Search This thread

immortalneo

Senior Member
Jan 25, 2011
4,425
1,938
Malappuram, Kerala
There are a lot of people joining XDA on a daily basis, and there are a lot of repetitive questions being asked
which clutter up the Development and 'Q & A' threads. Point them here. Feel free to ask or answer questions.

The idea of this thread is to get users to help other users with their problems/questions. People are usually
ridiculed for asking questions that other people deem stupid even though it may be a legitimate question. This
leads to new users being afraid to ask questions!

Only provide well mannered help towards users in this thread. Please do not spoon feed, but rather point in
the direction where that user can find an answer
and educate himself. If you don't want to answer, at least
point out where to find the answer.



Before posting anything, I strongly advise you to read THIS thread.

Then, have a quick look at the names of threads in Post No. 2, you might find what you need right away.

Third. Even if you do get your question answered, please do come back and read threads in Post No. 2
(coming later as soon as we start getting the guides) to educate yourself. You'll be surprised how much time
and frustration it will save you in the future!



No abuse towards noobs tolerated here! That means:
NO TROLLING
NO NAME CALLING
NO RIDICULING
NO FLAMING


ASK ANY QUESTION HERE! No question is stupid or irrelevant in this thread. You will either get an answer or will get pointed in the right direction.


*A Special Thanks to mark manning for his help in creating this thread*


HALL OF FAME

People who contributed most to this thread and helped countless number of people with their
problems/questions. In no particular order.

Bruce Wayne
post-mortem
SilentStrider
Ghostfreak NB
mayank9856
sgs22012
Zatta
ADDICT.ANK



These people also have the right to use the banner below:
Newbie%20Thread%20Sign.gif


Just add this code to your signature:
HTML:
[URL="http://forum.xda-developers.com/showthread.php?t=2257421"][IMG]https://dl.dropboxusercontent.com/u/41066660/Newbie%20Thread%20Sign.gif[/IMG][/URL]
 
Last edited:
I wanted to look into citadel a bit more before I went to far. ;)
Ran out of time to do some testing.

From what I found, it seems citadel might just be a reporting tool for the Titan M chip first introduced in Pixel 3.
Google Blog - WebSite - Titan M makes Pixel 3 our most secure phone yet Link

Not sure if it can be used/exploited to actually change anything. :confused:
Then again, how many exploit security patches do we have every year. 🙃


Before I updated my 5 to the April build (redfin-ota-rq2a.210405.005 at the time), that was the same error it gave me.
I am not sure why since I was connected to WiFi and I still have not installed a sim card in my 5.
I wonder if it would have made a difference updating using the updater instead of downloading and sideloading the recovery OTA. ?
As noted, I bought the unlocked version directly from Google, so there should have been no issue unlocking the bootloader before updating.


My Pixel 4a (sunfish) and 5 (redfin) are on stock Google Android 11.
April 2021 build. I will update them to the May 2021 today or tomorrow.

I will let you know what I find. :D

Cheers. :cowboy:
Going to see if I can locally pick up one of those debugging cables if not see if I can get one ordered overnight or close to it from Amazon or the likes. I'm hoping that because we seem to have full functionality here that this cable May cancel out the device error when trying to reset the ABB locks. What happens after that is anyone's guess and whether or not you can change anything in this little rabbit hole may not matter. What I'm interested in is why the bootloader value when doing a reset on citadel goes back to zero and assuming zero means unlocked we have one unlocked slot to work with when that is defaulted to zero. And given I've somehow been able to change slots from b to a might also work on our advantage. Something I still have yet to figure out how I did. Time to go look for one of those cables.

EDIT ADD: unfortunately until I can find a way to update with a factory image, I am stuck on Android 12. Verizon does not allow flashing of images on locked devices. However they do allow an OTA if they are signed by Google specifically... Or we find out what keys they use and if they are actually available in the AOSP sourcetree. That's just a wild leap of faith, but I've seen weirder things happen. So until I can hack an OTA or a factory image to flash I am stuck on Android 12 and any updates they give me through Google. Verizon no longer updates this device as far as I know but I very well could be wrong.
 
