[WIP][2016.01.21] Android 6.0 Marshmallow [CLOSED] - SuperSU

All discussion should go the SuperSU BETA thread
Attached find modified boot.img for the Nexus firmwares released so far. Together with SuperSU v2.50+ these allow root with SELinux in Enforcing mode.
These are the stock boot images from Google, with the ramdisk modified as follows:
- patched sepolicy
- disabled dmverity (if applicable)
- disabled forceencrypt (if applicable)
Rooting procedure:
- flash/upgrade to Marshmellow
- flash modified boot.img
- flash/boot TWRP and sideload latest v2.50+
Acquiring root without modifying the boot images is still under investigation. Please note that the current method will not be officially supported. Future roots may require a clean system: we are at a very early stage of root for 6.0, methods used are subject to change.
For the modders, you can do the sepolicy modifications yourself as follows:
- root a reference device (4.4+ with SELinux enabled) with v2.50+
- extract the sepolicy file from the target boot image's ramdisk
- with the reference device connected to ADB:
Code:
adb push sepolicy /data/local/tmp/sepolicy
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out"
adb shell su -c "chmod 0644 /data/local/tmp/sepolicy_out"
adb pull /data/local/tmp/sepolicy_out sepolicy_out
- replace the sepolicy file in the boot image's ramdisk with the sepolicy_out file
- profit
(this trick should also work on the Samsung 5.1.1 kernels that people are having issues with lately)
Fugu requires v2.51+

EXPERIMENT: Root without modifying /system
EXPERIMENTAL, ARE YOU SURE YOU WANT THIS ?
All discussion should go the SuperSU BETA thread
Idea
To have root on modern Android versions, we need our files to be executable and our daemon to be started on boot. We normally do this by making modifications to /system, tapping into binaries and scripts executed by init. If we're also modifying the boot image, then we should be able to do all this without modifying system at all. A benefit of this is that it makes OTAs easier - reflashing the boot image is less hassle than reflashing system.
As the binaries should still be updatable, and we don't know the space we have available in the boot image itself, we're mounting a (writable) ext4 image with /su as mount point from /data, and modifying PATH accordingly. Interestingly, for reasons yet unknown to me, if the image is mounted r/o by init, later remounting it r/w causes a bunch of issues. So we're keeping it r/w (for root) for now.
An overlayfs/unionfs solution would be even more ideal, transparently placing files in /system without modifying the actual partition, but I have not been able to find one that is (a) compatible with all Android architectures and (b) not kernel dependent and (c) not GPL - or even just one of those requirements, really. It's technically all possible, it just needs to be done.
Caveats
- Apps with hardcoded paths to su (seriously?) will bork
- Factory reset unroots
- Factory reset wipes pin
- ...
- Bugs... Bugs everywhere!
Instructions
You must absolutely re-flash your stock /system partition, or the separate root instances will interfere with eachother. The installer for this experiment will not clean up old root files.
- Flash stock /system (and /vendor and /oem, if present)
- Flash the attached boot image
- Flash the attached SuperSU ZIP in TWRP
Ramdisk modifications
- include (post above this one)
- init.rc (devs: please open file for reference)
--- on init
------ mkdir /su ...
--- on post-fs-data
------ copy image from cache to data (for rooting without access to /data in custom recovery)
------ mount image to /su
--- service daemonsu
- init.environ.rc
--- export PATH, prepended with /su/bin
- file_contexts
--- /su(/.*)? ubject_r:system_file:s0
NOTE
- Not all SuperSU options are supported yet in this mode
- I have not tested with encrypted devices
- /system should never be remounted r/w, I hope I didn't miss anything here
- Root with modifying /system is also still operational. I can't predict what the exploiters will need.
- I'm not sure where we're going with this. Future roots may require a clean system.
BETA-SuperSU-v2.56-20151030013730.zip

Changes
(The changelogs for the specific SuperSU versions can be found here: http://forum.xda-developers.com/showpost.php?p=23427824&postcount=3)
2016.01.21
- v2.67 ZIP
2016.01.03
- v2.66 ZIP
2015.12.26
- v2.65 ZIP
2015.12.20
- v2.64 ZIP
2015.12.11
- v2.62-3 ZIP:
--- (systemless) ZIP: Fix calling wrong script name for custom patcher script
--- (systemless) ZIP: Improve APK overwrite
--- (systemless) ZIP: Do not move backups from /cache to /data, just copy them
(there are no changes to SuperSU itself compared to v2.62, just minor script changes in the ZIP)
2015.12.10
- v2.62 ZIP
2015.12.07
- v2.61 ZIP
2015.12.05
- v2.60 ZIP with automated boot image patcher
2015.10.30 #2
- Added systemless root experiment for other Nexus than hammerhead
2015.10.30
- Added systemless root experiment for hammerhead
2015.10.28
- Added Angler kernel
- Added Razor mra58u kernel
2015.10.20
- Added Bullhead kernel
2015.10.08
- New image for Fugu, requires v2.51
2015.10.07
- New images, should fix the factory reset issues some users with encrypted data were seeing

EXPERIMENT: Root without modifying /system #2: Automation
EXPERIMENTAL, ARE YOU SURE YOU WANT THIS ?
All discussion should go the SuperSU BETA thread
Continuing on the previous post, here is SuperSU v2.62 BETA, with automated boot image patching. It's been tested by myself on various Samsung's running anything from 4.3 to 5.1, and all of the recent Nexus devices on 6.0. Even on CM13. Other users have tested it with success on various other devices.
If you are coming from any SuperSU install in /system, you must re-flash the stock system (and vendor and oem, if present) partition contents prior to installing this.
If you are coming from a SuperSU 2.56 system-less install, you must re-flash the stock boot image prior to installing this.
If you are coming from a SuperSU 2.60 system-less install, or were not rooted at all, then you can just flash the ZIP without any special prior instructions.
If TWRP offers you to keep /system read-only, indeed keep it read-only.
If TWRP tells you SuperSU is not installed, and asks you to install it, do not do it, you will break things!
If on Android 6.0 or Samsung 5.1, the ZIP installer will install SuperSU in systemless mode and patch the boot image. The boot image patcher currently only supports gzip compressed ramdisks and the standard Android boot image format. Some devices do not use the standard format, and many custom kernels use a compression other than gzip. A backup is made (/data/stock_boot_<sha>.img.gz) of the original boot image before patching it.
Further implementation details (including an updated list of changes to the ramdisk) are explained in the installer script itself, as usual.
Notes on 2.62+
A poor man's overlay is used on /system/xbin. We are creating a copy of /system/xbin in /su/xbin_bind, adding a symlink to /su/bin/su there, then mounting the entire thing on top of the original /system/xbin. This is likely to fix some compatibility issues with some apps, without actually modifying /system. Removing /su/xbin_bind and rebooting will disable this feature, or "echo BINDSYSTEMXBIN=false>>/data/.supersu" in recovery root shell before a SuperSU ZIP flash.
If you have one of those devices that refuse to remount system r/w in Android such as the Nexus 6P, but you do want to do this, "echo FSTABSYSTEMRW=true>>/data/.supersu" in recovery root shell before a SuperSU ZIP flash will patch the boot image in such a way that remounting will work. This feature itself breaks OTA compatibility, regardless of if you end up writing to /system or not.
Both of these features are likely temporary.
Notes on 2.64+
There have been a lot of changes to the ZIP installer. Hopefully they won't break a lot of installs. If 2.64 works well, it is likely to be promoted to the "main beta" in place of 2.52, and the How-To SU document will be updated with the relevant information.
A major change in setup is that the ZIP installer will try to detect 6.0 firmwares that can be rooted without doing a systemless install. In other words, a root that modifies only /system, but not the boot image. If this is possible, the installer will install into /system (unless you override via "echo SYSTEMLESS=true>>/data/.supersu").
This may catch (a) firmwares that allow sepolicy reloading from /data but have a locked bootloader and (b) custom firmwares setup to handle this. Regarding the latter, while it is not as clean as systemless, those running custom firmwares are more likely to want to modify /system anyway, it is less likely to mess with updates to those firmwares, and it prevents the necessity of reflashing the ZIP after each kernel switch. Of course, the kernel's SELinux policies must support this! See this thread for details for devs.
Notes on 2.65+
As 2.65 adds /su/xbin, I recommend flashing the ZIP rather than installing the APK from the ZIP, as some people tend to do.
Notes on 2.67+
I recommend flashing the ZIP rather than installing the APK from the ZIP, as some people tend to do.
Downloads
BETA-SuperSU-v2.60-20151205163135.zip
BETA-SuperSU-v2.61-20151207213702.zip
BETA-SuperSU-v2.62-20151210170034.zip
BETA-SuperSU-v2.62-2-20151211155442.zip
BETA-SuperSU-v2.62-3-20151211162651.zip
BETA-SuperSU-v2.64-20151220185127.zip
BETA-SuperSU-v2.65-20151226141550.zip
BETA-SuperSU-v2.66-20160103015024.zip
BETA-SuperSU-v2.67-20160121175247.zip

The latest WIP version has become the main BETA version.
For all intents and purposes, this thread is closed. It will be cleaned up and unstickied in good time.

Related

[ROM] [2016.12.07] XT1096 5.x stock based rom

Updated 2016.12.07 - Post updated with current files, see end of post for links to helpful posts.
Updated 2016.04.14 - Post updated with current files.
Updated 2016.01.23 - This post has been rewritten for people who have unlocked their Verizon XT1096 through the Motorola unlock page. It is presumed that you have fastboot installed and working and that you have at least a 5.x version of Android on your phone. (Android version in Settings -> About phone) If not and you're still on 4.4.4, the information hidden at the bottom of this post will help you upgrade.
This ROM is based on the Stock ROM and has SuperSU v2.65, Xposed v80, Xposed Installer, BusyBox v1.24.1-Stericson, sqlite3, zip, aapt, and DNS support for Busybox apps pre-installed. System is mounted R/W via su.d script, addon.d scripts are supported, the Verizon part of the boot animation is removed, tethering is enabled. The following obsolete files are deleted from the stock image:
Avatar
AvatarPermissionsApp
Bug2GoStub
com.customermobile.preload.vzw
CQATest
DemoMode
fswriter
GuideMe
LMIRescue
LMIRescueSecurity
LocalWipePolicyManager
MediaShortcuts
MotoCare
MotoCareInt
VerizonSSOEngine
VMobileSecurity
VzwAVS
vznavigator
In addition to TWRP mentioned next, you'll need a few files on hand to complete the process:
XT1096-23.32-25-5-5-Firmware.zip - TWRP zip to update firmware.
xt1096-5.1-23.32-25-5-5-Mod.zip- The factory based modified ROM
A GApps package, this is possibly the most confusing part for new ROM flashers and will be discussed below.
xt1096-5.1-debloat.zip - Optional, removes some Verizon bloat, see list below
xt1096-5.1-debloat-keepconnect.zip - Same as above but retains Moto Connect and some files need for the Moto Gallery app.
If you want root, flash SuperSU from this thread: SuperSU Release (As of the time of this posting the direct link to the download is here: SuperSU-v2.78-201609011115.zip
If you want Xposed, flash xposed from this thread: Xposed thread you want the version for SDK22 for ARM. (As of the time of this posting, the direct link to the download is here: xposed-v87-sdk22-arm.zip
Here is the list of apps deleted by the debloat zip, the keepconnect version does not remove Motorola Connect:
ECID_VZW_Victara (Verizon Caller ID $)
GoogleHindiIME
GooglePinyinIME
iWnnIME
KoreanIME
com.gotv.nflgamecenter.us.lite
VZMessages
BodyGuardApp (Alerts)
Verizon Cloud
Verizon CloudSetup
Entitlement
MotorolaConnect
MyVerizon
VVM3 (Visual Voice Mail $)
GApps are Google Applications, the stock ROM originally had many of the GApps but they are outdated. Note: Due to changes in the Open GApps package, the minimum level that will work correctly with this ROM is the Micro package, the nano and pico packages probably won't work. Like other custom ROM's, if you want to use any Google services and/or the Play Store, you must install a GApps package. One source is here: Open GApps with an XDA discussion group here: XDA Open GApps When selecting your GApps package, choose ARM for the platform and 5.1 for the version of Android. Then any of the variants will work to give you access to the Google services. The XT1096 has plenty of room and resources for the larger packages. The "Full" variant is probably most like what the phone came with as stock. Be advised that the "Stock" and "Super" variants, by default, will replace the excellent Motorola camera app with the Google camera app. You can avoid this by creating a gapps-config.txt file kept in the same place as the installer zip. In addition, all but the "Nano" and "Pico" variants will put Google Photos in place of the stock Gallery app with it's Highlight Reel tool. Creating a gapps-config.txt file is described on the pages linked above. To avoid losing the Moto Camera and Gallery apps, you might have a gapps-config.txt file like this:
Code:
+Gallery
CameraGoogle
Collect all the needed zip files and place them all in your download folder on the phone or on a USB-OTG drive.
Install TWRP. The TWRP app from the Play Store doesn't always work reliably, install TWRP using fastboot. The latest official version is 2.8.7.1 and you can download it from here: https://dl.twrp.me/victara/. (Note: Some people have reported problems with official versions of TWRP getting stuck at the splash screen. See post 1013 for alternate versions of TWRP that may work for you.) Put the .img file in the same place that you run fastboot from, put the phone in bootloader/fastboot mode and run the following command (replacing the file name at the end with the file you want to flash):
Code:
fastboot flash recovery twrp-2.8.7.1-victara.img
The process only takes a couple seconds, ignore any errors about size mismatch. Use the volume down key to highlight recovery, then press the volume up key to select. The phone should reboot into TWRP. Make a backup, preferably to a USB-OTG drive before you do anything else. If something goes wrong with the next steps, you'll be able to restore the backup and be back to where you started.
In TWRP select WIPE, then Advanced Wipe. Select, Data, System, Cache and then slide the slider to begin the process. This will wipe the phone except for your pictures and other things on the "SDCARD" or internal storage. (The phone will enter setup when booting the first time after flashing the ROM. You might be able to get away with not doing the wipe, most people will have problems if the wipe isn't done due to the Google apps being updated from the stock installed versions.)
Return to the Home menu in TWRP, select install, then add zip. Select xt1096-23.32-25-5-2_gpt.zip. Tap add zip again and select xt1096-23.32-25-5-2_Firmware.zip. Tap add zip again and select xt1096-5.1-23.32-25-5-2_1.zip. These 3 must be first. Tap add zip again and select the GApps zip file that you selected. If you are debloating, tap add zip again and select that zip file. If you want the CM AudioFX, tap add zip again and select that zip (you can actually do this step in the future by itself if you want.) At this point you have at least 4 zips and possibly 6 selected; slide the slider to begin the flashing process. This will take a while, don't interrupt it. If the screen turns off, use the power button to turn it back on. When done, use the Reboot System button to restart the phone. The phone will reboot, it will show the logo and then the boot animation. It will take 4-5 minutes during which time the boot animation will appear to be stuck, don't panic, this is normal and will only happen the first time after a clean install. The phone should start an optimizing apps process and when that completes, you will see the first set up screen.
Enjoy your rooted stock ROM!
See post 2 for zips to add Viper4Android, restore Exchange2, or remove Xposed and links to other useful things.
See post 886 for flashable zips to change the boot logo and boot animation to a Marshmallow style.
See post 1009 for more info about the current files listed here.
See post 1057 for more info about the April 2016 security update.
See post 1108 for more info about the August/November security update and instructions to flash your phone to stock.
The info below is about mofo and previous versions of this rom. Most people won't need to look at it!
Updated 2015.09.16 - Jump to post 781 for the TWRP Stagefright patch update!
Updated 2015.09.12 - Jump to post 783 for the MOFO Stagefright patch update!
Below is the original information for using Mofo to flash 5.0 images, upgrade to 5.1 and other Mofo info. If you have used Sunshine to unlock your bootloader, you can still flash any of the old images using fastboot. Now, this thread will have images for flashing with both mofo and TWRP..
I've created a base XT1096 v5.1 stock based image that is setup like a custom ROM. This image has tether enabled in build.prop, Busybox and SQLite3 are installed. The ROM has been rooted with SuperSU. Support for DNS in Busybox is included. Certain apps that are potentially spyware or are outdated have been removed. Even more stock apps can be removed via TWRP with the xt1096-5.1-debloat.zip file available in post 2. As time permits I'll create some more TWRP zip files to add Viper4Android, the stagefright patches when released, etc.
Important: This ROM, like other custom ROMs, does not included GApps (like PlayStore, etc.) Most everyone will want to download a GApps package and include it in the list of zips to install in TWRP. There are several GApps packages out there, TK GApps are very flexible and can be configured to install just the bare minimum or the full set of Google Apps: TK GApps 5.1 If using Xposed, you will need to reinstall the Xposed Installer app from here: XposedInstaller_3.0_alpha4.apk; you will then need to open the Xposed Installer and enable your installed modules before they will function.
The TWRP flashable image is available here: xt1096-5.1-stock-20150820.zip
If you do a clean flash (wipe data), it takes 4-5 minutes for the phone to start the first time.
See some useful links and additional TWRP zips in the next post!
Here is a nice guide for upgrading from the Mofo to the unlocked bootloader with Sunshine, installing TWRP and using the TWRP compatible zips by @betarepeating:
Starting with 5.1 Mofo Rooted image provided in this thread:
First install/run sunshine. This process was painless and easy and I'm not going to waste my time typing instructions here.
Nuke the "Warning Message" boot logo
Instructions | Download
Just opened that folder and typed:
Code:
fastboot flash logo logo.bin
Installing TWRP
Instructions | Download
then do
Code:
adb reboot bootloader
fastboot flash recovery twrp.img
fastboot reboot
Now when you boot to recovery you will see TWRP!
Installing Apps
===============
Boot into recovery (TWRP)
Made backups of /system and /boot (didnt backup /data because I don't have an OTG cable or room on my internal storage - but you should!)
Copied backups to my PC
Copied the following to the TWRP folder on my phone (could put them anywhere doesnt matter):
xt1096-5.1-stock-20150820.zip
xt1096-5.1-debloat.zip
xt1096-5.1-CM-Stuff.zip
tk_gapps-modular-mini-5.1.1-20150816-signed.zip
xposed-v71-sdk22-arm-by-romracer-20150816.zip
Links to download are in the second post of this thread
Went into Wipe > Advanced Wipe and checked system and dvalik-cache and wiped them.
Installed all the zips from above in the listed order (all that matters is the xt1096-5.1-stock-20150820.zip goes first)
Rebooted
Phone sat and optimized for a long time
While waiting I downloaded:
XposedInstaller
AdAway
CF.Lumen
Dropped the APKs onto my phone once it was booted and ran them from file explorer.
Done.
=================================================
Here is the original info and links for Mofo 5.0 images:
The mofo image file with Xposed v65 baked in is listed below. It is based on the image posted by btdownloads7. It includes root, tether, BusyBox and SQLite3 while adding Xposed v65.
You need to flash an image with root from here: http://forum.xda-developers.com/showpost.php?p=60537982&postcount=1 to be able to follow the instructions below.
You also need to install the alpha Xposed apk from here: http://forum.xda-developers.com/attachment.php?attachmentid=3383776&d=1435601440 Download the apk to your phone, find it with your phone file manager and click on it to install. Do not try to install the framework from within the Xposed installer.
While in your root file manager, navigate to /data/dalvik-cache and delete both the "arm" and "profiles" folders. (This is needed one time due to a glitch in the alpha Xposed for Lollipop.) You must do this!
Connect your phone to your pc and issue the "adb reboot-bootloader" command to get into fastboot mode (or use the proper key combination on the phone to enter fastboot mode.)
Flash the image file with mofo as normal.
After mofo completes its work, enter "fastboot erase cache" from your pc to flush the system cache.
Once done, reboot the phone. The boot animation will end and seem to freeze for a minute or two, then it will start the upgrading/optimizing apps process. Once your phone is booted up, open the Xposed installer from the app drawer, install a module (like Gravity Box for LP) and enjoy!
Note: If you get system memory full errors after the reboot, you didn't delete the folders in /data/dalvik-cache as noted above; with luck you will be able to delete them in between error messages and reboot. Otherwise, you'll need to flash an image without Xposed and start over.
XT1096_5.0-tether-root-bb-sqlite3-XposedV65.img.7z - XT1096 image for use with mofo. Includes HDR fix, tether, root, busybox, sqlite3 and Xposed v65
http://forum.xda-developers.com/attachment.php?attachmentid=3383776&d=1435601440 - Link to Xposed Installer Alpha 4 needed for Xposed v65
XT1096_5.0-tether-root-bb-sqlite3-XposedV65-DeBloat.img.7z - Image with bloat removed, see this post for details: Post 169
XT1096_5.0-tether-root-bb-sqlite3-XposedV65-DeBloat-AdAway.img.7z - Image for AdAway users with symlink for hosts file, see this posrt for details: Post 188
Here is the info for 5.1 Mofo Images, updating, patching, etc.:
Thanks to @JulesJam and @Slack3r we have Android 5.1 for the XT1096 with mofo! Below are links to the 5.1 mofo image and patch files.
These images have tether enabled, root, Sqlite3, BusyBox, Xposed, CF.lumen and support for AirAudio, AdAway, iOS Emoji fonts and Viper4Android with the latest TK Gapps installed. Here are the main files:
5.1bins.7z - Kernel, modem and other 5.1 update files
xt1096-5.1-v3.1g-pkg.7z - Base image
You should save the base 5.1 image file. When there are updates in the future, patch files will be used to work with this base image.
@JulesJam has written an excellent guide for new users (and those who might need a refresher) here: Mofo Noob Guide
These images are for Android 5.1. If you are still running 5.0, here are instructions for upgrading to 5.1:
The following presumes that you already are running a rooted mofo version of Android 5.0. You shouldn't loose your data by making this upgrade, however, it is always wise to backup anything on your device that isn't also stored somewhere else. As usual, I can't be responsible if your phone malfunctions in some way. I have installed these files following the instructions below without any difficulty.
First, download the 5.1 base file and the 5.1 base image with patches.
Do not remove your SIM card, leave it installed.
Using your root file explorer (like ES Explorer with root enabled), delete everything in /data/dalvik-cache - YOU MUST DO THIS! Then reboot into bootloader mode.
Extract the files from the 5.1bins.7z archive and then run these commands:
Code:
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash modem NON-HLOS.bin
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fsg.mbn
fastboot flash recovery recovery.img
Then, immediately use mofo to flash the 5.1 image. Reboot your phone and enjoy Android 5.1!
The base image can be patched to enable/disable features. The patch files are listed below and instructions on how to apply them are here:
First, you need to have the Xdelta3 program:
xdelta3 for Windows x86
xdelta3 for Windows 64-bit
xdelta3 for Linux
For Linux, extract the files from the archive, enter the folder with the extracted files and run the following command to install xdelta3 to your system:
Code:
./configure && make && make install
For windows extract the xdelta3-3.0.9-x86.exe file from the zip and rename it to xdelta3.exe.
Put the patch file(s), the xdelta3 program and the base image mofo file into the folder where your mofo program file is.
Open a command window in this folder.
Enter the "dir" command (Without quotes. You should see your files listed including xdelta3, mofo, etc.)
For both Windows and Linux users enter the following cmd while in your mofo directory:
Code:
xdelta3 -d -s base_image_file patch_file
In other words, to patch the base image to add Xposed, your command would look like this:
Code:
xdelta3 -d -s xt1096-5.1-mofo-base-v2.img base-to-base_xp.patch
The patched image will be created and you can then flash that like normal.
Make sure the newly created image is the exact same size as the original image. If a patch for another image is applied to the wrong image, there will be an error message displayed. Even if there is an error, a patch file may be created but it will usually not be the same size as the original.
The patch files for the base image are included in the image archive
In the archive are patches to do the following:
3.1{x}--3.1{x}-de - Removes some apps from v3.1f image
3.1{x}--3.1{x}-cf-de - Removes some apps from v3.1f image, keeps CF.lumen
3.1{x]--3.1{x}-v4a - Adds Viper4Android to the image
3.1{x]--3.1{x}-v4a -cf-cmt-de - Adds Viper4Android to the image with some apps removed
The apps removed in the Debloat patch(es) are listed here:
Code:
3c_main (Moto Apps Manager)
3c_checkin (Moto Apps Connector)
3c_notification (Moto Apps Notifications)
3c_ota (Moto Apps Data Manager)
BodyGuardApp (Moto Alerts)
Books (Google Books)
CF.lumen
Chrome (Google Chrome)
Cloud (Verizon cloud storage)
Drive (Google Drive)
Ears (Google Sound Search)
ECID_VZW_Victara (Verizon CallerID pay service)
EditorsDocs (Google Docs)
EditorsSheets (Google Sheets)
EditorsSlides (Google Slides)
FaceLock (Face Unlock)
Google Earth (Google Earth)
Google HindiIME (Hindi keyboard)
Google PinyinIME (Pinyin keyboard)
Google PlayGames (Playgames (not playstore))
Hangouts (Google Hangouts)
Inbox (Google Inbox)
iWnnIME (iWnn keyboard)
Keep (Google Keep)
KoreanIME (Korean keyboard)
Maps (Google Maps)
Messenger (Not Messaging)
MotorolaConnect (Connect to watches or your PC)
Music2 (Google Play Music)
MyVerizon (My Verizon Mobile)
News & Weather (News & Weather widget)
Newsstand (Google Magazines)
Nflgamecenter (NFL App)
PlusOne (Google+)
Quickoffice (Google Quickoffice)
Talkback (Google Talkback)
Translate (Google Translate)
Trebuchet (CM Launcher)
Videos (Google Play Movies & TV)
VVM3 (Verizon Visual Voicemail)
VZMessages (Verizon Messages)
VzwEntitlementService (Not needed with tether in build.prop)
Wallet (Google Wallet)
YouTube (Google YouTube)
Tips:
The image includes AdAway support. If you want to use AdAway, go into the AdAway settings and set the location of the hosts file to /data/data/hosts
To change the bootup animation, place your desired bootanimation.zip file (not the installer zip) into /data/local/moodle and set the permissions to rwx rwx rwx (chmod 777) and owner:group u0_a40:u0_a40
To use iOS Emojis, follow these instructions:
Code:
If iOS Emojis are desired,
Copy /system/fonts/NotoColorEmoji.ttf.iOS to
/data/data/NotoColorEmoji.ttf
To restore the stock font,
Copy /system/fonts/NotoColorEmoji.ttf.stock to
/data/data/NotoColorEmoji.ttf
Or, just delete the file and the system will copy the
stock one into place at the next boot.
Changelog:
Code:
xt1096-5.1-v3.1f - 2015.08.06
- Major improvement to updated /system app cleanup
of apps in /data. Now takes 2 seconds instead of 90
Cleanup happens seamlessly, no reboot required
- Add CF.lumen v3.00, will add to debloat list if any requests
- Add CM's AudioFX, remove moto Audio Effects
- Add CM's Trebuchet Launcher, not in debloated image
On first boot of image with Trebuchet, you will be prompted to retain
the Google Now Launcher, select Always to keep the current launcher.
Launcher can be changed in Settings->Home
- Add patch to include Viper4Android v2.3.4.0 in image
Patch disables Selinux enforcing to allow V4A to work
Patch removes AudioFX
- Update Xposed Framework to v69
Minor changes don't require clearing dalvik-cache
- Updated Chrome to v44.0.2403.133
- Updated Docs to v1.4.292.15.35
- Updated Drive to v2.3.283.23.35
- Updated Moto App to v3.0.45
- Updated VZ Message+ to v5.6.5
- Patches now included with image & version update patch archive:
3.1e--3.1f.patch - Version update patch
3.1f--3.1f-v4a.patch - Patch to add Viper4Android
3.1f--3.1f-de.patch - Patch to debloat image
Requests for additional patch variations will be considered
xt1096-5.1-v3.1e - 2015.08.01
- Fixed incorrect permissions on Inbox causing fc
- Update Xposed Framework to v68
- Update Google Play Services to v7.8.95
- Update Chrome to v44.0.2403.128
- Update Connect to v2.06.16-pc-249
- Update My Verizon Mobile to v10.0.751
- Update Google Play Music to v6.0.195S.2109908
- Update Google+ to v6.0.0.99065591
- Update Maps to v9.12.1
- Update NFL Mobile to v12.0.28
- Update Photos to v1.2.1.99143001
- Update Translate to v4.0.0.RC08.99220384
- Updated debloat list
xt1096-5.1-v3.1d - 2015.07.29
- Fix problem with Connect force closing.
- Add Google Camera in addition to stock Moto Camera
xt1096-5.1-v3.1c - 2015.07.28
- Made change in updated play store app cleanup to account for
unexpected data in /data/system/packages.xml possibly causing
system failure to set correct processor parameters. Possible
infinite loop corrected.
- Added Google Inbox, rolled in updated versions of Google Photos,
Verizon Cloud, Message+, MyVerizon.
- Add Google Inbox to debloat list.
xt1096-5.1-v3.1b - 2015.07.25
- Fixed problem where apps updated by play store could be incorrectly
reverted to /system version which was actually older.
- Rolled into /system latest versions of: Google Keep, Maps, YouTube, Wallet.
- Restore stock Email app that was accidentally removed.
xt1096-5.1-v3.1a - 2015.07.21
- Fixed some directory permissions.
- Restored stock mms app to image.
- Rolled updated versions of apps into system:
NFL Game Center
Google Docs
Google Slides
Verizon Message+
- Added functionality for system to automatically remove
obsolete copies of apps in /data/app when new image has
newer or equal version of those apps (same as custom Roms.)
Release 5 - 2015.07.20
- Base file name: xt1096-5.1-v3.1.img
- Exchange is enabled in Gmail, old stock email was removed.
- Add PA-Gapps Stock package 20150717 - updates all Google
apps to versions available as of the date noted. Thanks
to TKruzze & osm0sis @ xda for their work.
- Updated Motorola and Verizon apps are integrated into image.
- Removed deprecated Spotlight player
- Installed AdAway and Xposed Installer into /system
- Corrected permissions on auto created /data/data/hosts file
- Install Air Audio in base image. (Future MMU will give option
to disable/enable this as well as other apps.)
- Updated Xposed to v67 (nothing major changed from v65)
- Made iOS Emoji support permanent by creating a symlink.
The Emojis will not be available until the second time
booting with this image.
If iOS Emojis are desired,
Copy /system/fonts/NotoColorEmoji.ttf.iOS to
/data/data/NotoColorEmoji.ttf
To restore the stock font,
Copy /system/fonts/NotoColorEmoji.ttf.stock to
/data/data/NotoColorEmoji.ttf
Or, just delete the file and the system will copy the
stock one into place at the next boot.
Release 4 - 2015.07.15
- Base file name: xt1096-5.1-v3.0.img
- Fix security context and ownership on BusyBox symlinks
- Add symlink for /system/etc/resolv.conf to /data/data/resolv.conf
Does not require user action, allows BusyBox DNS resolution by
creation of /data/data/resolv.conf file. Make one like the
following if you want to use Google's nameservers for DNS resolution
in adb shell programs like nslookup, traceroute, etc. Remember.
the adb shell nslookup, etc. only work after you su to root.
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 4.4.4.4
- Add Better Battery Stats XDA version as a system app
- Add /system/etc/mofobuild.prop with name of image installed
- Alpha version of Mofo Utility
Release 3 - 2015.07.10
- Base file name: xt1096_5.1_mofo-base-v2.img
- Fix broken BusyBox installation
Release 2 - 2015.07.09
- Base file name: xt1096_5.1_mofo-base.img
- Correct security context on /system/etc/install-recovery.sh to value
in original ROM instead of value as (not) set by SuperSU installer
causing script to not run at boot.
- Make AdAway support the default. Added functionality to create
/data/data/hosts file on boot, if it doesn't exist, for users who
don't wish to use AdAway ensuring there will be no problems in
resolving localhost for apps/processes that might use that.
- Shorten and simplify names of base and patch files.
- Upgrade SuperSU from v2.46 to v2.49
Initial Release - 2015.07.05
- Base file name: XT1096_5.1-tether-root-bb-sqlite3.img
XDA:DevDB Information
Mofo XT1096 5.x Images, ROM for the Moto X 2014
Contributors
mikeoswego
ROM OS Version: 5.1.x Lollipop
Based On: Stock
Version Information
Status: No Longer Updated
Created 2015-05-04
Last Updated 2017-06-28
Updated 2016.01.21 - xt1096-5.1 & 23.32-25-5x TWRP based zips
The zips attached below are available for use with TWRP on the xt1096-5.1 & 23.32-25-5x images:
xt1096-5.1-Viper4Android.zip - Adds Viper4Android (disables selinux security and removes Audio Effects app)
xt1096-5.1-Mail-Exch2.zip - Restores stock email & exchange2, included in xt1096-5.1-23.32-25-5_3. Flash after flashing GApps
xt1096-5.1-Rem-Xposed.zip - Removes Xposed from ROM, use only after ROM has been started and setup is complete
See post 886 for a flashable alternate boot logo and boot animation.
Useful Links:
CF.lumen xda thread - Or search the Playstore fo CF.lumen
BetterBatteryStats xda thread - Get the BetterBatteryStats installer here
TWRP for Motorola Moto X 2014 - TWRP info page for MotoX 2014
TWRP for victara - TWRP download page
Open GApps for Android 5.1 - Google Apps installer
AdAway xda thread - Get AdAway from here
Was first!
Are the steps the same to flash the updated image with the boot animation or can I just flash and wipe cache. I literally just booted the previous Xposed image after installing GravityBox and a few other modules and this is the first thing I see lol.
Thanks so much for the image though, it took a while to boot and start apps but it hasn't given me any issues otherwise yet.
fakieskr8333 said:
Are the steps the same to flash the updated image with the boot animation or can I just flash and wipe cache. I literally just booted the previous Xposed image after installing GravityBox and a few other modules and this is the first thing I see lol.
Click to expand...
Click to collapse
If you are already running the previous image with Xposed, you can just flash the new one in the normal way with mofo, no special steps needed.
Nvm
That's some animation! Sometimes I reboot just to watch it.
I don't seem to have the new animation....everything else is working fine though..
Empty \data folder
I didn't seem to have anything in my \data folder so I proceeded with flashing the image. Now, it appears I have the memory issue. Also, the apk for the xposed intaller seems to be for Alpha 2 - does that matter?
Thanks for everything!
Updated without any issues at all. Now time to get crazy with modules! Thanks again!
dudicle said:
I didn't seem to have anything in my \data folder so I proceeded with flashing the image. Now, it appears I have the memory issue. Also, the apk for the xposed intaller seems to be for Alpha 2 - does that matter?
Thanks for everything!
Click to expand...
Click to collapse
Hmmm. Found 'em! Wonder if I needed root to see those files in the first place. Since this was my first flash away from unrooted stock, I didn't have root yet. Anyhow, deleted them and reflashing the image. So far so good...
I can't seem to be able to install the Xposed Framework after I flashed this image. Is there something I'm missing??
dudicle said:
Hmmm. Found 'em! Wonder if I needed root to see those files in the first place. Since this was my first flash away from unrooted stock, I didn't have root yet. Anyhow, deleted them and reflashing the image. So far so good...
Click to expand...
Click to collapse
Right you have to have root to be able to delete the dalvik-cache files. I'll edit the first post.
Aroch925 said:
I can't seem to be able to install the Xposed Framework after I flashed this image. Is there something I'm missing??
Click to expand...
Click to collapse
The framework is already installed in the image. You can't install the framework from the Xposed installer for two reasons. First, this root doesn't open up /system for writing (which Xposed normally needs for installation), and two, this alpha version of Xposed for Lollipop doesn't install the framework on its own anyway, it has to be flashed from recovery (but we don't have a recovery yet so it has to be baked in.) Hope that makes it more clear!
mikeoswego said:
The framework is already installed in the image. You can't install the framework from the Xposed installer for two reasons. First, this root doesn't open up /system for writing (which Xposed normally needs for installation), and two, this alpha version of Xposed for Lollipop doesn't install the framework on its own anyway, it has to be flashed from recovery (but we don't have a recovery yet so it has to be baked in.) Hope that makes it more clear!
Click to expand...
Click to collapse
So does that mean I can't actually use Xposed yet?
Aroch925 said:
So does that mean I can't actually use Xposed yet?
Click to expand...
Click to collapse
It means you just go to the download section and choose the modules you want to install. The installer can't install the framework but it does install the modules you want to use. :good:
tjohnstone3 said:
I don't seem to have the new animation....everything else is working fine though..
Click to expand...
Click to collapse
The new animation is quite different so you would know if you had it. I had the previous version of this image with Xposed linked in the OP for a few minutes after first posting it. The file you dl'd should have been named XT1096_5.0-tether-root-bb-sqlite3-Xposed.img.rar. If not, dl it again from the link in the OP.
dudicle said:
Also, the apk for the xposed intaller seems to be for Alpha 2 - does that matter?
Click to expand...
Click to collapse
The Xposed framework is alpha 4 but the installer is only alpha 2 because no changes have been needed in that part.
What is the fix for low memory. I flashed this img with mofo but I cant seem to resolve the low memory issue? Thanks
---------- Post added at 12:46 AM ---------- Previous post was at 12:39 AM ----------
Jah Ruggz said:
What is the fix for low memory. I flashed this img with mofo but I cant seem to resolve the low memory issue? Thanks
Click to expand...
Click to collapse
Disregard..I did not realize I had a recovery that I could wipe cache from. I will try that and see if it works.
Thanks for the image- love it, well documented tutorial helped heaps. Do you plan on updating this thread with new updates or by chance taking feature requests?
Cheers - Harrison

