FORUMS

[Pie/10] [System-as-root] Multidisabler: encryption, Vaultkeeper, proca, etc.

2,256 posts
Thanks Meter: 3,777
 
Post Reply Email Thread
The multi-disabler started life on the Exynos S10 range, the first Samsung devices to launch with Android 9 (Pie). Since then, it has grown to support a great many Samsung devices running either Android 9 or 10, and with either an Exynos or a Qualcomm SoC at their core. This includes (but is not limited to) the S10 range (G970F/N, G9700, G973F/N, G9730, G975F/N, G9750 and G977B/N), the Note10 range (N970F/N, N9700, N975F/N, N9750, N976B/N and N9760), the A10 - A50 range, the Tab A 10.1 (T510 and T515), the Note20 range (N980F, N981B/N, N9810, N986B/N and N9860), the Tab S6 (T860 and T865), the Tab S7 (T870 and T875), the Tab S7+ (T970, T975 and T976B), the Fold (F900F/N and F907B/N), and the Z Fold2 (F916B/N and F9160). More devices will be added on request.

When flashed onto a compatible device, the multi-disabler will semi-permanently disable a number of device protection features and services that become problematic on a rooted device. Some pose a threat to the rooted state of the device, while others become dysfunctional and generate a flood of log messages. Semi-permanently in this context means that the disablement will persist until re-enabled by the user, for example as a side-effect of flashing new firmware with Odin. You will therefore need to reflash the multi-disabler every time you perform a system-wide firmware update.

The methodology of the multi-disabler is the path of least intervention. This means that for any given device, only those services that must be disabled in order for the device to run smoothly will be tackled.

The following is a list of features disabled by the multi-disabler on Samsung devices launched in 2019:
  • FBE (file-based encryption): Until this is disabled, most versions of TWRP — all for Exynos devices and many for Qualcomm — cannot read files on /data (the userdata partition). You must format /data after disabling FBE. Back up your data first!
  • Vaultkeeper: Magisk now dynamically disables this during boot, but if you boot outside of Magisk, it will return with a vengeance.
  • Process authentication (a.k.a. proca): This service must be disabled in order to use a custom kernel without problems. All devices with TWRP utilise a custom kernel for Android, because the same kernel is shared by Magisk to boot the system.
  • Stock recovery auto-restoration: In certain circumstances, your device will automatically restore its stock recovery partition, overwriting your custom recovery (TWRP). Magisk now also provides dynamic protection against this, but this will not save you if you boot outside of Magisk.
  • wsm: On Android 10, this service prevents Samsung smartwatches from connecting to the Galaxy Wearable app.
  • Extra services are disabled on an as needed per device basis.

Furthermore, when the ZIP file is renamed to contain the string _btfix somewhere in the name and the file is then flashed on a supported Android 10 device, the system's libbluetooth.so library will be patched in situ to prevent the loss of Bluetooth pairings across reboots. This is a recurring issue with rooted Samsung devices. If you apply this feature, then there is no need to use the libsecure_storage companion Magisk module any more. Note that the multi-disabler's support for this solution is limited to a relatively small number of Samsung devices. If you find that patching fails on your device, please refer to Arthur Trouillot's libbluetooth patcher, which supports a wider variety of devices. Note that this patch does not need to be applied to any Samsung device launched with Android 10 in 2020, and any such attempt will be ignored.

The multi-disabler is written in Bourne shell, so you can — and should — audit the code yourself to ensure its safe operation. It's operating on the very heart of your device, so you should not simply trust it.

The code has been written to be idempotent, which means you can safely flash the multi-disabler multiple times without fear of unintended side-effects.

