Decide which Android devices to buy and set them up

[baltpeter]

I'm currently looking into what Android devices we should buy and at the same time also trying to give some recommendations for other people as to which devices are well-suited.

I'm using the LineageOS device list as a first filter for which devices to consider—I don't know whether we're going to use LineageOS for the analysis, but there are just waaay too many choices otherwise and LOS-supported devices provide a great way to continue using the device even if the manufacturer drops support later.

These are the criteria I'm setting:

• officially supported for the latest LineageOS version (currently 19.1)
• has at least three LineageOS maintainers
• is easily rootable
• released in or after 2019

(Note that these may well change later.)

[baltpeter]

I have now bought a lot of four "Moto G7 Power"s. Mostly, because they were very cheap. But they do also fit the criteria set so far (cf. https://wiki.lineageos.org/devices/ocean/). And unlocking the bootloader seems to be officially supported.

[baltpeter]

The phones have arrived. \o/

[baltpeter]

Seems like the latest official update they got was for Android 10. I'll set up the latest LineageOS on one of them.

[baltpeter]

To install LineageOS, I have basically exactly followed the instructions in https://wiki.lineageos.org/devices/ocean/install:

Unlock the bootloader

1. In the developer settings, enable "USB Debugging" and "Allow OEM Unlock". Connect the phone to the computer via USB.
2. adb reboot bootloader
3. fastboot devices to verify
4. Then go to http://motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a and log in.
5. fastboot oem get_unlock_data
6. Concatenate the lines of the output (without prefix (bootloader) or INFO and paste into the website. Request unlock key (arrives via email).
7. fastboot oem unlock <unlock key> (run twice)
8. The fastboot screen should now say flashing_unlocked.
9. Reboot into the system, go through setup and re-enable USB debugging.

Install custom recovery

1. Download latest recovery from https://download.lineageos.org/ocean: wget https://mirrorbits.lineageos.org/recovery/ocean/20230121/lineage-20.0-20230121-recovery-ocean.img
2. adb reboot bootloader
3. fastboot devices to verify

4. fastboot flash boot lineage-20.0-20230121-recovery-ocean.img

   This output is okay, even though it looks like an error:

   ❯ fastboot flash boot lineage-20.0-20230121-recovery-ocean.img
   (bootloader) is-logical:boot_b: not found
   Sending 'boot_b' (25026 KB)                        OKAY [  0.600s]
   Writing 'boot_b'                                   (bootloader) Image not signed or corrupt
   OKAY [  0.134s]
   Finished. Total time: 0.915s

5. Using the volume down key on the phone, navigate to "RECOVERY MODE" and press the power button to confirm. You should boot into LineageOS recovery.
6. wget https://mirrorbits.lineageos.org/tools/copy-partitions-20220613-signed.zip
7. sha256sum copy-partitions-20220613-signed.zip should be 92f03b54dc029e9ca2d68858c14b649974838d73fdb006f9a07a503f2eddd2cd
8. On the phone, tap "Apply update". Then, tap "Apply from ADB".
9. adb sideload copy-partitions-20220613-signed.zip
10. You should see: "Install completed with status 0."
11. Tap "Advanced", then tap "Reboot to recovery".

Install LineageOS

1. Download latest installation package (matching the recovery downloaded earlier) from https://download.lineageos.org/ocean: wget https://mirrorbits.lineageos.org/full/ocean/20230121/lineage-20.0-20230121-nightly-ocean-signed.zip
2. Download MindTheGapps from https://androidfilehost.com/?fid=14871746926876840643 (see https://wiki.lineageos.org/gapps for newer link).
3. On the phone, tap "Factory reset", then tap "Format data/factory reset". Confirm with "Format data".
4. Tap the back arrow to return to the main menu.
5. Tap "Apply update" and then "Apply from ADB".
6. adb sideload lineage-20.0-20230121-nightly-ocean-signed.zip
7. From the LineageOS docs: "Normally, adb will report Total xfer: 1.00x, but in some cases, even if the process succeeds the output will stop at 47% and report adb: failed to read command: Success. In some cases it will report adb: failed to read command: No error or adb: failed to read command: Undefined error: 0 which is also fine."
8. Tap "Advanced" and "Reboot to recovery".
9. Tap "Apply update" and "Apply from ADB".
10. adb sideload MindTheGapps-13.0.0-arm64-20221025_100653.zip
11. Tap "Yes" on the "Signature verification failed—Install anyway?" screen.
12. Tap "Reboot system now" and go through the setup process.

[baltpeter]

I have also fetched the unlock key for my other phone and documented the keys in https://git.my-server.in/tweasel/android-phones (but not unlocked that one yet).

You should do that too, @zner0L. We don't know how long Motorola will offer that service.

[baltpeter]

To root the device, I used Magisk (instructions based on https://topjohnwu.github.io/Magisk/install.html, https://docs.benjamin-altpeter.de/systems/android/#install-magisk, and https://wiki.lineageos.org/extracting_blobs_from_zips#extracting-proprietary-blobs-from-payload-based-otas):

Preparation

1. Download and install the app from https://github.com/topjohnwu/Magisk/releases/latest.
2. When you start it, it should say "Ramdisk: Yes". The device should also have a separate vbmeta partition (check using adb shell "ls -l /dev/block/by-name" | grep vbmeta).

Acquire boot.img

1. Extract payload.bin from the LineageOS installation file: unzip lineage-20.0-20230121-nightly-ocean-signed.zip payload.bin
2. Clone the LineageOS scripts: git clone https://github.com/LineageOS/scripts && cd scripts

3. Create a venv and install the dependencies:

   python -m venv venv
   source venv/bin/activate
   pip install protobuf==3.20.3 six

4. Extract boot.img: python update-payload-extractor/extract.py ../payload.bin --output_dir ..

Install Magisk

1. Push the extracted boot.img to the device: cd .. && adb push boot.img /sdcard/Download/
2. In the Magisk app, tap "Install" next to "Magisk".
3. Choose "Select and Patch a File", choose the boot.img from the Downloads folder, and tap "LET'S GO".
4. After the image has been patched, copy that to the computer: adb pull /sdcard/Download/magisk_patched-*.img
5. adb reboot bootloader
6. fastboot flash boot magisk_patched-*.img
7. Reboot into the system using the power button.
8. In the Magisk app, it should now say "Installed: " under "Magisk".

[baltpeter]

The rest of the setup necessary for appstraction (installing Frida) is documented here: https://github.com/tweaselORG/appstraction/tree/e912362d644505d114eba4663cc82c85637c8f92#physical-android-device

[zner0L]

I had a problem reading out the oem data, because the permissions for adb need to be set correctly in udev. For Ubuntu, there is a package (apt-get install android-sdk-platform-tools-common) that does this, but on Fedora (and other distros) you'll need to follow these instructions: https://github.com/M0Rf30/android-udev-rules

[baltpeter]

I updated Magisk through the app. That seems to have been a mistake, my root is now broken. (Trying to run su yields /system/bin/sh: su: inaccessible or not found).

Things I've tried unsuccessfully, so far:

• Reboot.
• Patch the existing boot.img and reflash that.

If I start the Magisk app after boot, it always first says that the device is rooted. But if I try to access su, I get an error. If I then reopen that Magisk app, it says the device isn't rooted.

Next, I'll try updating to the latest LineageOS. From my previous experience, that should then require me to go through the full rooting steps again.

[baltpeter]

That has worked. I can now su again.