  • Like
Reactions: ipdev
I wanted to look into citadel a bit more before I went to far. ;)
Ran out of time to do some testing.

From what I found, it seems citadel might just be a reporting tool for the Titan M chip first introduced in Pixel 3.
Google Blog - WebSite - Titan M makes Pixel 3 our most secure phone yet Link

Not sure if it can be used/exploited to actually change anything. :confused:
Then again, how many exploit security patches do we have every year. 🙃


Before I updated my 5 to the April build (redfin-ota-rq2a.210405.005 at the time), that was the same error it gave me.
I am not sure why since I was connected to WiFi and I still have not installed a sim card in my 5.
I wonder if it would have made a difference updating using the updater instead of downloading and sideloading the recovery OTA. ?
As noted, I bought the unlocked version directly from Google, so there should have been no issue unlocking the bootloader before updating.


My Pixel 4a (sunfish) and 5 (redfin) are on stock Google Android 11.
April 2021 build. I will update them to the May 2021 today or tomorrow.

I will let you know what I find. :D

Cheers. :cowboy:
well heres what little bit I found on what the chromeOS cable is. From Amazon:
When you attach it to a supporting port, Google devices enable a USB port on SBU which exposes a bunch of endpoints, including UART (accessible with standard serial drivers) for both the embedded controller and Linux consoles, and, depending on the state of your system, a way to flash firmware using the open-source servod software and flashrom.
 
  • Like
Reactions: ipdev
I wanted to look into citadel a bit more before I went to far. ;)
Ran out of time to do some testing.

From what I found, it seems citadel might just be a reporting tool for the Titan M chip first introduced in Pixel 3.
Google Blog - WebSite - Titan M makes Pixel 3 our most secure phone yet Link

Not sure if it can be used/exploited to actually change anything. :confused:
Then again, how many exploit security patches do we have every year. 🙃


Before I updated my 5 to the April build (redfin-ota-rq2a.210405.005 at the time), that was the same error it gave me.
I am not sure why since I was connected to WiFi and I still have not installed a sim card in my 5.
I wonder if it would have made a difference updating using the updater instead of downloading and sideloading the recovery OTA. ?
As noted, I bought the unlocked version directly from Google, so there should have been no issue unlocking the bootloader before updating.


My Pixel 4a (sunfish) and 5 (redfin) are on stock Google Android 11.
April 2021 build. I will update them to the May 2021 today or tomorrow.

I will let you know what I find. :D

Cheers. :cowboy:

Control of firmware write protect.

Flashing of the AP and EC firmware.

EC RW console access.

Read I2C INA219 current sensors (though most production boards do not have them populated).

A subset of these features (e.g., UART lines) can be accessed without a cros_sdk chroot.

Once the SuzyQ is plugged in, three /dev/ttyUSB devices will enumerate:

  1. Cr50 console
  2. CPU/AP console (RW)
  3. EC console (RW)

I wanted to look into citadel a bit more before I went to far. ;)
Ran out of time to do some testing.

From what I found, it seems citadel might just be a reporting tool for the Titan M chip first introduced in Pixel 3.
Google Blog - WebSite - Titan M makes Pixel 3 our most secure phone yet Link

Not sure if it can be used/exploited to actually change anything. :confused:
Then again, how many exploit security patches do we have every year. 🙃


Before I updated my 5 to the April build (redfin-ota-rq2a.210405.005 at the time), that was the same error it gave me.
I am not sure why since I was connected to WiFi and I still have not installed a sim card in my 5.
I wonder if it would have made a difference updating using the updater instead of downloading and sideloading the recovery OTA. ?
As noted, I bought the unlocked version directly from Google, so there should have been no issue unlocking the bootloader before updating.


My Pixel 4a (sunfish) and 5 (redfin) are on stock Google Android 11.
April 2021 build. I will update them to the May 2021 today or tomorrow.

I will let you know what I find. :D

Cheers. :cowboy:

So apparently this debug cable does quite a bit of things. Including to some capacity the ability to read and write. If the device is supported, you have access to Closed Case Debugging and Servod. Some features this cable allows when they are activated in a chroot chromeOS environment using hdctools:

Control of firmware write protect.

