Database Users

[GUIDE] Root & recovery WITHOUT oem unlock & wipe (2.3.2 & older, plus now 2.3)

[GUIDE] Root & recovery WITHOUT oem unlock & wipe (2.3.2 & older, plus now 2.3)
UPDATE #2 - Fitchman has reported successful root and rom flash without unlocking the bootloader by using Ginger Break. Full details in this post: http://forum.xda-developers.com/showpost.php?p=13236136&postcount=135
UPDATE - IMPORTANT: This method does not work with Android 2.3.3. Search the forum or this post in this thread for a way to update to 2.3.3 and root without unlocking if you haven't updated yet.
Alternatively, use this method on 2.3.2 and lower, then use titanium to back up everything, store it on your laptop (along with all your sdcard's data), then do the oem unlock step first and then continue from there with the rest of the guide.
Not my original idea, but a consolidation of a discussion between inakipaz and shrivelfig and myself in another thread and being posted here for easier finding by future root-seekers.
Shrivelfig's tested the method to re-root a previously rooted pone with a re-locked bootloader, and inakipaz has done it on a phone that's never had the bootloader unlocked.
The advantage here is that those who chose not to root when they first got the phone won't lose any app data or sdcard data like the methods that have you unlock the bootloader do. The disadvantage is your bootloader remains locked, which may prevent you flashing certain things in the future.
edit: see ravidavi's posts below; he's shown you can even flash custom roms that are clockwork compatible while having a locked bootloader with this method.
Download these two files:
clockwork recovery v3.0.0.5 or clockwork recovery v3.0.0.5 mirror if above not working
su-2.3.6.1-ef-signed.zip
Koush's blog for the latest clockwork updates (find Nexus S in the list).
Also, if you don't already have the necessary android sdk and drivers on your computer, get them from here: http://developer.android.com/sdk/index.html and install them. Some Windows users report better luck just installing pdanet. There's a decent guide for Windows users on installing the sdk here.
Place the recovery file on your laptop where you can access it while using the sdk fastboot commands.
Place the su zip one in the top level folder of your sdcard.
Put your phone in fastboot mode (power off, then hold volume up and power key at the same time until the phone boots to a white screen).
Use fastboot to boot the phone into the clockwork recovery:
Code:
fastboot boot recovery-clockwork-3.0.0.5-crespo.img
If you're not sure how to get fastboot working on your computer, follow the excellent instructions that Allgamer gives in this GUIDE, but don't do the oem unlock command!
Once in clockwork, flash the su file to the phone by following these steps below.
To navigate in the clockwork recovery, you use the volume keys to scroll up/down through the menus, and the on/off button to select what's highlighted.
(note: some report success without these first 3 steps, others don't get a succesful root without, I recommend doing them)
select mounts and storage.
select mount /system
select go back
select install ZIP from sdcard
select choose zip from sdcard
select su-version#-signed.zip file you downloaded earlier
select yes - install su-version#-signed.zip
confirm it says "Install from sdcard complete"
select go back
select reboot
After the phone reboots, you should be rooted, with a locked bootloader, and none of your data erased.
That said, never hurts to have a backup of your precious data on the sdcard that you can copy over to the computer.
This method doesn't install busybox, so go to the Market and download/install busybox directly, or get Titanium Backup and check it's "problems?" button and let it install busybox for you. There's also an app called root checker that supposedly verifies you have a working root on your phone.
Once you have a successful root installed, I'd suggest getting back into clockwork recovery and running a nandroid back up from clockwork's backs and restore menu. Then copy that file from your sdcard (in the /clockwork/backups folder) to your laptop for safe-keeping and an easy full system restore to a known working config.
Usual disclaimers about I'm not responsible for damage to your phone or loss of data apply. Use any rooting method at your own risk.
Thanks and all the real credit go to inakipaz, shrivelfig and allgamer, and of course to koush, and ChainsDD for the superuser apk.

Worked perfectly. I used fastboot from my Mac (outlined in the stickied Mac Root thread). Root checker verifies that I have root.
And by the way, my phone and I are both root/ROM cherry. First android phone, first time rooter. Will work up the guts to flash a ROM soon, but of course there's no chance of doing THAT without unlocking the bootloader.
Thanks to all involved in this!

yeah! good work!

Srsly. Awsom.
Someone sticky this....

