Securing your android after ROOT - XPERIA X10 Android Development

Hello everyone,
Its been great to have root on your X10 using the method posted here:
http://forum.xda-developers.com/showthread.php?t=711907
Well, this method works all right but I did some investigating of my own to audit the state of the system after its been rooted. Thanks to the discussions you may find here: http://forum.xda-developers.com/showthread.php?t=712178, the original developers soon chose to update the Rooting tutorial with some additional steps (See post #2 and #4 of the rooting thread). This is all good, because now you have the real power to act as a the *real* superuser i.e uid 0.
Most of the discussions that follow are only intended for users who are well versed with general *NIX security and concepts about user ids, permissions and other things. So please disregard this post if you have no ideas of these concepts.
Ok, so first things first. I basically followed the root tutorial as it is all the way upto step3 (or step3a as in my case). Remember, you essentially have a rooted phone right after step2, step3/3a just adds the updated baseband firmware, which has no effect whatsoever on the subsequent things that you do to your phone.
Well essentially, what I did do was install the "su" binary and the "Superuser.apk" following in the lines of step4v2 (post #2 in root thread). These are essential to give you control over your system as without them you are simply relying on a hacked "sh" binary which runs with elevated privileges. Here are the file permission masks for the "sh" binary which gets installed after the FOTA in step2:
Code:
# ls -l sh
ls -l sh
-rwsrwsrwx root root 86944 2010-06-28 18:08 sh
#
Wait!!! This is *not* quite ok. What this means is that any process can use this binary to gain super user privileges. This binary is setuid and setgid root!!!
Well you might say that... so is the case for "su":
Code:
# ls -l su
ls -l su
-rwsrwsrwx root root 22120 2010-06-28 08:08 su
#
But, this is different because its use is controlled by the Superuser Whitelist application that was installed with Superuser.apk.
This difference is crucial because if any non-privileged application and process forks and execs "su", the Superuser Whitelist app would immediately post a notification screen on the phone and provide options to allow or disallow.
With the "sh" binary installed on your phone as it is, you are basically inviting *any* application to be able to do anything it wants to your phone... and all this without your knowledge!!!
To test this theory, all you need to do is simply install one of the terminal emulators floating around the market or use the one provided in the rooting thread under the step4/app folder and launch it. It straight away, launches you into a root shell. Here is a screen shot of what you can do this way:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(Remember, no warnings, no notifications and all this can be done by any app under the hood)
Here is what you can do to make your phone more secure.
Step1: Download an alternative shell or simply change the permissions on the "sh" binary:
Code:
# cd /system/bin
# chmod 755 sh
Step2: In case you downloaded an alternative shell like "bash" and copied it under your /system/bin folder, simply get rid of the original "sh" binary and create a symlink to the one you download, for ex: bash:
Code:
# cd /system/bin
# rm sh
# ln -s bash sh
(Note: the above steps assume that you have /system mounted as rw, if you don't know what that means, then you should not be reading this, sorry)
Remember, when installing any alternative shell make sure that its permission mode is set to 755 or lower. I recommend to *never* set the setuid and setgid bits on the shell!!!
Here is what I did personally:
Installed bash from here: http://forum.xda-developers.com/showthread.php?t=537827
Installed it under /system/bin *without* the setuid and setgid bits
Removed the "sh" binary
Created a symlink named "sh" to the binary "bash"
This way, whenever I launch "adb shell" or use any terminal emulator on my phone, I always get a un-privileged shell. To get root, simply fire "su".
PS: This information is not intended for casual users who have limited or no knowledge of UNIX or UNIX like sytems like Linux, Adrdoid SDK commands like adb or don't know their way around if faced with a command line!!!
PS: Another post with some steps to properly secure the system: http://forum.xda-developers.com/showthread.php?t=712945

lmao..
http://forum.xda-developers.com/showthread.php?t=712945

zephyrix said:
lmao..
http://forum.xda-developers.com/showthread.php?t=712945
Click to expand...
Click to collapse
lol, you must've done this while I was writing mine!!
Anyways, its good to have this info out and I do point out some concepts detailing *why* this is a problem.

Definitely.
Make sure people have installed a proper way to elevate to root before attempting to change sh to not setuid, or they may screw themselves over lol

Thanks for your guide! Much appreciated would be an understatement.

is there any other way of testing that as using tht method in ur given picture now says read only error does this mean i successfully secured my root?

bcool15 said:
is there any other way of testing that as using tht method in ur given picture now says read only error does this mean i successfully secured my root?
Click to expand...
Click to collapse
Oh... I think I forgot to show this, but essentially you need to get the system partition into read/write mode as well. So it will be one more command before the write is attempted:
# mount -o remount,rw -t yaffs2 /dev/mtdblock2 /system
...
...
# echo "I can...

j4mm3r said:
Oh... I think I forgot to show this, but essentially you need to get the system partition into read/write mode as well. So it will be one more command before the write is attempted:
# mount -o remount,rw -t yaffs2 /dev/mtdblock2 /system
...
...
# echo "I can...
Click to expand...
Click to collapse
thats the command which stoppped wrkin so i just redid whole rooting procedure with new v3 update does it still need securing?

bcool15 said:
thats the command which stoppped wrkin so i just redid whole rooting procedure with new v3 update does it still need securing?
Click to expand...
Click to collapse
Dont worry about the example shown in the screen shot. That is just to illustrate what a setuid "sh" binary can do to your system.

j4mm3r said:
Dont worry about the example shown in the screen shot. That is just to illustrate what a setuid "sh" binary can do to your system.
Click to expand...
Click to collapse
this securing procedure isnt working on my new root any suggestions?
please
Regards,

bcool15 said:
this securing procedure isnt working on my new root any suggestions?
please
Regards,
Click to expand...
Click to collapse
Exactly what procedure are you referring to? The post is just meant to be a set of guidelines of a vulnerability that existed on the phone after it was rooted using "the root procedure" at the time this was posted.
If you have a "sh" binary on your phone which is setuid and setgid, then you have this vulnerability. I haven't updated the post with results from any new root procedures that have been posted since, but I suspect even the newer methods posted so far in the "root thread" don't get rid of the compromised "sh" binary.
Please ignore if you don't know what setuid and setgid means.

Related

Clean and pre-rooted 2.1 ROM

All credits go to pulpoff2 for this! This is not by me, I am merely the messenger. Only thing I did was to ask pulpoff for the files and a tutorial With his permission I will share it with you.
This will provide you with a fresh and unmodified 2.1-system, exactly like you would do the official update - only exception is that it is rooted. So all the apps and games of the official firmware are available and nothing else. You can remove the crap (like the games or timescape for example) by yourself after doing the steps below.
UPDATE:
There is a newer ROM by propc you can use instead of this one. Look here:
http://forum.xda-developers.com/showthread.php?t=888427
-- NEW --
propc kindly provides us with a shellscript to automate the steps below. See here for the script and a short manual:
http://forum.xda-developers.com/showpost.php?p=10067921&postcount=120
If the script doesn't work for you or you prefer to do things the manual way, you may use the steps below.
Download these files:
x8-2.1rooted.img.yaffs.rar
and
ISO-8859-1__unyaffs-arm.rar
Also download the 2.1-firmware from here or here. Unpack it on your computer and delete the "system.sin".
Unpack "x8rooted.img", "busybox" and "unyaffs" to SDcard.
You need 1.6 with root on your phone. By the way, all the data on your phone will be lost after doing the following steps, so making a backup is advised.
Use "adb shell" to connect to your phone and become su:
Code:
su
Copy "busybox" and "unyaffs" to /data/local/tmp. (Pulpoff says you should copy to /sbin, but this requires remounting with busybox. I copied to /sbin, but I think /data/local/tmp should work just fine)
Code:
cd /data/local/tmp
cat /sdcard/busybox > busybox
cat /sdcard/unyaffs > unyaffs
chmod the files to make them executable:
Code:
chmod 755 busybox
chmod 755 unyaffs
EDIT: If you want to copy the files to /sbin (like pulpoff2 advises), you can do this OPTIONAL step:
EDIT2: It was confirmed that this is indeed not necessary!
Remount the root directory to make /sbin writable. Then copy the files over and change the working directory to /sbin:
Code:
[strike]
./busybox mount -o remount,rw /
./busybox cp -prf busybox /sbin/
./busybox cp -prf unyaffs /sbin/
cd /sbin[/strike]
Remount /system as writable:
Code:
mount -o remount,rw /dev/block/mtdblock0 /system
Switch to busybox shell:
Code:
./busybox sh
Remove /system (yes, really!). It's normal to get errors because of the "lost+found"-folders. Ignore the errors.
Code:
./busybox rm -r /system
Unpack pre-rooted image to system. It should output "end of image" if it finishes correctly.
Code:
./unyaffs /sdcard/x8rooted.img /system
Your phone won't boot anymore now and it will crash as soon as you try to use it - that's normal! Go to next step.
Just remove the battery and the usb-cable from the phone, then re-attach the battery. Flash 2.1-kernel (without system.sin !!) using the flasher-tool by Bin4ry. If the flasher gives you an error because of a missing "loader.sin" you can take this file from the 1.6-firmware. Refer to Bin4ry's thread to learn how to use his flasher and how to enter flash-mode on your phone.
The phone should now boot, although the first boot can take a little while. If you get into a boot-loop or you just see the white sony ericsson logo (not the green one after the animation) for several minutes, it probably didn't work and you have to start over again by flashing 1.6.
This was written as I remember how I did it by myself. It worked for me at first try! If it works for you, please click the thanks-button. It will make me feel better
After you have your nice rooted 2.1 you probably want to enable JIT for a nice performance boost.
But does it have root? Bad reading.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
a-k-t-w said:
But does it have root?
Click to expand...
Click to collapse
Absolutely. But no busybox. So if you plan to enable JIT, you have to copy busybox to /system/bin by yourself.
a-k-t-w said:
But does it have root? Bad reading.
Click to expand...
Click to collapse
of course it is rooted.
now we know what to do with unyaffs.
2 things:
1. I've bought the phone with 1.6 android, but I was unable to root it with any method, then I've upgraded to 2.1 update 1. Is there any way to root it?
2. I have Hungarian language. Does it contain Hungarian language?
csengoi said:
2 things:
1. I've bought the phone with 1.6 android, but I was unable to root it with any method, then I've upgraded to 2.1 update 1. Is there any way to root it?
2. I have Hungarian language. Does it contain Hungarian language?
Click to expand...
Click to collapse
1: There is no way to directly root a phone with 2.1. You need to go back to 1.6, root it and then follow the above steps.
2: I guess so. As far as I know the firmware is the same for all countries.
Works like a charm! I removed the /system folder contents one by one though, using the method from the previous thread. Anyway, the first time I tried, unyaffs exited before extracting all the files (maybe the phone ran out of memory?). I didn't notice it and went on to flash the phone, ending up stuck at the Sony Ericsson logo. So, make sure that unyaffs reports that it has reached the "end of image" before moving on to the next step!
Thanks!!
cat /sdcard/busybox > busybox invalid lenght
cat /sdcard/unyaffs > unyaffs invalid lenght
how to proceed?
isaac12 said:
cat /sdcard/busybox > busybox invalid lenght
cat /sdcard/unyaffs > unyaffs invalid lenght
how to proceed?
Click to expand...
Click to collapse
in adb shell:
enter su and you have to look your mobile screen because it will ask you to allow su. (if you rooted well your phone)
i had this problem when i didn't press the allow button in superuser confirmation.
---dobule post--- sorry
trapacska said:
in adb shell:
enter su and you have to look your mobile screen because it will ask you to allow su. (if you rooted well your phone)
i had this problem when i didn't press the allow button in superuser confirmation.
Click to expand...
Click to collapse
rooted phone yes
su confirmed
cd /data/local/tmp
cat /sdcard/busybox > busybox invalid lenght
cat /sdcard/unyaffs > unyaffs invalid lenght
does it mount data.img on sdcard???
or i'll need to use chargemon from previous way?
WARR10r said:
does it mount data.img on sdcard???
or i'll need to use chargemon from previous way?
Click to expand...
Click to collapse
This has nothing to do with App2SD. Also the ROM gets loaded from internal flash, not from sdcard. The result is the same as with the official update, but with root.
If you want to have /data on sdcard, use the modified chargemon or neptun2's method.
I'm totally new to android but somehow i managed to get to number 8, and I have no idea how to switch to busybox shell, can somebody explain this bit in lamens terms please.
gully666uk said:
I'm totally new to android but somehow i managed to get to number 8, and I have no idea how to switch to busybox shell, can somebody explain this bit in lamens terms please.
Click to expand...
Click to collapse
try adding ./ before
gully666uk said:
I'm totally new to android but somehow i managed to get to number 8, and I have no idea how to switch to busybox shell, can somebody explain this bit in lamens terms please.
Click to expand...
Click to collapse
You should still be in "/data/local/tmp" as the working directory (check with "pwd"-command). If you followed the steps correctly, you should have a working busybox-file in there. So just type "busybox sh". If it looks like it does nothing, it's all right
isaac12 said:
rooted phone yes
su confirmed
cd /data/local/tmp
cat /sdcard/busybox > busybox invalid lenght
cat /sdcard/unyaffs > unyaffs invalid lenght
Click to expand...
Click to collapse
try to use another su. i rooted my x8 with superoneclick 1.5.0
I got stuck at SE logo for at least 10mins, it doesnt re-boot cycle although..
Sectoras said:
I got stuck at SE logo for at least 10mins, it doesnt re-boot cycle although..
Click to expand...
Click to collapse
That's way too long, something isn't right there. To start over again you have to flash back to 1.6.
Ok I had not realised the superuser permissions was not popping up on my phone that's sorted now. I get to number 8 again and it said permission denied

creating update.zip for fonts applying

Hello,
i wish to create an update.zip to copy fonts from the zip into the system/fonts/ folder because i delete them and kept one font but it seems android doesn't boot with one font only need other fonts to be there (or atleast matching the names) to be able to boot.
adb push doesn't work giving me permission denied because /system is not mounted R/W (which i do using Super Manager for example)
i read other update.zip files and it seems i need to create CERT.SF and MANIFEST.MF files in META-INF , but it seems there are some SHA1-Digest: below each file (is this a md5checksum?) so i can't just replace file names and apply it
any ideas how can i do it without Wipe data/factory reset ? (and if factory reset is my last option would fonts be returned or factory reset doesn't get fonts back? i feel not)
Thanks
The app below will sign the zip and allow you to flash it. You just need to put the zip inside the folder and call it 'update.zip'
l0st.prophet said:
The app below will sign the zip and allow you to flash it. You just need to put the zip inside the folder and call it 'update.zip'
Click to expand...
Click to collapse
Thank you , any chance there i a Linux version out there? i'm using adb on ubuntu
and for CERT.SF and MANIFEST.MF i just create them manually based on any update.zip file i download earlier?
I'm on windows now and i've signed the file, when i try to apply it from recovery i get
E:signature verification filed
Installation aborted
what i'm missing?
attached my signed update.zip
it seems i had a folder update inside the zip
i have re-created one and signed it and still same error
attached the file
btw as i'm rooted and i used to su from adb shell and terminal emulator earier, any idea why su not working now?
$ su
[1] + Stopped (signal) su
$
[1] Segmentation fault su
$
is it because i'm on the HeRO logo boot screen ? it didnt get in yet?
btw for linux/ubuntu users who want to sign on linux you can use this:
Code:
java -jar signapk.jar testkey.x509.pem testkey.pk8 update.zip update_signed.zip
inside the Auto Sign folder
after signing on linux i get the following:
E: failed to read footer from / sdcard/update.zip (I/O error)
E:signature verification failed.
Installation aborted
First of all, please use the edit button, posting 6 times in a row is very hard to read, and is considered bumping your own thread which is a quick way to lose friends.
Secondly, the autoSign program creates a file called update_signed.zip which is the file you need to flash, the cert and manifest files are created by the process, you don't need to touch them. I have attached a signed version of your zip
I resigned it for you, see attachment. I use "androsign" I found here somewhere on XDA, maybe go look for it. It is a very easy tool edit: Too late
When you are in "adb shell" you should have SU rights already.
Otherwise there is an option in adb to switch to SU rights, just type in "adb help" of a howto.
First of all , sorry for the multiple posts
second i've tried both update-signed.zip and update_signed.zip and both of them gave me the same error
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
*P.S: sorry if i'm not allowed to put an image ill delete it
EDIT:
riemervdzee said:
When you are in "adb shell" you should have SU rights already.
Otherwise there is an option in adb to switch to SU rights, just type in "adb help" of a howto.
Click to expand...
Click to collapse
i tried to the help i didn't find how to set su in the right roots?
Have you flashed an alternative recovery at all? This one looks like the default one.
And look at the first error, it asks for a path in /cache/... Just get amon_ra recovery This way you can select which zip you want to flash (as long as they are in the root of the sd-card).
And from "adb help":
"adb root - restarts the adbd daemon with root permissions".
However seen you still have the original recovery, that probably won't work in recovery.
You said you rooted the device already right? maybe you can move the files with adb then when the ROM is trying to start, and after everything works get a real recovery where you can do something.
riemervdzee said:
Have you flashed an alternative recovery at all? This one looks like the default one.
And look at the first error, it asks for a path in /cache/... Just get amon_ra recovery This way you can select which zip you want to flash (as long as they are in the root of the sd-card).
And from "adb help":
"adb root - restarts the adbd daemon with root permissions".
However seen you still have the original recovery, that probably won't work in recovery.
You said you rooted the device already right? maybe you can move the files with adb then when the ROM is trying to start, and after everything works get a real recovery where you can do something.
Click to expand...
Click to collapse
yeah i tried the adb root already but getting "adbd cannot run as root in production builds"
yes i'm rooted and everything is fine
btw why deleting fonts prevents the phone from booting although there is one font there "not the default one"
what i want is to push the font files into the phone but getting the error i mentioned earlier that its not mounted as as R/W:
[email protected]:~/linux_adb_fastboot/hero_fonts$ for i in `cat list`; do adb push $i /system/fonts/$i ; done
failed to copy 'DroidSerif-Bold.ttf' to '/system/fonts/DroidSerif-Bold.ttf': Read-only file system
failed to copy 'DroidSerif-Regular.ttf' to '/system/fonts/DroidSerif-Regular.ttf': Read-only file system
failed to copy 'DroidSerif-Italic.ttf' to '/system/fonts/DroidSerif-Italic.ttf': Read-only file system
failed to copy 'DroidSansMono.ttf' to '/system/fonts/DroidSansMono.ttf': Read-only file system
failed to copy 'DroidSansFallback.ttf' to '/system/fonts/DroidSansFallback.ttf': Read-only file system
failed to copy 'DroidSerif-BoldItalic.ttf' to '/system/fonts/DroidSerif-BoldItalic.ttf': Read-only file system
failed to copy 'DroidSans-Bold.ttf' to '/system/fonts/DroidSans-Bold.ttf': Read-only file system
failed to copy 'Clockopia.ttf' to '/system/fonts/Clockopia.ttf': Read-only file system
failed to copy 'DroidSans.ttf' to '/system/fonts/DroidSans.ttf': Read-only file system
and yes adb remount doesn't work
[email protected]:~/linux_adb_fastboot/hero_fonts$ adb remount
remount failed: Operation not permitted
You have "rooted" your phone but you can't get adb root? That is contradictory
But since I'm in a good mood. Try to boot up the phone on your ROM, so not in recovery or bootloader. Then try to remount.
If remount is still failing, you don't have root.
Maybe you should also read your stuff a bit in before attempting anything. You are kinda screwing up your phone here.
Yes i'm sure i'm rooted i had universal root which i can root and unroot, and before deleting the fonts i used to do su and get root
also to confirm im rooted i used to use Market Access to access US and other markets to buy (since my country only has free apps not paid yet)
i didn't get the part of botting up the phone using my ROM ?
also a side question when booting the phone normally (i think this is what you meant about booting into the ROM?) and it stays on the HeRO logo as you can see i can access the adb shell etc.. so the phone is actually responding but not booting because of the fonts not there? or something else could be broken ?
Bashar . said:
Yes i'm sure i'm rooted i had universal root which i can root and unroot, and before deleting the fonts i used to do su and get root
also to confirm im rooted i used to use Market Access to access US and other markets to buy (since my country only has free apps not paid yet)
i didn't get the part of botting up the phone using my ROM ?
also a side question when booting the phone normally (i think this is what you meant about booting into the ROM?) and it stays on the HeRO logo as you can see i can access the adb shell etc.. so the phone is actually responding but not booting because of the fonts not there? or something else could be broken ?
Click to expand...
Click to collapse
Read "adb logcat" or in adb shell, use the linux command "dmesg" to see what is wrong.
And yes, with booting your ROM I mean the normal boot process. But probably android won't start as it can't find the fonts (they are essential).
And really... Read your stuff. You deleted fonts but didn't put any new there yet? You are asking for problems, while you ask us to solve it.
Then you come up with the plan to flash the new fonts, but you don't have a customized recovery.
riemervdzee said:
Read "adb logcat" or in adb shell, use the linux command "dmesg" to see what is wrong.
And yes, with booting your ROM I mean the normal boot process. But probably android won't start as it can't find the fonts (they are essential).
And really... Read your stuff. You deleted fonts but didn't put any new there yet? You are asking for problems, while you ask us to solve it.
Then you come up with the plan to flash the new fonts, but you don't have a customized recovery.
Click to expand...
Click to collapse
I did put one font there, but my mistake is not renaming it as the default font names that was there, i thought it would scan the fonts folder and use ANY font listed there
but seems not...
catlog shows im missing the fonts: http://dpaste.org/ADyJ/
dmesg output: http://dpaste.org/8IGw/
i never thought the recover it had won't let met flash the fonts
EDIT: i tried the mv command as linux user but my main problem is that its a read only system
[email protected]:~$ adb shell
$ cd system
$ cd fonts
$ ls
DroidSansArabic.ttf
$ mv
USAGE: mv <source...> <destination>
$ mv DroidSansArabic.ttf DroidSans.ttf
failed on 'DroidSansArabic.ttf' - Read-only file system
$
You can't do "adb remount" when starting normally? You have rooted the ROM, not the recovery (which refuses root access, as it is still the default one).
If everything fails, you can always do a RUU. (google "hero RUU"), this will reset everything as HTC wants it. Then you start from scratch again.
riemervdzee said:
You can't do "adb remount" when starting normally? You have rooted the ROM, not the recovery (which refuses root access, as it is still the default one).
If everything fails, you can always do a RUU. (google "hero RUU"), this will reset everything as HTC wants it. Then you start from scratch again.
Click to expand...
Click to collapse
yeah it seems thats my only option
I was hoping to learn by fixing, i'll flash it tomorrow then
now back to the question, why the update.zip that we were trying to sign is not flashable or signable ? what might be the reason? is it because i didn't root the recovery ?
i tried an stock Hero rom and still gives me invalid signature, i can't apply any rom at all now or what?

[HOW-TO] ROOT (fre3v0) + Titanium Backup

As you all are aware, the amazing developers at TeamWin were able to find a way to allow us to temporarily root our devices.
If you would like to play around with apps that use Superuser, then there are a few more things you would need to do.
WARNING - DO THIS AT YOUR OWN PERIL. I cannot provide extensive support. What i can provide is a way for applications that use Superuser such as Titanium Backup to recognize the root.
Since this is all temporary, you will only have access until the next time the device decides to clean house! Then, you will need to reboot, reroot, and rerun the script. This is only if you want to kind of fool around for a bit.
What you need:
Rooted with Fre3vo
Understand how to use ADB
Superuser.apk & Su
Titanium Backup
Busybox
fixsu.sh
1. adb push fixsu.sh /data/local/tmp
2. adb push su /data/local/tmp
3. adb push busybox /data/local/tmp
4. adb shell chmod 777 /data/local/tmp/fixsu.sh
5. adb shell chmod 777 /data/local/tmp/su
6. adb shell chmod 777 /data/local/tmp/busybox
7. Install Superuser.apk
8. Install Titanium Backup
9. adb shell
# cd /data/local/tmp
# ./fixsu.sh
--- It's okay to see this error ---
rm failed for /system/bin/su Read-only file system
Hopefully when you are all done, you can open up Superuser and TitaniumBackup and you will see something like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Props to: Vampirefo for the shell script.
Lintrix said:
As you all are aware, the amazing developers at TeamWin were able to find a way to allow us to temporarily root our devices.
If you would like to play around with apps that use Superuser, then there are a few more things you would need to do.
WARNING - DO THIS AT YOUR OWN PERIL. I cannot provide extensive support. What i can provide is a way for applications that use Superuser such as Titanium Backup to recognize the root.
Since this is all temporary, you will only have access until the next time the device decides to clean house! Then, you will need to reboot, reroot, and rerun the script. This is only if you want to kind of fool around for a bit.
What you need:
Rooted with Fre3vo
Understand how to use ADB
Superuser.apk & Su
Titanium Backup
Busybox
fixsu.sh
1. adb push fixsu.sh /data/local/tmp
2. adb push su /data/local/tmp
3. adb push busybox /data/local/tmp
4. adb shell chmod 777 /data/local/tmp/fixsu.sh
5. adb shell chmod 777 /data/local/tmp/su
6. adb shell chmod 777 /data/local/tmp/busybox
7. Install Superuser.apk
8. Install Titanium Backup
9. adb shell
# cd /data/local/tmp
# ./fixsu.sh
--- You should not see any errors ---
Hopefully when you are all done, you can open up Superuser and TitaniumBackup and you will see something like this:
Click to expand...
Click to collapse
will try this after work
so where do we go to learn how to use ADB ?
SayWhat10 said:
so where do we go to learn how to use ADB ?
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=532719
Sent from my PC36100 using XDA App
Worked perfect! Thanks for the write up!
Much appreciated
SayWhat10 said:
so where do we go to learn how to use ADB ?
Click to expand...
Click to collapse
adb is really quite trivial. The main commands you need to worry about are push, which lets you upload a file to the phone, pull, which lets you download a file from the phone, and shell, which lets you send commands to the linux bash shell (or is it just sh? doesn't matter they're both very similar.) Adb push and pull work like this:
adb pull <source file on the phone>
adb push <source file on your pc> <destination directory on the phone>
So say for example you wanted to upload su to a writable location (in this case, /data/local/tmp,) you'd execute a command like this:
adb push su /data/local/tmp
adb shell with parameters after it will execute a shell command with that parameter. Or you can just do 'adb shell' and it'll bring up an interactive bash prompt where you can simply enter commands without having to type 'adb shell' at each line.
Now bash itself is a little more technical, but for the purposes of this, you only need to understand a few things: In linux, you need to flag a file with an executable permission attribute before you can execute it. This is what the 'chmod 777 <filename>' command does. So say you want to make su executable:
# chmod 777 su
And unless you set a PATH= environment variable (don't worry if you don't know what that is) you need to specify an absolute path to the executable in order to execute it. A simple dot (.) refers to the current directory. So if you are already in /data/local/tmp, you can say for example do this:
# ./su
Otherwise if you were in another directory, it would have to be:
# /data/local/tmp/su
As far as changing directories, bash is similar to DOS, aka windows command prompt. Just cd <directory name>. cd .. changes to one directory up in the heirarchy. Or you can specify an absolute path to switch to another directory without hopping through other ones first, e.g:
cd /data/local/tmp
Also noticed you can only use Root one time before it dies. Example: I tried to remove Amazon MP3 crapware and it removed but Superuser had to force close. Then no more exploit. Did I do something wrong or is that just the way it is for now?
Yes i know crapware comes back after reboot. Just sayin...
Yea I opened titanium backup once. Worked great when I tried to reopen it superuser force close. And TB couldn't find the root again.
Sent from my HTC Sensation 4G using XDA Premium App
any idea what the heck i'm doing wrong? i've been at this for a while now and it seems that i can't push files... i've tried everything i can think of and it keeps telling me that "adb: permission denied"
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\tr0s>cd\
C:\Program Files (x86)\Android\android-sdk>cd\program files (x86)\android\androi
d-sdk\platform-tools
C:\Program Files (x86)\Android\android-sdk\platform-tools>adb shell
$ adb push fixsu.sh /data/local/tmp
adb push fixsu.sh /data/local/tmp
adb: permission denied
$
Have you enable debug mode?
I was scratching my head until I revise debug mode is default to off.
yep.... i double checked that one
try this
adb kill-server
sudo adb start-server
adb push <file> <location on device>
the push may need a sudo as well. I can't remember if it did when I was having this problem. I don't think it does though
MichaelW2608 said:
adb kill-server
sudo adb start-server
adb push <file> <location on device>
the push may need a sudo as well. I can't remember if it did when I was having this problem. I don't think it does though
Click to expand...
Click to collapse
How do you push Fre3Vo to E3D? I've installed android sdk but I am unable to find my device at adb device. Did I do something wrong here? Please advise.
scrosler said:
Also noticed you can only use Root one time before it dies. Example: I tried to remove Amazon MP3 crapware and it removed but Superuser had to force close. Then no more exploit. Did I do something wrong or is that just the way it is for now?
Yes i know crapware comes back after reboot. Just sayin...
Click to expand...
Click to collapse
So we couldn't use this to remove any bloatware or say remove Swype and replace it with the new version of swype?
ok thank you guys i finally go it to give me root. i still can't get titanium backup to come up though..... it tells me that it's not rooted yet adb tells me otherwise. and i have superuser installed.
edit: so after about the 5th attempt it finally went through. so far it's working flawlessly and superuser isn't force closing. i've been able to delete some bloat and now i'm doing a full batch backup of the current system. i can't wait until full root access but this is definitely working for me now! xda rocks!
Scoop24 said:
Yea I opened titanium backup once. Worked great when I tried to reopen it superuser force close. And TB couldn't find the root again.
Sent from my HTC Sensation 4G using XDA Premium App
Click to expand...
Click to collapse
Superuser had a known problem and it crashed most of the times with the Incredible S , to solve this someone modified the superuser and it wouldn't crash anymore.
This is how we get the SU working on the Incredible S by then.
I am thinking a patched SU would do the trick . The patched SU has a version number of v9.9.9 or something like this.
A user madmaxx82 at the Incredible S forums knows very well about this issue and you guys can ask him for a patched SU version and then try again...
SU should work flawlessly after this patch.
Oohmahgaawwd.
Thank you!! I won't have to go back throw all my games I haven't beaten yet!
And tasker! My tasks!! Yay!
Sent from my PG86100 using Tapatalk
Ya so far my experience has been:
rooted the first time and busybox said i was rooted but superuser crashes and titanium says non-root (but adb says i'm rooted)
second time, i fixed the superuser problem by uninstalling then simply installing from Market...when it installed it said I should get the latest binary, i did, and it crashed zero times since then...the problem at that point was that superuser then allowed ITSELF, but busybox now said it WAS'NT rooted...and TB still no good.
SO: so far Superuser is 1 for 2, same with busybox, and TB is 0 for two.
I'll try again and see if I can just install superuser from market as a substitute for that step...or else maybe I can get the latest APK from market and then install vial adb just like your post says.
QUESTION: What's the point of the fixsu? that last step has given me weird responses every time (sometimes no reaction from adb, other times it seems to try to run busybox in every single /system folder....hmm)
OH, QUICK NOTE FOR NOOBS: OP's two steps that start "INSTALL..."...should read "adb install" .......or at least that's how it worked for me.
My experience is this.... Titanium works for restoringbut not really all that well for uninstalling, after rebooting I still have the icons and bs for all the stock sprint apps like telenav, amazon, and sprint tv. I also couldn't get root permissions for adfree either. I did notice that I had root until I hit kill all in atk so that seems to have something to do with it.
Sent from my PG86100 using XDA Premium App

HP TOUCHPAD Universal Authority

Universal Authority to have Total control of all Android ROMs using Gscript
Before making any changes always create a back up.
Click HERE for How to Backup and Restore using TWRP Recovery
Have all the proper software available to be use, if any wrong doing.
The Novacom drivers are essential to repair any damages.
Click HERE for HP TOUCHPAD Novacom Repair Android
In any Device Operating System, Desktop or Mobile the changes are apply using simple command lines. There are Apps that allows easier interaction by providing a
GUI ( Graphical User Interface ). The Apps provide specific functions or Tweaks in a general setting to accommodate a wide range of Devices.
The Apps will use resources ( RAM ) and if the device is low in Memory it will create more issues than improvement.
The Gscript App provides the ability to make all changes to the system in a very basic, simple but effective way.
The developer and creator of Gscript is @rogro82, and the original Thread can be found here:
Click HERE for the original Gscipt Thread
The provided Gscript from this guide was modified to work better on the Tablet, but the functionality is the same.
The user has full Authority to modify any Android ROM and specifically create any script command for any use.
Creating the script is as simple as using the App.
Paste the command in the App, give it a name and save it.
A list of command can easily be enter on any OS using a basic text editor.
The only requirement is to save the file with the extension .sh
Flash the file in TWRP Recovery:
Boot into Android and install the gscript_modified.apk App. A list of scripts are provided to make changes to the Optimize Settings.
Click HERE to Download HpTp_Universal_Authority flash File.
SuperSu SR5-SuperSU-v2.82 must be flash to all ROMs:
Click HERE to Download SR5-SuperSU-v2.82
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Many thanks to @rogro82 for creating the most powerful App, that with a touch from the Home Screen everything is under control !
PIE Commands
Android Pie uses the Toybox:
http://landley.net/toybox/
The best and fastest way to get all the command available is using ADB Shell.
[email protected]:/ # cd system/bin
Get all available command line utilities
[email protected]:/system/bin # ls
or by just typing toybox
[email protected]:/ # toybox
Oreo Commands
Android Oreo uses the Toybox:
http://landley.net/toybox/
The best and fastest way to get all the command available is using ADB Shell.
[email protected]:/ # cd system/bin
Get all available command line utilities
[email protected]:/system/bin # ls
or by just typing toybox
[email protected]:/ # toybox
Nougat Commands
Android Nougat uses the Toybox:
http://landley.net/toybox/
The best and fastest way to get all the command available is using ADB Shell.
[email protected]:/ # cd system/bin
Get all available command line utilities
[email protected]:/system/bin # ls
or by just typing toybox
[email protected]:/ # toybox
Lollipop Commands
Android Lollipop uses the busybox:
https://busybox.net/
The best and fastest way to get all the command available is using ADB Shell.
[email protected]:/ # cd system/bin
Get all available command line utilities
[email protected]:/system/bin # ls
or by just typing busybox --list
[email protected]:/ # busybox --list
Kitkat Commands
Android Kitkat uses the busybox:
https://busybox.net/
The best and fastest way to get all the command available is using ADB Shell.
[email protected]:/ # cd system/bin
Get all available command line utilities
[email protected]:/system/bin # ls
or by just typing busybox --list
[email protected]:/ # busybox --list
Universal Commands
Universal Commands
Journey to Planet "Universal Authority"
Well while HP_TOUCHPAD is still trying to get out of his 'technical blackhole' one step at a time, I though I would take my first journey to the planet "Universal Authority" and report my findings, and to see if there is any life. I brought my trusty camera to document my journey and I added annotations to all my journey pictures at the bottom of the post.
First I downloaded the zip file called HpTp_Universal_Authority.zip and investigated it before I flashed it. The key file in the zip is called gscript_modified.apk and key the directory is called /gscript, both are important, these files will take permanent residence on your HP Touchpad
once you flash the zip.
The /gscript directory contains 20 separate Linux scripts that perform various tasks on your HP TOUCHPAD using Linux commands, the APK file is the modified gscript application that you will install once the flash copies it to the download directory. The updater-script of the zip has various edify commands that get run at flash time too.
So once I installed the modified gscrips app, I opened it and it was empty of any commands, so I added one at a time with the "add script" button. Then I did some testing on the planet "Universal Authority", by selecting the "run" and "edit" commands on the popup menu of the various scripts that I loaded.
It was a good first journey, and I plan to go again soon. I hope you all visit too, the natives are friendly and they have good home cooking. They told me that Captain Kirk and Spock were here and I just missed them.
Somehow missed this newcomer the other day while resurrecting one of mine.
Thanks @HP_TOUCHPAD for taking the time to post all this info.
Saw 'GScript' and my first thought was of GhostScript which is over 30 years old.
Going to have to rework my thought process...
DoubleStuff said:
...SNIP...
+1
It was a good first journey, and I plan to go again soon. I hope you all visit too, the natives are friendly and they have good home cooking. They told me that Captain Kirk and Spock were here and I just missed them.
Click to expand...
Click to collapse
How are the Craft Brews - any good?

Toybox questions..

Hey hopefully I'm posting in the correct sub section if not can a mod please move this. First off just want to say thanks for the information I've gotten lurking the past few months. I'm basically completely new learning basic coding etc. Sorry for the rant my question is ive been experiencing some cyber attacks which are very confusing and a long story...I'll try to keep it short...
Currently I'm on an old Samsung a21(buying the a54 when it comes out soon) my wife has a Samsung a53. Both phones have toybox installed but this wasn't flashed by me. I flashed her phone with the stock firmware last week to attempt to rid the hacking on it. Is it even possible to flash toybox remotely? I wouldn't think so as you would need to have several things lined up plus it connected to a pc. Nearly every device in my house has been corrupted down to smart watches, Bluetooth low energy devices, and especially computers. All of my pcs registrys are completely infected. My wife swears this is not her and has no idea how to do any of this. I have my suspicions with certain "coincidences" happening which are to numerous to name. Sorry for posting this here but I don't know where else to ask. If anyone could even point me in the right direction I'm willing to put In work. I've called professionals that basically advised me to trash everything. That's all fine and dandy but I need to understand this issue to prevent it from happening again. The scope of this issue is way over my head but I've made decent progress in the last three months. I'll check out the toybox guides here to see if that offers some clues
Thanks In advance for any advice.
Since you didn't write specific facts, I'll just answer about toybox.
Toybox has been on Samsung phones for a long time and is a system application without the ability to manually do an update.
Toybox - Wikipedia
en.m.wikipedia.org
Hey thanks for the reply. I didn't understand it was native to android. Would it be normal to have toybox version 0.8.4? I'll attach a picture maybe you can give me a little direction to go in. My phones able to be controlled remotely,modded apps, some weird things going down. Thanks again I'm pulling my hair out looking commands up.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Ace1222 said:
(...) Would it be normal to have toybox version 0.8.4? I'll attach a picture maybe you can give me a little direction to go in. My phones able to be controlled remotely,modded apps, some weird things going down. (...)
Click to expand...
Click to collapse
Could you please ask the questions precisely?
There is nothing special in the attached picture.
You want to just do:
Code:
$ setenforce 0
But it probably won't let you do that because your shell is not root.
Ace1222​
Toybox since Android 6 is default component of Android OS: it replaced former Toolbox. Toybox is located either in /system or in /vendor partition.
Latest Toybox version is 0.8.9 ( conatains SU cmdlet ), can get downloaded from here:
Index of /toybox/bin
landley.net
Renate said:
You want to just do:
Code:
$ setenforce 0
But it probably won't let you do that because your shell is not root.
Click to expand...
Click to collapse
This only temporarliy disables SELinux what isn't needed when updating Toybox binary.
jwoegerbauer said:
This only temporarliy disables SELinux what isn't needed when updating Toybox binary.
Click to expand...
Click to collapse
I was only correcting the syntax on the OP's post #3.
jwoegerbauer said:
This only temporarliy disables SELinux what isn't needed when updating Toybox binary.
Click to expand...
Click to collapse
How is the user supposed to update the binary file when there is no root?
I never here said rooting Android is not needed to update Toybox binary.
To clarify things:
1. Obtaining Root only allows you the ability to modify the system. E.g. mounting partitions accessible as RW.
2. SELinux is a completely different entity. To change a devices SELinux State is written into the devices Kernel. The kernel is a part of the ROM. It determines whether or not the device is permitted to change it's SELinux State.
jwoegerbauer said:
I never here said rooing Android is not needed to update Toybox binary.
To clarify things:
1. Obtaining Root only allows you the ability to modify the system.
2. SELinux is a completely different entity. To change a devices SELinux State is written into the devices Kernel. The kernel is a part of the ROM. It determines whether or not the device is permitted to change it's SELinux State.
Click to expand...
Click to collapse
OK.
jwoegerbauer said:
This only temporarliy disables SELinux what isn't needed when updating Toybox binary.
Click to expand...
Click to collapse
How is user Ace1222 supposed to update the binary file when he does not have root, as you can see in the screenshot?
The user did not write that he has/wants root.
If you would carefully read my posts -> the solution already implicitely was given by me: make use of temporary root!
jwoegerbauer said:
If you would carefully read my posts -> the solution already implicitely was given by me: make use of temporary root!
Click to expand...
Click to collapse
Since you did/know how to do it on the Samsung Galaxy A21 and on the Samsung Galaxy A53 without burning the KNOX flag, just write. The user did not ask for it, but since you are advising, advise completely.

			
				
@jwoegerbauer
OP is not asking for updating toybox
there is no such "temporary root" for android on real devices (such as smartphones and tablets)
the toybox linked cannot replace the android version of toybox
toolbox is holding android specific applets (such as getevent) and cannot replaced by toybox
2 & 3: You're absolutely wrong. I kindly ask you to end spreading nonsense, TIA.
4: Yes, Toybox doesn't contain getevent cmdlet as Toolbox does, but that's abolutely irrelevant here.
get yourself a smartphone and learn the basics. I will pay $ 100 if you show any proof of your magic temporary root.
Sorry for causing any tension and debates here guys. I am interested in root access if that's what's needed. I'm totally ignorant and can sort of follow along what was posted. For clarification I don't have access to the rom folder even for read privileges. My intent is to figure out how/why my devices are being manipulated. E.g. why are there custom apps,partitions,user profiles, different access levels to folders that aren't in the root directory? Obviously my devices have been tampered with but I'm to ignorant to provide the information to help you help me.
Renate said:
You want to just do:
Code:
$ setenforce 0
But it probably won't let you do that because your shell is not root.
Click to expand...
Click to collapse
Yeah I tried that days ago and like you expected permission denied...
on bootloader locked devices system cannot modified. samsung devices are secure, a simple factory reset will remove all potential malware. just don't use the same samsung/google accounts again afterwards and do not restore backup of apps you don't know.

Categories

Resources