*Mods, please move if in wrong thread*
I am developing a ROM for a major company, but I have a few questions, probably for very advanced developers...
1. Is it possible to develop an app, and incorporate it directly into a rom, almost as if it were a setting? So, instead of the user clicking on the app, can I make it as a built in function of the ROM?
2. Since I'm developing for a company, is there any way to disable installing any other app, even from the market?
3. Also, is there any way possible, to have a centralized "server" for the rom, to see where all of the devices are (gps), and be able to update the rom from the server?? Kind of my own OTA updates..
How would I go about this? Where to begin?
Any help would be appreciated, Thank you in advance
Yes, it's all possible, but with the caveat that a user who knows what he's doing will be able to reverse you changes. If you can get a root shell via adb, you can remove the package installer and install your own applications by remounting the system filesystem read/write with
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
at that point it's just a matter of moving the APK to /system/app/ . Reboot immediately afterwards to avoid any trouble.
#3 is a bit harder since remounting isn't something you want to do while the user is handling the device (it can cause all kinds of weird behavior).... but it's possible. At the very least you should only remount when an update is actually applied and restart immediately afterwards.
Of course, if your users know how to handle ADB, it will all fall to pieces as they will be able to do exactly what you're doing. Setting a password for root might work... but it's as likely to trash the device since Android assumes that it's run by root and if the underlying Linux system should suddenly ask for a root password during boot there won't be any UI to actually enter the password.
Related
Cache cleaners need root access to do their thing. Any way to slip something in the stock (settings, I think) apk when it makes the call for /system access? I follow the "progress" threads, but it's like reading a foreign language to me for the most part. I appreciate the work the devs do, just throwing out a layman's idea trying to help the cause.
ducky1131 said:
Cache cleaners need root access to do their thing. Any way to slip something in the stock (settings, I think) apk when it makes the call for /system access? I follow the "progress" threads, but it's like reading a foreign language to me for the most part. I appreciate the work the devs do, just throwing out a layman's idea trying to help the cause.
Click to expand...
Click to collapse
essentially the way htc has locked down this phone is two fold. one, no root access. two, no write access to the internal /system partition.
the fr3vo root exploit allows us root access, but does not allow us write access to the internal memory.
currently, the issue of obtaining root access has been resolved by fr3vo, but the issue of gaining write access to the internal memory has not been resolved as is a bit more complex.
on a side note, to follow some of the logic behind your suggestion:
in order to modify any apk on /system, we would need write access to /system. in some android phones, like many samsung models, there is no write protection lock on the device. once you're able to obtain root access, you can remount /system as read-write and write away as you please. unfortunately, this htc device has been locked down through a write protection mechanism over the internal memory which prevents even root users from writing to /system. running an .apk with system permissions, would essentially be a similar form to having root access through the shell as fr3vo currently grants us.
hope that makes more sense than the foreign language the progress threads appear as!
hi. i can't believe i'm the first person to ask this but i've searched as best i can through these forums, and on google, and cannot find a definitive answer. there are lots of pages giving high level descriptions of rooting a phone like "gives admin access", "allows access to the root filesystem", etc. but, when you root a phone, what actually happens ? does it simply make the "su" binary available so that apps can call it to access the root user ? eg. i've got a samsung galaxy s2, if i install an insecure kernel, then add su to /system/xbin, and then reinstall a stock kernel, is that technically a rooted phone ? this is actually what i did on my phone, although i installed superuser and busybox from the market after adding su. i am aware that there are various threads in the sgs2 forums on how to root, i'm just using my phone as an example, i'm just trying to understand generically what is meant when someone says a phone has been rooted. cheers.
Full control over your system
Ability to alter system files. You can replace many parts of the "Android Core" with this including:
Themes
Core apps (maps, calendar, clock etc)
Recovery image
Bootloader
Toolbox (linux binary that lets you execute simple linux commands like "ls") can be replaced with Busybox (slightly better option)
Boot images
Add linux binaries
Run special apps that need more control over the system
SuperUser (lets you approve or deny the use of root access to any program)
Task Manager For Root (Lets you kill apps that you otherwise could not kill)
Tether apps (like the one found at [android-wifi-tether.googlecode.com])
<there are more but I cannot think of any right now>
Backup your system
You can make a folder on your sdcard and backup all of your .apk files to your sdcard (helps if an author decides to "upgrade" you to a version that requires you to pay to use the version you just had)
Relocate your (browser/maps/market) cache to your /sdcard
Relocate your installed applications to your /sdcard
Reboot your phone from the terminal app easily (su <enter> reboot <enter>)
Copied and pasted from google... it is your friend.
thanks for the response however, i'm trying to understand what actually changes on the phone when you root it, rather than simply the benefits of rooting a phone.
