Home » Android » adb – how to enable and disable dm verity on android devices?

adb – how to enable and disable dm verity on android devices?

Posted by: admin June 16, 2020 Leave a comment

Questions:

This question is related to device-mapper-verity (dm-verity) kernel feature, which provides transparent integrity checking of block devices. dm-verity helps prevent persistent rootkits that can hold onto root privileges and compromise devices.

The following command working fine to disable or enable verity on userdebug builds.

adb disable-verity 
adb enable-verity

But these command are not working on user builds. is there any alternative on user builds?

How to&Answers:

In short I can’t give you a solution to this yet.

However here are some useful hints:
That’s the error I got:

C:\Users\Test>adb remount
dm_verity is enabled on the system and vendor partitions.
Use "adb disable-verity" to disable verity.
If you do not, remount may succeed, however, you will still not be able to write to these volumes.
remount of system failed: Permission denied
remount failed

(^Some exact text is also important for people that search in google to find here^)

When reverse engineering/Decompiling ‘\sbin\adbd‘ with IDA Hex-rays I notice
That the relevant adbd source code that outputs this error is in net:

void remount_service(int fd, void *cookie)
{
    char buffer[200];
    char prop_buf[PROPERTY_VALUE_MAX];

    bool system_verified = false, vendor_verified = false;
    property_get("partition.system.verified", prop_buf, "0");
    if (!strcmp(prop_buf, "1")) {
        system_verified = true;
    }

    property_get("partition.vendor.verified", prop_buf, "0");
    if (!strcmp(prop_buf, "1")) {
        vendor_verified = true;
    }

    if (system_verified || vendor_verified) {
        // Allow remount but warn of likely bad effects
        bool both = system_verified && vendor_verified;
        snprintf(buffer, sizeof(buffer),
                 "dm_verity is enabled on the %s%s%s partition%s.\n",
                 system_verified ? "system" : "",
                 both ? " and " : "",
                 vendor_verified ? "vendor" : "",
                 both ? "s" : "");
        write_string(fd, buffer);
        snprintf(buffer, sizeof(buffer),
                 "Use \"adb disable-verity\" to disable verity.\n"
                 "If you do not, remount may succeed, however, you will still "
                 "not be able to write to these volumes.\n");
        write_string(fd, buffer);
    }

    if (remount("/system", &system_ro)) {
        snprintf(buffer, sizeof(buffer), "remount of system failed: %s\n",strerror(errno));
        write_string(fd, buffer);
    }

    if (hasVendorPartition()) {
        if (remount("/vendor", &vendor_ro)) {
            snprintf(buffer, sizeof(buffer), "remount of vendor failed: %s\n",strerror(errno));
            write_string(fd, buffer);
        }
    }

    if (!system_ro && (!vendor_ro || !hasVendorPartition()))
        write_string(fd, "remount succeeded\n");
    else {
        write_string(fd, "remount failed\n");
    }

    adb_close(fd);
}

http://www.contrib.andrew.cmu.edu/~rjkohler/android-tools-5.0.1+git20141213/core/adb/remount_service.c
btw the adb deamon I used to decomile is from Android 5.1.1.

So the essential points here are the partition.vendor.verified and partition.system.verified. If they set to “1” you’ll get the error.

Well next will be to hunt down the why and how these are set
… and how to prevent that.

However all what adb remount does is remounting /system (and maybe /vendor). You can also do this your own:

adb shell su mount -o remount /system

That little line usually help me out and accomplished the same.
The su – that’ll do the trick.
(But yes the su command will only be there if your device is ‘rooted’.)

Answer:

adb disable-verity will work only with adb version 1.0.33 and above. so upgrade your adb version