Cool man thanks for your findings just got mobile Odin pro so I'll see how she gos lo
Have you flashed any themes or anything?
Sent from my SGH-T999 using Xparent ICS Tapatalk 2
[INFO][RESEARCH] JB Flash Counter, Triangle Away
- Thread starter DocHoliday77
- Start date
Cool man thanks for your findings just got mobile Odin pro so I'll see how she gos lo
Have you flashed any themes or anything?
Sent from my SGH-T999 using Xparent ICS Tapatalk 2
No not yet, actually dropped my phone yesterday so waiting for a new one tomorrow. Using hercules again and it sucks lol
Sent from my SGH-T989 using xda app-developers app
Man that sux my b wife still uses the ol Hercules
Sent from my Nexus 7 using xda premium
Man that sux my b wife still uses the ol Hercules
Sent from my Nexus 7 using xda premium
Should I ota update then root? Or just Odin route 66?
Sent from my SGH-T989 using xda app-developers app
Any advice on clearing the modified status even after restoring stock completely. In settings> status not download mode. I can no longer check for updates. It just keeps spinning. Normally it would say no updates available.
Sent from my SGH-T999 using xda app-developers app
Sent from my SGH-T999 using xda app-developers app
Used triangle away to clear to zero. Then Odin to stock firmware. Then factory reset. Verified flash counter is at zero and everything is stock except the status still shows modified. I've done it more than a few times since I keep rerooting to try ROMs out. I root with cf root method by the way. And use cwm recovery.
Sent from my SGH-T999 using xda app-developers app
Anyone successfully reset the status notification?
Sent from my SGH-T999 using xda app-developers app
Sent from my SGH-T999 using xda app-developers app
Did some research and found out that one method is to do another factory reset after Odin . or you if wish you keep root us cf root then restore a stock backup with cwm and it should also have the same results. will try today hopefully. Unless someone actually chimes in.
Sent from my SGH-T999 using xda app-developers app
Sent from my SGH-T999 using xda app-developers app
I think it will show modified as long as you have a custom recovery on your phone (cwm).
You would have to flash the original recovery back too.
Basically this is only good if you are UN-rooting and going back to full stock.
Not sure at all but that is my impression.
Sent from my SGH-T999 using xda premium
You would have to flash the original recovery back too.
Basically this is only good if you are UN-rooting and going back to full stock.
Not sure at all but that is my impression.
Sent from my SGH-T999 using xda premium
I've gone through this whole thread and I haven't found my situation, so bear with me.
I have a Sprint Galaxy Note 2 which I rooted and installed a custom recovery (before I knew about allshare cast dongle incompatibility that would follow). I have the stock rom though, and I've tried triangle away and I can never get the counter to 0. Also, I've checked it right after in download mode and it keeps saying 1.
Just wondering if anyone has any idea what might be causing it.
After reading this thread, I'm getting more the feeling that it's pretty permanent once you trip it once.
Also, thanks for providing such useful information!
I have a Sprint Galaxy Note 2 which I rooted and installed a custom recovery (before I knew about allshare cast dongle incompatibility that would follow). I have the stock rom though, and I've tried triangle away and I can never get the counter to 0. Also, I've checked it right after in download mode and it keeps saying 1.
Just wondering if anyone has any idea what might be causing it.
After reading this thread, I'm getting more the feeling that it's pretty permanent once you trip it once.
Also, thanks for providing such useful information!
I've gone through this whole thread and I haven't found my situation, so bear with me.
I have a Sprint Galaxy Note 2 which I rooted and installed a custom recovery (before I knew about allshare cast dongle incompatibility that would follow). I have the stock rom though, and I've tried triangle away and I can never get the counter to 0. Also, I've checked it right after in download mode and it keeps saying 1.
Just wondering if anyone has any idea what might be causing it.
After reading this thread, I'm getting more the feeling that it's pretty permanent once you trip it once.
Also, thanks for providing such useful information!
When you open triangle away, does the app say your binary count is 1? Is super user granting TA root permissions?
If everything is normal, you might want to try asking in Chainfire's Triangle Away thread.
Sent from my SGH-T999 using Tapatalk 2
I've gone through this whole thread and I haven't found my situation, so bear with me.
I have a Sprint Galaxy Note 2 which I rooted and installed a custom recovery (before I knew about allshare cast dongle incompatibility that would follow). I have the stock rom though, and I've tried triangle away and I can never get the counter to 0. Also, I've checked it right after in download mode and it keeps saying 1.
Just wondering if anyone has any idea what might be causing it.
After reading this thread, I'm getting more the feeling that it's pretty permanent once you trip it once.
Also, thanks for providing such useful information!
What are you trying to accomplish? Did you want to get back to stock with the counter at zero? or are you trying for the green field of having a rooted rom and have the counter at zero?
Just an idea
what if you were to move your root.apk's to the system partition as a system app, then possibly this would not happen, i think you are right it looks for apps running as root, but i think it more likely it looks for user apps running as root, my theory on this is simply based on my ASUS TF300T. while its not rooted ASUS did include one or a few system apps that would otherwise need root to properly function as a user app, which means the app would still need root access as a system app, but because it is a system app it allows limited root access to the system and the specific root utilities or commands it needs to do its job( im talking about the ASUS App Backup.apk it will backup any app i have, paid, unpaid it doesnt matter, it will even backup system apps) because without rooting the device, the app cannot be modified by the non-root user only by the system or by an update from ASUS, leaving its root functions to be safe for the system, because it cannot modify certain root privileges that would break the system. and still does not allow root privileges to the user. this was when i got it my absolute favorite thing about my tab, it seems to have some sort of hybrid system/user root that has only a few user input options allowed by the app, but the app itself depending on the user input has root access.
As many of you already know, with our recent official Jelly Bean release came a new, updated flash counter. With ICS we were able to either just root via the root66 method and not trip the counter, or we could just use Chainfire's Triangle Away app to reset it. This is no longer the case. Now, with JB, unless our firmware meets a very strict set of conditions, it will trip the counter every time you reboot the device. If you simply just flash the root66 firmware, and do nothing else beyond that, you will not raise your count. But then, whats the point of rooting???
DON'T PANIC!
We can still zero it out for Warranty returns! The biggest issues arise when you want to utilize certain apps and/or services such as All Share Cast, Media Hub and other Samsung apps. For example, if you have purchased the $100 equipment, the All Share Cast Hub, it will not work! Additionally, DRM protected content may not play anymore. (Probably just applies to DRM protected media you got from Samsung, but this needs verification). For example, if you got to download the Avengers a couple of months ago, it will not play, even though it is perfectly legal to do so!
So are we able to get around this? Yes and No, for the moment. There are at least 2 separate detections going on. One is done post-boot, using the SysScope app. If you remove this from /system/app/ you will be able to install a custom recovery, and probably also a kernel and another modem without tripping the counter! I have yet to see any negative side effects from removing this app, so until I find more info proving otherwise, I suggest backing it up and deleting it. Hopefully Chainfire will decide to update Triangle Away to counter the updated detection. He may not though. Please read what he has to say about it here.
This does not solve the whole problem though. There is still another method Samsung coded in to detect if your system has been modified. I am not sure yet what is responsible fot this. But if you were to simply deodex your rom, it will begin tripping the counter at boot again! (It may not be the deodexing that is trigging it though, I believe it is also scanning for any processes that are running with root privledges that should not be there, and it may also have to do with busybox). Either way, if you are running pretty much any kind of custom rom, it will retrip the counter at bootup. This method is different in that it happens during boot, not after, and it does not look at recovery, and probably not at kernel or modem either. It appears to look specifically at the system partition for anything not stock. I am trying to narrow this down.
Because the other 2nd part seems to happen during bootup, I think that Chainfire's paid version may be able to help here. If you purchase it on the Play Store, it will have enabled the ability to Auto run at boot. Since SysScope is now removed, I dont think any detections are running post-boot anymore, meaning Auto run from Triangle Away should work. I do not have the paid version to test with right now. But I will try and test this soon.
I am fairly certain that the rest of the detection process is running either from the kernel, or from a completely separate partition. It is going to require quite a few flashes and test to narrow it down for sure. So if you guys will report your experiences with it, particularly on different kernels, I would be greatly appreciative.
As I find and/or remember more about this, I will update it here. If anyone has any other information about this, please do post it here! Any help, tips, info, etc that you can provide can be very helpful!
I hope this all made sense to you guys! I will go back and clarify some stuff a little later, but Ive got a 6 year old kid going stir crazy waiting on me to be done with this! I wanted to go ahead and get something up though to get the conversation started! I will also post some links to some information later on.
In the meantime, you can Odin back to ICS build UVALJ4, and then flash your roms from there...yes even the JB ones! I hate saying that after suggesting to Odin flash the JB update, but if you have anything not working because of this, it may be your best option temporarily.
Otherwise, delete SysScope from /system/app! And keep Triangle Away handy!
I will continue doing a lot of testing and trying to investigate this problem. But I do appreciate any help that you guys can give!
Hopefully, with a little luck we can figure this out! :highfive:
what if you were to move your root.apk's to the system partition as a system app, then possibly this would not happen, i think you are right it looks for apps running as root, but i think it more likely it looks for user apps running as root, my theory on this is simply based on my ASUS TF300T. while its not rooted ASUS did include one or a few system apps that would otherwise need root to properly function as a user app, which means the app would still need root access as a system app, but because it is a system app it allows limited root access to the system and the specific root utilities or commands it needs to do its job( im talking about the ASUS App Backup.apk it will backup any app i have, paid, unpaid it doesnt matter, it will even backup system apps) because without rooting the device, the app cannot be modified by the non-root user only by the system or by an update from ASUS, leaving its root functions to be safe for the system, because it cannot modify certain root privileges that would break the system. and still does not allow root privileges to the user. this was when i got it my absolute favorite thing about my tab, it seems to have some sort of hybrid system/user root that has only a few user input options allowed by the app, but the app itself depending on the user input has root access.
Similar threads
- Locked
Top Liked Posts
-
There are no posts matching your filters.
-
29
As many of you already know, with our recent official Jelly Bean release came a new, updated flash counter. With ICS we were able to either just root via the root66 method and not trip the counter, or we could just use Chainfire's Triangle Away app to reset it. This is no longer the case. Now, with JB, unless our firmware meets a very strict set of conditions, it will trip the counter every time you reboot the device. If you simply just flash the root66 firmware, and do nothing else beyond that, you will not raise your count. But then, whats the point of rooting???
DON'T PANIC!
We can still zero it out for Warranty returns! The biggest issues arise when you want to utilize certain apps and/or services such as All Share Cast, Media Hub and other Samsung apps. For example, if you have purchased the $100 equipment, the All Share Cast Hub, it will not work! Additionally, DRM protected content may not play anymore. (Probably just applies to DRM protected media you got from Samsung, but this needs verification). For example, if you got to download the Avengers a couple of months ago, it will not play, even though it is perfectly legal to do so!
So are we able to get around this? Yes and No, for the moment. There are at least 2 separate detections going on. One is done post-boot, using the SysScope app. If you remove this from /system/app/ you will be able to install a custom recovery, and probably also a kernel and another modem without tripping the counter! I have yet to see any negative side effects from removing this app, so until I find more info proving otherwise, I suggest backing it up and deleting it. Hopefully Chainfire will decide to update Triangle Away to counter the updated detection. He may not though. Please read what he has to say about it here.
This does not solve the whole problem though. There is still another method Samsung coded in to detect if your system has been modified. I am not sure yet what is responsible fot this. But if you were to simply deodex your rom, it will begin tripping the counter at boot again! (It may not be the deodexing that is trigging it though, I believe it is also scanning for any processes that are running with root privledges that should not be there, and it may also have to do with busybox). Either way, if you are running pretty much any kind of custom rom, it will retrip the counter at bootup. This method is different in that it happens during boot, not after, and it does not look at recovery, and probably not at kernel or modem either. It appears to look specifically at the system partition for anything not stock. I am trying to narrow this down.
Because the other 2nd part seems to happen during bootup, I think that Chainfire's paid version may be able to help here. If you purchase it on the Play Store, it will have enabled the ability to Auto run at boot. Since SysScope is now removed, I dont think any detections are running post-boot anymore, meaning Auto run from Triangle Away should work. I do not have the paid version to test with right now. But I will try and test this soon.
I am fairly certain that the rest of the detection process is running either from the kernel, or from a completely separate partition. It is going to require quite a few flashes and test to narrow it down for sure. So if you guys will report your experiences with it, particularly on different kernels, I would be greatly appreciative.
As I find and/or remember more about this, I will update it here. If anyone has any other information about this, please do post it here! Any help, tips, info, etc that you can provide can be very helpful!
I hope this all made sense to you guys! I will go back and clarify some stuff a little later, but Ive got a 6 year old kid going stir crazy waiting on me to be done with this! I wanted to go ahead and get something up though to get the conversation started! I will also post some links to some information later on.
In the meantime, you can Odin back to ICS build UVALJ4, and then flash your roms from there...yes even the JB ones! I hate saying that after suggesting to Odin flash the JB update, but if you have anything not working because of this, it may be your best option temporarily.
Otherwise, delete SysScope from /system/app! And keep Triangle Away handy!
I will continue doing a lot of testing and trying to investigate this problem. But I do appreciate any help that you guys can give!
Hopefully, with a little luck we can figure this out! :highfive:
17Wow, this entire thread, and from reading it I think there's not actually a single thing ' figured out' that wasn't already known. All of this has been discussed in the Triangle Away thread and if any questions had remained I could have answered them.
There are various levels of detection going on in the very newest devices:
ODIN
Flashing with ODIN/Heimdall (not Mobile ODIN) goes through SBL, which checks signatures during flash, and if the signatures do not indicate a Samsung build, increase the flash counter.
Boot check
The bootloader checks the kernel and recovery every time you boot them (it will check kernel when you boot kernel, recovery when you boot recovery), and if they are not Samsung-built, will increase a 0 counter to 1 (it will not increase a 1 counter to 2, etc)
SysScope
SysScope runs on the device and scans for unwarranted root processes, and if found sets System to Modified (in the bootloader, not in Settings!). This one influences DRM - at least on the Exynos systems. I don't have a Qualcomm-based Samsung so it may be slightly different there. If SysScope is present and working on the device, Triangle Away will attempt to abuse it to reset the System status to Official, and then disables the SysScope scanning process.
Settings
The System status in Settings is actually a second scanning process embedded directly into the framework code. It's pretty much a copy/paste of SysScope. This one decides whether or not OTA will work as I understand it. There is no reliable cross-device way to disable this one (though I am still working on it, with high priority - it *is* possible), but if you're making a custom ROM obviously you can just rip the offending classes out of the framework.
---------------
Now, if you take all the above into account, you get the following:
- You can use Triangle Away to *reset* to 0
- If you want your counter to *stay* at 0, you need to be running official kernels and recoveries (this is why I have moved away from CWM/TWRP and only use Mobile ODIN now)
- You need to use Triangle Away to disable SysScope or remove it yourself (but if you remove it System status in the bootloader will not be reset)
- Your system partition contents don't matter as long as SysScope isn't running
Full reset for warranty purposes can be done the following way (depending on your current device state you may skip several status, but this should always work):
- Flash a full stock firmware + data wipe
- Root it
- Run Triangle Away to reset everything
- Immediately after Triangle Away boot into Download Mode
- Flash a full stock firmware + data wipe
Also, using Mobile ODIN does *not* trip the flash counter even if flashing a ZIP file - *unless* something in that ZIP triggers the counter (like a custom kernel or recovery).13Hey everyone! Sorry I haven't been on much the past few days. Barely been able to jump on to even read a little! Anyway, I have more consistent, better tested results to share real quick. I will update the OP with this info as well, probably tomorrow or the next day, depending on life!
First, let me clear up that I was mistaken on two of my earlier claims: 1. SysScope is NOT triggering the flash counter. While it is still related to device modification detection, it is not increasing the counter at each boot.
2. Using a deodexed Rom will NOT trigger the flash counter at each boot.
From what I can tell, they both will contribute to the Status in Settings > About Device, reporting as Modified. I am starting to think this may also have an impact on some of the DRM issues people have been experiencing. I cannot say definitively yet, though.
So after realizing there were a few things I had failed to consider, and noticing that my testing yesterday was netting significantly different results than before, I decided today to start from scratch, with nothing but an unmodded system (except for root of course) and work my way, one change at a time, to a modified, deodexed Rom.
Here is what I've found so far:
- Installing custom recovery using Goo/Rom Manger app, the install will not trip the counter. Rebooting the phone will not trip the counter. But rebooting into custom recovery DOES trip the counter.
- Flashing custom recovery via Mobile Odin (using just the recovery.img), phone will auto reboot into recovery immediately after flash, which will trip the counter. (Judging from other instances, Mobile Odin is not tripping the counter when used this way, its being triggered by the reboot into recovery)
- Flashing stock recovery via Mobile Odin (using just the recovery.img), phone will auto reboot into recovery immediately after flash, but it will NOT trip the counter.
- Flashing stock kernel via Mobile Odin (using stock full fw file) did NOT trip counter
- Flashing stock kernel via Mobile Odin (using just the boot.img) did NOT trip counter
- Flashing stock kernel via Mobile Odin (using flashable .zip file) DOES trip counter
SO...Mobile Odin will flash individual partition images and also from the stock firmware without tripping the counter, but if used with a recovery .zip file, it will trip the counter. Could be helpful to know later....
Deodexed Roms do not trigger the counter on each boot. However, custom kernels do re-trigger the counter EVERY bootup. If you are using a custom Rom, but keep the pure stock kernel on your phone, it will not trip the counter.
Custom Recoveries will not trigger the counter on each boot. However, any time you boot into the custom recovery, it will trip the counter.
In short, it appears the primary triggers for tripping the flash/binary counter are Custom Kernels during normal bootup, and Custom Recoveries only when booting into Recovery.
If you use Mobile Odin, flashing either individual partitions, or firmware .tar files will not trip the counter. Mobile Odin will trip the counter when using it as a custom recovery and flashing a .zip file.
SysScope, while related to modification detection, is NOT the cause of the counter being tripped.
The counter does not appear to ever go above "1", regardless of how many times you boot up on a custom kernel, or how many times you reboot recovery, or flash a .zip in recovery. It most likely will still increase further by flashing non-official firmware in PC Odin (just like we've become used to with ICS). I will try to test this tomorrow, unless someone else would like to give it a go for me!
Download Mode reports the following on my current setup; Deodexed, CIQ removed, Custom Kernel, TWRP.
Custom Binary Download: Yes (1 Counts)
Current Binary: Custom
System Status: Official
Qualcomm Secureboot: Enable
We CAN still go back to full stock unrooted without a tripped counter using Triangle Away, so those that were worried about that part of it, need not worry. Ive decompiled several apps to try and figure out why some things no longer work. No luck so far, but I am looking. If anyone knows how to convert our .mbn partition files into a raw readable format, please share! I think this would be of great help! Otherwise I guess we can just examine the source code to see if we can find it there.
I will post back with more later. Thanks everyone for all of your input!6
From feedback I've gotten from other users (though these things may vary slightly from device to device, seeing as you're even using a completely different chipset than the devices I have, which are all Exynos), as in my country none of these DRM-based services are even available, the counter needs to be 0, the status has to be official and system also has to be official for DRM content to work.
If somebody is able to set up a special account for me on some DRM service and load it up with a test movie, so I can actually test all this myself, I would be happy to do so.
Not sure how libcordon fits into this. I think if you actually remove it, that may have adverse consequences. I'm not completely sure, when I tested all this in detail libcordon was not actually present as a separate library, it only existed inside SysScope (which it still does as well).
I guess I'd need to do some further testing to see if the "embedded" SysScope now also updates the System status (it certainly did not used to) in the bootloader.
Are you running Pro ? If Mobile ODIN Pro triggers the counter, it automatically resets it. It does this regardless of what you're flashing (a firmware, a kernel, a ZIP file - it'll do it with any of those). As such, your counter will "stay" 0 unless whatever you flash causes the counter to be tripped *again*.
You should note that the act of booting into Triangle Away's special mode itself triggers the flash counter on this device (as documented in about 15 places), so if you're using T/A to actually check the counter being 0, that won't work4
Yes, in the event you have to send it in for warrany service, you can set everything back to stock with zero flash count. It requires doing things in a certain order, but can be done. Biggest issue here is theres no set it and forget it like before, so if something happens to make the device inaccessible (other than hard brick), itll make it more difficult to set it back to stock before sending it in. In ICS you only had to worry about Odin flashing the stock fw, provided you kept you counter at zero.
Ill post instructions on all of this later.
There are two things im concerned about though. First is if there is any other new detection methods we havent found (not likely, but I still wonder about when its coming more than if), and second is it really just the Samsung related apps that it screws with, or is it all drm protected media in general?
I could be wrong but I just cant see why Sammy woulda done this intentionally, as in, I wonder if this problem is an unintended side effect they didnt see coming? I just dont see a reason to intentionally break features because you want to customize the device. Especially when its the one manufacturer thats been somewhat developer friendly in the past. If they really wanted to stop us theyd have locked down their bootloaders like HTC and Verizon! But to literally punish some of their most intelligent users (and reviewers) by taking away functions makes no sense to me at all. (Especially when its content we paid for....usually!) And not to mention it guarantees we wont be buying it from Samsung....its just not good business!
I hope all that made sense, but as i stated, my original point is that I dont know yet if it does ONLY break Samsung apps, or if itll create a problem with all DRM protected content.
If any of you are willing to try, let me know please if ANY drm content (including stuff from Samsung) will play while having a tripped counter. Also, see if any of it will work while the counter is at zero, but the status in settings says modified.
Thanks again to everyone for all your feedback, and as always if youve seen something different from what ive stated, please let us know!
Sent from my SGH-T999 using xda premium
New posts
-
Development [ROM][13][OFFICIAL] PixelOS [AOSP][STABLE][06/07/2023]- Latest: fersouza777
-
[Hisense a9] Root - Reward Offered (Snapdragon 662)- Latest: idonotbelonghere
-
-