Question: When you do the fastboot boot command, does that overwrite the stock recovery with Clockwork? Or is it just booting into the recovery img without actually flashing it?
I would think this method also gives you a way to back up before unlocking the bootloader.
1) fastboot boot into Clockwork as described here
2) Full nandroid backup from Clockwork
3) Mount "SD" from Clockwork over USB, copy everything to computer (since it wipes everything)
4) Go back and unlock the bootloader as usual, resulting in a full wipe
5) Flash Clockwork Recovery again through whichever method
6) Mount "SD" from Clockwork over USB, copy the backup back to phone
7) Restore nandroid
And now you've unlocked the bootloader without amnesia =)
ravidavi said:
And by the way, my phone and I are both root/ROM cherry. First android phone, first time rooter. Will work up the guts to flash a ROM soon, but of course there's no chance of doing THAT without unlocking the bootloader.
Thanks to all involved in this!
Click to expand...
Click to collapse
Are you sure you need to unlock the bootloader to flash a ROM? Now that you have root, try installing ROM Manager from the Market, and see if it lets you flash custom recovery with bootloader still locked. If so, then yes you can install a ROM!
Also, the fact that you're able to boot into Clockwork using "fastboot boot" - that also means you can install a ROM .zip file right from there.

cmstlist said:
Question: When you do the fastboot boot command, does that overwrite the stock recovery with Clockwork? Or is it just booting into the recovery img without actually flashing it?
Click to expand...
Click to collapse
"fastboot boot" only launches the recovery no unlock needed. "fastboot flash" flash the recovery

cmstlist said:
Are you sure you need to unlock the bootloader to flash a ROM? Now that you have root, try installing ROM Manager from the Market, and see if it lets you flash custom recovery with bootloader still locked. If so, then yes you can install a ROM!.
Click to expand...
Click to collapse
It worked! Here's the process I used, starting from a completely unmodded Nexus S.
1: Use the method detailed here to gain root access without unlocking the bootloader.
2: Using a root-enabled file explorer (I used Super Manager), rename install-recovery.sh (in /etc) to install-recovery.sh.old . You'll need to remount as r/w to do this. NOTE: You don't *have* to do this step, but if you don't, then you can only use clockwork once after which it will be erased on reboot.
3: Using ROM Manager, install Clockwork Recovery.
4: Pleasure yourself, because your bootloader is still locked and nothing was erased.
I have yet to try actually flashing a custom ROM. Does this mean that it can also be done without unlocking bootloader?

Well damn, whaddaya know. I just flashed MoDaCo r10 without unlocking the bootloader, and without losing any personal data on /sdcard.
I figure someone at XDA should like this.
Pretty much followed distortedloop's advice. Starting from a fully stock Nexus S with Android 2.3.2 (GRH78C):
* Root using the method on this thread.
* Rename install-recovery.su to install-recovery-old.su. (in /bin)
* Install Clockwork Recovery from ROM Manager.
* Download whatever ROM you want (compatible with Clockwork), rename to update.zip, and copy to sdcard.
* Reboot into Clockwork.
* Wipe cache, reset to factory (IF REQUIRED BY NEW ROM). This was my first install of MoDaCo, and that requires it. This step does NOT erase your personal files on sdcard, just all android-related files.
* Install update.zip from Clockwork.
* Continue self-pleasuring ... you now have a custom rom without touching your bootloader or wiping your personal sdcard data.
Maybe it's just because I'm a noob here, but it seems to me that this is a BIG deal. All root/ROM installation methods that I've seen so far have required an unlocked bootloader. This seems to be the first time a Nexus S has been unlocked and custom-ROM'd without unlocking the bootloader and wiping the entire /sdcard.
Ravi

Yeah, it's pretty clear that the unlock the bootloader step isn't necessary for most of what we want to do. Just a habit from earlier devices, perhaps?
What's really odd is now we have to wonder what's the purpose of the oem unlock erasing your sdcard? Speculation was that it was a security feature to keep people from accessing your data if they stole your phone; they couldn't flash something on the phone to get access, but clearly they can. Fastboot into a custom recovery and you own the phone.
Perhaps this is a security hole Google will try to fix some day?
At any rate, I wish we'd discovered this sooner, it would have saved several people some grief in having to lose saved games (Angry Birds!) when they finally decided to root.

distortedloop said:
Yeah, it's pretty clear that the unlock the bootloader step isn't necessary for most of what we want to do. Just a habit from earlier devices, perhaps?
...
At any rate, I wish we'd discovered this sooner, it would have saved several people some grief in having to lose saved games (Angry Birds!) when they finally decided to root.
Click to expand...
Click to collapse
You say "for most of what we want to do." Could you think of a case where you would need to unlock it now? It's now shown to be unnecessary for rooting and installing custom recovery/ROM.
Is there any way to get the word out? This thread isn't stickied, and all the stickied threads on rooting & custom ROMs currently assert that you have to unlock the bootloader.
Ravi

ravidavi said:
You say "for most of what we want to do." Could you think of a case where you would need to unlock it now? It's now shown to be unnecessary for rooting and installing custom recovery/ROM.
Click to expand...
Click to collapse
I'm thinking that something like Superboot might need to have the bootloader unlocked, since it replaces the boot image, right? But I'm not sure.
ravidavi said:
Is there any way to get the word out? This thread isn't stickied, and all the stickied threads on rooting & custom ROMs currently assert that you have to unlock the bootloader.
Ravi
Click to expand...
Click to collapse
There's only a page and a half of posts in the development section right now, so it's not likely to disappear any time soon, but you could ask a mod (theimpaler747 is ours) via PM to sticky it. I thought about asking myself, but seemed a bit tacky to ask for my own thread.
Meanwhile, I'd been linking people to various posts I'd made in other threads suggesting this might work, but once inakipaz and shrivelfig confirmed it, I'm just now pointing people here. I just hope people see this before wiping their phones unnecessarily.
Really, the other guides should just be updated to skip the oem unlock step. That's really the only different thing we're doing here.

i'm just waiting for more people "newbies" to confirm this actually works for them, before making it a sticky

In theory if you really really screw up your phone, you might need fastboot flash in order to recover it. But if fastboot also lets you boot into an img recovery... then you still have a recovery route that doesn't require unlocking.
Sent from my Nexus One using XDA App

I know it's a noob question and all since all you're doing is flashing a custom recovery but will you still be able to get OTA updates after doing this as well?
Sent from my Nexus S using XDA App

qreffie said:
I know it's a noob question and all since all you're doing is flashing a custom recovery but will you still be able to get OTA updates after doing this as well?
Sent from my Nexus S using XDA App
Click to expand...
Click to collapse
yes because you still have the original recovery installed

distortedloop said:
Perhaps this is a security hole Google will try to fix some day?
Click to expand...
Click to collapse
This would be my guess.
But how? Is it possible to plug this with just a software update? Time will show, I guess.
This (security hole) should also make it possible to do perfect out-of-the-box OS backups. And restores. The problem is that nobody's going to do a backup without playing with their shiny new toy first.

shrivelfig said:
This would be my guess.
But how? Is it possible to plug this with just a software update? Time will show, I guess.
This (security hole) should also make it possible to do perfect out-of-the-box OS backups. And restores. The problem is that nobody's going to do a backup without playing with their shiny new toy first.
Click to expand...
Click to collapse
I can confirm that the Nexus One does not allow this "fastboot boot" on a locked bootloader. Maybe this was just an oversight?
It is entirely possible to plug this with a software update: Samsung/Google could issue a signed update that includes a bootloader upgrade. This has been done many times by HTC for example.

I can confirm that this method works, without unlocking the BL or erasing the SD part.

This is pretty cool. I wish I new about this before I unlocked the bootloader days after I received my phone. I too wonder if this was intentional or an oversite. Google did want this phone to be for developers, but like other's said, this is also a bit of a security hole. The wiping of the sd card on unlock would protect the person if the phone was stolen, like if there was confidential corporate stuff on there. Even if you password protect your phone, someone could fastboot clockwork, mount the sd card and retrieve all the information that was on there.

cmstlist said:
It is entirely possible to plug this with a software update: Samsung/Google could issue a signed update that includes a bootloader upgrade. This has been done many times by HTC for example.
Click to expand...
Click to collapse
It's also been done by Samsung with some versions of the Galaxy S line (some of the "leaked" roms, and even one official kies push (IIRC) changed the bootloader, causing people the ability to use 3 button mode for Odin access, and causing others to lose it.

can not install bootloader of choice

Do I have to install cwmtouch also if all I want to add is kinfauns fff1.3 bootloader, to change the logo and keep TWRP?. I tried installing just kinfauns fff1.3 bootloader, but can not gain SU.

palmheel said:
Do I have to install cwmtouch also if all I want to add is kinfauns fff1.3 bootloader, to change the logo and keep TWRP?. I tried installing just kinfauns fff1.3 bootloader, but can not gain SU.
Click to expand...
Click to collapse
would try latest kfu 0.9.4 - point install latest firefirefire
hope this is 1.3 ...

