looks awesome 🙂

update: how to root with Magisk and install a firewall (scroll down and behave – slave of the digital dictatorship!)

„Pretty much everything you do on the phone is data-mined by Google. The mic is on listening most of the time (waiting for OK Google), it’s always monitoring WiFi and/or GPS, email and text get indexed, all your images get sent to the cloud (if you opt-in), etc. This is very standard for Google. Google uses this data for advertising (this allows them to offer you these services for ‚free‘) and to make its services more convenient for the user (easily search emails, Google Maps knows what traffic is like, etc.). For many, it’s an unacceptable invasion of privacy.“ (src: reddit.com)

CopperOS no? GrapheneOS!

Some relevant links, for people who missed the continuation of the projects:

 

the cool thing, you can do this completely from linux now 🙂

you will need those files:

bootloader-angler-angler-03.84.img

platform-tools_r28.0.1-linux.zip

(for osx and windows look here)

twrp-3.2.3-0-angler.img (take latest)

cat twrp-3.2.3-0-angler.img.sha256
dd2b460fea75cfe1a846f2dac75e641aab378cca48b27e12bbe311a4e2b678f4 twrp-3.2.3-0-angler.img

lineage-15.1-20190224-nightly-angler-signed.zip

cat lineage-15.1-20190224-nightly-angler-signed.zip.sha256sum
ff569c9369f0138e87661fc5cb54fb8aee5b316930fff05341597d43eb77a3b6 lineage-15.1-20190224-nightly-angler-signed.zip

radio-angler-angler-03.88.img

vendor-angler-opm7.181205.001.img

(it is said you can extract the very latest radio vendor bootloader img from official google zip here)

before you precede: backups! backups! backups!

if this is not a „virgin“ device, you shall backup all your:

  • pictures (simply attach an Anker USB-C to your PC / Laptop, enable File-Transfer-Mode at the Mobile and copy and paste)
  • contacts (how to export more than 500 contacts at a time to file.vcf)
  • AND APPS!
    • YES YOU CAN EXPORT/BACKUP YOUR APPS into App.apk WITH the very cool App:
    • AppExtractor.apk
    • sha256sum 704657cce87448ef0b8fb853c49886a5353c6349ab5720bc86dd541b6900b9f1
    • sha512sum fcc8988088ec852ef8e57d094428b0299f0484cb23fde0efed12289a50882c9a469d3d8720a7feea7637e8654cdd1a83f5891d0a773c11d3ca51ceadf556ca8e

(and backup them to your PC/Laptop)

not exactly sure if this is the same app: https://f-droid.org/en/packages/axp.tool.apkextractor/

how to:

# you need to work as root
unzip platform-tools_r28.0.1-linux.zip;
mkdir $HOME/adb-fastboot;
mv platform-tools_r28.0.1-linux $HOME/adb-fastboot/platform-tools
export PATH="$HOME/adb-fastboot/platform-tools:$PATH"

# test
adb --version
Android Debug Bridge version 1.0.40
Version 4986621
Installed as /root/adb-fastboot/platform-tools/adb

# connect to wifi and apply all vendor updates
# avoid this hazzle of: (you can skip those steps later!)
# fastboot flash radio radio-angler-angler-03.88.img
# fastboot flash vendor vendor-angler-opm7.181205.001.img 
# fastboot flash bootloader bootloader-angler-angler-03.84.img 
# tap the build number 7x times to unlock developer mode
# enable USB debugging

# put a screen lock pin
# this pin will be used to encrypt your harddisk, which android now does per default
# step is necessary because alternative bootloader TWRP will not be able to access or write to encrypted partitions

# connect device via usb cable to pc (i would use usb 2.0 port)
# upload rom to device under this folder: /sdcard/lineage-15.1-20190224-nightly-angler-signed.zip

