• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Is it bricked? Cannot flash stock Android to remove ArcaneOS

Search This thread

David B.

Senior Member
Mar 25, 2016
327
67
I think if you use the GrapheneOS installer tool you mentioned here to unlock the bootloader, you should be able to do it. I would suggest trying to use the GrapheneOS tool to unlock the bootloader (don't do anything else with it though). After that, I would suggest live booting TWRP using `fastboot boot YourTwrpImage.img` (don't flash it to the phone's recovery partition since you won't be able to get the ArcaneOS recovery back if you do!).

After that, try using the instructions here under the "This is How to Make Complete / Full BACKUP with TWRP" to take a backup of the phone. I believe those instructions would also include the recovery image in the backup, but it would still be a good idea to explicitly take one in case I am wrong, the instructions for explicitly taking a backup of the recovery are available in the terminal commands here.

After doing all that, reboot into ArcaneOS and copy the images you made off the SD card to your computer! Anyone who wants to then try ArcaneOS on their devices should be able to write the images to their device as long as it is the same phone and give ArcaneOS a try for themselves!

Needless to say, without having an ArcaneOS to try this on, I cannot promise that any of this would actually work, but it's worth a shot! One other thing I should mention here is that using this method to save off a copy of the image would retain any encryption on the device if any was used, so you would want to make sure that any passcodes you use on the device would be something that you are comfortable with sharing.

Additionally, it would be a good idea to share the commands that you used for taking the backup images. Output from the `dd` utility which is used for this can be passed through gzip for example to compress it further, but as a result, anyone who wants to use the image would need to know that so they can decompress it.
Out of curiosity, has anyone with one of these phones tried doing this?
 

David B.

Senior Member
Mar 25, 2016
327
67
could this work on these devices?

If I'm understanding the link correctly, you need to be rooted in order to use it, which means it isn't an option.
 

LoeWn

Senior Member
Nov 20, 2009
106
26
I also have one of these devices now. I was able to pick it up for 40 euro's so it's worth a shot. Might even be able to sell it for parts and make a profit.

But, i got unlucky and OEM unlocking is off, so can't unlock bootloader. Willing to help you guys, but i'm definitely not an expert in this matter.
 

David B.

Senior Member
Mar 25, 2016
327
67
I also have one of these devices now. I was able to pick it up for 40 euro's so it's worth a shot. Might even be able to sell it for parts and make a profit.

But, i got unlucky and OEM unlocking is off, so can't unlock bootloader. Willing to help you guys, but i'm definitely not an expert in this matter.
One option, although likely impractical, is to try brute forcing the OEM unlock code.
 

imamtelefon

Member
May 17, 2018
7
2
Thank you but this bruteforcer seems really bad. I am not sure if the codes it is trying to pass, even without the -i parameter would work on Pixel 4a. Furthermore the oem unlock command itself returns "invalid oem command unlock" so bruteforcing it might be futile
 

David B.

Senior Member
Mar 25, 2016
327
67
Thank you but this bruteforcer seems really bad. I am not sure if the codes it is trying to pass, even without the -i parameter would work on Pixel 4a. Furthermore the oem unlock command itself returns "invalid oem command unlock" so bruteforcing it might be futile
The one that I used was fine. I had no issues with it. I thought it was this one but maybe it was another one? Either way, as you said, it should be easy to automate. If you don't want to code it entirely from scratch, you could probably use one of these as boilerplate code: https://github.com/CyanCoding/Brute-Force-Password-Cracker
 

nomesrjp

Senior Member
May 16, 2015
97
41
51
Los Angeles
  • Like
Reactions: David B.

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    No way to turn on developer mode or enable OEM unlocking. Anybody got this to work?
    1
    Where are these Qualcomm tools even available?
    I think he means qpst
    1
    I think he means qpst
  • 4
    Ok... sorry for the delay. Yes, I can confirm the speculation going around... I accidentally bought an AN0M phone. And yes, I was fortunate enough to sell it again (and got most of my money back)... to a reporter at vice.com. And, BTW, I have bought myself another Pixel 4a... this time it is working properly.

    Some background points before I finally figured out exactly what I had in my possession...
    - Being unable to unlock/reset this phone, I started looking at my firewall logs to see what activity this phone was generating. I noticed the following:
    - regular HTTPS requests to arcane.one. I couldn't find anything useful on or about that site.
    - occasional HTTPS requests to time.grapheneos.org. This leads me to believe that ArcaneOS might be forked from GrapheneOS.
    - intermittent HTTPS requests to anom.one. I couldn't find anything useful on or about that site, however the word anom led me to discover the joint FBI/AFP operation that had just hit the news a few days earlier.
    - Now suspecting I had an An0m phone, I checked the calculator app... and yes, it loaded straight into the AN0M logon screen.
    - At this point, I panicked and thought I could get into trouble if this device was being tracked... so I rang the police and described my situation. They said to take it to my local police station. I call my local station (being in a small rural town, it is usually unmanned) and was advised to contact the AFP (Australia Federal Police), since it was their operation to begin with.
    - I called the AFP, explained again what had happened. The nice lady I spoke to confirmed that their activity with Operation Ironside had just finished and that, yes, they had supplied such phones to some of their informants. I left them my contact details and the details of the Gumtree seller who I purchased this phone from. I was hoping that maybe he would be a person of interest to the AFP, and that I would get some measure of payback for him scamming me in the first place.
    - I waited a week, the AFP did not call back... so I sold the phone to vice.com, who had already contacted me about this thread.
    - It occurs to me now why "ArcaneOS" was practically unheard of in the googleverse (until a few weeks ago). This was a state sponsored development and, of course, it was in the best interest of law enforcement authorities to keep the normally open-source Android code hidden to prevent this phone being tinkered with and the true purpose of this OS and app being discovered.

    To everyone that helped and suggested ideas to restore this phone to normal... thankyou. Although nothing we tried worked in the end, I still appreciate the community assistance here.

    To everyone that has contacted me directly to ask how to fix their Pixel phone... sorry, I cannot help you.

    I suspect it would still be possible to restore this phone... you'd just need to know the right commands to do it. By that I mean, I assume the developers probably changed the normal fastboot commands to some other arbitrary words; something that would allow them to test, develop and repeatedly re-flash their phones, yet prevent us from doing likewise.

    EDIT: I've added a photo of the AN0M logon screen. I did not see this originally and the calculator app was not available when I took my original set of photos... at that time I had recently done a factory reset on the phone. However, after some time a message popped up saying that Calculator was "Updated by your admin"... which seemed strange to me at the time, as this was not supposed to be a managed device.
    4
    If anyone else gets a phone running ArcaneOS, send me a message :)

    Also, you're famous, OP: https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor

    3
    I recently purchased a used Pixel 4a, and I now understand why the seller was offering such good price for it and why he refused to respond to me now I have it. This phone has ArcanseOS 10 installed, which has only 3 apps installed... Setting, Clock and Calculator. There is no Play Store app, no Phone app, nothing.

    The only useful reference to ArcaneOS I can find in the Googleverse is this one... https://translate.google.com.au/tra...rueck-flashen.973774.html&prev=search&pto=aue where the OP describes his troubles with a Pixel 3. Through the rough translation, I see similar issues... can't enable developer mode, can't unlock bootloader, can't sideload apps.

    Some random observations about this phone/OS...
    - The phone is in good condition. I used the supplied pin code to unlock it and did a factory reset. Have done basic config with my Google Account, etc.
    - In Settings > About Phone - the build number is not shown. I cannot tap on the build number 7 times to enable Developer Mode. I have tried tapping everything in About Phone 7+ times, but I have not been able to enable Developer Mode.
    - When the phone powers on, the first thing shown is a message like "Your device is loading a differennt operating system".
    - The installed OS is ArcaneOS 10. The system updater says that ArcaneOS 11 is available for download (but I don't want to do that in case it makes this thing even harder to fix).
    - I tried sideloading open_gapps and a random developer shortcut app I found, but I can't seem to get them to load.

    I'm no expert at this, so I've tried various commands that I found and got some of these results...
    (note: some details, esp path names, have been edit for brevity)

    >adb devices List of devices attached 09241JEC228869 sideload >adb shell error: closed >adb sideload open_gapps-arm64-10.0-stock-20210518.zip adb: sideload connection failed: no devices/emulators found adb: trying pre-KitKat sideload method... adb: pre-KitKat sideload connection failed: no devices/emulators found >adb sideload "by4a.setedit22_2018.10.31-18_minAPI11(arm64-v8a,armeabi-v7a,x86,x86_64)(nodpi)_apkmirror.com.apk" serving: 'by4a.setedit22_2018.10.31-18_minAPI11(arm64-v8a,armeabi-v7a,x86,x86_64)(nodpi)_apkmirror.com.apk' (~47%) adb: failed to read command: No error >adb shell settings put global development_settings_enabled 1 error: closed >adb root adb: unable to connect for root: closed >adb shell error: closed

    >fastboot --version fastboot version 31.0.2-7242960 >fastboot devices 09241JEC228869 fastboot >fastboot flash bootloader sunfish-rq2a.210505.002\bootloader-sunfish-s5-0.3-7062598.img Sending 'bootloader' (8357 KB) FAILED (remote: 'Download is not allowed on locked devices') fastboot: error: Command failed >fastboot flashing unlock FAILED (remote: 'Unrecognized command flashing unlock') fastboot: error: Command failed

    Any suggestions on how to unlock this device? Then I can flash it and restore it back to stock.

    Thanks

    PS. Please do not say "tap build number 7 times to enable Developer Mode/options". If you believe this is the solution, please re-read this post, and the linked/German post, then describe a different way of doing that task that doesn't rely on the build number being visible.
    3
    Thankyou for everyone's help with the unusual phone. I am no longer in possession of it and, for the time being, am unable to provide further details. I do have an interesting update to share, however I have made a commitment to keep this quiet for the time being. Once I have approval to tell you what I have recently learnt, I will...
    2
    Looks like you had an "Anom Phone"


    Might now be able to sell it for triple the price due to novelty