Smartphone Honor 6x rooting questions

Discussion in 'Android' started by Cyan, Feb 10, 2018.

  1. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    Oct 27, 2002
    Engine room, learning
    I bought a smartphone for the first time, and I'm still wondering if I should root or not, and which consequences it'll create.
    I'm new to android (and smartphone in general) so I might not understand how everything is working, I hope to get someone to help me understand things here.
    For the past week, I've read a lot of forums (xda and others) to try to understand all I'll need to do.

    Being new to Android and smartphone, I have a LOT of questions, please take time to read and sorry it's so big :P
    Just answer the one you know the answer. thanks.

    TL;DR at the bottom :P

    what I understood :
    - The steps to root (unlock bootloader, write TWRP, flash SuperSu or Magisk)
    - How to use adb and fastboot
    - I can make a backup and restore using adb (though, I get only a 3Mb file, with or without the -apk -system, or other flags, etc.). (I'm using "adb backup -apk -all -obb -system", I don't need -shared as I don't have MicroSD inserted)
    - I got my Honor 6x on android 6 Emui4, and the phone wasn't encrypted. I used adb backup, and HAD the choice to whether encrypt or not the backup using a password. the backup was 20MB with all pre-installed apps. (only??)
    - the phone updated to Android 7 (+ 3 security updates) Emui5. I'm now on BLN-L21B432C371
    - I tried adb backup again, now I'm FORCED to use a password, "because the device is fully encrypted so you need to encrypt the backup too". So, I guess Huawei forced disk encryption when I updated.
    - The disk encryption password is the same than the unlock password (gesture/pin/pass)
    - unlocking the bootloder will factory reset, and I'll have to re-create a phone's profile, set a new password, set all the settings etc., unless I use adb to restore a previous backup.
    - If I unlock the bootloader (to install twrp to it), I guess that the encrypted disk key will be set to a default one (because no more profile set, but disk is still physically encrypted, right?)
    - Unlocking the bootloader breaks DRM feature, and netflix prevent installation on root devices due to that situation.
    - I Installed Netflix before unlocking bootloader, and made a adb backup, hopefully it'll restore netflix after rooting.
    - I can use TWRP to do full backup/restore or NANDRoid image.
    - flashing the official ROM (Honor 6X Firmware (BLN-L21, Android 6.0, EMUI 4.1, C432B130) from Honor website replaces the TWRP recovery to default, and remove root.
    - TWRP doesn't allow dload flashing method to reflash a full ROM from SD, we need to replace the recovery with another one first. (which? one, not sure, honor doesn't provide one on their website) Edit: found boot and recovery for Honor 6X BLN-L21C432B371 here.
    - Relocking the bootloader will re-factory reset and restore the recovery, removing twrp/root.

    What I'm not sure:
    1- now that my adb backup REQUIRES a password, I can't check the backup's content to see if it contains contains my apps and apk and system settings, and wonder if I'll have to re-setup and reinstall my apps, or if they really are part of the backup and will be restored automatically. My new backup is now only 3MB, but I deleted pre-installed games. (probably why it was 20MB and now it's 3MB)
    2- when bootloader is unlocked, the phone will no longer be protected/encrypted (using a "default_password" instead)? not sure I understood that either. I'll have to re-read few times and read more sites.
    3- TWRP can access /data/ (using default key), so the phone is not secured anymore
    4- "ADB backup -apk" backups the APK or the cache+data of that APK? it contains only the manually added apk, or also the pre-installed apps? maybe that's why my backup is shorter now, I only have netflix and VLC installed from gogplay. Netflix is 20MB, how can it create a 3MB backup only? even the apk is bigger, I'm sure the backup is wrong and missing data.
    5- If I restore my previous adb backup done before unlocking bootloader when the disk was still encrypted, will it restore/replace my current (new/different) fingerprints and password with the one from the backup? should I re-create the user using the same password from before the backup to be sure it matches?
    6- If the password is restored from adb, will it create issues with default_password and encrypted disk password from unlock password?
    7- The guides provides a specific TWRP version (twrp-3.1.1-0-berlin.img for emui5), but a new one has been released (3.2.1), I can safely use the new one instead, right? It doesn't tell if there's a specific emui target version.
    8- is there new version of SuperSu? is SuperSu specific to device model? is SuperSu specific to TWRP version? Supersu website says to install the version done FOR the phone model, but doesn't provide a list of compatible models/version.
    9- I found how to backup an installed app to apk, not sure if it's complete and reinstallable.
    10- If the phone is stolen, it can be flashed (dload official ROM) and sold same as new? whatever adb/dev/root states, right? that's why phones are still stolen even if protected and encrypted.

    What I don't understand:
    A- What's the difference with SuperSu and Magisk. which one should I use? is that just a matter of reinstalling/overwriting one with another to try it? (Magisk can toggle Root access, and tools refusing to launch if rooted can still be used? nintendo app, netflix?)
    B- Can I re-lock the bootloader? will it re-apply user's encrypting password or still use the "default_password" ?) (fastboot relock?)
    C- if the disck enc password can't be reapplied, I've read it can be done with root access. not sure I'd go that way, seems a little too over my head.
    D- I read the link about default_password, but didn't understand why it's using a default password and TWRP doesn't ask for password to read /data/ if encrypted (or maybe now it has been updated, the info I read are always old)
    E- Should I always set the USB mode to charge only and disable usb debug for security reason ? (plugging the phone on computer let anyone browser the content, even if the phone is locked with my fingerprint)
    F- Is APKMirror website files are safe to use/install ? If I can't restore netflix after unlocking the bootloader, I hope to reinstall the apk manually. I'm not sure how to check the official md5/sha1 (they provide one, but where/how to compare it to official one?)
    G- APK of netflix on that website have "arm" and no arm version. My phone use Kirin, I'm not sure which version I should install...
    H- TWRP FAQ is more confusing than resolving, it talks about issues with backup/restore of images, based on different device and android version. It's confusing.
    I- TWRP backup/restore doesn't conflict if the disk encrypting key is different? (or maybe it can't be changed and use a default_pass if rooted)
    J- It could be useful to know the package name to backup with adb. I found a website with a tool to install to see package name directly from the phone>application menu, but I forgot the website url...
    K- What are .obb files?
    L- How does the phone work once rooted? Where is located SuperSu in the boot chain compared to Android OS ? Do I have to do something in SuperSu, or it just triggers root rights at boot to allow access to all phone's folders automatically? Can I disable root easily? Can I delete SuperSu from TWRP (replace with empty or dummy)?
    M- Can I backup the official recovery (using fastboot ?) before replacing it with TWRP recovery binary?
    N- Can I backup the official "thing?" where superSu is installed with TWRP to delete supersu back to clean state?

    I might have more questions later (like which android app to use, etc.)
    someone recommended me:
    Browser : Brave or armorfly
    file manager: Xplore or Astro
    Access manager : 3C Toolbox
    Firewall : Lostnet Firewal (not free? 1$ is fine I guess)
    tools : OSMonitor (ahh, seems it doesn't support android7+, so It's not for me..., please suggest another one for Honor6x/Kirin/Android7)
    tools : LuckyPatcher (patch and remove ads in apps). Is it safe to use? It doesn't add spyware to patched apps to sniff passwords and accounts?

    1 My current concern is : should I root or not?

    2 Are there a lot of apps which refuse to run if rooted? (netflix, nintendo, more?)

    3 should I stick to rooting guide's provided file version or install newer official ones? (guides are old and not maintained by their writers)
    TWRP Berlin 3.1.1-0 + superSu v2.79-201612051815?
    TWRP Berlin 3.2.1-0 + SuperSu v2.82-201705271822?
    updated TWRP with older SuperSu?

    4 Security wise, I'm not fully understanding what option I should enable or disable to prevent someone from accessing my files if I lose it/got stolen.

    I thought I'd do it this evening, but I'll postpone it to few days and hope to get some answers by then.
    thank you for all help you could provide (even if small or partial answers) :)

    I'll go with OpenKirin 3.1.1 (different than official TWRP from website) and latest SuperSu.
    Last edited by Cyan, Feb 11, 2018
    Flame likes this.
  2. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    Oct 27, 2002
    Engine room, learning
    I'll post here instead of editing my previous message.

    I finally decided to do it, even though I didn't get any answers.
    I've read a lot of different sites and guide to the point I thought I knew everything and it would go smoothly....

    It didn't go smoothly, as all the guide are missing steps and information !
    and they call them noob guides :/

    I was left few times to situation where I didn't knew what to do or which option to choose.
    But I finally managed to do it.

    my steps, if it can help other users:

    - install netflix to the phone
    - install hiSuite to PC, connect the phone.
    - backup netflix using hiSuite
    - use adb to backup my data (though, I suspect it has a bug! it always create a 3Mb file only). I backup'd with : adb backup -all -apk -obb -system
    - follow the unlocking guide
    - THERE, the guide says "the phone will reboot automatically" ... wrong, it just shutdown. it said "run adb again" ... WRONG again, your phone is factory reseted, you have to recreate a profile to even access adb ! you need to setup the phone, your settings, and unlock dev tools to set debug USB back! then, adb will work.
    WHY missing steps?

    Well, I'm back at it.
    - reboot to fastboot, and replace recovery with twrp.img
    - trying to boot into twrp right away didn't work (fastboot boot twrp.img)
    - so, I choose fastboot reboot, to reboot the phone and press UP+power to go into recovery like the guide said..... but it only launched the official huawei eRecovery (what's that?), no twrp launched.
    so, I reboot to OS, and re-did the adb reboot recovery, which correctly launched twrp this time.

    back to the guide:
    - the guide says "install the SuperSU zip"... WRONG ! there's a screen telling me something important about unmodified system partition, and I have to make a decision with two button available....
    Why the guide don't tell about that?
    I chose "modify the system" as I understood if I didn't I wouldn't be able to install superSu and an official OTA update would delete twrp.
    - I choose "install" and select the zip. it does its thing and patch many files.
    at the end, there are MORE user's choices, NO guide told about it, they all said "install superSu and you are rooted!", WRONG again, there are another question about clearing cache or rebooting, and AGAIN another one with miltiple choices about installer SuperSU as apk, allowing auto-updates, etc.

    After the few auto-reboot, I could get back to OS.
    I run adb restore (to restore the backup from first step), but it restored HALF the system settings. it restored the wifi settings, and that's about all.
    I had to reset many other things, password, fingerprints, app's settings and permissions, etc. I'm pretty sure adb didn't work and the backup is partial.

    Well, I thought it would be easy because after reading 20 guides, they all said the same things.
    It ended confusing and dangerous.
    I'm used to hack consoles and follow/write guides, but not having answers is stressful.
    Flame likes this.
  3. Flame

    Flame Me > You

    GBAtemp Patron
    Flame is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jul 15, 2008
    @Cyan dont root.

    what can you do with root which you cant do unrooted? nothing.

    in iOS you can install non-app store apps. we dont have that problem

    the only time you should root is when your phone is kinda outdated. so you can install a custom rom.

    ask me questions and ill tell you why root is kinda pointless.
    Last edited by Flame, Mar 8, 2018
  4. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    Oct 27, 2002
    Engine room, learning
    thanks for the reply, but it's too late.
    I already did it, because rooting is erasing everything and I'd better to it while I have nothing to lose than when the phone is full of data.

    I'm (currently, because it's new and I don't know what's possible more than that) using root for :
    - Patching apps to remove advertising/unlock (usually paying) features.
    - Access IPTable to manage the network rules
    - Access my files located in /data/ (savegame, etc.)
    - Make full backup/restore of the ROM's (nandroid) using recovery menu, so I can restore if I ever mess things up for being too curious.

    Maybe it has more interest, but I'll learn with time.

    Though, I'm concern about security because it also unlock possibilities (recovery menu can be used to delete everything, .... though the hidden android *#*#<code>#*#* can do the same even without root!)

    What I wanted to know more info is about security and encryption of the data if my phone is stolen. are my info secure?
    also, are apps able to intercept data ? (putting my password on gbatemp for example, is that secure? I feel like app running in the background can "see" what's done in other front apps)
    Having the internal memory encrypted, I should also lock/encrypt the SD card, but it would prevent easy access on my own computer (not sure windows ask for the SD lock key when connecting it)
    Last edited by Cyan, Mar 8, 2018
  5. Flame

    Flame Me > You

    GBAtemp Patron
    Flame is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jul 15, 2008
    the only advantages root has is if your official OS is super bloated. but you lose security in both software and physical form.

    software: when you root, you are super user, so some security just goes out the window.

    physical: does your custom rom have a password? whats going to stop someone from flashing own kernel and install what they want.

    some apps just dont work when rooted, you need to jump over hurdles to fix them.

    im mean now its cool, when you are new to rooting, with time you understand that maintaining a rooted device is a full time job.
    Cyan likes this.
  6. Ryccardo

    Ryccardo außer Tiernahrung

    Feb 13, 2015
    Depends on how it was created, you can pass arguments to adb backup to store or not the applications and "media" files (what you normally see over USB/MTP)

    Appdata is always included (iirc), /system apks never are, not sure about updates of system apps (which go to /data) is serious, beware of the imitation (.eu)

    I don't use encryption but it shouldn't matter, whenever possible (system/data/cache) it does a file-level backup instead of a partition image

    Part of an application (mainly games) that's stored on the media partition (remember that in the good old days, /data was typically 200 MB, while the media partition = /sdcard was indeed a microSD; the main reason I compile my own custom roms is to remove that ugly hack that spoofs /sdcard to /data/media)
    For the other "are apk backups enough to reinstall" question, you'll need to also manually backup the obb's

    File manager... go for Amaze, decent UI unlike many others, never let me down

    More questions later.... maybe
    Cyan likes this.
  7. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    Oct 27, 2002
    Engine room, learning
    I did the root to have complete control over something I own (like hacking a console and having file access, etc.), I don't like being locked from accessing some files.
    but I understand doing it made the phone less secure by enabling anyone to replace the ROM or edit critical settings. I feel somewhat uncertain, full access but less secure.

    that's my first phone, I might learn the good and bad about doing it with time.
    I just hope I won't have my phone stolen, and wonder if I should use it with sensible data (like keypass ? I don't use it on computer either, but just wondering if it's safe to put it on phone)
    Last edited by Cyan, Mar 8, 2018
  8. Ryccardo

    Ryccardo außer Tiernahrung

    Feb 13, 2015
    In an average PC with an Unix clone, `su` does mainly one thing: it allows users who run it, to run as some other user (default: root) any single command (default: that user's shell). It doesn't save passwords for X minutes, have the option of NOT needing the target user's password, integrate into a GUI, or have a complicated whitelist of commands/users/computers/all of the above
    (Most single-human-user computers now use alternatives like sudo or doas, which have those features)

    AOSP only has a "su" command that gives root without any confirmation (obviously it doesn't get compiled into "user" builds, the kind commercial OEMs put on retail roms).

    Superuser managers therefore add/replace `su` with one that depends on a matched GUI app for configuration; indeed, the one I use (PHH Superuser) distributes the su command and the app separately, and it will fail if the app isn't installed (since no app is allowed to get superuser by default, and it has no way of asking the user)

    Since you asked about SuperSU, that one has options in the app to disable superuser for everything (not an unroot - you can just turn it on with the same option), an option to install the allow-all "su" (if you want to switch to a different superuser manager), and a full unroot one (deletes "su" and it must be reinstalled if you want it again, typically via the same zip)

    Now, Android 6+ added some undesirable features to the kernel by default (hash check of /system), so the zip that installs superuser doesn't just extract files anymore, but it patches the kernel to remove it - or it does a "systemless" installation (default for SuperSU): it's installed to /data or the kernel's ramdisk instead of /system, and a bind-mount is added to the init scripts (in the root folder - which also comes from the kernel's ramdisk) to make it appear into /system/xbin/su as it should :)

    If you somehow get root before flashing a recovery (exploits, or using "fastboot boot twrp.img" instead of installing it) you can just copy the recovery partition, indeed
    (but if your manufacturer offers the stock rom for download, it will most likely include the recovery)

    For Google Play or F-Droid apps, at least, you can just google them and look at the url ;)
    Most app managers like OpenAPK or Link2SD also have this feature

    Magisk is the combination of a superuser manager and patch framework (like Xposed) - so if you use it don't install those separately until you know better! - ; I don't use it but it's probably your best option if you want "stealth" from apps that complain about root

    Since Lollipop, Google only approves (and licenses google apps to) phones that have disk encryption always enabled at the factory (it's controlled by the kernel): of course if you don't set some form of lockscreen password it's not a security feature in practice, but it still means not waiting a night to enable it if you wanted it, and instant secure formatting of /data

    (Most computer SSDs, and "SED" HDDs are also like this: always hardware encrypted, can't meaningfully get the files out with a nand programmer - not that it was easy before, due to wear leveling -, but this means no performance loss if you take advantage of the encryption by setting an ATA password, and well under 2 minutes full wipe (just change the key and mark all blocks as trimmed)

    Since Android needs /data to boot, it needs it to be unlocked; before Android 7 it meant asking for the password very early on every boot (or using the default if encryption was on-but-not-practically as in the case you asked for), now (by default, no idea about what happens if you use those key changer apps) it leaves a folder with specific apps unencrypted, so that you still have a working alarm clock if your phone reboots during the night

    Maybe it was written before that feature was added (or copypasted/remembered from an older one)

    Anyway you picked right :)

    That's a normal feature of TWRP after a zip finishes installing, in general clearing dalvik cache* is a standard procedure when you have modified apps or suspect corruption, shouldn't be needed for most zips though!

    * Kitkat added an option to replace Dalvik with ART, and it's the only option since Lollipop, but the folder is still called dalvik-cache, and precompiled apps "odexed" although the file extension is now .oat instead of .odex

    Never heard of those, but they most likely came from SuperSU's installer script and not TWRP itself (last time I used SuperSU was about 2 years ago, before Chainfire sold it, and it definitely didn't have those questions)

    Yep, the basic features of recovery don't care about OS (although some are definitely period pieces - basically the only official use for the /cache partition since ICS has been stock rom update packages)

    I thought thieves nowadays just removed the battery ASAP to not get tracked and put them on ebay "not tested no refunds", lol
    Anyway, use the above mentioned app to change the encryption key (avoid uncommon special characters - you will need to type the password in TWRP too)

    google tracker -> can be located or reformatted when online
    lockscreen password -> can't go to settings/security/device admin and turn off the tracker, I think it also blocks new USB devices when locked
    encrypted /data -> must guess the password or reformat if rebooted, also in twrp
    google setup wizard -> must* login to your google account if reformatted

    * this is actually the easiest one to bypass, just install a custom rom without google apps or edit a certain partition... not like you were going to get your phone back anyway, tbh
  9. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    Oct 27, 2002
    Engine room, learning
    Thank you for taking the time to answer my questions, and explaining some of the folder's function.
    being new to android, I still don't know how the OS is working and what each folders are used for. But I'm still reading lot of things to familiarize with it.
  10. epickid37

    epickid37 ( ͡° ͜ʖ ͡°)

    Jan 4, 2017
    United States
    mushroom kingdom
    @Cyan you can use magisk manager to bypass safety net. basically, it tricks certain apps into thinking your not rooted, even though you are. it worked well on my honor 5x, and i'm planning on setting it up soon on my honor 7x. if you choose to install it, you can gain access to netflix, mario run, android pay, etc
    Cyan likes this.