Project

General

Profile

steps to follow BEFORE installation

Added by Fil Lupin over 6 years ago

Hi,
before installation of Replicant, some steps can be followed to better prepare installation:

- save data :

- save ROM, especially critical parts (EFS, including MAC address and IMEI)

It could be interesting to give some tips, precisions, howto, links to doc, etc. to help newcomers to prepare installation through these steps.
If this is already available, please let me know where I could find this.
If not, do you see any other things?

Thank you.


Replies (10)

RE: steps to follow BEFORE installation - Added by Fil Lupin about 6 years ago

Following my question on mailing list, here is Denis' answer (https://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20180806/001614.html) :

> Hello, Hi, 
> up to this day, I always rooted my phone and installed replicant as a 
> first step, but I encountered a strange behaviour after installation 
> on a GT-I9100 which persuades me to do a full backup before modifying 
> anything. 
> 
> Since I failed to use "adb shell" on my device which is non-rooted, 
> do you know any way to make some backup of a stock ROM? Regards, The issue is that, as I understand, the Samsung bootloaders doesn't let you dump the partitions: to load your code, you need to flash either the recovery partition or the boot partition. 

So you can flash a recovery that gives you access to the full internal storage (eMMC) either on the boot or recovery partition, but then the partition is erased in the process. 
So if you don't need the stock recovery, having a full backup can be done with something like: $ adb shell "cat /dev/block/mmcblk0" > backup-mmcblk0.img 
You'll have to check that the internal Storage(eMMC) is mmcblk0 and not mmcblk1 otherwise change the command accordingly. The 

Replicant 6.0 recovery may not work for that because as I understand, they will refuse to let you have a shell under ADB unless you already have the authorization to do so under Replicant. 

So you could try to enable adb on the stock OS first, or try to make use a Replicant 4.2 recovery. If none of that work you could try another recovery or to make your own. 
The most famous standalone recovery is called twrp and they seem to have signatures and corresponding source code: 
- https://twrp.me/faq/pgpkeys.html 
- https://github.com/TeamWin 
However I didn't check if everything was fully free software or not. 

I think it would be easier if Replicant also had 'debug' recoveries for such uses cases. 

I've seen a stock OS refusing to upgrade if the device is 'rooted'. 
The device was rooted with an apk, which also changed the recovery. 
This persisted after the 'reset to factory', so it might be because it detected a different recovery, or for other reasons. 

There are several ways to workaround the inability to dump one of the partitions: 
1) Use an application that roots your device without touching the filesystem or replacing anything. Then you could easily dump the recovery (cat /dev/block/platform/*/by-name/RECOVERY 
   There is a list of such applications here: https://www.xda-developers.com/root/ 
   Some seem to have corresponding source code on github, however I've not looked yet in depth which ones are trustworthy, and what they do beside giving the user root access. A solution for that would be to package some of such applications in f-droid and describe exactly what they do. 
2) Use a bootloader exploit. So far here are the one I know of: 
- There is code that uses a bootloader exploit to gain code execution in the bootloader, in order to repair dead internal storage (eMMC): 
  The detail are here: https://media.ccc.de/v/34c3-8784-emmc_hacking_or_how_i_fixed_long-dead_galaxy_s3_phones https://github.com/oranav/emmc-talk-2017.git 
  And the code is here: https://github.com/oranav/i9300_emmc_toolbox 
- Three is also some details on an exploit for the galaxy S6 here: https://wikileaks.org/ciav7p1/cms/files/cadmium.pdf 
  Here you might be able to load your own boot.img/recovery.img with such code and dump the internal storage (eMMC). 

On devices with fastboot it's way more easy as you can usually just do that: $ fastboot boot recovery.img 
It will then load recovery.img in RAM and boot from it without altering the internal storage (eMMC). You could then dump the internal storage with the adb command mentioned above. 

Denis.

Here is proposal of steps to backup a phone before:

backup PIT:

heimdall download-pit --output GT-I9100-2.pit --verbose  --stdout-errors

Alternatively, a GUI allows to do this as following:

  • install heimdall-frontend (see [[https://redmine.replicant.us/projects/replicant/wiki/ToolsInstallation#Heimdall]])
  • start the device in download mode (home-power-vol. down)
  • launch `heimdall-frontend` command
  • click on "Utilities" tab
  • click on "Detect" button
  • click on "Save as" button and select a directory, then type a filename to which ".pit" will be automatically added
  • click on download button
  • you can also print the pit description by clicking on "Print" button

Backup EFS partition

  • identify EFS partition, depending on your device.
    this partition should be named in the dedicated device page in "Partition" section
    /!\ However, I have a GT-I9100 for which EFS is written to be in mmcblk0p5 but reading `/fstab.smdk4210`, I see mmcblk0p3. [FIXED in wiki]
    Perhaps is this due to the issue https://redmine.replicant.us/issues/1864 ?
# data partition must be located at the bottom for supporting device encryption

/dev/block/mmcblk0p9    /system             ext4      ro,noatime    wait
/dev/block/mmcblk0p7    /cache              ext4      noatime,nosuid,nodev,journal_async_commit,errors=panic    wait,
check_spo
/dev/block/mmcblk0p1    /efs                ext4      noatime,nosuid,nodev,journal_async_commit,errors=panic    wait,
check_spo
/dev/block/mmcblk0p10   /data               ext4      noatime,nosuid,nodev,discard,noauto_da_alloc,journal_async_comm
it,errors=panic    wait,check_spo,encryptable=/efs/metadata
/dev/block/mmcblk0p12   /preload            ext4      ro,nosuid,nodev,noatime    wait

Restart your phone in recovery mode. There is 2 ways to do this:
1. press Vol+, Home, and Power buttons
2. check adb is installed (add a link to the documentation about this) and launch following ADB command:

$> adb shell "cat /dev/block/mmcblk0p<EFS>" > backup_mmcblk0p<EFS>_i9100.img

where mmcblk0p<EFS> is the EFS partition.