palmheel said:
Do I have to install cwmtouch also if all I want to add is kinfauns fff1.3 bootloader, to change the logo and keep TWRP?. I tried installing just kinfauns fff1.3 bootloader, but can not gain SU.
Click to expand...
Click to collapse
You can mix and match whatever bootloader/recovery combination you want. They are on separate partitions, so flashing one does not affect the other.
The only caveat is that you must have TWRP installed before changing the bootloader because the distribution image for TWRP is a boot image that actually boots up and flashes both the recovery and bootloader partitions on its own. That boot image contains version 1.0 of FFF, so you must then overwrite it with whatever bootloader you want.
As a side note, the install process for TWRP is unintuitive and may be confusing for new users to have to use the "fastboot boot" instead of the "fastboot flash recovery" command. I've gone back and forth with CWMR and TWRP several times and it's annoying to have to flash the bootloader over and over again in the process. To get around that, I've extracted just the recovery image from the TWRP distribution and have been using that image instead. I've thought about posting it somewhere, but I didn't want to piss off the developers. Maybe if there's some demand for it, I'll just upload it somewhere to see if anybody comes screaming at me... or maybe just write a how-to for those interested in extracting it for themselves.

I've packaged it in my new method, I just need time to sit down n rewrite the install directions and update my post. I've also compiled a blue cwm of sbloods version 1.1 which will also be in the updated method.
but yup, what kinfaun said lol
Sent from my HTC Glacier using xda premium

Ok. Now, for the the dumb question of the day. I do have TWRP installed, I tried using the instructions on the [gscript][march11]install cwm recovery+bootloader of your choice (no fastboot) thread, but keep getting error with SU.

palmheel said:
Ok. Now, for the the dumb question of the day. I do have TWRP installed, I tried using the instructions on the [gscript][march11]install cwm recovery+bootloader of your choice (no fastboot) thread, but keep getting error with SU.
Click to expand...
Click to collapse
You might want to wait a day or two for everyone to finish banging away at the 6.3 update. I got one of the $139 refurbs and it came today. Trying to root it, I'm running into SU/permission issues too. Something changed but everyone just don't know what yet. From what I can tell, this is fairly standard every time Amazon releases an update.

Got it installed. Thanks to all, for all the info. Learning, all this is new to me.

[Q] Root and update to 4.3

Hi everyone!
i want to root my nexus 7, if i'm not wrong to root it i have to unlock the bootloader, and i will lose all my data (i'll use the Wug's Toolkit)
if i root it now with 4.2.2, when i update it with the new 4.3, i'll lose root? if yes to root again my nexus, i'll lose again my data?
i hope my english is not that ugly :silly:
thanks for the help!

Zambo27 said:
Hi everyone!
i want to root my nexus 7, if i'm not wrong to root it i have to unlock the bootloader, and i will lose all my data (i'll use the Wug's Toolkit)
if i root it now with 4.2.2, when i update it with the new 4.3, i'll lose root? if yes to root again my nexus, i'll lose again my data?
i hope my english is not that ugly :silly:
thanks for the help!
Click to expand...
Click to collapse
Hi, Zambo27...
Your English is fine... don't worry about it.
You don't necessarily have to unlock the BOOTLOADER to root STOCK JellyBean 4.2.2.
An 'exploit' has become available which obviates this need...
http://forum.xda-developers.com/showthread.php?t=2233852
I have tested this myself, and I can confirm that it works... it's actually really easy; takes about a minute or so. The only 'downside' is because the BOOTLOADER is still locked, you won't be able to flash any custom ROMs or kernels.
But if all you care about is running ROOTED stock, then this is by far the easiest way to go.
(And the the 'upside' of course is... it doesn't wipe the tablet.)
------
For any future OTA updates from Google, you should be able to backup your ROOT (su binary), and restore it again after the OTA, using Voodoo OTA RootKeeper - http://play.google.com/store/apps/details?id=org.projectvoodoo.otarootkeeper&hl=en.
Rgrds,
Ged.

GedBlake said:
Hi, Zambo27...
Your English is fine... don't worry about it.
You don't necessarily have to unlock the BOOTLOADER to root STOCK JellyBean 4.2.2.
An 'exploit' has become available which obviates this need...
http://forum.xda-developers.com/showthread.php?t=2233852
I have tested this myself, and I can confirm that it works... it's actually really easy; takes about a minute or so. The only 'downside' is because the BOOTLOADER is still locked, you won't be able to flash any custom ROMs or kernels.
But if all you care about is running ROOTED stock, then this is by far the easiest way to go.
(And the the 'upside' of course is... it doesn't wipe the tablet.)
------
For any future OTA updates from Google, you should be able to backup your ROOT (su binary), and restore it again after the OTA, using Voodoo OTA RootKeeper - http://play.google.com/store/apps/details?id=org.projectvoodoo.otarootkeeper&hl=en.
Rgrds,
Ged.
Click to expand...
Click to collapse
2 try to get root... it almost killed me xD
on the first try SuperSU was installed but it told me that "su command" wasn't
then i tried again and now it's rooted and it work fine
one last question, i read a thing
if i modifies "too much" i'll lose the possibility to update to android's next version, i want to fix the issue with the xbox wireless controller (http://forum.xda-developers.com/showthread.php?t=1792531) it will make me some problems?