[ROOT][Kernel][TWRP] repack of the stock kernel with dm-verity and SONY RIC off

Changelog:
V5.23 Fix for Android 6 (Freeze on boot logo)
Installation of kcal kernel module for supported kernels. Get the app from https://forum.xda-developers.com/android/software-hacking/dev-kcal-advanced-color-control-t3032080
V5.22 Bug in the vendor overlay creation. Existing directories (like /vendor/bin) have not been replicated correctly
V5.21 Fix issue when running on Linux (some CR/LF)
Patch libsepol in bootimg for backwards compatibility with Android 6
V5.20 Support for superuser as an alternative to SuperSU (https://github.com/phhusson/Superuser)
Fix for the missing internal storage link in TWRP
V5.11 Support for Android 7.0
Fix in the overlay layout which could prevent some libraries from loading and cause battery drain
V5.1 Support for Android 7.0
Updated bootimg to deal with Android 7.0 policies
New tool inside bootimg for adding new contexts to binary file contexts
New system overlay layout due to a more restrictive linker in Android 7
V5.0 New system overlay method using the /vendor directory. As this directory is also in the library search path even libraries can be easily replaced without modifying the system partition
System-less SuperSU integration improved (Version 2.76 or higher recommended)
System-less xposed integration (using the standard distribution)
Support for 32.A.0.253
V4.51 Fix for awk script for Linux kernel version detection when running on Linux
V4.5 Fixed adb and mtp file access in TWRP for 32.2.A.0.224
V4.42 Added support for Z2 (Sirius) and TWRP fstab fix for leo and aries (thanks to waleedsq81)
V4.41 Fixed issue with Y/N choice on non-english Windows. Added support for Z3 (leo)
V4.4 Support for Z3+/Z4, Tablet Z2, Tablet Z3 and Tablet Z4 added (Z4 still has an issue with TWRP, but DRM fix works)
SuperSU integration reworked in order to need less SELinux exceptions and to be more secure
All tasks can now be individually selected. Therefore there is no separate DRM only script required
V4.31 Renabled Z5P (satsuki) and Z5C (suzuran) for TWRP and drmfix
V4.3 Support for older Lollipop added
Script execution for Linux fixed
V4.24 Fix for for a bug in SuperSU integration in V4.23
V4.23 Fix for repacking 3rd party kernel (Some permissions were on custom directories were lost)
V4.22 Bugfix for readta (flash_dk reported unit not)
V4.21 Fix for the Linux binary of bootimg
V4.2 Updated TWRP to 3.0.2
V4.1
Fix for WideWine (if you have your device key) Thanks a lot to goofnorf101 for testing
unpackinitfs and makeinitfs in my bootimg tool now maintain date/time of files correctly
Automatic SuperSU installation
V4.0
Fix for older kernels (Lollipop)
Binary for Linux (The older version had the ARM version packaged)
Device is not stored in the kernel image anymore
TWRP updated to version 3.0.1
FAQ - Please read
Is is possible to have root with locked bootloader?
Short answer: no
Long answer: The locked bootloader only boots unmodified kernel packages signed by Sony. The stock kernel only mounts unmodified /system partitions (dm-veritiy) -> No modification without unlocking
So any change to the kernel (like this script) or system partition requires unlocked bootloader
What is dm-verity?
A hash checksum on all blocks of a filesystem in order to verify the integrity
What is Sony RIC?
A protection to avoid mounting the root filesystem or system read/write
What happens if I unlock my bootloader
The device key (TA unit 0x1046b) will be wiped, which deactives everything DRM related. In addition a full wipe of your phone will be perfomed.
So extract your TA partition before with this great tool http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597 from zxz0O0
If you already unlocked the bootloader before, then at least the credentials will be restored, which will reactivate stuff like x-reality and camera de-noise
Why do I need to flash my device key?
Without your device only some functions can be reactivated, like x-reality. Other functions like widevine do not work with out your device key.
How do I enter TWRP recovery?
Restart your phone and press the volume key up as soon as the LED switches to yellow
I want to use a custom kernel with the DRM fix
Just say "N" to all other options. Nevertheless be prepared for problems if the custom kernel does not match your Android version.
What should I do if there is an update to this script?
First check if you really need to run this update by checking the changelog. E.g. if it says binary for Linux fixed and you are using Windows then probably you don't care. If you did not change your Android version then all you have to do is to update the kernel package with fastboot flash boot. If you do not use the automatic SuperSU integration then you have to reinstall SuperSU in TWRP.
This tool repacks an existing kernel package (usually the stock kernel) in order to make it rootable and adds TWRP recovery as well. Version 4 has been succesfully tested with LP and MM.
In particular it adresses the following issues:
DM-Verity: Android is now using dm-verity to verfy the integrity of the system partition. Until you switch it off your phone won't boot after modifying /system
SONY RIC: RIC is blocking the write access to the system partition
DRM Keys: After unlocking the bootloader your device key is wiped, which deactivates some functionaliy. E.g. x-reality, denoise in camera aso.
Recompiling the kernel is not required as only the init ramdisk needs to be modified. You can run these scripts either in Windows or Linux.
Thanks to the excellent work of zxz0O0 you can now backup the TA partition before unlocking the bootloader with this tool http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
If you managed to backup your TA partition before you unlocked the bootloader then this version will fully reactivate your keys as well. (many thanks to addicted1900 for helping me with the testing)
As there has been some confusion I would like to point out one more time that you cannot run any kernel package which is not signed by Sony without unlocking the bootloader. So this works only with unlocked bootloader.
As it seems that it is not clear to everyone I also want to mention that <...> is a placeholder. E.g. <extracted kernel> means that you should replace it with then name of your extracted kernel, which could be kernel.elf
There was a report that having SuperSU in the system partition installed may lead to a bootloop. Therfore you shoud first install the bootimage created by this script and then install SuperSU afterwards, as it will then use the system-less strategy.
In order to use these scripts you need the kernel boot image of your current version. There two different ways to obtain it:
Method1:
If you have a .ftf image then open it with zip application (7Zip, WinZip, Windows Compressed Folder) and extract kernel.sin. Afterwards use Flashtool -> Tools -> SIN Editor to extract the kernel. You should end up with the boot image with extension .elf.
Method2:
Run your favourite recovery and connect via
Code:
adb -d shell
Now run
Code:
find /dev -name boot
dd if=<output of the find command before> of=/sdcard/kernel.img
Once you have the kernel image you are ready to use the script.
The newest version support superuser as an alternative to SuperSU. This is available open source and can be verified. In order to integrated you need the current superuser.zip from http://superuser.phh.me/superuser.zip and to be install the app afterwards from Google Play (look for superuser phh) or build it yourself from github.
To integrate the kernel part just place superuser.zip in the rootkernel directory.
You can also still use SuperSU, although it is causing a huge battery draining on my Z5 with Android 7.0 If you place SuperSU in the same directory (SuperSU*.zip, case sensitive) then it will be also installed automatically . It did all the tests with 2.76, but newer versions should work as well. Please be aware that you can not update SuperSU within the application. For a newer SuperSU version you need to rerun the script.
If you want to integrate xposed as well just place the distribution for you device and Android version in the same directory. (e.g. xposed-v86-sdk23-arm64.zip). Only support with Android 6.0 (sdk 23) and higher.
xPosed for Android 7.0+ is still not available.
Code:
rootkernel <extracted kernel> boot.img
You are prompted for several choices:
Sony RIC is enabled. Disable?
I prefer not to disable it in order to keep my phone more secure. Unfortunately there are a lot of bad guys in this world and SELinux and RIC still can save us if someone discovers a new kernel exploit.
Sony RIC basically prevents mounting the /system partition for write. You can still modify it in recovery of of course, but if you require write access to /system without entering recovery then you need to disable it.
Install TWRP recovery? Here you should say yes unless you are trying to patch a non-stock kernel, which comes already with a recovery
Install busybox? For security reasons I prefer not to install. In recovery you have it anyway. This choice is only available if you chose install TWRP
Found SuperSU-v....zip. Install? Integrates SuperSU. For this option to show up you have to place the SuperSU package into the same directory with the name SuperSU*.zip (case sensitive)
Found superuser.zip. Install? Integrates superuser. For this option to show up you have to place superuser.zip into the same directory (case sensitive)
# Make su permissive (Permits any action as su)? This only appears if you install superuser. Permissive means you can anything as root, without it is restricted mainly to file operations (sufficient for e.g. Titanium Backup)
Found xposed-v....zip. Install? Integrates xposed system-less. For this option to show up you have to place the xposed for your device and Android version into the same directory. (e.g. xposed-v86-sdk23-arm64.zip)
Install DRM fix? Installs the DRM fix. First it tries to use the device key which you flashed with flash_dk. If it does not exist it uses an alternative method which cannot fix everything (e.g. Widevine will not work, but X-reality, Camera denoise etc. will work)
Now put your phone into fastboot mode (Volume Up + connect USB) and then run:
To test it without actually flashing it:
Code:
fastboot boot boot.img
For flashing it:
Code:
fastboot flash boot boot.img
If you managed to backup for TA partition before then you can reactivate your original device key as follows:
Code:
flash_dk <ta backup image> DK.ftf
Flashing this file with flashtool will write your device key to an alternative unit, from where the drmfix library will pick it up.
This is a one-time task. It will survive a complete reset of the phone or Android system upgrade. The device key has a length of just 16 bytes, so it is correct that the resulting DK.ftf has a size of only aprox. 500 bytes.
If you like my work you can buy me a coffee
Some background information:
There are two main tools involved (for both Android and Windows)
- busybox
Probably everyone knows it
- bootimg
A multicall binary with several tools for unpacking and packing the boot image as well as adapting the SELinux policy. Part of the code is written by me from scratch, some other parts are cherry picked from other projects. I will also provide the source for it. As Windows doesn't have softlinks I modified the tools for unpacking and packing the init ramdisk to write text files with __lnk__ at the end instead.
Would be great if someone shared E6653 stock .200 kernel boot.img or flashable zip so we can try this out
Funkmasterchilla said:
Would be great if someone shared E6653 stock .200 kernel boot.img or flashable zip so we can try this out
Click to expand...
Click to collapse
Do you want the kernel.sin of stock . 200?
lordriguez said:
Do you want the kernel.sin of stock . 200?
Click to expand...
Click to collapse
I am downloading the whole firmware again from xperifirm. Thank you mate !
Edit: Working great! I'll stick to stock kernel now since Androplus' consumes more battery while asleep !
Edit2: I successfully flashed recoveries in command window from my PC but can't access TWRP at boot though, no LED flashing.
Edit3: Ok that's cuz there's no recovery boot script obviously, my bad. That's above my pay grade, if somebody is kind enough to create a stock. 200 with recoveries it'd be much appreciated PM me if so
Edit!: I flashed monx new stock based kernel
Thank you Tobias !
tobias.waldvogel said:
Hi everyone,
as most of you know, even after unlocking the bootloader there are a few more requirements before you can modify the system partition, i.e. install SuperSU, xposed etc.
- Android is now using dm-verity to verfy the integrity of the system partition. Until you switch it off your phone won't boot after modifying /system
- SONY RIC is blocking the write access to the system partition
The good news is, that it is not required to recompile the kernel. It is sufficent to modify the init scripts inside the init ram disk. So you can just stick to the stock kernel.
I created a package which precisely does this job for you. Just run it from TRWP after installing a new Android version
With this you don't have to wait anymore until someone creates the right kernel package for your phone
PS: It leaves a copy of the new boot image in the internal sdcard if you want to save it somewhere. (boot.img) It can be flashed with fastboot if required.
Click to expand...
Click to collapse
Hmm... I don't understand what this zip file do with phone.... Can you explain more primitive for me?!
Is that for recover stock kernel with stock drm keys?! I understand correct?!
zavpasha said:
Hmm... I don't understand what this zip file do with phone.... Can you explain more primitive for me?!
Is that for recover stock kernel with stock drm keys?! I understand correct?!
Click to expand...
Click to collapse
Before you can start to install thing like SuperSU and xposed you have to change the kernel, otherwise your phone won't boot anymore. In the past you had to wait for someone to come up with a compatible kernel for your phone, now this package just converts your existing kernel.
Regarding the DRM please install the package from the DRM restore thread.
Funkmasterchilla said:
I am downloading the whole firmware again from xperifirm. Thank you mate !
Edit: Working great! I'll stick to stock kernel now since Androplus' consumes more battery while asleep !
Edit2: I successfully flashed recoveries in command window from my PC but can't access TWRP at boot though, no LED flashing.
Edit3: Ok that's cuz there's no recovery boot script obviously, my bad. That's above my pay grade, if somebody is kind enough to create a stock. 200 with recoveries it'd be much appreciated PM me if so
Edit!: I flashed monx new stock based kernel
Thank you Tobias !
Click to expand...
Click to collapse
Thanks for the feedback. Future versions of this package will add TRWP as well. I am currently working on it.
tobias.waldvogel said:
Thanks for the feedback. Future versions of this package will add TRWP as well. I am currently working on it.
Click to expand...
Click to collapse
As promised the new package with TWRP is out
tobias.waldvogel said:
As promised the new package with TWRP is out
Click to expand...
Click to collapse
Great work thanks ,
How would I go about disabling the vibration for recovery?
Sent from my E6653 using Tapatalk
Well, the script which checks if recovery should be started is bin/init inside the zip. If you don't like the vibrate then just remove the line and run the package again
Gesendet von meinem E6683 mit Tapatalk
huh, so it is possible to have 2 recoveries at the same time? (and why would anyone want 2 recoveries? )
Three Recoveries are als possible
CWM, Phils Touch & TWRP
Sent from my E6653 @ XDA Portal
Sorry for being noob.
I miss my Oneplus one where things were so easy.
After unlocking BL what do i do with this zip.
Is it going to Root my phone and Install TWRP?
Thanks for help.
I flash the v2 and i got bootloop. 4 time red LED and the phone reboot and all over again. What's the problem?
Hi Tobias,
can you please build a v2 for the z5 compact too?
thx
stiffmeister
FakeSmile said:
I flash the v2 and i got bootloop. 4 time red LED and the phone reboot and all over again. What's the problem?
Click to expand...
Click to collapse
On which model did you use it and with which firmware version?
If you used flashtool before then you can just flash the kernel one more time (i.e. deselect everything else).
stiffmeister75 said:
Hi Tobias,
can you please build a v2 for the z5 compact too?
thx
stiffmeister
Click to expand...
Click to collapse
This should work on Z5 compact with stock kernel as well, without any change.
In case of any issues you can flash the kernel again via flashtool
If it did not work you can pass me the generated boot.img from your interal sdcard for further analysis
hi tobias,
i didn't try the v2, because i thought, that the twrp recovery wouldn't be compatible.
but when you say it's ok, than i'll try it
br
stiffmeister
stiffmeister75 said:
hi tobias,
i didn't try the v2, because i thought, that the twrp recovery wouldn't be compatible.
but when you say it's ok, than i'll try it
br
stiffmeister
Click to expand...
Click to collapse
I flashed zombie kernel without making backup of stock kernel, can you share it with me so I can try this method (I doubt it will work on zombie)
ps : I have .200 fw
tobias.waldvogel said:
On which model did you use it and with which firmware version?
If you used flashtool before then you can just flash the kernel one more time (i.e. deselect everything else).
Click to expand...
Click to collapse
E6653 on .200 firmware

