144 lines
5.5 KiB
Markdown
144 lines
5.5 KiB
Markdown
|
# Steps to flash microG LineageOS on Samsung Galaxy S4 Active
|
||
|
|
||
|
download latest TWRP image from https://eu.dl.twrp.me/jactivelte/
|
||
|
|
||
|
download latest lineageOS from https://download.lineage.microg.org/jactivelte/
|
||
|
|
||
|
download latest Magisk.zip from https://github.com/topjohnwu/Magisk/releases
|
||
|
|
||
|
## Enable USB Debugging
|
||
|
|
||
|
Attach phone to PC. Use a good micro USB cable; make sure that you can use it
|
||
|
to copy data.
|
||
|
|
||
|
enable developer options
|
||
|
|
||
|
enable USB debugging in developer options
|
||
|
|
||
|
Insert a data cable to the device
|
||
|
|
||
|
allow USB debugging access for your PC
|
||
|
|
||
|
## Flash Recovery
|
||
|
|
||
|
Run `adb reboot bootloader`
|
||
|
|
||
|
`heimdall flash --RECOVERY twrp-3.*jactivelte.img`
|
||
|
|
||
|
Now we don't want to boot into the system, we want into the new recovery
|
||
|
directly - so turn off the phone with the power button, and then boot into
|
||
|
recovery by holding the power button and volume up for a few seconds. Release
|
||
|
the power button (but keep the volume up pressed) when you see the blue
|
||
|
"Recovery" writing in the top left of the screen. If it says "RECOVERY IS NOT
|
||
|
SEANDROID ENFORCING" in red letters, you need to hold "volume up" for longer.
|
||
|
You can release the "volume up" button when the TWRP loading screen appears.
|
||
|
|
||
|
Then go to Wipe + Advanced Wipe to wipe the following partitions:
|
||
|
|
||
|
* System
|
||
|
* Data
|
||
|
* Cache
|
||
|
* Dalvik
|
||
|
|
||
|
Then go to Advanced/ADB Sideload, swipe to the right, and execute `adb sideload lineage-*jactivelte.zip` on your computer.
|
||
|
* When it shows something like `Total xfer: 1.00x` or `adb: failed to read command: Success` on the PC, and `Exit code: 1.000000` in TWRP, it has suceeded.
|
||
|
|
||
|
Don't reboot yet, we still want to flash Magisk to root the phone.
|
||
|
|
||
|
First go to Backup and select only the Boot partition. Under "Select Storage",
|
||
|
select "Internal Storage". Swipe to backup. Now copy the backup to your PC with
|
||
|
`adb pull /sdcard/TWRP`.
|
||
|
|
||
|
Then go to Advanced/ADB Sideload, check "Wipe Cache" and "Wipe Dalvik", swipe
|
||
|
to the right, and execute `adb sideload Magisk-*.zip` on your computer.
|
||
|
* When it shows something like `Total xfer: 1.60x` or `adb: failed to read
|
||
|
command: Success` on the PC, and `- Flashing new boot image` in combination
|
||
|
with `- Done` in TWRP, it has suceeded.
|
||
|
|
||
|
Reboot to start LineageOS!
|
||
|
|
||
|
### Finish Installation
|
||
|
|
||
|
Go through the setup screen and choose what you want. You can be as restrictive
|
||
|
as you want. Make sure to choose a Wi-Fi, so you can proceed with the next
|
||
|
steps; you can also do this at any later time.
|
||
|
|
||
|
You should also choose a screen lock pin. Patterns are not very secure (you can
|
||
|
often see them by holding the phone into the light at the right angle).
|
||
|
Passwords are a bit inconvenient (but most secure). Do *not* use a fingerprint
|
||
|
sensor, they are really insecure.
|
||
|
|
||
|
Tip: if you use LineageOS 17.1 or higher, you should disable the storage
|
||
|
manager in the settings - it deletes videos & photos automatically after 90
|
||
|
days. This is a very weird default setting.
|
||
|
|
||
|
## Device Encryption
|
||
|
|
||
|
Charge the phone to 100%.
|
||
|
|
||
|
Go to the Security Settings and encrypt the phone. During the process, it
|
||
|
reboots once and asks you for the device PIN. It can take a while, but not soo
|
||
|
long actually.
|
||
|
|
||
|
### Secure the device encryption
|
||
|
|
||
|
You usually want to have a long password for your device encryption, which you
|
||
|
only have to enter when the phone boots, and a shorter PIN for your lockscreen.
|
||
|
By design, Android doesn't allow this; this is a workaround to make it possible
|
||
|
still.
|
||
|
|
||
|
We will also install an app which shuts down the phone when you get the unlock
|
||
|
code wrong 5 times in a row.
|
||
|
|
||
|
#### Wrong PIN Shutdown
|
||
|
|
||
|
Open the F-Droid app, wait until it is done with "Updating repositories".
|
||
|
|
||
|
Install the app "Wrong PIN Shutdown".
|
||
|
|
||
|
Now go to the developer settings, and enable root for Apps and ADB.
|
||
|
|
||
|
Open "Wrong PIN Shutdown", grant Admin rights until forever, activate the
|
||
|
function, and set it to shut down the phone after 5 wrong tries to enter the
|
||
|
PIN. You can try it out directly - if you enter your PIN wrong 5 times, does it
|
||
|
shut down?
|
||
|
|
||
|
#### Change the encryption password to a long password
|
||
|
|
||
|
First you need to enable USB debugging again. You can enable the developer
|
||
|
options at "About Phone", tap the "build number" seven times. After you enabled
|
||
|
it, you can find the Developer options in the settings at "System > Advanced >
|
||
|
Developer Options". Enable USB debugging and reboot into the bootloader mode:
|
||
|
|
||
|
Then go to the Security settings and set the PIN you want to use for your
|
||
|
lockscreen.
|
||
|
|
||
|
Now you have to backup the files where it is saved. To do so, execute these
|
||
|
commands with adb - you need to be connected to a PC with a proper USB cable:
|
||
|
|
||
|
```
|
||
|
adb root
|
||
|
adb pull /data/system_de/0/spblob/
|
||
|
adb pull /data/misc/keystore/user_0/1000_USRPKEY_synthetic_password_* # the file has a different name; just remove the * and press tab before executing it
|
||
|
adb pull /data/system/locksettings.db
|
||
|
```
|
||
|
|
||
|
Now, go to the Security settings again, and change your PIN to the password you
|
||
|
want to use for the encryption. Unfortunately you can use maximally 17
|
||
|
characters.
|
||
|
|
||
|
Finally, you use adb again to restore the backup of the PIN, which changes your
|
||
|
lockscreen PIN, but not your encryption passphrase:
|
||
|
|
||
|
```
|
||
|
adb push locksettings.db /data/system/locksettings.db
|
||
|
adb push 1000_USRPKEY_synthetic_password_* /data/misc/keystore/user_0/ # the filename will be different with your device
|
||
|
adb push spblob/ /data/system_de/0/
|
||
|
```
|
||
|
|
||
|
When you try to unlock your screen now, you will realize that you still have to
|
||
|
enter the encryption passphrase. So reboot the phone; enter the encryption
|
||
|
passphrase at startup, as desired. When the phone has booted, you can use the
|
||
|
(shorter) PIN to unlock your phone.
|
||
|
|