GedBlake said:
The only 'downside' is because the BOOTLOADER is still locked, you won't be able to flash any custom ROMs or kernels.
Click to expand...
Click to collapse
Ged,
That is a mis-statement. Using a single "dd" command from a root shell - for example either adb or a terminal emulator, you can write a custom recovery image file to the SOS (recovery) partition.
$ su
# dd if=/sdcard/recovery-image-file.img of=/dev/block/platform/sdhci-tegra.3/by-name/SOS
That produces a tablet with a locked boot loader, a rooted stock ROM, and a custom recovery.
The very first thing to do at that point in time is to take a Nandroid backup - and get a copy of it off the tablet for safe keeping.
Jeez I wish the thread owners for toolkits and rooting methods would stress the importance of backups. There sure would be far fewer "omg help me please" requests in this (Q&A) forum if people would simply make backups of their nearly-stock ROMs.

bftb0 said:
Ged,
That is a mis-statement. Using a single "dd" command from a root shell - for example either adb or a terminal emulator, you can write a custom recovery image file to the SOS (recovery) partition.
$ su
# dd if=/sdcard/recovery-image-file.img of=/dev/block/platform/sdhci-tegra.3/by-name/SOS
That produces a tablet with a locked boot loader, a rooted stock ROM, and a custom recovery.
The very first thing to do at that point in time is to take a Nandroid backup - and get a copy of it off the tablet for safe keeping.
Jeez I wish the thread owners for toolkits and rooting methods would stress the importance of backups. There sure would be far fewer "omg help me please" requests in this (Q&A) forum if people would simply make backups of their nearly-stock ROMs.
Click to expand...
Click to collapse
Thanks for the info, bfb0... I had some suspicions about the 'dd' command, but I wasn't confident/certain about whether it would work with a locked bootloader.
But if I understand you correctly, there would be nothing to stop somebody from gaining root by the 'exploit' method I alluded to earlier, and then flashing a custom recovery using 'dd'...
...and then by extension flashing a custom ROM or kernel...
If my understanding is correct, then does this not make unlocking the bootloader somewhat redundant (with the consequential wipe)... or am I missing something here?
Definitely going to have to experiment with this... when I have the time.
----
Incidentally, I'm with you on the Nandroid backup issue... it is vaguely puzzling why this step isn't as ingrained in peoples flashing habits as perhaps it should be.
It's so easy to do... takes less than 5 minutes... and is a potential lifeline back to a working tablet.
Rgrds,
Ged.

GedBlake said:
But if I understand you correctly, there would be nothing to stop somebody from gaining root by the 'exploit' method I alluded to earlier, and then flashing a custom recovery using 'dd'...
...and then by extension flashing a custom ROM or kernel...
Click to expand...
Click to collapse
You understand correctly. Unlocking the bootloader only allows you extra functionality of the bootloader itself (via fastboot flashing/boot commands). It doesn't "unlock" data in partitions - that security is normally provided by the Linux kernel permission system. Once you have root in ANY booted Linux kernel which properly reads the eMMC (flash chip) partitioning and plumbs /dev/block/ entries into the device tree corresponding to those partitions, any root-privileged process can write whatever it wants into those partitions.*
GedBlake said:
If my understanding is correct, then does this not make unlocking the bootloader somewhat redundant (with the consequential wipe)... or am I missing something here?
Click to expand...
Click to collapse
More or less, except that the bootloader will still fire up even if /cache, /data, and/or /system are completely bolluxed up. TWRP (and maybe CWM?) try to immediately mount /data and /cache so they are not quite as robust in the face of user screw-ups. But yeah - if you are careful, you could do everything you want without unlocking the bootloader... so long as the custom recovery stays healthy.
Mark my words: there will be people who root without unlocking their bootloader or installing a custom recovery (and thus fail to make a Nandroid backup), and then wedge their OS... and then come in here whining that they can't rescue their tablet without unlocking their bootloader (and thus wiping their entire tablet).
* there have been android devices which used hardware locking to restrict even kernel access to certain flash memory partitions, but there is no evidence that the N7 bootloader lock state affects any of the typical partitions involved in ROM flashing (recovery, boot, system, cache, use data).

bftb0 said:
You understand correctly. Unlocking the bootloader only allows you extra functionality of the bootloader itself (via fastboot flashing/boot commands). It doesn't "unlock" data in partitions - that security is normally provided by the Linux kernel permission system. Once you have root in ANY booted Linux kernel which properly reads the eMMC (flash chip) partitioning and plumbs /dev/block/ entries into the device tree corresponding to those partitions, any root-privileged process can write whatever it wants into those partitions.*
More or less, except that the bootloader will still fire up even if /cache, /data, and/or /system are completely bolluxed up. TWRP (and maybe CWM?) try to immediately mount /data and /cache so they are not quite as robust in the face of user screw-ups. But yeah - if you are careful, you could do everything you want without unlocking the bootloader... so long as the custom recovery stays healthy.
Mark my words: there will be people who root without unlocking their bootloader or installing a custom recovery (and thus fail to make a Nandroid backup), and then wedge their OS... and then come in here whining that they can't rescue their tablet without unlocking their bootloader (and thus wiping their entire tablet).
* there have been android devices which used hardware locking to restrict even kernel access to certain flash memory partitions, but there is no evidence that the N7 bootloader lock state affects any of the typical partitions involved in ROM flashing (recovery, boot, system, cache, use data).
Click to expand...
Click to collapse
Hi, again bfb0...
Much of this is is beyond me, I'm afraid...(actually, a lot of your posts are a bit beyond me, to be honest)...
...but I pick up bits and pieces here and there...
And I can confirm the 'dd' command does indeed work as you suggest.
-------------
A few hours ago, I fully backed up my N7 to my laptop (latest TWRP Nandroids, Titanium, etc)...
Fastboot flashed back to stock (JDQ39).
Relocked the bootloader.
Ran the 'exploit' - and acquired root.
Copied everything back over to my N7 from my laptop.
Flashed TWRP in Terminal Emulator via the 'dd' command - this took a few tries, 'cos it's a long command and there's plenty of scope for typos.
Booted into the Bootloader again, then TWRP...
First off was to flash Franco's kernel... which occurred without problem. (This was more of a test, than anything - just to see if it would work).
Next was to restore my last Nandroid backup... which also occurred without probems.
--------
So... as I write this, my Nexus 7 is more or less back to how it was... but with one significant difference... Custom Recovery, Custom ROM and Custom Kernel are all sitting behind a LOCKED BOOTLOADER.... no UNLOCKED PADLOCK symbol on boot. Oh... and it's also Rooted as well!.
I'm not sure why, but I find myself slightly amazed by this - I wouldn't have believed it possible...
Guess you learn something new everyday.
Cheers, bfb0!
(...and apologies to Zambo27 for ever-so-slightly hijacking your thread).
Rgrds,
Ged.

Can we survive without a custom Recovery?

There seems to be a lot of concerns about being able to flash roms in the future without using recovery and tripping knox. Why do we really need a recovery to do this? Sure it's easier. The recovery simply extracts and archive and runs an updater-script to add/delete/update modded files and set proper permissions etc. These are basically shell commands. Why can ADB be used on a rooted device to accomplish the same?
I have written a few mods and deodexed my fair share of roms. This can all be done through ADB by extracting the files.. deodexing/modding them and putting them back. and change a few permissions.
This works great for quick edits but to do a complete rom this way would require quite an installer script.
I can see a rom package being uploaded to the device and an installer script executed via ADB to put everything in it's place.
And do we know exactly what trips knox? (other than trying to write an image file directly to the recovery partition?) Can dd be used to write a prepared image to the system partition without blowing things up?
I'm not trying to make all this sound like it's easy...it's not! just trying to change the "We can't do anything without a recovery" mindset.
I understand a program called fireflash is in development. I'm not sure of it's intended purpose other than a Mobile Odin replacement (which it is). I hope it evolves into a complete package flashing application and we can put all this fear of tripping knox and losing potential features to rest.
I encourage responses and expect these ideas to be blown full of holes. I'm used to it.

OK, but how to nandroid/restore?

Because you need a pc otherwise to do everything. Recovery can do it all on the phone.
You have to be outside the Android OS to flash anything of significance, recovery makes the most sense since that's what it's designed to do.

gpvecchi said:
OK, but how to nandroid/restore?
Click to expand...
Click to collapse
I look for the same answer. Nandroid online works fine. To restore it , we need something like dd command.

doesn't using Flashfire eliminate the need for a custom recovery? it can flash zip files and do backups.

Yup, if phone boots...

This link might help you to understand what, and why, Knox gets tripped;
http://www.samsung.com/uk/business/solutions-services/mobile-solutions/security/samsung-knox

DPI Changes with Locked Bootloader?

Hello fellow XDAers,
Here's my dilemma: when I get my 6P I want to keep my bootloader locked for security reasons. However, I also want to change the DPI, preferably in build.prop. The only way to do this is to unlock, edit, and relock. Which is fine until I have to flash a new stock system image. Is it possible to do that with a locked bootloader and modified system? I was thinking I may be able to keep it rooted, flash TWRP from terminal emulator when I need it, then flash the image from recovery.
Sent from my Nexus 6 using Tapatalk

I'm not at all sure about this, but does adb or fastboot allow copy-pasting to the system partition over non-rooted devices? I don't really think so, but just going to guess..
Code:
adb pull /system/build.prop
Modify the file via Notepad++ and save.
Code:
adb push build.prop /system
adb shell
cd system
chmod 644 build.prop
Again, I'm not a hundred percent sure of this method, and I don't have any non-rooted devices laying around to check.. :silly:
If I recall correctly, I saw someone do something like this here on XDA itself.. I forget who posted it and where the post is but lemme know if it worked for you?

GuitarGuy96 said:
I'm not at all sure about this, but does adb or fastboot allow copy-pasting to the system partition over non-rooted devices? I don't really think so, but just going to guess..
Code:
adb pull /system/build.prop
Modify the file via Notepad++ and save.
Code:
adb push build.prop /system
adb shell
cd system
chmod 644 build.prop
Again, I'm not a hundred percent sure of this method, and I don't have any non-rooted devices laying around to check.. :silly:
If I recall correctly, I saw someone do something like this here on XDA itself.. I forget who posted it and where the post is but lemme know if it worked for you?
Click to expand...
Click to collapse
I don't think that'll worked with a locked bootloader. Can anybody confirm?
The real issue is that I wouldn't be able to apply OTAs without unlocking, because system would be modified. I need a way to return to stock (flash with TWRP?), apply the OTA (do I need stock recovery?), and keep TWRP so I can edit build.prop again with adb. That seems like it would work, but the OTA might replace TWRP with stock so I'd be screwed.
Sent from my Nexus 6 using Tapatalk

GuitarGuy96 said:
I'm not at all sure about this, but does adb or fastboot allow copy-pasting to the system partition over non-rooted devices? I don't really think so, but just going to guess..
Code:
adb pull /system/build.prop
Modify the file via Notepad++ and save.
Code:
adb push build.prop /system
adb shell
cd system
chmod 644 build.prop
Again, I'm not a hundred percent sure of this method, and I don't have any non-rooted devices laying around to check.. :silly:
If I recall correctly, I saw someone do something like this here on XDA itself.. I forget who posted it and where the post is but lemme know if it worked for you?
Click to expand...
Click to collapse
how can you push files to a read-only partition? you need to gain RW privileges to the folder, which in this case is ROOT (or ADMIN). the only way to root is to flash the recovery. the only way to flash the recovery is to unlock the bootloader.
you can re-lock the bootloader post root. you can even remove root and the custom recovery after modifying your system files. just remember, any OTA you receive will bomb because key files don't match and you'll have to redo everything you did to secure your phone.
i'm curious as to what exploits are out there that depend on an unlocked bootloader. if you're not flashing ROM data, what's the concern? avoid malicious sites, lock/encrypt your device and find a good tracker. that's about all you can do.
---------- Post added at 11:17 AM ---------- Previous post was at 11:14 AM ----------
one more thing. in general, OTAs don't typically replace your recovery.img (that i recall). it's called recovery so that you can RECOVER. flashing that ROM store seems like it would cause problems should the OTA fail. plus, don't most OTAs need the recovery partition to install anyway?

Cheater912 said:
Hello fellow XDAers,
Here's my dilemma: when I get my 6P I want to keep my bootloader locked for security reasons. However, I also want to change the DPI, preferably in build.prop. The only way to do this is to unlock, edit, and relock. Which is fine until I have to flash a new stock system image. Is it possible to do that with a locked bootloader and modified system? I was thinking I may be able to keep it rooted, flash TWRP from terminal emulator when I need it, then flash the image from recovery.
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
Everything you want to do starts with unlocking the bootloader, you can't write to something without write access, Sorry. I see what you want to do, but it's not possible.

Big Cam said:
Everything you want to do starts with unlocking the bootloader, you can't write to something without write access, Sorry. I see what you want to do, but it's not possible.
Click to expand...
Click to collapse
I'd unlock the bootloader to root the phone, then lock it again. Everything is writable with a locked bootloader as long as it's done on the phone, not through adb/fastboot.
Sent from my Nexus 6 using Tapatalk

Cheater912 said:
I'd unlock the bootloader to root the phone, then lock it again. Everything is writable with a locked bootloader as long as it's done on the phone, not through adb/fastboot.
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
this is the correct answer. the countless #s of exploits found to gain root, without unlocking the bootloader supports this. the reason unlocking the bootloader to gain root is the "only method" to do so is because in other cases you're relying on an exploit that gives you a back door to getting elevated privileges within the system. most of these are or do get closed, so exploits are NOT the correct method for gaining root.
so i reiterate - can someone please provide a case study where having an unlocked bootloader provides system privilege to malicious apps, etc., that would cause a security concern from within a device?
as far as i understand, the "only" reason to lock the bootloader is to preserve the system ROM image (for recovery, troubleshooting, experience, etc.). as a user, you become the responsible party for flashing non-OEM-approved images, exposing yourself to the risk. translation - if you download something that requires you to flash a partition from within the phone, you are the one putting yourself at risk.

640k said:
this is the correct answer. the countless #s of exploits found to gain root, without unlocking the bootloader supports this. the reason unlocking the bootloader to gain root is the "only method" to do so is because in other cases you're relying on an exploit that gives you a back door to getting elevated privileges within the system. most of these are or do get closed, so exploits are NOT the correct method for gaining root.
so i reiterate - can someone please provide a case study where having an unlocked bootloader provides system privilege to malicious apps, etc., that would cause a security concern from within a device?
as far as i understand, the "only" reason to lock the bootloader is to preserve the system ROM image (for recovery, troubleshooting, experience, etc.). as a user, you become the responsible party for flashing non-OEM-approved images, exposing yourself to the risk. translation - if you download something that requires you to flash a partition from within the phone, you are the one putting yourself at risk.
Click to expand...
Click to collapse
You can't boot the phone without decrypting the data partition. That stops an exploit in the OS.
Sent from my Nexus 6 using Tapatalk

You can easily do it following these steps:
Enable ABD Debugging,
Using the CMD window in platform tools (same areas you use for flahsing)
adb devices
adb shell
wm density xxx && reboot
The xxx will be your new density and its as easy as that. I use it all of them time this way because its easier when you don't want to root

Pilz said:
You can easily do it following these steps:
Enable ABD Debugging,
Using the CMD window in platform tools (same areas you use for flahsing)
adb devices
adb shell
wm density xxx && reboot
The xxx will be your new density and its as easy as that. I use it all of them time this way because its easier when you don't want to root
Click to expand...
Click to collapse
That always screws with Hangouts pictures, SwiftKey, and random stuff in the Play Store. Does it not for you? What do you set it to?
Sent from my Nexus 6 using Tapatalk

Cheater912 said:
That always screws with Hangouts pictures, SwiftKey, and random stuff in the Play Store. Does it not for you? What do you set it to?
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
Nope it works fine for me. I set it to 485 usually and don't have any issues
Edit: I forgot to mention that Android Pay won't work with custom dpi settings for some reason. I contacted Google about that issue and they are looking into fixing it.

btw is there a risk now to re-lock your device if you are not 100% stock because you could be stuck in a bootloop ?
I don't have a N6 or N9 but I read a few threads about the "enable OEM unlock" in Developer options that could lead to a lot of troubles if you re-lock your device....

Matrix_19 said:
btw is there a risk now to re-lock your device if you are not 100% stock because you could be stuck in a bootloop ?
I don't have a N6 or N9 but I read a few threads about the "enable OEM unlock" in Developer options that could lead to a lot of troubles if you re-lock your device....
Click to expand...
Click to collapse
That's true. I'd lock it with TWRP installed, then flash stock recovery with flashify once safely booted.
Sent from my Nexus 6 using Tapatalk

Cheater912 said:
That's true. I'd lock it with TWRP installed, then flash stock recovery with flashify once safely booted.
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
Cna you flash a recovery from a locked BL in TWRP? Call me old fashioned but i didn't think that's was possible

All this playing around with locking and unlocking the bootloader is going to cause someone to wipe some data.
You wipe the phone when you unlock the BL. This is why it is suggested to just go ahead and do it.
There is no real security risk unless you flash something malicious. Don't flash stuff from unknown sources.. DUH!
Unless you have root, you cannot write to anything but data partitions and even then security keeps you boxed in.
There will be no exploit to gain root with a locked BL Who is going to spend the time when root access is a couple of adb command and two file flashes away?
Anyway that's just MHO.

Pilz said:
Cna you flash a recovery from a locked BL in TWRP? Call me old fashioned but i didn't think that's was possible
Click to expand...
Click to collapse
Yes, you can do whatever you want with a locked bootloader as long as it's done on the phone (not through adb/fastboot).
Sent from my Nexus 6 using Tapatalk