[SAMSUNG][Android 6.x/7.x/8.x] SYSTEMLESS DevBase v2.1 | Encryption support

Hello
Do you remember my custom ROMs for older devices? Do you remember my "DevBase" and its idea? If not - please read hidden content below:
>> [ROM] DevBase for Note 3 (SM-N9005) <<
>> [ROM] DevBase for Note 4 (SM-N910F) <<
>> [ROM] DevBase for S5 (SM-G900F) <<
>> [ROM] DevBase for S5 Duos (SM-G900FD) <<
Since I created these custom ROMs - many things have changed. Main idea of my previous work was the ability to flash these ROMs over stock ROM without wipe data - to let users simply jump between official ROM and DevBase with most necessary modifications for advanced users. It was relatively simple to implement until Samsung introduced both: dm-verity's boot prevention + forced /data encryption (starting from S7/S7edge series). What does it mean? If you disable /data encryption - you are able to use TWRP like in older devices, you are able to flash custom ROMs available in this section, but you are not able simply switch to official stock ROM. Since I bought my S7 edge I realized, that the most reasonable way is to go in the "systemless direction".
Are you tired with traditional custom ROMs?
Do you miss custom ROMs but do not want to decrypt your device (for privacy/security reasons)? (!)
You are in the right place! I present you SYSTEMLESS DevBase - an SYSTEMLESS equivalent of my previous work (see hidden content above)
SYSTEMLESS DevBase is developed and physically tested on S7 Edge (G935F). However, it should work on ALL UNLOCKED SAMSUNG DEVICES running Android 6.x/7.x/8.x. Exynos? Snapdragon? NO MATTER !!!
Prerequisites:
- Samsung device running stock or stock-based Android 6.x or newer (7.x/8.x)
- Rooted device - Magisk v12+ or SuperSU v2.76+ installed in SYSTEMLESS mode (!)
- Stock, untouched /system partition (not mandatory, but recommended for OTA)
(!) WARNING (related to installing TWRP and/or rooting Nougat - e.g. ZPLN, DPLT or newer): There are confirmed reports that installing TWRP and/or rooting encrypted phones running stock Nougat causes bootloop (even if you just flash TWRP, without rooting). You will need to restore both - stock recovery and stock kernel (if you e.g. tried to flash SuperSU or other ZIP which might modify the kernel) to make your device bootable. You need to remove stock encryption (by formatting /data after rooting). If you need data encryption - you can easy re-encrypt already rooted device (by setting "KEEPFORCEENCRYPT" flag to "true" before (re)flashing Magisk or SuperSU).
SYSTEMLESS DevBase v2.0:
1. Benefits / main features:
- Works with encypted /data partition (**) (!)
- Working official OTA updates! (see Tips & Tricks - post #4)
- Does NOT perform any phisical modifications in /system
- Does NOT perform any additional changes/patches to the kernel
- Removed KNOX warnings (systemlessly removed SecurityLogAgent)
- It contains SYSTEMLESS BusyBox (bionic, the most stable and respected release)
- It allows you to easily modify most of files & apps in your /system - SYSTEMLESSLY (see Tips & Tricks)
2. Systemless Safe De-Bloat (more info below):
What does it mean and why is it called "safe"?
- ONLY apps available in stores will be systemlessly removed from the ROM, so you can easily (re)install any of these app if you like
- ONLY pre-installed system apps are will be systemlessly removed, DevBase installer never touch any updated app nor app installed manually from store
Thus, the following conclusions can be drawn:
1. If you install my SYSTEMLESS DevBase directly over working stock ROM - in most cases almost all these apps will remain untouched, because almost all apps have been updated already (stored on /data). But then you will be able to remove any useless app using the "Application manager" -> [Name_Of_App_To_Remove] -> MORE -> Uninstall updates. NOTE: App will disappear arter reboot and will be visible even in Titanium Backup!
2. If you perform "Wipe data" directly before installing SuperSU and my SYSTEMLESS DevBase (before you let to install app's updates) - then all apps listed below will be removed. If you would like to use any of these apps - just install it manually from appropriate store. Installed manually app will not be removed during the next DevBase update or re-install.
Removed apps list (depends on the device, should cover all devices starting from Galaxy S5):
ChatON
Chrome
Drive
Dropbox
EditorsDocs
Evernote
Excel
Facebook
FB Messenger
FB Pages Manager
Flipboard
Google+ / Photos
Group Play
Hangouts
Instagram
OneDrive
OneNote
PEN.UP
Play Books
Play Games
Play Movies
Play Music
Play Newsstand
PowerPoint
Skype
Smart Remote
WhatsApp
Word
NEW! Safe De-Bloat feature automatically detects and systemlessly removes apps not listed above, but present in your CSC package
3. Systemless CscFeature MOD (enabled some built-in, hidden features):
- Added shutter sound menu in Camera app
- Sending/receiving MMS without data on
- Show SMS/MMS sending time instead of receiving
- Added "Exit Internet" option to stock browser
- Added call button in Phone Logs (**)
- Added "Call/Message block" option in Settings
- Added symbols as secondary keys in Samsung keyboard (**)
- Added 4G/3G network support (master/slave SIM card - applies to Duos variants)
- Call Recording (added "Record" button, auto record calls - starting from Nougat)
- Enabled "Recent App Protection" feature
(**) may not work starting from Android 7.0 Nougat
Installation:
1. TWRP recovery:
- Tap "Keep Read Only" on the Welcome screen [extremely important for working OTA!]
- Open file using "Install" option (use extSdCard or OTG storage in case of encrypted /data)
- Confirm flash by swiping right
- Tap "Reboot System" (DO NOT wipe /cache after flashing in case of encrypted /data!)
2. FlashFire app (***):
- Open file using "Flash ZIP or OTA" option
- UNTICK "Mount /system read/write" [extremely important for working OTA!]
- Tap "FLASH"
NOTE1: One additional auto-reboot may be performed at first boot. It is not a bug (may be required for systemless build.prop support - see Tips & Tricks for more explanations)
NOTE2: Do not worry about red "mount /data failed..." messages displayed in TWRP in case of encrypted /data (installer will do the work anyway!)
(***) As far as I know - FlashFire is the only flashing tool with full access to /data during flash in case of encrypted devices (!). It is also the only tool which allows you to perform full backup/restore of partitions, including encrypted /data (!). It does NOT require custom recovery to work!
Credits:
@Chainfire for systemless SuperSU and a lot of inspiration
@topjohnwu for Magisk, another inspiration & some binaries used separately
Hit Thanks button if you like my work. If you really appreciate my work - feel free to buy me a beer
Download
>> SYSTEMLESS_DevBase_v2.1.zip <<
>> Recent SYSTEMLESS DevBase <<
Note:
Check MD5 sum BEFORE flash (useful TOOL), because flashing damaged or incomplete ZIP files can lead to issues! Correct MD5 sum is shown on the AndroidFileHost website while downloading.
Changelog
v2.1:
- Fixed potential "Google Play services" FCs in case of S8 or newer device(s)
v2.0:
- Initial support for devices using /system/omc CSC location (e.g. S8 / S8+ / Note 8)
- Added support for /system/preload as app location
- Other improvements & optimizations in the installer
v1.15:
- Added support for BINDSBIN mode (required by latest suhide) in case of SuperSU as root solution
v1.14:
- Added possibility to bypass all systemless mods by creating /cache/.disable_devbase file. It is usefull option especially for encrypted devices (without access to /data from TWRP) in case of you experienced bootloop due to placing a problematic MOD in /data/devbase/system/.. If /cache/.disable_devbase file exists then all systemless mods in ../app ../framework & ../piv-app will be moved to /data/devbase/system/.backup
- Backup all mods (to /data/devbase/system/.backup) instead of delete in case of major Android update has been detected
v1.13:
- Fixed bug with combination Magisk v15+ & SYSTEMLESS DevBase if we are trying to install one by one directly after wipe/format data
v1.12:
- Improved compatibility with Magisk v15+
v1.11:
- Fixed issues and improved compatibility with Magisk v14.5+
v1.10:
- Fixed not working /sbin support after clean installation of Magisk v14+, then SYSTEMLESS DevBase
v1.9:
- Improved/tuned compatibility with Magisk v13+ (which has been re-built from the scratch)
- Updated Magisk's binaries (e.g. resetprop function is now an applet available in magisk binary)
- Systemless BusyBox will be installed even with Magisk (since it has been removed from Magisk v13+)
v1.8:
- Fixed unroot2ota script to work while busybox is NOT in the $PATH (typical Magisk's case)
v1.7:
- Added support for /sbin via /data/devbase/sbin (you can only add a NEW item, e.g. script/binary/executable file). It can be an interesting feature for advanced users which would like to add custom commands, because /sbin is in the $PATH
- resetprop & unroot2ota now are placed in /sbin, in result unroot2ota command will natively work even with Magisk (without SuperSU)
v1.6:
- Improved/fixed Systemless Safe De-Bloat - now it should work in any case (even if enforceskippingpackages.txt file does not exist in your stock FW)
- In case of SYSTEMLESS DevBase update or re-installation - installer will not remove your custom entries in /data/devbase/system/build.prop and in *.xml files placed in /data/devbase/system/csc
- Added new features to Systemless CscFeature MOD: Allow 3G network mode in case of slave SIM card (Duos variant); Enabled "Recent App Protection" feature
v1.5:
- Added full support for MagiskSU as root solution. SuperSU is no longer the only available prerequisite
- Improved build.prop support in case of SuperSU as root solution, without magisk installed (seems like we can't rely on resetprop binary @ Android N)
- unroot2ota: removed SuperSU's sukernel dependency
v1.4:
- Improved/changed support for /data/devbase/system/build.prop file (uses @topjohnwu's resetprop binary)
- "ro.warranty_bit" & "ro.boot.warranty_bit" are set to "0" at boot -> fake KNOX 0x0 status (uses @topjohnwu's resetprop binary)
v1.3:
- Fixed CscFeature MOD (e.g. G920I case, now should work with all Samsung devices/variants)
v1.2:
- Added info in Settings/About device/Software info/Build number (can be overrided by editing /data/devbase/system/build.prop)
- unroot2ota: added ability to restore stock recovery using /system/recovery-from-boot.p file (no guarantee)
- unroot2ota: check /system partition for common modifications before unroot
- Minor changes & improvements in the shell code
v1.1:
- Added SYSTEMLESS support for /system/framework
- Added SYSTEMLESS support for /system/build.prop (overrides & additions)
- Added SYSTEMLESS BusyBox bionic (the most stable and respected release)
- Added major Android update detection (auto-remove mods for older API to prevent bootloops & FCs)
- Added logging to /data/devbase/last_boot.log (API & errors)
- Added SuperSU boot patcher version checker (exits su.d boot script if < 2.76)
- Added "Please DO NOT wipe /cache" warning in case of encrypted devices and TWRP recovery
- Minor changes & optimizations in the shell code
- Added SYSTEMLESS DevBase uninstaller
v1.0:
- Initial version
Tips & Tricks
1. OTA updates:
- Basically, the only thing you need to take OTA update is to perform "Full unroot" in the SuperSU app. However, a better way is to use "unroot2ota" terminal command, because this will not remove DevBase boot script from /su/su.d and the only thing you will need to re-activate SYSTEMLESS DevBase (and all your systemless MODs) after performing OTA update is just re-root your device with CF-Auto-Root.
- If you flashed custom recovery like TWRP - it is mandatory to restore your stock recovery (otherwise OTA will not work). You can do it using FlashFire app (the easiest way) - just open recovery.img file (extracted from your original FW) using "Flash firmware package" option, disable "Preserve recovery" option and then tap "FLASH". EDIT: Starting from version v1.2 there is a new "unroot2ota" feature which allow you to restore stock recovery using /system/recovery-fromm-boot.p file. There is no guarantee to perform it successfully (even if there is no error message) but in most cases it works well (tested on Nougat beta). Please go to recovery before you try to get OTA to check if you have stock recovery already after performing "unroot2ota" (if not - you need to use PC Odin to flash recovery.img packed in tar file).
- It is recommended to temporarily disable "Auto-update apps" in Play Store settings before you unroot your device. It will prevent updating applications covered by Safe De-Bloat list, as there apps will temporarily appear until you re-root the phone after performing OTA update.
Note (devices which use dm-verity): You should never allow /system modifications in TWRP, never allow to remount /system r/w in any app (e.g. Root Explorer, FlashFire, etc.) and never flash a ZIP file which could modify your /system or remount it r/w. Failure to follow these recommendations will break dm-verity verification and will cause, that your device may not be able to boot with the stock kernel (you will need to re-flash your original FW using PC Odin to make your device bootable).
UPDATE: Due to the fact that installing TWRP and/or rooting encrypted phones running stock Nougat is not possible without format /data - the above described advantages applies to stock ROMs based on Android up to 6.0
2. Making your own modifications:
- You can systemlessly replace any existing system app by modded one. Just put modified app to /data/devbase/system/app or /data/devbase/system/priv-app and then reboot your device
- You can systemlessly replace jar or apk in /system/framework. Just put modified one to /data/devbase/system/framework and then reboot your device (NOTE: framework support has been added for advanced users -> there is high risk of bootloop if you do something wrong!)
- You can systemlessly add or override any line in /system/build.prop. Just put (only new or changed) line to /data/devbase/system/build.prop and then reboot your device (NOTE: one additional auto-reboot may be performed if /data/devbase/system/build.prop file has been added, modified or removed (SuperSU case). It is not a bug - it is required for the changes in /data/devbase/system/build.prop to take effect!)
- You can systemlessly replace any existing file in /system/csc and /system/etc (but NOT in subdirectories). Just put modified copy of a file to /data/devbase/system/csc or /data/devbase/system/etc and then reboot device
Limitations: original app or file MUST physically exist with the same name in /system, you can NOT add a new app or file this way!
Example 1 (Ad-Blocking): Download the latest Ad-Blocking ZIP installer from THIS thread. Extract "hosts" file (placed in /system/etc inside ZIP file), then copy it to /data/devbase/system/etc, set rw-r--r-- (644) permissions and then reboot device
Example 2 (modded SamsungCamera6): Create "SamsungCamera6" directory in /data/devbase/system/priv-app and then put modified "SamsungCamera6.apk" file into it. Set rwxr-xr-x (755) permissions to "SamsungCamera6" directory, rw-r--r-- (644) permissions to "SamsungCamera6.apk" and then reboot device
Example 3 (De-Bloating a bit more): You can just create empty directories in /data/devbase/system/app (or priv-app) corresponding to applications in /system/app (or priv-app). Alternatively (more advanced method), you can add an app to modded enforceskippingpackages.txt file (you can find it in /data/devbase/system/etc or /data/devbase/system/csc_contents, depending on the original location in /system) and increase number in the 1st line. Second method should not be used by beginners (without a basic knowledge related to UNIX text format)
3. How to manually maintain the newest ROM version:
If you do not care about OTA - you can manually update your device to the newest ROM available @ Sammobile, keeping your original CSC (you need multi-file original FW, I mean separate files for BL/AP/CP/CSC). You need to download 2 ROMs: ROM with the newest changelist and the latest ROM containing your original CSC. Extract both and open in PC Odin BL/AP/CP files from the ROM with highest changelist but open CSC file from the ROM containing your CSC (I recommend to use HOME_CSC_* file to avoid auto-wipe-data). Flash such "mix", re-root and enjoy
Optional MODs
I put some of my favorite MOD's. These modifications I have done personally using (bak)smali tools - these are NOT "borrowed" from other custom rom, nor from someone else's thread (thanks to @majdinj & @tdunham for their excellent modding guides). All files are FlashFire / TWRP flashable ZIPs.
These MODs are compatible with SYSTEMLESS DevBase - installer will try to detect if your /system has been moddified (or not) already. If the installer will not detect any popular /system modifications like SuperSU / busybox / Xposed (installed to /system) then will try to install app systemlessly to /data/devbase/system/(priv-)app
1. Modified Camera app:
- Full functionality of the Camera app in low battery
2. Modified Messages app:
- Disabled SMS delivery notifications (*)
(*) If you long press a message you can still check if the message has been delivered or not, we do not need to see and hear notifications for every sms. It's annoying to me!
>> MODs for G935F (Marshmallow) << (**)
>> MODs for G935F (Nougat) << (**)
(**) Original apps come from stock ROM for G935F, but these MODs should work on all S7 flat & edge variants (Exynos based)
In case of MODs installed to /system - you can restore original apk using backup stored in /data/alexndr/backup
Incredible work, man! Thanks
I'm HAPPY to see you in this Forum with an S7edge !
@_alexndr
Congrats mate! Great job I will test it in a few days
# 1 question
What about framework folder support with modded files ?
# 2 question
Modded deodex apps putted in /data/devbase/system folders will work on odex system ?
For example:
/data/devbase/system/priv-app/SystemUI/SystemUI.apk
will be deodexed
but orginal one:
/system/priv-app/SystemUI/SystemUI.apk
will be odex (with arm folders)
# 3 question
For example if I put systemui.apk the modded will be run and original no ? Or they collaborate toggether ?
Edit:
If I correct understand examples they are colaborate
# 4 question
system/etc/permissions files not supported too ? For exapmle platform.xml
••••
This tool have a BIG potential to be the greatest !
Have a nice day
ambasadii said:
@_alexndr
Congrats mate! Great job I will test it in a few days
# 1 question
What about framework folder support with modded files ?
# 2 question
Modded deodex apps putted in /data/devbase/system folders will work on odex system ?
For example:
/data/devbase/system/priv-app/SystemUI/SystemUI.apk
will be deodexed
but orginal one:
/system/priv-app/SystemUI/SystemUI.apk
will be odex (with arm folders)
# 3 question
For example if I put systemui.apk the modded will be run and original no ? Or they collaborate toggether ?
Edit:
If I correct understand examples they are colaborate
# 4 question
system/etc/permissions files not supported too ? For exapmle platform.xml
����
This tool have a BIG potential to be the greatest !
Have a nice day
Click to expand...
Click to collapse
#2: Deodexed apps works great in odexed rom, but odexed apps will not work at all in case of deodexed framework!
SYSTEMLESS DevBase uses bind mounts so entire /system/priv-app/SystemUI directory (and its content) will be virtually replaced by /data/devbase/system/priv-app/SystemUI => it means you will not see oat/arm directory => entire app will act as deodexed in /system/...
See attached screenshots - first is with moded SamsungCamera5 present in /data/devbase/system/priv-app, second is after deleting /data/devbase/system/priv-app/SamsungCamera5 (and reboot)
Now it is good time to answer #1: With framework I intentionally dropped possibility to replace systemlessly files in .../framework (for security reasons @ to avoid unintentional bootloops). Imagine that you "systemlessly" replace ../framework/oat directory by empty one => then all jars corresponding to *.odex files in oat/arm(64) will immediately require classes*.dex files inside jars (otherwise will not work). Even if you replace entire framework by deodexed (with classes.dex inside jars) -> as I stated above (answer #2) -> almost all apps in /system/app & priv-app will stop working as almost all apps are originally ODEXED.
Imagine also that you leaded device into bootloop by replacing files in framework AND you have encrypted /data. There is no easy way out for normal users (which are not able to play with "fake" /cache/su.img to make workaround matched to the problem) they will not be able just remove files (causing the problem) from /data/devbase/system/framework using TWRP
In sum - thats why I have not introduced such possibility for normal users, but you as the DEV may extend this idea and try to systemlessly replace entire framework, app & priv-app by deodexed content (I have not tested it personally, IMO it does not worth the effort)
#3: The answer is now clear from the answer to question #2 - modded will run and original will NOT (original will "virtually disappear")
#4: It is easy to extend support for etc/permissions/* files by editing 0000000devbase, I will think about it
Now almost everything is clear
so for example if i put /data/devbase/system/framework/services.jar and delete from system/framework/oat/arm64/services.odex file should work ?
add support for etc/permissions/* files to fix ext-card permissions (platform.xml)
ambasadii said:
Now almost everything is clear
so for example if i put /data/devbase/system/framework/services.jar and delete from system/framework/oat/arm64/services.odex file should work ?
add support for etc/permissions/* files to fix ext-card permissions (platform.xml)
Click to expand...
Click to collapse
The only way to "virtually remove" files using this method is "fake" (e.g. empty) parent directory. Another way is to create "fake" file with same name (but size 0 bytes).
There is a chance that it will work for services.jar - but such "fun/play" is only for advanced DEVs, like you :good: you need to extend support for framework and subdirectories in 0000000devbase su.d script. Then you can try to systemlessly replace jar by deodexed&modded one in /data/devbase/system/framework... and odex file by "fake 0 sized" odex in /data/devbase/system/framework/oat/arm64/...
EDIT: @ambasadii, there is no need to "remove" (whatever it means) odex file as it will be ignored in case of jar or apk contains classes*.dex inside
Ok I will test it
Sent from my SM-G935F using XDA-Developers mobile app
_alexndr said:
you need to extend support for framework and subdirectories in 0000000devbase su.d script. Then you can try to systemlessly replace jar by deodexed&modded one in /data/devbase/system/framework...
Click to expand...
Click to collapse
correct ?
Code:
if [ -d "/data/devbase/system/framework" ] ; then
for i in `ls /data/devbase/system/framework` ; do
mount -o bind /data/devbase/system/framework/$i /system/framework/$i 2>/dev/null
done
fi
if [ -d "/data/devbase/system/etc/permissions" ] ; then
for i in `ls /data/devbase/system/etc/permissions` ; do
if [ -f "/data/devbase/system/etc/permissions/$i" ] ; then
mount -o bind /data/devbase/system/etc/permissions/$i /system/etc/permissions/$i 2>/dev/null
fi
done
fi
EDIT: @ambasadii, there is no need to "remove" (whatever it means) odex file as it will be ignored in case of jar or apk contains classes*.dex inside
Click to expand...
Click to collapse
good news, remove it means delete
ambasadii said:
correct ?
Code:
if [ -d "/data/devbase/system/framework" ] ; then
for i in `ls /data/devbase/system/framework` ; do
mount -o bind /data/devbase/system/framework/$i /system/framework/$i 2>/dev/null
done
fi
if [ -d "/data/devbase/system/etc/permissions" ] ; then
for i in `ls /data/devbase/system/etc/permissions` ; do
if [ -f "/data/devbase/system/etc/permissions/$i" ] ; then
mount -o bind /data/devbase/system/etc/permissions/$i /system/etc/permissions/$i 2>/dev/null
fi
done
fi
Click to expand...
Click to collapse
Basically correct but you need to add bind mounts only for files (just in case)
I will send you today new (pre-release v1.1) version with "slightly tuned code" and with support for framework
good news, remove it means delete
Click to expand...
Click to collapse
Nice joke :silly: "whatever it means" => FYI => it may also mean bind mounts with files (0 bytes size)
Welcome to the S7 bro
Hi alexndr
I love you from 9005 to now.
Plz add a option in cmera mod,that under i geting 60fps video,i can get pic.
Mean, camcorder 60fps and camera pictures together .
I cant write eng.plz exercise me.
Sent from my SM-G935F using Tapatalk
Awesome to see you here! Thanks @_Alexandr
Gesendet von meinem SM-G935F mit Tapatalk
Nice to see a familiar face in the S7 (E) section! Good luck with all your plans here.
Verstuurd vanaf mijn SM-G935F met Tapatalk
Nice to find you here Alexandr, been using your Roms on my old note 3 about 8 months ago and they were the most stable "custom Roms". But then you were providing a full unmodified ROM with root access, can you do something like this here for those of us that wish it? I personally don't have access to a PC so I can't flash newer firmwares with Odin, so I'm stuck using flashable ROMs.
It is possible to install magisk and work hide magisk for apps, for example bank apps?

[G928F/C/G/L/S/...][6.0+] SYSTEMLESS DevBase | Encryption support | Stock OTA update

SYSTEMLESS DevBase has been developed and physically tested on S7 Edge (G935F), so main thread containing the most detailed description you can find here:
>> [SAMSUNG][6.0+] SYSTEMLESS DevBase | Encryption support | Stock OTA updates <<
However, it should work on ALL SAMSUNG DEVICES running Android 6.0+, so if you are Galaxy S6 Edge+ (G928xx) owner - please place your feedback & discussion here to let me know about device-specific issues or to let me know that everything works perfect
---------------------------------------------------------------------------
Are you tired with traditional custom ROMs?
Do you miss custom ROMs but you would like to have encrypted /data (for privacy/security reasons)?
You are in the right place! I present you SYSTEMLESS DevBase - an SYSTEMLESS equivalent of my previous work (for older devices)
Prerequisites:
- Samsung device running stock or stock-based Android 6.0+ (mandatory!)
- Rooted device - SuperSU v2.76+ installed in SYSTEMLESS mode (mandatory!) (*)
- Stock, untouched /system partition (not mandatory, but recommended for working OTA)
- Stock recovery (not mandatory, but recommended for working OTA)
(*) NOTE: The latest CF-Auto-Root image for G928F contains SuperSU v2.74 which does not support SYSTEMLESS solutions (su.d is not triggered early enough). It is NOT enough to update it via PlayStore to the newest version and update su binaries! You need to update it using TWRP / FlashFire installable ZIP from THIS STABLE or THIS BETA thread. Alternatively you can use "EverRoot" -> "Inject SuperSU" option in FlashFire even if you are rooted already by CF-Auto-Root (it will update SuperSU in the same way as flashing ZIP).
SYSTEMLESS DevBase:
1. Benefits / main features:
- Works with encypted /data partition
- Working official OTA updates! (see Tips & Tricks)
- Does NOT perform any phisical modifications in /system
- Does NOT perform any additional changes/patches to the kernel
- Removed KNOX warnings (systemlessly removed SecurityLogAgent)
- It contains SYSTEMLESS BusyBox (bionic, the most stable and respected release)
- It allows you to easily modify most of files & apps in your /system - SYSTEMLESSLY (see Tips & Tricks)
- It does not interfere with Magisk! You can use Magisk in paralell with SYSTEMLESS DevBase if you need it for your favorite module.
2. Systemless Safe De-Bloat (more info below):
What does it mean and why is it called "safe"?
- ONLY apps available in stores will be systemlessly removed from the ROM, so you can easily (re)install any of these app if you like
- ONLY pre-installed system apps are will be systemlessly removed, DevBase installer never touch any updated app nor app installed manually from store
Thus, the following conclusions can be drawn:
1. If you install my SYSTEMLESS DevBase directly over working stock ROM - in most cases almost all these apps will remain untouched, because almost all apps have been updated already (stored on /data). But then you will be able to remove any useless app using the "Application manager" -> [Name_Of_App_To_Remove] -> MORE -> Uninstall updates. NOTE: App will disappear arter reboot and will be visible even in Titanium Backup!
2. If you perform "Wipe data" directly before installing SuperSU and my SYSTEMLESS DevBase (before you let to install app's updates) - then all apps listed below will be removed. If you would like to use any of these apps - just install it manually from appropriate store. Installed manually app will not be removed during the next DevBase update or re-install.
Removed apps list (depends on the device, should cover all devices starting from Galaxy S5):
ChatON
Chrome
Drive
Dropbox
EditorsDocs
Evernote
Excel
Facebook
FB Messenger
FB Pages Manager
Flipboard
Google+ / Photos
Group Play
Hangouts
Instagram
OneDrive
OneNote
PEN.UP
Play Books
Play Games
Play Movies
Play Music
Play Newsstand
PowerPoint
Skype
Smart Remote
WhatsApp
Word
NEW! Safe De-Bloat feature automatically detects and systemlessly removes apps not listed above, but present in your CSC package
3. Systemless CscFeature MOD (enabled some built-in, hidden features):
- Added shutter sound menu in Camera app
- Sending/receiving MMS without data on
- Show SMS/MMS sending time instead of receiving
- Added "Exit Internet" option to stock browser
- Added call button in Phone Logs (**)
- Added "Call/Message block" option in Settings
- Added symbols as secondary keys in Samsung keyboard (**)
- Call Recording (manual control, added "Record" button)
(**) may not work starting from Android 7.0 Nougat
Installation:
1. FlashFire app (recommended ***):
- Open file using "Flash ZIP or OTA" option
- UNTICK "Mount /system read/write" [extremely important for working OTA!]
- Enable "EverRoot" -> "Inject SuperSU" option if necessary (see NOTE above (*))
- Tap "FLASH"
2. TWRP recovery:
- Tap "Keep Read Only" on the Welcome screen [extremely important for working OTA!]
- Open file using "Install" option (use extSdCard or OTG storage in case of encrypted /data)
- Confirm flash by swiping right
- Tap "Reboot System"
NOTE1: One additional auto-reboot may be performed at first boot. It is not a bug (may be required for systemless build.prop support - see Tips & Tricks for more explanations)
NOTE2: Do not worry about red "mount /data failed..." messages displayed in TWRP in case of encrypted /data (installer will do the work anyway!)
(***) As far as I know - FlashFire is the only flashing tool with full access to /data during flash in case of encrypted devices. It is also the only tool which allows you to perform full backup/restore of partitions, including encrypted /data. It does NOT require custom recovery to work!
Credits: @Chainfire for systemless SuperSU and a lot of inspiration
Hit Thanks button if you like my work. If you really appreciate my work - feel free to buy me a beer
Download
>> Recent SYSTEMLESS DevBase <<
Note:
Check MD5 sum BEFORE flash (useful TOOL), because flashing damaged or incomplete ZIP files can lead to issues! Correct MD5 sum is shown on the AndroidFileHost website while downloading.
Changelog
Please visit MAIN THREAD - post #3
Tips & Tricks
1. OTA updates:
- Basically, the only thing you need to take OTA update is to perform "Full unroot" in the SuperSU app. However, a better way is to use "unroot2ota" terminal command, because this will not remove DevBase boot script from /su/su.d and the only thing you will need to re-activate SYSTEMLESS DevBase (and all your systemless MODs) after performing OTA update is just re-root your device with CF-Auto-Root.
- If you flashed custom recovery like TWRP - it is mandatory to restore your stock recovery (otherwise OTA will not work). You can do it using FlashFire app (the easiest way) - just open recovery.img file (extracted from your original FW) using "Flash firmware package" option, disable "Preserve recovery" option and then tap "FLASH". EDIT: Starting from version v1.2 there is a new "unroot2ota" feature which allow you to restore stock recovery using /system/recovery-fromm-boot.p file. There is no guarantee to perform it successfully (even if there is no error message) but in most cases it works well (tested on Nougat beta). Please go to recovery before you try to get OTA to check if you have stock recovery already after performing "unroot2ota" (if not - you need to use PC Odin to flash recovery.img packed in tar file).
- It is recommended to temporarily disable "Auto-update apps" in Play Store settings before you unroot your device. It will prevent updating applications covered by Safe De-Bloat list, as there apps will temporarily appear until you re-root the phone after performing OTA update.
Note (devices which use dm-verity): You should never allow /system modifications in TWRP, never allow to remount /system r/w in any app (e.g. Root Explorer, FlashFire, etc.) and never flash a ZIP file which could modify your /system or remount it r/w. Failure to follow these recommendations will break dm-verity verification and will cause, that your device may not be able to boot with the stock kernel (you will need to re-flash your original FW using PC Odin to make your device bootable).
2. Making your own modifications:
- You can systemlessly replace any existing system app by modded one. Just put modified app to /data/devbase/system/app or /data/devbase/system/priv-app and then reboot your device
- You can systemlessly replace jar or apk in /system/framework. Just put modified one to /data/devbase/system/framework and then reboot your device (NOTE: framework support has been added for advanced users -> there is high risk of bootloop if you do something wrong!)
- You can systemlessly add or override any line in /system/build.prop. Just put (only new or changed) line to /data/devbase/system/build.prop and then reboot your device (NOTE: one additional auto-reboot will be performed if /data/devbase/system/build.prop file has been added, modified or removed. It is not a bug - it is required for the changes in /data/devbase/system/build.prop to take effect!)
- You can systemlessly replace any existing file in /system/csc and /system/etc (but NOT in subdirectories). Just put modified copy of a file to /data/devbase/system/csc or /data/devbase/system/etc and then reboot device
Limitations: original app or file MUST physically exist with the same name in /system, you can NOT add a new app or file this way!
Example 1 (Ad-Blocking): Download the latest Ad-Blocking ZIP installer from THIS thread. Extract "hosts" file (placed in /system/etc inside ZIP file), then copy it to /data/devbase/system/etc, set rw-r--r-- (644) permissions and then reboot device
Example 2 (modded SystemUI): Create "SystemUI" directory in /data/devbase/system/priv-app and then put modified "SystemUI.apk" file into it. Set rwxr-xr-x (755) permissions to "SystemUI" directory, rw-r--r-- (644) permissions to "SystemUI.apk" and then reboot device
Example 3 (De-Bloating a bit more): You can just create empty directories in /data/devbase/system/app (or priv-app) corresponding to applications in /system/app (or priv-app). Alternatively (more advanced method), you can add an app to modded enforceskippingpackages.txt file (you can find it in /data/devbase/system/etc or /data/devbase/system/csc_contents, depending on the original location in /system) and increase number in the 1st line. Second method should not be used by beginners (without a basic knowledge related to UNIX text format)
3. How to manually maintain the newest ROM version:
If you do not care about OTA - you can manually update your device to the newest ROM available @ Sammobile, keeping your original CSC (you need multi-file original FW, I mean separate files for BL/AP/CP/CSC). You need to download 2 ROMs: ROM with the newest changelist and the latest ROM containing your original CSC. Extract both and open in PC Odin BL/AP/CP files from the ROM with highest changelist but open CSC file from the ROM containing your CSC (I recommend to use HOME_CSC_* file to avoid auto-wipe-data). Flash such "mix", re-root and enjoy
Reserved
hello,alexdr
how are you?
i had flashed your nice rom in s5
do you make. rom for s6 edge plus?
_alexndr said:
Download
>> Recent SYSTEMLESS DevBase <<
Click to expand...
Click to collapse
I'm a little bit confused as the download link refers to S7edge SM-G935F
Androidwizzard said:
I'm a little bit confused as the download link refers to S7edge SM-G935F
Click to expand...
Click to collapse
Yes, agrees - DL link refers to S7edge, but only because there is no just "Samsung" device (generally, without number) to choose @ AndroidFileHost
That's why I put such big NOTE at the top of post #1:
SYSTEMLESS DevBase has been developed and physically tested on S7 Edge (G935F), so main thread containing the most detailed description you can find here:
>> [SAMSUNG][6.0+] SYSTEMLESS DevBase | Encryption support | Stock OTA updates <<
However, it should work on ALL SAMSUNG DEVICES running Android 6.0+, so if you are Galaxy S6 Edge+ (G928xx) owner - please place your feedback & discussion here to let me know about device-specific issues or to let me know that everything works perfect
Click to expand...
Click to collapse
merry xmas ,mate
alexndr
There is new version available
Changelog
v1.1:
- Added SYSTEMLESS support for /system/framework
- Added SYSTEMLESS support for /system/build.prop (overrides & additions)
- Added major Android update detection (auto-remove mods for older API to prevent bootloops & FCs)
- Added BusyBox bionic (the most stable and respected release)
- Added logging to /data/devbase/last_boot.log (API & errors)
- Added SuperSU boot patcher version checker (exits su.d boot script if < 2.76)
- Added "Please DO NOT wipe /cache" warning in case of encrypted devices and TWRP recovery
- Minor changes & optimizations in the shell code
- Added SYSTEMLESS DevBase uninstaller
Download link:
>> SYSTEMLESS_DevBase_v1.1.zip <<
Since new version has many more features -> there are more possibilities of bootloop (especially if you are playing with framework mods). I have created DevBase remover to let you get out from bootloop. Of course uninstaller does NOT "know" which mod caused the problem, so it will not remove any file from /data/devbase directory, it will remove only /su/su.d/0000000devbase boot script to make your device bootable (again) so you can manually delete problematic mod:
>> SYSTEMLESS_DevBase_remover.zip <<
Another update:
v1.3:
- Fixed CscFeature MOD (e.g. G920I case, now should work with all Samsung devices/variants)
v1.2:
- Added info in Settings/About device/Software info/Build number (can be overrided by editing /data/devbase/system/build.prop)
- unroot2ota: added ability to restore stock recovery using /system/recovery-from-boot.p file (no guarantee)
- unroot2ota: check /system partition for common modifications before unroot
- Minor changes & improvements in the shell code
>> SYSTEMLESS_DevBase_v1.3.zip <<
DEV ,
tahnks for your hard work .
can you make a s7 edge nougat mod for samsung s6 edge plus ?