# power off device
# now hold down power and volume+down
# you should now see the bootloader

adb start-server
adb devices
List of devices attached
ENUSERIALOFDEVICE	device

adb reboot bootloader
fastboot devices
ENUSERIALOFDEVICE	fastboot

fastboot flashing unlock
(bootloader) Device already unlocked!
FAILED (remote: '')
Finished. Total time: 0.017s

fastboot devices
# go where you downloaded the files
cd /run/media/root/SOFTWARE/ANDROID/NEXUS_P6/
# crc check
sha256sum -c twrp-3.2.3-0-angler.img.sha256
twrp-3.2.3-0-angler.img: OK

# flash alternative bootloader to device
fastboot flash recovery twrp-3.2.3-0-angler.img
Sending 'recovery' (16816 KB)                      OKAY [  0.469s]
Writing 'recovery'                                 OKAY [  0.245s]
Finished. Total time: 0.741s

fastboot reboot-bootloader
adb devices
List of devices attached
ENUSERIALOFDEVICE	recovery

# this way you can upload rom.zips even when the device is not fully booted
adb push lineage-15.1-20190224-nightly-angler-signed.zip /sdcard/lineage-15.1-20190224-nightly-angler-signed.zip
lineage-15.1-20190224-nightly-angler-signed.zip: 1 file pushed. 8.8 MB/s (445945632 bytes in 48.171s)

# YOU SHOULD NOT NEED THIS STEP
# IF YOU UPDATED YOUR DEVICE TO LATEST STOCK FIRMWARE!
fastboot flash radio radio-angler-angler-03.88.img
Sending 'radio' (48728 KB)                         OKAY [  1.823s]
Writing 'radio'                                    OKAY [  2.163s]
Finished. Total time: 4.010s

fastboot reboot-bootloader
rebooting into bootloader                          OKAY [  0.010s]
Finished. Total time: 0.060s

fastboot flash vendor vendor-angler-opm7.181205.001.img 
Sending 'vendor' (192577 KB)                       OKAY [  5.728s]
Writing 'vendor'                                   OKAY [  3.378s]
Finished. Total time: 9.132s

fastboot reboot-bootloader
rebooting into bootloader                          OKAY [  0.013s]
Finished. Total time: 0.063s

fastboot flash bootloader bootloader-angler-angler-03.84.img 
Sending 'bootloader' (3554 KB)                     OKAY [  0.568s]
Writing 'bootloader'                               OKAY [  0.206s]
Finished. Total time: 0.802s

# now select recovery and press power button to select
# you should see the TWRP alt boot loader asking your for pin to unlock encrypted partition

# go to wipe -> advanced -> wipe system partition

# go to install -> select rom you uploaded to device
# hit install :)

# wipe dalvik cache and cache

# reboot and lineageOS should ask you for your pin

screenshots are done like this: push and hold both the power button and the volume down key at the same time. Push both at exactly the same time, hold for a moment, and let go

fix No Sim Card Detected:

This has been happening on many custom ROMs.

An easy fix is to go to security settings and change screen lock to swipe or none, then reboot.

That will remove the device protection that caused the no sim problem.

After the reboot, the problem is fixed and won’t happen anymore.

Then you can go back into security settings and change it back to whatever screen lock option you want.

how do i install Apps on my device if without using Google’s PlayStore?

you can use the vey cool indeed „Open Source Only“ App-Store

https://f-droid.org/FDroid.apk

or simply copy back your AppExtractor.apk exported Apps to your Nexus and install them.

how to root:

go into recovery mode:

  • power phone off
  • hold down power and volume+down
  • chose „recovery mode“ via volume buttons
  • you should be TWRP boot loader
  • install the .zip Magisk-uninstaller-20190501.zip
  • looks like this:
  • reboot
  • apply privacy enhancing front camera tape!

… why all this stress? so you can have a

FIREWALL

WARNING! You will have to allow Teethering in the Firewall! Or you will not be able to use Teethering! (use SmartPhone as Wifi Hotspot/Router to mobile internet)

(thanks to kuketz-blog.de and all involved 🙂

on your mobile device 🙂

why would you want a firewall on android?

to only allow specific devices to communicate with the internet and enhance your privacy.

what is forgotten in this video: you have to hit „BuildNumber“ several times to enable developer mode…

https://github.com/topjohnwu/MagiskManager/releases

„Magisk is a suite of open source tools for customizing Android, supporting devices higher than Android 4.2 (API 17). It covers the fundamental parts for Android customization: root, boot scripts, SELinux patches, AVB2.0 / dm-verity / forceencrypt removals etc.

Furthermore, Magisk provides a Systemless Interface to alter the system (or vendor) arbitrarily while the actual partitions stay completely intact. With its systemless nature along with several other hacks, Magisk can hide modifications from nearly any system integrity verifications used in banking apps, corporation monitoring apps, game cheat detections, and most importantly Google’s SafetyNet API.“

https://github.com/topjohnwu/Magisk/

OpenSource! GREAT 🙂

https://github.com/topjohnwu/Magisk/releases

https://forum.xda-developers.com/apps/magisk/

„Magisk works systemless-ly, and it doesn’t modify or alter your system partition. If you want to install a banking application or if you want to install official OTA updates, and much more. You can install the OTA updates without losing the root privileges, and that is everyone need. They don’t need to root again and again.

Magisk roots your Android device and it is based on phh’s SuperUser. Magisk is an open source rooting solution for Android. If you want to install magisk, then you can do so with the help of Magisk Manager application.

Magisk has Universal Systemless Interface. It means that if you want to create your mod or app, you can do so with the help of magisk. Magisk is mostly same as Xposed Framework and in the Xposed framework, there are different modules which you can install on your device.

Unfortunately, the Xposed framework is not available for Android Nougat. You can use the Magisk Manager on your device, and the Xposed Framework is mixed into it, and you can install some modules on your device with the help of magisk manager. You can hide root from other applications.“

Download Magisk Manager Latest Version 7.2.0 For Android 2019

for windows users:

https://forum.xda-developers.com/nexus-6p/development/toolkit-wugs-nexus-root-toolkit-v2-1-0-t3258493

the SafteyNet: more of a problem than a solution

„However, a modified system partition can become a Problem since Google’s SafetyNet (similar to PC verison of verified/signed programms/Apps/TrustedComputing/SecureBoot/DRM etc.) service was introduced.

see LineageOS stance on SafetyNet.

SafetyNet is intended to detect“ dangerous “ modifications such as Root and is intended to protect the app provider from potential misuse.

Especially when using Custom ROMs or rooted devices SafetyNet is becoming more and more a nuisance.

Among other things, apps such as Netflix, Snapchat, Banking Apps, and so on will deny the service if the SafetyNet Check fails.“

(auto translated from src: kuketz-blog.de)

Similar technology: Microsoft’s SecureBoot

„UEFI Secure Boot is not an attempt by Microsoft to lock Linux out of the PC market here; SB is a security measure to protect against malware during early system boot. Microsoft act as a Certification Authority (CA) for SB, and they will sign programs on behalf of other trusted organisations so that their programs will also run.“ (src: debian.org, well spot the problem here, if „SecureBoot“ has gained 90% market share in UEFI-BIOSES, they (Microsoft) will let the lock click… and that is it for Linux.)

see: EFF stance on TrustedComputing.

Other downloads:

Factory Image
https://dl.google.com/dl/android/aosp/angler-opm7.181205.001-factory-b75ce068.zip
sha256: b75ce068f23a0e793805f80fccbc081eca52861ef5eb080c47f502de4c3f9713
OTA Image
https://dl.google.com/dl/android/aosp/angler-ota-opm7.181205.001-abb36a2f.zip
sha256: abb36a2fddb08501f9a425b19e43200ac4d639bbf4e387bcfff206b28b7024fe

 

admin