[ROM][11.0_r55]JAGUAR ONEPLUS 8 OFFICIAL V20.1 Updated May 11, 2022

Search This thread

optimumpro

Senior Member
Jan 18, 2013
7,341
14,708
OnePlus 8
You're forgetting the MSM tools have readback mode. This allows an attacker to backup all the partitions anyway and flash them later, so bootloader lock doesn't have much practical security. Also, MSM tools can be modified, so I'm pretty sure you can disable wipe on flash. Regardless, the backup method removes any tangible security benefits.

Regarding recoveries being able to unlock bootloader, I'm not sure that's possible. You have to boot into fastboot bootloader mode, not fastboot recovery mode to unlock the bootloader. Unless someone comes up with a bootloader attack, it's quite difficult to unlock bootloader from recovery.
I wasn't saying recovery could unlock bootloader, but rather, if OEM unlock is allowed, anyone could unlock from fastboot. Also, at least on Onepluses, recovery does the wiping, so if recovery is erased, there would be no wiping data. If OEM unlock is disabled, no fastboot action would be possible. Also, I think, although I never checked, that if EDL is disabled in kernel, that might prevent MSM flashing/backup.
 

razercortex

Senior Member
Apr 8, 2018
229
77
Ah, I see. Yes, OEM unlock does allow unlocking from fastboot, and the recovery is definitely in charge of wiping data, so I guess you can bypass it? Then again, I'm not sure how you'd remove verified boot on a locked bootloader. Might be nice to try.

Disabling EDL might be nice for security, but it's a very bad decision. It basically means your phone becomes a paperweight if there are no other recovery options available.
 

optimumpro

Senior Member
Jan 18, 2013
7,341
14,708
OnePlus 8
Ah, I see. Yes, OEM unlock does allow unlocking from fastboot, and the recovery is definitely in charge of wiping data, so I guess you can bypass it? Then again, I'm not sure how you'd remove verified boot on a locked bootloader. Might be nice to try.

Disabling EDL might be nice for security, but it's a very bad decision. It basically means your phone becomes a paperweight if there are no other recovery options available.
Verified boot - it's a matter of what partition is included. On my phone, everything is locked. For those who flash Gapps, system partitions are not included.
 

blair.sadewitz

Senior Member
Dec 24, 2014
246
53
You're forgetting the MSM tools have readback mode. This allows an attacker to backup all the partitions anyway and flash them later, so bootloader lock doesn't have much practical security. Also, MSM tools can be modified, so I'm pretty sure you can disable wipe on flash. Regardless, the backup method removes any tangible security benefits.
.
What? Are you serious? You're aware of readback mode and don't understand the security implications? If you rethink it, you will.

If you have an unlocked bootloader, the phone will boot or flash anything! Anyone could take your phone, plug it into their USB port, and:

fastboot boot twrp.img

Now they have a full-featured environment in which to do anything they want. Sure, userdata is encrypted, but so what? They can unpack your boot image and modify it to their heart's content! The possibilities are limited only by one's creativity! Ever flash magisk? Well, magisk is essentially the skeleton of a rootkit. Even a dilettante like me could manage all sorts of nefarious things without too much exertion!

An unlocked bootloader breaks the entire Android security model. Why do you think optimumpro bothered to support bootloader locking?
 

blair.sadewitz

Senior Member
Dec 24, 2014
246
53
You're forgetting the MSM tools have readback mode. This allows an attacker to backup all the partitions anyway and flash them later, so bootloader lock doesn't have much practical security. Also, MSM tools can be modified, so I'm pretty sure you can disable wipe on flash. Regardless, the backup method removes any tangible security benefits.

Regarding recoveries being able to unlock bootloader, I'm not sure that's possible. You have to boot into fastboot bootloader mode, not fastboot recovery mode to unlock the bootloader. Unless someone comes up with a bootloader attack, it's quite difficult to unlock bootloader from recovery.
Next time you unlock the bootloader, take the time to think about the message it prints on the screen! They aren't just saying that to mess with you. Every word is literally true. Read the message and really think it over.

https://www.reddit.com/r/LineageOS/comments/n7yo7u
 

razercortex

Senior Member
Apr 8, 2018
229
77
Next time you unlock the bootloader, take the time to think about the message it prints on the screen! They aren't just saying that to mess with you. Every word is literally true. Read the message and really think it over.

https://www.reddit.com/r/LineageOS/comments/n7yo7u

I'm not talking about bootloader unlocking. I'm talking about readback mode and the fact it can bypass bootloader locks. It means you shouldn't give your phone to anyone but yourself.
 

blair.sadewitz

Senior Member
Dec 24, 2014
246
53
I'm not talking about bootloader unlocking. I'm talking about readback mode and the fact it can bypass bootloader locks. It means you shouldn't give your phone to anyone but yourself.
Huh? It just dumps the partitions. That will get you precisely nowhere. Well, what do you mean by "bypass bootloader locks"?

Userdata is normally encrypted.
 

blair.sadewitz

Senior Member
Dec 24, 2014
246
53
I'm not talking about bootloader unlocking. I'm talking about readback mode and the fact it can bypass bootloader locks. It means you shouldn't give your phone to anyone but yourself.

Regarding what you said above: you seem to be somewhat confused. You said "it's not possible to unlock the bootloader from recovery". Well, of course not! The recovery is a kernel. You can't unlock the bootloader (unless there is some exploit, and if you have that, this conversation is irrelevant because it's all broken anyway) in recovery because you've already booted!

No one can get at anything unless they can decrypt userdata (_perhaps_ e.g. the NSA could do that if they really wanted to, that's about it). If the bootloader is unlocked, they could do an "evil maid" attack as that document I included mentions. Again, as I said, this is why bootloader locking exists: so you that you can be certain that what you are booting hasn't been tampered with.
 

razercortex

Senior Member
Apr 8, 2018
229
77
Regarding what you said above: you seem to be somewhat confused. You said "it's not possible to unlock the bootloader from recovery". Well, of course not! The recovery is a kernel. You can't unlock the bootloader (unless there is some exploit, and if you have that, this conversation is irrelevant because it's all broken anyway) in recovery because you've already booted!

No one can get at anything unless they can decrypt userdata (_perhaps_ e.g. the NSA could do that if they really wanted to, that's about it). If the bootloader is unlocked, they could do an "evil maid" attack as that document I included mentions. Again, as I said, this is why bootloader locking exists: so you that you can be certain that what you are booting hasn't been tampered with.

I seriously don't want to fight you over this. You can choose to believe what you want.
 

optimumpro

Senior Member
Jan 18, 2013
7,341
14,708
OnePlus 8
Regarding what you said above: you seem to be somewhat confused. You said "it's not possible to unlock the bootloader from recovery". Well, of course not! The recovery is a kernel. You can't unlock the bootloader (unless there is some exploit, and if you have that, this conversation is irrelevant because it's all broken anyway) in recovery because you've already booted!

No one can get at anything unless they can decrypt userdata (_perhaps_ e.g. the NSA could do that if they really wanted to, that's about it). If the bootloader is unlocked, they could do an "evil maid" attack as that document I included mentions. Again, as I said, this is why bootloader locking exists: so you that you can be certain that what you are booting hasn't been tampered with.
He is not confused, he is just talking about the fact that MSM tool can wipe the phone and even dump your partitions. But when he says that from the security point of view, locked bootloader doesn't provide any benefits, he is wrong:

Locked bootloader also allows AVB-2 to work, which means if partitions are locked, any change or attack via the internet, even if it succeeds, will be reversed on reboot. So, even if someone managed to install an invisible keylogger on such a phone, a simple reboot would get rid of it.
 
  • Like
Reactions: blair.sadewitz

blair.sadewitz

Senior Member
Dec 24, 2014
246
53
He is not confused, he is just talking about the fact that MSM tool can wipe the phone and even dump your partitions. But when he says that from the security point of view, locked bootloader doesn't provide any benefits, he is wrong:

Locked bootloader also allows AVB-2 to work, which means if partitions are locked, any change or attack via the internet, even if it succeeds, will be reversed on reboot. So, even if someone managed to install an invisible keylogger on such a phone, a simple reboot would get rid of it.
Oh. Well, sure, it can dump your partitions, but so what? Userdata is encrypted. Anyone with a mobile device who cares about security (I am not disparaging those who don't care much about it, BTW) should assume that an attacker will be able to access internal storage directly.

Re: bootloader. YES. That is exactly the point. The 'v' in AVB is key, heh. The sanctity (for some reason using that word here is hilarious to me) of the boot chain is critical.

Your keylogger example is what I meant by "evil maid attack". And the best rootkit I've ever seen is already available: magisk! ;-)

Incidentally, have you tried bkerler/edl on GitHub? It's pretty awesome.

Oh, BTW, do you have USB gadget support in your kernel?
 
Last edited:

optimumpro

Senior Member
Jan 18, 2013
7,341
14,708
OnePlus 8
February 8. New release, V-17

1. February security patches
2. Android r52
3. Regular webview, as opposed to bromite
4. Toggle to hide statusbar clock when launcher is active
5. New recovery that fixes 'not enough space' issues with some Gapps

Download in post #3.
 
  • Like
Reactions: redtrk

blair.sadewitz

Senior Member
Dec 24, 2014
246
53
February 8. New release, V-17

1. February security patches
2. Android r52
3. Regular webview, as opposed to bromite
4. Toggle to hide statusbar clock when launcher is active
5. New recovery that fixes 'not enough space' issues with some Gapps

Download in post #3.
You fixed the gapps problem? Awesome! That is why I gave up on this--and I didn't want to, either. This is the best ROM overall for this device, IMHO.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    May 11. New release V-20.1

    1. Redone adaptive brightness
    2. Call recording (bug introduced in V-20) fixed
    3. Captive portal: added 3 options Standard (Google), Alternative and Disabled; and moved to Settings/Network
    4. Fingerprint icons and colors made more transparent, so, now fingerpint works flawlessly.

    Download in post #3.
    1
    been using the ROM for a few days and it's lovely, fast, no fat. but battery seems to have taken a hit. I feel like it just drains a bit sooner during the day and I'm not on my phone much while working.

    anyone has any tips or kernels youve been using with this rom?
    It's not rom related. This rom has the best battery life of any Android rom I've ever installed on this device. It may be background apps that you have on your phone absorbing your battery faster than you like. Also you can not use any other kernel with this rom as it will not work correctly.
    1
    Can anyone enlighten me on how to get sky go app to work without crashing? On previous builds it worked fine but on latest it loads and opens yet go and play something and I either get an app error or it crashes. With or without magisk it's the same result. Thanks in advance for any assistance given.
    Try to toggle Captiveportal detection in Settings/Network/WIFI/WIFI preferences. Some apps like to be registered with Google, i.e., your every logon gets sent to Google for "better ways to serve you". I have had users from Oneplus 6 who even had soft reboots until they've toggled this.
    1
    I cannot seem to get the vanilla version to install pico gapps... keeps saying there's not enough space on the system partition
    Just dirty flash the full version that comes with Gapps.
    1
    So what leads you to that conclusion that OOS-12 does not support custom roms?
    I do not accept statements without something backing that statement up.
    And the thread right below this one {[ROM][12.1]CherishOS-3.7[UNOFFICIAL][Oneplus 8][05.14.2022]} does not mention anywhere in its first post about requiring Android 11. Please keep blanket statements like "this is what they all say" from making your statement false.


    This rom looks interesting, but I will instead look at an Android 12 rom.
    You should ask that person as to why he didn't put it into his instructions. I don't know. Maybe because he is not a developer, it's not his rom, and he simply compiled it. That's the difference between official and unofficial roms. In the latter case, the compiler has no control over the rom features. Or he just assumed that everyone knows that OOS-12 doesn't support custom roms.

    I do my own development and I know that OOS-12 firmware is not usable with custom roms, and I tell my users they need OOS-11 in both slots to install my rom, and so do other developers whether Android 11 or 12. But again, virtually everybody, who ever complained about running into installation problems, did that to him/herself by failing to read instructions.

    Best regards.
  • 8
    TELEGRAM CHANNEL ADDED: HERE
    TELEGRAM CHAT GROUP: HERE

    VERSION 19 FIXES SAFETYNET PASSING (WITH MAGISK 24.3)
    See detailed instructions here


    You can actually use alarm when the phone is OFF. It would boot 2 minutes before and trigger the alarm on time

    This is official build of Jaguar Rom.

    I have been building Android roms since 2012 for various devices including multiple Sonys, Lenovo Zuk, Oneplus 3, Oneplus 5 and Oneplus 6. You can check my Oneplus 6 or
    Oneplus 6T threads and browse my profile.

    Jaguar rom is focused on hardening of AndroidOS and kernel. As such, the rom has hardened bionic, art, framework and tightened security.

    1 Rom control with custom Power options, Statusbar, Buttons, Navbar, Quicksettings, Lockscreen, Notifications, Gestures, Themes etc...

    2. Heavily modified Art, Bionic System/Vold and System/Security

    3. Telephony response to Type Zero sms ('silently acknowledged') disabled

    4. Toggle to disable Captive Portal logging.

    5. Speakerphone proximity sensor toggle - could be set to automatically switch to speaker when not at the ear

    6. IMEI and phone numbers hidden in About menu

    7. Built-in encrypted DNS providers, such as: Cloudflare (US); LibreDns (Germany); AdguardDns (Cyprus); and PowerDns (Netherlands)

    8. Wakelock and Alarmblocker

    9. Fully working Call recording with the button visible in Dialer

    10. A choice between the latest Bromite and Vanadium webview

    11. Deskclock app modified to work with PowerOn alarm. The app will boot the phone 2 minutes before scheduled time to trigger the alarm on time

    12. Default Dark mode

    13. All regular customizations plus. You tell me which feature is missing.

    14. Prebuilt Magisk 23. You don't have to flash it, just install the attached Magisk.apk.


    Bugs: AOD working, but no info shown on lockscreen (works fine on other Onepluses)

    Install instructions

    1. Install Jaguar recovery via fastboot: reboot in fastboot and execute the following commands on your connected PC terminal:

    Code:
    fastboot flash recovery_a recovery.img
    fastboot flash recovery_b recovery.img

    2. Download the rom to your PC. Boot the phone into recovery, set recovery for sideloading, then type on your PC terminal (which should be opened in the same directory where you had downloaded the rom):
    Code:
    adb sideload 'name of the rom'

    3. Factory reset and reboot. You are done. If you want root, just install Magisk manager (apk) as a normal app.

    PICO Gapps has been tested successfully with this rom.


    All downloads are in post #3.

    All subsequent releases will be in post #3

    XDA:DevDB Information
    JAGUAR R, ROM for the OnePlus 8

    Contributors

    optimumpro

    Kernel Source Code: HERE

    ROM OS Version:
    11.x R
    ROM Kernel:
    Linux 4.x
    ROM Firmware Required:
    no lower than Android 11
    Based On: AOSP/Lineage/DirtyUnicorn/Crdroid

    Version Information
    Status:
    Stable
    Current Stable Version: See post #3
    Stable Release Date:
    2021-01-26

    Created: 2021-09-29
    Updated: 2022-05-11

    Credit: AOSP, Lineage, DU, Crdroid, GrapheneOS, CalyxOS Bromite webview
    7
    The rom could be used on locked bootloader (donate feature) with or without Gapps.

    The benefits of LOCKED BOOTLOADER combined with WORKING AVB-2 protection are:


    Get your DRM L1 certificate back. Most banking apps (if not all) will work with or without Magisk: you cimply get a warning 'your devices is rooted', but you can proceed to login

    Security: Nobody and nothing can modify Kernel, Recovery and Virtual Partitions without triggering a red screen of death with the message 'your device is corrupted and cannot boot'.

    At that point, the only option is to unlock bootloader. But, if a user had previously disabled OEM unlock in Developer settings, then unlocking becomes unavailable, and so does flashing via fastboot. In other words, if your phone gets into the hands of an adversary, their only option is to use MSM tool to make the phone work again, but no access to your data or any other partition.

    Why prebuilt Magisk? Because you can't modify kernel or recovery on locked bootloader post installation, and that's exactly what Magisk does.


    Also, see some screenshots attached:
    5
    November 3, New release V-14

    1. November security patches
    2. Android r49
    3. Updated vendor blobs
    4. Ambient display sensor fixed
    5. Snap camera replaced with Open Camera

    Download in post #3.

    P.S. To those who complained they couldn't find 'double tap to wake' toggle:

    Earlier, I posted a screenshot of my Oneplus 8 (not 8 Pro or T) that clearly showed the feature. Moreover, just to make sure, I did a clean flash of the latest release, and the feature appears in Settings/Display between 'Lockscreen' and 'Wake on plug'.

    So, if you still have a 'no show', that's not the rom, but addon(s) you've installed. Or, you used TWRP to restore data (TWRP is utterly incapable of restoring data without corruption) or a version of Gapps or Xposed or Magisk addons: you should know better which one... .
    5
    October 20. New release

    1. Built from scratch in a separate environment from other devices to get rid of conflicts.

    2. Clean-flashed on my own Oneplus 8: everything seems to be working

    Download in post #3.
    4
    March 23. New release.

    1. From now on there will be 2 versions of the rom Full and Vanilla
    2. Updated kernel, which includes Spectre 2 implementations
    3. Updated icons for Display calibration

    Download in post #3.