FORUMS
Remove All Ads from XDA
H10 Turbo

[ROM] [UB] Updated February 9, Jaguar Amami LP5.1.1 Hardened Official HyperTool 5.4

5,126 posts
Thanks Meter: 10,267
 
Post Reply Email Thread
This is the Official Jaguar rom for Amami, which is based on AOSP with some flavors from Slim and Dirtyunicorn. The main difference from other roms is the emphasis on security and multiple features. With that in mind , let's see what Jaguar has to offer:

1. Hardened Kernel, modified M5 built with UBERTC 6.0; hardened rom built with HYPERTOOL 5.4
2. All ciphers enabled in kernel instead of just a few
3. Hardened/Fortified Bionic and Libs
4. Fstack protection strong to resist buffer overflows
5. Many System apps and processes are made read-only, to reduce elevation of privilege
6. Selinux replaced with Tomoyo Security, Yam security
7. Disc encryption, keymaster to 256 bit AES instead of 128
8. Latest TWRP with working brightness and ability to decrypt Data
9. Random number generation mixed hardware/software, as recommended by Linus Torwalds
10. Options to randomize host on every boot
11. Option to have a separate password for lock screen and boot
12. Qualcomm's Time Services disabled due to leaking on early boot (set time to automatic to get it from your carrier). Forget it. The rom now includes Sony TimeKeep that sets the time locally
13. WIFI Background Scanning disabled to prevent leaking
14. Internet disabled for both WIFI and Data until Afwall is set and activiated (Afwall included in download, install as regular app)
15. The phone is VOLTE ready and you have all network options available in Cell menu (not just LTE/WCDMA/GSM)
16. GRsecurity features, such as Sidechannel implemented
17. Some Pax Security Features
18. Option to deny USB connection: denied always; denied when locked; and allowed always
19. Hardened webview with Google and other "interesting" IPs removed
20. Prevention of bruteforcing screen pin: the phone will reboot upon 3 unsuccessful attempts
21. Perfect_Event_Paranoid ported from Grsecurity: now third party apps can't use other apps including system to elevate privileges
22. Camera hardware button works to focus, take pictures and start video recording
23. Option to disable writing to Tombstones (a lot of private info is dumped there if there is a crash)
24. Option to disable continuing writing of logcat
25. Option to disable device cameras: back; front, both or none
26. Always latest Google Security Patches
27. Always latest Code Aurora Security Patches
28. Changes ported directly from Google Android Gerrit, so most of those in MM and even N are in this rom
29. About 80% of kernel changes are ported into Jaguar kernel from 3.10 and 3.18 (not Sony AOSP 3.10 that has Down Syndrome, but Linux/Google/Code Aurora one)
30. Rom is odexed to significantly increase boot speed (under 30 seconds) and application start
31. Many more security features ported from Linux and Copperhead OS
32. Dns Crypt: a feature allowing to choose among many Dns providers (all encrypted)
33. Seccomp: secure computing enabled in kernel


Other features include: Layers Theme Engine; Native Call Recording with interface integrated in Dialer with no restrictions; Privacy Guard; Native Wakelock Blocker; Native Black List; Global Menu; Slim Recents; Traffic Indicators; Advanced Reboot; Slim Pie; CPU Info on Screen; Ram Bar in Recents; Supersu included and integrated in Settings; True Offline Charging with Screen Off; Kernel Adiutor included (unzip and install as a normal app) and integrated in Settings; FM Radio and Recording plus more

Things users need to know to have smooth experience:. These are not bugs, but rather an explanation of some features

1. If you want to do data encryption, keep in mind that unlike Android, Jaguar uses 256 bit encryption. If you were encrypted on other roms, you won't be able to decrypt. So, wipe encryption and then re-encrypt on Jaguar. Also, keep in mind that if you ever did factory reset on official TWRP 3+ for honami, your data partition is screwed and have to be resized to enable encryption. This has nothing to do with the rom, but rather with the official TWRP itself. Fastboot my unofficial TWRP 3.0.2, which, by the way has working brightness, as well as ability to decrypt and mount data

2. Jaguar contains a script running on early boot, which cuts the internet access to both WIFI and Data until Afwall is running. This is done to prevent leaking, as well as having all your internet traffic routed through some interesting number of servers, including this IP: 26.147.196.22. So, install Afwall and activate it, otherwise, no Internet for you

3. If your system language is different from English and you want to make changes in Phone/Cell Network settings, switch to English first, make the changes and then return to your language. The changes you made will hold. If you try to make the changes in your language, you will have com.android.phone crash. Localization takes time and is virtually impossible to implement in Jaguar, which is a one-person-rom

4. TimeKeep is ported from MM/N. Now time is set locally without the Internet or GSM signal. You need to set it once only and then TimeKeep will keep it current on each reboot, even if Airplane mode.

5. GAPPS: in order to escape f/c, you need to flash GAPPS right after the rom without reboot. If you reboot, you will have problems.

6. If you came from Kitkat directly to a custom LP (without having stock LP at least once), you might experience problems with hardware: gps/wifi irregularites. This applies to any custom rom above Kitkat. To remedy this, flash unmodified Sony stock LP 5.1.1, boot the phone and let it settle. Then you can reboot into fastboot and flash TWRP recovery. Then you can flash Jaguar


Download: All updates and change logs are in Post #3 now

Instructions:

1. You must have flashed and booted stock LP 5.1.1 once to upgrade your hardware (see explanation above)
2 Have TWRP (fastboot my unofficial version), unlocked bootloader and root
3. In TWRP, wipe data/factory reset, then wipe System/Data/Cache/Dalvik
4. Flash the rom
5. If you use xposed, flash the latest installer (As of October 2016 no longer works due to multiple implementations from Nougat)
6. Reboot, install Afwall and Kernel Adiutor as normal apps; activate Afwall to have Internet
7. Enjoy the rom, say thank you, donate or do both


Warning: If your device and/or anyone in the immediate vicinity dies, don't blame me: it is all China and Russia's fault.

Credit: CM, AOSP, Slimroms, DU, Copperhead OS, Myself5 (kernel)

UPDATED KERNEL SOURCE: https://forum.xda-developers.com/dev...t/dl/?id=23107 . Don't flash. This is not kernel, but rather sources to compile kernel

Kernel Sources: https://github.com/AOSP-Argon/androi...l_sony_msm8974


XDA:DevDB Information
Jaguar Amami LP 5.1.1 r37 Official, ROM for the Sony Xperia Z1 Compact

Contributors
optimumpro
ROM OS Version: 5.1.x Lollipop
ROM Kernel: Linux 3.4.x
ROM Firmware Required: Unlocked Bootloader
Based On: AOSP Slim DirtyUnicorn

Version Information
Status: Stable

Created 2016-06-11
Last Updated 2017-02-09
The Following 36 Users Say Thank You to optimumpro For This Useful Post: [ View ] Gift optimumpro Ad-Free
 
 
11th June 2016, 04:30 PM |#2  
OP Senior Member
Thanks Meter: 10,267
 
Donate to Me
More
I broke my Z1 screen again and I am not in the mood for after market screens. And I am sick and tired of Sony crappy treatment of development community.

I am now looking at Lenovo Zuk Z2 or Z2 pro. Both excellent phones with the latest CPU and made out of metal and glass by Motorola which they bought from Google a couple of years ago. Zuk is friendly to developers and their blobs don't dumb down camera and they don't seek to "unify" bugs for all their devices. I no longer wish to support a fat bastard corporation that can't make a good phone, but thinks that just by putting their logo on the phone would make it worth $700.

RE Jaguar. I will continue to maintain Jaguar mainly with security patches... for a while, but my main work will be concentrated on Zuk. There is a lot of work to be done cleaning Android N and implementing security and other features from Jaguar...



Some screenshots: http://forum.xda-developers.com/show...91&postcount=2
The Following 9 Users Say Thank You to optimumpro For This Useful Post: [ View ] Gift optimumpro Ad-Free
11th June 2016, 04:38 PM |#3  
OP Senior Member
Thanks Meter: 10,267
 
Donate to Me
More
February 9. New release:

1. February Security patches
2. DNS_Crypt (in settings/security)
3. Seccomp (secure computing implemented in kernel)
4. Open Source Superuser integrated
5. Silent SMS notification enabled
6. 1440p profile in camcorder added
7. Sony TimeKeep: now time is set locally without the Internet or GSM signal (you need to set it right the first time only)
8. Updated TWRP that now works with TimeKeep

If you enable Dnscrypt and you use Afwall, allow internet for apps running as root...

If you prefer closed source Supersu, just flash the zip...


Download Rom: https://forum.xda-developers.com/dev...t/dl/?id=23073

Download TWRP: https://forum.xda-developers.com/dev...t/dl/?id=23070
__________________________________________________ ____
January 12: Updated release that includes a fully working NFC-HCE for Android Pay. It may be possible to bypass Safety Net by deleting Superuser or Supersu with su binary, as Lollipop doesn't have dm verity. Although, if the check includes bootloader status, you may be out of luck.

You may flash dirty on top of the previous Jaguar release.

Download: https://forum.xda-developers.com/dev...t/dl/?id=22567
__________________________________________________ _______________
January 6: New release with January security patches from Google and Code Aurora. Also, qcom time service is back.

Download: https://forum.xda-developers.com/dev...t/dl/?id=22449

You can flash on top of the previous release. Otherwise, read the OP (fresh install).
__________________________________________________ __________________________________
December 10. Rom updated to include:
1. December security patches
2. Signature spoofing (like in Omniroms)
3. USSD fixed (maybe)


Download: http://forum.xda-developers.com/devd...t/dl/?id=22005
__________________________________________________ ________________________________
November 11. Rom updated to include November Security Patches. I have also removed Supersu, as there is a built-in root manager and quite a few people no longer trust the Chinese owned Supersu.

Download: http://forum.xda-developers.com/devd...t/dl/?id=21448

__________________________________________________ ______________________________
October 5. New release:

1. Kernel overclocked to 2803: experimental, I have used it for 10 days on Z1 without problems
2. October security patches from Google and Code Aurora
3. Over 80 commits from Google Master Gerrit which included changes to bionic, art, frameworks and system
4. Updated Afwall
5. Maybe more

This rom is now about 40% Nougat. One of the side effects: Xposed framework no longer works, but getting rid of it and instead using Privacy Guard is almost as good. Don't forget, Xposed is an exploit, which provides hooks for good and bad things.


Rom Download: http://forum.xda-developers.com/devd...t/dl/?id=20791

Afwall/Kernel Adiutor Download: http://forum.xda-developers.com/devd...t/dl/?id=20790

You can flash dirty if on a previous release
__________________________________________________ _______________________________[B]
September 8. Rom updated to include:

1. September Google security patches
2. Latest Code Aurora patches https://www.codeaurora.org/projects/security-advisories
3. MPdecision is permanently disabled due to interfering with other hotplug and CPU frequencies. Default is MSMdecision, but you can pick several others in Kernel Adiutor
4. CPU overclock and underclock removed: no benefit whatsoever
5. More hardening ported from 3.18 kerne
l: https://android-review.googlesource.com/#/q/hardened,25 You won't find those on any rom custom or stock. This is from 3.18 kernel and it has nothing to do with Sony
6. About 70-80 commits from Android Master Branch. Folks. This is no longer a lollipop rom
7. PXN security feature implemented, which takes advantage of special instructions on ARMv7 to prevent unprivileged execution. See here: https://android-review.googlesource.com/#/c/265892/
8. Further integration of VOLTE
9. Kernel Adiutor: author has decided to go with Mobile Ads/Adview/Adbanner. So these were removed...
10. Camera: improvements to camera wrapper (missing entries), as well as some modifications in /frameworks/av/camera, so, you have a sharper picture. See photo attached, although, XDA reduces pictures... . This was taken with Open Camera.
Maybe more...


WARNING: you need to do one thing after flashing the rom: flash the latest stock baseband. BASEBAND ONLY. If you don't, you will only have LTE: no H+/H/2G. This is a one-time procedure and is due to Volte implementation. You have been warned. First flash the rom, then reboot, then flash the latest baseband. I don't want to hear cries: where is my 3G!

Download Rom: http://forum.xda-developers.com/devd...t/dl/?id=20290

Download Afwall/Kernel Adiutor:http://forum.xda-developers.com/devd...t/dl/?id=20288

You may flash dirty if on a previous release. Otherwise, clean flash...
Attached Thumbnails
Click image for larger version

Name:	Tree.jpg
Views:	1814
Size:	284.2 KB
ID:	3869229  
The Following 12 Users Say Thank You to optimumpro For This Useful Post: [ View ] Gift optimumpro Ad-Free
11th June 2016, 07:15 PM |#4  
Senior Member
Flag Ostrava
Thanks Meter: 37
 
More
So far so good but I noticed some bugs which come from CM trees - The scrolling is laggy (this fixed it http://review.cyanogenmod.org/#/c/109956/ ) screen is flickering with low brightness ( I made a fix but looks like I'm not able to complete it https://review.cyanogenmod.org/#/c/106545/ ) and WiFi Mac is wrong (starts with 00:00 and I think this commit fixed it https://review.cyanogenmod.org/#/c/117270/ ) Otherwise great ROM and thanks for the work!
11th June 2016, 07:49 PM |#5  
Senior Member
Thanks Meter: 1,193
 
More
Quote:
Originally Posted by optimumpro

This is Official Jaguar Rom LP 5.1.1 r37 which enjoyed over 4000 downloads at Xperia Z1 thread. Jaguar is the only LP rom that is being actively developed and maintained, which means latest sources including June security patches...

Important Disclaimer: I don't have Z1 compact, so, although unlikely, you may have non boot issues. So, back up your prior rom and don't complain, as for the purposes of Z1 compact, this is an experimental build...

As you all know, MM is still in bad alpha state, not to mention horrible camera and it will NOT get any better for many reasons such as: idiotic switching to AOSP (instead of CM) trees; and CM abandoning AOSP in favor of its own closed source OS. Pure AOSP has NEVER had a stable Z1 rom for any version of Android be it MM, LP, Kitkat or even Jeallybean. So, forget about MM. It is bad and isn't getting better.

Thanks for the rom, I look forward to trying it out. I must say, though, that we have seen at least a couple of AOSP/AOSP-based ROMs for our device that are developing nicely - fully functional and with good cameras. See DU by @SpiritCroc, and AOSP by @freexperia.

However, as far as CM goes, you're quite right. Several nice ROMs, but little camera progress.
11th June 2016, 09:18 PM |#6  
OP Senior Member
Thanks Meter: 10,267
 
Donate to Me
More
Quote:
Originally Posted by Syssx

So far so good but I noticed some bugs which come from CM trees - The scrolling is laggy (this fixed it http://review.cyanogenmod.org/#/c/109956/ ) screen is flickering with low brightness ( I made a fix but looks like I'm not able to complete it https://review.cyanogenmod.org/#/c/106545/ ) and WiFi Mac is wrong (starts with 00:00 and I think this commit fixed it https://review.cyanogenmod.org/#/c/117270/ ) Otherwise great ROM and thanks for the work!

In Kernel Adiutor use Ondemandplus, multicore power saving disabled. Set timer_rate at 33000. Don't use mpdecision, instead use Msmpdecision hotplug with idle frequency set at 1497. Use intelithermal. You will also have cpu and gpu overclocked to 2457 and 600 respectively. Also voltage changing is in kernel. Screen flickering does not exist on Z1. I will look into it...

Edit: those old commits were in from the beginning...
The Following User Says Thank You to optimumpro For This Useful Post: [ View ] Gift optimumpro Ad-Free
12th June 2016, 04:14 AM |#7  
Member
Flag Lima
Thanks Meter: 12
 
More
Quote:

12. Mandatory use of Afwall (no internet unless Afwall is activated)

Afwall+ has never worked right for me. It actually blocked some apps explicitly whitelisted, and some blacklisted apps would still go through it. I know OP is not to blame about this, but making it mandatory is a big "no" for me.
12th June 2016, 08:20 AM |#8  
Senior Member
Flag Ostrava
Thanks Meter: 37
 
More
Quote:
Originally Posted by optimumpro

In Kernel Adiutor use Ondemandplus, multicore power saving disabled. Set timer_rate at 33000. Don't use mpdecision, instead use Msmpdecision hotplug with idle frequency set at 1497. Use intelithermal. You will also have cpu and gpu overclocked to 2457 and 600 respectively. Also voltage changing is in kernel. Screen flickering does not exist on Z1. I will look into it...

Edit: those old commits were in from the beginning...

Flickering occurs while Adaptive Brightness is on and when Brightness slider is on minimum value. Screen (and or backlight) just starts to flicker.
12th June 2016, 01:33 PM |#9  
Junior Member
Thanks Meter: 3
 
More
What gapps should I use fro this rom?
I tried opengapps but they make AOSP keyboard crash. (clean install)
12th June 2016, 02:18 PM |#10  
OP Senior Member
Thanks Meter: 10,267
 
Donate to Me
More
Quote:
Originally Posted by Syssx

Flickering occurs while Adaptive Brightness is on and when Brightness slider is on minimum value. Screen (and or backlight) just starts to flicker.

Disable ambient display: it is broken on lp and wastes battery.
The Following User Says Thank You to optimumpro For This Useful Post: [ View ] Gift optimumpro Ad-Free
12th June 2016, 02:59 PM |#11  
OP Senior Member
Thanks Meter: 10,267
 
Donate to Me
More
Quote:
Originally Posted by leonmorlando

Afwall+ has never worked right for me. It actually blocked some apps explicitly whitelisted, and some blacklisted apps would still go through it. I know OP is not to blame about this, but making it mandatory is a big "no" for me.

You need to use built in binaries for iptables and busybox (prefrences/binaries), as Google iptables are modified to allow certain traffic. Afwall is good in preventing all kinds of leaks, but it can't do anything until it runs and it does not run on boot. So, this rom has a script on early init that cuts the internet until the firewall starts. Without it all your internet traffic is routed through an ip like this one: 26.147.196.122.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes