• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

[Pie/10/11] [System-as-root] Multidisabler: disables encryption, Vaultkeeper, auto-flash of stock recovery, proca, wsm, cass, etc.

Search This thread

erpilsG

Member
Nov 27, 2018
8
0
Samsung Galaxy Note 10 Lite
Multidisabler has to be flashed in TWRP, you are correct. There is just one thing I couldn't understand: where did you read multidisabler is compatible with Note 10 Lite?
Multidisabler has to be flashed in TWRP, you are correct. There is just one thing I couldn't understand: where did you read multidisabler is compatible with Note 10 Lite?


Thank you sir, actually im assuming that it is compatible, when i read this in "https://forum.xda-developers.com/t/...very-proca-wsm-cass-etc.3919714/post-79298928" i didn't realize that this one is for twrp only. Since i read the log version that its support also in note 10 lite (sm-n770f). Its 3 in the morning when i read it.
 

fabiokino

Member
Feb 14, 2010
12
2
Yes, if you edit the fstab, swap the commented out userdata entry for the active one, and reboot, the device will re-encrypt itself.

You will, however, lose access to /data from TWRP in the process. TWRP needs (the content of) /data to be unencrypted in order to read it.
Hi, I tried to swap the lines in fstab, but on reboot the system boots only to TWRP. Should I do something else apart from editing the fstab?
 

fabiokino

Member
Feb 14, 2010
12
2
I got encryption worked out, It's not great and it's very messy but it means I can keep encryption. You will lose all your data if you try an enable encryption so do this at your own risk. This was done on my Australian S10E running ASD5. I do not know if the /dev's and device sizes are the same on other models.

This method switches over to Full Disk Encryption instead of File Based Encryption. multidisabler already turns off FBE, these steps just make it so you can now use FDE instead. Using FDE unfortunately means you lose access to /data and the internal storage in twrp but at least there is still the other useful parts of twrp like backups and installs (as long as they don't write anything to /data).
While you can backup all the other partitions you can't use the built in TWRP function to backup /data. If you wish to backup /data you need to go to the terminal and use DD to make a .img file of the entire /dev/block/sda31 device. using dd results in a FULL image of the device (your /data and your internal_storage) I am still trying to work out a clean procedure for this as a raw backup results in a 110gb backup file and is very slow to backup and restore.

Due to the way rooted devices are booted using the recovery kernel you can not start the FDE process unless you are using the standard system booted kernel. I do not know why this is but encryption failed every time i tried to encrypt from Recovery instead of from System. This process has to be done from a clean freshly rooted state due to a weird issue where once you run magisk for the 1st time and it finishes its setup process trying to boot into unrooted system mode the UI crashes every time you enter the pin/password. This may be a temporary issue i am not sure i couldn't find a way around it so i did the encryption process before doing the magisk setup.

You will need to modify multidisabler and inside the disable_fbe function where it replaces fileencrypiton with encryptable you need to add "=footer" after "encryptable" so it looks like this.
Code:
 "sed -i -e 's/^\([^#].*\)fileencryption=[^,]*\(.*\)$/# &\n\1encryptable=footer\2/g' /vendor/etc/fstab.exynos9820"
This will allow for FDE storing the encryption key data at the end of the /data block device (/dev/block/sda31). If you do not have =footer then FDE does not work as it does not know where to store the encryption key data. You will need to install this modified version during the regular procedure where you would install the unmodified multidisabler. You cant install the modified multidisabler after you have run the regular version. Alternatively to modifying multidisabler from TWRP you can mount /vendor and manually edit /vendor/etc/fstab.exynos9820 to add "=footer" to the appropriate line.

This should be the step by step process to get FDE.
Follow the regular procedure for twrp+magisk+multidisabler
After the step of installing multidisabler and wiping data (before rebooting out of twrp)
1. unmount /data using the mount menu
2. go into the terminal or use the adb shell
Code:
run> e2fsck -f /dev/block/sda31
This is to make sure the filesystem is clean and you also need the value for the total number of blocks for the device. The output will look something like below. You need the last value which is the full size of the block device in my case it is "29083648"
Code:
/dev/block/sda31: 12/7274496 files (0.0% non-contiguous), 602886/[B]29083648[/B] blocks

3. Now you need to resize the filesystem as FDE requires at least 16k at the end of the partition to write its key data. Assuming other devices are the same the block size is 4K per block you will need 4 blocks for 16K. So to get the new size subtract 4 from your total number of blocks in my case 29083648 - 4 = 29083644
Code:
run> resize2fs /dev/block/sda31 [B]29083644[/B](where the number is your number of blocks from above)
You will get an output like this
Code:
resize2fs 1.43.3 (04-Sep-2016)
Resizing the filesystem on /dev/block/sda31 to [B]29083644 [/B](4k) blocks.
The filesystem on /dev/block/sda31 is now [B]29083644 [/B](4k) blocks long.

4. Run e2fsck again to make sure the partition is clean.
Code:
run> e2fsck -f /dev/block/sda31
5. Reboot into regular system mode
6. go through regular setup for your device. This can be a real setup as you will not be wiping again.
7. in Settings you can now encrypt the device with full disk encryption. Make sure you set a pin/password 1st but then go to the encryption option and start encryption. I suggest just doing the fast encryption but you can do a full slow encryption if you want
8. Once encrypted boot into system mode again, you should be prompted for your pin/password on boot. If this worked then you have FDE enabled. You can now reboot into Recovery and boot with root enabled into the OS and finish your magisk root setup.

Thank you for the detailed explanation!
I was able to encrypt my device once, but then on boot after displaying the lock/decryption animation I got an error saying that something went wrong with the decryption and asking to factory reset. So I figured I did something wrong and tried to repeat the process.
The problem is that I'm not able to get the same result any more...
These are the steps that I'm following, trying to start from a completely clean system:
  1. Install the stock rom from Odin (tried with only AP and also with BL, AP, CP, CSC)
  2. Install vbmeta_disabled USERDATA
  3. Reboot into recovery and wipe data/factory reset
  4. Reboot to download and Install TWRP
  5. Reboot into TWRP
  6. Install modified multidisabler with FDE (encryptable=footer)
  7. Format data + unmount data
  8. From adb shell, e2fsck + resize2fs with -4 size + check new size
  9. Reboot system + initial setup (setting password lock)
  10. From settings, try to encrypt the device
The result is that the system is stuck in the initial "ecrypting..." screen and never starts the actual encryption.

I tried this with Magisk zip installation between steps 5 and 6, then between steps 6 and 7 and also without Magisk installation, but the result is always the same.

Note: often in step 8 when launching resize2fs I get the error "Please run 'e2fsck -f /dev/block/sda31' first.". The only way to solve this is to start booting into system, abort, then return to step 5.

The strange thing is that the procedure worked the first time, I don't remember having done anything different... It's like something remains dirty even after reflashing the rom.
Another strange thing is that often I get the resize2fs error, but rarely not,for example if before starting from step 1 I did something different, like tried to restore an image or so (didn't figure out exactly what). Again, it's like flashing the image leaves something dirty.

Do you have any suggestions?
 

Heeni

Senior Member
Dec 25, 2020
82
17
Auckland NZ
I installed TWRP 3.5.0_9-0 from this thread, ran multi-disabler v. 2.7, then formatted /data. The device is SM-T290 (Galaxy Tab A 8.0in (2019)).

Now I can't set a PIN, pattern or password. If I try, I get the "Screen lock was already changed. Try again with the new screen lock." error, and I'm stuck with swipe or nothing. This affects the stock ROM, Magendanz's Nexus-based ROM and LineageOS 17 and 18 Treble ROMs. If I reflash stock, I can set a PIN/password again, but as soon as I install TWRP, I can't.

What might be causing this? Anything in multi-disabler? If not, where else might I look?
 
I installed TWRP 3.5.0_9-0 from this thread, ran multi-disabler v. 2.7, then formatted /data. The device is SM-T290 (Galaxy Tab A 8.0in (2019)).

Now I can't set a PIN, pattern or password. If I try, I get the "Screen lock was already changed. Try again with the new screen lock." error, and I'm stuck with swipe or nothing. This affects the stock ROM, Magendanz's Nexus-based ROM and LineageOS 17 and 18 Treble ROMs. If I reflash stock, I can set a PIN/password again, but as soon as I install TWRP, I can't.

What might be causing this? Anything in multi-disabler? If not, where else might I look?
looks like the problem discussed in the Cruel kernel topic
That can help after install twrp to not to have a problem with lock screen
 

Heeni

Senior Member
Dec 25, 2020
82
17
Auckland NZ
I'm assuming this is about changing the patch level date in TWRP to match boot.img? I've tried doing that and it's made no difference. (I've also tried removing locksettings.db, and it also makes no difference.)

If I've misunderstood the process, please let me know what I should be doing.

Also, if this topic should be continued elsewhere, likewise please point me in the right direction.
 

Nico04

Member
Oct 15, 2019
23
32
Argentina
Hi bro.
Well, the A30 is weird, it doesn't work with the multidisabler because this phone has different files.
Do you know how to disable vaultkeeper and proca on A30?
Please, i need your help
 

Heeni

Senior Member
Dec 25, 2020
82
17
Auckland NZ
Thanks. I've previously read and tried those things.

My latest information is in https://forum.xda-developers.com/t/root-for-sm-t290-tab-a-8-0-2019.3965624/post-84572623 and the posts following. It seems that Samsung security service will no longer allow screen lock to be set. So I can have stock ROM (including recovery) and screen lock, or a customised tablet without screen lock.

If anyone has one of these tablets with custom recovery/ROM and is able to set a lock, I'd LOVE to know how they've done it.
 
  • Like
Reactions: Magendanz

Vuska

Senior Member
Jul 26, 2010
1,680
422
Bandung
hI.... anyone please with info..

I use Samsung s10+ Snapdragon (G9750), and want to update to Android 11 (One UI 3.0).
What TWRP version should i use ? and which MultiDisabler version...?

Help please...
 

RaXelliX

Senior Member
Apr 12, 2012
134
47
Tallinn
I assume this has been posted but the ZIP from GitHub is incorrect. When opening it has the multidisabler-samsung-3.1 folder inside it and then META-INF folder inside that.

This means that flashing fails in TWRP.


I unpacked it and repacked so when opening the zip i could see META-INF. Then it flashed just fine.

EDIT: the zip posted here is correct. So it seems the problem is only with the GitHub version.
 

Norderaue

Member
Dec 7, 2017
22
4
I installed multidisabler-samsung-3.1.zip with TWRP on my S20 FE 5g, and since then the fingerprint sensor is totaly out of work (no optical light starts to scan then fingertrint icon is touched).
I already tried a factory reset, reflashed the stock firmware with odin, got rid of TWRP but still fingerprint is out of order...
Could the multidisabler be responsable for this? And if yes, is there anything I could do against it?
 

Norderaue

Member
Dec 7, 2017
22
4
I installed multidisabler-samsung-3.1.zip with TWRP on my S20 FE 5g, and since then the fingerprint sensor is totaly out of work (no optical light starts to scan then fingertrint icon is touched).
I already tried a factory reset, reflashed the stock firmware with odin, got rid of TWRP but still fingerprint is out of order...
Could the multidisabler be responsable for this? And if yes, is there anything I could do against it?
Problem solved with flashing of newest Android 11 firmware.
 
  • Like
Reactions: tombbb and okij

maximuscesar

Senior Member
May 31, 2012
89
2
Rio de Janeiro
Folks, I have a bank application that I could not get to work in any way so I am getting back to stock. My question is: how do I re-enable stuff as much as I can? I can't even relock the bootloader because the the vol down+bixby combo don't work to get me to Download mode anymore, I can only get to it through recovery.
 

cris royal (Elec)

Senior Member
Mar 20, 2017
138
40
Kingston
Folks, I have a bank application that I could not get to work in any way so I am getting back to stock. My question is: how do I re-enable stuff as much as I can? I can't even relock the bootloader because the the vol down+bixby combo don't work to get me to Download mode anymore, I can only get to it through recovery.
yes you can lock the unlock bootloader back....
VOl- & Bixby button at the same time, after you open Odin then plug a fully functional USB cable in...👍🏽
 

maximuscesar

Senior Member
May 31, 2012
89
2
Rio de Janeiro
yes you can lock the unlock bootloader back....
VOl- & Bixby button at the same time, after you open Odin then plug a fully functional USB cable in...👍🏽
this simply doesn't work anymore, when I plug the cable holding Vol- & Bixby button the screen lights like it is charging. I know the problem is not the cable because if I do Vol+ & Bixby button it goes to the stock recovery, from there I can select "reboot to download mode" and flash stuff with odin just fine. It is possible that even after flashing stock recovery it retained the kernel from the custom rom I was using before? I was in NobodyROM.
In any case, what I really want is re-enable the stuff I disabled with Multidisabler.
 

zfk110

Senior Member
Jan 11, 2014
1,010
200
Atlanta
If rooting with Magisk alone and in accordance with John Wu's instructions, this disabler isn't needed. If you're going to use a rooted TWRP image instead of stock recovery, however, then you're probably going to want to flash it.
I'm on Android Q 10 but it is saying it won't run on Oreo
 

Philnicolls89

Senior Member
Jun 28, 2019
604
244
32
A.C.T
this simply doesn't work anymore, when I plug the cable holding Vol- & Bixby button the screen lights like it is charging. I know the problem is not the cable because if I do Vol+ & Bixby button it goes to the stock recovery, from there I can select "reboot to download mode" and flash stuff with odin just fine. It is possible that even after flashing stock recovery it retained the kernel from the custom rom I was using before? I was in NobodyROM.
In any case, what I really want is re-enable the stuff I disabled with Multidisabler.
I'm all you want is to re enable the things that multidisabler disabled then simply reflash firmware via Odin. This will overwrite anything that multidisabler did.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 135
    The multi-disabler started life on the Exynos S10 range, the first Samsung devices to launch with Android 9 (Pie). Since then, it has grown to support a great many Samsung devices running either Android 9, 10 or 11, and with either an Exynos or a Qualcomm SoC at their core. This includes the S10 and S20 series, the N10 and N20 series, the A10 - A70 series, the Tab A and Tab S series, Z Flip and (Z) Fold devices, and many more.

    When flashed onto a compatible device, the multi-disabler will semi-permanently disable a number of device protection features and services that become problematic on a rooted device. Some pose a threat to the rooted state of the device, while others become dysfunctional and generate a flood of log messages. Semi-permanently in this context means that the disablement will persist until re-enabled by the user, for example as a side-effect of flashing new firmware with Odin. You will therefore need to reflash the multi-disabler every time you perform a system-wide firmware update.

    The methodology of the multi-disabler is the path of least intervention. This means that for any given device, only those services that must be disabled to ensure the smooth operation of the device will be tackled.

    The following is a list of features disabled by the multi-disabler on Samsung devices launched in 2019:

    • FBE (file-based encryption): Until this is disabled, most versions of TWRP — all for Exynos devices and many for Qualcomm — cannot read files on /data (the userdata partition). You must format /data to actually remove FBE after disabling it. Back up your data first!
    • Vaultkeeper: Magisk now dynamically disables this during boot, but if you boot outside of Magisk, it will return with a vengeance on some devices.
    • Process authentication (a.k.a. proca): This service must be disabled on some devices in order to use a custom kernel without problems. Note that all 2019 devices with TWRP utilise a custom kernel for Android, because the same kernel is shared by Magisk to boot the system. This does not apply to devices lauched in 2020 and later.
    • Stock recovery auto-restoration: In certain circumstances, your device will automatically restore its stock recovery partition, overwriting your custom recovery (TWRP). Magisk now also provides dynamic protection against this, but again, this will not save you if you boot outside of Magisk.
    • wsm: On Android 10 and 11, this service prevents Samsung smartwatches from connecting to the Galaxy Wearable app.
    • Extra services are disabled as needed per device.

    Furthermore, when the ZIP file is renamed to contain the string _btfix somewhere in the name and the file is then flashed on a supported Android 10 device, the system's libbluetooth.so library will be patched in situ to prevent the loss of Bluetooth pairings across reboots. This is a recurring issue with many rooted Samsung devices manufactured before 2020 and updated to Android 10. Devices launched in 2020 and later do not need this patch.

    The multi-disabler's support for this solution is limited to a relatively small number of Samsung devices and is deprecated as of v3.0. It will be removed in a future release.

    If you find that patching fails on your device, please refer to Arthur Trouillot's superior libbluetooth patcher, which supports a much wider variety of devices.

    The multi-disabler is written in Bourne shell, so you can — and ideally should — audit the code yourself to ensure its safe operation. It's performing open-heart surgery on the software of your device, so you should not simply trust it. Apart from anything else, bugs can creep in from time to time, despite or sometimes even because of my refactoring of the code.

    The multi-disabler is idempotent, which means you can safely flash it multiple times without incurring unintended side-effects.