Flashing of the AP and EC firmware.

EC RW console access.

Read I2C INA219 current sensors (though most production boards do not have them populated).

A subset of these features (e.g., UART lines) can be accessed without a cros_sdk chroot.

Once the SuzyQ is plugged in, three /dev/ttyUSB devices will enumerate:

  1. Cr50 console
  2. CPU/AP console (RW)
  3. EC console (RW)

Source: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/HEAD/docs/ccd.md
 
  • Like
Reactions: ipdev

SubwayChamp

Senior Member
  • Aug 6, 2016
    2,678
    1
    1,233
    https://github.com/yshalsager/MSM8225-TWRP-Porter
    It is obvious that this tool does not work.
    This tool stopped being updated 4 years ago.

    Well, if you are expecting that a tool do all the job for you that is not how it works, you have to take various guides and compliment the information as a puzzle, I don´t think that a full all-in-one guide exists and taking a look on how a tool performs a thing it may help to a better understanding.
    Even the twrp team was not able to support android10 until 2021.
    This is not accurate I´m using Android 10 since few weeks after the first betas were released at March/19 (always rooted and with TWRP, PBR, OFR, SHR, etc?); unofficial builds were ready 2 years ago and official ones started at the mid of the past year https://www.androidpolice.com/2020/...h-limited-android-10-support-and-other-fixes/ a ported custom recovery will be ever an imperfect thing so far from not only the official builds from source but even from the unofficial, so be happy if at least you can perform minimal tasks with it.
    https://www.dealntech.com/phones-snapdragon-750g-5g-processor/
    I referred to this article.
    https://dl.twrp.me/gauguin/
    As a result, I used this twrp.
    Unfortunately, the touch panel does not work.
    Furthermore, the password input screen does not appear, so I can't compound the data.
    Try with other devices and if the next 2 or 3 attempts this persists then you should need to load the correct modules into your kernel config, identify the exact driver for the touch panel that your device uses (use some app like this https://play.google.com/store/apps/details?id=ru.andr7e.deviceinfohw&hl=es&gl=US) and find other with same compatibility. All that said assuming that your guide is working.

    I will recommend that you use this recovery as base https://forum.xda-developers.com/t/...efox-recovery-for-xiaomi-mi-10t-lite.4227349/ it has best compatibility with a wide vendor display range.

    Follow your guide and if it is not working then use the Carliv Image kitchen https://carliv.eu/ the method will be near to the other, replacing all the files (images) that you´ll find out of the ramdisk folder (those are the same that are usually in split images), regarding the fstab.qcom that you´re not finding it is in the boot image, you have to unpack it too to get it, the rest remains the same.
     

    PEACH-PIT

    Senior Member
    Jan 22, 2018
    98
    20
    Well, if you are expecting that a tool do all the job for you that is not how it works, you have to take various guides and compliment the information as a puzzle, I don´t think that a full all-in-one guide exists and taking a look on how a tool performs a thing it may help to a better understanding.

    This is not accurate I´m using Android 10 since few weeks after the first betas were released at March/19 (always rooted and with TWRP, PBR, OFR, SHR, etc?); unofficial builds were ready 2 years ago and official ones started at the mid of the past year https://www.androidpolice.com/2020/...h-limited-android-10-support-and-other-fixes/ a ported custom recovery will be ever an imperfect thing so far from not only the official builds from source but even from the unofficial, so be happy if at least you can perform minimal tasks with it.

    Try with other devices and if the next 2 or 3 attempts this persists then you should need to load the correct modules into your kernel config, identify the exact driver for the touch panel that your device uses (use some app like this https://play.google.com/store/apps/details?id=ru.andr7e.deviceinfohw&hl=es&gl=US) and find other with same compatibility. All that said assuming that your guide is working.

    I will recommend that you use this recovery as base https://forum.xda-developers.com/t/...efox-recovery-for-xiaomi-mi-10t-lite.4227349/ it has best compatibility with a wide vendor display range.

    Follow your guide and if it is not working then use the Carliv Image kitchen https://carliv.eu/ the method will be near to the other, replacing all the files (images) that you´ll find out of the ramdisk folder (those are the same that are usually in split images), regarding the fstab.qcom that you´re not finding it is in the boot image, you have to unpack it too to get it, the rest remains the same.
    I was researching and found this.
    https://github.com/moto-sm7250/android_device_motorola_kiev/tree/android-10

    I tried to build it myself, looking up the build instructions.
    However, it fails with an error when the build is 99% complete.
    I have installed bbqlinux-2021.04.14-x86_64-cinnamon in VirtualBox and built twrp.

    Code:
    FAILED:
    build/make/core/main.mk:745: error: CtsAppBindingHostTestCases.LOCAL_TARGET_REQUIRED_MODULES : illegal value CtsAppBindingService1 : not a device module. If you want to specify host modules to be required to be installed along with your host module, add those module names to LOCAL_REQUIRED_MODULES instead.

    Is there any way to fix this?
    I've looked up the error message on google, but can't find a solution.
     

    Attachments

    • main.zip
      18.6 KB · Views: 1
    Last edited:
    For those of you following my latest to do, I ordered the ChromeOS debugging cable and it arrives Sunday. If anyone is interested in one of their own, you can get them on Amazon, as well as a few other sites that are cheaper, but take longer to receive. Here is a link for your reference: https://www.amazon.com/gp/aw/d/B07XF7V6CW?ref=ppx_pt2_mob_b_prod_image
     
    • Like
    Reactions: ipdev

    DiamondJohn

    Recognized Contributor
  • Aug 31, 2013
    5,216
    4,812
    Sydney
    I was researching and found this.
    https://github.com/moto-sm7250/android_device_motorola_kiev/tree/android-10

    I tried to build it myself, looking up the build instructions.
    However, it fails with an error when the build is 99% complete.
    I have installed bbqlinux-2021.04.14-x86_64-cinnamon in VirtualBox and built twrp.

    Code:
    FAILED:
    build/make/core/main.mk:745: error: CtsAppBindingHostTestCases.LOCAL_TARGET_REQUIRED_MODULES : illegal value CtsAppBindingService1 : not a device module. If you want to specify host modules to be required to be installed along with your host module, add those module names to LOCAL_REQUIRED_MODULES instead.

    Is there any way to fix this?
    I've looked up the error message on google, but can't find a solution.
    I havent read nor followed your post explicitly, but for more targeted help on building TWRP, you would be best to ask your questions in the following thread.

     
    • Like
    Reactions: ipdev

    PEACH-PIT

    Senior Member
    Jan 22, 2018
    98
    20
    I havent read nor followed your post explicitly, but for more targeted help on building TWRP, you would be best to ask your questions in the following thread.

    Thank you.
    I will ask the question there.
     

    SubwayChamp

    Senior Member
  • Aug 6, 2016
    2,678
    1
    1,233
    Last edited:
    I wanted to look into citadel a bit more before I went to far. ;)
    Ran out of time to do some testing.

    From what I found, it seems citadel might just be a reporting tool for the Titan M chip first introduced in Pixel 3.
    Google Blog - WebSite - Titan M makes Pixel 3 our most secure phone yet Link

    Not sure if it can be used/exploited to actually change anything. :confused:
    Then again, how many exploit security patches do we have every year. 🙃


    Before I updated my 5 to the April build (redfin-ota-rq2a.210405.005 at the time), that was the same error it gave me.
    I am not sure why since I was connected to WiFi and I still have not installed a sim card in my 5.
    I wonder if it would have made a difference updating using the updater instead of downloading and sideloading the recovery OTA. ?
    As noted, I bought the unlocked version directly from Google, so there should have been no issue unlocking the bootloader before updating.


    My Pixel 4a (sunfish) and 5 (redfin) are on stock Google Android 11.
    April 2021 build. I will update them to the May 2021 today or tomorrow.

    I will let you know what I find. :D

    Cheers. :cowboy:

    From the source tree of crosshatch/blueline. Defines in the device.mk, what the citadel locks represent:

    Code:
    # Citadel
    PRODUCT_PACKAGES += \
        citadeld \
        citadel_updater \
        [email protected] \
        [email protected] \
        [email protected] \
        [email protected] \
        wait_for_strongbox
    
    # Citadel debug stuff
    PRODUCT_PACKAGES_DEBUG += \
        test_citadel

    Source: https://android.googlesource.com/de...bfe57aaaf2cdd656a4476bbfb5c01314a09/device.mk
     
    @ipdev so I have the cable. Unfortunately I'm having a bit of trouble trying to set up the tools I should be able to use with this cable. I'm not sure I will be able to find all of the files and other dependencies I need on Linux and order for these things to work. But I have to do some more research.

    But I do need some help. I need to figure out what the link is between citadel and suzyq/suzyqable. I have been doing a lot of reading about the tools associated with this cable and some of the abilities I may or may not have access to. There is very little information unfortunately and somebody with a better knowledge of the technology might prove a better researcher than me in this regard. Because the way I look at it right now based on the information I have is the only reason citadel would have to control the access if suzyq/suzyqable is because of it's abilities such as allowing you to flash firmware to specific chips and unlocking and locking the bootloader so my understanding right now would be to say that somehow suzyq unlocks and locks the bootloader and that would be the only reason for citadel to serve as the manager of that access. Given that so far there are only a handful of commands citadel has that would be a reasonable assumption in my opinion. What say you?
     

    Aman750

    New member
    Jul 25, 2017
    1
    0
    Recently Realme 6pro got android 11 stable update and after the update it is difficult to root the device. After flashing twrp, device goes into the state where it states: "Device boot/recovery is damaged" or it just stays at the "Realme" logo. It won't go into bootloop either.
    So I tried Orange Fox but it asks for zip to be flashed and RM60P's Orange Fox zip file isn't available. Please help
     
    Getting close I think. A few things. There is or was a bug in google's Titan citadel chip. In looking for a link to suzyq and citadel, I came across this bit of research: https://alexbakker.me/post/mysterious-google-titan-m-bug-cve-2019-9465.html

    What interests me here is the error this app he created generated while it was doing it's thing:

    Code:
    chatty  : uid=1064(hsm) /vendor/bin/hw/citadeld identical 5 lines
    12-24 16:24:20.357   806   806 E /vendor/bin/hw/[email protected]: Incorrect Citadel update password
    12-24 16:24:29.466   825   825 I /vendor/bin/hw/[email protected]: Running OemLock::setOemUnlockAllowedByCarrier: 1
    12-24 16:24:29.473   584   584 I chatty  : uid=1064(hsm) /vendor/bin/hw/citadeld identical 1 line

    Who notices? Take a closer look at the third error:

    Code:
    [email protected]: Running OemLock::setOemUnlockAllowedByCarrier: 1

    😮 This almost smells like a secure setting of some sort. The question is where is it and how do we change it and is it still possible? Who or what is user/group hsm? I looked at the boot image through the source code and these bins are not assigned 'user root' or 'group root'. Instead both are 'hsm' and some of the files referenced in his research are available in the vendor image. I have taken a few of those bin files and moved them to my PC and then on to the device because I cannot access them otherwise. All of them execute except they don't do anything. Why? Because two of them call on libraries that I cannot find nor can they find. @ipdev

    Secondly, in March of this year, an unknown vendor reported a bug in the Titan citadel chip 😈 and it was assigned the name CVE-2021-0456. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0456

    "In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation"

    I'm interested to hear what anyone has to say about this. Please note you can download the source code to the individuals application in the link I posted above where his research project is. It comes in an uncompiled state so you have to build it yourself. I did not have time to go that far today perhaps I will try tomorrow.
     
    Last edited:

    SubwayChamp

    Senior Member
  • Aug 6, 2016
    2,678
    1
    1,233
    Recently Realme 6pro got android 11 stable update and after the update it is difficult to root the device. After flashing twrp, device goes into the state where it states: "Device boot/recovery is damaged" or it just stays at the "Realme" logo. It won't go into bootloop either.
    So I tried Orange Fox but it asks for zip to be flashed and RM60P's Orange Fox zip file isn't available. Please help
    The image and the zip are available in the same site https://forum.xda-developers.com/t/...ial-orangefox-recovery-project-r11-x.4232569/
     
    Getting close I think. A few things. There is or was a bug in google's Titan citadel chip. In looking for a link to suzyq and citadel, I came across this bit of research: https://alexbakker.me/post/mysterious-google-titan-m-bug-cve-2019-9465.html

    What interests me here is the error this app he created generated while it was doing it's thing:

    Code:
    chatty  : uid=1064(hsm) /vendor/bin/hw/citadeld identical 5 lines
    12-24 16:24:20.357   806   806 E /vendor/bin/hw/[email protected]: Incorrect Citadel update password
    12-24 16:24:29.466   825   825 I /vendor/bin/hw/[email protected]: Running OemLock::setOemUnlockAllowedByCarrier: 1
    12-24 16:24:29.473   584   584 I chatty  : uid=1064(hsm) /vendor/bin/hw/citadeld identical 1 line

    Who notices? Take a closer look at the third error:

    Code:
    [email protected]: Running OemLock::setOemUnlockAllowedByCarrier: 1

    😮 This almost smells like a secure setting of some sort. The question is where is it and how do we change it and is it still possible? Who or what is user/group hsm? I looked at the boot image through the source code and these bins are not assigned 'user root' or 'group root'. Instead both are 'hsm' and some of the files referenced in his research are available in the vendor image. I have taken a few of those bin files and moved them to my PC and then on to the device because I cannot access them otherwise. All of them execute except they don't do anything. Why? Because two of them call on libraries that I cannot find nor can they find. @ipdev

    Secondly, in March of this year, an unknown vendor reported a bug in the Titan citadel chip 😈 and it was assigned the name CVE-2021-0456. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0456



    I'm interested to hear what anyone has to say about this. Please note you can download the source code to the individuals application in the link I posted above where his research project is. It comes in an uncompiled state so you have to build it yourself. I did not have time to go that far today perhaps I will try tomorrow.

    Addition: the source boot image also gives these bins/services 'user nobody'.
     
    I stand corrected. There are several CVEs in the Titan citadel chip. I've found a total of three so far. All of them filed in March of this year and from what I can tell all unpatched. I've listed the two new ones below, all three have the same description:



    I think this might be a good time to mention a pretty old exploit on what used to be quite a popular device. There is a high probability that we might be looking at something similar here. I know @sd_shadow remembers the Droid Razr M. I'm not going to go into long details on how the bootloader was eventually unlocked on the devices released by Verizon, other than to say the exploit was impressive in that it exploited a fuse, which was supposed to be blown. This exploit allowed the bootloader to be unlocked on those devices only, buy the process was irreversible, and permanently blew said fuse.

    Going back to citadel, resetting the locks likely doesn't work because all of those fuses are blown....except for one. @ipdev even caught it. The last lock has an unknown function. Bootloader? 🤷 The fact all other commands through citadel work, makes me think this single fuse may still be operating. We ran a simple test and pretty much confirm that toggling the OEM lock on and off in settings on the pixel 3, of the non-verizon variant, changes the values on fuses/locks zero through three, 1 = locked, 0 = unlocked. I would really like somebody to correct me if I'm making no sense or even remotely close to anything.
     

    Banana_sam

    Member
    Mar 24, 2021
    26
    1
    Question: how do I see SMS notifications on multiple user accounts? I created a new user account on my android device (lineageOS 17.1, android 10) but SMS notifications don't work at all. I can see new messages if I click on my default stock SMS app, but I don't get any sort of notification for it. I get the notification perfectly fine on the administration account but not on the second user. I have all sms notifications turned on. SMS enabled on the second user account and still no luck. What am I doing wrong, or has multiple users accounts have always been very limiting like this?
     

    Top Liked Posts

    Our Apps
    Get our official app!
    The best way to access XDA on your phone
    Nav Gestures
    Add swipe gestures to any Android
    One Handed Mode
    Eases uses one hand with your phone