The package is attached to this posting and the code is available on GitHub.
Attached Files
File Type: zip multidisabler-samsung-2.6.zip - [Click for QR Code] (3.9 KB, 8028 views)
The Following 117 Users Say Thank You to ianmacd For This Useful Post: [ View ] Gift ianmacd Ad-Free
9th April 2019, 12:15 PM |#2  
ianmacd's Avatar
OP Senior Member
Flag Amsterdam
Thanks Meter: 3,777
 
More
Change log

v2.6 (2020-10-05)
  • Add support for the North American Z Fold2 (F916U/U1).
  • Add support for the A71 (A715F).
  • Add support for the Note10 Lite (N770F).

v2.5 (2020-09-14)
  • Fix issue of 2019 devices upgraded to OneUI 2.5 (DTH firmware) not booting after flashing.
  • Add failsafe logic for robust mounting of System partition by devices using very recent TWRP builds from the Android 10 branch (e.g. S20, N20, Tab S7 and Z Fold2).
  • Disable cass service on S10 and N10 series devices (required for OneUI 2.5).
  • Added an extra path to files searched for Vaultkeeper service disabling.
  • Added an extra path to files searched for cass service disabling.
  • Added support for the Z Fold2 (F916B/N and F9160).

v2.4 (2020-09-10)
  • Added support for many new 2020 devices, such as the S20 and Note20 ranges, as well as the Tab S7 and Tab S7+ ranges.
  • Fixed mode of patched Bluetooth library to match original.
  • Other minor bug fixes.

v2.3 (2020-04-11)
  • Support Snapdragon-based devices that have been upgraded to Android 10, such as the F900[FN] (Fold), F907[BN] (Fold 5G), T860 (Tab S6) and T865 (Tab S6 LTE), as well as Asian S10 and Note10 models.
  • Improve robustness of libbluetooth patching.

v2.2 (2019-12-13)
  • Disable wsm service to allow Samsung smartwatches to connect to Galaxy Wearable app (thanks to Andrei Seitan).
  • Support optional patching of system libbluetooth.so for retention of Bluetooth pairings across reboots (thanks to Arthur Trouillot).
  • Remove undocumented interactive mode.

v2.1 (2019-12-04)
  • Fix disabling of Vaultkeeper and proca in the vendor interface manifest.
  • Add support for N971N (Korean N10 5G).

v2.0 (2019-11-30)
  • Add support for Exynos-based devices upgraded to Android 10.
  • Add support for T72[05].

v1.7 (2019-10-20)
  • Add generic support for Qualcomm devices.
  • Support the Qualcomm S10 (G9700, G9730 and G9750), Note10 (N9700, N9750 and N9760), Tab S6 (T860 and T865) and Fold (F900F and F907B) ranges.
  • Add support for more Korean (N type) variants.

v1.6 (2019-09-18)
  • Add support for more variants of A50: A505([YG]N|G).
  • Fix A205G detection.

v1.5 (2019-09-13)
  • Added support for A10 - A50 and Tab A 10.1.

v1.41 (2019-08-28)
  • Added support for N976B (Note 10+ 5G).

v1.4 (2019-08-28)
  • Changed regex that caused too much of $ANDROID_ROOT/init.rc to be commented out by some versions of sed(1).

v1.3 (2019-08-18)
  • Updated to work with TWRP 3.3.1-6_ianmacd and later for the S10 range.
  • Added support for Note 10 and Note 10+ F and N model devices.

v1.2 (2019-06-17)
  • Added support for G977B (S10 5G) model devices.

v1.1 (2019-04-22)
  • Fixed stock recovery auto-reflash prevention.
  • Added support for N (Korean) model S10 devices.

v1.0 (2019-04-09)
  • Initial version, supporting F model S10 devices.
Attached Files
File Type: zip multidisabler-samsung-2.6.zip - [Click for QR Code] (3.9 KB, 666 views)
The Following 26 Users Say Thank You to ianmacd For This Useful Post: [ View ] Gift ianmacd Ad-Free
9th April 2019, 03:05 PM |#3  
PiCkLeS's Avatar
Senior Member
Flag Kristianstad
Thanks Meter: 170
 
More
Will this in some way remedy the problem that when powering off the S10, it wont listen to they keycombo to boot into TWRP anymore?

If one is in system, and do a reboot all is fine, it will heed the keycombo and let you into TWRP to do what you want and then reboot->recovery to start system with root.

