tdm
-
Content Count
801 -
Joined
-
Last visited
-
Days Won
84
Posts posted by tdm
-
-
1 minute ago, Hook said:
Thanks, I never knew that existed. I'll have to give it a try. I'm not a big fan of Magisk, but the only instructions on this forum were for Magisk. Is the right one Arm64 or Arm?
The Lineage version is 16.0 and the device is arm64. So you want "addonsu-16.0-arm64-signed.zip".
-
3
-
-
Just now, Hook said:
Okay, so it seems to me that you are talking about a different "SU add-on" than Magisk as Magisk gives me root but does not add options for the root setting in developer settings. Are you talking about (formerly Chainfire's) SuperSU, which I've always used before, or is there another SU add-on you are referring to. I'm assuming the kernel trick works with what you are referring to and not with Magisk.
I actually have no pressing need to hide root, but I am curious about how you are doing root just so I can learn the options.
No, I am talking about the Official(tm) LineageOS superuser add-on from here. I do not use or endorse any other su package, and I absolutely don't touch magisk at all.
-
1
-
2
-
-
Just now, acrux said:
But then test11 is even more older, but installs and boots successfully 😉
Right, that is the strange part. So maybe the opposite. I don't know. It's all conjecture until I can get logs...
-
23 minutes ago, VaZso said:
Will it remain usable the same way after LineageOS becomes official and maybe upgraded?
...just because it would be a very good reason installing LineageOS instead of stock one...Yes, official Lineage behaves the exact same way for root access, etc.
-
2
-
-
23 minutes ago, schmittlauch said:
For completeness sake it needs to be said that recent devices like mine (yours as well, acrux?) seem to have been shipped with a pre-release of an upcoming stock update.
Unfortunately I do not recall the exact build number and date. So if it was possible that the update had updated some firmware of components in a backwards-incompatible way, that could be the cause for just flashing the provided older stock images over it doesn't put us in the same state as it'd be for previously shipped phones.
Maybe @Waxberry can clarify what's the current status of firmware updates and shipped stock ROM builds?
I suspected something like this. AVB is probably unhappy because the Lineage security patch level is less than the stock patch level for the newest devices. Or something like that. I'll need to investigate.
-
22 minutes ago, Hook said:
I know about the developer options and have them revealed. The root settings option I've never touched. It has only 2 settings-- disabled and ADB only. "disabled" is the default and since neither setting seems right and root works, bI'veejust left it on disabled. So I am trying to figure how it maps to your explanation, but if everything keeps working I won't worry about it. 😉
The root access setting is dynamic. By default it only shows disabled and adb. When you install the su add-on, it adds the "apps and adb" option.
-
26 minutes ago, marmistrz said:
Wait, does it mean that I didn't need to flash the LOS 16.0 root add-on? xD I did it almost automatically, because every time I flashed LOS before root was not included by default 😛
No, you still need to flash the add-on for su to work. The add-on contains the su binary. The kernel patch does not provide an su binary, it only hides the su binary when root access is disabled for apps.
-
19 minutes ago, Hook said:
I'm confused by this, probably because I know less than I should and tend to just follow instructions like recipes. I don't know of enabling SU for apps in settings. I just Flash Lineage, flash Gaaps and flash Magisk in recovery (rebooting recovery between each) and it just works. What settings are you referring to here? Is this new in the new build? Or can I just keep doing what I have been doing? Or (most likely), am I misunderstanding everything. 😄
The setting is "root access" in developer options.
And note developer options is not visible by default, you need to enable it by tapping on the build number 7 times.
-
1
-
1
-
-
17 minutes ago, acrux said:
Pro1 was reverted to stock using fastboot method published here. First boot went to the stock recovery asking to format/wipe data. After doing that stock booted to android initial setup screen. Switced the Pro1 off.
Followed carefully the test14 install procedure. Result as with test12 - test13 - very long startup animation and then rebooted to recovery screen offering only either to continue or to wipe system data. Tried both with no results.
Thanks for the recovery log, but unfortunately that is not really helpful -- it only says that the Lineage install succeeded.
I need a logcat of Lineage (trying to) boot in order to figure out what's going on. This will require some tweaks to enable logcat at startup. If you are comfortable hacking on your phone with adb, we can try to do that. Alternatively, perhaps you can tell me exactly which version of stock you were running and maybe I can reproduce that here.
-
1
-
1
-
-
2 hours ago, marmistrz said:
Is the su-hide patch opt-in/opt-out? I have absolutely no reason to hide su from any of my apps and this sounds like something that could break some apps really needing su.
No, it is not opt-in/opt-out. But it does not break anything either. It works like this:
If root access is enabled for apps in settings, the patch does nothing -- su works normally.
If root access is disabled for apps in settings, the su binary (/system/xbin/su) disappears. You cannot see it with "ls" or "stat", it cannot be run, etc. It simply does not exist.
Note that root access for adb still works in both cases, as it does not use the su binary.
-
4
-
-
test15 is up. Changes:
* Fix QWERTZ apostrophe (really!)
* Back out noise rejection bits from DT2W patch
* Add su-hide patch
Please test. Particularly those that have had issues with the screen failing to turn on after sleep. I would like to know if this fixes the issue or not. If it does not, I'll need to play with the noise rejection stuff and see if I can fix the issue without the visual artifacts on my device.
-
5
-
-
1 hour ago, marmistrz said:
I think I have flashed all the available updates to stock before flashing Lineage. Btw. is it possible to update firmware without reverting to stock?
Can I somehow make a restorable backup with the LineageOS recovery or something else, so that I can go back to test10 if things go wrong? Or will A/B just do the right thing for me?I can't find the option in the LOS recovery. Is the TWRP from some different thread compatible with LineageOS? (there's no separate recovery in system-as-root, that's why I'm asking)
It is possible to update firmware without going back to stock. It requires one person (me, most likely) to flash the stock update, copy the firmware partitions, and make a flashable zip.
The only way to make a backup of userdata right now is to make a copy of your userdata image (eg. using "dd"). When a decrypting TWRP is available, that will be a much nicer way. But yes, you should also be able to use the A/B system to try different test builds.
You are correct, TWRP for system-as-root devices should install by injection into the boot partition instead of a partition image. I don't know if the existing Pro1 TWRP does that or not.
-
2 hours ago, Jordi said:
Is there a safe way to hide root in LineageOS? Some apps I use require a non-rooted device.
Yes. I actually wrote the kernel patch to do that, about ... 3 or 4 years ago. I'll apply that for next build.
The patch works by watching for the su daemon process. When it is running, everything is normal. When it is not running, the kernel hides the existence of the su binary -- it cannot be detected with "ls" or "stat" etc. except by root. So you just disable root before running one of those (annoying and broken) apps.
-
6
-
-
6 hours ago, EskeRahn said:
Same here.
BTW @tdm "Horizontal" is perhaps not the most clear term, for a phone being used in both directions. 😉
Okay let's assume for now it only affects pre-production devices. I'll still look into it though because it is quite annoying.
And yes, perhaps not the best description. But if you see it, you'll know...
-
2
-
-
Is anyone else seeing horizontal lines flickering across the screen with test14? I saw this with stock but haven't seen it with Lineage until today. So the DT2W kernel patch must be the cause.
-
test14 is up. Changes:
* Fix QWERTZ apostrophe.
* Disable double tap to wake.
Also updated github repos.
-
6
-
-
5 hours ago, marmistrz said:
It's my first flash (I have never flashed any custom ROM before) and test13 doesn't work for me. After flashing I get: "Can't load Android system. Your data may continue to get this message, you may ne factory data reset and erase all user da device".
/edit: test10 works fine.
Which version of stock did you have running prior to flashing Lineage?
Does upgrading to test12 or test13 work, or are you stuck on test10?
-
1
-
-
6 hours ago, EvilDragon said:
Maybe someone here knows:
I´ve installed the official Corona warn app from german government which uses the new expose notification framework from Google (implemented in play services 17.x and higher - I´m running the latest 20.x version).
However, it complains that it can´t find the api - and the same seems to happen for all Xiaomi users.
Does anyone know what´s missing here? Is this something that can even be fixed with an OS like Lineage?
Apparently the German corona-warn-app is only available from Play Store in Germany (known issue on github), so I installed it from apkmirror (here). It installs and starts fine on my device using test13 and Play Services 20.18.17. Is there a particular function in the app that fails?
-
5 hours ago, marmistrz said:
Thanks a lot for the suggestion. The USB dump is attached.
Well, I'm afraid I don't know anything about the USB low level stuff. I only know the various protocols involved, which use bulk transfers. In your first capture, there are no bulk transfers at all. So everything that is happening is low level. In your second capture, I see the host sending a request (packet 157, "getvar:has-slot:boot_a"). The phone does not respond at all. I'm working with another user who is seeing a similar issue with EDL. Not sure if they are related, but it seems like it may be. My current theory is that the host is incompatible with the phone in some way. Can you perhaps try different host ports? For example, avoid USB 3.0 ports, try with/without a hub, and even try different hosts?
-
That is very strange. I've never seen anything like that. Out of curiosity, I searched the bootloader source code for that string, and found ... nothing. 😕
If you send me a wireshark dump of the usb traffic, maybe I can find a clue?
-
1
-
-
14 hours ago, TeZtdevice said:
Any good news?
Which information needs to encrypt the partition.. who is the man, we are waiting for? 😞I'll probably be the one to do that. I got close to a functional decrypt before covid hit, but haven't been able to work on it since. I'm focused on getting Lineage finished and official and TWRP should come after that.
-
6
-
5
-
-
7 hours ago, daniel.schaaaf said:
[...] snip [...]
I agree with most of what you said. Except perhaps the part about comparing app permissions to a desktop OS. Every desktop OS allows apps (we used to call them programs or executables, remember?) to do pretty much whatever they want whenever they want.
Please note that there are two distinct meanings for "secure" / "security" in terms of a device. There is security from the corporate perspective, which includes things like DRM and evidence of tampering. And then there is security from the user perspective, which includes exploiting vulnerabilities, hacking, malware, etc. Whenever a company talks about security, they are talking about security for them, not you. That may intersect somewhat, but when it does not, they will only care about their security, not yours.
Google has had to walk an interesting line regarding rooting and software generally. They had little chance of competing with the iPhone without an open source OS that companies could take and customize. But that open source OS is also one of the major reasons that advanced users expect to be able to have root access. Not only that, many manufacturers like FxTec, OnePlus, and many many others, including Google themselves allow unlocking the boot loader and installing custom software that effectively hands complete control of the device to the user. On the flip side of the coin, companies including Google themselves want all the corporate things from Android -- namely "security" (for them). So they come up with complex schemes like SafetyNet to try to detect when devices are not "secure".
But what about user security? Companies will tell you that locking a device and only running signed software makes a device more "secure". From a user perspective, it does -- to a degree -- as long as the OEM is providing regular security updates, a locked device is technically more secure against hacking and malware than an unlocked device. But as soon as the OEM stops doing updates, third party software like LineageOS actually makes the device more "secure" for the user than the OEM software. That's the part they don't like to talk about. They would much rather you go out and buy a new device with new software than keep pumping money into doing software updates for devices that are not making any revenue. And the Pro1 has the additional wrinkle that Qualcomm Secure Boot is off, so the device can never really be fully locked and secure.
-
5
-
1
-
-
5 hours ago, EvilDragon said:
Great to see you´re doing fine and that things are moving again 🙂
I flashed Test13 and the keyboard on my German version is a lot better. I think the only wrong key is the apostrophe on L now.
However, I now have the issue that recording WhatsApp voice messages (at least with my cable headset) has problems.
It heavily stutters. I´m not sure which version I used before (but it was one which had the audio fix already), but it worked fine before.Has anything been changed in that area?
Oh, I didn't know you still had or used a Pro1. Good to see you are still here. 🙂 I should have the apostrophe on the L fixed for the next build.
Sorry, I don't know what could be up with WhatsApp. Can you tell me what is the last build that worked?
-
7 hours ago, SteffenWi said:
HTTPS redirect on your domain would be less about "hiding" something and more about avoiding a situation where someone could alter the file/site content while it is downloaded/transmitted.
Fair enough. And you are able to choose to verify your content via HTTPS, MD5, SHA1, or all three. 🙂
Of course if you were really worried about MITM attacks you would be right to be concerned that the attacker could alter the hashes on the lineage.html page also. In which case, I suppose those people would be asking for the hashes to be made available via a third party server (such as this forum). But nobody has asked for this so far. In fact, I doubt that more than a couple people even bother to check the hashes.
7 hours ago, SteffenWi said:As for boot problems: I never installed SailfishOS, but I was unable to sideload the test12.zip due to a timestamp issue. It said something about not being able to downgrade? I'm not sure when I flashed/sideloaded stuff before but it had been weeks at least and I wiped everything anyway before flashing the image with the german keyboard layout stuff.
When test13 became available I tried again and it worked. No issues now. In fact, the german layout works perfectly - if one finds and sets the correct option (thank you @EskeRahn for telling us how to find it 😉 ). Thank you for making that work everyone!
Hmm, not sure what the timestamp issue could be. But now that it's gone I guess I won't worry about it.
7 hours ago, SteffenWi said:Lastly I have a question: I check your git repository every once in a while and despite all the work you did, I'm not seeing any commits there? The latest commit is about fixing the FM radio.
Indeed, I have neglected to push up the changes recently. I believe I've only changed the QWERTZ kernel keymap on my local machine, but I'll certainly get that pushed up soon.
-
2
-
LineageOS, Current status : 16.0 Test Builds
in Support
Posted
Regarding root detection and the su-hide patch...
The kernel su hide patch was intended for a specific purpose: someone claimed that Lineage su was insecure but refused to provide any details except that it could be exploited even when root access was disabled in settings. The su-hide patch was my response. It is impossible to exploit something that does not exist. 🙂
The patch was never intended to prevent apps from detecting the device has been rooted. That is a cat-and-mouse game and I don't play. If an app insists that it run on an un-rooted device or does anything else that is hostile to the user (such as SafetyNet checks), I don't install it.
The way to determine if the su-hide patch is working is as follows: disable root access in settings and then try to access su from a non-root shell (either adb or a terminal app). If the su binary is accessible, the patch is broken. If not, the patch is working.
If you want to run an app that does checks which are hostile to the user, please do feel free -- it's your device. You can run xposed and magisk and whatever else you like. But this is not my concern and I will not support either the hostile apps nor the apps which try to hide from them.