How can I make changes to /system in nougat?

Quick summary, I can not:
mount -o remount,rw /system in normal mode even with root permission. Error is "Device busy"
modify files in /system in twrp and keep it persistent. It somehow roll back to the stock state after reboot into normal mode.
I'm a long-time linux user, and fairly familiar with rooting in pre-nougat versions. My previous phone is Oneplus-X in LineageOS-14, and I could do whatever I like with the system partition. Recently I received a P9 as present. I updated the rom to B377 and flashed OldDroid's TWRP-3.1.0+phh su. But I can not find a way to modify the /system partition. I need to change a lot of things, like /system/etc/hosts, adding apk into /system/priv-app, etc.
Could someone help?
ccaappton said:
Quick summary, I can not:
mount -o remount,rw /system in normal mode even with root permission. Error is "Device busy"
modify files in /system in twrp and keep it persistent. It somehow roll back to the stock state after reboot into normal mode.
I'm a long-time linux user, and fairly familiar with rooting in pre-nougat versions. My previous phone is Oneplus-X in LineageOS-14, and I could do whatever I like with the system partition. Recently I received a P9 as present. I updated the rom to B377 and flashed OldDroid's TWRP-3.1.0+phh su. But I can not find a way to modify the /system partition. I need to change a lot of things, like /system/etc/hosts, adding apk into /system/priv-app, etc.
Could someone help?
Click to expand...
Click to collapse
Hopefully this might help:
1. revert back to unmodified boot image (in TWRP flash from here[/URL or restore your backup from the unmodified boot image] , leave anything else untouched (especially TWRP 3.1.0-0 for EMUI 5)
2. flash this [URL="https://forum.xda-developers.com/showpost.php?p=71588837&postcount=102"]SuperSU image in TWRP (read the comments in the post please ... single bootloop ... then everything is ok and rooted)
3. install JRummy's BusyBox from Google Play (Stephen's won't work)
You are done and good to modify /system.
Note: resulting earthquakes, thunderstorms and spring floods from this work are solely under your own responsibility :laugh:
hakaz said:
Hopefully this might help:
1. revert back to unmodified boot image (in TWRP flash from here[/URL or restore your backup from the unmodified boot image] , leave anything else untouched (especially TWRP 3.1.0-0 for EMUI 5)
2. flash this [URL="https://forum.xda-developers.com/showpost.php?p=71588837&postcount=102"]SuperSU image in TWRP (read the comments in the post please ... single bootloop ... then everything is ok and rooted)
3. install JRummy's BusyBox from Google Play (Stephen's won't work)
You are done and good to modify /system.
Note: resulting earthquakes, thunderstorms and spring floods from this work are solely under your own responsibility :laugh:
Click to expand...
Click to collapse
1. I did a backup of boot partition before phh root, so should be able to restore the backup, instead of download the boot partition from others?
2. Is systemless supersu binaries need be individualized for every phone? Can I download systemless supersu from somewhere more semi-official? I'm not exactly comfortable installing zips from random links. ()
Ad 1. Till now rooting on our P9 works through injection of the su mounting routine into the kernel in boot section (if using a modified kernel + su installation or modifying the kernel during su installation itself doesn't make a difference). So any su installation modifies the boot section and you mess things up if you try to install another su on top of the other. Therefore reverting to the original boot image is mandatory before installation of another su.
Ad 2. The su is compiled against different platforms​ not phones (in our case arm64). So @Chainfire has the different platform variations in his package. The "shady" package in our case is basically the v2.79 stable version of 12/20 2016 (you can unpack both packages and compare them against each other, they are bit for bit equal) but has an P9 specific injection routine to modify the kernel. After installation you have pure su v2.79 stable on board - not more, not less.
Sorry, "normal" SuperSU packages won't work due to lacking the kernel modification (phh uses a modified kernel instead you have to flash separately on P9).
Cheers!
hakaz said:
Ad 1. Till now rooting on our P9 works through injection of the su mounting routine into the kernel in boot section (if using a modified kernel + su installation or modifying the kernel during su installation itself doesn't make a difference). So any su installation modifies the boot section and you mess things up if you try to install another su on top of the other. Therefore reverting to the original boot image is mandatory before installation of another su.
Ad 2. The su is compiled against different platforms​ not phones (in our case arm64). So @Chainfire has the different platform variations in his package. The "shady" package in our case is basically the v2.79 stable version of 12/20 2016 (you can unpack both packages and compare them against each other, they are bit for bit equal) but has an P9 specific injection routine to modify the kernel. After installation you have pure su v2.79 stable on board - not more, not less.
Sorry, "normal" SuperSU packages won't work due to lacking the kernel modification (phh uses a modified kernel instead you have to flash separately on P9).
Cheers!
Click to expand...
Click to collapse
Thanks buddy! I flashed systemless supersu, and stucked in infinite bootloop(it is only once in your post), probably because my model is EVA-AL00. I have to restore the previous boot.img.
ccaappton said:
Quick summary, I can not:
mount -o remount,rw /system in normal mode even with root permission. Error is "Device busy"
modify files in /system in twrp and keep it persistent. It somehow roll back to the stock state after reboot into normal mode.
I'm a long-time linux user, and fairly familiar with rooting in pre-nougat versions. My previous phone is Oneplus-X in LineageOS-14, and I could do whatever I like with the system partition. Recently I received a P9 as present. I updated the rom to B377 and flashed OldDroid's TWRP-3.1.0+phh su. But I can not find a way to modify the /system partition. I need to change a lot of things, like /system/etc/hosts, adding apk into /system/priv-app, etc.
Could someone help?
Click to expand...
Click to collapse
Same here with Oneplus 3T.
I just posted in another post (Google Pixel).
There I just guess it was a new encription way, now Im sure, all three devices with Android 7.1.1.....

Categories

Resources