Wednesday, January 23, 2019

rom flashing - How to disable dm-verity on `Treble` , `system-as-root` device?


Background: Please check following links



  1. How to disable dm-verity on Android with “user” build type ROM?

  2. Stuck in boot-loop when unpack and pack system.img?


Update: So, I am trying to disable dm-verity on my Samsung S10 5G device to successfully flash an unpack, unmodified and then packed system.img.ext4.lz4 file(with another ROM files) using Odin.


I have tried the following things:



  1. Removed avb flag from boot.img with following commands:



# magiskboot dtb boot.img print -f
> #345900: fstab
│  [compatible]: [android,fstab]
├── #345940: vendor
│      [compatible]: [android,vendor]
│      [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]
│      [type]: [ext4]
│      [mnt_flags]: [ro,barrier=1,discard]
│      [fsmgr_flags]: [wait,slotselect,avb]

│      [status]: [ok]
└── #346156: vm-linux
       [compatible]: [android,vm-linux]
       [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vm-linux]
       [type]: [emmc]
       [mnt_flags]: [ro]
       [fsmgr_flags]: [wait,slotselect]
       [status]: []
#343692: fstab
│  [compatible]: [android,fstab]

├── #343732: vendor
│      [compatible]: [android,vendor]
│      [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]
│      [type]: [ext4]
│      [mnt_flags]: [ro,barrier=1,discard]
│      [fsmgr_flags]: [wait,slotselect,avb]
│      [status]: [ok]
└── #343948: vm-linux
       [compatible]: [android,vm-linux]
       [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vm-linux]

       [type]: [emmc]
       [mnt_flags]: [ro]
       [fsmgr_flags]: [wait,slotselect]
       [status]: []


# magiskboot dtb boot.img patch

# magiskboot dtb boot.img print -f
> #345900: fstab

│  [compatible]: [android,fstab]
├── #345940: vendor
│      [compatible]: [android,vendor]
│      [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]
│      [type]: [ext4]
│      [mnt_flags]: [ro,barrier=1,discard]
│      [fsmgr_flags]: [wait,slotselect]
│      [status]: [ok]
└── #346152: vm-linux
       [compatible]: [android,vm-linux]

       [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vm-linux]
       [type]: [emmc]
       [mnt_flags]: [ro]
       [fsmgr_flags]: [wait,slotselect]
       [status]: []
#343692: fstab
│  [compatible]: [android,fstab]
├── #343732: vendor
│      [compatible]: [android,vendor]
│      [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]

│      [type]: [ext4]
│      [mnt_flags]: [ro,barrier=1,discard]
│      [fsmgr_flags]: [wait,slotselect]
│      [status]: [ok]
└── #343944: vm-linux
       [compatible]: [android,vm-linux]
       [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vm-linux]
       [type]: [emmc]
       [mnt_flags]: [ro]
       [fsmgr_flags]: [wait,slotselect]

       [status]: []


  1. Removed avb and verify flags from dtbo.img with following commands:


# magiskboot dtb dtbo.img print -f
> #126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]

│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor
       [compatible]: [android,vendor]
       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]
       [type]: [ext4]
       [mnt_flags]: [ro,barrier=1,discard]
       [fsmgr_flags]: [wait,verify,avb]
#126596: fstab

├── #126608: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]# magiskboot dtb dtbo.img print -f
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126796: vendor
       [compatible]: [android,vendor]
       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]
       [type]: [ext4]

       [mnt_flags]: [ro,barrier=1,discard]
       [fsmgr_flags]: [wait,verify,avb]
#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor

       [compatible]: [android,vendor]
       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]
       [type]: [ext4]
       [mnt_flags]: [ro,barrier=1,discard]
       [fsmgr_flags]: [wait,verify,avb]
#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]

│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor
       [compatible]: [android,vendor]
       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]
       [type]: [ext4]
       [mnt_flags]: [ro,barrier=1,discard]
       [fsmgr_flags]: [wait,verify,avb]
#126600: fstab
├── #126612: product

│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor
       [compatible]: [android,vendor]
       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]
       [type]: [ext4]
       [mnt_flags]: [ro,barrier=1,discard]

       [fsmgr_flags]: [wait,verify,avb]
#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor
       [compatible]: [android,vendor]

       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]
       [type]: [ext4]
       [mnt_flags]: [ro,barrier=1,discard]
       [fsmgr_flags]: [wait,verify,avb]


# magiskboot dtb dtbo.img patch


# magiskboot dtb dtbo.img print -f

> #126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]
└── #126792: vendor
       [compatible]: [android,vendor]
       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]

       [type]: [ext4]
       [mnt_flags]: [ro,barrier=1,discard]
       [fsmgr_flags]: [wait,]
#126596: fstab
├── #126608: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]

└── #126788: vendor
       [compatible]: [android,vendor]
       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]
       [type]: [ext4]
       [mnt_flags]: [ro,barrier=1,discard]
       [fsmgr_flags]: [wait,]
#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]

│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]
└── #126792: vendor
       [compatible]: [android,vendor]
       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]
       [type]: [ext4]
       [mnt_flags]: [ro,barrier=1,discard]
       [fsmgr_flags]: [wait,]
#126600: fstab

├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]
└── #126792: vendor
       [compatible]: [android,vendor]
       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]
       [type]: [ext4]

       [mnt_flags]: [ro,barrier=1,discard]
       [fsmgr_flags]: [wait,]
#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]
└── #126792: vendor

       [compatible]: [android,vendor]
       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]
       [type]: [ext4]
       [mnt_flags]: [ro,barrier=1,discard]
       [fsmgr_flags]: [wait,]
#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]

│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]
└── #126792: vendor
       [compatible]: [android,vendor]
       [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/vendor]
       [type]: [ext4]
       [mnt_flags]: [ro,barrier=1,discard]
       [fsmgr_flags]: [wait,]



  1. Patched ramdisk.cpio with following commands:


# magiskboot cpio ./initrd 'patch false true'
Loading cpio: [./initrd]
Patch with flag KEEPVERITY=[false] KEEPFORCEENCRYPT=[false]
Found fstab file [etc/recovery.fstab]
Dump cpio: [./initrd]

# magiskboot cpio ./initrd extract
# cat etc/recovery.fstab

> # Copyright (c) 2013, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#     * Redistributions of source code must retain the above copyright
#       notice, this list of conditions and the following disclaimer.
#     * Redistributions in binary form must reproduce the above
#       copyright notice, this list of conditions and the following
#       disclaimer in the documentation and/or other materials provided

#       with the distribution.
#     * Neither the name of The Linux Foundation nor the names of its
#       contributors may be used to endorse or promote products derived
#       from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#                                                
/dev/block/bootdevice/by-name/boot        /boot           emmc        defaults                  recoveryonly
/dev/block/bootdevice/by-name/recovery    /recovery       emmc        defaults                  recoveryonly

/dev/block/bootdevice/by-name/system      /               ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/userdata    /data           ext4        defaults                  wait,length=-16384
/dev/block/bootdevice/by-name/cache       /cache          ext4        defaults                  recoveryonly
/dev/block/mmcblk0p1                      /sdcard         vfat        defaults                  recoveryonly
/dev/block/bootdevice/by-name/sec_efs     /efs            ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/sec_efs     /sec_efs        ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/carrier     /carrier        ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/hidden      /preload        ext4        defaults                  recoveryonly

# FOTA

/dev/block/bootdevice/by-name/apnhlos     /modem          emmc        defaults                  recoveryonly
/dev/block/bootdevice/by-name/modem       /mdm            emmc        defaults                  recoveryonly
/dev/block/bootdevice/by-name/dsp         /dsp            emmc        defaults                  recoveryonly
/dev/block/bootdevice/by-name/vendor      /vendor         ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/product     /product        ext4        defaults                  recoveryonly

# Add misc for GOTA
/dev/block/bootdevice/by-name/misc        /misc           emmc        defaults                  recoveryonly

# Samsung ODE

/dev/block/bootdevice/by-name/keydata     /keydata        ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/keyrefuge   /keyrefuge      ext4        defaults                  recoveryonly

#Auto-generated code by FOTA Portal
/dev/block/bootdevice/by-name/dtbo  /dtbo   emmc    default recoveryonly


After patching, I have converted dtbo.img to dtbo.img.lz4 using lz4 compression tool and created new recovery.img image with patched initrd file.


After that. I have tried to flash magisk_patched.tar file with AP contents as one of the following:




  • Overwritten all three patched file in points 1, 2 and 3 above. -> Stuck at splash screen when trying to go to recovery after successfully flash with Odin. Download mode is appearing on splash screen.

  • Overwritten 1.boot.img and 2.dtbo.img.lz4 above. -> Successfully rooted but when trying to edit the system_root partition then I am facing the following problem:


D:\>adb shell
beyondxq:/ $ su
beyondxq:/ # mount -o rw,remount /system
beyondxq:/ # cd system
beyondxq:/system # echo "Test /system mounting" > temp.txt
beyondxq:/system # cat temp.txt
Test /system mounting

beyondxq:/system # cd ..
beyondxq:/ # mount -o rw,remount /system_root
beyondxq:/ # echo "Test /system_root mounting" > temp.txt
/system/bin/sh: can't create temp.txt: Read-only file system           ---> Error here
1|beyondxq:/ # cat system/temp.txt
Test /system mounting
beyondxq:/ # cat system_root/temp.txt
cat: system_root/temp.txt: No such file or directory              ---> Verify: File not created
1|beyondxq:/ # exit
1|beyondxq:/ $ exit


D:\>adb remount
Not running as root. Try "adb root" first.

D:\>adb root              ---> It didn't work as the next command is not working

D:\>adb remount                            
Not running as root. Try "adb root" first.

D:\>adb shell

beyondxq:/ $ su
beyondxq:/ # ls sdcard
Alarms Android DCIM Download Movies Music Notifications Pictures Podcasts Ringtones Samsung selinux_policy_modified
beyondxq:/ # mount -o rw,remount /system_root
beyondxq:/ # cp sdcard/selinux_policy_modified /system_root/sepolicy
cp: /system_root/sepolicy: Permission denied      ---> Permission Denied here
1|beyondxq:/ #


  • Overwritten 1.boot.img and 2.dtbo.img.lz4 above with unpack and packed system.img.ext4.lz4 -> The result is boot-loop after successful flashing.



Please suggest what went wrong or am I missing any step.




-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...