RE: steps to follow BEFORE installation - Added by Fil Lupin about 6 years ago

I will put here the results of my research.

First step is to identify and document a method to backup all partitions of a new device. One should be root on an unmodified (stock) ROM:
- This method should work with libre software to assure it will not execute malicious code. Especially, it should run under GNU/Linux.
- It should be usable with all devices. However at first, I will search for all method usable for GT-I9300 which is the one I have.

Here are some methods I read about:
- Framaroot (https://forum.xda-developers.com/apps/framaroot/root-framaroot-one-click-apk-to-root-t2130276): does not work for all android version
- Towelroot (https://towelroot.com/): need internet connection
- CF-Auto-Roots (https://forum.xda-developers.com/showthread.php?t=1980683): just for Samsung, but deprecated (https://autoroot.chainfire.eu/), it depends on the device model and baseband, and it is replaced by https://desktop.firmware.mobi/
- firmware.mobi (https://forum.xda-developers.com/android/development/firmware-mobi-t3675896): replaces CF-Auto-Root, it needs to flash partitions
- Magisk (https://www.xda-developers.com/how-to-install-magisk/): needs android 5+
- Kingroot (https://forum.xda-developers.com/android/apps-games/one-click-root-tool-android-2-x-5-0-t3107461): bad reputation on XDA forums, not tested. It collects IMEI of the phone and send it online somewhere.
- heimdall (https://forum.xda-developers.com/showthread.php?t=755265): it can print PIT (partition table) and flash partition, perhaps is it possible to get the partition? In fact, this is theoretically possible but practically impossible (https://github.com/Benjamin-Dobell/Heimdall/issues/402)

EDIT: After searching, I did not find any method working on all devices to allow to backup a device's partitions without flashing it to get root.
Moreover, I found several posts assuring this is not possible for GT-I9300 (see B.6. in https://forum.xda-developers.com/showthread.php?t=723596) in a software way.

RE: steps to follow BEFORE installation - Added by Kurtis Hanna about 6 years ago

This might be an extreme option, but I outlined a potential way that you can backup every partition on the eMMC by shorting a resistor on the devices motherboard and booting off of an external SD card that has Replicant 4.2 recovery which allows adb backup (and not just adb sideload like in the Replicant 6.0 recovery) in this email: https://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20180903/001634.html

RE: steps to follow BEFORE installation - Added by Fil Lupin about 6 years ago

Thank you for the idea. It sounds interesting... but I am very confident in my lake of talents for soldering so I think I will not test it. ^^
I would be very curious however to know if it can work.

RE: steps to follow BEFORE installation - Added by Fil Lupin about 6 years ago

On GT-I9300 (Samsung Galaxy S3), it seems the only way to get root is to flash recovery partition.
First step should then be to get a recovery partition which will not harm the device before installing it on device.
What I mean here is one should not only checking integrity of the downloaded file by checking MD5 signature but also checking that recovery partition will do what it is made for and only this.
In my point of view, this is exactly the same logic behind using libre software: to get maximum control on what the device can do.

Some websites allow to download firmware but I do not know how to guaranty those firmware authenticity.
Since I am not an expert, I hope someone can let me know how to do this.

Another way to get flash recovery and get root could be to boot a temporary recovery on SDCard as suggested by Kurtis Hanna. I did not test this solution.
Since the goal is just to get a recovery partition dump, one could then flash the recovery partition with TWRP (https://www.xda-developers.com/how-to-install-twrp/ and https://www.xda-developers.com/how-to-install-twrp/) which is GPL (https://github.com/omnirom/android_bootable_recovery/).

EDIT: several websites propose official firmwares, however, one has to know they are not affiliated to official device constructor so one can only trust them:

RE: steps to follow BEFORE installation - Added by Daniel Kulesz almost 6 years ago

There used to be a free and open source Android rooting toolkit which I used in the past on a Sony device. However, it seems like the toolkit and its exploits did not see any updates after ~2015. Not sure if one of the exploits could be used for rooting the i9300:

https://github.com/android-rooting-tools

Personally, before using one of those closed-source rooting solutions I would rather do without a backup.

RE: steps to follow BEFORE installation - Added by Fil Lupin over 5 years ago

Daniel Kulesz wrote:

There used to be a free and open source Android rooting toolkit which I used in the past on a Sony device. However, it seems like the toolkit and its exploits did not see any updates after ~2015. Not sure if one of the exploits could be used for rooting the i9300:

https://github.com/android-rooting-tools

Personally, before using one of those closed-source rooting solutions I would rather do without a backup.

You mean you would rather do a backup before using one of those closed-source rooting solution?
I'm a 100% with you. However, as I said upside, I did not find any solution 100% FLOSS backup software without rooting its device. :(

RE: steps to follow BEFORE installation - Added by Daniel Kulesz over 5 years ago

Yes, but if the device is that old, the mentioned open source rooting solutions might be an option, especially if the device has not been upgraded to the latest firmware of the manufacturer yet.

RE: steps to follow BEFORE installation - Added by Fil Lupin over 5 years ago

I hoped so, but sadly, it didn't work on my GT-I9300 with android 4.3.

RE: steps to follow BEFORE installation - Added by Fil Lupin over 5 years ago

I updated the instructions to backup PIT and EFS partition.

    (1-10/10)