install that. Doing that will wipe the phone and remove root. It'll be like taking it off of the box brand new.
BEFORE you relock it, reboot it and make sure it works. Once you're satisfied that it works, then relock it.
Click to expand...
Click to collapse
Awesome, thank you, that worked well for me.
Did you re-lock the bootloader yet? The old problem of no USB ADB/file access is showing up again for me on build RP1A.201005.004, Oct 2020 with Oct 5th security update.
There's a new factory image, RP1A.201005.004.A1, Dec 2020 that I hope is the fix, but I can't install it because my bootloader isn't unlocked and I can't get ADB to connect other than through wireless.
Double check your USB ADB/file transfer before you re-lock and turn off automatic updates.