workshops
/
lineageOS
10
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity
lineageOS/devices/gt-i9505.md

144 lines
4.8 KiB
Markdown
Raw Normal View History

set up the Samsung Galaxy S4, documented it
2019-11-15 20:16:19 +00:00
# Steps to flash microG LineageOS on Samsung Galaxy S4
download latest TWRP image from https://eu.dl.twrp.me/jflte/
download latest lineageOS from https://download.lineage.microg.org/jfltexx/
download latest su (arm) for 16.0 from https://download.lineageos.org/extras
## Unlock the Bootloader / OEM
Attach phone to PC. Use a good micro USB cable; make sure that you can use it
to copy data.
enable developer options
enable USB debugging in developer options
allow USB debugging access for your PC
## Format Data for Encryption
download official lineage recovery: https://download.lineageos.org/jfltexx
`adb reboot bootloader`
`heimdall flash --RECOVERY lineage-16.0-xxxxxxxx-recovery-jfltexx.img`
It boots the system. But we want into the new recovery: `adb reboot recovery`.
Now we need to take the following steps to format the data partition for
LineageOS:
- Factory Reset -> Wipe data / factory reset
- Factory Reset -> Wipe System
## Flash LineageOS
Now go back into the recovery main menu, tap on "Apply Update", then "Apply
from ADB". Then execute `adb sideload lineage-xxx.zip` on your PC.
After a while, it warns you you that the signature verification failed, and
whether you want to continue with the installation; answer "Yes".
In the end, tap reboot to boot into the fresh LineageOS system.
### Finish Installation
Reboot to start LineageOS!
* When it says "No OS installed", you can ignore that, just swipe to the right.
* When it asks you to install the TWRP app, you can safely click "Do not install".
Go through the setup screen and choose what you want. You can be as restrictive
as you want. Make sure to choose a Wi-Fi, so you can proceed with the next
steps; you can also do this at any later time.
You should also choose a screen lock pin. Patterns are not very secure (you can
often see them by holding the phone into the light at the right angle).
Passwords are a bin inconvenient (but most secure). Do *not* use a fingerprint
sensor, they are really insecure.
## Device Encryption
Charge the phone to 100%.
Go to the Security Settings and encrypt the phone. During the process, it
reboots once and asks you for the device PIN. It can take a while, but not soo
long actually.
## Flash TWRP
*(You don't need TWRP, unless you want backup/restore functionality or so.)*
`adb reboot bootloader`
wait until bootloader mode is active: it says "Downloading... Do not turn off
target !!"
`heimdall flash --RECOVERY twrp-3.3.1-1-jflte.img`
### Root Phone With addonsu
*(You can also flash Magisk with the LineageOS recovery.)*
Boot into your recovery, e.g. TWRP, with `adb reboot recovery`.
Then go back, again to ADB Sideload, swipe to the right, and this time install
Magisk with `adb sideload addonsu-16.0-arm-signed.zip`
* When it shows `Total xfer: 1.77x` on the PC, and `script succeeded: result
was [1.000000]` in TWRP, it has suceeded.
### Secure the device encryption
You usually want to have a long password for your device encryption, which you
only have to enter when the phone boots, and a shorter PIN for your lockscreen.
By design, Android doesn't allow this; this is a workaround to make it possible
still.
We will also install an app which shuts down the phone when you get the unlock
code wrong 5 times in a row.
#### Wrong PIN Shutdown
Open the F-Droid app, wait until it is done with "Updating repositories".
Install the app "Wrong PIN Shutdown".
Open "Wrong PIN Shutdown", grant Admin rights until forever, activate the
function, and set it to shut down the phone after 5 wrong tries to enter the
PIN. You can try it out directly - if you enter your PIN wrong 5 times, does it
shut down?
#### Change the encryption password to a long password
Then go to the Security settings and set the PIN you want to use for your
lockscreen.
Now you have to backup the files where it is saved. To do so, execute these
commands with adb - you need to be connected to a PC with a proper USB cable:
```
adb root
adb pull /data/system_de/0/spblob/
adb pull /data/misc/keystore/user_0/1000_USRPKEY_synthetic_password_1bfba4c883309f16
adb pull /data/system/locksettings.db
```
Now, go to the Security settings again, and change your PIN to the password you
want to use for the encryption.
Finally, you use adb again to restore the backup of the PIN, which changes your
lockscreen PIN, but not your encryption passphrase:
```
adb push locksettings.db /data/system/locksettings.db
adb push 1000_USRPKEY_synthetic_password_1bfba4c883309f16 /data/misc/keystore/user_0/1000_USRPKEY_synthetic_password_1bfba4c883309f16
adb push spblob/ /data/system_de/0/
```
When you try to unlock your screen now, you will realize that you still have to
enter the encryption passphrase. So reboot the phone; enter the encryption
passphrase at startup, as desired. When the phone has booted, you can use the
(shorter) PIN to unlock your phone.