Why use no-verity-opt-encrypt zip file?

Search This thread

Bondyuk

Member
Jun 29, 2010
11
1
I rooted my Chinese phone without a custom recovery (haven't bothered for last few phones).
However, I am considering putting TWRP on and when I had a quick look on the Internet to see if one was around for my phone (being a Chinese phone) I naturally came across rooting guides and I noticed they seem to talk about flashing a no-verity-opt-encrypt zip file.

I do not understand why this file is needed?

To cut a long story short...

I extracted what I needed from the stock rom, patched with Magisk as normal and flashed using fastboot.
Then to bypass a bootloop from a signature mismatch because of Android verified boot, I flashed vbmeta using the following options:

--disable-verity --disable-verification

Android boots fine and my device is rooted (verified by Magisk and root checker app).

So why is there the need to flash the additional file no-verity-opt-encrypt zip?

People seem to be using it on many devices so there must be a reason I am missing.
 
  • Like
Reactions: YashvirGaming

vp1117

Senior Member
Jan 30, 2019
85
12
Point is: your Chinese phone is not the only phone China produced. In my Chinese phone you cannot flash neither modified boot.img nor modified recovery.img. If you try, phone swithes to red state

And my Chinese phohe has empty vbmeta partition (ROM is based on android 8.1), so, evidently, it is not vbmeta but some other mechanism that prevents me from rooting my phone or from flashing TWRP/boot. And for those who are proud owners of such ****ty Chinese phones like mine, using verity disabler script might be the last resourt.

I'll tell you even more: with your Chinese phone you still could flash vbmeta using fastboot. Ho-ho-ho-ho.... Not true Chinese phone. Look at mine! It does NOT allow you to use fastboot for flashing. That is real Chinese phone!!

/However, I have no idea how am I supposed to flash verity disabler script if I don't have TWRP... If someone could help me with that.../
 
Last edited:

Bondyuk

Member
Jun 29, 2010
11
1
I am not sure you understand what I mean (sorry I probably was not clear).

Red State is absolutely correct for what you have done AND more importantly for you, if you copy the way I have done it you should remove the verification.
Your phone should return to Orange State and your device will be rooted without the need to flash/use TWRP or the no-verity-opt-encrypt zip file.

However, I do not understand what you mean when you say you can't flash using fastboot?
If I remember correctly, when my phone was in Red State it was difficult to enter Fastboot because it was in a Bootloop, but once you do you can flash as normal?

I can only give you advice flashing by Fastboot. So assuming you can (as above) then forget what the guides tell you and simply do this...

fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img

fastboot reboot


Your phone should reboot, show Orange state and boot into Android. If you patched with Magisk correctly it should be rooted. You can verify this in the Magisk app and any root checker app.

Note: I am using Android 10 not 8
 

vp1117

Senior Member
Jan 30, 2019
85
12
However, I do not understand what you mean when you say you can't flash using fastboot?
Better to see it once than to hear many times. This is how true Chinese phone (mine) behaves:

Code:
Z:\android\adb>adb reboot bootloader

Z:\android\adb>fastboot flash vbmeta vbmeta.img
Sending 'vbmeta' (4 KB)                            OKAY [  0.006s]
Writing 'vbmeta'                                   FAILED (remote: 'unknown command')
fastboot: error: Command failed

Z:\android\adb>fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (4 KB)                            OKAY [  0.009s]
Writing 'vbmeta'                                   FAILED (remote: 'unknown command')
fastboot: error: Command failed

Z:\android\adb>


Apart from this ugly fastboot implementation I should stress once again that vbmeta partition on my device is blank meaning the partition has all zeroes. Also, this partition is NOT supposed to be flashed when I flash stock ROM. Here's what is there in rawprogram0.xml:
Code:
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="vbmeta"  ...
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="vbmetabak" ...

To sum up: I do not believe any vbmeta juggling would help me.
 
Last edited:

Bondyuk

Member
Jun 29, 2010
11
1
Better to see it once than to hear many times. This is how true Chinese phone (mine) behaves:

Code:
Z:\android\adb>adb reboot bootloader

Z:\android\adb>fastboot flash vbmeta vbmeta.img
Sending 'vbmeta' (4 KB)                            OKAY [  0.006s]
Writing 'vbmeta'                                   FAILED (remote: 'unknown command')
fastboot: error: Command failed

Z:\android\adb>fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (4 KB)                            OKAY [  0.009s]
Writing 'vbmeta'                                   FAILED (remote: 'unknown command')
fastboot: error: Command failed

Z:\android\adb>


Apart from this ugly fastboot implementation I should stress once again that vbmeta partition on my device is blank meaning the partition has all zeroes. Also, this partition is NOT supposed to be flashed when I flash stock ROM. Here's what is there in rawprogram0.xml:
Code:
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="vbmeta"  ...
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="vbmetabak" ...

To sum up: I do not believe any vbmeta juggling would help me.

What happens when you try this:

adb reboot bootloader
fastboot unlock flash
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img



There should actually be two implementations of Fastboot. The main one you reboot into and another called Fastboot.d within the recovery.
 

Bondyuk

Member
Jun 29, 2010
11
1
Are you saying any boot.img properly patched by Magisk and flashed to the phone should cause red state?

I am not sure, it does on mine.

The device verifies the boot.img checksum to make sure it is original/stock. Because Magisk modifies the boot.img it will no longer pass verification and puts the device into Red state.

As far as I am aware this is part of AVB so it only affects devices using it. I am not sure when it was implemented (Android 8, 9 or 10)
 

vp1117

Senior Member
Jan 30, 2019
85
12
What happens when you try this:

fastboot unlock flash

This command does not exist. Probably what you meant me to try is this:

Z:\android\adb>fastboot flashing unlock
FAILED (remote: ' Device already : unlocked!')
fastboot: error: Command failed

Z:\android\adb>



There should actually be two implementations of Fastboot. The main one you reboot into and another called Fastboot.d within the recovery.
Fastboot.d is something which was introduced in A10. I'm on A8.
 
Last edited:

vp1117

Senior Member
Jan 30, 2019
85
12
Because Magisk modifies the boot.img it will no longer pass verification and puts the device into Red state.
Then every phone owner would shout "It does not work!" and magisk project would be closed soon. However, it does not happen. It means that only selected models are built in such a nasty way that they expect modified partition to be signed by vendor's key.

I do not have knowledge enough to continue this discussion. I just wanted to respond to your initial question as to why people might need verity-disabler script. There are different phones with different android versions, with different security implementation and not always you can achieve your goal following standard fastboot flashing commands.
 
Last edited:
D

Deleted member 1890170

Guest
@vp1117

To keep you updated:

The vbmeta image is cryptographically signed and contains verification data (e.g. cryptographic digests) for verifying boot.img, system.img, and other partitions/images.
Contents of vbmeta image is parsed by bootloader as 1st thing of all things unless parsing got disabled.
The vbmeta's signing basically must not be of interest to you, the vbmeta's signature key must never get changed by anyone.

To prepare modding phone's Android OS one run ADB / Fastboot commands as follows

Code:
adb devices
adb reboot fastboot
fastboot reboot fastboot 2>nul
fastboot flashing unlock
fastboot reboot
adb reboot fastboot
fastboot reboot fastboot 2>nul
fastboot --disable-verification --disable-verity flash vbmeta vbmeta.img
fastboot reboot

where the vbmeta.img what gets passed to Fastboot should get pulled out from phone before thus it's size is matching.
 
Last edited by a moderator:
  • Like
Reactions: vp1117 and Bondyuk

Bondyuk

Member
Jun 29, 2010
11
1
@vp1117

To keep you updated:

The vbmeta image is cryptographically signed and contains verification data (e.g. cryptographic digests) for verifying boot.img, system.img, and other partitions/images.
Contents of vbmeta image is parsed by bootloader as 1st thing of all things unless parsing got disabled.
The vbmeta's signing basically must not be of interest to you, the vbmeta's signature key must never get changed by anyone.

where the vbmeta.img what gets passed to Fastboot should get pulled out from phone before thus it's size is matching.

Thank you Jwoegerbauer.
This is a clear and well written explanation.

Do you know if the no-verity-opt-encrypt zip file actually needs to be flashed in TWRP, rather than simply flashing vbmeta with the --disable-verification --disable-verity options?
 

Bondyuk

Member
Jun 29, 2010
11
1
Z:\android\adb>fastboot flashing unlock
FAILED (remote: ' Device already : unlocked!')
fastboot: error: Command failed

Z:\android\adb>

I find it really hard to believe they modified fastboot so drastically.
What I don't understand is that the flash command obviously does work, because you say that when you flash boot or recovery your phone enters Red state?!

Do you have another Thread about your problem?

If so post a link here, I would be interested to see what you have tried and see if I can help
 
D

Deleted member 1890170

Guest
Thank you Jwoegerbauer.
This is a clear and well written explanation.

Do you know if the no-verity-opt-encrypt zip file actually needs to be flashed in TWRP, rather than simply flashing vbmeta with the --disable-verification --disable-verity options?
The no-verity-opt-encrypt.zip must only be applied on Android OS versions that don't come with vbmeta.img, means where dm-verity is incorporated in Android's boot.img.
 

vp1117

Senior Member
Jan 30, 2019
85
12
What I don't understand is that the flash command obviously does work, because you say that when you flash boot or recovery your phone enters Red state?!
Comon! Luckily, fastboot is not the only flashing tool on earth. I use QFIL for that.

I created 2 threads recently.
One was regarding custom recovery: https://xdaforums.com/t/360-n6-lite-qiku-in-desperate-need-of-twrp-recovery.4273965/
Another - how to root the phone: https://xdaforums.com/t/360-n6-lite-qiku-help-is-needed-to-root-the-device.4277407/

I'm planning to add questions on AVB to the 2nd thread.
 

Bondyuk

Member
Jun 29, 2010
11
1
The no-verity-opt-encrypt.zip must only be applied on Android OS versions that don't come with vbmeta.img, means where dm-verity is incorporated in Android's boot.img.

That makes sense.
Could you manually do it by opening the boot.img in a hex editor, finding the verification or dm-verify string and zeroing it out?

Surely Magisk would do this as part of its patching process?

I must be wrong because otherwise the zip file would not be needed again
 

shanramzan

New member
Nov 20, 2016
2
0
Point is: your Chinese phone is not the only phone China produced. In my Chinese phone you cannot flash neither modified boot.img nor modified recovery.img. If you try, phone swithes to red state

And my Chinese phohe has empty vbmeta partition (ROM is based on android 8.1), so, evidently, it is not vbmeta but some other mechanism that prevents me from rooting my phone or from flashing TWRP/boot. And for those who are proud owners of such ****ty Chinese phones like mine, using verity disabler script might be the last resourt.

I'll tell you even more: with your Chinese phone you still could flash vbmeta using fastboot. Ho-ho-ho-ho.... Not true Chinese phone. Look at mine! It does NOT allow you to use fastboot for flashing. That is real Chinese phone!!

/However, I have no idea how am I supposed to flash verity disabler script if I don't have TWRP... If someone could help me with that.../
you are right i am also facing this problem on my vivo y20 phone if you find any solution tell me
 

YashvirGaming

Member
Jul 17, 2023
7
0
So do i flash the TWRP first then the

No Verity Op Encrypt Zip File​

or which one to flash first?

Is there anyway that all my passwords saved in Google accounts going to the Owner or people who coded that Custom ROM ?
Some people says Custom rom has like backdoor or something stealer, cookies, password stealer and send to their WEBHOOK

That true or false.
 

YashvirGaming

Member
Jul 17, 2023
7
0
I rooted my Chinese phone without a custom recovery (haven't bothered for last few phones).
However, I am considering putting TWRP on and when I had a quick look on the Internet to see if one was around for my phone (being a Chinese phone) I naturally came across rooting guides and I noticed they seem to talk about flashing a no-verity-opt-encrypt zip file.

I do not understand why this file is needed?

To cut a long story short...

I extracted what I needed from the stock rom, patched with Magisk as normal and flashed using fastboot.
Then to bypass a bootloop from a signature mismatch because of Android verified boot, I flashed vbmeta using the following options:

--disable-verity --disable-verification

Android boots fine and my device is rooted (verified by Magisk and root checker app).

So why is there the need to flash the additional file no-verity-opt-encrypt zip?

People seem to be using it on many devices so there must be a reason I am missing.
\\

@vp1117

So Which file Do i flash the TWRP first then the No Verity Op Encrypt Zip File
or which one to flash first?

Is there anyway that all my passwords saved in Google accounts going to the Owner or people who coded that Custom ROM ?
Some people says Custom rom has like backdoor or something stealer, cookies, password stealer and send to their WEBHOOK

That true or false.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    Point is: your Chinese phone is not the only phone China produced. In my Chinese phone you cannot flash neither modified boot.img nor modified recovery.img. If you try, phone swithes to red state

    And my Chinese phohe has empty vbmeta partition (ROM is based on android 8.1), so, evidently, it is not vbmeta but some other mechanism that prevents me from rooting my phone or from flashing TWRP/boot. And for those who are proud owners of such ****ty Chinese phones like mine, using verity disabler script might be the last resourt.

    I'll tell you even more: with your Chinese phone you still could flash vbmeta using fastboot. Ho-ho-ho-ho.... Not true Chinese phone. Look at mine! It does NOT allow you to use fastboot for flashing. That is real Chinese phone!!

    /However, I have no idea how am I supposed to flash verity disabler script if I don't have TWRP... If someone could help me with that.../
    2
    D
    Deleted member 1890170
    @vp1117

    To keep you updated:

    The vbmeta image is cryptographically signed and contains verification data (e.g. cryptographic digests) for verifying boot.img, system.img, and other partitions/images.
    Contents of vbmeta image is parsed by bootloader as 1st thing of all things unless parsing got disabled.
    The vbmeta's signing basically must not be of interest to you, the vbmeta's signature key must never get changed by anyone.

    To prepare modding phone's Android OS one run ADB / Fastboot commands as follows

    Code:
    adb devices
    adb reboot fastboot
    fastboot reboot fastboot 2>nul
    fastboot flashing unlock
    fastboot reboot
    adb reboot fastboot
    fastboot reboot fastboot 2>nul
    fastboot --disable-verification --disable-verity flash vbmeta vbmeta.img
    fastboot reboot

    where the vbmeta.img what gets passed to Fastboot should get pulled out from phone before thus it's size is matching.
    1
    I rooted my Chinese phone without a custom recovery (haven't bothered for last few phones).
    However, I am considering putting TWRP on and when I had a quick look on the Internet to see if one was around for my phone (being a Chinese phone) I naturally came across rooting guides and I noticed they seem to talk about flashing a no-verity-opt-encrypt zip file.

    I do not understand why this file is needed?

    To cut a long story short...

    I extracted what I needed from the stock rom, patched with Magisk as normal and flashed using fastboot.
    Then to bypass a bootloop from a signature mismatch because of Android verified boot, I flashed vbmeta using the following options:

    --disable-verity --disable-verification

    Android boots fine and my device is rooted (verified by Magisk and root checker app).

    So why is there the need to flash the additional file no-verity-opt-encrypt zip?

    People seem to be using it on many devices so there must be a reason I am missing.
    1
    D
    Deleted member 1890170
    Could you manually do it by opening the boot.img in a hex editor, finding the verification or dm-verify string and zeroing it out?
    Look inside file boot-patcher.sh that comes with the no-verity-opt-encrypt.zip to see how patching boot.img is done.