    The package is attached to this posting and the code is available on GitHub.
    25
    Change log

    v3.1 (2020-12-30)

    • Fix failure to detect a Samsung device on some versions of TWRP.
    • Make deprecated libbluetooth patching also work on devices originally launched on Android 9 and later updated to Android 11.

    v3.0 (2020-12-29)

    • Add support for Android 11.
    • All Samsung devices running Android 9 or later are now implicitly supported.
    • Fix bug that caused disablement of stock recovery auto-reflash to fail on Android 10 devices.
    • Improve progress and error reporting.

    v2.6 (2020-10-05)

    • Add support for the North American Z Fold2 (F916U/U1).
    • Add support for the A71 (A715F).
    • Add support for the Note10 Lite (N770F).

    v2.5 (2020-09-14)

    • Fix issue of 2019 devices upgraded to OneUI 2.5 (DTH firmware) not booting after flashing.
    • Add failsafe logic for robust mounting of System partition by devices using very recent TWRP builds from the Android 10 branch (e.g. S20, N20, Tab S7 and Z Fold2).
    • Disable cass service on S10 and N10 series devices (required for OneUI 2.5).
    • Added an extra path to files searched for Vaultkeeper service disabling.
    • Added an extra path to files searched for cass service disabling.
    • Added support for the Z Fold2 (F916B/N and F9160).

    v2.4 (2020-09-10)

    • Added support for many new 2020 devices, such as the S20 and Note20 ranges, as well as the Tab S7 and Tab S7+ ranges.
    • Fixed mode of patched Bluetooth library to match original.
    • Other minor bug fixes.

    v2.3 (2020-04-11)

    • Support Snapdragon-based devices that have been upgraded to Android 10, such as the F900[FN] (Fold), F907[BN] (Fold 5G), T860 (Tab S6) and T865 (Tab S6 LTE), as well as Asian S10 and Note10 models.
    • Improve robustness of libbluetooth patching.

    v2.2 (2019-12-13)

    • Disable wsm service to allow Samsung smartwatches to connect to Galaxy Wearable app (thanks to Andrei Seitan).
    • Support optional patching of system libbluetooth.so for retention of Bluetooth pairings across reboots (thanks to Arthur Trouillot).
    • Remove undocumented interactive mode.

    v2.1 (2019-12-04)

    • Fix disabling of Vaultkeeper and proca in the vendor interface manifest.
    • Add support for N971N (Korean N10 5G).

    v2.0 (2019-11-30)

    • Add support for Exynos-based devices upgraded to Android 10.
    • Add support for T72[05].

    v1.7 (2019-10-20)

    • Add generic support for Qualcomm devices.
    • Support the Qualcomm S10 (G9700, G9730 and G9750), Note10 (N9700, N9750 and N9760), Tab S6 (T860 and T865) and Fold (F900F and F907B) ranges.
    • Add support for more Korean (N type) variants.

    v1.6 (2019-09-18)

    • Add support for more variants of A50: A505([YG]N|G).
    • Fix A205G detection.

    v1.5 (2019-09-13)

    • Added support for A10 - A50 and Tab A 10.1.

    v1.41 (2019-08-28)

    • Added support for N976B (Note 10+ 5G).

    v1.4 (2019-08-28)

    • Changed regex that caused too much of $ANDROID_ROOT/init.rc to be commented out by some versions of sed(1).

    v1.3 (2019-08-18)

    • Updated to work with TWRP 3.3.1-6_ianmacd and later for the S10 range.
    • Added support for Note 10 and Note 10+ F and N model devices.

    v1.2 (2019-06-17)

    • Added support for G977B (S10 5G) model devices.

    v1.1 (2019-04-22)

    • Fixed stock recovery auto-reflash prevention.
    • Added support for N (Korean) model S10 devices.

    v1.0 (2019-04-09)

    • Initial version, supporting F model S10 devices.
    11
    Version 2.2 released.

    Change log

    v2.2 (2019-12-13)

    • Disable wsm service to allow Samsung smartwatches to connect to Galaxy Wearable app (thanks to Andrei Seitan).
    • Support optional patching of system libbluetooth.so for retention of Bluetooth pairings across reboots (thanks to Arthur Trouillot).
    • Remove undocumented interactive mode.

    See the OP for details of how to indicate that you want libbluetooth.so to be patched.
    11
    Just a question: is this to be flashed after rooting with johnwu magisk root process or which rooting method would u advice?

    If rooting with Magisk alone and in accordance with John Wu's instructions, this disabler isn't needed. If you're going to use a rooted TWRP image instead of stock recovery, however, then you're probably going to want to flash it.
    11
    Version 2.0 released.

    This major version bump heralds the addition of support for Android 10.

    Earlier this week, the S10 series became the first Samsung devices to receive an official production release of Android 10. It's a fitting development for the product line that was also Samsung's first to come with Android 9 earlier this year. Indeed, those devices are what inspired the multi-disabler project that has since expanded to so many other devices.

    Change log

    v2.0 (2019-11-30)

    • Add support for Android 10.
    • Add support for T72[05].