vitalif
/
multidisabler-a73
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
multidisabler-a73/multidisabler

459 lines
13 KiB
Bash
Executable File
Raw Permalink Blame History

#!/system/bin/sh
#
# A simple Samsung services disabler by Ian Macdonald.
# Enhanced by afaneh92 for Galaxy S22 - https://github.com/mohammad92/android_device_samsung_g0s
# Then enhanced by vitalif for Galaxy A73 - https://yourcmc.ru/git/vitalif/multidisabler-a73 :-)
# With F2FS and "SUPER" partition support.
#
# Use this _JUST_ after installing TWRP to prime your device!
#
# What does it do:
# - Makes /vendor, /system and /product read-write and converts /system to ext4
# (TODO: Convert /vendor and /product to ext4 too)
# - Disables file-based encryption on /data
# - Disables full-disk encryption on /data
# - Disables stock recovery restoration
# - Disables Vaultkeeper, proca and other bits from standard multidisabler:
# TLC HDM/ICCC/KG, CASS, WSM, FRP
#
set -e
md5() {
md5sum -b "$1"
}
file_changed() {
local file="$1"
local old_md5="$2"
local new_md5=$( md5 "$file" )
if [ $new_md5 != $old_md5 ]; then
echo " - ...modified."
else
echo " - ...unchanged."
fi
}
rm_from_manifest() {
local service=$1
local md5
local i
# Package path is different on Android 10. Check and adapt.
#
[ $major -gt 9 ] && local path_extra='\.hardware'
for i in /vendor/etc/vintf/manifest.xml \
$ANDROID_ROOT/system/etc/vintf/compatibility_matrix.device.xml \
/vendor/etc/vintf/manifest/vaultkeeper_manifest.xml \
/vendor/etc/vintf/manifest/wsm_manifest.xml; do
if [ -f $i ]; then
echo " - Found $i."
md5=$( md5 $i )
sed -i -e '/<hal format="hidl">/{N;/<name>vendor\.samsung'"$path_extra"'\.security\.'"$service"'<\/name>/{:loop;N;/<\/hal>/!bloop;d}}' $i
# file_changed $i $md5
fi
done
}
resize_fs() {
local path=$1
local label=$2
local partname=$3
local percent=$4
local convert_fs=$5
local dm_block_ext4=$(df -t ext4 | grep "$path"'$' | cut -DF1)
local dm_block_f2fs=$(df -t f2fs | grep "$path"'$' | cut -DF1)
if [ "$dm_block_ext4" ]; then
echo " - Unmounting $path..."
umount $path
echo " - Checking $path block partition before resizing..."
e2fsck -f $dm_block_ext4
echo " - Resizing the filesystem on $dm_block_ext4..."
resize2fs $dm_block_ext4
echo " - Make the $path partition R/W by unsharing its blocks..."
e2fsck -E unshare_blocks $dm_block_ext4
elif [ "$dm_block_f2fs" ]; then
fs_size_mb=`du -sm $path | cut -f1`
part_size_mb=`blockdev --getsize64 $dm_block_f2fs | awk '{print int($1 / 1048576)}'`
super_free_mb=`lptools free | grep Free | awk '{print int($3 / 1048576)}'`
new_fs_size_mb=`echo $fs_size_mb $super_free_mb $percent | awk '{print int($1 + $2 * $3 / 100)}'`
if [[ "$new_fs_size_mb" -le "$part_size_mb" ]]; then
# just in case if we resized the partition, but not the FS
new_fs_size_mb=$part_size_mb
fi
uuid=`toybox blkid $dm_block_f2fs | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o`
echo " - Create R/W $partname image..."
truncate -s ${new_fs_size_mb}M /data/new-rw.img
if [ "$convert_fs" = "ext4" ]; then
mke2fs -t ext4 -U $uuid -L $label /data/new-rw.img
else
make_f2fs -g android -O project_quota,extra_attr,inode_checksum,sb_checksum,compression,flexible_inline_xattr,verity,inode_crtime -U $uuid -f -l $label /data/new-rw.img
fi
mkdir -p /data/new-rw
mount /data/new-rw.img /data/new-rw
echo " - Copy old R/O $partname files to our new created image..."
cp -a --preserve=all $path/* /data/new-rw
# Android's toybox `cp` is buggy: `cp -a --preserve=all` does NOT preserve selinux contexts
# on directories and symlinks and you get a bootloop. So we need to restore selinux contexts...
cd $path
find . -type dl -exec ls -dZ {} \; | awk '{ print "chcon -h " $0 }' > /data/new-rw-chcon.sh
cd /data/new-rw
sh /data/new-rw-chcon.sh
cd /
umount $path
umount /data/new-rw
echo " - Checking $partname image before flashing..."
if [ "$convert_fs" = "ext4" ]; then
e2fsck -f /data/new-rw.img
else
fsck.f2fs -f /data/new-rw.img
fi
echo " - Resizing partition $partname inside 'super' to $new_fs_size_mb MB using lptools"
lptools resize $partname $(stat -c '%s' /data/new-rw.img)
lptools unmap $partname
lptools map $partname
echo " - Writing our new R/W $partname image, please wait..."
dd if=/data/new-rw.img of=/dev/block/bootdevice/by-name/$partname bs=1M
rm -rf /data/new-rw*
fi
echo " - Remounting $path..."
mount -o rw /dev/block/bootdevice/by-name/$partname $path
}
fs_free_size_check() {
local path=$1
local label=$2
local partname=$3
local percent=$4
echo " - Checking $path free space..."
if dd if=/dev/zero of=$path/test bs=1 count=1 2>/dev/null; then
echo " - ...succeeded."
rm -f $path/test
else
echo " - ...No free space on $path, attempting to resize it..."
echo " "
rm -f $path/test
resize_fs "$path" "$label" "$partname" "$percent"
fi
}
disable_fbe() {
local md5
local i
fstab_files=`grep -lr 'fileencryption' vendor/etc || true`
#
# Exynos devices = fstab.exynos*.
# MediaTek devices = fstab.mt*.
# Snapdragon devices = fstab.qcom, fstab.emmc, fstab.default
#
for i in $fstab_files; do
if [ -f $i ]; then
echo " - Disabling file-based encryption (FBE) for /data..."
echo " - Found $i."
md5=$( md5 $i )
# This comments out the offending line and adds an edited one.
sed -i -e 's/^\([^#].*\)fileencryption=[^,]*\(.*\)$/# &\n\1encryptable\2/g' $i
file_changed $i $md5
fi
done
}
disable_fde() {
local md5
local i
fstab_files=`grep -lr 'forceencrypt' vendor/etc || true`
#
# Exynos devices = fstab.exynos*.
# MediaTek devices = fstab.mt*.
# Snapdragon devices = fstab.qcom, fstab.emmc, fstab.default
#
for i in $fstab_files; do
if [ -f $i ]; then
echo " - Disabling full-disk encryption (FDE) for /data..."
echo " - Found $i."
md5=$( md5 $i )
# This comments out the offending line and adds an edited one.
sed -i -e 's/^\([^#].*\)forceencrypt=[^,]*\(.*\)$/# &\n\1encryptable\2/g' $i
file_changed $i $md5
fi
done
}
disable_recovery_restoration() {
local r=recovery-from-boot.p
local found
local i
echo " - Disabling restoration of stock recovery..."
for i in $ANDROID_ROOT $ANDROID_ROOT/system /vendor; do
if [ -f $i/$r~ ]; then
echo " - ...already disabled."
found=true
break
fi
if [ -f $i/$r ]; then
echo " - Found $i/$r. Disabling..."
mv $i/$r $i/$r~
if [ -f $i/$r~ ]; then
echo " - ...succeeded."
else
echo " - ...failed."
fi
found=true
break
fi
done
[ -z "$found" ] && echo " - Found no stock recovery. Pfft." || true
}
disable_vaultkeeper() {
local md5
local i
echo " - Disabling vaultkeeper..."
if [ $major -gt 9 ]; then
# This is Android 10/11/12/13: Vaultkeeper has its own init files.
#
for i in $ANDROID_ROOT/system/etc/init/vk*.rc /vendor/etc/init/vk*.rc /vendor/etc/init/vaultkeeper*; do
if [ -f $i ]; then
echo " - Found $i."
md5=$( md5 $i )
sed -i -e 's/^[^#].*$/# &/' $i
# file_changed $i $md5
fi
done
else
# This is Android 9: Vaultkeeper is started from init.rc.
#
sed -i -e 's/^[^#].*vaultkeeper.*$/# &/' \
-re '/\/system\/bin\/vaultkeeperd/,/^#?$/s/^[^#]*$/#&/' $ANDROID_ROOT/init.rc
fi
# Qualcomm devices such as the T860 and T865 need this, otherwise the log
# will be spammed with messages about failed connections to the Vaultkeeper
# service.
#
rm_from_manifest vaultkeeper
for i in $ANDROID_ROOT/system /vendor; do
if [ -f $i/bin/vaultkeeperd ]; then
echo " - Found $i/bin/vaultkeeperd. Disabling..."
chmod 0 $i/bin/vaultkeeperd
fi
if [ -f $i/bin/vendor.samsung.hardware.security.vaultkeeper@2.0-service ]; then
chmod 0 $i/bin/vendor.samsung.hardware.security.vaultkeeper@2.0-service
fi
done
}
disable_proca() {
local md5
local i
echo " - Disabling process authentication..."
# G97[035]F = pa_daemon.rc on Android 9; pa_daemon_teegris.rc on Android 10.
# G977B, N97[05]F, A105F, A505F = pa_daemon_teegris.rc
# T510 + T515 = pa_daemon_kinibi.rc
# T860 + T865 = pa_daemon_qsee.rc
#
for i in /vendor/etc/init/pa_daemon*.rc; do
if [ -f $i ]; then
echo " - Found $i. Disabling..."
sed -i -e 's/^[^#]/# &/' $i
# file_changed $i $md5
fi
done
rm_from_manifest proca
}
disable_tlc() {
echo " - Removing TLC HDM/ICCC/KG..."
# Fully remove those
for i in /vendor/etc/vintf/manifest/vendor.samsung.hardware.tlc.hdm@1.1-manifest.xml \
/vendor/etc/vintf/manifest/vendor.samsung.hardware.tlc.iccc@1.0-manifest.xml \
/vendor/etc/vintf/manifest/vendor.samsung.hardware.tlc.kg@1.0-manifest.xml \
/vendor/etc/vintf/manifest/vendor.samsung.hardware.tlc.kg@1.1-manifest.xml; do
if [ -f $i ]; then
echo " - Found $i. Removing..."
rm $i
fi
done
for manifest in $(ls /vendor/etc/vintf/manifest.xml /vendor/etc/vintf/manifest/manifest.xml); do
for i in "blockchain" "ucm" "payment"; do
sed -i -e '/<hal format="hidl">/{N;/<name>vendor\.samsung\.hardware\.tlc\.'"$i"'<\/name>/{:loop;N;/<\/hal>/!bloop;d}}' $manifest
done
done
sed -i 's/^[^#]/# &/' /vendor/etc/init/vendor.samsung.hardware.tlc.*
sed -i 's/ro\.config\.iccc\_version\=3\.0/ro\.config\.iccc\_version\=iccc\_disabled/g' /system_root/system/build.prop
}
disable_cass() {
local md5
local i
# The T860 needs this. Otherwise, the log will fill with messages like this:
#
# 10-20 03:23:20.501 27757 27757 E CASS: Failed to connect(4)
# 10-20 03:23:20.501 27757 27757 E CASS: Failed to connect ril daemon(2). Retry cnt(6)
# The F907B on Android 10 also needs it:
#
# 04-05 22:21:23.519 3599 3599 E CASS_DEBUG: VaultKeeper is not ready. try again.
# 04-05 22:21:23.519 3599 3599 I CASS_DEBUG: Disconnect ril daemon
# 04-05 22:21:23.519 3599 3599 I CASS_DEBUG: Failed to connect ril daemon(1). Retry cnt(2)
#
# As of OneUI 2.5, other devices need it, too; even Exynos.
#
echo " - Disabling cass..."
for i in $ANDROID_ROOT/init.rc /vendor/init/cass.rc /vendor/etc/init/cass.rc; do
if [ -f $i ]; then
echo " - Found $i. Disabling..."
md5=$( md5 $i )
sed -i -e 's/^[^#].*cass.*$/# &/' -re '/\/(system|vendor)\/bin\/cass/,/^#?$/s/^[^#]*$/#&/' $i
# file_changed $i $md5
fi
done
sed -i 's/ro\.security\.cass\.feature\=1/ro\.security\.cass\.feature\=0/g' /vendor/build.prop
}
disable_wsm() {
echo " - Disabling wsm..."
rm_from_manifest wsm
}
disable_frp() {
echo " - Disabling Factory Reset Protection (FRP)..."
sed -i 's/ro\.frp\.pst\=.*/ro\.frp\.pst\=/g' /vendor/build.prop
}
echo " "
echo "Multi-disabler for Samsung devices"
echo "running Android 9 or later."
echo "by Ian Macdonald, enhanced by afaneh92"
echo "patched for Galaxy A73 by vitalif"
echo " "
os=$(getprop ro.build.version.release)
major=${os%%.*}
bl=$(getprop ro.boot.bootloader)
dp=$(getprop ro.boot.dynamic_partitions)
# Firmware version starts at either 8th or 9th character, depending on length
# of bootloader string (12 or 13).
#
fw=${bl:$((${#bl} - 4)):4}
# Device is first 5 characters of bootloader string.
#
device=${bl:0:$((${#bl} - 8))}
mft=$(getprop ro.product.manufacturer | tr '[A-Z]' '[a-z]')
if [ "$mft" != samsung ]; then
echo " - Device appears not to be made by Samsung."
fatal=true
elif [ -z "$device" ]; then
echo " - Could not determine device model."
fatal=true
elif [ $major -lt 9 ]; then
echo " - This software is incompatible with Android $major."
fatal=true
fi
if [ -n "$fatal" ]; then
echo " - Installation aborted."
echo " "
exit 1
fi
echo " - Detected a $device device with a $fw bootloader."
echo " - The environment appears to be Android $major."
echo " "
echo " - Mounting /data..."
mount /data || true
if ! mount | grep '/data ' >/dev/null; then
echo " - Mount failed. Aborting..."
exit 3
fi
echo " - Mounting $ANDROID_ROOT..."
if ! mount | grep "$ANDROID_ROOT " >/dev/null; then
mount -o rw $ANDROID_ROOT 2>/dev/null || true
if ! mount | grep "$ANDROID_ROOT " >/dev/null; then
ANDROID_ROOT=/system_root
echo " - Attempt failed. Mounting at $ANDROID_ROOT..."
if ! mount | grep "$ANDROID_ROOT " >/dev/null; then
mount -o rw $ANDROID_ROOT
if ! mount | grep "$ANDROID_ROOT " >/dev/null; then
echo " - Even that attempt failed. Aborting..."
exit 2
fi
fi
fi
fi
echo " - Mounting /vendor..."
mount /vendor || true
mount -o remount,rw /vendor || true
if ! mount | grep '/vendor ' >/dev/null; then
echo " - Mount failed. Aborting..."
exit 3
fi
echo " - Mounting /product..."
mount /product || true
mount -o remount,rw /product || true
if ! mount | grep '/product ' >/dev/null; then
echo " - Mount failed. Aborting..."
exit 3
fi
fs_free_size_check $ANDROID_ROOT "/" system 70 ext4
fs_free_size_check /vendor vendor vendor 50
fs_free_size_check /product product product 50
disable_fbe
disable_fde
disable_recovery_restoration
disable_vaultkeeper
disable_proca
disable_tlc
disable_frp
# No "fix_smart_view", I don't know what it is and it breaks boot on A73 %)
if [ $major -gt 9 ]; then
disable_wsm
disable_cass
fi
echo " - Unmounting /product..."
umount /product
echo " - Unmounting /vendor..."
umount /vendor
echo " - Unmounting $ANDROID_ROOT..."
umount $ANDROID_ROOT
echo " "
echo " - Finished."
echo " "
exit 0
Reference in New Issue View Git Blame Copy Permalink