Carrot Cruncher said:
thanks for the response however, i'm trying to understand what actually changes on the phone when you root it, rather than simply the benefits of rooting a phone.
Click to expand...
Click to collapse
Unrooted phone is like logging on as user in a computer. By rooting you have "administrative" rights, just like using sudo command in Ubuntu. Some binaries which are important in gaining administrative rights are installed in the phone.
sent from my nokia 3210
If you come from Windows, you're familiar with the Administrator account. A user that can do everything on the system, as opposed to other users than only have limited privileges. In Linux, that account is called "root". That's all there is to it. It's a user that can do everything on the system.
@Panos_dm: Actually, it's *not* like using sudo. Sudo gives elevated privileges to your existing user account, whereas "root" is a whole separate account.
Nope, sudo actually switches users
i'm a linux user and have been a linux admin in the past so understand the difference between su and sudo. sorry to sound pedantic but i'm still not clear on exactly what happens when you root a phone, i.e. what exactly happens during the rooting process ?
It opens your phone to a whole new array of possibilities.
Sent from my HTC Sensation 4G using xda premium
Carrot Cruncher said:
but i'm still not clear on exactly what happens when you root a phone, i.e. what exactly happens during the rooting process ?
Click to expand...
Click to collapse
In a gist? The "su" binary and the Superuser.apk app get installed. Sometimes doing so requires exploiting a vulnerability via a trigger. Rageagainstthecage is a common trigger. I once had a link that explained what exactly rageagainstthecage does, but I don't have it anymore.
If you really want to know all the details, here's the script I used to root my Defy: http://pastebin.com/G3m9v4FQ
Hmm, I see the script contains a link to the explanation of what rageagainstthecage does. Cool.
many thanks for confirming my understanding of the process.
Firstly a big thank you macexplorer who again found the relevant links amongst much Japanese.
See the original thread on rooting the F-01D:
http://forum.xda-developers.com/showthread.php?t=1611484
Following are quick instructions on how to upgrade the device to ICS. All your data will remain intact, but the /system partition is completely wiped.
NB: YOU WILL LOSE ROOT IF YOU FOLLOW THESE INSTRUCTIONS. YOU WILL NOT GET ROOT BACK.
To be clear, at the present moment in time, you need to CHOOSE BETWEEN ICS OR ROOT, you can't have both. The official upgrade below completely reflashes the system partition, so tools like OTA RootKeeper will not help you. The new release is more secure than ever and at current we don't know a new way to get root. If anyone finds any new information, please speak up
DISCLAIMER: Following these instructions might brick your device, void your warranty, etc. This is unlikely since you're basically installing an official update, but to be clear, I disclaim any and all responsibility for any (permanent) damage that might be caused by these instructions. DO AT YOUR OWN RISK.
The original instructions are here (or see in Google Translate)
http://spf.fmworld.net/fujitsu/c/update/nttdocomo/f-01d/update1/top/index.html
My instructions are slightly different, aimed at more advanced users, and serves the file direct from my server (I found the original server quite picky in terms of refer and user agent, and also slow. I'm also serving the unzipped version, since compression was 0% anyways).
PRE-REQUISITES
At least 50% battery (ideally more in case things go wrong...).
Settings -> About, make sure Android version is 3.2, and Build number is either V28R43A (as recommended on the official page) or V19R36D (what I had; it worked for me but YMMV).
Settings -> Storage, at least 1.5 GB free in "Built in storage" (try installing first to external SD card and let me know if it works.. it's a lot safer).
ICS UPGRADE FOR F-01D
Download F01D_TO_SP_ICS1.enc and put it in /sdcard (md5sum: 2014d0254568a4ef955b21476012a9b5)
Boot into recovery (power off, hold down both volume keys and power up), select "update firmware" and press the power button agin.
Pay attention... the first time I tried this, it rebooted back in to recovery part way.... if this happens, just repeat step 2 above and make sure the progress bar completes all the way.
After this, it will reboot a few times, don't worry. Boot 1 will do the "optimizing android apps" screen, Boot 2 will be "upgrading calendar, contacts, etc..." and Boot 3 will say "finishing upgrade" and let you use the system.
If anyone has any leads on re-rooting the device, speak up. From my initial observations security is tighter than ever, so this might be a problem... but there are clever people out there
Regarding root
No leads for now. We can create /data/local.prop using the ICS/JB restore technique, but unfortunately the new firmware is completely ignoring either this file or the ro.kernel.qemu property.
If I understood the google translated Japanese correctly, this guy got to the same conclusion, and is now looking for other solutions. I wish him luck because after spending the day on this I have to get back to my real work
http://blog.huhka.com/2012/09/arrows-tab-lte-f-01d-icsshell-root.html
Temporary Root
This link in xda works to get a temporary root:
http://forum.xda-developers.com/showthread.php?t=1886310
i think to get permanent root, need the lsm_disabler.ko for ICS kernel.
Update:
ICS kernel has blocked loading kernel modules; so cannot insmod a custom kernel.
so cannot remount /system, and cannot get permanent root..
shame on the dandroids..
Post upgrade restart errors?
Hi, slightly off-topic but related - has anyone had issues after upgrading with google maps? Whenever I start google maps it will hang and then restart my tablet.
Essentially google maps is now unusable which is very annoying. Please let me know if anyone has experienced this too and if so if they have a solution to the problem.
Many thanks in advance!
I lost boot after upgrade the device to ICS :crying:
anyone help me repaid boot
Thanks:laugh:
longdau12 said:
I lost boot after upgrade the device to ICS :crying:
anyone help me repaid boot
Thanks:laugh:
Click to expand...
Click to collapse
Help me :crying:
macexplorer said:
This link in xda works to get a temporary root:
http://forum.xda-developers.com/showthread.php?t=1886310
i think to get permanent root, need the lsm_disabler.ko for ICS kernel.
Update:
ICS kernel has blocked loading kernel modules; so cannot insmod a custom kernel.
so cannot remount /system, and cannot get permanent root..
Click to expand...
Click to collapse
FINALLY..ROOT on F-01D for V08R31A
I hope someone is still using the F-01D. So here's to you diehards.
After many many failed attempts, i finally managed to get a more permanent root.
Probably others have got this to root, but I havent seen anything come up via searches.
Main stumbling block has been in getting the address of 'ptmx_fops'. Finally got it thro, rootkitXperia_20131207.zip (get_root..this prints but fails in ptrace; ptrace is blocked in f01d)
I have just managed to get a permanent root. The steps maybe little approx. Do verify and let me know. Its non-destructive, so no harm done.
but do at your own risk..and other standard disclaimers apply
Steps:
1. do the temp root as per : http://forum.xda-developers.com/showpost.php?p=33071441&postcount=3
2. get the exploit source from https://github.com/fi01/unlock_security_module
(recursive download)
3. compile the source. this will generate a libs/armeabi/unlock_security_module binary
4. add the following recs to the device_database/device.db
these are kallsyms kern func addresses; most are avail direct from kallsyms, except for ptms_fops.
Code:
sqlite3 device_database/device.db
insert into supported_devices values(187,'F-01D','V08R31A');
insert into device_address values(187,'commit_creds',3221986012);
insert into device_address values(187,'prepare_kernel_cred',3221985196);
insert into device_address values(187,'ptmx_fops',3229222484);
insert into device_address values(187,'remap_pfn_range',3222251308);
insert into device_address values(187,'vmalloc_exec',3222293708);
5. push device.db and unlock_security_module to /data/local/tmp/
6. simply run from /data/local/tmp: ./unlock_security_module as the root obtained temp earlier.
7. after sometime, this will say LSM disabled!!
8. now remount /system as rw. carefully copy su binary to /system/xbin/ (pref use the latest version from SuperSu).
Also copy Superuser.apk to /system/app
>>carefully copy means: chown/chgrp /system/xbin/su to "0"; set perms: chmod 06755 /system/xbin/su.
9. copy busybox from /data/local/tmp to /system/xbin; and install (./busybox --install -s /system/xbin/
10. At this stage, su doesnt seem to work for newer shell connections (must do _su and then su). probably due to the exploit messing up the kernel.
11. reboot. and enjoy your newly permanent rooted status.
12. after reboot, still cannot do system remount as lsm is back to original. rerun the unlock_security_module should disable this.
maybe even move this to /system/xbin/;
But this seems to destabilise the system.
Its not possible to use a lsm disabler ko insmod. the kernel sec mech validates the module with path and hash.
So it has to be: unlock security; do your thing with /system etc., reboot.
(not sure yet if any changes to /system/buid.prop will help)
Do let me know how this works out and point out errors in the steps.
And as luck would have it there is a new ICS release out on 5-Feb.
https://www.nttdocomo.co.jp/support/utilization/product_update/list/f01d/index.html
http://spf.fmworld.net/fujitsu/c/update/nttdocomo/f-01d/update1/top/data/download.html
(F01D_TO_SP_ICS2.zip)
This moves the version to V12R33B.
Do not hazard to update to this, if you want to keep this root. this release probably fixes many of the exploits.
the wifi model seems to have got 4.1..wonder is something will trickle down to f01d.
Hello all,
I have been trying to gain root on a Android 4.0.4 device and was able to, but I can't seem to keep system rw long term.
I run the following command
mount -o remount,rw /system
or
adb remount (from a PC)
the mount command will then show that system is in rw mode. However, if I attempt to copy any data into /system, the first file copy fails and the system then reports read only. To make things even more odd, commands like chmod on a file in /system work just fine.
It seems to me that there is something that detects something writing to /system, and then forces the mount back to ro.
Does anyone have any ideas about this? Is this a common technique manufactures use?
The closest thing I could find on XDA is a reference to Sony Xperia devices having a watchdog service that doesn't something like this, but this device is a Kenwood Head unit and not a Sony device.
Thanks!
chris.davis925 said:
Hello all,
I have been trying to gain root on a Android 4.0.4 device and was able to, but I can't seem to keep system rw long term.
I run the following command
mount -o remount,rw /system
or
adb remount (from a PC)
the mount command will then show that system is in rw mode. However, if I attempt to copy any data into /system, the first file copy fails and the system then reports read only. To make things even more odd, commands like chmod on a file in /system work just fine.
It seems to me that there is something that detects something writing to /system, and then forces the mount back to ro.
Does anyone have any ideas about this? Is this a common technique manufactures use?
The closest thing I could find on XDA is a reference to Sony Xperia devices having a watchdog service that doesn't something like this, but this device is a Kenwood Head unit and not a Sony device.
Thanks!
Click to expand...
Click to collapse
I would think that you might need to run a script to remount on boot perhaps, such as one along this idea http://www.3c71.com/android/?q=node/466. Like via init.d or if that isn't possible on this then maybe something like this could do it http://forum.xda-developers.com/showthread.php?t=2378274 ?
Just spit balling ideas.
Correct me if I am wrong, but it seems to me that I wouldn't be able to do those options since system doesn't actually stay rw?
Really depends on the phone. Sometimes you can slip a script in during boot that will keep the system open. Sometimes you need to have a special module too such as this: http://forum.xda-developers.com/showthread.php?t=2230341 Sometimes the kernel doesn't allow it. I would think on 4.0.4 it shouldn't be near as hard as some of the newer JB and KK things. What do you have?
It is the Kenwood DNN990HD running Android 4.0.4.
I will try and run the binary tool you linked.
Thanks!
My Apollo is currently stuck in a loop trapped in between the Google welcome screen and settings. This happened after trying to add gapps on a rooted 4.5.2. Originally it fell into this as I was setting permissions on one of the system files. All of a sudden it went into Google welcome screen and settings, completely isolating launcher, apps and even home buttons. In a panic move I performed a factory reset which went well, but I am still at the same spot. I guess the factory reset does not modify system files, which leaves me a bit confused and questioning weather I still have my root or not? I've tried through and to mount the file system as a rw and I have tried to modify the file that caused this but it won't let me.. Always says read only. I can't upgrade or downgrade as I have modified the ota filename not to upgrade and when I try to modify it's name I get the same error... Read only.... Could someone please help me? Is there a way to remount my system file to rw? Or is there a way I could force an update like Odin? Thanks in advanced for any input on this.
Figured my issue out.. Im definetly a noob when it comes to Linux commands... I was trying to obtain super user permission by typing SU in order to mount the system as rw. I wasn't aware that when shell promt begins $ it's read only, and # is rw. I was never going into rw because my kindle screen was always off and every time I would request SU It would ask for acknowledgement through the screen the normal way it's usually granted. Long story short, I modified the appropriate files and voila.... Everything works.
help needed
Hello,I'm stuck in the same situation as you had before.I am also stuck between the google welcome page and the wifi page,could you guide me along as to how to solve this problem?I'm a complete noob when it comes to rooting and the etc,so if you will,please guide me step-by step.
Cheers,