But as soon as the device is turned completely off, it breaks.
The Following 2 Users Say Thank You to PiCkLeS For This Useful Post: [ View ] Gift PiCkLeS Ad-Free
10th April 2019, 06:10 PM |#4  
Nextasy's Avatar
Senior Member
Flag Berlin and Toronto
Thanks Meter: 46
 
More
Just a question: is this to be flashed after rooting with johnwu magisk root process or which rooting method would u advice?

cheers
The Following 2 Users Say Thank You to Nextasy For This Useful Post: [ View ] Gift Nextasy Ad-Free
10th April 2019, 06:23 PM |#5  
ianmacd's Avatar
OP Senior Member
Flag Amsterdam
Thanks Meter: 3,777
 
More
Quote:
Originally Posted by Nextasy

Just a question: is this to be flashed after rooting with johnwu magisk root process or which rooting method would u advice?

If rooting with Magisk alone and in accordance with John Wu's instructions, this disabler isn't needed. If you're going to use a rooted TWRP image instead of stock recovery, however, then you're probably going to want to flash it.
The Following 12 Users Say Thank You to ianmacd For This Useful Post: [ View ] Gift ianmacd Ad-Free
11th April 2019, 07:46 AM |#6  
Nextasy's Avatar
Senior Member
Flag Berlin and Toronto
Thanks Meter: 46
 
More
So this basically would work for and with the "TWRP for Galaxy S10 Magisk Prepatched by geiti94" and not with John's!?...
After applying this patch and everytime l reboot my devoce it will reboot directly to rooted magisk environment without me going thru' the hassles associated with Johnwu magisk boot procedures?

Thanks for ur time to reply and the mod.

cheers
The Following User Says Thank You to Nextasy For This Useful Post: [ View ] Gift Nextasy Ad-Free
11th April 2019, 08:48 PM |#7  
Senior Member
Flag boston
Thanks Meter: 242
 
More
does the disabler in the twrp thread also need to be applied? or does this replace it?
The Following User Says Thank You to tensux For This Useful Post: [ View ] Gift tensux Ad-Free
12th April 2019, 03:26 PM |#8  
ianmacd's Avatar
OP Senior Member
Flag Amsterdam
Thanks Meter: 3,777
 
More
Quote:
Originally Posted by Nextasy

So this basically would work for and with the "TWRP for Galaxy S10 Magisk Prepatched by geiti94" and not with John's!?...
After applying this patch and everytime l reboot my devoce it will reboot directly to rooted magisk environment without me going thru' the hassles associated with Johnwu magisk boot procedures?

No, this disabler has no effect on the need to hold down keys to boot the recovery partition.
The Following 4 Users Say Thank You to ianmacd For This Useful Post: [ View ] Gift ianmacd Ad-Free
12th April 2019, 03:28 PM |#9  
ianmacd's Avatar
OP Senior Member
Flag Amsterdam
Thanks Meter: 3,777
 
More
Quote:
Originally Posted by tensux

does the disabler in the twrp thread also need to be applied? or does this replace it?

This one effectively supersedes the one in the TWRP thread, because that one disables only FBE encryption, while this disables several other things.
The Following 6 Users Say Thank You to ianmacd For This Useful Post: [ View ] Gift ianmacd Ad-Free
12th April 2019, 03:55 PM |#10  
Senior Member
Flag boston
Thanks Meter: 242
 
More
Quote:
Originally Posted by ianmacd

This one effectively supersedes the one in the TWRP thread, because that one disables only FBE encryption, while this disables several other things.

thanks, i am going to try it again. i have been able to get into twrp on the first try, but it always reboots after the Samsung logo comes up and it looks like its going to boot
The Following User Says Thank You to tensux For This Useful Post: [ View ] Gift tensux Ad-Free
12th April 2019, 04:23 PM |#11  
Senior Member
Flag Vienna
Thanks Meter: 344
 
Donate to Me
More
Quote:
Originally Posted by tensux

thanks, i am going to try it again. i have been able to get into twrp on the first try, but it always reboots after the Samsung logo comes up and it looks like its going to boot

Same here... twrp+multi disabler+format data+wipe cache+soldier's zip (in that order). Everything was fine until I pressed power off. Needed to go all over again... and am wondering if it really pays off of having twrp......
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes