Sanity check knowledge for custom ROM

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members.

I picked up an Moto G but haven't activated it. I haven't yet decided to install CyanogenMod yet, but I am researching the prospect. The reason is that it was bought from the ISP and so the OS isn't "pure". I want an OS devoid of any ISPware for the peace of mind that nothing will be monitored when I store confidential stuff on my phone (e.g., passwords, confidential info). As a safety net, I would like to back up the original ROM before any doing anything like rooting and installing CyanogenMod. I know that I can get apparent stock ROMs from websites that are not the vendor's, but I would prefer to back up the ROM on the phone, if possible. I was warned that as a newbie to smartphones, I would need to read extensively to ensure that I don't brick my phone.

It has been a few weeks of evening reading, snippets at a time. Weeks ago, I followed a website (whose URL I did not record) in order to install pieces of the Android Developer Kit. I now have ADB and fastboot executables on my Windows 7 PC. Can anyone please do a sanity check of the knowledge that I've "amassed"?

* Root access is a concept that applies to a running OS on the phone,
i.e., after execution of the ROM has commenced:
http_DotSlashSlah_forums.androidcentral.com/google-nexus-4/240307-does-flashing-stock-rom-remove-root-re-lock-bootloader.html

- Hence, if you don't run the OS, you can manipulate ROMS without
root, e.g., as in using fastboot

* You need to unlock the bootloader to manipulate ROMS, which "wipes"
your device as a security feature

- According to
http_DotSlashSlash_motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a,
wiping will happen to all media, content, and apps from Google
Play. Does this mean that the OS itself is untouched?

- Syntax found online: fastboot oem [un]lock

- My fastboot's --help doesn't mention anything about the above
oem command. I suspect that it because I specifically need the
Motorola's fastboot (step 2 of FLASH AND RELOCK YOUR DEVICE at
http_DotSlashSlash_motorola-global-portal.custhelp.com/app/standalone/bootloader/recovery-images)
rather than the Android fastboot. My currently installed
fastboot is at "C:\Program Files
(x86)\Android\android-sdk\platform-tools\fastboot.exe".

- Obtaining an unlock code from Motorola invalidates your
warranty, even if you don't actually unlock the bootloader
(http_DotSlashSlash_motorola-global-portal-en-ca.custhelp.com/app/standalone/bootloader/unlock-your-device-b).
Can anyone confirm this interpretation?

- The unlocking of the bootloader -- where is the unlocked status
stored and/or encoded? I assume that it isn't encoded in the
ROM that is being replaced, or the new incoming ROM? Knowing
where (or how) it is encoded lets would help me understand how
the unlocking of the bootloader is retained if I should ever
restore the original vendor ROM (apparently the unlocking is
retained and must be manually re-locked with fastboot).

* To back up the original ROM, one should use fastboot to run CWM
without flashing (which I've seen referred to as soft-booting)

- Syntax found online: fastboot boot CWMrecoveryImageFileName.img

- I also found this syntax with"reboot" in place of "boot", but
this is likely a typo because the reboot command doesn't take
arguments

- Also informative is that many fastboot commands require a
partition specification, and the 4 partitions are (apparently)
"boot, system, and if found, recovery, tos".

- Backing up the stock ROM on the phone is not the
end-all-and-be-all because, after some time has passed, the
backed-up stock ROM is way out of date.

- ADB will backup apps & data (depending on switches) but not the
OS, so I conclude that it isn't the right tool for my purpose

Thanks for any comments on, or corrections of, my understanding.

Vetted info sites:

* General CWM process for backing up original ROM:
http_DotSlashSlash_xiaomi.eu/community/threads/full-stock-rom-backup-without-rooting.22109

* ADB backs up apps & data, depending on switches:
http_DotSlashSlash_android.stackexchange.com/questions/69567/what-all-does-adb-backup-and-how-do-i-restore-part-of-it
Photo of andymhancock

andymhancock

  • 2,018 Points 2k badge 2x thumb

Posted 4 years ago

  • 1
Photo of rikkster

rikkster, Mobile Master

  • 67,104 Points 50k badge 2x thumb
Hi Andy,

Your best option is to head over to XDA Developers > Moto G Android Development. I'll answer what I can to the best of my knowledge. You should be able to find additional information on XDA's Moto G pages.

http://forum.xda-developers.com/moto-g

And for rooting...
http://www.modaco.com/topic/366771-ro...

Disclaimer: rooting or modifying this device voids the manufacturers' warranty. I nor Koodo cannot be held responsible should the device become inoperative as a result of these modifications.

Wiping will happen to all media, content, and apps from Google
Play. Does this mean that the OS itself is untouched?

If you mean after the bootloader is unlocked? A warning message will appear on the initial boot up screen (removable).

In Fastboot Flash Mode, your device will display 'device unlocked' with an unlocked bootloader status code 3. Relocking the bootloader sets the bootloader status code to 2 and prior to unlocking the bootloader, it will display a bootloader status code 0 or locked bootloader. I'm not aware of any method that will reset the flags back to zero once the bootloader has been unlocked.

Other than that, the software remains intact and the device returns to factory default settings.

Syntax found online: fastboot oem [un]lock... is a command that unlocks the bootloader after you've received the unlock token/code from Motorola. To relock the bootloader, see article 7 Akaygee's post.

http://forum.xda-developers.com/showt...

Obtaining an unlock code from Motorola invalidates your warranty, even if you don't actually unlock the bootloader.
Yes. (please read the .pdf document below).

https://motorola-global-portal.custhe...

Backing up the stock ROM on the phone is not the end-all-and-be-all because, after some time has passed, the backed-up stock ROM is way out of date...

Always make a backup of the stock ROM, if something should go wrong then you'll at least have a way of reverting back to stock and have an operational device as opposed to a brick.

ADB will backup apps & data (depending on switches) but not the
OS, so I conclude that it isn't the right tool for my purpose...


TWRP and CWM will perform Nandroid backups that preserve the OS, Data, Cache, Boot, Recovery and EFS partition information.One other thing to consider is that since the Moto G doesn't have external storage, the backup will consume internal storage. I would recommend storing the backup on your personal computer.

TWRP backup - non Moto G - example
https://www.youtube.com/watch?v=c7y0Np...

Stock firmware image tested and works flawlessly. Look for the last entry at the bottom of the page:

http://sbf.droid-developers.org/phone...

Android 4.4.2 Blur_Version.173.44.39.falcon_umts.Telus.en.CA
Photo of andymhancock

andymhancock

  • 2,018 Points 2k badge 2x thumb
Hi, Rikkster.

I've been slowly going through your post and links a bit at a time.

Regarding the Moto G forums, I find google much better at zeroing in on specific topics of interest, even finding threads in the forums. Often times, even if the content of interest resides in the stickies at the top of each forum.

Your links and clarifications are much appreciated. Thanks!
Photo of Jonathan I

Jonathan I, Mobile Master

  • 114,344 Points 100k badge 2x thumb
On the flip side of the coin, the Moto G has a very stripped down Android version already and the only "ISPware" that you're a little paranoid about is the Koodo Self Serve app, which you'd probably want to use anyway. Besides some Motorola specific enhancements like Assist, Migrate (available in the Play Store to other Android phones too), and a device ID system to recover or wipe info if the phone is lost/stolen, it might as well be stock.
Photo of andymhancock

andymhancock

  • 2,018 Points 2k badge 2x thumb
How can you be sure that you're aware of the ISPware that is on the phone? Carrier IQ caught people unaware.
Photo of Jonathan I

Jonathan I, Mobile Master

  • 114,344 Points 100k badge 2x thumb
I could ask you the same question. The onus of proof is on you here.
Photo of andymhancock

andymhancock

  • 2,018 Points 2k badge 2x thumb
Well...to be fair, there is no onus of proof on anyone. My point is that this situation contains an unknown, and it is up to each one of us to decide on a way forward in the face of this unknown. I choose to be cautious because I don't want to have to wonder about whether I should be using the device in the same way that I used PDAs decades ago, i.e., without any concern about what I store on it. Someone else might choose not to care about the possibility of spyware, in which case he/she would do well to weigh to risk of using the device in such a cavalier fashion.

Now, there is no end to how far one could continue the questioning. For example, one might ask how you know that the level of risk is significant. The sober fact is that it is very difficult to know. We have limited info. One piece of info is the CIQ incident. One piece of info like that is not much at all, and unfortunately, we don't have the luxury of conducting this experiment across 100 alternate realities and seeing what percentage realities contained a situation where a 2nd incident was discovered, compromising devices in the 2014-2017 timeframe. Complicating this is the fact that not all CIQ-type incidences will be discovered, i.e., there may be cases in which no incidents surface, but the device is still compromised. Is the number of ISP spyware incidents to date really just one, or are there more? Keep in mind that spyware is designed to not be discovered. Even in the thought experiment involving 100 realities, the percentage containing spyware discoveries is the *lower* limit of the percentage containing actual spyware.

So it boils down to how one decides to proceed when you have an idea of what some of the plausible compromised scenarios are, but no idea of their probability. And then there is the question of ISP spyware scenarios of which we haven't conceived. How many people would have conceived of the CIQ case before it was publicized? It was a bit of a bomb shell.

Don't get me wrong here, I'm not saying ISPs are evil. I'm saying we have almost no information about the rarity or non-rarity of ISP spyware. In the same way that one cannot say it is likely right now, one cannot say it is unlikely. As I said, each person decides on a way forward, and then assumes the risk.

This conversation is no longer open for comments or replies.