-
-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE] Bypass camera limitation with unlocked bootloader #53
Comments
Please send your |
Thank you very much for your response. Please use the following link to download this file. Thanks again! |
I can provide remote access for you to investigate.if you don't mind |
If there's anything else you need to know, please let me know. I'm more than willing to provide assistance. Here are the steps: |
I've already dealt with such an issue in my Galaxy A52s 5G as it has a check in the camera HAL that prevents it to work when the bootloader is unlocked (tho this is limited to devices with a rear SLSI camera sensor). Looks like it is the same in your device: Give a try to some Magisk/KSU modules that spoof the bootloader unlock prop(s): USNF, MagiskHide Props Config |
I have already changed 'ro.boot.verifiedbootstat' to GREEN, but the camera screen remains black. |
Could be the same as here where safetynet-fix spoofs the bootloader props too late at boot and won't apply to the camera HAL: https://github.com/Displax/safetynet-fix/blob/67d1d1b86e145a8ddcd2f023ac878dc6d23ee3db/magisk/service.sh#L27-L46 |
I've tried, but it's still not working. Could you please help me check if I made a mistake in any of these steps? Thank you! 1.Open Termux and execute 'su' for permissions. |
As I said in #53 (comment) the issue is due to the prop being spoofed too late at boot by the USNF module. We can try hex patching the lib and eventually integrate the fix in the Enhancer module. |
We don't have any experience in this area(try hex patching the lib). Could you please guide us on how to get started? |
On A52s case we replace the bootloader prop in the lib with another one so that the camera lib reads that instead (or SELinux blocks it so it fallsback to the default value). https://github.com/LineageOS/android_device_samsung_a52sxq/blob/999b94dc151b00467c4c287e2b42828200b6e0e2/extract-files.sh#L12 |
So, do I need to modify the source code of the 'camera.qcom.so' file to replace the parameters it originally checks? |
When patching, the length of the new string must be equal to the one of the old string or smaller (by replacing the missing characters with |
Hello, sir. Modifying these two files seems quite challenging for me. I've come up with another approach, and I'd like to ask for your assessment of its feasibility. |
Uninstalling the camera app does no effect as this code is in the camera HAL, so this applies globally in the system independently of the app you're using. I've applied the patch in #53 (comment) myself here, give a try to these libs and let me know if it works. |
After replacing it, I still can't open the camera. It remains the same even after restarting the phone. |
Check if you did replace the file correctly (it's not 0 bytes), also make sure the file permissions/secontext is correct. |
Run |
Wrong permission/secontexts are set for your libs. Fix them using these cmds:
|
Mind sharing some logs so I can see if there's any specific error in the background? I'm currently adding the necessary code to integrate the fix in the Enhancer module (37c77b6), but it still needs to handle devices with the
It's always a pleasure! I willingly reciprocate your good wishes. |
It's my honor to help advance this matter. Please instruct me on how to obtain the logs you need. |
Download adb (platform-tools) and use logcat to obtain logs. Start the command (eg. |
Please find the attached log files for troubleshooting. Thank you. |
In reference to the discussion in commit 77bcca8, I changed 's/ro.boot.verifiedbootstate/ro.com.android.mobiledata/g' to ensure that 'ro.boot.verifiedbootstate' and 'ro.com.android.mobiledata' have the same length, and 'green' matches 'false' in length. However, the test results still show a black screen.log_customize.sh.zip Is it possible that there are additional conditional checks within 'camera.qcom.so' that we haven't identified yet? Could you please provide guidance on how to discover them, or even a general area to look into? I'm willing to try them one by one. Thank you! |
据我了解,ChatGPT还不支持修改2进制文件. |
I took the initiative to modify your 'customize.sh' based on the ideas mentioned above, but when I open the camera, it crashes. Did I miss something in my changes? |
You are trying to replace pseudo code a binary. |
As the content in #53 (comment), we've correctly replaced the property name, but the camera is still showing a black screen. |
I have no idea, but you can try to read logcat for more information about what CamX thinking. |
Log.zip |
Dear ALL, @blackmesa123, do you think this issue is beyond the scope of the KnoxPatch application? If so, I'll close this case. Thank you for your guidance and assistance during this time! |
I'm pretty sure you saw this in the logs:
You can't find this file simply because it doesn't exists. The original file is part of the source code of the
I've already sent you the F926B camera files in #53 (comment), those are the only different files/binaries that differ from the international firmware and the Korean one. You could also try flashing the F926B super.img firmware and see if camera works fine rather than manually replacing the camera files just in case.
camera-fix branch already has the camera fix patch for A52s ( |
According to XDA thread, you may not get the camera back to work even using F926B firmware.
BTW, where's All in all, thanks for your support of Samsung, buy a Pixel fold next time. |
I'm sorry, I missed the upload. Please see #53 (comment) |
|
It says "camera-fix branch already has the camera fix patch for A52s (ro.boot.flash.locked case) implemented in the Enhancer Magisk module" but on my F946N The camera is disabled. |
I also want to know if it can be solved. By the way, does SM-946N support call recording? |
Disable by ABL due to a policy of HDM . can be unlocked by token MODE_AVOID_HDM_OEM_UNLOCK_POLICY |
Could you please provide me with more details or guidance on how to proceed? Thank you. |
I have a s22 sm-s901 and this method works for it, I receive the warning "camera error" only on the rear camera |
Is there any update ? |
I found some errors with
I successfully replaced |
So.. just saying, but did you notice that there is some reference source code available?
|
Thank you for your reminder @mirh , But I couldn't find any Camx source code to refer to Based on my investigation, I believe it may be due to a failed ioctl call, but since there is no log output here, I cannot determine if the ioctl call failed during execution. The ioctl call occurred during the kernel phase, perhaps I should analyze the kernel logs? Later tonight, I will try to analyze the kernel logs to troubleshoot the issue. |
Unfortunately, based on my extensive review of XDA discussion materials and my own research findings. Some of my reference materials: |
Can you please add support for the Samsung device's active cameras functionality after BootLoader?
I greatly appreciate it. I can assist with testing and provide logs.
My device model: Samsung Z Fold3 5G
ROM:
AP_F9260ZCU4GWH5_F9260ZCU4GWH5_MQB69290723_REV00_user_low_ship_MULTI_CERT_meta_OS13.tar
CSC_CHC_F9260CHC4GWH5_MQB69290723_REV00_user_low_ship_MULTI_CERT.tar
可否增加支持Zfold设备BootLoader之后可正常打开摄像头的功能,非常感谢,我可以协助测试及日志提供.
The text was updated successfully, but these errors were encountered: